Private Internet Access is, no doubt, one of the best VPN services on the market. They take privacy seriously, their infrastructure is top notch, and the price is unbeatable. Software is not as good as we'd like it to be and support could be better.
As a result of Edward Snowden revelations in 2013, the privacy industry has grown tremendously as millions of Internet users suddenly became more privacy-conscious, starting to look for ways to fight the mass-surveillance VPN services became very popular even among non-technical users and the mainstream interest into such services is growing as we speak.
Back in 2013, we made our first review of Private Internet Access VPN. It has been updated a few times since then, but it is now time to refresh the PIA Review from scratch.
Offering quality at a low price, PIA VPN has quickly become an industry leader. It has received numerous “Best VPN” prizes awarded by leading publications such as PC Mag and Tom’s Hardware.
Private Internet Access has users ranging from regular/non-technical people who simply want to log in to Facebook in a country that prevents it, to security-conscious ones looking to be anonymous while surfing, or to hide from intrusive organizations like the NSA, GCHQ, Chinese government and many more.
We’ve been using Private Internet Access VPN for years, a US-based service operated by London Trust Media, Inc, and recently we decided to review it again to see if the service backs the claims and rises to the occasion. This is what we’ve found out.
What to look for in a VPN
For the purpose of making this review, we’ve meticulously tested Private Internet Access for almost a month, in virtual machines around the world, connected to the VPN for days, as well as mobile devices. We wanted to know how fast and reliable it is, how it handles our data and what features it includes.
When you choose a VPN, there are several things you need to take into account:
- Servers and infrastructure. Specifically, location and number of servers available
- Features and P2P/torrent performance
- Speed and reliability
- Price and available payment methods
Trust and transparency
Most people buy a VPN service to access content restricted in their country, like social networks, YouTube or Netflix. Or to protect against mass-surveillance, tracking and copyright trolls. They often believe that any VPN would do, but this can be a false assumption. You entrust your VPN with all your Internet traffic, and therefore all your sensitive data, the things you wouldn’t even tell to your best buddy.
The most important question you should ask while choosing a VPN is whether it’s worthy of your trust, in the first place.
Private Internet Access is a very solid VPN service, and has shown this. There are no known issues of them playing against their customers. By contrast, another popular service, HideMyAss, has betrayed its users at least twice, by giving them to the feds.
According to their claims, PIA doesn’t store your traffic logs, your IP addresses or your DNS requests. Under subpoena, they may release customer data. According to their website: “we will comply with all valid subpoena requests, our legal team scrutinizes each and every legal request that we receive for compliance with both the “spirit” and letter of the law. For invalid or overly broad subpoenas, we will often question or attempt to narrow the scope of any subject matter sought. Moreover, when it is possible and a valid option we will provide the user an opportunity to object to any requested disclosures. ”
Private Internet Access requires, though, the user’s email address and payment data. They also say some clients, who decide to use the optional control panel, will receive a temporary cookie.
They also make it clear that they won’t sell people’s data for direct marketing purposes, like some of the free VPNs do.
“Our commitment to you is to maintain the highest standards of privacy, while simultaneously providing the most solid, top speed VPN network. We always stand true to our commitments,” reads on their website.
Regarding payment methods, be aware that not all payment methods are privacy-friendly by design. Some of them will store your details for an unlimited time. Also, some of them will forward your details to the merchant – in this case the VPN service provider. For this reason, it is recommended to pay for your VPN with Bitcoin or pre-paid debit cards, so that you won’t link your real identity to the VPN account.
What we liked about PIA and rarely seen with other VPNs, is that they also give back to society by supporting freedom of internet groups (https://www.privateinternetaccess.com/pages/companies-we-sponsor) such as the Electronic Frontier Foundation, Internet Society, Gnome Foundation, as well as Bitcoin events and forums, and hackathons. There are quite a few VPNs sponsoring EFF, but none of them are contributing to several other projects, like PIA.
They also care about the environment, by supporting Earth Day Network, and planting one tree for every server in their network. By May 2016, their numbers has exceeded 3,300 trees.
Users who are looking for the strongest encryption parameters can rest assured. This VPN employs some of the strongest encryption settings on the market. It uses the open source, industry standard OpenVPN, that has many options they can choose from. However, a stronger encryption means more processing power, or often a decrease in speed. Those valuing fast download more than encryption strength can check the boxes corresponding to the All Speed No Safety scenario.
Users have several options when it comes to Data Encryption, Data Authentication and Handshake. PIA VPN recommends several these scenarios:
- Default Protection — AES-128 / SHA1 / RSA-2048
- All Speed No Safety — None / None / ECC-256k1
- Maximum Protection — AES-256 / SHA256 / RSA-4096
- Risky Business — AES-128 / None / RSA-2048
We’ve used combos of AES-128 or AES-256 ciphers with RSA-4096 or ECC handshake, always with SHA256 HMAC.
Find below a couple of samples using their encryption handshake.
With their software (strong encryption):
With default .ovpn server config files:
Note that the strong encryption settings are available only with their software. If you use OpenVPN with the server configuration files they provide or if you set up OpenVPN on a router, the encryption is weak. It will use Blowfish 128-bit CBC as data encryption cipher with an outdated RSA-1024 CA certificate, RSA-2048 server keys signed with that CA and SHA1 digest. That’s quite bad and we wonder why they don’t bother to upgrade their default settings.
Servers and infrastructure
Investigating the hosting partners of Private Internet Access, we found that they are using some of the better options in the hosting industry. For instance, Constant LLC (www.constant.com) is one of their main hosting partners.
Private Internet Access VPN currently (June, 2016) claims to have over 3,300 servers in 25 countries, all featuring Gigabit connections. Most of them, around 1,700, are in 9 US locations. The UK follows with 230 servers, and then comes Canada, with about 200. Other locations include Australia, Switzerland, Netherlands, Sweden, Norway, Denmark, Finland, France, Germany, Hong Kong, Ireland, Romania, Turkey, Singapore, Japan, Mexico, Brazil, India, Russia, New Zealand and Israel.
They have expanded their infrastructure exponentially over the past two years. “Datacenter partners must have a minimum of Tier-3 rated facilities with Tier-1 bandwidth for primary routing/transit (at least 3 different providers). In addition, it is imperative that the datacenter is committed to privacy,” they write on the website.
Features and torrents
Private Internet Access VPN has client apps for Windows, Linux (beta) and Mac OS X computers. For mobile devices, they have VPN client apps for Android and iOS devices. A single VPN account allows up to 5 simultaneous connections. This can be any mix of routers, computers, smartphones and tablets. The service can be installed on as many devices as the user wants, but only five will be able to connect at any given time.
The VPN is torrent friendly, and hasn’t blocked such content resources in any of the locations.
PIA has its own Windows OpenVPN client and it is very easy to use, working out of the box.
The interface is clean and minimalist. You get to choose between Simple and Advanced. Inexperienced users will be asked to provide a VPN username, password, startup options and the region they want to connect with. Experienced users get to pick their encryption strength: cipher, authentication and handshake methods.
Upon installation, you can choose the region/country you want to connect the VPN, as well as protocol and ports. They provide both TCP and UDP protocols, on ports: TCP 80, 110, 443 and UDP 53, 1194, 8080 and 9201. Protocols and ports can be selected from the Advanced options. Note that the TCP ports 80, 443 and 110 are recommended if the VPN connection is made from a network that has a restrictive firewall, as those ports are normally used for web and email traffic, hence it is likely that the VPN connection would operate under the radar.
Another useful thing you can set is Port Forwarding (used by P2P clients or other software that requires direct access to your PC from the Internet). If you enable the option, a tooltip will show you the forwarded port when you connect.
Port Forwarding is available on servers located in the Netherlands, Switzerland, CA North York, CA Toronto, Romania, Sweden, France, and Germany. Port forwarding is useful for torrent seeding as well as gaming and to reach some applications within your home network, for example a surveillance camera, FTP/SSH server or VoIP application.
Useful software features:
- VPN Kill Switch deletes your ISP Internet gateway if the VPN disconnects to avoid IP leakage
- DNS Leak Protection removes your default DNS servers so you can use only the DNS servers assigned by the VPN
- IPv6 Leak Protection disables your IPv6 network address to protect against leakage via IPv6
On Android, their app connects using OpenVPN, since it is based on the open-source app OpenVPN for Android. Starting with a recent update, it also allows policy based routing, meaning that the user can choose which apps to use (or not) the VPN connection.
The VPN software client for iOS is not as powerful as the one for Android and it is using IPsec+IKEv2 instead of OpenVPN, as the VPN protocol. Therefore, it is not as secure and reliable as OpenVPN.
It is also possible to setup VPN connections manually, without using a software, on devices that support VPN connections such as routers, NAS devices or with the built-in VPN support in most operating systems.
Using a VPN may lower your connection speed for two reasons: encryption overhead, as you need to transfer more data, and the bandwidth capacity between you and the VPN server you are connecting to. For instance, connecting to a different country or overseas, may result in lower speed than what you’d get by connecting to a location near-by. Sacrificing some speed (not a lot) for security and privacy is convenient, in our opinion.
We can probably all agree that speed is a very important factor when choosing a VPN. For this reason, we have made many speed tests using various methods, both online speed tests and torrent transfers. These tests were made during different time frames and times of day. Note that we connected to the VPN from different world-wide locations, to overcome the latency and peering issues.
As the tests above are showing, the speed with PIA VPN isn’t bad at all. In fact, it is better than what we experienced with many other competitors, though not the best.
They seem to care about the speed of customers as there’s a “Send Slow Speed Complaint” option available in the Windows VPN software.
torrent speed results
Torrent speed is very good, reaching well over 100 Mbps constantly.
and a second test (different VPN location):
As you can see in the above test results, the transfer speed was over 15MB/s, or ~120 Mbps. One test was made connecting to the VPN in Canada, the other one in Netherlands.
We also tested the torrent speed with the VPN turned off, but with the SOCKS5 proxy enabled in the torrent client. The speed skyrocketed over 200 Mbps. That’s impressive and just for torrenting alone, it’s enough than connecting to the VPN to route all your traffic, but simply setup the proxy in your torrent client. This is the speed result with torrenting via SOCKS5:
Payment and Price
Private Internet Access (PIA) has a few and simple price options. The monthly payment is the highest, $6.95. If you opt for the 6 months package, you give $35.95, which means $5.99 per month. A higher discount is available for those who buy a whole year’ subscription. They only pay $39.95, making $3.33/month. There is no free trial, however you can have your money back in seven days if you’re not happy with the service. Also, the 6-month plan doesn’t really make sense, given the fact that the 1-year is only $4 more expensive. So the obvious choice for long-term is the yearly package.
Besides credit cards, PayPal, Bitcoin and Amazon, there are plenty of other payment methods, including hundreds of gift cards from major brands such as Starbucks, Target, and Walmart, allowing customers to pay anonymously.
We signed up for PIA’s VPN service using Bitcoin, and we were pleased that the signup process took only 20 seconds, and we weren’t asked for any personal details. The VPN login details were sent to the email address provided in the sign-up process. The VPN account was activated instantly after the payment confirmation.
One of the activation emails included a unique download link for their software, with the VPN credentials already embedded so there was no need to manually input the VPN username and password.
They have a live chat support on site, but it isn’t available around the clock.
A Knowledge base page has over 300 articles, covering solutions and answers to most problems and questions.
They also have a ticketing page and we contacted support via this page. While the support was fast replying within one hour, during the weekend, we weren’t impressed with the first reply. The question was a bit tricky, perhaps too technical for Level 1 support operators. What we asked was if their iOS app is using IPsec+L2TP or IPsec+IKEv2, because it wasn’t clear and we couldn’t find the information anywhere. What the support operator replied was something like “you can use L2TP/IPsec on iOS, tutorial [here]. Our iOS app supports IPsec”. That doesn’t answer our question but is just a canned response. However, after telling them that the reply was not satisfactory, some other employee replied and answered the question by mentioning it is using IPsec+IKEv2.
One week later we asked if they support better encryption with the OpenVPN config files, to be used with other VPN software or on the routers. Support was again very fast but unfortunately they said that officially they do not provide other configuration files and suggested to look on their forums.
Other ways to reach for support is via their forum or on reddit.com where some of their knowledgeable employees are lurking.
Private Internet Access is, no doubt, one of the best VPN services on the market. They take privacy seriously, their infrastructure is top notch, and the price is unbeatable. Software is not as good as we’d like it to be and support could be better.
We give Private Internet Access a rating of 8/10 in the paid VPN category and highly recommend it.
- Good speed/reliability. They have tons of dedicated or colocated servers instead of cheap VPS servers like many of their competitors.
- Privacy focused (proven).
- Torrent friendly, not blocked in any of their locations. SOCKS5 and port forwarding are perfect additions for torrenting.
- Can’t beat the price. Really.
- Very good torrent speed, especially with SOCKS5 only.
- Support is very prompt.
- Many VPN locations to choose from.
- They are US-based and can be the subject of secret court orders.
- Software is ok but we wish it was better. but the custom OpenVPN that they modified is out of date. They provide the source on forums, but it’s years old. Also software isn’t open-source, just OpenVPN that is bundled with their software.
- No official support for stronger encryption without their software.
- Flash based speedtest tool on their network page.
- Some of their IPs are blacklisted or easily recognized as VPNs.