The Truth Behind HolaVPN and Luminati

This article is a statement from me and Chris regarding the recent research released by Trend Micro on HolaVPN and Luminati. As we write about and rate proxy providers – it seemed to us that our thoughts on this matter might be of interest to our readers. Especially when we include the aforementioned Luminati in our list for dedicated proxies (as well as include it in our best residential proxy list). Please note that this article is clearly just our own personal opinion, but having worked with proxy providers for many years, it’s hard not to say anything regarding this issue. So, what happened?

HolaVPN and Luminati

In 2018, 18th of December, some light was shed on HolaVPN and Luminati by Trend Micro. You can read more here, but first, some history – as you may or may not have heard, in 2015, 8chan had a spam attack initiated by a popular spammer “Bui”. This resulted in the websites complete freeze for a couple of minutes. With the help of this spam attack, HolaVPN was exposed to selling its users as exit nodes with its sister company Luminati. Now, until Trend Micro’s research, this information was rather vague and floated around on the internet for a while. However, as Trend Micro claims “it is clear now that Luminati’s residential proxy network could attract unsavory users, threat actors that could abuse it for cybercriminal activity.” We won’t talk about HolaVPN, as it is not our expertise or our interest, however in their research, Trend Micro claimed a few things that grabbed our attention and raised some questions on Luminati, so we decided to go over and talk a little about the possible damage the 2company may pose to its customers. Lack of Encryption

Contradictions on Ad Fraud

One of the things that stood out to us was the topic on Ad fraud. Usually, proxy providers sell proxies to customers to help them detect Ad fraud and prevent it, but according to Trend Micro, most of Luminati’s traffic (86%) is going to “domains of companies that are either developing mobile apps, are in the mobile advertisement business, or in the business of affiliate tracking.” What does that mean? Well, “Mobile advertisement platforms are potentially vulnerable to fraud, especially for ad impressions (advertisements that are being shown to users, for example, in mobile applications). The exit nodes of Luminati actually belong to residential internet users,” explains Trend Micro. So how can advertisers see that the traffic is coming from HolaVPN’s exit nodes and is generated by bots? They can’t – it’s simply not possible. The motivation for fraud on mobile ads is extremely big, so the chances that Luminati network is being abused by ad fraudsters are large. However, we did have the chance to get a response from Luminati’s CEO, and he says that “Luminati is a key tool in the detection and prevention of ad fraud. Trend Micro mistakenly suggest that Luminati is instead open to fraudsters. If the authors had checked their facts, it would have become clear that Luminati has the highest compliance processes and standards in its industry to ensure that bad actors cannot use its residential IP Proxy network.”

Luminati Doesn’t Know Their Customer (KYC)… Or Do They?

You may be aware that luminati pride themselves of their KYC procedures. The first sentence you can see on their website is “Luminati is the only proxy network that requires consent from its Residential peers, has tight compliance procedures for its customers and serves Fortune 500 enterprises”. A very strong and confident claim. But is it legitimate? As we mentioned before, Trend Micro ruled out that the probability of ad fraud going through Luminati’s servers is very highly likely. This goes against any KYC procedure Luminati claims to implement, as they do not see or follow the malevolent actions of their customers. However, when we asked what they think about Trend Micro’s claim, they responded to us by saying: “Luminati keeps logs of its customers’ activity and happily cooperates with law enforcement if any foul play is suspected, so is a poor place for bad actors to hang out. Luminati is the enabler behind keeping the free market in e-commerce by providing transparent insight to market pricing – a key pillar of a free market.” If anything, this makes things worse, as if they do actually see what their customers are up to – they choose to turn a blind eye to all of it.

What Should a Proxy User Do?

We are not in a position to say what you should or shouldn’t do. Luminati has pretty good proxies, and do appear in our top lists. However, we would like to advise you to be careful who you choose as your business partner. I’m sure none of the companies listed as Luminati’s customers were happy to see themselves in Trend Micro’s research.