Interview with Andrei Mochola – HMA VPN Commercial Director

hma logo

Introduction to HideMyAss VPN

HMA VPN (HideMyAss) is one of the oldest VPNs on the market, founded in 2005 by Jack Cator in the UK. Following some serious growth in both size and popularity, HMA was acquired in 2015 by AVG Technologies, which then became part of Avast Software (a world-famous cybersecurity company from the Czech Republic) in 2016. After a few turbulent years, today HMA operates the largest proprietary VPN network on the planet —  over 1,000 servers in 190 countries, with users being able to browse from over 290 locations worldwide. Offering 256-bit AES encrypted servers, 20 Gbps speeds, and a strict and transparent no-logging policy, HMA is one of the best, most user-friendly VPNs out there.

HMA has offices in three countries and our multinational team of energetic and passionate people represents dozens of nationalities, cultures, and speakers of countless languages. And of course, there’s also their ass of a mascot, Jack. 

Introduction to the Commercial Director: Andrei Mochola

andrei mochola

Q: Let’s start with an informal introduction — is there any information you’d like to share that has nothing to do with HMA? Like your favorite movies, books, and hobbies; if you like BBQs, if you’re more of a boxers or briefs kind of guy. 

A: My name is Andrei, I’m in my late 40s, married, with a teenage son who’s almost as tall as I am. This year we got a dog, a German boxer named ‘Bossman’. So, that answers the part about briefs or boxers… I’m certainly a boxers’ guy. 

As for my favorite books, movies, and hobbies. My favorite writer is Vladimir Nabokov, specifically his novels Invitation to a Beheading, Pale Fire, or his Memoirs written in Russian and English. It’s a bit difficult to count my favorite movies.“Usual Suspects”, “Once Upon A Time in America”, “Goodfellas”, “Ronin” are among them. I love their atmosphere and I value true friendship. I  have a wall where I keep around 400 DVDs, if you can imagine it. Who knew when I started my collection that streaming would be right around the corner? And yes, I do enjoy Netflix and some other local streaming services. 

I would say the same about music. From classic rock and Dire Straits to The Sisters of Mercy, The The, Uncle & Deadushki. I know it all sounds strange, and the full list would be endless. No, I don’t have another wall full of MC cassettes and CDs. I mean, I used to, but now I’m streaming it all.

I like traveling and cooking, I collect coins and try to spend as much time as I can on genealogy. But why don’t we talk about HMA now?

Q: Sure, sure. How and when did you become a part of the HMA story?

A: I joined HMA in May of 2019 and virtually moved from Berlin to Prague. In the last fifteen years I’ve moved quite often — Dublin, Prague, Moscow, Berlin, and now back to Prague again. All of this is combined with a reasonable and sometimes unreasonable amount of business travel around the world. 

I liked the challenge initially. It was about bringing HMA back to where it should be from a brand and business perspective, and making it one of the top ten VPNs again. 

HideMyAss launched back in 2005…

Q: What were the main goals for HMA back when it first started? How would you compare them to the ones you have now?

A: From what we know for certain, the main goal was to empower internet users with a simple tool that helped them unblock content they were forbidden to access. It all started back in 2005, when Jack Cator decided to build a web proxy website as a way to get around his school’s firewall. He quickly discovered a huge number of people out there wanted exactly what he’d built, and this helped HMA become what it is now.

I think the market is different now. There are different rules of engagement, far more competitors, and thus more challenges. Right now there isn’t as much space for organic growth as there was before. Now you need to obey established rules regarding user acquisition set by a matured VPN market, and accept the cost associated with it. It is not enough to show off a donkey and think up a catchy slogan. People expect more than just that — they need to know what your service is capable of and to understand exactly how you’re protecting their privacy.

Our current goal is to reclaim our spot as one of the top five VPNs on the market, but once we do that, we’d like to evolve our VPN service into a more comprehensive privacy solution. New connection protocols, new features, and possibly new partnerships should help us achieve this goal in the mid-term.

Q: What are some of the biggest obstacles that HMA has faced since it launched and what are your biggest obstacles now?

A: I guess in the early stages, HMA’s biggest goal was just to promote growth. As you can imagine, the sudden popularity of HideMyAss! led to a point where quick investment decisions had to be made in order to secure the service’s reliability. These decisions were needed to scale the service and business. Another one, in my opinion, was the rapidly changing device landscape, with phones and other mobile devices becoming people’s primary devices of choice. A free web proxy or desktop client was not enough to stand out. A significant development was required in order to cover the needs of the new VPN users. 

After being acquired by AVG Technologies (2015) and then again almost immediately by Avast (2016), I’d say the biggest challenge was to continue growing, which was not really possible due to the many conflicting priorities in such a large organization. HMA was put on the backburner, if I’m being honest.

Things started to change in late 2018, then in 2019, but some challenges remained: market delays, prioritization challenges, brand awareness, the tremendously increasing costs of acquisition. The list is quite long. But each challenge creates an opportunity. We at HMA intend to use these opportunities to keep growing our user base, who will then turn into happy customers who recommend HMA around the globe.

Q: HideMyAss rolls off the tongue, but would you have chosen a different name, personally? 

A: Seriously? I have no idea. We should ask Jack Cator, the founder of HMA. I guess he wouldn’t change it. But again, I’m not good with names. I’ll opt out of this question.

Q: Returning our focus to HMA itself, what would you say sets it apart from the competition?

A: In a nutshell, we have more locations, better speeds, powerful encryption, and we don’t keep any meaningful logs. We offer the largest number of locations among all our competitors: 290 in over 190 countries. Our connection speeds were appreciated by many independent reviewers, but we’re working on going even faster. With the advent of 5G and fiber-optic cables, even 20 Gbps speeds might feel slow in the near future. We think there are more ways to solve the issue of speed than just increasing the number of servers and thus, reducing saturation in specific areas. Specifically, we want to improve the connection protocol itself.

Another thing we’re quite proud of is our server security. We own and operate our own servers, and control them fully. They’re also fully encrypted, which means nobody can access the data stored on them even if the hardware is seized or stolen. I think there is no need at this stage to explain what “no logs kept” means.  We are fully transparent about it, and in my humble opinion, we explain how it works in great detail. We are committed to keeping this trajectory moving forward.

HideMyAss Features

Q: HMA has released a lot of updates over the years, as I understand it — would you say you’ve been able to keep that high-speed momentum that helped define HMA in its earliest years, or have you slowed down development? 

A: It’s a little different than that. I would say that from the second half of 2019, we did speed up releases. V5, which was released in September 2019, was followed by Android TV support, then new browser extensions, and now our new no logging policy. But that said, the V5 release was HMA’s first major release in over two years. I’d say that our current intensity is less visible for our users because we are releasing a lot of smaller stuff quickly, rather than big stuff slowly. Increased velocity and time to market is extremely important for us, so smaller but faster works well. All that said —  and while I can’t share any details — I would expect another major release this year. Stay tuned!

Q: I’m gonna ignore what you just said and press for details: do you have any short or long-term plans for new features? Anything that’s been requested by your users? 

A: There’s a huge list of improvements requested by our users, so we couldn’t possibly cover everything here. But I will say this: we’re focusing on increasing our users’ privacy and improving our unblocking capabilities, which we hope to achieve with new connection protocols. Now, to reiterate, I can’t share any more details, so please wait a few months for official news.

Q: On a month-by-month basis, your three-year plan is your cheapest offering by far. Is it safe to assume that’s your best-selling plan?

A: That’s absolutely not true. To understand why, we need to come back to the customer and understand the customer’s needs. The three-year plan is actually only our third most popular plan, and is only really purchased by people who want a cheaper price per month and are ready for a longer commitment. The second most popular is our one-month plan, which is generally prefered by people who don’t want to commit and maybe aren’t willing to spend a larger lump sum at once. Our leader is clearly the annual plan, which is chosen overwhelmingly by people who enjoy a ‘traditional’ one-year commitment at a reasonable price. The least popular plans are our two-year and six-month offerings, which still have a few buyers here and there. All of these plans allow you to connect simultaneously on five devices. For those who want more, we offer Family and Friends plans, which allows 10 simultaneous connections with one, two, and three-year commitments.

Q: Online subscription services have been moving towards lifetime plans in recent years. What are your thoughts on that? Is HMA considering something similar?

A: Yes, we’ve seen this trend in ad-hoc campaigns being run by our competitors. It feels a bit like an attempt to save quarterly results with a cheap offering. The problem with lifetime plans is liability. After all, will the service I’m buying a “lifetime plan” for be around when I’m 80? Who will guarantee this lifetime subscription? I think this is nothing more than marketing fluff designed to catch more customers with unclear liabilities and guarantees. HMA is unlikely to offer something we aren’t sure we can deliver.

Q: Has the acquisition by Avast changed your development process in any way?

A: There are two sides to this. On one hand, becoming part of a larger cybersecurity company inevitably leads to a full review of our internal development processes, data protections, and security policies. From that angle, HMA has certainly become better and more secure. And this counts for everything we do — bottom-up and top-down.

On the other hand, we’ve become one of many brands in Avast’s portfolio, which means getting entangled in a complex prioritization process, longer delivery queues, conflicting projects, and more. Challenging but ultimately normal situations that occur in every large organization. The fact that we can undergo these changes at a rapid pace illustrates our ability to move forward in spite of our obstacles, as I mentioned previously. 

Q: 2020 has brought the world new challenges — specifically, the Covid-19 pandemic. How has that affected HMA? Have you sent your employees to work from home? Has it impacted your growth?

A: We reacted quickly and decisively to the pandemic, shutting down our offices worldwide and asking our employees to work from home, which was easy, since our work-from-home infrastructure was comprehensive and secure even before the pandemic hit. Our international team, which is spread across multiple cities and countries, saw no interruption due to the outbreak.  

From a growth perspective, we saw some spikes in consumer interest in VPN in April and May. We focused more attention on small business, home office companies, and startups by offering one month of service completely free and by reducing our monthly prices across all business plans (20% off). Our intention was to support the smaller businesses that were hit hard by the pandemic. 

Compliances & Security

Q: HMA recently implemented a no log policy. How was that achieved from a technical standpoint? Does the lack of logging make it harder for you to improve your service? 

A: Before we started the no logging process, we asked ourselves a few questions: what data do we really need to retain in order to provide a reliable VPN service? What data would we need to make sure we can expand, scale, and grow in the future? What data do we not need at all?

I think the best way of describing the technical implementation of the no-log policy is to point to our dedicated infographic. Even though it was not simple, we disconnected the user-sensitive parts of the service from the rest. On top of that, we made a few additional changes to ensure that we can still provide a reliable service without using the data we used in the past. We also significantly improved our data retention policies. Everything is pretty well explained in this blog post, which I encourage everyone to read. 

I don’t think the no logging policy will make it harder for us to improve our service. But we wouldn’t phrase the question like that in the first place. Our mission is to provide people with solutions that make their lives easier, while also keeping their privacy protected. And we can serve that mission by introducing more complex privacy features and new connection protocols, enhancing underlying technology and infrastructure, and — last but not least — making all of it intuitive, clever, and user-friendly. In this regard, our no-log policy was an inevitable step in defining HMA’s future and ambition to become a leader in the field of privacy protection. We’ve asserted that ambition by having our no log policy confirmed in an independent privacy assessment. 

Q: Back in 2018, you also became compliant with the GDPR. Did that trigger any major changes within HMA VPN? And what are your thoughts about it?

A: The GDPR was an important step in protecting people’s privacy, as well as guiding all questions surrounding personal data — from gathering data, to keeping it, or erasing it upon request. For us, it was an expected and welcomed change, so we gladly complied with GDPR rules. I think the biggest change we had to make was related to introducing additional internal policies, and introducing new ways to process our customers’ requests.

From a service perspective, our focus was to make sure our customers understood what data was being processed, how it was processed, and that they had the right to access their data at any time. I think we’re doing a great job in that department.

Let’s talk statistics, have some cool stuff to share with our readers?

A: I’m afraid that given the fact we’re a no-log VPN, we cannot share most of the statistical data you’ve asked for. There are also business-related sensitivities to consider… But, let me try to give you some numbers. 

If I’m not mistaken, HMA has over 170,000 monthly active users, which is to say, people who are using our service at least once a month. Given the fact that many people only occasionally turn on their VPN when they really need it, the number of HMA users is actually bigger, as we don’t count the people who are much more irregular with their use.

When we look at our geographical footprint, we can share that almost 50% of our users are coming from Europe, followed by the United States (35%), then APAC (10%). 

HMA generated 14.9 million dollars in revenue and $8.1 million in EBITDA in 2019, and has generated 5.2 million in cash from operations. Business customers represent only a tiny portion of our user base and revenue, but we have already taken several steps to grow this part of our business.

Our brand enjoys high retention rates, with 25% of our customers having used HMA for five+ years, roughly 50% for three+ years, and 63% for two+ years. This is more than just impressive: it’s one of the reasons why HMA is committed to delivering the best VPN service and best private data protection possible.

If we really want to look at some numbers and stats, then why not make use of these cool infographics we’ve created:

1. HMA’s No Logging Policy 

2. VPNs: How they work and why you need one

3. How to achieve real private browsing

Thank you for the awesome answers and insights into how HMA operates Andrei!

How did you find the interview? Let us know down below if you have any thoughts to share!

Dejan Miladinović

Dejan is a huge BBQ fan who also does some writing and pretty much everything else around here, in that order. Founding the website back in 2016, he makes every effort to bring you objective and top-notch insights.

Leave a Reply

Your email address will not be published. Required fields are marked *