
Private Internet Access Goes Open Source - iamd3vil
https://www.privateinternetaccess.com/blog/2018/03/private-internet-access-goes-open-source/
======
rckclmbr
I have been a happy user of PIA for quite a while, and highly recommend their
service. I've used their proprietary app for a while, and have just trusted
their service based on their public image. I'm glad it's going open source,
i'll be contributing.

~~~
ReverseCold
$35 + some technical/tutorial-following knowledge to setup an IKEv2/OpenVPN
server on a Raspberry Pi is better than $100/year for a VPN provider if your
threat model is just "Open WiFi is sketchy" or "XYZ network blocks YouTube"

~~~
ikeyany
1) PIA is less than $35 a year

2) PIA takes less than a minute to setup on every device. Download the app,
login, and you pretty much never have to worry about it again.

Your alternative is more expensive, more resource-hungry, and more of a pain
in the ass.

~~~
rbritton
One major benefit to running your own is that a non-zero number of PIA's IPs
are blocked on many sites. A random VPS IP is much less likely to be.

~~~
mdp
I've actually found the opposite to be true. Sites seem to focus more on
preventing scraping and block VPS IP's more often than commercial VPN. For
example, Craigslist on Digital Oceans IP's is hilariously throttled to ~256
bytes per second. Crunchbase always tosses up a CAPTCHA. This was mostly the
same for Linode.

~~~
bigiain
Ironically, 256 bytes per second is probably still enough to make Craigslist
usable... Web design right out of the 1200 baud modem era :-)

------
kobayashi
This is better than nothing, but the fact that it's only _client side
applications_ means that this is doesn't add much security for PIA users. The
largest threat of PIA has never centred about their client app, but in their
server-side business practices. Count me as one of the people concerned about
PIA's trustworthiness.

~~~
JumpCrisscross
> _the largest threat of PIA has never centred about their client app, but in
> their server-side business practices_

Isn't this inherent to the model of a paid VPN service? (Could one run a VPN
through a blockchain?)

~~~
ohf
> Could one run a VPN through a blockchain?

You can encode any information you want on a blockchain, and it can be
anonymous and specific to the user.

But it would be ///painfully/// slow.

------
df8787s8d778sdf
This is great news!

PIA is reliable and trustworthy.

Also, Rick Falkvinge! (Swedish founder of the original Pirate Party)

[https://www.privateinternetaccess.com/blog/author/rick/](https://www.privateinternetaccess.com/blog/author/rick/)

------
johnramsden
I've been using their service with OpenVPN for years and I've always been very
impressed. Them going open source, and ultimately being auditable, makes them
that much more recommendable.

------
tnolet
awesome. Use it every day. I live in Germany, so you kinda have to.

~~~
woolvalley
Why do you have to in germany?

~~~
tnolet
Crazy strict laws with regard to torrenting etc. Heavy fines.

------
celticninja
>Please note that the extension will protect traffic from the browser only and
will offer any protection when using other applications.

I'm assuming an error in the sentence above and it should say NOT before
offer. Seems like a little proof-reading would have been worthwhile.

~~~
nowsticker
Yep your right - will be fixed when the cache clears!

------
pasbesoin
I've been happy with PIA. Except for the increased blocking of commercial
VPN's (address spaces, I assume) by services on the Web. Not PIA's fault. Just
people looking to solve their problems at the expense of my own security.

I waded into PIA's client enough, months back, to observe that it was using
OpenVPN. Along with its reputation, I decided I had enough trust for my use --
avoiding connection monitoring/cracking on public WiFi and keeping Comcast and
Verizon from data mining me.

I do sort of wait, with all these services, with breath half-held for some
other shoe to drop. Given the rubber hose and lead pipe legal and extra-legal
methods available to various and manifold "three letter agencies".

I hope the open-sourcing of the client leads not only to increased trust, but
also to some functional improvements. Such as being able to leave PIA switched
on on my phone while tethering to it. Without having to root the phone and get
into routing scenarios that apparently Android is not designed to support. So,
I guess that's an Android problem. But maybe there's some way to address it at
the client level.

Anyway. PIA keeps taking substantive steps (e.g. prior financial support for
open source projects, now open-sourcing the client, etc.) that put it in a
good light.

P.S. I don't mean blocking by Netflix and the like. I mean, archive.is, Google
(prove you're not a bot...), commercial services I use, etc., etc.).

~~~
josephholsten
I've said this elsewhere, but I'm trying to help, not spam!

Please make sure to report evidence of blocking to PIA support, they do have
some solutions available. Worst case, it gives them evidence that it's time to
rotate IPs.

~~~
miranda_rights
Even for stuff like netflix/hulu? Asking out of curiosity - I leave PIA off
for the most part because of the IP blocking, and only turn it on when I feel
that I need it.

~~~
pasbesoin
I started leaving it on when Comcast and Verizon became aggressive about both
connection monitoring and injection.

At home, Comcast is my only option. Verizon is the sole national provider
(U.S.) with service in some areas I travel to.

------
Erlangolem
Great news! I’ve always liked PIA, but the closed source nature of it did
require a certain degree of trust. No offense to anyone, but “trust” and “vpn”
should be an uneasy combo. This way I’m not in forced to trust my demonstrably
untrustworthy ISP, or a VPN. Thanks PIA.

~~~
iamd3vil
If you don't trust PIA's or any VPN's clients, you can always use Openvpn
clients directly, provided the vpn supports openvpn.

~~~
Erlangolem
I do trust them, and I have used them, but I prefer “trust, but verify.” It’s
also just the right thing to do, going open source.

~~~
iamd3vil
Yeah true. Also by open sourcing the chrome extension maybe someone can port
this to Firefox. I think it should be relatively easy after the recent move by
Firefox to webextensions.

------
gt_
Great news. PIA is a solid service I can recommend to less tech-friendly
family members and the like.

------
ryanlol
Nothing worthwhile was open sourced, this is just a PIA marketing blog post.

~~~
voltagex_
Even if it's just the client components, if it can be used to improve the
UI/UX of VPN clients then that's definitely worthwhile.

~~~
colecut
Did they need to open source it to gain UI/UX insight?

------
nkkollaw
PIA's server is in the US, though.

Isn't that kind of weird for a privacy-focused company?

~~~
AFNobody
In what sense? The legal overrides that exist in the US for "national
security" also largely exist in the EU.

~~~
nkkollaw
The EU has not been caught spying on everyone.

~~~
jkaplowitz
GCHQ (UK), BND (Germany), France's equivalent (I forget the name), and others
I am probably unaware of have been caught doing pretty widespread
surveillance.

So, technically not the EU, but multiple EU countries.

~~~
nkkollaw
I doubt you can compare that to the NSA, but sure.

~~~
jkaplowitz
At least GCHQ is more comparable than you'd think, and they and NSA often work
closely together.

------
gregknicholson
> over the next six months we will be releasing the source code for all our
> client-side applications

They weren't already?!

Come back when you've AGPL'd your server-side software. Then I'll believe
you're committed to open source; and I'll trust you, because you'll be legally
obliged to be honest about what's running on your servers.

~~~
xeeeeeeeeeeenu
>Come back when you've AGPL'd your server-side software. Then I'll believe
you're committed to open source; and I'll trust you, because you'll be legally
obliged to be honest about what's running on your servers.

It's not how it works. The copyright holder isn't obliged to follow AGPL (or
any other FOSS license) terms.

~~~
gregknicholson
Good point. I was assuming there would be third-party contributions, and the
third-parties would retain their copyright.

