HMA VPN (formerly HideMyAss) is a VPN provider based in the UK with a long and interesting history. While it remains a relatively popular VPN today with a large user base, it did not do very well in testing for this review.
Today, HMA is owned by the cybersecurity company Avast and still has a relatively large user base. Actual testing of the VPN servers and VPN apps revealed mixed results. Keep reading below or jump to the best VPNs list to see more alternatives.
Pros of HideMyAss
- User-friendly apps with strong encryption
- Large server network
- Live chat support
- Works with Netflix
Cons of HideMyAss
- No monthly subscription plans
- Mediocre speeds
- HMA connection logs
- Troubling history of data sharing
- UK jurisdiction (bad for privacy)
- Buggy kill switch (with IP leaks)
Additional review findings
- HideMyAss company history and acquisition by AVG / Avast
- HMA’s use of virtual server locations
- Is HMA a good VPN for torrenting? (No)
Now let’s dive into the HMA review and examine the results.
HideMyAss VPN Pros
1. User-friendly apps with strong encryption
HMA offers user-friendly VPN apps for all major devices and operating systems. Due to the popularity of Windows, I thoroughly tested the HMA VPN client for this review.
In the photo above you can see that the HMA Windows client shows you the connection status, server location, and your new IP address (as well as your original IP).
The Windows client also comes with a number of customization options and features. You can configure how you want the VPN to startup on your device and how the kill switch should work to block non-VPN traffic. Unfortunately, I found problems with the kill switch (more on this below in the “cons” section).
HMA VPN encryption
HMA uses the industry-standard AES 256-bit encryption, which is implemented through OpenVPN on Windows and Android devices and via IPSec/IKEv2 on Mac OS and iOS:
HMA uses only the highest encryption standard: 256-bit AES. On Windows and Android, we implement it with the OpenVPN protocol in Galois Counter Mode (AES-256-GCM), with 4096-bit RSA keys for handshakes, authenticated with SHA256. On Mac and iOS, we implement it with IKEv2/IPsec, built atop Apple’s own stack, to ensure the best compatibility.
While IPSec/IKEv2 is indeed a secure VPN protocol, the industry standard is OpenVPN. As such, it would be good to see the OpenVPN protocol supported on Mac OS as well. With iOS, the operating system is somewhat restricted to IKEv2. See my comparison of OpenVPN vs IPSec for more info on this topic.
If you are a Mac OS user and you want to utilize the OpenVPN protocol (recommended) then check out my guide on the best VPNs for Mac OS.
2. Large server network
Hide My Ass claims to have “the biggest VPN network” with “1000+ VPN servers in 290+ locations covering 190+ countries.” If you look at their server map and location list, you find some very strange places. For example, HMA claims to have servers North Korea.
I can tell you with 100% certainty that HMA does not have physical servers in North Korea. Instead, they are using virtual server locations, and we’ll explain this more below.
Putting the virtual server issue aside, HMA still has a pretty big server network. This may be beneficial for some users who want or need IP addresses in remote locations – such as North Korea…
There are also some other VPNs with large server networks around the world, particularly NordVPN. But unlike with HMA, NordVPN does not use an virtual server locations.
3. Live chat support
Like many other VPN providers, HideMyAss provides live chat support. Their support staff appears to be located in the United Kingdom.
Unfortunately, HMA does not offer 24/7 support.
Their support hours are 8:00 AM to 10:00 PM UK time, seven days a week. However, I tried support on a Saturday morning around 8:30 AM UK time and there was nobody available. So perhaps HMA support is hit or miss.
4. Works with Netflix
Another benefit to HideMyAss is that it works with Netflix.
I tested out American Netflix from my location in Europe and found everything to work without problems. To access Netflix with HideMyAss, I connected to the New York server and streamed videos as normal.
Lastly, I also asked the chat rep if HideMyAss consistently works with Netflix. He confirmed it generally works and they even have a dedicated server for American Netflix streaming called “Liberty Island”.
You can see the best VPNs for Netflix here.
Cons of HMA VPN
Now let’s look at the not-so-good aspects of HMA VPN.
1. No monthly subscription plans
One strange thing with HideMyAss is that they have removed any option to pay on a month-to-month basis. Instead, HMA VPN only provides you with a one, two, or three-year subscription plan. Here’s what their pricing page looks like.
This recent change may be frustrating for users who don’t want to commit to a long-term plan.
Fortunately, all plans come with a 30 day money-back guarantee. This gives you plenty of time to test out the VPN and cancel your subscription if it doesn’t work well – similar to a free trial VPN service.
I asked one of their chat representatives why they removed the monthly plan, which I remember seeing on their website recently. He explained it was in response to customer requests. He also explained they offer a hidden link for those still wanting the monthly subscription (you can ask support about this).
On the topic of price, HMA is in the middle of the road. I wouldn’t classify it as a cheap VPN, even with the three year plan at $4.29 per month. The one-year plan is also not too cheap, at $6.99 per month.
2. HMA VPN slow speeds
Another problem I observed when testing out HMA for this review was slow speeds. My baseline speed for testing is 160 Mbps (without a VPN). I ran all tests from my location in Western Europe using a wired ethernet connection.
First, I tested nearby servers around the EU. These should have provided speeds close to my baseline speed.
Germany server: 58 Mbps
Using a nearby server in Germany, HMA could only provide about 58 Mbps. This is certainly not good given my (close) proximity to the test server.
Next, I tested a server in Switzerland. Again, I was expecting speeds close to my baseline speed, but it was slower.
Switzerland server: 57 Mbps
I also tested a server in the United Kingdom.
UK server: 51 Mbps
The UK server was the slowest one I tested in Europe.
Next I tested servers in the US and Canada, which also were not great in terms of performance.
New York server: 34 Mbps
Next up was a server in Miami, Florida.
Lastly, I tested a server in Chicago.
Overall these are not good results.
With longer distances between me and the VPN server, you can expect slower performance. However, 34 Mbps on a 160 Mbps line with less than 100 MS latency is certainly not good. As a comparison, I could regularly get around 140 Mbps with ExpressVPN servers in the US (see the ExpressVPN review).
HMA servers I tested in Toronto, Canada were also similar to US speeds (around 40 Mbps).
If performance is one of your top priorities, I’d recommend checking out ExpressVPN.
3. HMA connection logs
Although connection logs aren’t a deal-breaker for many people, others may find this issue concerning.
HideMyAss explains the data they are logging on this support page:
Yes, HMA keeps connection logs, that means time of connect, disconnect, duration and bandwidth usage. This is done to prevent abuse and for diagnostic purposes.
If you find this logging policy to be concerning, you could always use a verified no logs VPN instead. This is especially true when you consider HideMyAss’s history of handing over customer data…
4. Troubling history of data sharing
No review of HideMyAss would be complete without discussing the case where HideMyAss handed over data logs for a court case.
According to Invisibler,
It appears that the FBI traced a hack into Sony back to an IP address owned by HMA and promptly got a UK court oder, demanding logs from HMA an incident HMA dubbed the “LulzSec Fiasco” in a post on their blog on September 23rd, 2011.
The 25 year old HideMyAss user received a one year prison term, one year home detention, 1,000 hours of community service, and was also ordered to pay $605,663 to Sony Pictures. This isn’t the first time a VPN has shared data about one of its users. IPVanish shared data with the FBI concerting a criminal complaint.
While nobody here advocates illegal activity, this case shows that HMA can and will share data from their customers with third parties. This brings us to our next point, where HMA VPN is located.
5. UK jurisdiction (bad for privacy)
Hide My Ass is a UK VPN service and must abide by all UK laws and regulations. Despite being owned by Avast, which is a cybersecurity company in the Czech Republic, HMA VPN continues to operating under UK jurisdiction. This is an important consideration.
The UK is a member of the 5 Eyes surveillance alliance, which facilitates the collection and sharing of mass surveillance data with other countries. Aside from this formal agreement, US companies can use the UK court system to obtain customer data, such as with the LulzSec case above.
Generally speaking, I would not recommend VPNs that operate under UK jurisdiction due to privacy concerns. However, this really depends on your threat model and reasons for using a VPN.
6. Buggy kill switch (with IP leaks)
For this HMA review, I ran some basic VPN tests to identify any major leaks or problems. I was testing the latest version of the Windows client at the time of this review. Before testing, I ensured all leak protection settings were enabled, as you can see below.
Next, I ran the VPN through some tests with the website ipleak.net. These tests included switching servers and simulating network interruptions to test if the kill switch was effectively blocking traffic.
In some instances, I noticed that the kill switch was not working properly, resulting in an IP address leak (IPv4). Below you can see that my real IPv4 address was leaking out of the VPN tunnel, despite having a connection to an HMA server in France.
I’m not certain what exactly was the root cause of the IP address leaks and this may have been an isolated issue with the specific version I was testing. Of course, you can also run basic VPN tests to verify if everything is working correctly.
Additional review findings
Below are a few items that do not really fit into the ‘pros’ or ‘cons’ category.
HideMyAss company history and acquisition by AVG / Avast
HideMyAss was started in 2005 by a student in England who got fed up with content blocks on his school network. Over the following ten years, HideMyAss grew into one of the largest VPN providers with hundreds of thousands of paying users.
In 2015, AVG acquired HideMyAss as part of a package deal for $60 million. Then, in 2016, AVG was acquired by Avast, which is based in the Czech Republic. We’ve noticed this trend over the past few years, with VPNs getting bought up by various firms. One example is TunnelBear, which was purchased by McAfee. Another example is CyberGhost, which was purchased by Kape Technologies.
Our website www.hidemyass.com and services are operated by Privax Limited, which is a limited company registered in England under company registration number 07207304, with our registered office at 110 High Holborn, London, WC1V 6JS, United Kingdom.
Finally, their End User License Agreement specifies that the United States will be used for arbitration if there is a dispute. This seems strange, since the company is operating from London.
HideMyAss uses virtual server locations
Another interesting aspect with HMA VPN is how much the company uses virtual server locations. In a nutshell, a virtual server location is when the IP address of a server appears to be in a country where it is not physically located. For example, HMA might have a “Dubai” server that is actually located in Europe. The IP address will be registered to Dubai, but the actual server will be located somewhere else.
The use of virtual server locations is not necessarily bad. Other VPNs offer this to provide more locations around the world, such as with PureVPN. HMA describes this as a “brand-new feature” on their website:
We provide virtual locations for many countries, e.g. Canada, Portugal, Indonesia, Malaysia etc.
This article is dated September 2019, and this is a bit misleading because HMA has been doing this for years – therefore this is not a “brand-new feature”. Additionally, we’ve found that HMA is not entirely honest about its use of virtual server locations. In fact, many locations that aren’t labeled as virtual are indeed virtual. We’ll have an article on this coming out soon.
Is HMA a good VPN for torrenting?
HMA VPN boasts about its P2P servers.
Despite appearing to be a good VPN for torrenting, it’s not, and here’s why.
First, a customer support agent explained that HMA passes on DMCA complaints directly to the VPN user. This fact alone proves that HMA is logging enough of your data to connect your activities to your identity.
Second, the HMA representative explained that they terminate accounts after multiple copyright infringement warnings. So even though HMA officially allows torrenting, in practice, you will have your account suspended for violating their terms. And when your account is suspended, you will not get a refund because you violated HMA’s Acceptable Use Policy.
Long story short, HMA is definitely not the best VPN for torrenting – there are many better options.
HMA review conclusion
Overall, HMA VPN is a decent VPN provider, but it doesn’t compare to some of the other big names in the industry, such as NordVPN and ExpressVPN.
If you need a basic VPN and you don’t mind the higher prices, bad jurisdiction, and the other drawbacks we discuss, then you can give it a try. After all, they do offer a full 30 day money-back guarantee on all plans.
If you are looking for top-rated VPN that performed much better in testing (and is currently offer three months free) then check out ExpressVPN.
For a cheaper discount VPN, NordVPN (based in Panama) is another good options.
And finally, the best VPNs list has a lineup of our top recommendations based on the latest test results.