But let’s be realistic about that: even if they conclude that this relationship needs to be ended, that will take time. I would not expect anything before summer 2020.
Partially due to what’s already on their plate and needed negotiations and research, partially possibly because of contract conditions.
And obviously, before having an alternative, you don’t proclaim that PIA sucks now.
Also, where do you go?
“We chose NordVPN as they have a proven track record …” Oh… wait…
(Maybe actually Nord would be a good choice, didn’t look into it, but certainly people would criticize it)
Protonvpn could be an alternative. With respect to Nord: I take the approach that any system has issues and data breaches are unavoidable. So sign up for your vpn with an anonymous account, use an anonymous payment method, and a unique email…
from your second link … “all of your web browsing data appears to originate from the VPN itself, rather than your own Internet Service Provider” - am i the only one who finds the word “appears” in this context to be confusing ?
Appears is correct as the traffic does technically originate from you then go to the VPN then from the VPN elsewhere. As far as “elsewhere” can see it came from the VPN (hence appears to come from the VPN), the VPN then knows which data goes back to which origin point.
it appears i am less confused … kind of like saying i know where the explanation originated from and that it has value but still it did not come from me
but seriously who else thinks that a VPN is a great honeypot ? like taking out Protons’ service in Belarus … just when official presidential elections are taking place in that area …
UPDATE Nov. 19, 2019: We have recently confirmed that our users in Belarus can access ProtonMail and ProtonVPN once again. While there has been no official communication as to why ProtonMail and ProtonVPN were unblocked (or why we were blocked in the first place), public outcry seems to have played a part.
I was about to mention Mullvad while reading through this thread. I started using their service soon after they started some years ago and find them very trustworthy. They are Linux guys and they know what they are doing. I had correspondence with them over the years and always got helpful answers on a high technical level. I tested NordVPN for a review some time ago and tried to access their quality of support. I found out that in parts they did not even know what some of my Linux related questions were about. So, yay for Mullvad.
Similar but different, I just found out that Amazon’s “ring doorbell” project hired an executive to oversee the facial recognition part of the project in Ukraine while denying that they are doing facial recognition.
To be fair, privacytools.io, in their Providers / VPN section, does ProtonVPN and IVPN under “Other VPN Providers to Consider”. For ProtonVPN however they state “Not audited” and for IVPN “No security audit”.
The only “downside” of Mullvad seems to be “No mobile clients”. Oh well, install OpenVPN and there you go. Recommendable anyway.
Here’s show I see it: this could either be very good (more money/resources for PIA to develop better tech) or very bad.
Presumably (hopefully) Purism has a contract with PIA requiring them to uphold user privacy. Purism should push to make sure when PIA sells to Kape, it is written into the agreement that PIA’s founders have the right to unilaterally veto any policy or product changes from the parent company which infringe on user privacy.
Agree with the Mullvad recommendation. I just left PIA after a lot of years due to this news. It’s a shame because PIA used to be a champion of its users and an industry leader in this space. But money talks. I’m not saying I think Andrew Lee and Ted Kim deliberately sold us out. I am saying that ultimately money prevailed over the users’ concerns.
This wouldn’t have been as big a deal if PIA had communicated with us better. If they had come out and said hey, this is what has to happen to make the company survive and grow, these are the benefits, and this is how we’re going to be able to PROVE that we will continue to honor our privacy policy with regular external audits, etc. then I think a lot of people would have felt good about it.
But that’s not what happened. The announcement was buried inside a ridiculous, self-important fluff piece by Andrew Lee making himself out to be like the savior of the internet for taking $95 million dollars. It was laughable. It was sad. Then, the executives went into hiding. They’ve sent support staff onto forums to keep repeating the official PR stance, but the executives haven’t come out themselves to clearly answer questions. It’s been very evasive and the opposite of the transparency I expected from PIA.
So I’m out. Started using Mullvad and really like it so far. It actually has better speeds than PIA and an easier app. For now, Purism should kick PIA to the curb and use the generic OpenVPN app (or a rebranded version of it) on the Librem 5, giving users options on which provider to use. But if you’re going to partner with a provider, try Mullvad. They are transparent, have been around for a long time, and they are growing. But sticking with PIA without proof? Well, that just won’t fly for Purism standards.
Reviving this thread to point out that Kape Technologies has now entered into a partnership with mobile carrier 3 Hong Kong:
“This is the first co-operation between PIA and a telecom operator. PIA VPN will be available for 3 Hong Kong’s postpaid and prepaid customers who can subscribe to the service directly with 3 Hong Kong.”
So that makes at least three VPN providers and one mobile carrier partnership that Kape has now scarfed up. In my opinion, this raises numerous red flags.
It’s a Lot of Hard Work
It is not. Algo is incredibly easy to set up. I replace my vpn’s once a month and it takes me about five minutes per vpn to do so (litterally the time for the vpn set up script to spin up the server and install the software). I always go to spamhouse to make sure that my new ip address is not problemattic.
It’s Less Private Than You May Think
This is the risk that I mentioned already. One can solve that quite easily by writing a python script that polls a diverse list of urls to add entropy to the log files of the cloud provider.
For my purposes, the rest of the criticisms are irrelevant (although they may not be for others) as I am not going out of my way to try to protect myself from three letter agencies or their foreign equivalents.
Is it surprising that a web site for a company that offers a VPN service would conclude that not rolling-your-own is the best option and would perhaps exaggerate some of the disadvantages of rolling-your-own?
Some comments on points made in the article:
You Only Have One Location
That seems a fair point. While a typical VPN service can offer you at least dozens of countries for the end-point and potentially hundreds of different end-points, you are very unlikely to match that with a roll-your-own solution. Sometimes (e.g. when bypassing geoblocking) you really do need specific control over the end-point country.
A Comparison of Costs
The cost of roll-your-own depends on whether you would have your own VPS anyway (on which to run the VPN end-point). The incremental cost may be negligible.
No VPN service offers “unlimited bandwidth” (how ridiculous!) and even a low end VPS gives a fair amount of traffic as monthly quota. In either case the bandwidth is definitely shared, definitely finite, and it isn’t usually possible to quantify in advance whether the resulting speed is good or bad.
I don’t know that that fully solves the problem. Another amusing option is just to send out UDP packets to random IP addresses.
