Private Internet Access VPN (PIA)

Discussion in 'privacy technology' started by luciddream, Jan 28, 2014.

Thread Status:
Not open for further replies.
  1. luciddream

    luciddream Registered Member

    Joined:
    Mar 22, 2007
    Posts:
    2,497
    I'd like to hear opinions on them. Are they worthy of being added to the list of trustworthy vendors in here ala Mullvad, Air, etc... ?
     
  2. blinking_spirit

    blinking_spirit Registered Member

    Joined:
    Feb 21, 2013
    Posts:
    48
  3. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,028
    I think so.

    I had been critical because they don't use client.crt/client.key, and authenticate users only via username and password. But now I see that it's not problematic for users. In man openvpn:

    The warnings "using this directive is less secure" and "potentially compromise the security of your VPN" aren't relevant for VPN services. For enterprise VPNs, preventing unauthorized access is essential. For VPN services, the only risk is losing bandwidth to freeloaders.

    There's another issue about client.crt/client.key: some VPN services provide user-specific certificates. That simplifies denial of access to expired or nuked users. But it also reduces user anonymity in logs.
     
  4. dogbite

    dogbite Registered Member

    Joined:
    Dec 13, 2012
    Posts:
    1,166
    Location:
    EU
Loading...
Thread Status:
Not open for further replies.