Ah, the internet… it connects us to so many new people, places and ideas, letting us learn or share virtually anything we want in a matter of seconds. It also allows giant corporations to track our every move for marketing purposes, gives governments the ability to compile staggeringly detailed surveillance profiles based on our browser history and serves us up on a silver platter to hackers, identity thieves and other ne’er-do-well netizens – threats so overwhelming, they make even the best of us want to, well, hide our asses.
Here to fulfill that desire is the aptly-named Hide My Ass – often abbreviated to HMA, so it’s safe for work, school, Grandma, etc. As a VPN provider, HMA promises to provide you with beefed-up security, military-grade data encryption and a privacy force-field to keep the nosy and the nefarious out of your business.
But does HMA keep its promises? Don’t risk any accidental exposures; read our HMA review and find out the facts before you end up in a compromised position!
HMA was founded in 2005 by British student Jack Cator, then 16 years old and frustrated with his school’s restrictive firewalls. Over the course of a few hours, he created a web proxy so he could access games and music on campus; after sharing the proxy online and seeing how many people were interested in it, he decided to monetize and expand his creation.
In 2009, HMA became a full-fledged VPN provider rather than a mere proxy. The company was acquired by Czech cybersecurity firm AVG Technologies in 2015, which in turn was acquired in 2016 by another Czech software company, Avast; HMA is currently owned by Avast but continues to operate out of the UK.
HMA’s website contains a plethora of reminders of the company’s teenage origins: attitude, snark and blunt jokes populate just about every page. Without a VPN, the company claims, you’re “as exposed as an evangelical nudist”; other providers’ speeds are “slower than an arthritic turtle” – and that’s just the first two paragraphs of the home page!
It’s a divisive but solid approach to originality. Love it or hate it, you can’t deny that there’s no other VPN quite like HMA, at least in terms of company image.
Accompanying the comedy-club copy are illustrations of HMA’s anthropomorphic donkey mascot, Jack, in various states – passed out on a chair after binge-watching Netflix, wide-eyed after getting caught on the toilet, zenned-out in the lotus pose while various electronics float around him. These images remind us of TunnelBear, another animal-themed VPN, though they’re decidedly more adult-oriented than their ursine ilk.
HMA’s textual content isn’t as prominent as its visual gags, but it’s present if you do a bit of digging. Most of it is found on the company’s blog, where it’s loosely organized into categories like Privacy, Online Freedom and Product News; posts range from encryption and kill switch overviews to streaming guides to updates on global privacy laws.
We wish that some of this content was more accessible from the main HMA website, especially the feature overviews since they contain important information for potential customers. But we do appreciate that it’s included at all – some providers barely supply any technical information, leaving you with little more than a few marketing quips and “buy now” buttons.
Windows, macOS, Android and iOS users can partake in the full HMA experience with the company’s VPN apps. Linux users don’t get a full app but can use HMA’s OpenVPN Linux scripts for additional command-line functionality.
HMA can also be configured on a VPN-ready router. Some routers from Asus, Netgear, Linksys, D-link and similar companies support VPNs out of the box, but many others can be flashed with a firmware like DD-WRT, OpenWRT or Tomato that enables VPN usage; HMA provides guides for configuring the VPN on both stock and custom router firmwares.
Additionally, HMA stays true to its roots by offering free proxy extensions for Chrome and Firefox. Though these proxies encrypt your data and allow you to mask your IP address, they’re not as secure as a full VPN and they only protect your web browser; still, they’re excellent options if you ever need free, on-the-fly privacy.
HMA’s apps seem to be designed with simplicity in mind. The home screen doesn’t bombard you with statistics and options; rather, it presents you with three mode options: Instant, Location and Freedom.
Instant mode does exactly what its name suggests. Click or tap the button and the app locates your nearest and fastest server, connects you to it and sends you on your way.
Location mode allows you to peruse HMA’s full selection of servers. You can browse the entire country list, view HMA’s recommended servers or filter your options for streaming- or P2P-optimized servers; you can also compile a list of favorites for easy access in the future.
Freedom mode connects you to the nearest server in a “free speech” country – defined by HMA as a country with no (or minimal) internet censorship. It’s a good option for travelers or residents of restrictive nations, but we suspect that the majority of users won’t need this mode.
Once you’re connected to a server, you can view your old and new IP addresses by selecting the “information” button next to the server name, but that’s it for connection stats. The connection times, bandwidth usage and other details that you get with other VPNs are absent here, which declutters the interface but may leave advanced users a little disappointed.
In the Preferences panel, you can define the app’s startup behavior, configure automatic connections, enable the kill switch (except on Android; see the “Kill Switch” section for more) and, on the desktop apps, switch between OpenVPN’s UDP and TCP modes. Many of the advanced options you may be used to from other VPNs – protocol switching, port forwarding, DNS configuration, leak prevention, split tunneling – are absent from HMA’s apps.
Usability Score: 7/10
Right off the bat, HMA charms you and puts a smile on your face, but the website does seem a little devoid of substance until you get to the blog. The articles there are informative and engaging, so it’s a shame they’re not given more of a spotlight; featuring a few of them more prominently would go a long way towards attracting and educating more users.
App selection is pretty typical, covering all the main OSes plus various routers. While we wouldn’t object to more configuration guides for other devices, like streaming boxes and gaming consoles, HMA’s router capabilities make up for this deficit (assuming your router is VPN-ready).
The apps themselves are catered to new and casual users who simply want to get connected and get back to business. For this purpose, they’re excellent – they’re not bogged down with superfluous statistics or endless settings, so you’re never more than a few clicks away from being connected.
But if you prefer more fine control over your VPN experience, HMA may underwhelm you. You’re limited to one protocol and none of the more intricate settings (ports, DNS) are user-changeable; additionally, the server list doesn’t include load or latency information, so there’s no way to predict your connection speed or reliability before choosing a server.
We’d like to see more advanced options in HMA’s apps. They don’t need to be front and center, nor do they need to alter the apps’ design in any significant way; even including them in a low-key “advanced settings” tab would do a lot to enhance the functionality of this VPN without impacting its overall ease of use.
Servers and Locations
HMA offers over 960 servers with IP addresses from over 190 countries – an impressive distribution that essentially encompasses the entire world. This expansive coverage is made possible by HMA’s use of virtual servers, which constitute around 50% of the server array.
A virtual server is a server (or partition of a server) that’s been configured to use IP addresses from a different country than the one it’s actually located in. A server in Canada, for instance, could be split into two partitions that each behave as if they’re individual servers, with one giving out Canadian IP addresses and the other giving out Brazilian IP addresses.
VPN providers use virtual servers to save money and resources – no hardware needs to be purchased or maintained in far-off locations with poor infrastructures, plus virtual servers can be set up, altered or taken down as needed to meet customer demands. They can also allow for location masking without the associated slowdowns; an American user could connect to a USA-based virtual server offering UK IP addresses and get higher speeds than if a UK-based physical server was used, thanks to the shorter connection distance.
But some VPN users don’t like them because they reduce the control you have over where your data travels. They can also cause confusion over speeds if the true location of the server isn’t disclosed – using our previous example, a Bolivian user might connect to the Brazilian server, thinking that speeds will be good since it’s nearby, but be met with unexpectedly high ping times since the actual server is thousands of miles away in Canada.
HMA discloses some of its virtual servers (it lists New York-based virtual servers for Germany, Canada and the UK, for instance) but most are not labeled as such. If you’re concerned about where your data goes, you may want to find a provider that only uses physical servers (or at least discloses the true locations of its virtual servers).
But if all that matters to you is being able to obtain an IP address from any country you wish, HMA is a great option. Europe and North America are, of course, the most well-covered regions (servers are available in every US state except Colorado and New Jersey, and just about every European country, including VPN rarities like Greenland and Vatican City), but no continent except Antarctica is left behind.
All South American and many Central American countries are covered, plus the majority of Asia, the Middle East and Oceania (including countries with VPN restrictions like China, Iran, Turkey, Turkmenistan and the UAE; even North Korea has six IP addresses up for grabs). Every country in Africa (except Seychelles and South Sudan) has at least six IP addresses as well.
You’re very unlikely to max out your base connection with a VPN – data travels fast, but when it’s making a pit stop at your VPN server each way, delays are inevitable. Speed reductions also occur based on factors such as server load, encryption strength and hardware quality, making it impossible to predict just how fast your VPN will be.
We evaluate a VPN’s speeds based on how they compare to those of the other top VPN providers we’ve reviewed. There are a few trends that we use as benchmarks: local connections should be within 80% of baseline speed, Europe-North America connections should be within 60% of baseline speed and other connections should (mostly) be within 80% of baseline speed.
HMA doesn’t disappoint here, with local speeds clocking in at 85% or more of baseline speeds in North America and Europe. If your home connection is solid (75-100Mbps), you probably won’t notice a difference when you’re connected to a nearby HMA server unless you’re doing some heavy multitasking – say, streaming 4K video, downloading a large file and making an HD video call simultaneously.
Longer distances aren’t a problem for HMA, either. Connections between Europe and North America still fall within 75% of baseline speeds, even when stretched out between the west coast of the USA and mainland Europe.
Other locations are more variable – Hong Kong, for example, returns speeds between 20-50% of baseline at different times – but adequate overall, likely due to HMA’s use of virtual servers for most of its far-off locations. This practice helps to avoid slowdowns associated with poor infrastructures and slow connections in remote regions while still providing IP addresses from them.
Content licensing restrictions have always been a point of contention between streaming sites and their users, but ever since it became common knowledge that such restrictions can be circumvented with a VPN, the battle has escalated into an all-out war. Netflix, Hulu and other sites deploy advanced tools like deep packet inspection to detect and ban VPN IP addresses en masse, and VPN providers are struggling to stay one step ahead.
HMA fares better on the streaming front than some of its competitors, but results are still hit-or-miss. You’ll probably have the best luck with its streaming servers, which can be found by filtering for “Streaming” in the app’s location picker: the UK streaming server is pretty reliable at unblocking BBC iPlayer and sometimes even works with UK Netflix, while the USA streaming server usually works with American Netflix.
You might be successful with the non-streaming servers once in a while, but don’t count on it for everyday use. We hope that HMA continues to improve its streaming performance, especially since it’s such a big selling point for the VPN.
Performance Score: 7/10
HMA covers more countries than any other provider we’ve seen, so it’s an excellent choice for globetrotters or anyone who wants to look like a globetrotter. If you’re ever in need of a North Korean IP address for some reason, this is the only VPN we know of that can help you.
The caveat, of course, is the fact that many of HMA’s servers are virtual servers with undisclosed physical locations. Even if most users aren’t concerned with the jurisdictions their data passes through, it’s important for a VPN provider to be transparent about its practices so that users can make informed choices about their online security; virtual servers aren’t inherently bad, but they should be labeled as such and their actual locations should be given as well.
As far as speeds go, both the physical and virtual servers perform well, exceeding our benchmarks for the most common usage situations. If you typically stick to local servers or ones in popular countries like the USA, the UK or Germany, you probably won’t be able to tell you’re using HMA – and that’s a good thing with regards to speed.
Streaming is another story, and a bit of a disappointing one at that. Though Jack the donkey’s couch potato persona on HMA’s front page suggests otherwise, you’re likely to encounter at least a few error messages when trying to access Netflix, even if you’re using HMA’s designated streaming servers.
The streaming wars are taking their toll on just about every VPN provider, but we have hope that HMA will recover some strength and emerge victorious over the geo-blockade. For now, though, if you want consistent access to a variety of streaming sites, you may want to look for another VPN.
Your VPN protocol plays a role in determining your connection’s security, reliability and speed. While the basic structure of a VPN connection is always the same, the protocol dictates the finer details of both the encryption and the transfer of your data.
HMA offers four VPN protocols, though you can’t switch between them in the current versions of the apps (except the Linux “app”). Unless you’re using a legacy app or a manually configured connection, you’ll be limited to one protocol based on your OS.
OpenVPN is the most popular VPN protocol, and for good reason: it’s fast, it’s secure, it’s versatile and it’s open-source. It’s used by the Windows and Android HMA apps, and it’s recommended for Linux users as well.
HMA’s implementation of OpenVPN uses AES-256 encryption, the algorithm that’s recommended by most security experts. The Windows app allows you to switch between UDP (for speed) and TCP (for reliability); Android users are limited to UDP.
IKEv1/IPsec and IKEv2/IPsec
Apple and OpenVPN don’t get along very well; there are so many App Store restrictions in place that most VPN app developers opt to use the Apple-approved IKEv2/IPsec protocol instead. HMA is one of these developers, thus IKEv2/IPsec is the protocol used by the macOS and iOS HMA apps.
IKEv2/IPsec is similar to OpenVPN in terms of security and speed, but it’s at a disadvantage when it comes to firewall evasion. It relies on UDP port 500, which is frequently blocked by firewalls on business and public WiFi networks, so you may not be able to get connected as easily as you would with OpenVPN.
The legacy app for older versions of macOS/OS X supports IKEv1/IPsec, the predecessor to IKEv2/IPsec. It’s slower and less reliable than IKEv2/IPsec, but it’s the best protocol option in the legacy app.
HMA’s legacy apps for Mac and Windows support L2TP/IPsec, an older protocol that’s slower than IKEv2/IPsec and OpenVPN. It’s also rumored that the NSA is able to break L2TP/IPsec connections, so most security experts recommend using a newer protocol if at all possible.
Available in the legacy Mac and Windows apps, PPTP is the oldest VPN protocol and, unsurprisingly, the least secure; it’s been cracked multiple times and shouldn’t be used for anything even remotely sensitive. But it’s fast, so some people like to use it for streaming, video chatting and other applications where speed matters.
A VPN may hide your real IP address from the internet, but the new one you’re assigned can still be used to tie your various activities together (if not necessarily back to you). HMA’s IP Shuffle feature for Windows, macOS and Android helps to mitigate this risk by automatically obtaining a new IP address at intervals of your choosing.
You can set IP Shuffle to grab a new IP address as often as you’d like: once a day, twice a day, once an hour, ten times an hour or anywhere in between. Your connection will drop briefly when switching IP addresses, so it’s important to enable the kill switch when using IP Shuffle to prevent data leaks during these periods.
Unexpected connection drops are annoying, but with VPNs, they’re potentially dangerous. Your browser, torrent client and other internet apps will continue sending and receiving data over your unsecured connection, potentially leaking your IP address, passwords and other personal information.
To prevent this, most VPN apps include a kill switch, and HMA is no exception. Its kill switch works a bit differently than most others, though: rather than blocking all traffic when the VPN disconnects, it blocks only the apps you specify from accessing the network.
The ability to customize your kill switch is neat, but some may find it inconvenient, as you must manually select each app you want to block; if you install a new app and forget to add it to your kill switch list, it won’t be affected by the kill switch. It would be nice to have the option to block all traffic rather than just the apps that make it onto the list.
HMA’s Windows and macOS apps offer the kill switch, but the mobile apps don’t currently include it. However, if you’re using Android 8 or up, you can activate the OS kill switch in your system settings, which serves the same function.
Security Score: 7.5/10
Most users will find HMA’s security features perfectly adequate, and casual users in particular may appreciate the lack of options. Sometimes less is more, and overall it’s probably better to limit users to one secure protocol than to give them several more less-secure ones to choose from.
With that said, we wish that HMA would offer OpenVPN on macOS and iOS. The lack of iOS support is understandable (most VPN providers won’t jump through Apple’s hoops to include it in their iOS apps) but the lack of macOS support isn’t; we haven’t seen any other macOS VPN app without OpenVPN support.
We do like the ingenuous IP Shuffle feature, which provides an extra layer of protection that’s incredibly easy to use and understand. But we’re less enthused about the kill switch, which is unnecessarily convoluted and requires more upkeep than most VPN users will be used to (or prepared to remember).
In addition to a streamlined kill switch, we’d like to see a few more security-oriented settings, particularly DNS and WebRTC leak protection. While we feel confident in saying that HMA is secure, there’s still room for improvement, especially in the mobile apps; hopefully future updates will standardize the security features across all OSes.
HMA Privacy and Policies
HMA is based in the UK, which has been the topic of some concerning privacy-related news in recent years. For starters, it’s part of the Five Eyes surveillance alliance, which collects and shares internet data on a massive scale; member countries even spy on one another’s citizens through email, text messages and, yes, browser data.
Recent UK legislation known as the Snooper’s Charter has also put many privacy enthusiasts on edge. The hotly-contested law could pave the way for the government to force companies (including VPNs) to install backdoors on their servers and decrypt encrypted data upon request, though various privacy organizations are fighting to remove these provisions before they take effect.
Activists have succeeded in striking down some of the UK’s other privacy-invading laws, such as one that allowed the government to force private companies to store communications data. Most recently, the UK Supreme Court ruled that the government can no longer use general warrants to secretly hack citizens’ devices and communications
The future of online privacy in the UK seems to change every day. If you’re planning to use your VPN for anything you don’t want the British government potentially knowing about, it may be wise to choose a provider in a different jurisdiction.
Your email address and username are stored for as long as you use HMA. This is normal and necessary for you to be able to access your account.
Some session data is collected and stored for 30 days: connection timestamps, bandwidth usage, the IP address of the VPN server you use and your real IP address subnet. The latter is not your full IP address and does not personally identify you as the last part of the address is anonymized (for example, 188.8.131.52 would become 43.134.57.000), but it could potentially be used to identify your VPN usage by someone who already knows your real IP address.
HMA claims to use your IP addresses to adjust the number of servers in a given region based on demand, as well as to troubleshoot issues with specific ISPs and servers. No DNS queries, URLs, activity logs, file names, site content or any other information about what you do with the VPN is ever collected or stored (except the aforementioned total bandwidth usage).
In 2011, it was revealed that HMA assisted American law enforcement with tracking down a hacker and HMA user named Cody Kretsinger, who used the VPN to hack into Sony’s servers and steal user data. Authorities retrieved the attacker’s IP address from the Sony servers and traced it back to HMA, which was then issued a court order forcing it to hand over its logs from the time of the attack.
It’s not publicly known exactly what information HMA provided, nor is it known to what extent the information helped with identifying and tracking Kretsinger. In its statement, the company reiterated that it does not permit its VPN to be used for illegal activities and that it fulfilled its legal duty to cooperate with law enforcement and comply with court orders.
Regardless, the case showed that HMA does log enough information to potentially be of some use to authorities, and that it will produce these logs if required to by a court. We don’t condone illegal activities, but if you’re concerned with law enforcement for any reason, you may want to opt for a zero-logs provider.
HMA does permit torrenting and even offers specialized servers for torrenting and other P2P filesharing. The company’s policies do state that distribution of copyrighted content is not permitted, but this isn’t really enforceable since none of your activity is monitored or logged.
However, some users report issues with slow torrent speeds, likely due to the lack of port forwarding capabilities in the HMA apps. This probably won’t be an issue if you’re an occasional torrenter, but power users may need a VPN with more advanced options to reach top speeds and maximize their connections.
Privacy and Policies Score: 6.5/10
While there are some promising developments from privacy advocates in the UK, the extreme governmental push towards increased surveillance is concerning; it’s possible that HMA will be subject to some unsavory data retention and anti-encryption laws in the future. Combined with the company’s existing logging policies, which do include a portion of your IP address, and its history of cooperating with law enforcement, this precarious legal situation is likely to turn the more privacy-conscious away.
Indeed, we can’t recommend HMA to anyone whose online activities may not be 100% government-approved. This encompasses not just hackers and other cybercriminals (whose actions we do not condone) but also political activists and journalists who oppose government practices.
With that said, if the above criterion doesn’t apply to you, you may not take any issue with HMA’s logging policies. Unless you’re under investigation by authorities (or will be within 30 days of using the VPN), these policies aren’t likely to impact you.
HMA Service and Value
HMA offers three avenues for customer support: live chat, email support tickets and a community support forum.
The live chat isn’t 24/7 and its active hours aren’t stated on HMA’s website, but if you manage to get connected to a representative, you’ll be able to get prompt assistance with basic account issues and questions. If your issue is more involved, you may be referred to email support instead.
When you open an email support ticket, you’re able to include a detailed description of your problem plus attachments (screenshots, error logs, etc.) if desired. Responses generally arrive within a few hours.
Finally, you can post a thread on HMA’s community support forum and get advice from other users as well as HMA staff. It’s a good option for more open-ended or opinion-based questions, but more specific technical issues are better suited for the support ticket system.
Pricing and Payment
HMA offers one service tier: unlimited bandwidth and five simultaneous connections. No additional connections or other add-ons (such as static IP addresses) can be purchased.
One month of service costs $11.99, but this price drops to $6.99 if you purchase 12 months in advance (for a total one-time payment of $83.88). Purchasing 24 months in advance lowers the monthly price to $4.99 (for a total one-time payment of $119.76); at the time of writing, a special offer of 36 months for $2.99 a month (totaling $107.64) was available.
A free seven-day trial is offered, though you will need to provide your payment information in order to obtain it. When the trial expires, you’ll be charged $83.88 for the 12-month payment plan; you’re not able to select a different plan when signing up for the trial.
Payment can be made with Visa, MasterCard, American Express, Discover, JCB, PayPal or Skrill. No anonymous payment options, such as cryptocurrency or retailer gift cards, are offered.
All plans come with a 30-day money-back guarantee, but you’ll need to fill out a refund request form to obtain it. HMA’s refund policy also states that you will be ineligible for a refund if you exceed 10GB of bandwidth usage or 100 connections, even if you fall within the 30-day window, so browse carefully until you’re sure you want to stick with HMA.
Service and Value Score: 6.5/10
HMA’s prices are on the high side, at least for the shorter-term tiers. Competitors’ prices tend to be closer to $10 when paid month to month, with many options available for less than that as well.
Value increases substantially when you prepay for more than a year in advance, especially with the limited-time 36 month plan that HMA occasionally offers. At $2.99 a month, that plan beats out most other VPNs we’ve seen, so it’s a good option if you’re not afraid of commitment.
We like the free trial and 30-day refund period, but we’re not so fond of the caveats that come with each. It would be nice if the free trial defaulted to the month to month plan rather than the annual one (or better yet, if you were able to choose for yourself), and it would be even nicer if there weren’t bandwidth and connection caps on the refund period; 10GB isn’t a lot of bandwidth these days, and it’s not unlikely that many users exceed that within a week or two of usage, let alone 30 days.
The ability to pay anonymously is, in our opinion, an important part of a VPN, so it’s unfortunate that HMA doesn’t offer any anonymous payment options. Those who are concerned enough with privacy that they want to purchase a VPN may not want their financial institutions knowing about said purchase, nor may they want to disclose their credit card information in order to protect their privacy.
Final Score: 6.9/10
Hide My Ass had us charmed with its donkey illustrations and witty jokes, and we enjoyed the smooth yet functional stylings of its apps. Excellent speeds and interesting security features sweetened the deal – as far as user-friendliness goes, HMA deserves our praise.
Server options are the best we’ve seen, spanning the entire globe and encompassing many countries that no other VPN provider does, including those where internet freedom is most threatened. But we’d like to see more transparency regarding virtual servers, of which there are many, as well as ping times and load statistics in the server selection list.
The VPN itself is excellent, with particular appeal for casual users and those who are new to VPNs, but HMA’s policies leave something to be desired. From a legal standpoint, the company faces a lot of pressure from the UK government to keep tabs on its users (or at least keep a record of who they are), and it’s not necessarily something it can simply refuse to do.
However, the consequence of its jurisdiction is that those who want protection from authorities and government surveillance will be more comfortable with another provider. Given HMA’s partial IP address logging (and its history of providing said logs upon court order), it’s not the best choice for the privacy-obsessed.
But if you’re an average citizen who’s neither a surveillance target nor a cybercriminal and you simply want to mask your location, avoid web trackers and keep ISPs and network admins at bay, Hide My Ass may be just what you’re looking for.
We’ve got nothing to hide… at least not in terms of VPN knowledge! Check out one of these articles for your next read.
What is the Snooper’s Charter?
The UK is proving to be a major battleground in the war against online privacy, with proposed and passed laws banning everything from end-to-end encryption to pornography. The 2016 Investigatory Powers Act, also known as the Snooper’s Charter, is perhaps the most infamous of these laws, allowing authorities to hack devices, access backdoors and more – with barely any oversight.
Which VPNs Have the Most Diverse Servers?
Every VPN has North America and Europe well-covered, but what about Africa, South America, the South Pacific and the Middle East? Thankfully, these underrepresented regions aren’t overlooked by everyone; providers like Hide My Ass and ExpressVPN offer servers across all continents, ensuring uncensored internet access around the world.