HMA! Pro VPN full review
Virtual private network (VPN) setups were once only the preserve of large businesses. They became popular there as a secure way to enable employees to work on their PC while away from the office, because with VPN client software on the laptop and a VPN server at the office, then as far as the computer and its user are concerned, they are part of the same network environment.
You could be on a different continent but with the same network options as when actually sat within the walls of the workplace. See also: the best VPN services of 2014.
Now in 2014 the same technology to create an encrypted tunnel through the internet has become invaluable to many more internet users, offering three principal capabilities – LAN security, some limited anonymity, and the opportunity for virtual geographic relocation.
Despite the play on the American vernacular, and the way it charges for services in US dollars, Hide My Ass! is a UK-registered VPN services company. It has an extensive list of VPN servers, both at home in Britain and spread in various countries around the world from Australia to Uganda. HMA! also offers its own client software for Windows and OS X computers to connect to these servers.
More recently HMA! has added mobile apps for iOS and Android. These allow phones and tablets to be configured by a more friendly looking interface than these platforms' built-in VPN software.
We tried the HMA! Pro VPN service, using various computing platforms and hardware. See also: How to use a VPN to surf the web anonymously, a step-by-step guide
VPN: The When and the Why
Before investing time and money into a VPN service like HMA! Pro you need to establish if it provides what you are seeking.
From the earlier list of three capabilities, the first feature of LAN security is how the Hide My Ass! company initially pitched its services to this reviewer.
A VPN service will be of benefit if you need to web surf and email from insecure public Wi-Fi hotspots such as coffee shops, hotels, airport lounges and anywhere else where you should not trust the wireless network. By making a regular, unencrypted connection to the internet from such a location you leave yourself open to being hacked by other people on that same wireless network.
That's particularly so if the Wi-Fi is ‘open' with no login password required; but there's also the danger that the hotspot broadcasting under the name of ‘Starbucks Wi-Fi' is actually a makeshift network created by another customer sat just the other side of the café on their laptop. This is the kind of honeytrap that could catch any unprepared surfer.
With the network under his or her control, it becomes possible for the cracker to perform a man-in-the-middle (MITM) attack, leaving even your secure HTTPS connections open to their traffic analysis. There are many software tools available to penetration testers and hackers of every hat hue that will strip away the superficial security of your SSL connection.
The next stage of gaining access to your personal website accounts could be to pick up your private session cookies as they transit the wireless network whenever you use services from, for example, Facebook or Google.
A VPN connection here can defeat such wireless LAN break-in opportunities, by creating an encrypted tunnel between your laptop and your chosen VPN providers server.
The potential for anonymity does lie within VPN connections, providing you can trust your VPN provider not reveal your identity, as well as trust any proprietary software that they make available to you to use their service. If it's their software it's trivial to create backdoors that will reveal your web habits to any third party.
While your true IP address can be hidden from any site or server to which you connect (which instead sees that of just your current VPN exit server) the VPN provider knows who you are and may keep logs that show your and all its customers' full browsing history. These records will identify you.
The issue is highly pertinent here after the example of the hacker-activist Cody Kretsinger, arrested in September 2011. Kretsinger lived in Arizona, USA, and was a member of LulzSec. The black-hat hacker collective was known for compromising the security of various websites, including those belonging to the CIA, Sony Pictures and News International.
Kretsinger used the Hide My Ass! VPN service to assist his anonymity, working under the name ‘recursion'. His real IP address and identity was passed over to the FBI by the HMA! company, which stated that it was presented with a court order by the US government agency.
Hide My Ass! announced that it was complying with local UK law when it handed its customer's personal data to a foreign power. This made a clear statement that it did not wish to be prosecuted for assisting in the breaking of UK laws or indeed those of any another state that is able to secure UK court orders.
Especially since this infamous case, VPN subscribers who prefer higher levels of anonymity now subscribe to VPN providers that do not keep log files.
To learn more about the benefits on offer, see Why you need a VPN.
Using the HMA! Pro app requires installing security certificates on your smartphone or tablet. The process provides a handy warning that your network traffic can then be monitored by the VPN server
HMA! Pro VPN: PC software
We first tried the HMA! Pro VPN service on a Mac, manually configuring an L2TP connection from within OS X's built-in VPN client in System Preferences.
The setup procedure is quite stratighforward, only requiring your login name, password, a ‘shared secret' password (here just ‘HideMyAss'), and the IP address of the server to which you wish to connect.
At time of writing, HMA! publishes a list of around 700 servers in various locations in the world. In our experience we found that not all were accessible at any given time. It was not clear if this was due to the server being offline or just working at its capacity and unable to accept any new connections.
Traffic speeds were generally good, depending on the server and time, with up- and download speeds often exceeding 20 Mb/s, when tested on an 80/80 leased line.
Besides a complete manual configuration by the user, HMA! promotes its new Mac software, now based more closely on its Windows version.
HMA! Pro VPN for OS X is a new self-contained port of the Windows version, and like that software it uses the OpenVPN protocol
The HMA! for Windows software uses Microsoft's .NET framework to build the program; the OS X client meanwhile uses the open-source Mono framework, originally a Linux port of the .NET framework. It replaces earlier Mac client software that required addtional TunTap kernel extensions to be installed.
The HMA! for Mac interface is easy to navigate, and handily enables quick geo-relocation from one of its sidetabs. Unlike the manual route with Apple's own network software, the HMA! software uses OpenVPN as its communication and encryption protocol.
While some network security users prefer this system over L2TP/IPsec, for instance, in part because of its open-source credentials, it is based on the OpenSSL protocol that was found to be far from secure earlier this year before Heartbleeding systems worldwide were hurriedly patched.
The Mac application also includes integration with OS X's notifications system to show when and to where you're connected, with flags popping out of the screen's top-right corner.
HMA! Pro for Windows software uses Microsoft's .NET developer framework
Common to both Mac and Windows client software, the HMA! program includes a speed guide, to help show which of its servers are currently over-subscribed or otherwise providing slow service, and which are operating more quickly. And with the help of a menu bar/taskbar shortcut, you can easily switch your gateway IP address without opening the main application windows.
HMA! Pro VPN: Mobile apps
Using a VPN service from a mobile device can be more tricky, not least because a short period of screen-off time will quickly disconnect you from the server. At least that's what we found with HMA! Pro's service, and we were told this is common to all VPN connections made with iOS.
So while smartphone users may be used to the idea of waking the screen and accessing email and web pages, there will not be any VPN security until the service is manually reconnected each time. This also means that background internet services and push email are not secured when you're not actively using the phone with VPN enabled.
HMA! Pro for iOS creates profiles on your phone or tablet with security certificates, using SHA-1 with RSA encryption, signed by HMA! parent company Privax Ltd
Providing you're content to keep one location setup, the service worked well. But in our case, we prefer to move between different virtual locations. This is a 16-step process that we quickly tired of repeating. So instead we tried the manual method for iOS.
Just like in OS X, it's a simple process to create a VPN profile. And most usefully, you can create additional profiles with different geo IP addresses, store these on the phone or tablet, and quickly switch between them from within iOS' Settings, General, VPN.
Used this way, it is possible to switch to a different HMA! Pro VPN server when you are disconnected and unable to reconnect. Just select another preconfigured profile until you find a server that will accept your connection.
HMA! Pro VPN: Specs
- Windows Vista/7/8
- Mac OS X
- Google Android