As of May 5th, HideMyAss finally became a no logs VPN – a massively encouraging step for a VPN that's had its fair share of troubles, including acquisitions in 2015 and 2016 and some concerning press coverage.
But, being a veteran of the VPN market and rekindling an innate desire to facilitate a secure and borderless online experience has provoked real change. HMA began when Jack Cator wrote a proxy to circumvent a school firewall – and this is very much the spirit HMA has recaptured with its no logs announcement.
HMA goes no logs – how and why?
HMA has been a longstanding staple of the VPN scene and a consistently popular choice for streamers thanks to the fact it has little trouble accessing streaming sites across the globe, but its privacy concerns left other users wary.
However, with its v5 launch, HMA has turned a new leaf and been singing from the rooftops.
We've updated our privacy policy, we've revamped our legal mumbo-jumbo, and now we can, one more time, proudly declare that we are a no-log VPN. It's true. But we don't expect you to take our word for it: we're in the process of getting our infrastructure audited by an independent security company.
The commitment should reassure anyone side-eyeing the VPN after its involvement in criminal cases in 2011 (wherein a LulzSec member was accused of hacking Sony Pictures) and 2017 (where a Galveston County judge was arrested for harassing his ex-girlfriend), where HMA logs and connection timestamps were used to convict. Now, HMA has done away with retaining some connection logs for 30 days entirely.
We should note at this point that activities that are illegal without a VPN are just as illegal with one, and we don't advocate for lawbreaking – only the privacy of everyone who uses the web.
Existing and prospective HMA users will be able to enjoy the internet without surrendering identifying information. What's more, HMA's shiny new no logs policy is going to be subject to a third-party audit by VerSprite.
Which logs has HMA ditched?
As of its v5 launch, HMA VPN no longer stores the following data:
- Your original IP address
- Any DNS queries
- Your connection timestamps
- Your online activity
- How much data you've transferred
Plenty of VPNs already play by these rules, and whilst this doesn't detract from HMAs improved stance, it should be treated as a baseline for all VPNs.
Does HMA keep any logs now?
It does, but none of the data can be traced back to you or identify what you were up to when connected to the service. Here's the bare minimum:
- General connection dates – these are used for customer service inquiries and are kept purposefully non-specific, only identifying whether you connected at morning or evening
- The subnet of your originating IP – the final octet will always be anonymous, and this data is held onto in order to plan network demand and capacity
- The IP of the HMA server you're using – again, used exclusively for customer service troubleshooting and to identify demand
- A general estimate of your data usage – the exact amount is never recorded, being floored to the first digit, and HMA won't ever know what the data is, exactly, or tie it to you permanently
Seal of approval
As HMA say themselves, it's all well and good to go around claiming that you have a no-logs policy – but having this proved through an independent audit is one of the surefire ways to make sure that guarantee is cast-iron. Recently that's exactly what they've done, roping in the highly reputable cybersecurity firm VerSprite to verify that they're keeping their promises.
The good news for both HMA users and prospective customers is that they passed! This is great news for the provider but also for anyone that cares about privacy; the more VPNs that request an independent audit by security companies, the more likely it is to morph into a universal industry standard. HMA said of the audit:
The introduction of the no-logging policy in May this year was phase one of our privacy champion initiative. This stamp of approval from VerSprite completes phase two, and moving forward we will also be introducing new privacy features, connection protocols, and improvements to our infrastructure so we can better protect user privacy
Overall, this is a really encouraging move to see from HMA, and shows they're serious about keeping their users safe. Exactly like a VPN should do.
No logs and more: the rest of the HMA update
Besides its no logs policy, HMA has introduced several other features in its v5 upgrade, including:
- An app redesign – driven by user feedback, HMA has decluttered its interface and made even its more advanced features a cinch to use.
- IP refresh – a handy feature if you've been blocked, giving you a new IP in the same location.
- Kill switch – no VPN is totally infallible, and a kill switch keeps you protected even if your server connection drops.
- Split tunneling – a useful tool that routes selected data through your VPN and the rest of your apps local, for Android only.
- Speed test – Mac and Windows users can check out their speeds in a few clicks.
- Faster server speeds – HMA is rolling out 20Gbps servers across its infrastructure.
All in all, with the promise of updates to come and more news on the way, it's certainly an exciting time to follow HMA's development as it steps back up to the mantle of a real champion of its users' right to privacy. If you want any more information about their service, check out our HMA review.