When we reviewed the “HideMyAss” VPN over a year ago, we realized that this was a product with lots of potential but with very important privacy-related drawbacks. It didn’t score well on the areas of user data collection, privacy protection, jurisdiction policies, and also on reputation. Although it was performing well, it had an easy to use UI and many configuration options, we just couldn’t suggest using it. Today, HideMyAss has announced that they are addressing the privacy issues they had, declaring that they are no longer a data-logging VPN.
More specifically, HMA will no longer track user IP addresses, web browsing activity, and DNS queries. Their privacy policy has been updated accordingly, so users should feel less anxious about having their identities exposed when using HMA VPN. The company sees this move as a stride of development in their commitment to protecting their users’ privacy - and rightfully so. However, you should not assume that HideMyAs is no longer storing anything about you whatsoever - it’s just that they won’t collect data that can be used to identify you.
Things like the dates and times of connecting to an HMA server, the subnet of your IP address, or how much data comes and goes through your connection will still be collected. These could result in the revelation of your geographic region, but not your exact location. HMA says the reason why they still need to hold and analyze this data is to keep their service loads balanced and their speeds up to par. If things are left wholly unregulated, some servers will get overcrowded, and many users will eventually experience crawling network speeds. HMA reassures its customers that they only care about the data size, and they won’t peek at your browsing activities.
Now, there is one thing to keep in mind when it comes to trusting and accepting claims. No matter the history or the previous record of a VPN provider, only independent auditors can confirm that all elements of a given privacy policy are being respected by the practical procedures and the systems that are in place by a VPN provider. Unfortunately, HMA hasn’t mentioned anything regarding plans to contract an auditor in their announcement, so we wouldn’t hold our breath. We will surely revisit the product now and see if we can confirm or debunk anything from the client-side, so stay tuned.