HMA VPN (formerly HideMyAss) is a VPN provider based in the UK with a long and interesting history. While it remains a relatively popular VPN today with a large user base, it did not do very well in testing for this review.

Today, HMA is owned by the cybersecurity company Avast and still has a relatively large user base. Actual testing of the VPN servers and VPN apps revealed mixed results, which prevent us from recommending this VPN.

Here is an overview of all findings for this HMA VPN review:


Pros of HideMyAss
User-friendly apps with strong encryption
Large server network
Live chat support
Now a “no-log VPN”
Cons of HideMyAss
No monthly subscription plans
Does not work well for streaming
Troubling history of data sharing
UK jurisdiction (bad for privacy)
Buggy kill switch (with IP leaks)

HMA uses the industry-standard AES 256-bit encryption, which is implemented through OpenVPN on Windows and Android devices and via IPSec/IKEv2 on Mac OS and iOS:

HMA uses only the highest encryption standard: 256-bit AES. On Windows and Android, we implement it with the OpenVPN protocol in Galois Counter Mode (AES-256-GCM), with 4096-bit RSA keys for handshakes, authenticated with SHA256. On Mac and iOS, we implement it with IKEv2/IPsec, built atop Apple’s own stack, to ensure the best compatibility.

While IPSec/IKEv2 is indeed a secure VPN protocol, the industry standard is OpenVPN. As such, it would be good to see the OpenVPN protocol supported on Mac OS as well. With iOS, the operating system is somewhat restricted to IKEv2. Another emerging VPN protocol is WireGuard, which promises faster speeds and upgraded security. HMA does not support WireGuard at this time. mm

If you are a Mac OS user and you want to utilize the OpenVPN protocol (recommended) then check out my guide on the best VPN for Mac OS to see other alternatives. 

Large server network

Hide My Ass claims to have “the biggest VPN network” with “1000+ VPN servers in 290+ locations covering 190+ countries.” If you look at their server map and location list, you find some very strange places. For example, HMA claims to have servers in North Korea:

I can tell you with 100% certainty that HMA does not have physical servers in North Korea. Instead, they are using virtual server locations, and we’ll explain this more below.

Putting the virtual server issue aside, HMA still has a pretty big server network. This may be beneficial for some users who want or need IP addresses in remote locations – such as North Korea…

There are also some other VPNs with large server networks around the world, particularly NordVPN and IPVanish.

Now a “no-log VPN”

Earlier this year, HMA VPN officially transitioned to being a no logs VPN service. Before this change, HideMyAss was infamous for logging user data and providing it to authorities, which we’ll cover below in the cons section.

Here was the previous logging policy of HMA VPN:

Yes, HMA keeps connection logs, that means time of connect, disconnect, duration and bandwidth usage. This is done to prevent abuse and for diagnostic purposes.

They were also logging IP addresses, which was disclosed in the Privacy Policy.

Today, however, HMA claims to be a no logs VPN service. It also underwent an audit by Versprite to verify the no-logs claims