back to article Private Internet Access VPN opens code-y sarong, starting with Chrome extension

VPN tunneller Private Internet Access (PIA) has begun open sourcing its software. Over the next six months, the service promises that all its client-side software will make its way into the hands of the Free and Open Source Software (FOSS) community, starting with PIA's Chrome extension. The extension turns off mics, cameras …

  1. Yet Another Anonymous coward Silver badge

    Why not openVPN?

    I pay for PIA but use their openVPN servers.

    Mainly because their windows client used to start a pair of Ruby interpreters that ran at 100% CPU and killed the battery life on my laptop.

    Technically is there any reason to use their own propriety system rather than their openVPN service?

    ps. I only need "stop my ISP marketing my browsing" level of security, I do my breaking into the Kremlin from work

    1. Dan Atkinson

      Re: Why not openVPN?

      When I first started out with PIA, I used their app because I honestly didn't know any better. It is/was frankly awful, and I had endless problems whenever it needed an update. Removing the network adapter didn't always work correctly, and the server selection UI is still very slow to this day.

      *But*, it did work out of the box, and I think this is what they were aiming for.

      Sure, it's not perfect, but it allows people to quickly and easily secure their Internet connection. For more technically proficient users it makes sense to just use OpenVPN directly to avoid the messy overhead.

    2. Anonymous Coward
      Anonymous Coward

      Re: Why not openVPN?

      I imagine leak protection (against eg dns) burr you can use dnscrypt for that anyway. I use IPVanish anyway so I don't know.

    3. ForthIsNotDead

      Re: Why not openVPN?

      I pay for PIA but use their openVPN servers.

      Where I can I find more info about this? I'm a PIA customer, and their client is rubbish! (Though it does work just fine).

      1. Anonymous Coward
        Anonymous Coward

        Re: Why not openVPN?

        They have full details of how to configure an OpenVPN client on their website; I run it on my router with no issues.

        Their Android client is easy to use (unlike their woeful Linux effort), although IME the killswitch is sometimes a bit reluctant to quit when you disconnect the VPN!

        1. Lee D Silver badge

          Re: Why not openVPN?

          Smoothwall bundle their VPN software into a tiny little package download, and that's just OpenVPN... there's no reason someone can't bundle OpenVPN similarly - it's just the software, the OpenVPN GUI taskbar icons, a certificate file, and a config.

          So much re-inventing the wheel in IT... if you're running OpenVPN then just bundle OpenVPN into a one-click download and install. Why you'd want a single line of other code running at all, I can't fathom!

          (P.S. Upgrades? Then you tell people, we will only accept OpenVPN clients of this version of above. They'll soon come running when they only have the old version not working. No auto-updater required).

          1. NonSSL-Login

            Re: Why not openVPN?

            My VPN provider has their own client with lots of options but it acts more as a frontend to OpenVPN with extras. You can choose ports, RSA 4096, scramblesuit, tor-obfuscation etc which get passed along as parameters to openvpn. Obviously the extra code for that gets installed with the client, at least with their Linux client.

            A few VPN providers probably have something similar.

        2. Paul Crawford Silver badge

          Re: Why not openVPN?

          I have only tried a little and for Linux, but few clients are any good (though Windows gets some with much better polish). The issue of a 'kill switch' is not too difficult to do with firewall rules - obviously best done by a script or two so you don't have to remember, but usually that also means admin rights.

          This ought to be handled by Linux's network manager which would avoid the old sudo usage, but it is shit and has lots of never-fixed bugs when VPN use is involved (to the point where some VPN provides simply advise against its use - but that is a pain when you want easy wifi connections with saved SSID/password combinations).

        3. David 132 Silver badge

          Re: Why not openVPN?

          Credas Their Android client is easy to use (unlike their woeful Linux effort),

          Out of interest, why do you say that? I have their Linux client on my Mint-running NAS box, and honestly it seems to be pretty good. Right-click the system tray icon, select preferred tunnel, boom, job done & it's connected. I've not had any reliabilty issues and the UI seems perfectly adequate.

  2. Dan Atkinson

    Kudos

    I use the Chrome extension at work because I already have an existing VPN connection in Windows and PIA doesn't seem to work well with my other connection. It's great to use, but their bypass list functionality is an utter mess.

    I've requested that they open up their code several times so that I could help out, and I'm really glad that I can start contributing to it.

  3. ForthIsNotDead

    Well...

    Given that the Linux client for PrivateInternetAccess is ONE-HUNDRED-AND-TWENTY-SIX-FUCKING-MEGABYTES (and that's the COMPRESSED TAR, before you unpack it and install it) then that's a mighty fuck-ton of code they're gonna be sharing.

    1. Mayday

      Re: Well...

      Have you got the Facebook, Whatsapp or Snapchat app on your phone?

      I dont understand why these need to be so large and updated every few days it would seem. I used to play Privateer on my 486 back in the day and I could fly multiple spaceships, shoot bad guys and have hundreds of voice conversations for about ~15MB of my precious 200MB HDD. Only reason I can think of is all the data slurping or maybe just a pack of shit devs but I digress.

  4. Anonymous Coward
    Anonymous Coward

    And how do you check the interaction between server and client in the code if you cant see both parts of the code?

    Just because you release half the code , it doesnt help much with determining how secure it is.

    Companies need to stop off-shelfing some crypto and plugging it into their c encoded malware, and contribute to the open source projects out there.

  5. elDog

    My understanding is that PIA uses OpenVPN and adds a bit onto it

    I've been using PIA as well as some other VPN clients for the last few years.

    The experience with PIA is generally good altho there are some interference patterns with software such as BitDefender who also wants to control with applications (PIDs) talk to which ports. The ruby shell seems a bit clunky and is periodically restarted (to provide some address randomness - which also interferes with BidDefender.)

    Other VPN clients aren't wonderful either but I'm just a user, not a VPN configurer.

    While PIA and other services advertise multiple end-points, I'm not sure that I can trust any of them.

    And of course, our 5-eyes and RU friends are particularly interested in traffic that goes through various tunnels. Just makes it more of a game!

    1. Yet Another Anonymous coward Silver badge

      Re: My understanding is that PIA uses OpenVPN and adds a bit onto it

      our 5-eyes and RU friends are particularly interested in traffic that goes through various tunnels

      That's the wonderful irony of allowing ISPs to sell your information.

      It used to only be pirates, paranoids and peruses of particularly pernicious pron that used VPNs - now everybody does. It's hard work spying on people when everyone looks like a suspect

      1. Paul Crawford Silver badge

        Re: "pirates, paranoids and peruses of particularly pernicious pron"

        What a wonderful unholy trinity!

        But you are perfectly right: the data slurping by ISPs and the increase in that as the likes of the UK gov demands monitoring, along with attempts to block perusal of perfectly pleasant pr0n, and again with the risks of using many 'free' wifi services that may fiddly your DNS/MITM attack your traffic, will drive a massive up-take in VPN use.

        True, you are simply migrating your trust from one entity to another, but at least VPN businesses sell privacy and failure means lost money. Unlike your ISP (possibly no real choice) or those offering WiFi around town.

  6. Jamie Jones Silver badge

    Unrelated...

    I just went to their site, and they identified my location as Cardiff, which is about 50 miles away.

    So if you're going to nuke me, best make sure you cover all of South Wales!

    (More seriously, why do so many of the GeoIP services not know how the UK dsl services work?)

    1. NonSSL-Login

      Re: Unrelated...

      The GEOIP location data is based on what the ISP/owner of the Netblock registers the location of the IP to be at.

      So while one ISP might register a block of IP's to their local office location or even a head office, some will be more accurate and give a town or village name for a set.

  7. MichealHeitz

    I am using Express VPN for about an year now....working fine yet....hope it stays that way

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like