ProPrivacy is reader supported and sometimes receives a commission when you make purchases using links on this site.

HMA (formerly Hide My Ass) User Arrested

Using a VPN offers many advantages, but one of the most important is that it can greatly improve your online privacy. The problem, however, is that your VPN provider can always monitor what you get up to on the internet, and will always know your true IP address.

This is why I am always careful to make clear that using a VPN provides privacy, but not anonymity. Many good VPN services go to great lengths to address this issue, using methods keeping no logs and using shared IPs to greatly improve their customer’s privacy. HMA, however, as the recent arrest of one its, is not one of these.

In Galveston County, Texas, disgraced judge Chris Dupuy has been arrested and forced out of office for harassing an ex-girlfriend, and another woman he was once interested in. He placed fake adverts featuring the women in the Escorts section of the website, complete with photos.

"The ads featured the women’s and made clear that at least one of them was "VERY FETISH FRIENDLY. To add insult to injury, the women weren’t even portrayed as high-class: The "sexy nurse” charged a mere $70 per half hour.

It goes without saying that this is a despicable thing to do, but it is the method by which Dupuy was caught that I find interesting,

"Hardcastle [a Harris County Sheriff’s investigator] explained that he had worked backwards from the ads to trace masked IP addresses in Venezuela, Colombia and Germany. The sophisticated software allowing the user to conceal his location had a decidedly unsophisticated name:

Notice the words "sophisticated software”. This means that Dupuy was not using the free HMA web proxy, but had a paid account and was using the HMA VPN client.  The fact that HMA’s Venezuela and Colombia servers are only available to paid users clinches the evidence.

Not the time HMA has done this!

No further details are available, but it seems clear that HMA is back to its old tricks. In 2011 the UK-based company handed over internet records and personal details of one of its customers, Cody Kretsinger, to the police. Kretsinger was a LulzSec member accused of hacking the Sony Pictures and received a prison sentence for his involvement in the crime.

HMA is a UK and is therefore required to keep extensive connection (metadata) logs,

"When you use our VPN service the only data we collect is as follows:

  • a time stamp when you connect and disconnect to our VPN service;
  • the data transmitted (upload and download) during your session;
  • the IP address used by you to connect to our VPN; and
  • the IP address of the individual VPN server used by you.

This is a problem that is only likely to get worse when the upcoming Investigatory Powers Bill, aka the "Snoopers Charter”, comes to force. Referring to the "LulzSec Fiasco”, HMA later released the following statement,

"Our VPN service and VPN services are not designed to be used to commit illegal activity. It is very naive to think that by paying a subscription service to a VPN service you are free to break the law without any consequences.

Fortunately, other VPN providers care a great deal more about protecting their users’ privacy. Please do not get me wrong – I do not condone the actions of criminals (and those of ex-Judge Dupuy are particularly nasty), but I am also a passionate believer in the right of ordinary people to privacy.

This is because privacy is a pre-requisite to freedom of thought and freedom of expression - the cornerstones of a free society. When people feel they cannot openly discuss topics, and that their every conversation is being recorded and passed on to the government, a "chilling effect” occurs on free speech.

HMA is a service to be avoided by privacy lovers at all costs. For a list of services that do go to great lengths to protect their users’ privacy, plus a discussion on how they achieve this, please check out 5 Best Logless VPNs.

Written by: Douglas Crawford

Has worked for almost six years as senior staff writer and resident tech and VPN industry expert at Widely quoted on issues relating cybersecurity and digital privacy in the UK national press (The Independent & Daily Mail Online) and international technology publications such as Ars Technica.


on January 3, 2018
hiya, hidemyass has servers everywhere(they advertised 220+ countries, while as far as I know, there is 193+ countries exited in the planet earth only!), I'm looking for similar service with servers everywhere but with anonymity, could u suggest one plz?
Douglas Crawford replied to Blonde
on January 4, 2018
Hi Blonde, Yes, the fact that HMA has servers just about everywhere is one of its big selling points (although at last some of these are almost certainly virtual servers). As you say, though, it is not private (VPNs should always be regarded as providing privacy, not anonymity). I think your best bet is ExpressVPN, which is very good for privacy (no IPs or timestamps logged) and has servers in 94 countries. Other options are listed in Best VPN with Most IP Addresses.
on May 4, 2016
use better this vpn: no logs, and have kill switch server country, seychelen, and no logs best vpn
rigoberto replied to darkmen
on July 4, 2016
I forgot my username and password.
Papa Snarf
on May 3, 2016
Thanx for this post. I blasted them all over Twitter. And will never recommend this VPN.
on April 29, 2016
Thanks for highlighting the "not so good" VPN providers in this article. Whilst I am only interested in the 1st world problem of accessing my wife's favourite US Netflix TV shows and don't think I am at risk of being pursued by NSA (or equivalent local authorities) I do appreciate the information that there are different levels of VPN "privacy". I also followed your link to "5 Best logless VPN's" and read both it and the comments. In the comments you replied to a query about Nord being ranked #1 on this list when users had their IP addresses leaked? You admitted it was an old article (from 2013?) and you had been meaning to update it .... and yet here it is being referenced as a source of recommendation in this current (April 2016) article? Why continue to reference the article when you know it is outdated and inaccurate? My suggestion is to either update the article or remove the link to ensure your readers are getting the most accurate information on this subject. Cheers
Douglas Crawford replied to Storm1700
on May 2, 2016
Hi Storm1700, The actual order of our "5 Best" lists is a group decision, and final say rests with the management. The fact that NordVPN is based in Panama persuaded the rest of the ProPrivacy team to keep NordVPN in top place. I personally do not think NordVPN should have the number 1 spot, mainly because it can be very slow and it simply does not pay attention to the the details of privacy in the way that AirVPN and BolehVPN do. That said, it is a good service with a good regard for privacy. The issues that our reader had with leaked IPs could be for a number of reasons that are not directly related to NordVPN, (please see A Complete Guide to IP Leaks). A bigger issue, IMO, is that NordVPN sends users’ passwords via plaintext email. This can (and should!) be changed in the website’s user account area, but is nevertheless very bad form.

Write Your Own Comment

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

Your comment has been sent to the queue. It will appear shortly.

  Your comment has been sent to the queue. It will appear shortly.

We recommend you check out one of these alternatives:

The fastest VPN we test, unblocks everything, with amazing service all round

A large brand offering great value at a cheap price

One of the largest VPNs, voted best VPN by Reddit

One of the cheapest VPNs out there, but an incredibly good service