HMA VPN Review

James Milin-Ashmore

James Milin-Ashmore Last updated: October 12, 2021

HMA VPN Review

HMA VPN

Availabile On:
windows apple iosx android chrome linux router apple-tv android-tv playstaion xbox

A VPN that offers extreme speeds and streaming support

Availabile On:
windows apple iosx android chrome linux router apple-tv android-tv playstaion xbox

A VPN that offers extreme speeds and streaming support

pros

  • Impressive server network coverage
  • Fantastic speeds with minimal speed loss
  • Unblocks multiple streaming platforms

cons

  • Limited payment options
  • Based in the UK (5 Eyes jurisdiction)
  • Limited security on Apple devices
visit HMA VPN

Disclaimer: Partnerships & affiliate links help us create better content. Learn how.

As the name implies, HideMyAss (HMA) is marketed as one of the best VPN providers if you’re hoping to obfuscate your connection. When it comes to speeds and streaming they make various promises, but how does it measure up in reality? Are they really “the biggest VPN network in the world” as they claim?

Here’s everything you could possibly need to know about this provider, with lots of information about its performance and features in our extensive HMA VPN review.

Overview

HideMyAss is an extremely popular VPN provider, perhaps due to an eye-catching name that helped them gain a solid foothold in the market during the early 2010s. They’ve since rebranded to HMA VPN and are currently owned by Avast.

They have made a number of grandiose claims in recent years, but as I found while testing, a lot of them hold water. For example, they do offer fantastic connection speeds and successfully grant users access to key streaming platforms worldwide. They’re now audited by an independent security firm, and HMA updated its no-logs policy in 2020. 

They’re held back by a couple of flaws which we’ll get into below, but it’s perfect if you’re looking for a VPN to compliment your online entertainment needs. Granted, despite some improvement in recent years, they’re still lacking when it comes to protecting their users’ privacy fully. Keep reading to learn more.

About HideMyAss

HideMyAss was created by a sixteen-year-old student from the UK in 2005. Jack Cator wanted to circumvent restrictions his school had on accessing games and music websites from their network and used open-source code to do so. Numbers quickly began to grow, and the service had 10 million users and 215,000 paying subscribers of its VPN service by 2014

A genuine success story, HMA was acquired by AVG Technologies for $40 million with a $20 million earn-out if certain milestones were met in 2015. HMA became part of Avast after its 2016 acquisition of AVG Technologies, which is where we are in terms of current ownership today. 

It’s been a wild ride, but is there any link to Cator’s original aim? HMA is still one of the better VPNs if you want to access blocked websites, but Avast has faced a number of recent controversies surrounding privacy and the collection of user information.

Put simply, their browser extensions were discovered to be collecting detailed user data, including browsing history and online behavior, while sending it to a remote server. They collected this information from 400 million users, repackaging it “into various different products that are then sold to many of the largest companies in the world.”

In full damage-limitation mode, Avast CEO Ondřej Vlček released a blog post in January 2020:

“I’d like to take this opportunity and address the situation regarding Avast’s sale of user data through its subsidiary, Jumpshot. Avast’s core mission is to keep people around the world safe and secure, and I realize the recent news about Jumpshot has hurt the feelings of many of you, and rightfully raised a number of questions – including the fundamental question of trust.”

Vlček went on to mention they had decided to “terminate the Jumpshot data collection and wind down Jumpshot’s operations, with immediate effect,” but in his own words, there are too many questions of trust raised to be able to recommend Avast’s products from a privacy standpoint.

Pros & Cons

We’ve vetted its pros and cons, giving you a quick overview of what to expect from the HMA VPN.

pros

HMA VPN knows its strengths and hones in on them. Below, we lay out the main pros worth noting:

  • Extensive server network including coverage in Asia and Africa
  • Excellent service for streaming, unblocking sites like Hulu and US Netflix
  • Fantastic speeds with minimal speed loss
  • 7-day free trial available
  • 30-day money-back guarantee
  • Clean user interface and apps that are easy to use and download
  • Extra features included such as a kill switch and split tunneling
  • Apps include automatic connection to the fastest server based on location
  • Google Chrome browser extension available
  • Offers router support and configuration manuals
  • P2P on select servers available
  • Good customer service
  • Free proxy service

cons

Despite excelling in performance, HMA has its own drawbacks to considering:

  • Based in the UK under the 5 Eyes jurisdiction
  • Limited payment options
  • Owned by Avast, who have had issues with privacy in the past
  • Disclosed “root IP addresses and email addresses” twice in 2020
  • Limited VPN protocol configuration options
  • Limited VPN protocol configuration options
  • Ad blocker only available on Google Chrome web browser extension

Features

With more of a focus on speeds and streaming, HMA isn’t laden with many additional features outside of making sure it all works quickly. They’ve obviously aimed to make it especially easy to use, including offering labeled P2P servers and the ability to connect to the fastest possible server with a few clicks.

Here are a few additional features you’ll find with the HMA VPN service.

Kill switch

A feature you’ll find with any competent provider, an automatic kill switch will disconnect your device from the internet if you lose connection to the VPN server unexpectedly. HMA ran for over 24 hours without dropping during testing, but it’s a nice feature to have nonetheless. 

IP Shuffle

In comparison to a traditional VPN connection, the IP Shuffle feature goes one step further by randomly changing the IP address during your VPN session. HMA claims that this “makes it harder for hackers, trackers, and attackers to pinpoint your location.” The feature is available on MacOS and Windows desktop devices and can be seen in the image below.

HideMyAss advanced features

If you’re overly suspicious, you can set a custom range, switching the IP address every few minutes. However, when the system switches from one IP to another, you’ll be disconnected from the VPN for a few seconds each time. As such, you’ll need to keep the kill switch on to hide your IP address. 

You’ll be connected within the same region, so IP Shuffle is a great addition if you want to keep it moving.  

Lightning Connect & Speed Test 

The Lightning Connect feature can be used to automatically select the fastest server based on your location. It’s better than doing so manually, and you’ll always be getting the best speeds possible. On that note, HMA also has a built-in speed test, if you’d like to choose from a range of the best available options. We’ve checked it out in detail below, which can be found in the Speed Stats section.

Ad Blocker, Auto Diguise & Tab Killer for Chrome

HMA’s Google Chrome web browser extension comes with a few features unique to itself. Included are a built-in ad blocker that stops ads from interrupting your online activity and an Auto Disguise button that automatically connects to a server when your extension is on. Additionally, HMA/Chrome users get Tab Killer, a feature that instantly hides opened tabs and replaces it with a pre-selected window when a user hits a keyboard shortcut. It’s one of the more robust VPN extensions we’ve seen.

Continually improving its service, HideMyAss also advertises several improvements and future features users can expect to see in the coming years. Some include a shorter login code for easier device setup, WireGuard support, and more advanced website security. We’ll update this review once those features are ready for testing and use.

Pricing

Pricing Score
10/10
  • Free Trial: 7 days
  • 12 Months: $4.99/mo.
  • 36 Months: $2.99/mo.
HMA pricing for 5 connections

As with many other VPN providers, HMA has split their service into a couple of separate plans, with the price varying depending on the amount of time and the number of connections you’re willing to commit to. 

Aside from its 7-day free trial, all of its subscriptions are longer terms including either a 12-month, 24-month, or 36-month contract. While many VPNs charge a lot for month-to-month service, it would be nice to see HMA at least add the option for users.

HMA offers very good discounts on its longest 3-year plan, although you will have to pay for the entire contract upfront. Additionally, HMA breaks up its plans into two different tiers: 5 connections and 10 connections. If you need 10 simultaneous connections rather than five, there are further savings to be made.

HMA payment methods

In terms of a refund, you can take advantage of HMA’s 30-day money-back guarantee, in which you get all your money back, no questions asked.

However, payment options are limited. HMA advertises multiple payment options on their homepage, but when I went to check out, I only found these methods below. Also, there are no anonymous payment methods such as cryptocurrency to check out with, so you’ll have to fork over a legitimate email address to try it out.

Overall, the price is right and the 7-day free trial is more than most premium VPNs offer for testing. However, the lack of payment options and no monthly plan lends a bit to be desired in the way of flexibility. Still, HMA is priced competitively, and its service should definitely be a contender for you is streaming or torrenting are top of mind.

Logging Policy

Logging Score
6/10

HMA has a simple logging policy which can be found on their website. It states:

“We collect only approximate connection and disconnection times, duration of visit, and bandwidth usage. This information is for diagnostic purposes and helps us prevent abuse.”

That’s more information than is necessary, and it’s slightly obtrusive when all things are considered. For example, they mention that they keep no records of timestamps of your connections, but they do record approximate data, which is essentially the same thing. 

HMA’s logging policy claims were backed by cyber-risk consulting firm VerSprite following an independent review in 2020. Their CEO, Tony UcedaVélez, is quoted on the HMA website where he discusses their work with the VPN:

“We worked to help validate the assurances made from the no-logging policy and helped them understand the nature of the risks identified so that they could improve the product’s overall privacy level.”

It’s definitely a step in the right direction, although I couldn’t find a report from the consultancy firm itself. 

Meanwhile, the LulzSec fiasco that happened a decade ago still hangs over the company. When an HMA user hacked Sony’s servers, he was thrown to the wolves. Here’s the HMA response from the time:

“It first came to our attention when leaked IRC chat logs were released, in these logs participants discussed various VPN services they use, and it became apparent that some members were using our service. No action was taken, after all there was no evidence to suggest wrongdoing and nothing to identify which accounts with us they were using. 

At a later date, it came as no surprise to have received a court order asking for information relating to an account associated with some or all of the above cases. As stated in our terms of service and privacy policy our service is not to be used for illegal activity, and as a legitimate company we will cooperate with law enforcement if we receive a court order (the equivalent of a subpoena in the US).”

The now-notorious post has been used as a stick to beat the company with ever since, and it’s a clear reason to give it a miss from a privacy standpoint. 

They hope the audit will work to change hearts and minds, and note that “as of April 2020, HMA is a fully No Log VPN provider.” It’s hardly the most trustworthy standpoint to begin with, and they’ll need to work hard if they want to regain any credibility in the online privacy sector. The audit is certainly a step in the right direction, but it’s not enough to make it a viable option as of now.

Speed Stats

Speed Score
10/10

HMA claims to be one of the fastest providers on the market. In fact, they boast of speeds of up to 20 Gbps, which is insane if true. For example, 1 Gbps will see you downloading data at a rate of 112.06 MB/second. At this speed, you can download a 500 MB video conference in roughly 4 seconds. (Now times that by 20.) 

HMA has a built-in speed test, which I decided to check for myself. Results are found below:

HideMyAss speed tests in multiple countries

According to the app, there were a number of high-speed servers to choose from in a host of European locations, so I should have seen similar speeds when compared to my normal connection. For parity, here are baseline stats while connected to WiFi on a busy Saturday morning without a VPN:

HMA VPN baseline speed test

Then, I connected to one of the optimal HMA London servers and ran the test again, expecting to see similar results in terms of pure numbers:

HMA VPN speed test in London

Download speeds of 183 Mbps are undeniably fast enough to get the job done, but a significant drop of over 100 Mbps wasn’t what I was expecting. (I ran the test again the next day, and it rose to roughly 240 Mbps, but there will be a strain at peak times.)

Next, I checked one of their US servers, which is optimized for streaming:

HMA VPN speed test in the U.S.

Both download and upload speeds were pretty impressive, and not especially far away from my baseline download speed of 300 Mbps. It’ll certainly be good enough to stream 4K content if you so wish. 

Despite a few mixed results, HMA scores highly in terms of pure speeds. Servers in regions such as Africa and the Middle East are useful and also lightning-fast. For example, here are the stats while connected to Egypt:

HMA VPN speed test in Egypt

However, all is not necessarily what it seems when it comes to the HMA server network. Keep reading to learn why.

Server Locations & Network

HMA appears to have one of the most comprehensive networks on the market, with over 1,100 servers found in 290+ locations across 210 countries. 

The majority of their servers are found in key locations such as Germany, the US, and the UK, but there’s a good mix of smaller countries and territories included. This includes the likes of Somalia and many others that are traditionally disregarded by VPN providers. 

In fact, no region is left untouched, and HMA deserves credit for ensuring that there are VPNs and servers found in some of the farthest regions of the world. Better still, we’ve noted that HMA really does have some of the fastest VPN servers, so you’ll be able to connect with no issues as long as you have semi-decent speeds to begin with. 

It’s worth mentioning that many of HMA’s servers are of the virtual variety. This means that the server is actually physically located outside the country they claim to be in, but it can still use that country’s IP address so it appears as though you’re connecting to the region in question. 

Virtual servers can be a problem for a range of security-related reasons, such as your information being sent to different jurisdictions than the ones you would expect to be processing your data. 

Restore Privacy looked into HMA’s use of virtual locations and concluded that “less than half of reportedly non-virtual locations are physically plausible”.

In other words, their network isn’t as impressive as it seems, although there’s no denying the speeds they can offer.

Streaming & Torrenting

Streaming & Torrenting Score
10/10

Streaming is a major plus for HMA. They have committed to ensuring that their service can be used to unblock numerous popular platforms, and they’ve made it easy to locate the best servers to get the job done. 

Selection of countries for streaming

The UK-based Donkey Town server unblocked BBC iPlayer with no issues, adding a Play button that couldn’t be found with their normal servers.

HideMyAss unblocks BBC iPlayer

The same goes for streaming sites, including Netflix and Hulu. If you do run into any issues while attempting to unblock a website, the IP Refresh feature should give you access with a click or two. HMA definitely scores highly here. 

Torrenting is difficult to gauge. On the one hand, HMA offers P2P servers, although they don’t take kindly to sharing illegal files, stating:

“Our VPN does support torrenting as this is a legitimate technology for sharing data over the internet. However, we do not support the use of torrenting to share copyright material illegally.”

You’ll have to test the service out on your own devices to see what works for you, but all in all, HMA proved to be good in both of these regards for me.

Censorship

Censorship Score
7/10

Censorship is a bit of a mixed bag. On the one hand, HMA pulled out of Russia in 2019 following an email from Roskomnadzor (the Federal Service for Supervision of Communications, Information Technology, and Mass Media). They were asked to block any websites that appeared on a Russian federal government blacklist and were one of 10 providers that were ordered to begin interfacing with the FGIS database immediately. 

HMA noted their position in a blog post:

“They’ve already approached the locations that host our servers and demanded access to them, and sooner or later they would start demanding we give them a backdoor to see exactly what goes through our service.”

Avast released a transparency report, last updated in May 2021. The table below shows all government requests seeking access to Avast customer data that they received in Q1 2021:

Avast Transparency Report on HMA

It’s reasonably bare, especially compared to the detailed breakdown found in their report produced in 2020. Last year’s report noted:

“We have had 76 requests from law enforcement agencies. The countries that requested data for criminal investigations were United Kingdom (13 requests), United States (16 requests), Spain (5 requests), Germany (9 requests), Belgium (1 request), Brazil (1 request), Czech Republic (11 requests), France (15 requests), Hungary (2 requests), Singapore (2 requests), Italy (1 request). From these requests, we disclosed data 1 time in the United Kingdom and 1 time in the United States. The data we disclosed in these instances were root IP addresses and email addresses.”

It’s not ideal, and they had a disclosure rate of 39% for HMA in 2017. In other words, of the 102 requests received, they gave up information 40 times. 

At the current time of writing, their VPN disclosure rate for 2021 is 0%.

Platforms & Devices

HMA provides a great range of devices and platforms users can protect with their service. Its full list of compatibility is below:

  • Windows
  • MacOS
  • Android
  • iOS
  • Chrome
  • Playstation
  • Xbox
  • Apple TV
  • Android TV
  • Linux 
  • Routers

While they allow for an unlimited number of installs, that comes with an important caveat. As they note:

“Installing HMA VPN isn’t quite the same thing as “using” HMA VPN. While it can be installed on any number of devices, you can only have it turned on in up to 5 devices at the same time, or 10 with our friends and family plan.”

Five simultaneous devices aren’t especially generous, and you’ll have to pay extra if you want to take advantage of their friends and family plan. A 12-month plan with five connections is advertised at $4.99 per month, and 10 is priced at $7.99 per month.

Encryption & Security

Encryption Score
8/10

HMA scores well in terms of encryption and security features. 

“On Windows and Android, we implement our encryption with the OpenVPN protocol in Galois Counter Mode (AES-256-GCM), with 4096-bit RSA keys for handshakes, authenticated with SHA256.” 

On Mac and iOS, they use IKEv2/IPsec.This means that Apple devices don’t use the popular OpenVPN protocol. There’s also no support for the up-and-coming WireGuard, although they do claim to be working on support for that in the near future. The experimental WireGuard protocol could offer improved performance and bandwidth when compared to the widely used IPsec and OpenVPN options.

More flexibility in terms of choosing different protocols would be great, but it’s unlikely to affect the average user who just wants to watch the latest shows. In any case, HMA is undeniably secure no matter which device you decide to use. 

When coupled with features such as the kill switch and the ability to change your IP address at selected intervals, it makes for a strong package.

Final Thoughts

Overall Score
8.6/10

On the surface, HMA has a lot going for it. The speeds are legendary, and its server network is second to none (despite the use of virtual versions to pad numbers). Then there’s the ease of use, coupled with the ability to unblock any streaming platform worth watching. It’s also highly affordable, despite issues relating to contract length. 

It’s when you start to dig a little deeper, that questions are raised in terms of what they plan to do with your data, as well as their willingness to adhere to information requests about their users.

It was their free antivirus software rather than a VPN, but HMA owner Avast was caught selling user data in January 2020, and it would be incredibly naive to give them the benefit of the doubt so soon after the fact.

HMA does score highly in terms of encryption and security features, and the recent audits are certainly a step in the right direction. Releasing a transparent report is the next logical step, and should help to repair any reputational damage suffered over the last few years. 

It hasn’t veered away from the original aim, which was to provide a way to unblock websites and bypass online restrictions. However, they are somewhat lacking from a privacy perspective, so a recommendation depends on what you plan to use the VPN for. 

It’s perfect for streaming, but HMA is probably not the best choice from a censorship perspective.