Librem Tunnel and the acquisition of Private Internet Access

But let’s be realistic about that: even if they conclude that this relationship needs to be ended, that will take time. I would not expect anything before summer 2020.
Partially due to what’s already on their plate and needed negotiations and research, partially possibly because of contract conditions.

And obviously, before having an alternative, you don’t proclaim that PIA sucks now.

Also, where do you go?
“We chose NordVPN as they have a proven track record …”

(Maybe actually Nord would be a good choice, didn’t look into it, but certainly people would criticize it)


Protonvpn could be an alternative. With respect to Nord: I take the approach that any system has issues and data breaches are unavoidable. So sign up for your vpn with an anonymous account, use an anonymous payment method, and a unique email…


from your second link … “all of your web browsing data appears to originate from the VPN itself, rather than your own Internet Service Provider” - am i the only one who finds the word “appears” in this context to be confusing ?

1 Like

Here’s a great take on the PIA acquisition by Michael Bazzell on his Privacy Security & OSINT show podcast:

Segment starts at 21:24. It’s a very basic take on the PIA acquisition, but it has interesting strategy implementation.

1 Like

Appears is correct as the traffic does technically originate from you then go to the VPN then from the VPN elsewhere. As far as “elsewhere” can see it came from the VPN (hence appears to come from the VPN), the VPN then knows which data goes back to which origin point.

Hope that helps.


it appears i am less confused … kind of like saying i know where the explanation originated from and that it has value but still it did not come from me :stuck_out_tongue:

but seriously who else thinks that a VPN is a great honeypot ? like taking out Protons’ service in Belarus … just when official presidential elections are taking place in that area …

UPDATE Nov. 19, 2019: We have recently confirmed that our users in Belarus can access ProtonMail and ProtonVPN once again. While there has been no official communication as to why ProtonMail and ProtonVPN were unblocked (or why we were blocked in the first place), public outcry seems to have played a part.

1 Like

Surprised no one here has mentioned Mullvad. The only one actually recommended by

1 Like

I was about to mention Mullvad while reading through this thread. I started using their service soon after they started some years ago and find them very trustworthy. They are Linux guys and they know what they are doing. I had correspondence with them over the years and always got helpful answers on a high technical level. I tested NordVPN for a review some time ago and tried to access their quality of support. I found out that in parts they did not even know what some of my Linux related questions were about. So, yay for Mullvad.

Thread hijacking warning

Similar but different, I just found out that Amazon’s “ring doorbell” project hired an executive to oversee the facial recognition part of the project in Ukraine while denying that they are doing facial recognition.

1 Like

To be fair,, in their Providers / VPN section, does ProtonVPN and IVPN under “Other VPN Providers to Consider”. For ProtonVPN however they state “Not audited” and for IVPN “No security audit”.

The only “downside” of Mullvad seems to be “No mobile clients”. Oh well, install OpenVPN and there you go. Recommendable anyway.


Here’s show I see it: this could either be very good (more money/resources for PIA to develop better tech) or very bad.

Presumably (hopefully) Purism has a contract with PIA requiring them to uphold user privacy. Purism should push to make sure when PIA sells to Kape, it is written into the agreement that PIA’s founders have the right to unilaterally veto any policy or product changes from the parent company which infringe on user privacy.

1 Like

Mullvad has a custom mobile client for Android:

For WireGuard you have to install the standard client:

Also, some reddit user posted a great dissertation on what you should be very wary of PIA after this acquisition announcement especially in light of the what CyberGhost is willing to admit to just in their own publicly accessible privacy policy.

Everybody here should read it.

1 Like

Agree with the Mullvad recommendation. I just left PIA after a lot of years due to this news. It’s a shame because PIA used to be a champion of its users and an industry leader in this space. But money talks. I’m not saying I think Andrew Lee and Ted Kim deliberately sold us out. I am saying that ultimately money prevailed over the users’ concerns.

This wouldn’t have been as big a deal if PIA had communicated with us better. If they had come out and said hey, this is what has to happen to make the company survive and grow, these are the benefits, and this is how we’re going to be able to PROVE that we will continue to honor our privacy policy with regular external audits, etc. then I think a lot of people would have felt good about it.

But that’s not what happened. The announcement was buried inside a ridiculous, self-important fluff piece by Andrew Lee making himself out to be like the savior of the internet for taking $95 million dollars. It was laughable. It was sad. Then, the executives went into hiding. They’ve sent support staff onto forums to keep repeating the official PR stance, but the executives haven’t come out themselves to clearly answer questions. It’s been very evasive and the opposite of the transparency I expected from PIA.

So I’m out. Started using Mullvad and really like it so far. It actually has better speeds than PIA and an easier app. For now, Purism should kick PIA to the curb and use the generic OpenVPN app (or a rebranded version of it) on the Librem 5, giving users options on which provider to use. But if you’re going to partner with a provider, try Mullvad. They are transparent, have been around for a long time, and they are growing. But sticking with PIA without proof? Well, that just won’t fly for Purism standards.


Reviving this thread to point out that Kape Technologies has now entered into a partnership with mobile carrier 3 Hong Kong:

This is the first co-operation between PIA and a telecom operator. PIA VPN will be available for 3 Hong Kong’s postpaid and prepaid customers who can subscribe to the service directly with 3 Hong Kong.
(and there are other source documents out there available upon searching)

So that makes at least three VPN providers and one mobile carrier partnership that Kape has now scarfed up. In my opinion, this raises numerous red flags.

Edit: Also be aware of this:
In March 2021, news broke that Kape had purchased Webselenese, which is the parent company of vpnMentor and Wizcase

Edit2: The review/recommendations site safetydetectives[.]com is also owned by Kape.

History of Kape Technologies’ acquisitions according to

2021: Webselenese (Tel Aviv, Israel) - VPN review sites
2019: Private Internet Access (Grandville, MI, USA) - VPN provider
2018: Zenmate (Berlin, Germany) - VPN provider
2018: Intego (Austin, TX, USA) - Internet security/privacy software for Macs
2017: Cyberghost (Bucharest, Romania) - VPN provider
2016: DriverAgent (North Andover, MA, USA) - driver search/updater
2014: Reimage (Nicosia, Cypress) - internet-based Windows system repair
2014: Definiti Media (Tel Aviv, Israel) - Crossrider ad network
2014: Ajillion LLC (Tel Aviv, Israel) - interfaced custom cloud-based business solutions

New report that Kape Technologies has now also bought ExpressVPN:

I would suggest creating one’s own vpn. The risk that you face is that the cloud service tracks you outgoing ip addresses.

Doesn’t that come with some disadvantages, though?

There seem to be two major ciriticisms:

  1. It’s a Lot of Hard Work
    It is not. Algo is incredibly easy to set up. I replace my vpn’s once a month and it takes me about five minutes per vpn to do so (litterally the time for the vpn set up script to spin up the server and install the software). I always go to spamhouse to make sure that my new ip address is not problemattic.
  2. It’s Less Private Than You May Think
    This is the risk that I mentioned already. One can solve that quite easily by writing a python script that polls a diverse list of urls to add entropy to the log files of the cloud provider.

For my purposes, the rest of the criticisms are irrelevant (although they may not be for others) as I am not going out of my way to try to protect myself from three letter agencies or their foreign equivalents.

1 Like

Is it surprising that a web site for a company that offers a VPN service would conclude that not rolling-your-own is the best option and would perhaps exaggerate some of the disadvantages of rolling-your-own?

Some comments on points made in the article:

You Only Have One Location

That seems a fair point. While a typical VPN service can offer you at least dozens of countries for the end-point and potentially hundreds of different end-points, you are very unlikely to match that with a roll-your-own solution. Sometimes (e.g. when bypassing geoblocking) you really do need specific control over the end-point country.

A Comparison of Costs

The cost of roll-your-own depends on whether you would have your own VPS anyway (on which to run the VPN end-point). The incremental cost may be negligible.

No VPN service offers “unlimited bandwidth” (how ridiculous!) and even a low end VPS gives a fair amount of traffic as monthly quota. In either case the bandwidth is definitely shared, definitely finite, and it isn’t usually possible to quantify in advance whether the resulting speed is good or bad.

I don’t know that that fully solves the problem. Another amusing option is just to send out UDP packets to random IP addresses.