Our previous review of Private Internet Access VPN is 4 years old, so an update has been long due, but here it is!
Private Internet Access has gone through a lot of changes in the past few years, and I will cover most of them in this review.
In case you aren’t familiar with Private Internet Access, here’s some of the key aspects you need to know about this VPN service.
- Private Internet Access is a VPN service incorporated in the USA, which was acquired recently by Kape Technologies, an Israeli technology company.
- They’ve been into the commercial VPN business for 10 years now and has quickly grown to become one of de-facto solutions for individuals looking to protect their online privacy, especially post Snowden revelations which have caused a boom in VPN usage.
- PIA has a proven no-log policy.
- Sponsors of several causes and organizations, such as EFF, FFTF, Let’s Encrypt, Freenode, WireGuard to name just a few.
- The VPN and proxy technologies they support can be used on most devices.
Most important changes and upgrades since our last PIA review
- Same number of servers, but covering a lot more locations (45 vs. 25 previously)
- Redesigned VPN apps: less buggy, greatly improved usability. They also open-sourced the apps
- 10 simultaneous connections on a single account vs. 5 in the past
- Support for OpenVPN over ShadowSocks (obfuscation against ISP blocking)
- WireGuard VPN support, freshly integrated into their apps
- iOS app supporting OpenVPN and WireGuard protocols in addition to IKEv2
- 30 days refund policy vs. 7 days in the past
- Better speed and stability, mostly because of WireGuard integration
- Recently acquired by a technology company with a shady background
- Better unblocking of streaming services such as Netflix
Trust and transparency
When using a VPN, the user transfers its trust on how his online activity is handled from one entity to another, specifically from his ISP to a commercial VPN service. So here comes the question: do you trust a VPN company more than your ISP?
The answer is a bit complicated, as it varies on many factors, depending on each one’s use-case scenario.
Strictly speaking whether one can trust Private Internet Access or any VPN service for that matter, I’d say it is always good to be precautious about what the VPN provider claims regarding logging policies. Yet, unlike some other VPN services which have been caught giving out info about their users, PIA has a clean record as no users info has been given out.
Another key aspect regarding the trust in PIA is their recent acquire by Kape Technologies, an Israeli based technology firm as a result of its parent company, LTMI Holdings agreeing to a merger. Kape Technologies has also acquired ZenMate VPN and CyberGhost in the past.
Many users have expressed their disappointment as Kape Technologies has a shady background, hence their doubt on PIA’s incentive to protect their privacy.
Kape Technologies was originally founded in 2011 under the name Crossrider, activating into the advertising industry. Their bad reputation comes from creating adware and malware products.
Can PIA still be trusted after this controversial merger acquisition? We wish we could have a clear answer to that, but it isn’t just black and white.
Apps, protocols, compatibility
As one would expect from a solid VPN service, PIA has support for all major platforms and devices.
Their VPN client app is available for Windows, macOS, Linux, Android, iOS. Since our previous PIA review made 4 years ago, their apps have gone through a re-design and are looking much better now, focusing on simplicity without sacrificing functionality.
PIA’s VPN apps feature the same design across all platforms. It’s likely a matter of taste, but personally I like the mobile more than their desktop one, even though the design is the same. What I don’t really like about it its window size. On mobiles it fits just fine the whole display as one would expect, but on a high-resolution desktop/laptop display it is too small.
A proxy browser addon is available for Chrome, Firefox and Opera, but works fine with other browsers derived from Chrome or Firefox, Brave browser being one of them. The browser addon isn’t technically a VPN, but an HTTP proxy over TLS.
The VPN connections can also be set without using their apps, either using OpenVPN by importing the configuration files.
It is also worth noting that their apps’ code is open-source and can be found on their GitHub repository.
Apps notable features:
- Protocol, port, encryption strength selection for OpenVPN
- Kill switch
- Latency tests
- Trusted Wifi for mobile devices (automatically connects to other Wi-Fi networks except those whitelisted)
- Port forwarding (useful for torrent seeding)
WireGuard VPN protocol is supported starting just a few days ago and that’s nice, since WireGuard can be faster and less resource-hungry than OpenVPN. WireGuard connectivity works using their VPN apps and it is enabled on all their server locations. It’s important to be aware that, as mentioned, WireGuard can’t be used with PIA other than with their app, at least not yet, and this is bad news for those looking to set WireGuard connections on routers.
SOCKS5 proxy support is available, useful for torrenting so that only the torrent client hides mask your real IP address from trackers and other peers, including copyright trolls.
ShadowSocks is available with their VPN apps and it acts as a proxy for OpenVPN, adding an obfuscation layer. This option might help in countries like China, UAE and others where the ISPs are detecting normal VPN connections and block them.
PIA MACE is DNS blocking feature that gets rid of unwanted ads, tracking and malware domains. It is quite similar to well-known DNS blockers like AdGuard, NextDNS and it does a fairly good job. It is useful on mobile devices stopping in-app annoying ads, but on desktops/laptops there are better alternatives like uBlock Origin.
PIA iOS app supports 3 connection types: IKEv2/IPsec, OpenVPN and WireGuard. IKEv2/IPsec isn’t available with their other apps.
PIA MACE isn’t available as system-wide blocker on iOS, being replaced with a Safari plug-in. But here is what you can do to have system-wide blocking of ads, trackers and malware domains on iOS: you can set a blocking DNS service like AdGuard, NextDNS or similar in the PIA app’s Settings.
The encryption ciphers used by OpenVPN can be selected in the apps settings, and they include the following:
- Ciphers: AES-128-CBC, AES-256-CBC, AES-128-GCM, AES-256-GCM and None (no encryption)
- Handshake: RSA-2048, RSA-3072, RSA-4096, ECC-256k1, ECC-256r1 and ECC521
The AEAD ciphers (AES-128-GCM and AES-256-GCM) should be the options of choice, but in case you want to use the CBC ones for any reason, you can also set the data authentication to SHA1, SHA256 or None.
A few years ago there were only the AES-CBC ciphers available, so the addition of AEAD ciphers is a good upgrade in terms of security.
For WireGuard, these are the encryption parameters:
- ChaCha20 for symmetric encryption, Poly1305 for authentication
- Curve25519 for ECDH
- BLAKE2s for hashing and keyed hashing
These are the standards settings of WireGuard, you can read more about it here.
What protocol to use with PIA?
In terms of security, both OpenVPN (with the ciphers listed above except for ‘None’, obviously) and WireGuard are very good and have their own advantages. OpenVPN is resource intensive and it really shines when it runs on hardware with CPUs that have AES-NI acceleration, which isn’t the case on mobile device.
Overall, I’d say that WireGuard should give better results in terms of speed and reliability than OpenVPN, especially on mobile devices.
Servers and infrastructure
As of today, PIA has 3288 VPN servers in 45 Countries. Half of their servers are located in the USA, followed by Netherlands, Canada, UK.
All continents are covered with servers in the following other countries: Australia, New Zealand, Germany, Iceland, Albania, Sweden, Norway, Denmark, Finland, Switzerland, France, Belgium, Austria, Czech Republic, Luxembourg, Ireland, Italy, Spain, Moldova, Romania, Bulgaria, Serbia, Latvia, Estonia, Lithuania, Slovakia, Hungary, Poland, Greece, Bosnia and Herzegovina, North Macedonia, Turkey, UAE, Hong Kong, Singapore, Japan, Israel, Mexico, Argentina, India and South Africa.
Also, they just announced that within the next month, their coverage will include servers in 10 new countries.
It’s worth noting that the servers are physically located in all those countries, unlike some other VPN services which geo-locate some of their IP ranges to other countries in order to cover as many locations as possible, including some “exotic” ones.
All the servers are torrent friendly, meaning that P2P traffic isn’t blocked.
Speed with Private Internet Access has almost always been very good in our tests throughout the years and the recent test results are even better. While OpenVPN speeds are ranging from decent to very good, given the fresh WireGuard implementation we’ve decided to focus a bit more on the WireGuard results. And it’s been a very pleasant surprise.
WireGuard speed test results:
US WireGuard servers, connecting from Chicago on a 1 Gbit connection:
Canada WireGuard servers, connecting from the same Chicago location on 1 Gbit connection:
WireGuard speed test results with some European locations, tested from Chicago:
OpenVPN US speed tests:
Looking at the speed test results, it is a no brainer conclusion that WireGuard is much faster than OpenVPN. But then again, results may vary. It depends on many factors and different users may get different results.
Some more speed test results, by connecting from other locations than US, will be added in a few days.
Price and payments
Service price starts at $9.95/mo. and discounts are available for longer-term subscriptions. For instance, the 1 year subscription cost is $39.95, currently coming with 2 months free service extension as a bonus.
Payment methods include PayPal, Credit Cards, Gift Cards and crypto currencies.
Longer term subscriptions like 2 or 3 years are not available, which is a shame, as the 2 years used to be available some while ago.
Their mobile apps support in-app purchases.
A library consisting of help articles and guides is available on their site and they cover most info one would look for.
A News & Updates section covers recent issues, such as downtimes, server removals, system maintenance, software update announcements and more.
Assistance is also provided via ticketing and a live chat. Note that the live chat isn’t available around the clock.
Other ways to reach for support is via their forum or on reddit.com where you can receive help either from their employees or other PIA users.
Private Internet Access remains one of the best VPN services out there, in this overly-competitive industry. They continued to innovate and respond to users’ demand in all these years and I feel that they’re doing so at a faster pace recently than some years ago.
- very solid infrastructure, many locations to choose from
- Privacy focused VPN with an excellent track record (speaking of PIA, not Kape Technologies)
- New apps design improves usability and it looks good. Also, the code is open-source
- WireGuard support, giving a speed boost compared to OpenVPN
- Very good price for what you get
- Prompt support and a large collection of guides on their site
- Streaming sites like Netflix are working
- Torrenting allowed on all their servers
- Several of their location use the same ASN, making it very easy for sites to block a vast majority of their servers
- The VPN apps are mostly ok, but I find their desktop client a bit under-sized on a high-res display
- It’s great that WireGuard is available, too bad it can’t be used yet on routers since it works with their client apps only
- The Kape Technologies acquisition has disappointed many of their users, time will tell if anything would change for the good or bad
- Deceiving “You are not protected” notice on their website’s header