HideMyAss Review: It’s Fun… Until You Discover the Leaking

Designed by a 16-year-old, and I almost love that

A FEW WEEKS ago, I was traveling around the Carribean – BVI, Dominicans, and Jamaica. Having been laying under the sun the whole week, I was forced to ask an important question. Why is cybersecurity considered as a dorky thing?

Most part of the computer specialist job is overly boring. You sit in front of the computer from 9-5 and immensely staring a black mirror with an extremely serious look on your face. Tell me this: When do you see people look like that in normal life? Dreadful. Like squeezed aluminum cans.

When you are walking in the park or riding a bicycle, you are energized. Your neurons sprint through your brain cells. But fighting cybercriminals in front of the computer will dry up your hormones. You become a robot.

Unless you use HideMyAss. The moment I opened HMA! the brainchild of Jack Cator’s website, it feels like a virtual form of Pulp Fiction. You can really sense the youthful spirit.

Security and Logging

HMA! has solid AES-256 encryption. AES, which stands for Advanced Encryption Standard is used by NASA, cybersecurity firms and US government. That’s pretty much the highest classification level, so if the government is confident that nobody will break into the nation’s greatest secret, so should you. Encryption is vital for a VPN.

And so are protocols.

Protocols define how algorithms are being used. Each of these machine manuals have a slightly different level of speed and security. HMA! supports 3 protocols – OpenVPN, PPTP, L2TP. OpenVPN, with algorithms like 3DES, AES 256, RC5, 256. The list is full of unknown acronyms, yet if OpenVPN is there, you are in good hands.

Logging policies are another important part of a VPN. You can tell the difference between a good and bad service just by knowing what does it log. Out of 51, twenty log information about internet activity. Unfortunately, HideMyAss is one of those − they log your ID, timestamp, data amount and IP Address.

A VPN service must be secure and anonymous. It should be leakproof as a bomb shelter, free of malware and not collect any personal information. User has to be protected in case of company’s’ own vulnerabilities. Just like in 2017, when the researcher found HMA! security flaw in occurring in MAC OS x versions.

And speaking of vulnerabilities. HMA! has a bad reputation on keeping it’s users data. In 2012, the UK government released a court order and demanded to hand over information about LulzSec group member. HideMyAss didn’t hesitate and unlocked their database to the feds.

Even though I have nothing against guily criminals being caught… and HMA! terms of service, which states “illegal activities are considered as a violation”, it does make us think twice before recommending this service.

Enormous Server Park

We have to agree on one thing. This UK company is mammoth. It has been a subsidiary of the Czech antivirus corporation Avast since 2016. And their fusion seems to pay off. The result is in front of us − The most widely spread server park on the planet, including 900+ servers in 190+ countries. I can bet you have one in your neighborhood unless you live in North Korea.

A high number of servers speeds up clients network. Just to be sure, we gave it a test. Testing was tough for this one as we couldn’t try out every one of their servers. Yet we did randomly chose 3 of them − New York, London, and Macau. Here are the results:

PingUploadDownload
U.S461.29%-31.27%-5.07%
U.K209.68%-10%-8.44%
China1116.13%-25.28%-62.66%

Ranked as 16th in our overall tests is extremely good.

Quick Setup

There’s one thing that’s particularly easy − Setting it up. From registration to the first server connection took 24 minutes. Yes, there was a rock on the way, the fact that the license didn’t activate immediately, which took most of the time. I want to believe that it only happens if you are unlucky, and because their live chat solved the issue within seconds, the large rock now seemed more like a pebble stone.

In addition, their designers are hard workers. Once you open up their user interface, you will fall in love. The craftsmen have turned it into a minimal and intuitive environment, which felt as calm as laying on a beach again. I’m serious, see it yourself:

Share Your Account With 5 Friends

Maximum simultaneous connections are the service’s way of saying: “Don’t go to our competitors, we’ll host you everywhere”. Simultaneous connections let you use one subscription account with different devices. Personally, I like to split the subscriptions with a few friends, just because it’s nice to pay less than needed. Do you?

Here’s a list of supported devices:

DesktopWindowsMacLinux
PDAAndroidiOS
OtherRouterSmartTVGaming consolesMedia player

☒ Dreaming of Streaming

My vacation wasn’t only about visiting the beaches. I had fun by jumping out of an airplane. This freefall towards the light-blue ocean was clearly the highlight of the whole trip. And in the evenings, I watched movies.

Have you seen Charlie Brooker’s Black Mirror? There was an episode called ‘Bandersnatch’, a story of a game designer who obsessively tries to finish his work. Yet as you controlled the whole thing, the variations could be watched for hours. It was brilliant! However, I would have never seen it without a VPN. That’s why I am eager to see if HMA works with Netflix.

Two times of three, Netflix worked. The worst thing about Netflix and VPN combination is that it’s never certain whether it works. So after getting an error you might think it’s all over. Thankfully HMA has tons of servers to try 🙂

But I don’t always find movies from Netflix. “The Gold Rush” or the first version of Indiana Jones was on my radar as well. It’s a shame that Netflix didn’t have them, yet there was another option to get uncopyrighted material. Some call it “illegal practice”, I see it as gentlemen’s opportunity:

I had a great night thanks to HMA! Torrenting is available. And yes! I did watch “The Gold Rush” on the beach with my girlfriend. Oldie but a goodie.

Cheap if You Have the Money

So what else is missing? The whole package seems to be there – blue sky, warm winds, and a great company. Yet as A. Kaufman once said: “there’s only one amount of money – just not enough.” So how much costs hiding one’s ass after all?

There are two routes to choose from – The long run/high risk or the short one/high cost, plus something in between. The confident guy picks 26 months plan for a total of $107.64. The shy one pays more in the long run – $11.99 / month. It’s a risk divided by reward. And if you turn from confident to shy, use the 30-day refund option.

  • Monthly: $11.99/m
  • 12 Months: $6.99/m ($84)
  • 24 Months: $4.99/m ($120)
  • 36 Months: $2.99/m ($108)

From 24 Hours to 30 Second Response

Away for 9-hour flight from BVI, there’s the place where Titanic sunk. I always wonder why it took so long before rescue ships arrive. The same goes for HMA! e-mail response. I sent out an e-mail filled with a few questions and waited for a reply.

… Jack?

24 hours (1402 minutes to be precise) later I received a message:

There’s a lifeline for all the restless ones – live chat. Some services tend to simulate live support with an automated bot, some have the “working hours” and so ignore you completely. HMA! Did work well in this case.

☒ It Doesn’t Hide Your Ass in China

Although China isn’t blessed with beaches, it has something else to offer to the world. Millions of travelers visit China due to its spectacular culture, nature and the “notorious” Great Wall. It’s a symbol of unified China, with a purpose to protect their country from invaders.

Just like with physical wall, there’s a virtual wall. The so-called “Great Firewall” blocks VPNs that are not approved by the government. During our studies we learned that HMA! is blocked as well, so don’t pack it to your luggage when heading for a visit.

 DNS Leaks

However, a sinking ship brings me to the leaking part. DNS leaks common but hideous. Over 22 / 53 VPN services leak your DNS including HMA! We are astonished. Just as everything seemed to be quite OK, the reality brings us down-to-earth. 4 web tools indicate leakage, which is unfortunate. The fun is over.

Conclusion

Laying it all together – If the quantity is needed over quality, HMA could be your choice. Astonishing 190 country locations in 900+ servers is an unique value proposition. It’s a dream for commercial testers and international movie fanatics. But it seems due to their strength at one area, they have left the most important part behind. Security is lacking from every angle you look at it – The logging policy, location in 5 eyes country, lack of double-hop and finally DNS leaks.

There’s an unwritten rule I personally follow: Work before fun. HMA! seems to do it other way around.

Leave a Comment