HideMyAss has been making incremental improvements for a long time, slowly climbing its way higher in our best VPN rankings. The current iteration of the client has a clean look and an impressive spread of features, but unfortunately the polished software thinly veils some concerning issues.
Throughout this HideMyAss review, we’ll talk about the issues with HMA’s huge server network, why it caused Windows Defender to spring into action and its variety of features. It has some high points, overall, but far too many low ones. If you’re looking for a VPN that does just about everything right, be sure to read our ExpressVPN review.
HideMyAss Video Review
Strengths & Weaknesses
- App kill switch & IP shuffle
- Free trial
- Easy-to-use apps
- Poor privacy
- No monthly plan
- Inconsistent speed
- Works with only some streaming sites
Alternatives for HideMyAss
- : PayPal, Credit card, PayNearMe, Bank/Wire Transfer
- : 5
- : PayPal, Credit card, Bitcoin, regional payment systems, WebMoney
- : 5
- : Credit card, Google Pay, AmazonPay, ACH Transfer, UnionPay, Crypto Currencies, PayPal (via Paddle)
- : 6
- : PayPal, Credit card, bitcoin
- : 7
- : PayPal, Credit card
- : 8
The way HideMyAss’ options are spread out across multiple menu tabs can make finding all the settings a bit challenging, but the VPN actually offers a variety of nice-to-have features. For starters, it covers the two things we always look for in every VPN: a kill switch and a way to set up some type of automatic connection for when you boot up your device.
HMA’s kill switch is as run of the mill as it gets, blocking traffic only when the VPN disconnects unexpectedly. This is in contrast to some other kill switches, such as AirVPN’s “network lock” feature, which blocks traffic even when you disconnect the VPN on purpose (something you can read more about in our AirVPN review).
The auto-connect options are similarly bog standard. For example, you aren’t able to choose where the VPN will make the connection. Instead, the VPN just chooses your most recently connected location. However, you can set it up to connect automatically only on public networks but not private ones, making this a great way to avoid the dangers of public WiFi.
Beyond these essential items, HideMyAss currently supports two extra features. The first is an app kill switch, which lets you define a list of programs that will trigger the HMA client to block traffic specifically to those apps if the VPN disconnects unexpectedly. Read our Astrill review for another example of this feature.
The second added goodie is something called IP shuffle. Every now and then, at an interval you can set, the VPN will change your IP address (Private Internet Access used to have a similar feature). This can improve security and privacy by making it much harder — practically impossible — for anyone to track your online activity.
However, the kill switch needs to be on for this feature to be effective. Otherwise, every time a shuffle happens there will be a window of vulnerability when your real IP address will be shown. We also want to point out that the HMA kill switch is set to “off” by default, and we urge anyone using it to change this setting as soon as possible for a more secure setup.
HideMyAss on iOS, Android and More
HideMyAss’ final noteworthy feature is that it supports your standard spread of devices, including iOS, Android, macOS, Windows and routers.
The noteworthy part about this is that HMA’s clean and simple mobile app seems to strike a chord with users, fetching an average rating in the Google Play store of 4.4 stars, compared to industry giants ExpressVPN and NordVPN having only 4.1 and 4.2 stars, respectively.
Overall, HMA offers a solid spread when it comes to features. The main thing that’s still losing HMA points in this section is the lack of split tunneling.
In short, split tunneling would allow users to choose on a per-application basis which programs use the VPN’s tunneled connection and which ones use a standard internet connection. You can read more about split tunneling in our ExpressVPN vs CyberGhost article.
HideMyAss Features Overview
|Payment methods||PayPal, Credit card, PayNearMe, Bank/Wire Transfer|
|Supports split tunneling|
|Free trial available|
|Worldwide server amount||1100+ servers in 190+ countries|
|Desktop OSes||Windows, MacOS, Linux, Apple TV, Android TV, Xbox, Playstation|
|Mobile OSes||Android, iOS|
|Browser extensions||Chrome, Firefox|
|Can be installed on routers|
|Can access Netflix US|
|Can access BBC iPlayer|
|Can access Hulu|
|Can access Amazon Prime Video|
|VPN protocols available||IPSec, OpenVPN, IKEv2|
|Enabled at device startup|
|Passed DNS leak test|
|Malware/ad blocker included|
HMA actually shows different plan options depending on your country. When we connected to the HMA website from the U.S., HideMyAss offered three plans, jumping straight to a yearly plan as the shortest available signup length, instead of starting with a monthly option.
HMA’s annual pricing matches NordVPN’s. If you read our NordVPN review, you’ll see that NordVPN also lets users sign up on a per-month basis, although it’s a bit steep to regularly pay for a VPN this way.
In fact, NordVPN and HideMyAss actually have the same pricing for the two-year period, as well. However, NordVPN actually comes in at about 50 cents less per month than HMA in the three-year time frame. Neither VPN is particularly cheap, though (read our Windscribe review if that’s what you’re after).
- : Unlimited GB
- : 5
- : Unlimited GB
- : 5
- : Unlimited GB
- : 5
Another nice thing to somewhat soften the blow of the $80 minimum you’ll have to pay is that there is a 30-day money-back guarantee. This gives you 30 days to get your money back, on top of the seven-day free trial you can sign up for to test out the VPN completely risk free.
When we looked at the website from a location in Europe, we found that HMA offered a monthly plan for 10.99 euros and that there was no trial. Although this is strange and frustrating, there’s really not much more we can make of this unusual business practice.
When it comes time to pay, your options are very limited. You can either pay through PayPal or a credit card.
The lack of more discreet payment methods — such as the widely popular bitcoin or even cash payments, as we saw in our Mullvad review — leaves more paper trail than many VPN users might like. Read our ProtonVPN review for a service that accepts nearly anything for payment.
The website is also lacking when it comes to actually showing the plans available. If you go to the “price plans” page, you are shown only a seven-day free trial, a one-year plan and a three-year plan, but not a two-year plan.
However, the bottom of the very long homepage shows all three plan lengths. Some site improvements with how the plans are displayed — as well as the addition of a monthly plan and more payment options — would greatly improve HMA’s weakest links.
Ease of Use
The blue and white color scheme is widely popular with VPN providers these days, and HideMyAss has a nice take on a clean and simple interface design (read our Surfshark review for another service with this look). Both the desktop client and mobile apps are visually pleasant and easy on the eyes, even in low light.
HMA’s “quick options” sit on the right side of the screen. From here, you can turn the kill switch and auto-connect options on or off, see how much bandwidth you’ve used since connecting, and a few other things that rotate in and out, such as a “please review us” bubble.
However, with the mention of the nice design out of the way, things start to go downhill. During our installation, we received a Windows Defender notification regarding HMA’s client telling us that running the program could put our computer at risk. This is an alarming notification to see when you’re not expecting it.
It seems like the HideMyAss setup executable file is missing some of the information that lets Windows know what company made the software. Because that information seems to be missing from the files — or at least our computer could not find it — Windows treats the executable as an unrecognizable app and will refuse to launch it without user action.
If you encounter this pop-up, you have to select “more info” and then tell Windows to run the software, even though Windows thinks there is a potential risk. On top of the unpleasant Windows notification, the HMA settings tabs are not laid out as well as they could be, as we briefly mentioned in the “features” section.
Having such a limited number of checkboxes and dropdowns spread across four tabs makes for too much switching from page to page while tinkering with the configuration (read our TorGuard review for a VPN with the opposite problem).
Condensing everything into two tabs — we would argue for just “general” and “connection” — would make messing with the settings a lot smoother and easier.
As always, we ran our first speed test in the U.S., then the UK, and we saw very good speeds. However, almost every VPN service still kicking in 2020 has good performance in these locations (just see our fastest VPN guide).
One of HideMyAss’s biggest claims to fame is its expansive network of servers, so in our next three locations we wanted to really put HMA’s global reach to the test.
|British Virgin Islands|
First, we went to Japan and saw very poor performance on paper, which is actually surprising because Japan isn’t that far off the beaten path of the greater internet. That said, despite the number we got on paper, we were still able to stream in 1080p on the server in Japan. It just took about 20 seconds to work up from 360p, where it loaded in.
Next, we headed to the British Virgin Islands, which is a favorite spot for many VPN services thanks to the country’s excellent privacy laws. Here we saw good speeds, especially the download speed.
While testing this location, we unknowingly left some updates running in the background while still connected, and we were downloading at a respectable 20 MBps. This actually converts to 160 Mbps, which is even higher than the results we were seeing on paper.
Finally, to really push the envelope of HMA’s massive server network, we connected to the beautiful island country of Cape Verde off the west coast of Senegal, Africa.
Curiously enough, we saw better speeds here than we did in Japan, and likewise saw a boost in performance to match. Videos would load in at 360p, just like in Japan, but would zoom up the scale to 1080p in only a couple of seconds.
Although we’ve certainly seen worse, HideMyAss falls into the category of usable when it comes to speed, rather than fast or responsive.
Assessing the security of a VPN starts with looking at what protocol and encryption it uses. HideMyAss goes with the industry standard setup here, using OpenVPN for the protocol and pairing it with AES-256 encryption.
You can read more about the specifics of what all of this means in our description of encryption and VPN protocol breakdown articles, but to summarize, OpenVPN and AES-256 offer excellent security while also giving decent speed.
As we mentioned, the kill switch and app kill switch can further help improve security, but the kill switch is actually off by default. This could create a problem if you were to use the IP shuffle without first turning on this feature.
That’s because during the shuffle, your real IP address would be momentarily exposed.
The main security concern with HideMyAss actually stems from one of its strengths: its massive network of VPN servers. With so many servers, HideMyAss ended up making some compromises. This means some of the servers are not “bare metal” — meaning physical hardware in the location you’re connecting to — but are instead virtual servers.
These virtual servers are in a location potentially far away from the place you’re actually trying to connect to and simply assign you an IP address that makes you superficially appear to be in a different location.
Although this has performance benefits because the server could be closer to you than the actual location you’re connecting to, there are major drawbacks, as well. For one thing, websites can see through this trick much more easily than if a physical server was in use, so access to geoblocked content can be limited on a network that operates this way.
Virtual Server Issues
The real danger, though, is that virtual servers often can’t be held to the same stringent standards of security that many bare-metal servers are. It’s often unclear how or, in some cases, even who is operating a virtual server. This means your signal could be passing through questionable hardware (read our VPN vs proxy vs Tor guide for more on that).
We saw some strange behaviors during our DNS and IP testing that attest to the unreliability of virtual servers. Often we would be connecting to a server in one location while our IP addresses and DNS requests were going through an entirely different location. For example, from what we can gather, it would seem that the British Virgin Islands server might actually be in the UK.
If you’re looking for a VPN with reliably secure servers, we suggest that you check out our ExpressVPN vs VyprVPN article. ExpressVPN offers solid but basic security — like HideMyAss but with better server and DNS configuration — while VyprVPN gives users tons of protocols and encryptions to choose from (read our VyprVPN review).
The policy states in clear language that anyone using the free HMA proxy unblocker will have their originating IP address and domain names logged, so definitely avoid the free proxy at all costs.
As for the actual VPN, things aren’t as bad. It does not log your IP, DNS queries or browsing history. The HideMyAss VPN collects benign information, for the most part, including things like connection time and the amount of data transmitted. However, we’ve found VPNs lying in their privacy policies before, as you can see in our IPVanish review.
Two major things lose HMA points in this round, the biggest of which is that it’s owned by Avast. Not too long ago, news broke that Avast was collecting and selling user data on a very large scale through its subsidiary Jumpshot.
This data did not include personal information, but it was detailed enough that there is a possibility it could be deanonymized and the information itself could be enough to reveal your identity.
Add the fact that there is no anonymous payment method, such as crypto, and you now have a company with a poor track record providing you a VPN that has your name for payment purposes and email for account maintenance. It’s a less-than-ideal spot to be in. Be sure to check out our NordVPN vs Mullvad article to see how a VPN can offer excellent privacy.
HMA’s server network offers streaming servers in a handful of locations, including New York, Florida, the UK and Germany. However, we saw the exact same results regardless of whether we were using the normal servers or streaming server.
Netflix worked perfectly on the normal servers as well as the New York streaming server, but HMA still didn’t earn a spot in our best VPN for Netflix guide. Additionally, Amazon Prime Video and Hulu were blocked.
BBC iPlayer worked when we connected to the UK normally, but it seems like the software might have been defaulting to the streaming server even when we connected to the UK from the standard server list.
Either way, we were able to get BBC iPlayer working, whether we connected through the normal server list or the dedicated streaming server list. As we saw with Netflix, not only did the site work, but it felt very responsive and the videos loaded quickly.
With that said, however, all the responsiveness and speed is largely squandered when the VPN can connect to only half of the streaming sites we tried. We suggest taking a look at our best VPN for Hulu or best VPN for Amazon Prime Video article if streaming is your main priority in a VPN.
HideMyAss has the largest selection of server locations we’ve seen to date, with more than 290 locations available in more than 190 countries. As we’ve already mentioned, though, many of these servers are not actually in the location they claim to be. Instead, many of HMA’s locations are made up of virtual servers.
HMA does have what sounds like an impressive number of total servers, coming in at around 1,000 servers with 50,000 total IP addresses to offer between them. However, this is only about a fourth the number of servers that NordVPN has, despite having those servers in fewer locations.
This means that the HMA network is spread thin. Because of this, spikes in traffic on the network could very easily lead to noticeable slowdowns.
The HMA customer support can be hit or miss. The page for how to contact the live chat support literally says, “A live chat agent will be with you as they’re free. If an agent is unavailable at that time, just try again a little bit later.”
This means you may or may not get a response, and we were not able to find regular hours for the live chat posted on the site. This makes the knowledgebase and forum better bets if you need an answer on short notice. Although the forum isn’t super active, it still has answers to many of the most common questions you’ll likely encounter.
Likewise, the knowledgebase acts as a fairly simple FAQ that covers the basics of using the VPN client on each of the supported platforms. If the live chat never responds and you can’t find the answer to your question in either the forum or knowledgebase, then you can still send an email to support and simply wait for a reply.
That said, there’s still the free trial for those who are interested in trying HMA out for themselves. If you do, be sure to let us know what you think in the comments below. As always, thanks for reading.
- The HMA VPN is about on par with the rest of the industry when it comes to security. It uses the OpenVPN protocol paired with AES-256 encryption, which offers stout security and good performance. It also has a kill switch and an application kill switch to improve security even further.
- The HideMyAss VPN works on the same principles as any VPN. Your internet connection is encrypted and then transmitted to a server in another location before being directed to your intended destination. This helps secure your connection and makes you appear as though you are in another place.