Monday, October 12, 2020

Private Internet Access (PIA) VPN

Private Internet Access (commonly known as PIA) is a capable VPN provider, now owned by Private Internet (formerly known as KAPE), who also owns CyberGhost and ZenMate. 

The company has recently unveiled its 'NextGen VPN Network', now a massive 12,782 servers in 75 countries (that's up from 3,300 in 30 countries just a few months ago.)

This isn't just about the numbers, PIA explains. The new servers 'utilize better hardware components', '10Gbps network cards instead of 1Gbps', use RAM Disks to ensure 'all sensitive information is lost as soon as the server loses power', and now support both WireGuard and OpenVPN.

You're able to access that network via apps for Windows, Mac, Android, iOS and Linux, browser extensions for Chrome, Firefox and Opera, and there are detailed setup tutorials for routers and many other device types.

PIA supports connecting up to 10 devices simultaneously. That's twice the allowance you'll get with most VPNs, although Windscribe, Surfshark and a few others have no limit at all.

Extras range from the simple and straightforward (built-in blocking of ads, trackers and known malicious websites) to the more low-level and technical (a SOCKS5 proxy for extra speed, port forwarding support, the ability to select your preferred encryption, authentication and handshaking methods), and there's 24/7 support (though not via live chat) to help solve any problems.

Transparency is important in a VPN, so we're happy to see that almost all of PIA's apps are open source. Developers can check out the source code for the Windows clients, the browser extensions, iOS and Android apps and more on GitHub.

There are surprise app-related extras, too. For example, a capable command line app for Windows, Linux and Mac enables automating VPN operations from scripts. At its simplest, you could use this to create a shortcut which automatically connected to the VPN and then launched an app, but it can do much more (we'll talk about that later.)

Payment Methods

Private Internet Access supports a wide variety of payment methods including PayPal and even Bitcoin (Image credit: Private Internet Access)

Plans and pricing

The Private Internet Access monthly plan is priced at an average $9.95. The old six-month plan has disappeared, at least for the moment, but pay for a year upfront and the price plummets to just $3.33. 

A new two-year plan is a little cheaper at $2.65 a month for the first term (with two months free), $2.91 on renewal. 

The plan also throws in a free one-year license for BoxCryptor, a powerful service for encrypting cloud files from just about any provider (OneDrive, Dropbox, Google Drive, more.) This is already available in a basic free-for-personal-use version, but what you're getting here is a license for the more capable Personal plan. This supports unlimited devices (the free version limits you to two) and cloud providers, and includes email support, and is worth $48 if your purchased it separately.

Even if you've not the faintest interest in BoxCryptor, the two-year plan looks like excellent value to us. It's significantly cheaper than NordVPN's two-year deal, for instance ($3.71 a month), and although you could save a little with Surfshark ($2.49 a month on its own two-year plan), that's only the introductory price-- it doubles on renewal.

If you're tempted to sign up, a wide choice of payment methods includes support for cards, PayPal, Bitcoin, gift cards and more.

There's no free trial, but the money-back guarantee has risen from the previous and way-too-short 7 days, to a much more acceptable 30.

PIA's Terms and Services has another surprise (and unusually for small print, it's a good one.) Many VPNs say customers are only allowed one refund, ever. Private Internet Access says that if you purchase a new account more than three months after the last refund, you're eligible for another. That's unusually generous, but seems fair to us. If you try out a VPN and the service doesn't work for you, it shouldn't matter if you had a refund three years ago - you ought to have the same money-back rights as everybody else.

Privacy

PIA Mace protects your privacy by blocking ad trackers and malware (Image credit: Private Internet Access)

Privacy

All VPNs claim to deliver great privacy, but Private Internet Access combines an unusual mix of features which goes further than most.

PIA's apps mostly use only the latest and most secure protocols, for instance, in OpenVPN and WireGuard. OpenVPN protection is AES-128 by default, but in a click or two you're able to set encryption type (AES-128 or 256, CBC or GCM, maybe turn off encryption entirely if you're just after speed), data authentication and handshake methods (RSA-2048-RSA-4096), choose the connection type and set local or remote ports.

Private Internet Access provides its own DNS to reduce the chance of DNS leaks. The apps are flexible, though – the Windows client can be set to use your default DNS, or any custom DNS of your choice.

DNS Leaks

Private Internet Access managed to protect all of our data from leaking in the DNS leak tests we performed (Image credit: DNS Leak Test)

There's also a kill switch to disable your internet access if the VPN drops. Unlike some of the competition, this isn't only available on the desktop – the iOS and Android clients get it, too.

Get connected with the Chrome extension and you'll find a bunch of bonus privacy features (block location access, third-party cookies, website referrers and more). You could set these up separately and for free, but the extensions make it easier and they do add worthwhile extra layers of protection.

PIA's MACE feature blocks access to domains used by ads, trackers and malware, further limiting the ways companies can follow you around the web.

As we mentioned above, and perhaps best of all, Private Internet Access has open-sourced its desktop clients, mobile apps and many other components and libraries. This allows other developers to freely examine the source code, assess its quality, report bugs, and maybe check to see whether it's doing anything which might compromise the user's privacy.

Logging

Private Internet Access keeps no logs on its users (Image credit: Private Internet Access)

Logging

While most VPN's claim they don't log customer activities or traffic, there's rarely much to back this up. You're expected to cross your fingers and trust they're being honest.

Private Internet Access is far more confident, claiming to be 'verified' as 'the only proven no-log VPN service.'

The company seems to be referring to court cases where subpoenas have been served on PIA asking for account information, but the only data provided was the general location of the server IPs. Absolutely no user-related data was given up.

Private Internet Access also publishes a Transparency Report detailing any official requests for information, and user data handed over. The full six-month report for January through June 2020 records six subpoenas received, with no logs produced for any of these requests.

The Privacy Policy is normally the best place to look for more details about what a VPN is doing, but PIA's is mostly about the website, and says almost nothing about the VPN.

Eventually we found a support article, 'Do you log the traffic of your users?', which stated that Private Internet Access "absolutely does not keep any logs, of any kind, period." It explains that logs which might otherwise be maintained are redirected to the null device rather than being written to the hard drive, which means they simply disappear.

The article also includes this paragraph, which explicitly states that the firm doesn't log session data or your online activities:

"We can unequivocally state that our company has not and still does not maintain metadata logs regarding when a subscriber accesses the VPN service, how long a subscriber's use was, and what IP address a subscriber originated from. Moreover, the encryption system does not allow us to view and thus log what IP addresses a subscriber is visiting or has visited."

While this all sounds great, we're left to take most of it on trust. Even the court cases PIA say prove it's a no-log service date from 2018, so they can't tell us much about what's happening now. Top VPN names including TunnelBear, NordVPN, ExpressVPN and others have all allowed third-party audits of their systems, and it's time PIA did the same.

New Speedtest Image

We test the speed of every VPN we review (Image credit: Ookla)

Performance

Every VPN promises a high-speed, ultra-reliable network, but the reality can be very different. That's why we look past the enthusiastic marketing, and put every VPN we review through our own intensive tests.

Normally this starts by using an automated script to connect (via OpenVPN) to multiple locations, then logging the connection time, checking latency and using geolocation to verify that every server appeared to be in its advertised location.

Unfortunately, that wasn't possible this time as our test software refused to connect. Investigating, we found multiple users reporting that they couldn't connect via third-party OpenVPN apps using their default settings, apparently because of a PIA server configuration issue. As a result, we abandoned the automated tests for this review.

Smaller-scale manual testing showed positive results, though. Connection times were very fast at 2-3 seconds via OpenVPN, 2 seconds with WireGuard, on even the most distant locations. All servers connected first time with no errors. 

PIA's server locations are a more complicated issue. In June 2020, a company blog post explained that 35 of its regions returned IP addresses from the advertised countries, but were physically located elsewhere. The company explained that this allowed it to offer servers in regions it had previously left for regulatory reasons (Russia, Brazil), as well as to offer better performance 'in regions where we were unable to source high quality VPN servers.'

As a result, for instance, if you connect to PIA's Algiers location, you connect to Amsterdam but are allocated an Amsterdam IP address.

How much this matters depends on your location. PIA's Iran servers are physically located in Amsterdam, for instance; if you're in or near Iran, the extended distance may slow you down, but if you're in Europe, speeds could be much faster than expected. 

Any extra performance could be important, as OpenVPN Download speeds from our nearest US servers were disappointing at 65-75Mbps, lagging well behind providers like Surfshark (averaging 100Mbps), ExpressVPN (210Mbs) and Hotspot Shield (360Mbps.)

Switching to the UK saw significant improvements, though, with downloads averaging 150-160Mbps. And when we switched from OpenVPN to WireGuard, speeds jumped to an average 373Mbps in our best session.

Download performance from distant servers wasn't bad, either. We connected to New Zealand (the location with the highest latency, according to the PIA client), ran more tests and hit download speeds of around 15-30Mbps. That's a significant drop, no great surprise when connecting to the other side of the world, and even this worst-case scenario is still fast enough for most web tasks.

Unblocking

Private Internet Access was able to unblock Netflix in our tests (Image credit: Netflix)

Netflix

Connecting to a VPN to use with Netflix and other streaming services can get you access to all kinds of geoblocked websites, hopefully avoiding those annoying 'not available in your region' error messages.

To test the unblocking abilities of Private Internet Access, we connected to various PIA locations, then attempted to access US-only Netflix and YouTube content, Amazon Prime, BBC iPlayer and Disney+.

Bypassing YouTube's protection is relatively easy, and as long as you have an IP address which seems to be in the right country, you should be fine. Sure enough, Private Internet Access allowed us to view US-only content on each of its US servers.

BBC iPlayer is more of a challenge. Private Internet Access didn't get us into the service during our last review, and unfortunately it didn't work this time, either.

Accessing Netflix is the real test of website unblocking, though. PIA scored well here, getting us into US Netflix with all five of our test servers, and repeating the success in the UK. (Netflix Japan and Canada were blocked, though, so there may be issues with some Netflix regions.)

Both US Amazon Prime Video and Disney+ behaved oddly on our first test, with the websites refusing even to load if we connected via PIA's New York location. But after connecting to California, Denver or PIA's US East, both sites allowed us to browse and stream content.

PIA had some unblocking issues, then, but we were able to access all our test sites apart from BBC iPlayer, and that's a better result than we see from many providers.

Torrenting

Private Internet Access allows you to torrent files without bandwidth limits or restrictions (Image credit: BitTorrent)

Torrents

Private Internet Access supports P2P, and we don't just mean on a couple of specialist servers hidden away somewhere. You can use torrents from any location, with no bandwidth or other limits to restrict your activities.

There's an unusual bonus in Private Internet Access' support for port forwarding. This enables redirecting incoming connections to bypass a NAT firewall, and in some cases, may help improve P2P download speeds.

You shouldn't expect much help with any of this, at least from the website. Searching for 'P2P' or 'torrent' in the knowledgebase mostly pointed us to not-so-relevant articles, such as 'My ping/latency is really high.'

Even the port forwarding document only mentioned in passing that the technology could "potentially optimize torrent performance", without offering any further clues.

Still, the company scores well on the fundamentals – large network, no logs, Bitcoin support – and on balance it makes a fair torrenting choice.

Platforms

Private Internet Access provides clients for mobile, desktop and even browsers (Image credit: Private Internet Access)

Client setup

Sign up for Private Internet Access, and the company does its best to streamline the setup procedure. We were immediately redirected to the Download page, where there were direct downloads for Windows, macOS, Linux, and links to the Android and iOS apps and assorted browser extensions (Chrome, Firefox, Opera).

These aren't just file links. We clicked the Windows client, and as well as pointing us to the installer, the website redirected to a page displaying a setup guide.

There are some unusually thoughtful touches. Instead of having a single Windows download link, for instance, you can choose from 32 and 64-bit builds. If, for some reason, a recent update is causing problems, you can download a previous version, and the site lists the changes for every new build.

These are detailed changelogs, too. While most providers just use the same generic 'we've fixed a few bugs' text for every build, PIA actually explains what it's done: 'Fixed a crash on macOS caused by changing screen layouts', 'Fixed several issues relating to installation or uninstallation on Windows in Safe Mode', or whatever it might be. That not only tells you PIA is doing useful work, but if you recognize the issue as something you've run into before, it might encourage you to try an app feature again.

Experts will appreciate a download option for the Android APK file, allowing you to manually install it on devices where necessary.

Private Internet Access does a particularly good job with OpenVPN configuration files, which are necessary if you're setting up many third-party apps.

These are sensibly named with the country and region or city, such as 'US Chicago.ovpn' (contrast that with NordVPN's 'hr16.nordvpn.com.udp1194.ovpn').

You don't have to live with the default OpenVPN settings, either. There are separate downloads available for different encryption settings, to switch to TCP connections and more. There's also an OpenVPN Configuration Generator on the website where you can build different setups for individual groups of servers, potentially saving you a lot of hassle.

We've seen marginally better setup support – ExpressVPN's activation code system allows setting up clients without manually entering usernames and passwords, plus its tutorials are more numerous and detailed – but Private Internet Access offers more help than most, and the chances are you'll have your devices set up and working with minimal hassle.

Windows App

This is the interface of Private Internet Access' Windows client (Image credit: Private Internet Access)

Windows client

The Private Internet Access client installs easily, and opens with a simple and very straightforward client window. Tap the big Connect button to connect to your nearest server, tap again to disconnect, and status areas tell you when you're connected, and display your original and new IP addresses.

The client's excellent and feature-packed location picker is just a click away. It lists countries and city-based locations, where available, and ping times indicate which is closest. You can sort the list by location name or ping time, and a search box and Favorites system help you quickly find and access whatever server you need.

The Settings dialog gives you a high level of control over how the VPN works. Choose OpenVPN rather than WireGuard, for instance, and you're able to choose UDP or TCP connection types, as well as selecting a custom remote port (53, 1194, 8080, 9021) and defining your own local port.

Protocols

Private Internet Access lets you change the type of encryption your VPN uses as well as the connection type (Image credit: Private Internet Access)

The default encryption is 'only' AES-128 (GCM), but the Settings dialog enables changing that to AES-256 (GCM and CBC), and you can also alter the authentication method (SHA1, SHA256) and handshaking (RSA-2048 by default, RSA-4096 and other RSA and ECC options are available). You can also turn encryption off entirely, handy in situations where security is unimportant and you're just looking to maximize speeds (watching streaming media, say).

Some locations support port forwarding, which makes it easier to set up and accept incoming connections to your system.

There's an unusual technical plus in a Use Small Packets feature, which sets the client to use a lower MTU setting to improve reliability on some connections. If you can't get or stay connected, that may be effective, and the Private Internet Access client makes it quick and easy to try this out. (Other providers typically hide this idea away in their support website, and force you to work through various Windows dialog boxes to find and change the relevant setting.)

Elsewhere, a kill switch disables internet access if the VPN disconnects, reducing the chance that your real IP will be leaked. You get the option to use Private Internet Access' DNS servers, your own, or any other custom servers you prefer. And the MACE system to block domains used for ads, trackers and malware can be enabled or disabled with a click.

VPN kill switches don't always deliver (some are almost entirely useless), so we were keen to run some in-depth tests. But whether we gently closed a couple of TCP connections or just terminated PIA's entire OpenVPN-based connection manager, the client didn't care. Each time it displayed a desktop notification to warn us of the problem, then quickly reconnected, without ever exposing our real IP.

It was the same story with WireGuard connections. No matter how brutally we dropped our connection, from closing PIA's WireGuard Windows service to turning our router off and on again, the client successfully blocked our internet access, warned us with a notification and reconnected at speed.

PIA's Windows VPN client for PC might look a little basic initially, then, but spend a few minutes playing around and you'll find it easy to use, with some interesting, advanced features.

Command Line

Run piactl with no commands to see your options (Image credit: Private Internet Access)

Command line use

PIA's desktop clients now include piactl, a simple command line tool which enables using the VPN from a script.

If that sounds like hard work then you might be right, but there could be advantages. What about setting up a scheduled task to automatically connect at a certain time of day, for instance? Automatically connecting when your system boots, but only after it's performed some local network tasks first? Creating special shortcuts which connect to different locations, then open whatever app or website you need?

Getting this working could be easier than you think. The command 'piactl connect' connects you to the current default connection, for instance, while 'piactl disconnect' closes the connection. You don't need to be a developer to recognize what 'piactl set region us-atlanta' does, and there are commands to get and set more options, and monitor the service state.

Although the piactl basics are straightforward, the documentation is a little short on detail, and even the smartest of experts will be left wondering exactly how some of the more advanced tricks are going to work.

There are other complications, too, including the need to have the graphical client running before some of the commands will work.

Just having the 'connect' and 'disconnect' commands is enough to make the feature useful, though, and we'll be interested to see how piactl develops.

Android App

This is the interface of Private Internet Access' Android app (Image credit: Private Internet Access)

Android app

PIA's Android app opens with a clean and stripped-back interface. Most of the screen is white space, with a large On/Off button in the center of the screen, and your chosen region and current IP address at the bottom.

Tapping the current region displays a list of other locations. Each one has a latency figure, giving you an idea of its distance, and a simple favorites system enables moving your most commonly used servers to the top of the list. It's all very easy to use.

The app is surprisingly configurable, with more options and settings than many desktop VPN clients.

You can choose OpenVPN UDP or TCP connections, for instance, with the ability to set local and remote ports, and request port forwarding. (WireGuard is now available, too.)

The app can be set up to automatically protect you when accessing unknown or untrusted wireless networks, or turn itself off when you're using cellular networks.

A Per App Settings box enables defining specific apps which won't use the VPN (that's the equivalent of the 'split tunneling' feature you'll sometimes see elsewhere).

As with the Windows client, you're able to replace the default Private Internet Access DNS servers with your preferred alternative.

There's support for using the app with a proxy, reducing packet size to improve reliability, and automatically connecting when the device or app starts. You can even have your handset vibrate to indicate when you're connected, far more convenient than the usual notifications.

As with the Windows client, you're able to choose from four OpenVPN encryption options ranging from AES-128-GCM to AES-256-CBC, a couple of authentication methods (HMAC-SHA1 or HMAC-SHA256) and six handshaking options (RSA-4096 to ECC-521r1).

There's both a built-in kill switch to block internet access if the VPN connection drops, and a link to explain Android's similar and more capable 'always on' feature.

It's all very well put together, and a well-judged mix of power and ease of use. Whether you're a VPN expert or just looking for an easy life, there's something for you here.

iOS App

Private Internet Access' iOS app looks quite similar to its Android offering (Image credit: Private Internet Access)

iOS app

VPN mobile apps can look and behave very differently, but that's not the Private Internet Access way. Its iOS app is almost identical to the Android version, at least in terms of the main operations.

There's the same basic streamlined interface, list of locations, and Connect button, while a Favorites system enables connecting to commonly used servers. If you've ever used another VPN app, ever, you'll immediately know what to do (even total newbies won't be too far behind).

There are a decent set of options and settings, especially for an iOS app. You get a wider choice of apps than the desktop builds (WireGuard, OpenVPN, IKEv2, the less secure IKEv1 has been dropped since our last review), the ability to choose UDP or TCP connections, set a custom port, use your favorite DNS, take fine-tuned control over encryption and enable a kill switch to protect you online.

An updated Network Management tile makes it easier to set particular networks as trusted or untrusted, and instruct the app to automatically connect or disconnect whenever you access them.

There are a handful of useful iOS-specific features, too, including optional support for Siri shortcuts to connect or disconnect the VPN.

Overall, this is a quality app, easy to use and far more capable than most of the iOS competition. A must-see for more demanding Apple users.

Browser Extension

The Chrome browser extension is more powerful than many VPN apps (Image credit: Private Internet Access)

Browser extensions

Using the Private Internet Access apps isn't difficult, but having to keep switching between your regular application and the VPN client can still be a hassle.

Like ExpressVPN and NordVPN, Private Internet Access now offers add-ons for Chrome, Firefox and Opera, enabling you to connect to the VPN directly from the browser interface. This only protects your browser traffic, but if that's not an issue, the extension makes Private Internet Access much easier to use.

The extension looks and feels almost identical to the other clients, making it very easy to use. A simple opening interface has a big Connect button to connect to the closest server, and there's a full list of locations, with latencies (and a Favorites system) if needed. At a minimum, you can enable the VPN from inside your browser with a couple of clicks.

A split tunneling-type Bypass List enables specifying websites which you don't want to use the VPN. If they don't work as they should with the VPN on, add them to the Bypass List and their traffic will be rerouted through your regular connection.

Bonus privacy tools can prevent websites accessing your location, camera or microphone. They're able to stop WebRTC leaks, and variously block or disable Flash, third-party cookies, website referrers, hyperlink auditing, address and credit card auto filling, and more. We've seen dedicated privacy extensions which do less.

There's the potential for problems here, though, at least initially, because all these settings are enabled by default. If a user doesn't realize the PIA extension is blocking websites from accessing their location, they could waste time trying to diagnose the problem. We're happy to see these features in the extension, and they're easy to turn off as required (just clear a few checkboxes), but it might avoid some hassle if these extra features weren't enabled by default.

All this functionality means there are lots of settings to explore, but on balance the add-ons work very well. If you're looking for simplicity, you can just choose a location and click Connect, much like any other VPN extension. But more experienced users can head off to the Settings, where they'll find more features and functionality than just about any other VPN browser add-on we've seen.

Support

Private Internet Access has a large knowledgebase with articles on a variety of VPN-related subjects (Image credit: Private Internet Access)

Support

The Private Internet Access Support Center has a web knowledgebase with articles covering troubleshooting, account problems, technical complications and more. These don't always have the detail you'll see with ExpressVPN, but they're not just bland descriptions of app features, either.

For example, a Security Best Practices encryption article gives users some useful technical background on encryption, authentication and handshaking methods, and more.

A Guides section has setup articles and tutorials for all supported platforms. Some of these are relatively basic, but there's still a lot to explore, with, for instance, 14 articles on Android alone.

A handy News page regularly alerts users to new servers, app updates, service issues and more. That could save you lots of hassle all on its own if you see your current problem is some known system outage, and that you don't have to spend time contacting support or trying to diagnose it yourself.

If you can't solve your issues online, you can raise a support ticket. There's no live chat, unfortunately, but ticket response times are better than some, with our test question receiving a friendly and helpful response within five hours. That can't compare with the under two-minute delay we've seen with providers such as ExpressVPN, but they're usually far more expensive, and for the most part, PIA's performance is probably good enough.

Final verdict

Private Internet Access isn't perfect, but it scores in many key areas: this VPN runs on almost anything, is easy to use, crammed with advanced features, and offers decent WireGuard performance for a very fair price.  Go take a look.

  • Also check out our complete list of the best VPN services


from TechRadar - All the latest technology news https://ift.tt/3nJfWXo

No comments:

Post a Comment