HMA VPN (formerly HideMyAss VPN) has over 1000 servers in 190 countries worldwide. That makes it a superb option for accessing geo-blocked or censored content. HMA has software for all platforms and that software is extremely easy to use. As of 2020, HMA has released Version 5 of its applications, which adds privacy features and improves security for its users. HMA's excellent new software can be used on up to 5 devices simultaneously. This makes it perfect for families or people who own many devices. And, because HMA implements military grade OpenVPN encryption - it will protect your data from ISP and government snooping, and secure your data on public WiFi.
- Simultaneous connections 5
- Countries 190 pcs
- Jurisdiction UK
- ProPrivacy.com SpeedTest (average) 63.26 Mbps
Alternative VPN Choices for You
ProPrivacy.com Score 10 out of 10
|Visit Site Read review|
ProPrivacy.com Score 9.1 out of 10
|Visit Site Read review|
ProPrivacy.com Score 10 out of 10
|Visit Site Read review|
36 month$143.64 billed every 3 years
24 month$119.76 billed every 2 years
12 month$71.88 billed every year
HMA VPN has three subscription plans. The monthly plan is $11.99, which is about average for a single month VPN subscription of this kind.
That price reduces substantially when you commit for a year - to just $83.88 - or the equivalent of $6.99 per month. A two year subscription costs $119.76 - which is the equivalent of $4.99 per month. And, sice we last reviewed HMA, the firm has introduced an extended 36 month plan, which costs just $143.64 or the equivalent of $3.99 per month. These are competitive prices, but not the cheapest we have ever encountered.
All of the subscription plans for HMA VPN come with the same features; only the price changes. What's more, all customers are given the opportunity to test the VPN thanks to its generous 30-day money back guarantee. And, as if that wasn't generous enough, the VPN has a 7-day free trial that lets you test the VPN without providing any payment details at all. This is a very nice touch.
Please not, however, that users must not exceed 10Gb of download usage before they ask for a refund - or this will invalidate the money back guarantee. In addition, you cannot get a refund if you pay via iTunes or Google Play. So, if you do want the option to change your mind, please purchase the VPN directly from HMA. Many people have previously complained about not being able to get their money back, but it is always because of this fine print.
Auto-renewal of subscriptions is enabled by default, so if you don’t want to renew you will need to cancel your subscription in the member's area of its website. Finally, payments can be made via credit or debit card, PayPal, iDEAL, bank/wire transfer, UnionPay and SOFORT. However, HMA does not accept Bitcoin payments.
When it comes to streaming, this VPN is a service that is extremely competent. It is able to unblock a huge range of TV streams from around the globe, and, it manages to unblock highly sought after services like BBC iPlayer and Netflix US. In fact, many consumers opt for this service specifically because it is so good for streaming.
HMA VPN Features
|Routers Supported||Asus routers, Tomato, DD-WRT,Vilfo|
|Bare metal or virtual servers||A combination|
Now that Version 5 of the HMA client is available to all subscribers, a HMA subscription comes with the following awesome features:
1000+ VPN servers in 280+ locations in 190+ countries. HMA has servers in unusual places like the Falkland Islands, Papua New Guinea, Malawi, Serbia, and many more. If unblocking content in unusual places is important to you; this service is a great option.
Super fast 20Gbps servers (already rolled out across a quarter of its network)
IP refresh tool lets you get a new IP address in the same location (if the IP address you are using is suddenly blocked by a service)
Five simultaneous connections
Supports OpenVPN, Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) VPN protocols
Killswitch (Mac, Windows and Android).
New smart killswitch for Windows lets you auto-launch the VPN (with the killswitch enabled) when you launch specified programs.
Split tunneling. Lets you decide what data is sent down the VPN tunnel and which programmes keeps your local IP address instead.
Speed test feature lets you check how HMA servers are performing.
24/7 live chat support
30-day money-back guarantee (as long as you don’t download more than 10 Gb of data during the 30-day period and buy the VPN directly from the HMA website)
Improved logging policy. Never logs IP addresses and only keeps minimal connection logs for 30 days.
Free HMA proxy service with servers in the US, Germany, the Netherlands, the UK and the Czech Republic. Excellent free proxy service encrypts the URLs that get stored in your history (in case you forget to use private browsing mode), turns off cookies, and removes scripts.
Speed and Performance
At ProPrivacy.com we test VPN speeds using a scientific server-based system. Our proprietary system tests VPNs three times a day using the the OpenVPN protocol (for fairness across all providers). We test a UK server for local max (burst) speeds. And a Hong Kong, US, UK, and Australian server for averages. In the image below, you can see how HMA's connection speeds averaged over a four month period stretching from November 2019 to February 2020.
During our tests, we discovered average download speeds of 58 Mbps and burst speed results of 594 Mbps. These are outstanding connection speed results - that have improved since we last reviewed the VPN. These speed test results are stable, which means that this VPN is capable of unblocking HD streams without issues. Thus, we can recommend HMA VPN for data intensive tasks like streaming, gaming, and video conferencing.
As you can see from the image above, there are faster VPNs on the market. However, HMA compares extremely well to some of the best VPNs on the market, meaning that this is in the top percentile of commercial VPNs. In fact, the burst speeds we recorded are exceptional, and are almost identical to the very fastest VPNs in the world.
IP leaks, WebRTC leaks, and DNS leaks
|IPv4 leak detected?|
|WebRTC leak detected?|
|ProPrivacy.com SpeedTest (max/burst)||177.87|
|ProPrivacy.com SpeedTest (average)||63.26|
We tested the VPN thoroughly for IP leaks and DNS leaks using our industry standard VPN leak testing tool. We tested the Windows client and discovered no IPv4 leaks, IPV6 leaks, WebRTC leaks, or DNS leaks. This is excellent and means that the VPN is 100% working as it should. It is also worth noting that this means DNS leak protection is built into the clients by default - which is great.
Below you can see that the VPN only registered one IP address in Austria. We also only detected a single IP address, also in Austria. This demonstrates that the VPN is successfully proxying DNS requests via its own servers. These are ideal results. Also worth noting, the IPv6 test was not reachable because the client was blocking IPv6 connections. Again, this shows that the VPN is working as it should.
Finally, we are happy to report that HMA VPN no longer suffersfrom WebRTC leaks on either Mac or Windows. This is excellent and means that the VPN is now completely clear of leaks.
Privacy and Security
IPv6 leak protection
WebRTC leak protection
HMA was acquired last year by the Czech company Avast Software. However, it is still managed and run in the UK. Being based in the UK is enough to put some people off this VPN. The UK is a location where government intelligence is massively overreaching, and where the authorities are able to issue warrants and gag orders that force firms to hand over the data they have on their servers in secrecy. This makes the UK far from an ideal location for a privacy service to be based.
The UK's surveillance habits are especially problematic if a VPN stores logs, and HMA does. Admittedly, HMA has stopped storing connection logs with timestamps stored next to its subscribers complete IP address. This is a vast improvement.
That statement seems problematic, because enough IP address to trace a user back to their ISP - in addition to their name and payment method (which is held on file by both HMA and the subscriber's ISP) - could permit government authorities to acquire the user's entire IP address from their ISP.
This, combined with the fact that HMA stores timestamps next to the HMA IP address that the user connects to each session - seems to reveal that with enough effort a time correlation attack could be mounted against HMA users. This is far from ideal, and while the VPN has certainly improved its logging policy since we last reviewed it, it is still far from perfect.
We decided to challenge HMA on its continued collection of IP address info, and the firm told us:
“Since each HMA IP address is shared by multiple subscribers, we do not know which customers accesses a website using a given IP. We could theoretically match timestamps of the attack with time stamps starting and ending the VPN session of subscribers using that particular IP address, but since there are multiple users connected at the same time, we wouldn’t be able to use that to detect a single subscriber.”
We accept that shared IPs are infinitely more private for VPN users. However, as far as we can tell the anonymized IP logs in question can still be used to track down HMA users via their ISP. Thus, whether you feel secure enough using HMA will really come down to your personal threat model. Admittedly, 99.9 % of people will acheive high enough levels of privacy using HMA. After all, a time correlation attack is a highly targeted attack that the authorities would only leverage against someone who had perpetrated a pretty severe crime.
On a more positive note, another way that HMA has improved its logging practices is by deleting the connection logs it collects every 30 days. This minimizes the amount of information that the authoritis could get from HMA with a warrant. It is also worth mentioning that HMA does not store any records of what people do online (the websites they visit) while connected to HMA VPN servers. These usage logs are always deleted, which is good.
Finally, it is worth noting that there have been incidents when HMA has handed over logs to the police. In 2011, HMA handed over internet records and personal details about Cody Kretsinger to the cops. Kretsinger was a LulzSec member accused of hacking Sony Pictures; he was imprisoned on hacking charges (in part proven with the help of HMA). In 2017 a judge from Galveston County, Texas was arrested for harassing his ex-girlfriend. He was an HMA user whose IP address was uncovered using connection timestamps.
The HMA website claims that it implements its encryption as follows:
“OpenVPN is using OpenSSL with algorithms 3DES, AES 256, RC5, 256-bit encryption for the control channel (e.g. password, authentication, etc.).”
That is extremely vague. After some digging, however, I was able to figure out that HMA implements its encryption as follows:
Data channel: a AES-256-CGM with 4096-bit RSA keys for handshakes, and SHA256 for authentication.
Control channel: an AES-256 cipher with RSA-2048 handshake encryption and SHA-1 hash authentication. Perfect Forward Secrecy is provided courtesy of a Diffie-Hellman key exchange.
Any subscriber using the very latest version of HMA will get these encryption standards, and will find that the encryption is robust on both channels. This means that anybody using HMA is secure against anybody attempting to hack their data. For more information on VPN encryption please read our VPN Encryption: Complete Guide.
Finally, it is worth noting that HMA told us that those standards may revert back to AES 128 CBC with a SHA 1 auth for 'Legacy Users.' This is a slightly confusing statement, and we aren't clear in which circumstances that may occur. However, we would presume that anybody using an up to date machine and the latest client will connect using the standards mentioned above.
Money back guarantee length
HMA has excellent options when it comes to customer support. Live chat is available on its website 24/7 and its agents are both helpful and knowledgeable. The agents responded almost immediately, and we found them to be extremely polite. All in all, we found the service outstanding for getting fast responses about unblocking content and installation help.
Admittedly, some of the more techy questions had to be elevated to a more senior tech member of staff. This was done by the customer support agent who told me we would receive a response via email. That email did come to our inbox with the desired information, which is great.
In addition, the website has a community where you can ask fellow users questions about the service; a Blog where you can see useful articles about VPNs, privacy, and using VPNs to access content from around the world. And a knowledge base full of FAQs and guides that will help you to resolve the majority of setup and troubleshooting issues you are likely to experience.
We found these resources to be truly outstanding, and they act as a fantastic counterpart to the live chat support.
The Windows Client
The Windows VPN app is a fully-featured client that is easy to use. It comes with a killswitch to stop you leaking data to your ISP - should the VPN connection happen to drop out. This means you will be able to use HMA for torrenting securely.
On the other hand, HMA specifically told us that "we do not support the use of Torrent to share copyrighted material illegally. If you use our VPN service for such activity, you will probably cause us to receive DMCA notices from the copyright holders, who monitor Torrent trackers." Thus, if you are looking for a VPN for torrenting it is probably better to look elsewhere.
On a more positive note, the Windows client comes with a lot of excellent features such as auto-connect, IP shuffle for automatically gaining a new IP address in the same location (useful if an IP address becomes blocked by a specific service), and lightning connect (to connect to the fastest server available to you). Unfortunately, split tunnelling is not yet available in the Windows client.
Users get a choice of OpenVPN or L2TP/IPsec encryption. And the OpenVPN encryption is implemented securely. Also good news; this VPN is fast and unblocks a lot of content from around the world. As a result consumers looking for privacy from their ISP, unblocking capabilities, and WiFi protection - will find this VPN to be ideally suited to the task.
On the other hand, it is worth considering whether you are happy paying for HMA - when you can pay a similar price for a VPN that offers tighter security and better logging practices. At the end of the day, this depends on your personal requirements, and if you need a server in one of the more exotic locations that HMA has - this VPN may be extremely interesting!
The Mac client
It also now has the IP shuffle feature, which randomly changes your IP address at user defined intervals. This adds an extra layer of privacy and makes it harder to track HMA users. In addition, Mac users get:
- An app Kill-Switch
- Lightning connect
- Speed Test
- Auto Connect
On the whole, the Mac OS X app is easy to use, and we found it to work without crashing. Having a large choice of server locations is useful, and, because this VPN is good for unblocking Netflix and iPlayer; it could be a worthy choice for people who like to stream.
OpenVPN encryption is available, however, it is worth noting that it is not implemented as strongly as it is with many competing VPNs on the market.
The mobile apps (iOS and Android)
If you are looking for a secure VPN for Android or iOS, the HMA clients are pretty good. The VPN has DNS leak protection built into its clients, and the Android mobile VPN app has a killswitch. Unfortunately the iOS app does not yet have the killswitch.
On Android, subscribers get OpenVPN encryption. On iOS users must settle for L2TP/IPsec. Having a large choice of servers is useful, and for those who aren't particularly paranoid about the minimal logging practices - this VPN is probably a good option ( for example it unblocks Netflix US and iPlayer).
If your primary reason for wanting a VPN for a mobile device is to protect your data on public WiFi - this VPN will do the job fine on either Android or iOS - and it will successfully stop hackers from being able to sniff your data.
If you are looking for a VPN with a completely watertight logging policy, you may want to look elsewhere. Being based in the UK is not ideal, and because this VPN stores connection logs (timestamps and bandwidth used) next to an (albeit slightly anonymized) IP address - this VPN may not be suitable for everybody.
The good news, is that on Mac, Windows, and Android this VPN has a killswitch. It also has DNS leak protection built into all of its clients, and it does not suffer from any concerning leaks from our experience. The killswitch is reactive and it is not system level, which means that if the VPN crashes you will leak data to your ISP. However, the VPN did not crash during our tests, so it should perform fine.
Although HMA permits torrenting, it does ask users never to indulge in illegal downloading while using its service. Thus, if you are primarily looking for a VPN for torrenting we would recommend looking elsewhere.
So, why get HMA? HMA is a service that is not expensive, and if you specifically require a server in a more exotic/rare location (that isn’t covered by other VPN providers) this VPN is a good option. It is also true that this VPN can protect you on public WiFi without issues.
Assuming you aren't someone who requires extremely high levels of privacy, the level of service provided by HMA is likely to be more than enough. We are also happy to report that since the last time we tested the VPN, it no longer suffers from WebRTC leaks that must be manually plugged using an extension.
Speed test results were excellent, which means that this VPN is ideally suited for doing data-intensive tasks like streaming in HD or gaming. Also, don’t forget that this is one of the few VPNs that can unblock BBC iPlayer and Netflix US. A VPN that provides excellent value for money and that is suited to 99% of people’s needs.