HideMyAss is one of the major VPN providers on the market. They were launched back in 2005 and currently operate over 760 servers spread across more than 210 countries around the world. That being said, they are plagued by pretty poor reputation due to their history of handing over customer data to the government and frequent user dissatisfaction with the services provided. We also can’t “dance” our way around the fact that the service is very feature-light.
On the other hand, HideMyAss has a very widespread network of servers, as we already mentioned, which is one of the VPN’s biggest assets (no pun intended). This makes it a very compelling option for users who need a VPN server in a country only served by HideMyAss or those who need access to a very wide network of servers.
Today, we’re putting the overall security level of HideMyAss to the test, so stick around until the end of our blog to learn all about the security features they have to offer.
HideMyAss is now owned by Avast Software, a Czech company well-known for their excellent antivirus. With that in mind, they are still based in the UK, which is known for its notorious surveillance laws.
VPN companies were required to store detailed metadata logs even before the Investigatory Powers Act came into force. This data is available to the law enforcement and a certain number of government agencies.
- You IP address when you connect or disconnect from the service
- The amount of transmitted data
- IP addresses of the individual servers used by you
The Investigatory Powers Act requires that all VPN providers keep logs for 12 months, which is ample time to get you into trouble if you do something wrong. We just need to remember the incidents with Cody Kretsinger and the disgraced judge from Galveston County, Texas, both caused by HideMyAss handing over information to the police.
Needless to say, we’re not overjoyed with the encryption setup featured by HideMyAss. They do support OpenVPN, PPTP, and L2TP/IPSec protocols, however. As always, we’ll focus on OpenVPN since the other two protocols are simply outdated by today’s security standards.
HideMyAss uses Blowfish-128 as a data channel cipher, AES-128 control cipher, RSA-1024 handshake, and HMAC SHA-1 hash authentication. This is a pretty weak security setup and not up to our usual standards by any stretch of the imagination.
They do feature perfect forward secrecy based on Diffie-Hellman key exchange.
Legal torrenting is allowed by HideMyAss, but you cannot download copyrighted material. In other words, HideMyAss is not made for torrenting.
We didn’t detect any DNS leaks during our testing circuit, which was somewhat surprising since HideMyAss performed rather poorly throughout the entire thing. Also, keep in mind that there is no kill switch implemented. You have the option of preventing apps from connecting to the Internet except through the VPN, though.