HMA (VPN)

HMA (formerly HideMyAss!) is a VPN service founded in 2005 in the United Kingdom. It has been a subsidiary of the Czech cybersecurity company Avast since 2016.

History
HMA was created in 2005 in Norfolk, England by Jack Cator. At the time, Cator was sixteen years-old. He created HMA in order to circumvent restrictions his school had on accessing games or music from their network. According to Cator, the first HMA service was created in just a few hours using open-source code. The first product was a free proxy website where users typed in a URL and it delivered the website in the user's web browser.

Cator promoted the tool in online forums and it was featured on the front page of digg. After attracting more than one thousand users, Cator incorporated ads. HMA did not take any venture capital funding. It generated about $1,000 - $2,000 per month while the founder went to college to pursue a degree in computer science. In 2009, Cator dropped out of college to focus on HMA and added a paid VPN service. Most early HMA employees were freelancers found on oDesk. In 2012, one of the freelancers set up a competing business. HMA responded by hiring its contractors as full-time employees and establishing physical offices in London.

In 2012, the United Kingdom's government sent HMA a court order demanding it provide information about Cody Andrew Kretsinger's use of HMA's service to hack Sony as a member of the LulzSec hacking group. HMA provided the information to authorities. HMA said it was a violation of the company's terms of use to use its software for illegal activities.

In 2013, HMA added software to anonymize internet traffic from mobile devices. In 2014, the company introduced HideMyPhone! service, which allowed mobile phone users to make their calls appear to come from a different location.

By 2014, the service had 10 million users and 215,000 paying subscribers of its VPN service. It made £11 million in revenue that year. HMA had 100 staff and established international offices in Belgrade and Kyiv.

By 2015, HMA became one of the largest VPN providers. In May 2015, it was acquired by AVG Technologies for $40 million with a $20 million earn-out upon achievement of milestones, and became part of Avast after its 2016 acquisition of AVG Technologies.

In 2017, a security vulnerability was discovered that allowed hackers with access to a user's laptop to obtain elevated privileges on the device. HMA corrected the vulnerability days later.

In 2019, it was reported that HMA received a directive from Russian authorities to join a state sponsored registry of banned websites, which would prevent Russian HMA users from circumventing Russian state censorship. HMA was reportedly given one month to comply, or face blocking by Russian authorities.

In 2020, HMA introduced a no-log policy for their VPN service. Under the policy HMA will not log a user’s original IP address, DNS queries, online activity, amount of data transferred or VPN connection timestamps. Following HMA’s introduction of a no-log policy, HMA’s VPN was awarded a low risk user privacy impact rating for its no-logging policy, after it was independently audited by third-party cybersecurity firm VerSprite.

Software
HMA provides digital software and services intended to help users remain anonymous online and encrypt their online traffic. Its software is used to access websites that may be blocked in the user's country, to anonymize information that could otherwise be used by hackers, and to do something unscrupulous without being identified. HMA's privacy policy and terms of use prohibit using it for illegal activity.

HMA hides the user's IP address and other identifying information by routing the user's internet traffic through a remote server. However, experts note that the company does log some connection data including the originating IP address, the duration of each VPN session, and the amount of bandwidth used.

As of May 2018, the company had 830 servers in 280 locations across the globe and provided over 3000 IP addresses. The software also includes a kill switch across all platforms.

Privacy
According to Invisibler, HMA VPN appears to have cooperated with US authorities in handing over logs in a hacking case. This led to the arrest of a hacker in what is known as the "LulzSec fiasco".

Reception
In 2015, a review in Tom's Hardware said HMA was easy to use, had good customer service, and a large number of server locations to choose from, but criticized it for slowing internet speeds. In contrast, Digital Trends said HMA had strong speeds and good server selection, but wasn't fool-proof at ensuring anonymity, because it stored user activity logs (in 2020, HMA announced that it would no longer log user activity ). In 2017, PC World noted that it was difficult to measure the effect a VPN service has on internet speed, because of variables like location, internet service speeds, and hardware.

A 2016 review in PCMag gave the HMA Android app 3 out of 5 stars. It praised HMA for its server selection and user interface, but criticized it for price, speed, and the lack of advanced features. In 2018, PCMag gave similar feedback on the HMA VPN service. PC World’s 2017 review also praised HMA's simple user interface, but criticized the lack of advanced features, saying the software was ideal for casual users that do not need advanced configuration options.