They've been recommended by a lot because they recently backed up their claims of no logging (FBI asked them for data, and they couldn't provide it). You'll see that they are ranked pretty high on this list, where there are some breakdowns. They are pretty cheap and popular too. Popular helps by making associations more difficult. That is seeing a VPN server accessed page X and that you were accessing the VPN server at said time. A college student was connected to a bomb threat by this method, being he was the only one on campus to be using TOR at the time the bomb threat was made (from TOR). You'll be fine with any VPN that is relatively popular and doesn't do any tracking.
A relevant detail to that story is that he admitted his guilt under questioning. Had he continued to deny any involvement, they would not have been able to prove that he was sending the bomb threat, as it could have been from someone who wasn't on campus.
Very true. But there have been several instances of cases like this. And this thing doesn't matter if your VPN logs or not[+]. But what I was trying to point out is that these types of access collisions are important to understand. And why I don't think people should roll their own VPN.
[+] I'm not trying advocate crime here or advising how to avoid it. Just trying to bring to light a vulnerability.
Criminals are great examples, because their OPSEC failures are often detailed in court records, reported in the media, and discussed online. One of my articles on IVPN's website uses several such OPSEC failures (Silk Road, Sheep Marketplace, etc) as examples.
Enough. You do this on every mention of PIA and you have been told to stop or get banned [0]. I don't know why you are on this crusade when there is not even the slightest hint of wrongdoing [1] so please, easy on the conspiracy theories.
It's not about conspiracy theories, but about concentration of power.
If control of PIA — for whatever reason, and be it that Andrew Lee dies and his heirs sell it, or that he can't finance it anymore, or that a three-letter agency forces him to — ends up in the wrong hands, then also all of Freenode and Snoonet end up under control of that entity.
It's not that I don't trust PIA, but that I fear that PIA itself may end up in the wrong hands.
And I'm not on a crusade against PIA — I won't complain about their donations without requirement to advertise in return to projects such as KDE, with a transparent funding process.
But I am on a crusade against centralizing any services, be it killing XMPP federation (thanks, Google), be it pushing a "secure" Messenger that is bound to a single social graph and server infrastructure controlled by one group in the US (thanks, Moxie), or be it a single compsny gaining significant control over several major IRC networks, clients, libraries, and over Matrix at the same time.
To be honest, my only problem with them is their customer service. And their phone app. My connection is half speed on my phone. :( They also have some strange problems with the linux app (which I wish they would open source). Otherwise I'm really happy with them.
Yes, and interestingly, the Freenode staff had previously disabled Tor access to the Freenode network for over a year or so because of "attacks" which they claimed they could not handle. This was a pretty flimsy excuse once I finally found someone that knew the technical details, and though I chased the "right" people down several times to ask why Tor access had not been enabled, I never got a good answer. Cue PIA taking over Freenode, and within a couple of weeks, Tor access to Freenode was once more enabled. I've been a happy PIA customer for some years now, but that left such a huge and positive impression on me. I'm not completely sure the two things are simply correlated, but after talking to all those Freenode staffers over the years about it, I can't imagine it wasn't pushed by PIA.
I was actually primarily talking about their donation to the Krita Foundation [1], but yeah, it's good to be aware of the above, even if thus far I haven't seen anything nefarious from them.
I'd use them. They're among the least expensive. And they don't seem to retain logs or detailed access records, based on testimony to a US court. But that was about an exit in the US, where there's no legal requirement for VPNs to log. Where there are such legal requirements, maybe they (or any other VPN) would retain and produce logs.
When I checked in mid 2016, their custom Windows client leaked while the VPN was reconnecting after uplink interruption. But then, only six of the 29 VPNs that I tested didn't leak: AirVPN, FrootVPN, IVPN, Mullvad, Perfect Privacy and SlickVPN. Strangely, FrootVPN didn't leak using open-source OpenVPN, suggesting that they're doing something unusual at the networking level. PIA's OS X client didn't leak, however.
They do tend to oversell their servers, however. So you'll often get less throughput than with AirVPN, IVPN or Mullvad.
I've been very happy with PIA. It's cheap with minimal impact to my bandwidth. The concern is that, like all VPNs, we are trusting them not to keep logs. PIA claims that they proved in court that they do not keep logs because they provided no useful data to an FBI request. There's a debate over whether this proves they don't keep logs or not here:
Is this semantics? I am uncertain. I do think that it's in PIA's best commercial interests not to keep logs. It's the core of their business model. The moment a PIA customer's identity is revealed through them is the moment they lose all business.
I think they're good, but there are some downsides. Sometimes traffic can really slow down because they're _too_ big.
Another issue is, all their IPs are well known. When browsing while connected to them, you can run into a lot of issues: captchas, blocked sites, etc.
The other day I was accidentally connected and made a purchase. What a giant headache. My purchase was flagged and blocked and it took a lot of my time to call the company and get it cleared up.
A few weeks back I ran in to the same issue with accidentally making a purchase while connected to PIA. Mine was also flagged and I had to jump through several hoops to prove I made the purchase. It was a pain but I completely understand why that happened and I'm still very happy with PIA.
I will mention that while it doesn't magically fix slow speed issues, they have the ability to report a slow server through the app (on Windows, I can't attest to any others). You just right click the icon in the notification tray and click "Send Slow Speed Complaint." They do add more servers in areas that are overloaded.
I've used PrivateInternetAccess, they are trustworthy, but US based so count on them rolling on you if someone has a good reason to be interested in you.
Well, they apparently didn't roll for a US court, in a case involving harassment, as I recall. Would they roll for the NSA? How would they handle a NSL? I have no clue. Their founder has said that, although he lives in the US, none of their server admins do.
>"Buy the gift card with cash then there is no trail."
Until it's important-enough for them to track down the card, figure out when it was bought, go over the security footage of who was buying at the time, extract footage of you buying it. They can then extract your face and match against a DB. Or perhaps see what car you enter into, and extract its license-plate.
Heck, even if they don't have that, they can ask the cell-phone companies to see which phone-numbers were connecting to the nearest tower during that period. That already narrows down the list to say, 1000 people?
We're almost there. All the technology is already in place, and the only thing stopping it from happening is consolidation.
I have been pleased with their service. It wasn't much hassle to set up, particularly. Was certainly a little trickier on my linux machine.
I find the speed has almost been completely acceptable. I have had only a handful of times where it seemed sluggish and bogged down.
I know there is a some question of whether they can truly be trusted? Do they truly not keep logs? And they are US based which are all things to consider. I weighed those factors against the customer reviews, price, and simplicity of their service, and I think my choice has served me well. Their rates are dirt cheap for what seems to be a reliable service.