HideMyAss! (HMA) VPN
One of the biggest names in the VPN business, Avast's HideMyAss! (HMA) has been protecting its users' privacy for more than 15 years.
The company offers a vast network of 1,000+ servers in 290+ locations across 210+ countries. That's fewer servers than some of the top providers, but many more locations and countries (NordVPN has 5,400+ servers across 59 countries, ExpressVPN has 3,000+ servers across 160 locations and 94 countries).
- Want to try HideMyAss? Check out the website here
There's P2P support, but only on a handful of locations, in fact just eight via our Windows client (five in Europe, three in the US).
Industrial-strength privacy is provided via OpenVPN and IKEv2 support (no sign of WireGuard yet), AES-256-GCM data encryption, RSA-4096 for handshaking and SHA-256 data authentication, while dual app kill switches aim to keep you safe if the VPN drops.
HideMyAss! has its own DNS service to help avoid DNS leaks and, as a bonus, it also blocks malicious and phishing sites.
The HideMyAss! website proudly proclaims that it works on all your devices, and it just might have a point. Not only are there custom apps for Windows, Mac, Android, iOS and Linux, but there's installation advice to help you manually set up the service on many other platforms. And that includes the ability to configure some routers, which in theory should allow you to use the service with all your smart devices, too. (If you don't use a router, the service supports connecting up to five devices simultaneously.)
There was more good news in August 2020, too, when HMA announced that its no-logging policy had been verified by an independent security audit, allowing the company to proudly claim it's now a 'certified no-log VPN.'
HideMyAss!: Plans and pricing
HideMyAss! main pricing page looks short on options with just a couple of plans: you can pay $11.99 for monthly billing, dropping to $4.99 over a year.
Doesn't work for you? For some reason HMA has an 'extended' pricing page with a different set of offers.
After the same $11.99 monthly billing option, this offers a six-month plan at $8.99, and there's a two-year plan at $4.99 a month. (The same price as the one-year plan? Maybe that's why it's hidden away on another page.)
$4.99 a month is a fair annual price which beats vendors like Speedify ($5.99), Hotspot Shield ($6.99) and ExpressVPN ($8.32.) Shopping around can still save you a little cash, though. Private Internet Access charges $2.69 a month for the first term of its two-year plan (renews at $2.91); CyberGhost asks $2.25 a month for its three-year plan, and Ivacy's five-year plan is a tiny $1.33 a month.
If you've a lot of devices to protect, though, HMA doesn't look like such a good deal. Private Internet Access protects up to ten devices for only $3.33 a month on its annual plan. And Windscribe's annual plan, just $4.08 a month, has no device limits at all.
HideMyAss! doesn't support Bitcoin, whatever plan you choose, but you can pay via cards, PayPal and a few other options. (Payment options vary by region, but the website has a helpful guide here.)
A 7-day free trial gives you a decent amount of time to try out the service. Be careful, though - you must hand over your payment details, and you're automatically billed for the annual plan when the trial ends, unless you cancel (which is easy to do online).
If you buy, and then run into problems, you're protected by a 30-day money-back guarantee. This includes plenty of jargon-packed small print, but, unusually, this includes an unusually generous extra.
Most VPNs say that they won't refund you if you've ever claimed a refund from them before. That makes sense - they don't want freeloaders claiming over, and over again - but it could also be a little unfair, if, say, you're just trying the service years later to see if it works for you.
HideMyAss! understands this, and doesn't care how many previous refund requests you've made, just as long as there's a six-month gap between this request and the last one. Seems much more reasonable to us.
Privacy and logging
HideMyAss! has so much small print that the Legal section includes a sidebar with no less than 13 separate sections, and many of those are also very lengthy (the privacy policy alone has more than 5,500 words).
This isn't quite as bad as it first sounds. The main reason for the cluster of documents is that HideMyAss! has organized important sections into separate areas, making them easier to find, and most of these are clearly structured and well-written. (If you're allergic to small print and just want the basics, though, check out HMA's no-log blog post for a quick explanation.)
The privacy policy explains that there's no logging of originating IP addresses (a possible way to identify you), precise timestamps (when you connected or performed some action), DNS queries, browsing history or transferred data.
There is some general logging of service use, including the date of connection and whether it's AM or PM, and a very approximate idea of transferred data (the service only records whole 100Mbs, so 379Mb data transfer is logged as 300.)
HMA justifies this minimal data collecting on the grounds that it helps with troubleshooting, customer service and understanding network capacity, and that makes sense to us.
If you're the skeptical type, though, there's no need to take these words on trust. In August 2020 HMA announced in a blog post that its no-logging policy had been audited by security consultancy VerSprite.
The assessment 'included analyses of data, traffic, and storage on both the client and server-side, and the disconnection of user identities with data containing information about online user activity.' And HMA passed, the company explained, with VerSprite receiving the minimum possible 'low risk' user privacy impact rating.
The HMA site only gives broad details about the scope of the audit, for example talking about it including 'analyses of data, traffic, and storage on both the client and server-side, and the disconnection of user identities with data containing information about online user activity.' As the report isn't publicly available, there's no way to judge how meaningful the results might be. Still, it's a start, and we have to applaud any VPN which puts itself through this kind of expert independent scrutiny. Hopefully HMA will run further audits in future, this time with results we can read in full.
Apps
Signing up for a HideMyAss! trial works much like any other web service you've ever used. Choose a plan, select a payment method (card or PayPal) and hand over your money in the usual way.
A Download page pointed us directly to the correct app for our Windows device, while also giving us links to Mac, Android and iOS builds, and some pointers on using the service with Linux. This isn't as well-presented as high-end competitors such as ExpressVPN – you don't get the same number of tutorials on setting up the service manually, and there's no link to download the Android APK file for manual installation elsewhere – but it covers the basics well.
The Windows interface feels much like most other VPN apps: it has a list of locations, an On/Off button, and a Settings dialog with some useful tweaks.
The Location Picker doesn't force you to scroll – and scroll, and scroll – to find what you need. You're able to filter locations by continent or type (streaming or P2P optimized), enter text in a Search box, or save commonly used locations as Favorites for speedy access later.
The location names don't have any latency or server load indicators, but there is a Speed Test option which detects your nearest servers and calculates their latencies and download speeds.
A sidebar contains a small number of configuration options, including a setting to automatically connect to the VPN whenever you access the internet, and to enable the client's two kill switches. Yes, two: if the VPN drops, a system-wide kill switch protects you by blocking internet access, and an optional app kill switch closes down your chosen processes (your browser or torrent client, say).
We tested the kill switch by forcibly closing the Openvpn.exe process and its TCP connection, and monitoring IP leaks when we switched servers. In all cases the client correctly blocked all leaks, preventing our real IP from reaching the outside world.
The app kill switch is unusual, because as well as terminating specific apps if the VPN drops, it also automatically connects to HideMyAss! when you launch those apps.
This is a nice idea, and it worked during testing, but it doesn't offer enough control. You might not want to connect to the VPN every time you open your torrent client, for instance, but HideMyAss! doesn't care: once it's on the app kill switch list, that's what will happen. And when you close the app, the VPN automatically disconnects, whether you want that, or not. The client should treat the auto-connect option as a separate feature and make it configurable for each app.
Tucked away in the Preferences box, an unusual IP Shuffle feature changes your IP address at a defined interval (30 minutes, an hour, a day, whatever you like), making it even more difficult for others to track what you're doing. This is thoughtfully designed, for instance using the kill switch to block outgoing traffic as your connection drops and updates.
Small but welcome touches include the ability to view your OpenVPN connection log, which is potentially very useful in troubleshooting connection issues.
Mobile apps
The Android and iOS apps have a near identical interface to the Windows client, and once you've found your way around one, you'll have no problem using the others.
VPN providers often save their best features for the desktop, and 'forget' all about the mobile apps. HMA has done a better job than most, though, and even some of the more low-level features (UDP/ TCP connections, IP Shuffle) are also available on mobile devices.
The Android app goes a step further than the desktop clients with its split tunneling support. In a click or two you're able to decide which apps should use the encrypted tunnel, and which are left with your regular connection.
The mobile apps have smarter auto-connect rules, too, and can automatically connect you to the VPN when you join unsecure Wi-Fi networks only, or with any Wi-Fi, or both Wi-Fi and cellular networks.
The various HideMyAss! apps aren't the most powerful we've seen, and despite the redesign, they're not the easiest to use. They're likeable, though, and mostly do a good job, and we expect they'll quickly improve as HideMyAss! uncovers and fixes issues with the new interface.
Performance
We assessed HideMyAss! download performance with the aid of several speed test sites and services, including Netflix' Fast.com, Ookla's SpeedTest (the website and command line app) and TestMy.net.
We ran multiple checks with each site, across morning and evening sessions, from a US location with a speedy 1Gbps cable connection. (Normally we'd repeat our tests using a couple of protocols, too, but that wasn't possible here as HideMyAss! only supports OpenVPN.)
Results were excellent at 300-330Mbps. That's the best we've seen in recent US OpenVPN testing, although several providers have got close: ExpressVPN reached 270-280Mbps, for instance, ProtonVPN managed 280-290Mbps, and TorGuard hit 270-300Mbps.
VPNs with WireGuard and similar protocols delivered much faster downloads in our testing, such as StrongVPN's 590-600Mbps and ExpressVPN's 490-630Mbps, so there's potential for much greater speeds elsewhere. But if you're hoping to set up the service on a router, or maybe connect via some third-party app, OpenVPN performance is likely to matter, and HideMyAss! is certainly worth a try.
Netflix and streaming
Point your browser at the HideMyAss! website and you'll read that the service allows you to "stream your favorite TV shows from wherever you are in the world using one of our dedicated streaming servers." Sounds good, but is it true?
The HideMyAss! Windows client enables filtering its location list to display only streaming servers, and right now there are just six of these: four in the US, one in London and another in Frankfurt. That's not exactly a lot of choice, and we wondered whether that would make it easier for streaming websites to detect and block them.
The server shortage didn't seem to be an issue in the UK, were we could stream BBC iPlayer content from three separate logins and IPs without any hassles (good news as we've had occasional BBC problems in previous reviews.)
The US story was relatively disappointing. We managed to access US Netflix with two out of three of our test servers, but couldn't get into Amazon Prime Video or Disney+ from anywhere.
That's not great, and as the HideMyAss! website doesn't commit to supporting access for any particular service, it's probably not going to change any time soon. Keep in mind that you do get to try the service for a week for free, though, so there's plenty of time to test it for yourself.
Support
The HideMyAss! support site offers a wide range of resources, including setup guides, a searchable knowledgebase, FAQs, a web forum, and 24/7 live chat for anything urgent.
The web content isn't as in-depth or well-presented as some of the competition. ExpressVPN has a host of detailed setup guides, all easily accessible in a couple of clicks from the support page. HideMyAss! doesn't organize its articles quite as neatly, and when you do find them, there's less information, and occasionally some questionable points.
For example, various troubleshooting guides include recommendations for disabling driver signing checks, resetting the Winsock catalog and other technical steps. This This isn't necessarily bad advice if you know what you're doing, but it's also seriously advanced stuff with implications for your security and other apps, and we wouldn't expect it to appear in a general installation tutorial for all levels of user without some very in-depth explanations.
The HideMyAss! community forum isn't a busy place, but post a question there and it's normally answered by a staff member within a few hours. Replies are generally helpful, and if the problem isn’t solved on the forum, the support team will often create a ticket for you or send you a direct email to discuss the issue further.
If you can't wait, live chat is on hand for near instant assistance. We asked about a Windows installation issue, and within minutes, a support agent began giving us a helpful and accurate solution. That works for us, and overall, we think HideMyAss! should be able to help you solve most common VPN issues.
HideMyAss! review: Final verdict
HMA's unblocking performance is below-par, and although OpenVPN speeds are great, they can't match the WireGuard competition. That said, the apps are easy to use, there's a huge choice of locations, and the company's no-logging promises are now backed by an independent audit. If these are your priorities, HideMyAss! might be worth a try.
- We've also highlighted the best VPN
0 comments:
Post a Comment