Hola makes Steve Jobs defense over VPN botnet

VPN-under-fire Hola has issued a mea-culpa after fears the service had turned users' computers into a botnet. Concerns about the way the company's P2P virtual private network had been utilized for potentially nefarious purposes kicked off last week, after users realized that their idle bandwidth was being sold off under a secondary brand, and possibly used to commit distributed denial-of-service (DDoS) attacks on servers.

Hola eschews the usual VPN approach – and the typical monthly fee – by using a P2P system. To allow traffic to appear as though it's coming from a different country, for instance to fool a localized block on certain sites or circumnavigate region-specific video, it routes it through other Hola users' connections instead of through a batch of its own servers.

All well and good – and, as the Ofer Vilenski, Hola's CEO, points out today, similar to how Skype approached peer-to-peer connectivity – but exactly what else was being done with that bandwidth is what landed the firm in hot water.

Hola was also selling off access to its P2P network to other companies wanting VPN services, though under the Luminati brand. At least one example of a spammer using that to attack other systems has been identified.

Regular Hola users could opt out by signing up for the paid "Pro" tier, and the traffic only amounted to around 6MB per day anyway the company points out, but Vilenski concedes that they hadn't done enough to make clear what side-effects came with the free service.

That's changing, and Hola is putting a new Chief Security Officer in place to take more of a lead in how the VPN is used. The installation process for the regular Hola client will now be more explicit in explaining the ways idle bandwidth are used, and there'll be a bounty program for anyone spotting a hackable exploit in the code.

"We innovated quickly, but it looks like Steve Jobs was right," Vilenski says, referring to Jobs' famous comment about owning up to mistakes and addressing them quickly. "We made some mistakes, and now we're going to fix them, fast."

Whether it's enough to placate anxious customers remains to be seen, though the lure of free service is likely to continue to appeal to many. For those really concerned about how their internet connections are being used, coughing up some cash for a VPN is probably the safest way to approach it.