HideMyAss is a big-name Virtual Private Network (VPN) provider. Within the VPN industry, however, HideMyAss (HMA) has a poor reputation.
- Server Locations 190
- Average Speed 58.26 Mbit/s
- Simultaneous Connections5
- Huge number of servers located just about everywhere
- US Netflix and BBC iPlayer available
- Great speed test results
- 5 simultaneous connections
- Good software
- Based in UK – could present jurisdiction issues
- Many connection logs
Alternative VPN Choices for You
BestVPN.com Score9.8 out of 10
BestVPN.com Score9.5 out of 10
BestVPN.com Score9.5 out of 10
A HideMyAss subscription offers the following features:
- 720+ VPN servers in 320+ locations in 190+ countries
- Five simultaneous connections
- Supports OpenVPN, Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) VPN protocols
- 30-day money-back guarantee (but with important limits)
That is an impressive number of server locations, and they are scattered all over the world. This includes exotic locations such as the Falkland Islands, Papua New Guinea, Malawi, Serbia, and many more.
HMA otherwise offers a very feature-light service, and the two simultaneous connections is miserly.
Speed and Performance
According to our new scientific speed tests, Hide My Ass scored as follows – Average Speed: 30.37 Mbit/s Max Speed/Burst Result: 180.7 Mbit/s. These are impressive results, and put HMA in fourth place overall of the providers we have tested, and in first place in terms of burst results.
Although I am a little confused over whether the Windows software includes DNS leak protection features, I detected no DNS or other IP leaks. Please note, though, that my ISP (Virgin Media UK) does not support IPv6 connections. I am therefore unable to test for IPv6 leaks at this time. This is a situation that should change in the near future.
I was able to access US Netflix using HMA with a US server, and (update November 2017) I am assured BBC iPlayer can be accessed through the server called “Donkey town.”
12 month Plan
6 month Plan
1 month Plan
HideMyAss has slightly increased its prices since last time we reviewed it. It offers one simple “all-in” plan, which now starts at $11.52 per month. This price goes down for six or 12-month subscriptions, dropping to $6.56 per month for the annual subscription.
At the time of writing, a summer sale is underway. This provides savings of up to 56% (annual subscription) on the prices listed above.
A 30-day money back guarantee is available, but there are important restrictionson this. Most notably, you may not exceed 10GB of bandwidth. It is worth noting that this guarantee does not cover purchases made via Google Play or iTunes. Please also see the comments section beneath this review, as many readers report not receiving a refund to which they felt entitled.
Please also be aware that auto-renewal of subscriptions is enabled by default, and must be manually changed via the online account control panel.
Payment is via credit/debit card, PayPal, iDEAL, bank/wire transfer, UnionPay and SOFORT banking. No Bitcoin payment option is available, but then HMA is not a service to use if privacy matters to you anyway.
Ease of Use
HMA offers custom software for Windows, Mac OS, iOS, and Android. Unlike the Android app, the iOS app uses the IPsec VPN protocol. A command line script is available for configuring OpenVPN in Linux.
Manual setup guides for the various VPN protocols supported by HMA are also available for a number of platforms. This includes for Boxee, a selection of routers, Windows Mobile and so forth. It is also possible to buy pre-configured HideMyAss routers from FlashRouters.
The Android App
Assuming that you don’t mind the usual HideMyAss aesthetic, the Android app is pretty smart looking.
It uses the OpenVPN protocol.
Android users gain access to HMA’s huge server list.
For some reason, Paranoid Mode connected me to a server in Ireland! All-in-all, the app is very polished and works well.
Support is via live chat or a ticketed email system. I had to wait a few minutes for the live chat staff to respond to my queries, but it was friendly enough when it did.
I do not expect frontline live chat staff to have deep technical knowledge, so was happy for my more difficult questions regarding encryption to be elevated via ticketed email for attention by a more knowledgeable staff member. Unfortunately, my ticket was never answered.
Privacy and Security
HideMyAss is infamous within the security community for handing over data on its customers to the police.
The most well-known incident occurred in 2011, when HMA handed over internet records and personal details of one of its customers, Cody Kretsinger, to the police. Kretsinger was a LulzSec member accused of hacking the Sony Pictures website, and received a prison sentence for his involvement in the crime.
A similar incident also occurred last year in Galveston County, Texas, when a disgraced judge was arrested and forced out of office for harassing an ex-girlfriend. The culprit had hidden his real IP address using the HideMyAss VPN service, which the provider clearly must have handed over as evidence to Texas police.
Although now owned by Czech company Avast Software, HMA is a UK-based service. The UK now has the most draconian surveillance laws in the world.
“We will store a time stamp and IP address when you connect and disconnect to our VPN service, the amount data transmitted (up- and download) during your session together with the IP address of the individual VPN server used by you.”
As we can see from the incidents noted above, this is more than enough logging to get you into trouble if you do something wrong. HMA says that logs are usually kept for two to three months, but the new Investigatory Powers Act legally requires that logs are kept for at least 12 months.
HMA has provided the following response to these comments:
“HideMyAss! does not monitor the websites our customers connect to, or any of the data sent over our network.
As a network operator, we take our responsibilities to our users and society as a whole very seriously. HideMyAss! is deeply committed to the belief that everyone has a right to keep their online activities private, secure and have the freedom to access the internet wherever they are in the world.
Our acceptable use policy states that our service is not to be used for illegal activity. We are based in London so operate within the framework of EU and English law. We follow strict data protection regulations and we are only obliged to co-operate with disclosure requests in very specific circumstances described in our logging policy.
Our VPN service, as with VPN services in general, is not designed to be used to commit illegal activities. Paying a subscription fee to a VPN service does not mean a user is entitled to break the law and not suffer any consequences as a result of their actions.
Being able to locate users if legally compelled to do so is imperative in order for HMA! to maintain the HMA! VPN service, because a VPN service risks losing server contracts if it cannot take action to prevent abuse, fraud or other unlawful activities such as spamming, terrorism and child pornography.
I can only say that this logging policy is not consistent with UK law as enacted by the IPA. HMA tells me that it has never been approached about this. Given the current political upheavals in the UK, I am quite willing to believe that the government has not (so far) seen enforcing the IPA a priority. But it is the law as stands.
Peer-to-peer (P2P) torrenting
HMA permits legal torrenting, but not downloading copyrighted material. HMA says that if it receives a Digital Millennium Copyright Act (DMCA) complaint or similar, it will not hand over your identity. Repeated complaints, however, may lead to your account being suspended.
Anecdotally, I have heard reports from HMA users who have received warnings over copyright offenses from their Internet Service Provider (ISP) or copyright holders after using the service for torrenting. for more information see our best VPN for torrents guide.
On its website, HMA says,
“OpenVPN is using OpenSSL with algorithms 3DES, AES 256, RC5, 256 bit encryption for control channel (e.g. password, authentication, etc.).”
This is meaningless techno-babble written by someone who knows nothing about encryption. Support was also unable to shed light on the issue, but I have since talked to HMA’s management. CyberGhost uses the following encryption:
Data channel: a Blowfish 128-bit cipher with HMC SHA-1 hash authentication. Control channel: an AES-256 cipher with RSA-2048 handshake encryption and SHA-1 hash authentication. Perfect forward secrecy is provided courtesy of a Diffie-Hellman key exchange.
Although I usually concentrate on the OpenVPN encryption used by VPN providers, I did notice that L2TP/Internet Protocol Security (IPsec) connections use a pre-shared key to authenticate connections (“HideMyAss”!). This is usually considered a big no-no, but HMA assures me it is not a problem because your username and password provides additional authentication.
Despite a high profile among VPN consumers, HideMyAss is poorly regarded by those in the know. A big reason for this is its history of betraying users to the authorities. It could be argued that being based in Britain means that HMA has little choice in such situations, but whatever. It is not a service that you can trust with your privacy.
Next to PureVPN, HideMyAss is also the service that BestVPN.com has received the most complaints about. These center on poor customer service, not honoring its money back guarantee, and poor speed performance. I was therefore a little surprised to see rather good speed test results!
The main reason to choose HMA is the size and diversity of its VPN server network. It has servers in over 190 countries, so if you really need a VPN server in the Cook Islands, Equatorial Guinea, Haiti, Lebanon, or a host of other unusual locations, then HideMyAss is pretty much the only option available.