To play devil's advocate: isn't this kind of a good thing for privacy though? If everyone routed everyone else's stuff, it will decouple the notion that IP = person.
Although the service seems shady, if everyone did this wouldn't it be for the better? (albeit at cost of slower connections)
Sure, except for the poor soul that was looking for some anonymity, and now has the FBI knocking on her door with a mandate, because a shady service that didn't disclose what it was doing to your connection.
Decoupling IP from people won't happen anytime soon. It's better for law enforcement to just go, seize everything, and deal with the false positives later.
See the long list of "suggestions" for people interested in running their own tor exit node [1]. This is not something you should even think about doing from your personal home, mixed with your own traffic. It's asking for trouble.
You can already decouple the notion that IP = person if you look at public wifi hotspots, where one IP address will typically correspond to hundreds or even thousands of devices owned by the customers of the hotspot's owner (like a Starbucks or McDonald's location) plus (depending on the setup and whether or not the hotspot is on a separate WAN connection) the company's own machines.
This, come to think of it, sounds like a more ideal approach to creating exit nodes (whether for Tor, a more traditional VPN, etc.). Some low-profile innocuous-looking wall wart - perhaps with USB ports to double as a USB charging station, or some other "clever" disguise - could really be an "exit-node-in-a-box", relaying Tor users through public wifi hotspots in restaurants, hospitals, etc. I reckon this will be more prevalent if any jurisdictions start doing silly things like holding people liable for what their computers emit when they run exit nodes (or - worse - ban Tor, VPNs, etc. outright).
It provides plausible deniability. It wasn't me, it was Hola.
The issue is there's no informed consent. Outside of /r/netsec, /r/techsupport and HN etc, there probably aren't people who know how Hola works and what the implications are.
You can bet the majority of Hola users don't know what a MITM attack is. I'd wager more than half wouldn't know what a bot net is, or what an exit node is.
I'm not sure that plausible deniability has much value if, say, a user's ISP has a policy of suspending accounts that attract too many complaints about copyright, hacking, spam, etc. The account itself is a nuisance to them, regardless of whose fault it is.
You're right, it would be good for privacy if we can convince the courts that users installing the software are not responsible for the traffic of other users. I'm afraid this argument will fall on deaf ears.
Although the service seems shady, if everyone did this wouldn't it be for the better? (albeit at cost of slower connections)