Tag: performive

  • Kaspersky

    Kaspersky

    In the labyrinthine world of cybersecurity, Kaspersky Lab has carved out a name for itself as a leading antivirus and security software provider. Founded in 1997 and headquartered in Moscow, the company has had its share of accolades and controversies. Kaspersky gained significant recognition for its role in uncovering state-sponsored cyber-attacks, including the Stuxnet worm that targeted Iranian nuclear facilities. However, the company has also faced scrutiny, most notably in 2017 when the U.S. government banned federal agencies from using Kaspersky software over concerns that the Russian government could exploit its access to U.S. systems. Amid this backdrop, Kaspersky offers a Virtual Private Network (VPN) service, adding another layer to its cybersecurity portfolio. Intriguingly, the VPN infrastructure is managed by Pango Group, which is owned by the conglomerate Aura. This relationship raises questions about Kaspersky VPN’s commitment to privacy, given that multiple entities are involved in data processing and management. In this article, we’ll explore the details of Kaspersky’s VPN service, examining its features, privacy policies, and the implications of its association with Pango and Aura.

    App Privacy

    Our analysis of the app’s network connections reveals some intriguing insights. While Kaspersky does maintain connections that are integral to its core security functions—such as touch.kaspersky.com and edge.geo.kaspersky.com—the story doesn’t end there. The app engages with an assortment of analytics and tracking services, including various appsflyersdk.com subdomains, firebaselogging-pa.googleapis.com, and app-measurement.com. This paints a picture of an app that’s not just focused on security but also has its fingers in the analytics and tracking jar. Adding another layer of complexity, Kaspersky employs a multitude of unique subdomains related to its own services, raising questions about the necessity of such intricacy. For the privacy-conscious user, these details cast a shadow on Kaspersky’s otherwise reputable image, ultimately placing it in the “D” category of our privacy rating scale. So, while Kaspersky may offer robust security features, those looking for an equally strong commitment to privacy might want to tread carefully.

    Terms of Use

    In the digital age, scrutinizing the Terms of Use of any software solution is crucial for maintaining one’s privacy and security. Kaspersky’s Software solution, according to its Terms of Use, collects an extensive array of user data ranging from email addresses and unique IDs to sensitive financial information and device-specific details. While some data collection is necessary for the software’s core functionalities like managing licenses and remote control of security levels, the breadth and variety of data being collected raise questions for privacy-conscious users. Notably, the terms also mention that using external authentication providers subjects your data to another set of policies, adding another layer to consider in terms of data security.

    Adding to the complexity, the software operates under the legislation of the Russian Federation, which could entail different data protection standards than those you may be accustomed to. The terms also prohibit users from independently assessing the software’s security, limiting your ability to gauge its robustness. While Kaspersky is a respected name in the cybersecurity world, the extent of data collection and other stipulations in their Terms of Use necessitate a thorough evaluation, especially if you prioritize privacy and data security. Always remember, the devil is in the details—or in this case, the fine print.

    Privacy Policy

    Kaspersky’s Privacy Policy further expands on how user data is collected and processed, with specific attention to marketing and VPN functionalities. The policy points out that some statistics are used explicitly for marketing purposes, aiming to improve the quality of the application and offer targeted security solutions. While the policy does specify that the collected data cannot be linked to your online activity, it introduces Adaptive Security technology for Android, which ‘normalizes’ website and app information by deleting all personal data before checking against Kaspersky’s reputation cloud database. It’s worth noting that while the Terms of Use prohibits users from independently assessing the software’s security, the Privacy Policy emphasizes that they adhere to “the highest data protection standards.”

    Interestingly, the policy explicitly states that your online activity is not logged and that data is never used for advertising. This is in line with the Terms of Use, which also does not mention any third-party advertising. However, one point to consider is the involvement of Pango as the VPN service provider. While Kaspersky processes data required for the application to function, Pango processes data needed to arrange VPN sessions. Despite the division of labor, both companies claim not to log online activity. The Privacy Policy could be clearer on how Pango aligns with Kaspersky’s data protection standards, especially given that VPNs are often used specifically for enhanced privacy and security. As always, understanding the full scope of data collection and usage requires vigilance and a careful read of both the Terms of Use and Privacy Policy.

    See also:

  • Hotspot Shield

    Hotspot Shield

    Hotspot Shield

    Hotspot Shield is a VPN service that has been around since 2008, making it one of the older players in the market. The service gained notoriety for its use by dissidents during the Arab Spring protests in the early 2010s. However, its reputation took a hit in 2016 when researchers cited Hotspot Shield in a research paper for using tracking libraries in their VPN service. A year later, the Center for Democracy and Technology accused the company of engaging in unfair and deceptive trade practices. In 2018, a researcher discovered a data leak, further eroding Hotspot Shield’s reputation. As a result, many websites stopped recommending the service.

    Despite these negative events, Hotspot Shield got a fresh start in 2019 when it became part of the Pango family of products. The VPN service was then acquired by a company called Aura in July 2020. With these recent changes in ownership, we felt it was a good time to take another look at Hotspot Shield. During our research and testing, we identified both positives and negatives of the service, and we also uncovered some interesting facts about Hotspot Shield and its parent companies. While we will delve into the corporate complexities at a later time, our findings provide a comprehensive overview of Hotspot Shield and its suitability as a VPN provider.

    Baked with adware

    Similar to VPN 360, the Hotspot Shield app routinely pings multiple advertising domains which is immediately a red flag. Any company that injects tracking codes into their apps immediately lose credibility in my eyes, and I take all of their promises and core principles with a grain of salt. I also discovered the app pinging various subdomains from yahoo.com There are much, much better VPNs that fight to protect your privacy – for less money. Here are the most commonly accessed domains from the app:

    • adcolony.com
    • adtilt.com
    • unity3d.com
    • doubleclick.net
    • supersonicads.com
    • dewrain.life
    • ssacdn.com
    A complicated history

    The corporate structure of Hotspot Shield is complex, and it has undergone significant changes over the years. The VPN service was developed by AnchorFree in 2008, a company based in Redwood City, California. Despite being a popular VPN service, Hotspot Shield faced a setback in 2017 when the Center for Democracy and Technology accused AnchorFree of deceptive trade practices. In 2018, a security researcher discovered a bug in the Hotspot Shield client that exposed user data.

    In 2019, Hotspot Shield joined Pango, a new company that offers a suite of security and privacy products. Like AnchorFree, Pango is based in Redwood City, California.

    In July 2020, Pango joined Aura, a digital security company. According to Hari Ravichandran, the founder, and CEO of Aura, the goal of all this activity is to:

    …build the best all-in-one digital protection platform for consumers. With the scale achieved through these transactions, we continue our journey to build and expand our integrated security platform. Our vision is fueled by our commitment to make digital security simple, user-friendly and accessible to everyone.

    Shady logging practices

    Sure enough, when I clicked on the VPN’s privacy policy on its website, I was redirected to Aura’s general policy for all of its products. While Hotspot Shield claims it doesn’t store any information that can be linked back to you, Aura states it logs the following:

    • Information about the domains you access when connected.
    • Usage information such as connection timestamps, frequency of use, and bandwidth used.
    • Device information including identifiers, operating systems, browser type, internet service provider, and network information.
    • Approximate location information (obtained from logging your IP address, albeit encrypted).
    Related Posts
  • VPN 360

    VPN 360

    VPN 360 is a virtual private network (VPN) app that allows users to protect their online privacy and security by encrypting their internet connection and routing it through a private server. It is one of the security products offered by Pangu whose parent company is Aura. VPN 360 is available for both Android and iOS devices, and can be downloaded for free from the Google Play Store or the Apple App Store. VPN 360 offers both free and paid subscription options. The free version of the app has some limitations, such as slower connection speeds and a limited selection of servers. The paid subscription offers faster connection speeds, more server locations, and other additional features.

    Our first major problem with VPN 360, and it’s all because of their logging policy. Their so-called “privacy policy” clearly states that they’ll hand over your information to the authorities without hesitation, and there are a ton of exceptions where they’ll collect and give up your data. Honestly, we find this policy completely unacceptable and we wouldn’t recommend trusting it, especially since VPN 360 is a paid service.

    Tracking code

    Similar to Hotspot Shield, the VPN 360 app routinely pings multiple advertising domains which is immediately a red flag. Any company that injects tracking codes into their apps immediately lose credibility in my eyes, and I take all of their promises and core principles with a grain of salt. I also discovered the app pinging various subdomains from yahoo.com There are much, much better VPNs that fight to protect your privacy – for less money. Here are the most commonly accessed domains from the app:

    • adcolony.com
    • adtilt.com
    • unity3d.com
    • doubleclick.net
    • supersonicads.com
    • dewrain.life
    • ssacdn.com
    No OpenVPN or WireGuard configs

    Another worrisome part of this service is the fact that the only protocols they offer are IPSec and Hydra. Hydra is a proprietary VPN protocol developed by the cybersecurity company, AnchorFree. According to AnchorFree, Hydra VPN is designed to provide “faster and more reliable connections” compared to other VPN protocols such as OpenVPN and IPSec. The fact that they do not offer WireGuard confirms the fact that I would never use this product.

    Unfortunately, VPN 360 is just another one of those “free” VPN apps that’s mobile-only and barely even worth considering. Don’t waste your time with it – it’s security and privacy features are weak, its connection speeds are completely unreliable, and it doesn’t even work with Netflix. Plus, the app is absolutely riddled with ads. Seriously, there are so many other VPN options out there that are way safer and more trustworthy – go with one of those instead.

    Related Posts
  • ZenMate

    ZenMate

    Zenmate is a virtual private network (VPN) based in Berlin, Germany service that encrypts your internet connection and hides your IP address to protect your online privacy and security. It allows you to access websites and content that may be blocked or restricted in your geographical location. Zenmate offers several different subscription plans that provide various levels of security and privacy protection, as well as the ability to access content from different locations around the world.

    Is ZenMate safe?

    ZenMate claims to be a no-logs VPN service, but it does keep some connection logs. It will also ask for your email address when signing up for the free version or the 7-day premium trial. It’s also possible that ZenMate may clash with other VPN apps installed on your device. When it’s running in the background, it may not allow you to launch any other VPN.

    Their location in Germany may pose additional issues due to their strict stance on copyright infringement. In addition, they are owned by Kape Technologies, a company that was known to send malware through their software. Overall, this service is of questionable safety, if you’re looking for a top-security VPN service.

    Related Posts

  • StrongVPN

    StrongVPN

    StrongVPN is a virtual private network (VPN) service provider. A VPN is a service that encrypts a device’s internet connection and routes it through a server in a location of the user’s choosing. This can be used to protect the user’s privacy and security online, as well as to access content that may be restricted in their location. StrongVPN offers a range of VPN plans and features, including support for multiple devices, unlimited bandwidth, and a variety of security protocols. The company is based in the United States and has been in operation since 2005.

    StrongVPN, formerly Black Oak Computers / Reliable Hosting / Overplay, is owned by Ziff Davis (formerly J2 Global) who owns NetProtect who operates IPVanish as well as StrongVPN.

    Is StrongP2P safe for torrenting?

    In the book Resistance, Liberation Technology and Human Rights in the Digital Age by Giovanni Ziccardi, he writes:

    This company did not directly answer questions but pointed to their logkeeping policy instead. StrongVPN do log and are able to match an external IP address to their subscribers. They were the most outwardly aggressive provider in the survey when it came to dealing with infringement. “StrongVPN does not restrict P2P usage, but please note sharing of Copyrighted materials is forbidden, please do not do this or we will have to take action against your account”

    “StrongVPN Notice: You may NOT distribute copyright-protected material through our network. We may cancel your account if that happens.”

    Privacy Policy

    The StrongVPN privacy policy is reasonably transparent and does not appear to have any major contradictions. However, a few aspects stand out as potential privacy concerns:

    • They collect email addresses, payment information, names, credit cards, and billing addresses to create accounts. This is quite a bit of personal information.
    • They use cookies and allow third party cookies for analytics and functionality. Users have to opt out of each third party cookie separately.
    • They may send marketing and promotional emails, requiring users to actively unsubscribe.
    • They disclaim warranties and liability, reducing accountability.
    • Users have to take multiple steps to exercise data rights like deletion. StrongVPN can retain data if needed for legal reasons.
    • They can monitor, restrict, or suspend accounts without notice for any reason. This could enable unfettered surveillance.
    • Data can be shared across their corporate group and third party processors quite freely.
    • Data is transferred internationally, with some protection measures. Local laws may differ.
    • Retention periods are vaguely defined as “necessary” for purposes in the policy.

    Overall the policy seems standard for a VPN provider, but the collection of personal information, broad data sharing allowances, and power to monitor/suspend accounts stand out as areas of concern that could impact privacy. The policy meets transparency requirements but still merits careful review by users.

    Terms of Service

    Users should carefully scrutinize the StrongVPN Terms of Service before signing up for the VPN service. Several clauses in the Terms grant StrongVPN alarming levels of discretion when it comes to monitoring, restricting, and terminating user accounts without notice. Users must agree to binding arbitration and waive rights to class action lawsuits, severely limiting legal recourse options. Additionally, StrongVPN disclaims all warranties and liability on their end, removing accountability for services. The Terms also give StrongVPN broad rights to collect and use customer data with few constraints. Restrictions like prohibiting account sharing among household members seem unnecessarily strict as well.

    Overall, the StrongVPN Terms of Service appear heavily stacked against users and in favor of StrongVPN’s interests. Users have little power or recourse under the Terms as written. StrongVPN reserves the right to change the Terms anytime without directly notifying users beyond posting to their website. Those concerned about privacy and accountability are advised to fully review the StrongVPN privacy policy and Terms of Service before subscribing. Important to understand exactly what user data StrongVPN collects, how they use it, and what options users have. Proceed with caution given the broad disclaimers and unilateral power granted to StrongVPN under the Terms of Service.

  • IPVanish

    IPVanish

    IPVanish is a virtual private network (VPN) service that allows users to securely and anonymously access the internet. A VPN creates a secure, encrypted connection between a device and the internet, protecting data and preventing snooping or tampering by third parties. IPVanish offers a range of VPN products and services, including support for Windows, Mac, iOS, Android, Linux, and other platforms. The company was founded in 2012 and is headquartered in the United States.

    A few years ago, IPVanish handed over user logs to the FBI. This caused consumers to question just how seriously the company takes user privacy, and it saw a dip in use and confidence as a result. As part of my review, I look to see if there have been any changes, or if IPVanish still deserves caution when choosing a VPN.

    IPVanish is the latest high-profile VPN to have provided information to the authorities after earlier claiming security for their users. Back in 2011, HideMyAss handed over information that would help to jail LulzSec hacker Cody Kretsinger. Last year it was revealed that PureVPN helped the FBI catch a cyberstalker.

    Can you torrent with IPVanish?

    One of the most common reasons why people sign up for VPNs is so they can use BitTorrent without revealing their true IP address. If you look at section 12 and 13 of the IPVanish Terms of Service, it clearly states that they respect copyright and intellectual property. They also have a page on their website instructing individuals how to submit DMCA notices. It is clear from their ToS that repeated DMCA violations will result in termination of your account:

    It is our policy to terminate in appropriate circumstances the accounts of subscribers who infringe the copyrights of others.

    Looking at their privacy policy

    The IPVanish privacy policy starts off the generic “we do not log, monitor, or collect your browsing history” which is the baseline for a decent VPN. A lot of people will read that line and go SEE!!! They’re anonymous!!!1. However, the devil is in the details – just a few lines down in G. Lawful Bases for Processing Personal Data it states:

    We may Process your Personal Data where the Processing is required by applicable law;

    What exactly does that mean? Just a few more lines down it explains:

    “Personal Data” means information that is about any individual, or from which any individual is directly or indirectly identifiable, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual.
    “Process”, “Processing” or “Processed” means anything that is done with any Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    In a nutshell – they may not “monitor” or “log” your browsing activity but per their Privacy Policy they will hand over any and all information they have on you if required by law.

    Hands in many different pies

    IPVanish has an interesting history that also includes a few different ownership changes over the years.

    Here is a brief summary of IPVanish’s history based on my research for this review:

    • IPVanish was founded by Mudhook Marketing in 2012, a subsidiary of Highwinds Network Group in Orlando, Florida.
    • In 2017, StackPath acquired Highwinds Network Group, which also included IPVanish.
    • In 2019, IPVanish was sold off to J2 Global (now called ZiffDavis Inc.) under the “Net Protect” division.

    J2 Global, also known as ZiffDavis Inc., isn’t just any ordinary company – they’re the parent company for many websites that publish reviews, including PCMag. But wait, there’s more. J2 Global doesn’t just stop at publishing reviews, they also own several VPN services, such as IPVanish, StrongVPN, and Encrypt.me. As if that’s not enough, they also have a secure cloud storage service called SugarSync. It seems like J2 Global wants to control every aspect of the digital world, doesn’t it? Who knows what kind of data they’re collecting from all these different services. It’s enough to make you wonder who’s really in charge of your data and privacy.

    So, J2 Global is the proud owner of a collection of VPN services, which means we’re now in a situation where VPN review websites are recommending products that are actually owned by the parent company. How convenient, right?

    It’s a bit of a dubious situation if you ask me, and we’ve discussed it before in our article on VPNs that own review websites. It’s hard not to be skeptical when the very same company that owns the VPN service is also the one getting glowing reviews from their own review websites. One has to wonder if these reviews are truly unbiased or just part of a larger marketing scheme. It’s a classic case of “who watches the watchers,” and it’s not exactly comforting.

  • F-Secure FREEDOME

    F-Secure FREEDOME

    F-Secure is a zero-logs Finland-based security company with a plethora of products, and Freedome VPN caught my eye for a reason. F-Secure has been in the security business since 1988.

    Freedome VPN is cross-platform and supports Windows, MacOS, Android, and iOS. Mobile app mirrors the desktop experience in simplicity and usability.

    After testing numerous servers I have concluded that FREEDOME predominantly leases from Leaseweb, Performive, Euraserv, and Softlayer.

    Privacy — Ambiguous and Lacking Transparency

    F-Secure Freedome VPN’s privacy policy includes extensive information regarding the security of the service. It claims to keep no logs, which would qualify it as a zero-logging VPN service. However, if you carefully review the privacy statement, then you will see that F-Secure collects different types of information about you.

    To begin with, Freedome VPN keeps a record of your IP address as well as your private communications. The IP address of your computer and your country is tracked along with the amount of data you transmit over F-Secure. Moreover, Freedome VPN is capable of monitoring traffic for malicious or unscrupulous files and websites as well as blocking torrents. In other words, the service has a good understanding of your activities online, otherwise, it would not be able to provide this service.

    Screenshot of Freedome VPN's privacy policy

    Freedom leaves cookies on your computer despite claiming to provide privacy protection

    Its ‘Tracker Mapper’ feature also reflects Freedome’s logging policy. The option enables you to keep track of what trackers you encounter online for 24 hours, which websites they appear on, and what information they collect. Although this information will be deleted after three days, it shows just how easy it is for Freedome VPN to monitor your online activities. Freedome VPN may be very effective in terms of security, but that effectiveness is undercut with these lackluster privacy measures.

    On the plus side, Freedome VPN has its headquarters in Finland. The country is known for having one of the most stringent privacy laws in the world, making it one of the best jurisdictions for VPN firms. Thus, there is no obligation on the part of the provider to give out any information. Even with this favorable location, I am hesitant to recommend trusting Freedome VPN with your data given its tendency to monitor your activity.

  • Surfshark

    Surfshark

    Surfshark VPN is one of the most popular VPN services in 2022. Its competitive price and unlimited simultaneous connections make it a very attractive VPN option for all kinds of users. But does this VPN live up to give the actual value for money that it claims? Surfshark also offers thousands of servers worldwide, excellent connection speeds, and next-gen AES encryption. However, users have been questioning its jurisdiction and whether it’s as private as showcased.

    Surfshark offers some really useful features like SmartDNS, the fast WireGuard protocol, P2P-optimized servers, and provides a selection of easy-to-use intuitive apps and platforms.

    So, when you’re connected to Surfshark – who’s servers are you really using? After completing my testing I have concluded that Surfshark uses 20% their own servers, 17% CDNext, 17% M247, 14% CDN77, 13% Host Royale, and the remaining few are Host Universal, Clouvider, and Hydra Communications.

    Surfshark Network Overview

  • ProtonVPN

    ProtonVPN

    ProtonVPN is a virtual private network (VPN) service provided by Proton Technologies AG, the company behind the email service ProtonMail. ProtonVPN was created to provide a secure, private, and censorship-free internet connection to people all over the world. It encrypts your internet connection and hides your IP address, making it difficult for hackers, ISPs, and governments to track your online activity. ProtonVPN is available on various platforms, including Windows, macOS, Linux, Android, and iOS. It offers a variety of subscription plans to suit different needs, including a free plan with limited features.

    What services are available when you’re connected to ProtonVPN?

    Nothing is more frustrating than connecting to your VPN, heading over to your favorite streaming service… Only to find out your connection is blocked. Unfortunately, it’s a never ending cat and mouse game. We decided to test our experience using ProtonVPN servers based in the United States as well as a few random foreign countries. Note: Registering an account while connected to a VPN may be blocked entirely, the tests below reflect establish a connection from an account that’s already logged in (to simulate someone traveling).

    ServiceBlocked / Restricted
    Amazon PrimeLimited; some IP ranges are blocked
    NetflixAccessible
    SpotifyAccessible
    PandoraLimited; some IP ranges are blocked
    YouTube MusicAccessible
    HuluAccessible
    Disney+Accessible
    Google SearchMay encounter CAPTCHA
    ChatGPTLimited; some IP ranges are blocked
    YouTubeAccessible

    When you are connected to ProtonVPN, who’s servers are you really using? I tested over 50 ProtonVPN servers and found that 36% use M247, 27% use Datacamp Limited, 10% use Datacamp Limited UK, 8% use Estnoc Global, 5% use FDC Servers, 5% use GSL Networks, and the remaining servers use Packet Exchange, and Intergrid. In a recent AMA on reddit, ProtonVPN stated the reason they utilize M247 so heavily is due to cost efficiency and being able to support the freemium model:

    Comment
    byu/protonvpn from discussion
    inIAmA

    ProtonVPN Network Overview

    Stealth Protocol vs WireGuard

    WireGuard and ProtonVPN’s Stealth protocol are both designed to provide security for internet users, but they have different features and levels of security.

    In terms of security, WireGuard uses the latest encryption standards, including the ChaCha20 encryption algorithm and the Poly1305 message authentication code (MAC). These encryption standards are considered to be highly secure and provide a high level of protection for users’ online activities.

    ProtonVPN’s Stealth protocol, on the other hand, uses the Secure Sockets Layer (SSL) encryption, which is commonly used to secure connections to websites. It also uses obfuscation techniques to make it appear as if you are accessing a secured website, rather than connecting to a VPN server. This makes it difficult for firewalls and censorship systems to detect and block your VPN connection.

    In terms of performance, WireGuard is generally faster than ProtonVPN’s Stealth protocol, as the latter adds an extra layer of encryption and obfuscation that can slow down the connection.

    In conclusion, both WireGuard and ProtonVPN’s Stealth protocol provide a high level of security, but they approach security in different ways. WireGuard focuses on fast and efficient encryption, while ProtonVPN’s Stealth VPN provides an extra layer of obfuscation to help users bypass firewalls and censorship systems. The choice between the two will depend on the specific security needs and requirements of the user.

    Audits

    ProtonVPN has undergone several independent audits to verify the security and privacy of its service. In 2018, ProtonVPN commissioned Cure53, a leading cybersecurity firm based in Berlin, Germany, to perform a security audit of its infrastructure and client software. The audit found that ProtonVPN’s security practices were in line with industry standards, and it did not identify any major security vulnerabilities.

    In 2020, ProtonVPN commissioned the independent cybersecurity firm X41 D-Sec to perform a comprehensive security assessment of its infrastructure and client software. The assessment found that ProtonVPN’s security practices were “exemplary” and that the company had “a clear commitment to the security and privacy of their users.”

    ProtonVPN has also undergone a transparency report audit by the firm KPMG, which verified that the company does not collect or store any personal information or metadata about its users.

    Overall, the independent audits of ProtonVPN have found that the service is secure and privacy-protective.

    Related Posts

  • Private Internet Access

    Private Internet Access

    Private Internet Access (commonly known as PIA) is a capable VPN provider, now owned by Kape, which also owns CyberGhost, ZenMate and ExpressVPN.

    PIA has servers available in just about every single state in America, which is great if you want to encrypt and protect your connection but don’t want to get locked out your account for suspicious activity. Choosing a server in a remote country for instance can have some benefits but it is not always the most practical choice.

    Privacy Policy

    PIA’s privacy policy is a classic example of a company trying to paint itself in the best possible light regarding privacy and legal compliance. They talk a big game about scrutinizing legal requests and standing up for user privacy, emphasizing their commitment to the “spirit” and “letter” of the law. This is meant to reassure you, the user, that they’re on your side, ready to shield your data from the prying eyes of the law—unless absolutely necessary of course.

    But here’s the rub: when push comes to shove, the majority of companies, especially those anchored in the U.S., have a breaking point. The notion of a corporate David going toe-to-toe with the Goliath that is the federal government and emerging unscathed is, frankly, more fairy tale than fact. It’s not just about being bullied into submission; it’s about survival. Companies operate under the jurisdiction of local and federal laws, and while they might resist or push back on requests initially, the potential consequences of outright defiance—legal battles, hefty fines, or worse—make compliance the path of least resistance.

    What often goes unsaid in these polished statements is the scale and intensity of pressure a company can face behind closed doors. Yes, they might question or attempt to narrow down overly broad subpoenas, but these are tactical moves within a game where the house always wins. The promise to not participate with unconstitutional or illegal requests is noble but navigating the complex web of legal interpretations and potential repercussions makes this a tightrope walk at best.

    And let’s not gloss over the part where they say they’ll give users a chance to object to disclosures “when it is possible and a valid option.” That’s a lot of leeway packed into a few words, suggesting that this opportunity is more of an exception than a rule.

    In essence, while the statement aims to reassure you of the company’s steadfastness in protecting your privacy, the reality is often shaped by legal and political pressures that can turn those assurances into well-intentioned but ultimately hollow promises.

    Terms of Service

    As far as Terms of Service go, PIA’s is boilerplate industry standard. If you violate law they reserve the right to terminate your service. They don’t include any of the vague terms and phrases like some other providers due like “inappropriate conduct”.

    You must conduct yourself in a way that complies with law and would not violate these rules of conduct.

    Log Policy

    In the book Resistance, Liberation Technology and Human Rights in the Digital Age author Giovanni Ziccardi shares this response from Private Internet Access:

    “We absolutely do not maintain any VPN logs of any kind. We utilize shared IP addresses rather than dynamic or static IPs, so it is not possible to match a user to an external IP. These are some of the many solutions we have implemented to enable the strongest levels of anonymity amongst VPN services. Further, we would like to encourage our users to use an anonymous e-mail and pay with Bitcoins to ensure even higher levels of anonymity should it be required.” Q2: “Our company currently operates out of the United States with gigabit gateways in the US, Canada, UK, Switzerland, and the Netherlands.

    We chose the US, since it is one of the only countries without a mandatory data retention law. We will not share any information with third parties without a valid
    court order. With that said, it is impossible to match a user to any activity on our system since we utilize shared IPs and maintain absolutely no logs.”

    Torrenting

    Private Internet Access (PIA) beats around the bush when it comes to using their VPN services for BitTorrent. While their terms of service explicitly prohibit copyright infringement, their Frequently Asked Questions page delicately navigates the subject of torrenting. PIA suggests that utilizing their VPN can enhance online privacy and prevent ISPs from potentially labeling a user’s activities as suspicious. However, this stance is somewhat disingenuous, as ISPs generally do not actively monitor their customers’ web traffic. The primary concern with torrenting, particularly in the context of piracy, is the risk of receiving DMCA takedown notices, which is a more direct consequence of copyright violation than mere ISP scrutiny.

    Torrenting with PIA is a breeze, however. After I connected to a Canadian server about 1,200 miles away I fired up QBitorrent and within seconds was connectable. I was able to achieve speeds of 10Mbps down and 1.4Mbps up. Not too shabby. It’s important to remember that torrenting is a completely subjective experience and these results are only indicative of my experience. Yours may differ wildly.

    According to my research, PIA VPN predominantly uses CDNext, GTT, and M247 servers depending on where you are connecting to.

    Use of virtual servers

    While it’s not uncommon for VPN providers to use location virtualization, some do see it as dishonest and another deceitful marketing technique. During our testing, we discovered that PIA does in fact use location virtualization. For instance, 100% of the servers advertised as being in the Philippines were actually located in Singapore.

    IP                Advertised Country   Actual Country  ISP    ASN      
    188.214.125.131   Philippines          Singapore       M247   AS9009	

    ASN Diversity

    In the realm of Virtual Private Networks (VPNs), diversity is a key indicator of network resilience. A significant measure of this diversity can be evaluated using the Shannon Diversity Index (SDI), a concept borrowed from ecology to measure the biodiversity in a given community. In the context of VPNs, the SDI offers a quantitative assessment of the diversity of Autonomous System Numbers (ASNs) among VPN servers. Theoretically, a higher SDI correlates with increased network diversity, indicating a more resilient network structure less prone to single-point failures.

    An examination of Private Internet Access (PIA), with its SDI value of 1.8, reveals a comparatively lower network diversity in relation to other VPNs. For instance, Windscribe, Surfshark, and NordVPN have reported SDI values of 3.6, 2.88, and 2.75 respectively. This suggests a potential susceptibility in PIA’s network to failures or targeted attacks, owing to its relatively less diverse network.

    However, it is crucial to emphasize that SDI, while informative, is not the sole determinant of network performance and resilience. Several other factors, including the choice of Internet Service Providers (ISPs), geographical server distribution, total network capacity, and VPN service management practices significantly influence a VPN’s overall performance. Thus, while PIA’s SDI value may not place it at the pinnacle of network diversity, it is important to consider the holistic context when evaluating VPN performance and resilience.

    See also: