Private Internet Access Review
Thanks to a rock-solid reputation for caring about its users’ privacy (backed up by great technology), Private Internet Access (PIA for short) is one of the most respected names in the VPN industry. Boasting top-notch encryption, and consistently performing well in speed tests, PIA’s Windows and Android software is among the most comprehensive and fully featured available from any provider (although unfortunately Apple users seem less happy on this front).
The keystone to PIA’s reputation is its commitment to keeping no logs whatever, something very few US companies are willing to promise, thanks to pressure from copyright enforcement bodies. It is also cheap.
However, Edward Snowdon’s revelations about the sheer scale and comprehensiveness of the NSA’s efforts to co-opt or otherwise undermine the security of US tech companies, makes it difficult to believe that such a prominent player in the “privacy market” has gone unnoticed and untouched by government security services. The fact that PIA insists it has never been tampered with by the NSA is frankly difficult to credit, and for the more paranoid out there, may cast a shadow on its other privacy claims.
Private Internet Access is one of the more aggressively priced VPN providers on the market, with subscription costs as low as $3.33 per month if the yearly package is purchased, and any subscription providing access to PIA’s full range of features. Those wishing to pay as anonymously as possible will be glad for the options to pay via Bitcoin or gift card. Although one of the cheapest providers on the market, PIA offers a staggering array of features:
- PPTP, L2TP/IPSec, OpenVPN VPN protocols – this is standard for most providers. PPTP is very insecure but is easy to setup and runs on just about any device, L2TP/IPSec is also easy to setup and is much more secure, but is not as secure as OpenVPN, which is generally recommended where possible
- 5 simultaneous devices – in an industry where many providers limit users to just one simultaneous connection, this is a very generous which is perfect for connecting a PC, smartphone, tablet, pluscouple of family members’ devices to the service at the same time
- SOCKS5 proxy – great for users who don’t want their whole internet connection proxied, or for a second layer of protection when downloading via BitTorrent
- Support for DD-WRT, Tomato and pfSense routers
- Servers in 10 countries – although other companies have more servers in many more countries, PIA’s servers are located in places that are useful to most people (with multiple servers in the US, Canada and the UK)
- Allows P2P
PIA’s boldest claim is that “we do not monitor any traffic, period.” This is a fantastic mission statement, and is one of the main reasons for PIA’s popularity among the more security minded VPN community. After all, if a company keeps no logs then it has nothing to hand over to government agencies or copyright enforcement bodies, even when legally required to do so! As with all VPN providers, there is of course a strong element of trust here, but no action by PIA has ever shown it to have anything other than the utmost integrity.
PIA can do this because unlike most European countries, the USA has no mandatory data retention laws. It does however have an extremely hostile climate for copyright infringement, and most US based VPN providers have bowed down to industry pressure to keep usage logs and ban P2P downloading. PIA is therefore to be highly commended for resisting such pressures.
However… Private Internet Access is a US company. As we now know from Edward Snowden, the NSA (and probably also the FBI and other government organisations) have for years been on a mission toundermine the security of all major US technology firms by either stealth, cooperation, or force. In August, 2013, the owner of secure email provider Lavabit LLC, was forced to shut down his company rather than hand over customers’ encryption keys to the US government in a highly principled (andpersonally hazardous) move that few other companies can be realistically expected to make.
In such an atmosphere of blanket government surveillance (backed up by powerful legislation such as FISA and the Patriot Act), it beggars belief that a high profile US “privacy and security” company such as PIA has been left untouched by the NSA (and tin-hatters could view PIA’s continued denial of this apparent fact as damaging to their overall integrity.)
We should stress, though, that this is conjecture, and it is almost certain that for users not concerned about the NSA, PIA has their back and does its utmost to maintain customers’ privacy.
PIA accepts payment in both Bitcoin and gift cards (all US gift cards accepted). Bitcoin is not inherently anonymous, but can be made so (at least to a high degree) through methods such as person-to-person trading and Bitcoin mixing, while payment using store gift cards purchased using cash is very anonymous.
This shows a fantastic dedication to preserving users’ privacy, although it should be remembered that even if a VPN company has no personal records of a user, they can still connect internet activity to a users’ IP address if it wishes / is forced to do so. However, the fact that PIA uses shared IPs (see below), does make this process very difficult.
Other than payment details (if not paying anonymously via Bitcoin or gift cards), PIA does not ask for any personal information from users, except an email address (which can be a disposable account). A potentially serious problem, however, is that account details are sent in cleartext via email, although this is ameliorated somewhat by the fact that PIA does not keep records of which account details belong to a given email address. As a side result of this, PIA therefore cannot restore an account if the details are lost.
As far as privacy is concerned, then, other than concerns about NSA surveillance, PIA scores well.
Until last year, technical security was not PIA’s strong point, but the NSA revelations have caused it to seriously up its game, and the Private Internet Access custom software now offers some of the best and most comprehensive encryption options available:
- Up to AES-256 OpenVPN encryption
- Up to SHA256 data authentication (Ephemeral Elliptic Curve (EEC) options also available)
- Up to RSA-4096 handshake encryption
The only fly in the ointment is that users who prefer the open source OpenVPN client are limited to 128-bit Blowfish-CBC encryption.
Like most good providers, PIA uses shared IPs by default. This means that many users share the same IP address, making it extremely difficult for even PIA to match any internet activity with an individual user. If absolutely forced to take action in order to comply with DMCA type demands, PIA told TorrentFreak that “we block IPs/ports as needed to mitigate abuse when we receive a valid abuse notification.”
The Private Internet Access website provides clear instructions (albeit without screenshots) for setting up the various VPN protocols on a wide range of systems (including Ubuntu and RoboLinux) and devices (including routers). It also supplies its own custom clients for Windows, Mac OSX and Android–which add loads of funky features to the experience.
The Windows Client (OpenVPN)
One complaint often levelled against PIA is that its software is rather complex, although this (admittedly tech-savvy) author struggles to see this…
The Basic settings are very simple, but get the job done
The Advanced settings look a bit more daunting, but offer some very useful features
- Port forwarding – great for evading firewalls. It is also possible to connect over TCP port 443, which is the same port used by HTTPS. This makes it easy to hide the fact that a VPN is being used, and makes the OpenVPN traffic very difficult to block without breaking the internet
- VPN kill switch – this disables a PC’s internet connection when a VPN connection drops, which is a life-saver for P2Pers as it prevents downloads continuing without VPN protection when they are away from their computers. One clumsy aspect of PIA’s implementation here (which is not explained in its documentation) is that to restore internet access, users must right-click on their internet connection in the notification bar, select ‘Troubleshoot problems’, and follow the instructions provided by Windows
- DNS Leak Protection – a VPN provider should resolve DNS requests when connected, but sometimes computers revert to their default settings which can reveal a user’s true IP address (seehere for more details). DNS leak protection prevents this
- IPv6 Leak Protection – PIA does not support IPv6 resolution (few VPN providers do), so this option disables a IPv6 on a computer to prevent DNS requests being resolved outside the VPN
The client also allows users to choose which kinds of encryption they would like to use (recommended settings for different use cases are available).
While the client offers a possibly confusing (if very useful) array of options, Basic users do not need to bother themselves with any of them. More Advanced users, however, can easily take advantage of one of the most fully featured VPN clients offered by any provider.
There is a good selection of servers to choose from
The Android App (OpenVPN)
PIA’s Android app is as far as we know, unique in bringing almost all the functionality of its very fully featured desktop client to the mobile platform (except DNS and IPv6 leak protection). As such, it arguably the best Android VPN app on the market.
A Note to Apple Users
The PIA desktop app is also available for Mac OSX, and as far as this author knows, offers the same feature-set (unfortunately I do not have a Mac to test this on). However, judging from comments made on the internet, Mac users are not as enamored of the software as Windows users are, finding it clunky to use and buggy.
There is also no iOS app, although this is almost certainly Apple’s fault, as no VPN provider provides a custom iOS app for OpenVPN (some custom L2TP and PPTP iOS apps exist). PIA recommends users configure iOS’s built-in VPN client for L2TP, although the standard OpenVPN configuration files should work just fine when using the generic open source OpenVPN Connect app (sadly PIA provides no instructions for this).
In short, PIA offers some of the best Windows and Android software available, but users of Apple’s products are not well served.
Support is available via live chat, or a ticketed email system, and there is also a good FAQ and support library. In our experience, the support staff responds quickly and seems fairly knowledgeable, but we have seen others less satisfied with the service, so your mileage may vary.
We checked speed performance using the HTML5-based Testmy.net tests using its Amsterdam, NL, server (the closest to our 20MB/s UK connection connected to a UK PIA server).
We also tested for DNS leaks by connecting to a Netherlands server, and then visiting DNS Leak test.com:
Without DNS leak protection. Whoops… that is not good!
Just as well DNS leak protection works then!
We are not clear why our PC is leaking our IP address so badly (it is probably the fault of the PC), but PIA’s DNS Leak Protection appears to work well.
Private Internet Access offers one of the most fully featured VPN services on the internet at rock-bottom prices. It claims to keep no logs, uses great encryption, and offers fantastic Windows and Android apps that put most other providers to shame. Apple users are less well served (and we hear more complaints from them), but overall PIA’s service seems almost too good to be true…
Which brings us the elephant in the room when discussing any US based privacy service… the NSA and ubiquitous government surveillance. For those wanting protection when P2P downloading or for general privacy reasons, PIA offers a fantastic service. The Edward Snowdens and tin hatters of this world, though, should probably seek out a service based in a more privacy friendly country instead…