Insights For Success

Strategy, Innovation, Leadership and Security

Review of Private Internet Access (PIA)

GeneralEdward Kiledjian

The question I receive the most is "what VPN service should I use when I travel?".  I started writing and testing the most popular ones and so far you can read these ones:

The next most requested service is Private Internet Access (referred to online as PIA). 

Introduction

Private Internet Access (PIA) is one of the most popular and affordable VPN service providers around. At last count, PIA offers 3,193 servers hosted in 24 countries. PIA belongs to an organisation called  London Trust Media, Inc. 

The tech

Private Internet Access is an easy choice for the general consumer because of the wide range of clients it supports: MacOS (10.4 and newer), Windows 7/8/10, Unix/Linux, Ipad/iPhone (PPTP, IPSEC, L2TP), Android (PPTP, IPSEC, L2TP, OpenVPN), DDWRT, Tomato OpenVPN, PfSense OpenVPN.

It not only securely reroutes your traffic but it can also block ads, trackers and malware. It does support P2P traffic and has a strict no log policy. 

Rick Falkvinge, head of privacy at PIA, talking about their no log policy and why it's important.

The client

Their clients are simple and straightforward but offer interesting features like the level of encryptions, DNS leak protection and a kill switch (to stop all traffic if the VPN drops).

It will let you pick a region to exit from but not a particular server. 

PIA allows you to connect up to 5 devices simultaneously. 

The speed

For comparison purposes, I tested PIA against ProtonVPN, ProXPN, UnlimitedVPN and VyprVPN. All terminating in Canada. My connection to the internet was a machine connected straight into my internet router with no other traffic (keeping all the variables controlled). The machine was a freshly imaged version of Windows 10 with all of the latest patches applied and only Google Chrome installed.

My connection is a 100MB down / 10 MB up. Without a VPN I usually get performance slightly better than advertised. With VyprVPN (the fastest), I managed to get close to 95MB down / 9.6 MB up. With PIA, I managed to get 87 MB down / 7 MB up. 

My ping without a VPN was below 12 ms but hit around 25-50 with PIA. 

Netflix?

People want to know if they can access US Netflix via PIA and based on my testing, the answer is: almost never. During my testing, Netflix detected the PIA connection and blocked access. A small number of recent online comments (on various sites) said Netflix worked for them but I was not able to reproduce it.

Support

I had no need for support but read dozens of complaints online about their support. Your mileage may vary. 

Price

The annual price here is a no-brainer: $39.95US a year everything included. This is an incredible deal. VyprVPN comes in at ~$80 a month (paid annually). 

Conclusion

PIA offers a trusted and well respected VPN service for a very competitive price. If you need a layer of protection from your ISP then this is definitely an option you need to consider. Advanced users may find the sparse low granularity interfaces annoying but then again, sometimes you just want things to work without having to tinker. 

Honest review of the ProtonVPN service

GeneralEdward Kiledjian

UPDATE 7/5/2017: My connection to the ProtonVPN endpoints using their Windows client is extremely unreliable. At random intervals, the connection just "stops working" and the only way to fix it is to connect to a new location. I have had a support request open for over 1.5 weeks and my issue hasn't been resolved yet. I cannot recommend the ProtonVPN service at this time for the reasons listed below and because my experience has been unstable (and support has been slow to non-existent).

------------------------------------------------------------------

Since the official public launch, I have received dozens of emails (and Twitter DMs) from readers asking me to review ProtonVPN. 

A group of scientists with a track record of building secure products (ProtonMail) designed ProtonVPN from the ground up to be safe and privacy-enhancing.  The promise is that they will bring the same end to end encryption model to the highly uncertain world of VPN.

They talk a lot about the benefits of being headquartered in Switzerland, and many of their statements are accurate. Let's talk about the Five Eyes

Who are the "Five Eyes"?

With the Edward Snowden leaks, we learned about the complex data collection agreements between "friendly" countries. The first significant agreement is called the UKUSA agreement and is an agreement by the United Kingson, United States, Australia, Canada and New Zealand to collect, analyse and share intelligence information with each other.

This group is referred to as the "five eyes" because of their laser-like focus on sucking up incredibly massive amounts of data and sharing it with their "partner" intelligence friends. Some have even accused these countries of using this partnership to circumvent local laws designed to present local intelligence agencies from spying on their people (they get another five eyes Country to do it and report back).

So the Five Eyes countries are:

  1. Australia
  2. Canada
  3. New Zealand
  4. United Kingdom
  5. United States

Not wanting to be left out, other countries soon sought membership in this coveted group, and now we believe the extended group should be called the 14 eyes:

  • Denmark
  • France Netherlands
  • Norway
  • Belgium
  • Germany
  • Italy
  • Spain
  • Sweden

Switzerland is not part of the 14 eyes (or five eyes)

So protonVPN is located in a much more privacy friendly jurisdiction that does not have a formal intelligence gathering and sharing agreement with the rest of the world.

ProtonVPN technology

ProtonVPN uses industry standard OpenVPN with UDP or TCP. It currently has a ProtonVPN branded Windows client.

As I write this, ProtonVPN allows you to use any OpenVPN client with their service which is how you can connect from IOS, Android, MacOS or Linux. We are being promised clients for these platforms, but there is no firm committed to date.

In this day and age, it is unacceptable for a mainstream VPN service to not have its own client on these core platforms. Especially when ProtonVPN is charging premium rates for their services.

Does ProtonVPN slowdown my connection?

I did extensive testing of the ProtonVPN service from various internet connections (home, office, coffee shops and three different cell phone providers). I also used different clients (Windows, MacOS, Android and IOS). 

If you are using (non-secure core) close by exit node with low traffic, the performance hit is usually 5-12%. This is no better or worse than other high-quality VPN providers. When you turn on secure core routeing, you can lose 20-45% of your connection speed because it is sending your traffic through 3 secure data centres plus the exit node. 

What is the Secure Core Technology?

Secure Core is a nice enhancement to traditional VPN technologies that pass your traffic through multiple ProtonVPN owned and managed servers before finally delivering it to the exit node. 

Why Secure Core?

Secure Core was created to add additional protection when your exit node is in a "high risk" jurisdiction. As an example, you may want to exit in the US to gain access to geographically locked content but want to ensure your privacy is protected (knowing that almost all US traffic is captured, analysed and stored).

What does Secure Core protect against?

Leaked documents have shown that governments can deanonymize TOR traffic by controlling a large number of TOR exit nodes. The same can be done using VPN exit nodes. Most providers use local service provider facilities, networks and computer as termination points for their VPN service.

The three VPN services I am testing right now (ProtonVPN, UnlimitedVPN, ProXPN) all use Amanah Tech as their Toronto-based exit point. If a government agency were to compromise the equipment, they could then start de-anonymizing traffic flowing through it.

By routeing your traffic through multiple (typically three), ProtonVPN owned and managed devices in secure jurisdictions first; they make the de-anonymization (even if a government agency compromises the exit node) much more challenging.

When most people think of governments monitoring internet traffic, they think of (China, Russia, Iran and Turkey). It is important to remember that the 14 Eyes also monitor internet traffic and share the data amongst themselves.

Does ProtonVPN support Peer to Peer protocols (P2P)?

Like all VPN providers, ProtonVPN does not condone the use of their service for any illegal activities (including the illegal download of copyrighted content via P2P networks). Before I start receiving hate mail, I know there are legitimate uses for P2P technologies (like Resilio Sync or Tails OS).

ProtonVPN clearly marks endpoints that they recommend you use with P2P traffic:

The double arrows mean that is a P2P supported exit node. The Onion icon next to Switzerland is an example of a location that has a TOR entry node.

Does ProtonVPN log?

ProtonVPN is built on a pedigree of privacy, and their stated logging policy exemplifies that. ProtonVPN has a No Logs policy which means they do not store any information about your connection, what you do while connected and where you connect from.

The only information they log (for security reasons) is a single timestamp of the most recent logging from your account.

ProtonVPN sign-up

Potonmail and ProtonVPN have linked accounts and payment can be made via Credit Card or Bitcoin (instructions).

ProtonVPN goes to great lengths to protect your identity, but I would still say it is a privacy tool and not an anonymization service. The best anonymization system is still the free TOR browser(you should donate to them if you haven't already).

ProtonVPN Paid Plans

ProtonVPN offers a free plan but most users will want to upgrade to the Plus paid plan.

VyprVPN which is one of the best-in-class VPN providers offers an annual paid subscription for ($6.67 a month). This plan includes their Chameleon protocol (which hides the fact you are using a VPN and makes it usable from some highly restrictive locations). One of the other VyprVPN advantages is that they use their servers and networks as exit nodes. Is the $1.33 a month worth it? That is a personal question. VyprVPN offers Chameleon, but ProtonVPN offers Secure Core. Either will serve you well, but right now I still have to recommend VyprVPN. My recommendation would quickly switch to ProtonVPN if they released clients for the other platforms. 

ProtonVPN recommendations

ProtonVPN is a good attempt but there is definitely room for improvement:

  1. Release clients for all major platforms [ongoing]: MacOS, IOS, Android.
  2. Build a VPN hiding mode to enable use in highly controlled locations (like Chameleon on VyprVPN and KeepSolid Wise on Unlimited VPN). 
  3. Create mini 2-minute tutorials for the various functions (TOR, Secure Core, P2P support, etc)
  4. Mark the Plus servers for Plus/Visionary customers
  5. Have a way of routing VPN traffic (for Plus/Visionary customers) that does not show up as a proxy on Hulu, Netflix, etc)

Conclusion

I have tested about a dozen VPN services over the last year and the top provides are:

  • UnlimitedVPN: Ease of use and speed
  • VyprVPN: Ease of use, Chameleon protocol and they use VyprVPN owned servers and networks
  • ProtonVPN: Privacy oriented Swiss-based solution

The first two are amazing if used in the right context. If ProtonVPN answered my top 5 recommendations, then they would be the clear winner, but I cannot recommend an $8 a month VPN service without native clients on key platforms. As much as I want to, I simply can't.

Right now, I would say ProtonVPN is an excellent choice if most of your use will be on Windows. Otherwise, try VyprVPN for now and check back with Proton in a couple of months to see how the service has evolved. 

Beware of the fake VPN provides

GeneralEdward Kiledjian

I've written 2 reviews for VPN Services recently:

I've also written 2 reviews for WIFI VPN/TOR portable boxes:

One item I have never covered is the proliferation of scammy VPN services sold by snake oil salesmen. 

With the Edward Snowden leaks and all the media coverage about the loss of online privacy, even the most complacent internet netizens are starting to think about securing their online presence. Protecting it not only from government agencies but from unscrupulous websites and even their own ISP (Your ISP is watching you).

So what was once the domain of geeks and corporations (VPN) has now become mainstream. The truth is the tech behind VPN is complicated for the average Joe to understand and most are simply not interested in digging into the details. It is this nonchalance that attracts scammers trying to make a quick buck. 

Example of scam VPN Service

MySafeVPN was a fake VPN service created by unknown bad guys trying to scam users. They obtained a confidential Plex database and used the customer emails as targets. Each target received an invitation pretending to come from Plex and offering their brand new VPN service called MySafeVPN (discussion thread here). 

Once Plex found out about this fake service, it provided an official rebuttal statement to its users. The scammers quickly disappeared and took the money raised with them.

Copying legitimate services

Imitation is the sincerest form of flattery that mediocrity can pay to greatness.
— Oscar Wilde

Scammers are inherently lazy and love copying what already works. They often copy the look, feel and content of legitimate VPN providers, making it hard for the "average Joe" to distinguish the good from the bad.

Telltale signs of a scammy VPN provider

It's free or unreasonably cheap

Running a VPN service costs money. Providers have to pay for hosting, servers, development and connectivity. If the price is unreasonably cheap, it may just be a pretty interface to public proxy servers or they probably have another revenue stream (like selling your services or injecting malware into your traffic).

Reputation, reputation, reputation

Search the web and figure out how long the service has been in business. Unless I know something about the founders, I tend not to trust new VPN services (e.g. ProtonMail create ProtonVPN so I trust them). Search forums for comments (positive or negative). If a bunch of the comments seem to be posted around the same time period, assume that they may be fake. 

Outrageous claims

Reputable services provide a certain level of technical detail to backup all of the claims they make. As an example, ProtonVPN has a "Secure Core" technical which enhances security and privacy. In addition to just talking about it, they provide the technical details about how it works. Beware of VPN providers that make grandious claims without any technical supporting information (e.g. The fastest, the most secure, etc).

Support model

A real VPN provider will have solid support channels to ensure it's customers are happy. As an example, KeepSolid VPN Unlimited provides support via online form and email. Additionally, you can contact them via Twitter. When you submit a question, they will respond within a reasonable timeframe (even if you are testing the service or aren't even a customer yet).

Conclusion

Like all fraud, detecting fake VPN service isn't always easy or straightforward. I hope the tips and tricks I have provided here will help some of you avoid these unscrupulous scam artists. As always, if you have questions or comments, feel free to post a message below or tweet me (@ekiledjian). I normally answer questions within 48 hours.

KeepSolid VPN Unlimited Review

GeneralEdward Kiledjian

VPN Unlimited is one of the most popular VPN services available and for good reason. It is fast, reliable and competitively priced (deal below).

VPN Unlimited is a USA based provider and offers termination in more than 30 countries (with multiple locations in most countries). VPN Unlimited has good platform support (Windows, Mac, iPhone, iPad, Android) and very well written clients.

Above is a screenshot of the protection menu option on their IOS client. When set to High security, they (in addition to VPN protection) automatically add anti-malware, tracking blocking and ad blocking.) All of this extra security is done at the network layer without the need to configure any additional applications or pay additional fees.

Like most VPN service providers, VPN Unlimited specifically mentions that they do not allow illegal torrenting via their service. They recognise that not all torrents are illegal and allow the use of the BitTorrent protocol on these VPN termination points: US-California 1, Canada-Ontario, Romania, Luxembourg, and France servers.

A question I get asked often is "Does VPN Unlimited support OpenVPN on iOS, iPhone or iPad?" The answer is Yes! As shown in the above screenshot. Additionally, they support a protocol they call KeepSolid Wise (similar to the Chameleon protocol on VyprVPN). KeepSolid Wise uses common ports (TCP 443/USP 33434) which help bypass firewall restrictions and packet shaping control for most environments. KeepSolid Wise is available on iOS, Android, MacOS, Linux and Windows clients.

I setup VPN Unlimited on a Windows machine configured for maximum privacy. I then ran a battery of tests to determine how well it protected my privacy.

  • does not leak DNS queries when in VPN mode (go here to test)
  • does hide your actual IP address (go here to test)
  • does not leak IP or DNS information via JAVA or Flash ( Go here to test)
  • protecting P2P traffic. Although I do not condone or encourage the use of P2P tools to steal protected media, there are dozens of legitimate uses for P2P technology. It is important to ensure your VPN product protects you while using P2P and VyprVPN did. You go to this site and the find the Torrent Address Detection. You download their magnet link into your P2P client of choice then activate the test. If it shows your real IP or DNS, you are not protected. You should only see your VPN address here.
  • VPN Unlimited is not subject to WebRTC leaks when in VPN mode (go here to test

VPN Unlimited seems well written and does offer good protection.

Deal

VPN Unlimited is currently running a couple of specials that are worth considering (I bought the unlimited plan):

  • KeepSolid VPN Unlimited lifetime subscription for only $49.99 (for 5 devices)
  • KeepSolid VPN Unlimited 3-year subscription for only $29.99 (for 5 devices)
  • Add their Infinity Plan (aka 5 additional device licenses) for $14.99  but you must own one of the above subscriptions

Conclusion

The best summary I can give you is that VPN Unlimited has a permanent stop on the first page of my iPhone and I use it regularly. 

VPN Unlimited has decent privacy policies but isn't the super secret spy-proof identity protection service. If you want to protect your connection while out and about, VPN Unlimited is cheap, fast and reliable. If you want a super secret identity protecting connection then create your own VPN service on AWS or Azure using one of the pre-made scripts.

Questions

Does KeepSolid Wise work in China?

China severely controls encryption and in some cases slows down encrypted connections making them barely usable. A friend recently travelled to mainland China and reported that VPN Unlimited (with KeepSolid Wise UDP) worked flawlessly.

Does KeepSolid VPN Unlimited support video streaming?

Some of the cheaper VPN providers limit the quality of video from streaming sites because these stress the technical infrastructure of the provider. VPN Unlimited supports streaming video on all termination points but also makes available streaming optimized termination points which are specifically designed to work "better" with sites like Youtube, Dailymotion, Vimeo and more.

Does KeepSolid VPN limit connection speed?

There are dozens of factors that contribute to your overall internet speed but VPN Unlimited does not have tiered pricing based on speed and does not limit connection speed in any way. On most clients, they even show the workload on each termination point which means you can choose one with the least amount of current load (which should lead to better performance).

Does VPN Unlimited support Chromebooks?

VPN Unlimited has a Google Chrome plugin (which works on Chromebooks) and allows you to protect your web browsing only. Obviously as a proxy, it is less secure and missing many of the additional features you expect from VPN Unlimited but it is a great way to browse quickly (securely) and a great option on a Chromebook that doesn't require Jedi level knowledge to implement. 

VyprVPN Review

GeneralEdward Kiledjian

VyprVPN owns and manages its own networks and servers. During my recent VPN testing shoot-out, VyprVPN consistently ranked as one of the fastest VPN providers out there. 

In addition to raw speed, they have an incredible list of supported clients from traditional PCs (Mac, Windows, Linux), to routers (DDWRT, OpenWRT, AsusWRT), smartphones (iPhone, Android, Blackphone, Network Attached Storage (QNAP, Synology), TVs and the Anonabox

Contrast this to other popular VPN solutions like UnlimitedVPN, which only supports a small number of custom made clients.

It's VPN clients are well designed with easy to use interfaces and useful features (kill switch, auto-connect, etc). A cool and useful feature is called Chameleon. They explain Chameleon as:

Our Chameleon technology uses the unmodified OpenVPN 256-bit protocol and scrambles the metadata to prevent DPI, VPN blocking and throttling.

The first important note is that the Chameleon protocol is not available for IOS due to Apple restrictions on the VPN function. I had the opportunity to test the Chameleon protocol on a Windows laptop from a corporate network with strong VPN restrictions, an ISP that throttles VPN traffic and from a country that severely slows (painfully) down VPN traffic. In all three of these situations, the Chameleon protocol delivered that it promised.

  • It punched through the heavily controlled corporate network
  • When used with the ISP that throttles "normal" VPN traffic, it managed to trick the provider and I was able to use a full speed connection
  • A friend travelling to a highly restrictive country compared VyprVPN to 3 other VPN providers and VyprVPN with the Chameleon protocol was the only one that seemed to operate at normal speed (aka didn't seem to be artificially slowed down)

With more and more internet traffic being encrypted, many companies, organisations and governments have turned to DNS based control tools. DNS is still an unencrypted means to determine web destinations. DNS be used to prevent a user from accessing certain types of sites (religious, political, pornography, etc) and to log web browsing habits. It can also be used to redirect your traffic (quickly without you even realizing it), to inject your session with malicious code and c compromise your device. VyprVPN offers their own self-managed private "no log" DNS solution to protect their customers from DNS snooping and control.

VyprVPN offers a clear and well-written privacy policy. Obviously you aren't anonymous but in summary, they retain " Each time a user connects to VyprVPN, we retain the following data for 30 days: the user's source IP address, the VyprVPN IP address used by the user, connection start and stop time and the total number of bytes used."

And they offer a wide range to termination locations.

VyprVPN and leaktests

I setup VyprVPN on a Windows machine configured for maximum privacy. I then ran a battery of tests to determine how well it protected my privacy.

  • does not leak DNS queries when in VPN mode (go here to test)
  • does hide your actual IP address (go here to test)
  • does not leak IP or DNS information via JAVA or Flash ( Go here to test)
  • protecting P2P traffic. Although I do not condone or encourage the use of P2P tools to steal protected media, there are dozens of legitimate uses for P2P technology. It is important to ensure your VPN product protects you while using P2P and VyprVPN did. You go to this site and the find the Torrent Address Detection. You download their magnet link into your P2P client of choice then activate the test. If it shows your real IP or DNS, you are not protected. You should only see your VPN address here.
  • VyprVPN is not subject to WebRTC leaks when in VPN mode (go here to test

VyprVPN seems well written and does offer good protection.

Beware of the unknown

The only information that we have about the service comes from VyprVPN themselves. Remember that none of the statements about privacy and logging have been reviewed by an independent third party.

They are a US company and therefore they are subject to US data collection laws including the infamous National Security Letter (NSL). 

The above caution statement isn't unique to VyprVPN. I am not aware of any consumer VPN services that have been independently audited but it is still an important factor to consider. 

Some users may want to use a non-US based VPN provider to ensure the company is beyond the legal reach of US laws. The one I am looking into right now is ProtonVPN (which I will be reviewing shortly).

Other users may choose to roll their own VPN solution (lifehacker instructions using the Algo script or you can use anyone of the other scripts that almost automate the creation of a private dedicated VPN instance you control like OpenVPN Road Warrior, streisand, etc.) 

Conclusion

VyprVPN is a fast service with a broad selection of clients and a decent privacy policy. If you are performing illegal activities or are a human rights activist in a questionable region, this probably isn't for you. If you are a "regular" user looking for a decent level or privacy when using the internet, then this is definitely something you should consider. 

For the casual user that only connects to a VPN when using public WIFI, you may want to look elsewhere because VyprVPN isn't cheap. A prepaid annual subscription costs $6,67 a month (or $12.95 paid monthly).A casual user can buy a lifetime subscription to UnlimitedVPN for $49.99 here or a 3-year subscription for $29.99 here.). 

I started testing ProtonVPN recently and will write a review shortly but their offering (plus level) is $8 a month prepaid for 1 year). VyprVPN offers the Chameleon protocol, more servers and their own DNS service (which ProtonVPN does not yet). 

So the price is on the higher end but is in no way the most expensive. For the very casual user, you could be better served by another provider, but for the more security conscious user or traveler, this is definitely a service to evaluate.