Private Internet Access VPN (PIA)
A low priced option that's ideal for providing anonymity to BitTorrent users and for accessing geo-restricted services like Netflix and HBO. It's not super-fast but fast enough for most purposes.
PIA VPN is an American company that has a zero logging policy. It also allows anonymous payment to ensure a VPN service that promises users a high degree of security and anonymity. It largely delivers on this promise though some users may have concerns remain about the ultimate data privacy and security of any USA-based company. BitTorrent and P2P are fully supported. PIA’s network of VPN portals in 77 countries is somewhat smaller than many of its main competitors and this may explain why measured download speeds while adequate, were not as fast as some of the other VPNs we tested.
The company behind PIA
Private Internet Access VPN is the the main product of Private Internet Access Inc, a wholly owned subsidiary of London Trust Media (LTM), a US corporation based in Los Angeles. PIA has been operating since 2009.
The LTM website states the company mission “We are bringing the internet back to its original state. In the old days, being online meant being in your own private world, where you could explore, learn and create… We invest in, mentor and support individuals, companies and groups who stand with us in solidarity.”
Some may feel concerned that PIA is located within the USA and is thus under the jurisdiction of the American Legal system. PIA claim that they specifically chose to be based in the USA as there is no mandatory data retention. They also claim to not log anything and could therefore not provide the US Government or other agency with any information should they be forced by law to do so.
What is their offering?
Like most other VPN providers, PIA offers a choice of plans of different duration.
The monthly plan is $9.95, a full year $39.95, and a two-year plan $69.95, a pricing structure that encourages users to sign up for the annual account.
All plans offer the same features which include simultaneous use on up to 10 devices, support for multiple VPN protocols including OpenVPN, L2TP/IPSec and PPTP, access to all their servers worldwide and unlimited bandwidth. All plans also include a SOCKS5 proxy which may provide additional safeguards to the privacy of BitTorrent users.
A 30-day money-back guarantee is offered which is similarly offered by a number of other VPN services and more than adequate for evaluation purposes.
Clients are available for Windows XP or newer, OS X 10.7 or newer, iOS or newer and Android or newer. There is also an installation script for Ubuntu Linux and an excellent set of online guides containing manual installation instructions for a wide variety of other platforms and devices.
The website says the PIA network covers 77 countries with multiple gateways. Not sure what they exactly mean by “gateways” but when I checked the server list in the PIA client I can see 18 countries with 9 servers in the USA, and two in the UK, Canada and Australia. Everywhere else there is one server per country. This is somewhat smaller than some of the other VPN networks though server coverage in the USA is excellent.
How well does this VPN protect your privacy and security?
PIA claim they don’t log anything. If true (and we have no way of verifying this) it is to be applauded.
VPN connections may not be logged but PIA necessarily must log some information in order to create user accounts and allow for client login to the website. They also ask for names and email addresses during online chat sessions and it is possible that this is recorded as well.
This is not an insurmountable problem as you can create an account with PIA using a name of your choice with a secure email address or disposable email address. You can protect your real IP while registering by using a proxy server or another VPN. You can also pay anonymously using BitCoin, pre-paid gift cards and other means.
Logging information for account creation is not a problem unique to PIA, all VPN providers face the same issue. For users who require maximum anonymity, the ability to create an account anonymously is highly desirable, perhaps essential. Fortunately PIA allows this while some other VPN providers do not.
PIA use their own DNS servers and connection to the DNS is automatic when using the Windows, Mac and Android clients, while iOS must be configured manually. Dedicated DNS servers are a desirable feature as it not only overcomes DNS based blocking of websites as is common in China and some other countries but also provides a safeguard against DNS vulnerabilities that can potentially result in a loss of anonymity for VPN users. PIA claims a zero logging policy so presumably their DNS servers are not logged as well.
PIA offers an optional SOCKS5 proxy service with all accounts. The use of a SOCKS5 proxy is a technique favored by users of BitTorrent to disguise their use of BitTorrent to their ISP and others. Unfortunately SOCKS5 is unencrypted while a VPN is, so there seems to be little advantage in anonymity by using it from within a VPN. Indeed I would suspect that it would just slow things down.
Finally PIA optionally offers 256 bit encryption over the default OpenVPN protocol. Many experts regard this as the most secure choice for VPN users.
Overall PIA rates highly for privacy and security but we have two small concerns: First, nobody has independently verified that PIAs claimed policy of zero logging is actually implemented. Second, some users may hold additional concerns based on the fact the PIA is an American company based in America and thus subject to court orders from the American judicial system.
These two concerns are interrelated. If there is no logging there is nothing to provide to a court or Government agency. Unless that is, the court mandates future logging and the disclosure of that information to the court. In that case one would hope PIA would make a public announcement as other companies have done when faced with this situation.
Again this is not a problem unique to PIA. All VPN providers have servers physically based in the USA regardless where the company is incorporated and located and those servers are subject to the American judicial system. However the ability of the US courts to enforce action against a foreign company must necessarily be slower and more difficult than with a US based company.
Like all areas of computer security there is no such thing as perfect protection. Users need to choose how much protection is sufficient for their individual needs.
Is the product easy to install and use?
We installed PIA on a Windows 7 PC, a MacBook Air running Mac OS X Yosemite and an iPad Air running iOS 8. The client interface for the Windows and Mac systems is essentially identical so we will only show screenshots for the Mac here.
Installation on Windows and Mac is very similar, the only real difference being Windows requires the installation of a TAP driver, a quite straight-forward process.
When installation is complete you have to enter the account details used when you purchased your plan.
Once installed access to the program is via a menu bar icon. Clicking the icon allows you to select a server or adjust settings:
Connection to the VPN network is as simple as clicking on your server of choice. Once connected, the menu bar icon turns from red green in Windows and grey to black in OS X. The default connection is OpenVPN encrypted to 128 bits with AES-128 using SHA1 data authentication.
Connecting may be simple but little help is provided within the client to assist you in selecting the best server – you are left to trial and error. The PIA website does contain a webpage where you can run a speed test on individual servers but for those wanting to use a US server it is a tedious business testing all possible servers. You also need to be aware of the existence of that page; most users would not. PIA should build this web feature into the client and also add a “fastest server” option like many other VPN providers.
The data encryption method, authentication algorithm and handshake encryption can be changed from pull down menu selections under “Settings/Advanced.” There are no options for changing the protocol within the client; it is fixed to OpenVPN. The VPN protocol can be changed outside the client using a manual setup and this is documented on the OpenVPN website. This is not a task for the fainthearted. In practical terms most users will be stuck with using OpenVPN.
OpenVPN is possibly the best VPN protocol but it does not work everywhere. So if you are away from home using a Wi-Fi connection at an airport or hotel that does not work with OpenVPN then you have no alternatives to try. Thankfully this situation is not all that common but it does happen. Yet again it would be good if OpenVPN allowed a choice of protocol with the client.
Installation on an iPad was even easier than with Windows and Mac. Just locate the free app at the App Store and click. During installation an iOS VPN profile is downloaded and you must agree to install it. Once installation is complete just enter your account details: email address, username and password to complete the process.
Connection and disconnection can be made from within the client or from the iOS Settings page. The default connection is via the IKEv1 over IPSec protocol using 128bit AES encryption. This cannot be changed from within the client nor can you change the data encryption, authentication or handshake. iOS profiles for OpenVPN and L2TP can be added using instructions on the website. This is a little fiddly but most experienced users should be able to manage it.
Separate apps are available for iPhone and iPad, a point that should please most iPad users.
How well does the VPN perform?
In the area of download speed on a local server, PIA was in the middle to low end of VPN services tested in this series of reviews. Measured using Speedtest.net with the fastest local server, download speed dropped by 38% to 44% compared to the download speed without a VPN. This is a large enough difference to be noticeable when browsing and carrying out other daily internet activities. We were still able to do pretty everything we wanted; it was just that response was less snappy when using the VPN. Selecting different local servers didn’t really change things that much.
As is usual, connection to an overseas server really slowed things down. In fact in our tests connecting to hbo.com from Sydney Australia we were able to browse the website OK but did not have sufficient bandwidth to view SD movies without stuttering. This was a disappointing result as connecting to American web services is the reason many non-US users want a VPN. We only tested this from Australia to the USA and different results may prevail for Europe and elsewhere. Whatever, potential buyers should test out the capabilities of PIA in this area while they are within the 30 day money back guarantee period.
In view of recent concerns about DNS and IPV6 vulnerabilities in VPN networks, we ran a series of tests:
When tested for DNS cache poisoning at https://www.dns-oarc.net/oarc/services/dnsentropy where the PIA DNS servers received a rating of “Great” for Source Port and Transaction ID randomness, an excellent result. This was true for both the Windows and OS X clients. The iOS app was not tested.
The desktop clients also passed the extended DNS leak tests at https://www.dnsleaktest.com.
At http://ipv6leak.com/ the two clients passed the IPV6 leak test.
We also tested how much information is revealed by the user’s browser by testing at http://mybrowserinfo.com as potentially this can lead to the fingerprinting of your browser configuration which could possibly be used for personal identification. VPN technology in itself cannot prevent such disclosure but some VPN services are now including additional features to protect their users from this risk.
Using Google Chrome as our browser, results for Windows and Mac OS X were disappointing with almost all available browser information available. This is a feature PIA should consider adding to their product.
What other features are offered?
Unlike many VPNs, PIA works with Windows XP though with manual configuration. This is a real plus for the many users of this operating system.
PIA can also be manually configured to work with Ubuntu Linux as well as the Boxee Media platform and DD-WRT router software.
PIA allows both BitTorrent and Tor Traffic over its network and even provides a SOCKS5 proxy service for BitTorrent users.
The Windows, Mac and Android versions automatically route DNS requests to PIA’s own private DNS servers. iOS apps can be manually configured to do the same. The use of dedicated DNS servers is a valuable security feature.
The Windows and Mac clients have an optional internet kill switch that will temporarily disable your internet connection should the PIA VPN drop out. They also have optional IPv6 leak protection to make sure that there is no leakage of IPv6 traffic while using the VPN. This is an excellent security feature.
The Windows and Mac clients also have an optional DNS leak protection switch to ensure DNS requests are routed through the VPN. This is also an important security feature though it may cause issues with certain network configurations.
How good is the support?
We only tested support using the 24/7 online chat service and it was pretty good. Response time was generally in the 3-5 minute range, which is a little slower than some of PIAs competitors but the quality of the responses we received was excellent and the operators were extremely helpful and courteous.
Email support is also available as well as a wide array of online guides, tutorials and other resources.
|Price||$9.95 month billed monthly, $39.95/year|
|Refund period||30 days|
|Max concurrent connections||10|
|Network size||77 countries|
|Own DNS server||Yes|
|Default Win protocol||OpenVPN 128 bit|
Private Internet Access VPN Website: https://www.privateinternetaccess.com/