If you are using the popular VPN service Private Internet Access (PIA) and monitor outgoing network connections on your devices, you may have noticed that the program rubyw.exe attempts to connect to various Internet servers when you initiate the VPN connection to Private Internet Access.
This happens only if you are using the PIA software and not if you have configured connections to the service manually or in third-party network software.
Private Internet Access is a very popular VPN service thanks to anonymous payment options, unlimited bandwidth, impressive number of worldwide services, no traffic logging policy and advanced features such as a kill switch to drop the Internet connection when the connection to the VPN drops.
If you monitor the outgoing connections on the device you will notice that rubyw.exe connect to various remote Internet hosts under the process ID pia_manager, which is the main process of the Private Internet Access application.
The program connects to several remote hosts in a matter of seconds. Blocking the connections does not seem to have any impact on the functionality of the virtual private network connection.
First, let's talk about the connection between rubyw.exe and pia_manager.exe. Rubyw.exe is the Windows Ruby interpreter, a program that Private Internet Access uses to run its software.
Rubyw.exe is the windows ruby interpreter, and our software, runs as a packaged copy of our script + all required gems + the executable. It bootstraps from the executable, extracts a copy of ruby and all gems needed to run.
The reason why the software is initiating all these outbound connections on start is that it pings PIA servers to check availability, reliability and speed.
Since you can only select a location you want to connect to when using Private Internet Access' software, it is up to the program to find a suitable server in that region, and that is the reason why the connections are being made when you start the PIA software.
If you check the IP addresses that are contacted on start of the VPN connection, you may notice that some are apparently not owned by Private Internet Access while most are.
This is caused by rDNS (meaning remote DNS) errors according to a Private Internet Access representative.
Your application is doing a rDNS lookup, and like a phone book, rDNS has to be updated, we keep ours updated to be reasonable, and to help disguise some of the connections, if you can run this without any access to rDNS, or nameserver lookups, you'll likely see that all of these are to PIA IP addresses.
While you can block the connections from being made, you may be connected to a less-than-ideal server as the program has no way of determining a suitable server in regards to speed and reliability.
Now You: Do you monitor outbound connections on your devices?