Private Internet Access releases software as open source
Private Internet Access, a company best known for its VPN Service of the same name, announced today that it started the process of releasing all of its software as open source.
The company plans to release all of its client-side programs, extensions and libraries as open source over the course of the next six month period.
Today marks the start of an exciting shift over here at Private Internet Access. As long-time supporters of the Free and Open Source Software community, we have started the process of open sourcing our software, and over the next six months we will be releasing the source code for all our client-side applications, as well as libraries and extensions.
The Private Internet Access extension for the Chrome web browser is the first software product that is released as open source on the company's GitHub project page.
Interested users can check out the Chrome extensions on its GitHub page directly. Private Internet Access offers build instructions on the startpage of the repository, and anyone may browse the code or download it to the local system.
Private Internet Access maintains clients for the desktop operating systems Windows, GNU/Linux and Mac OS, as well as Android and iOS. The clients will all be released as open source in the coming months.
The release of the source code for its client products marks a shift towards openness. Privacy-conscious customers may trust products more if they are available as source code.
Private Internet Access hopes that the release will increase community involvement.
We believe that the shift to open source is the right move for a privacy-focused business, and recognise that code transparency is key. We appreciate that our code may not be perfect, and we hope that the wider FOSS community will get involved, provide feedback, feature requests, bug fixes and generally help provide a greater service to the wider privacy movement
Closing Words
The source code release should give Private Internet Access another boost when it comes to user trust and confidence in the services the company offers.
While some critics may argue that the company should release the source of its backend infrastructure as well for full transparency, it is certainly an important first step in the right direction.
Related articles
- Private Internet Access rubyw.exe connections explained
- All Private Internet Access settings explained
- Private Internet Access shuts down Russian servers
I don’t understand why people bother with commercial VPN services. Why not use OpenVPN (easy to install & to use), and this list of public servers, works like a dream http://www.vpngate.net/en/
@Klaas Vaak:
Using commercial VPN services can make sense, depending on what your purpose for using a VPN is. If your purpose is to, for example, disguise your physical location or keep your ISP from spying on you, a commercial service is the only way that the vast majority of people can accomplish this.
If your purpose is network security and allowing you to have a secure channel from the internet to your own servers, but you aren’t so concerned with disguising physical location or hiding from your ISP, then using OpenVPN without a third party service is perfectly adequate.
I fall into the latter group, myself.
@ John Fenderson: even with OpenVPN surely your ISP can’t see which sites you visit. Also, with OpenVPN you do hide your physical location because you travel the internet from a server in a different country – checking on whatismyip.com confirms that.
I think I was confused as to what you meant by “using OpenVPN”. I thought you were talking about using that to set up your own VPN, and not using a third-party VPN at all.
For instance, I use it to run a VPN service from my home. It encrypts connections from my WiFi to my cable modem, as well as encrypting connections from the internet to my cable modem. When I use my VPN, the encrypted channel ends at my home — so my ISP could see my traffic, and I always appear to be using the internet from my home.
Naturally, if I’m not home, I’m secure from whatever ISP I happen to be connected with, and my location is hidden in the sense that it always looks like I’m home. I’m just not hidden from my own ISP, and I can’t choose to appear to be connected from anywhere but my home.
Thanks for the link. It’s an Interesting project but I see a lot of downsides with using that service. They keep extensive logs of user activity (including user IP) for 3 months. I also imagine many of the free servers being offered by volunteers are actually just honeypots set up by the kind of people that users want to avoid in the first place.
All VPNs require a high level of trust by the user, and you can never be completely sure the service is working as advertized. With this in mind, I prefer to pay money to a company that controls its own servers and that is open about how those servers are operated.
Some people subscribe to two VPNs to add a layer of protection in case one of the companies “goes rogue”. A similar strategy might be to subscribe to one VPN and then layer it with the VPNgate service you mentioned.
@Jason: thank you for replying. When you say “they” keep extensive logs I am not sure who you are referring to:VPN Gate or the volunteers. I have not been able to find anything about that on the site, though I may well have missed it.
Here is a quote from the site:
“These VPN servers are neither physically placed on a specific datacenter nor a specific IP address range; they are hosted on different ISPs and on a wide variety of physical locations.
Every VPN Gate Public VPN Relay Servers are distributed and hosted by many volunteers. A volunteer is a person who owns a computer which is kept hooked up to the broadband that connects to the Internet. A volunteer agrees to provide the CPU time and the bandwidth to support the VPN Gate Academic Experiment. You can become a volunteer, too.
Volunteers are distributed throughout the world. The ISPs of volunteers also vary. So IP addresses of every VPN servers are distributed, showing no particular patterns of their assigned IP addresses. The total number of volunteers changes from time to time, so as the servers’ IP addresses.”
That to me suggests that the defence against identification is in the numbers. It seems to me it would be hard to link up your activities if you change server regularly.
I always work on the assumption that a certain amount is known about me, but I try to obfuscate as much as possible. Between the privacy defence add-ons in my browser and this kind of VPN set-up I figure it is hard to track my activities, though maybe not impossible.
Perhaps a commercial service provides more/better/complete anonymity, but is theexpense worth the added value?
They do support linux. Sign up to their linux beta desktop app. Was updated again today. Was an easy install on Manjaro.
Much ado about nothing, unless they release their internal handling (back-end) of our IP and connection data while using their VPN.
I use Nord and they claim not to do any tracking or logging and get “good guy” rating at
https://thatoneprivacysite.net/vpn-comparison-chart/
We still have to trust that they are not doing what they say they are not doing. Opening the user-client-side is fluff.
When money is involved, all honor and morals take a second place.
Even open-sourcing the backend… while that sounds great, it’s essentially useless. Nobody can guarantee that this code is actually what’s being run on their nodes. They could just as well be patching in loggers for their production build, while keeping that dirty stuff out of their open-source logic. Sure it’s more work, but absolutely possible.
For absolute certainty, they’d have to somehow prove the software on their servers is legit, and afaik the only way to do that is to let anyone interested look at their innards (which is a bad idea on a lot of other levels). That’s the general problem when you don’t control the machine tho, so the only alternative is to make your own VPN. Except depending on your paranoia that is ALSO useless, bc you have to either buy servers (for which the IP can then be linked to you) or you rent a VPS (and once again don’t control the machine).
Haaaa thanks I prefer the free and open-source logs-resistant good old Tor Browser ;D
“The Market of Fear”?
No, not really. It’s a very simple (and in my view, easily understandable) mechanism to indicate that unless you are connected to one of their servers, you are essentially [in their eyes] not really protected.
Since this only occurs on their home page, and since its their home page and they can do what they like with it – what is wrong with that?
@Sophie: “to indicate that unless you are connected to one of their servers, you are essentially [in their eyes] not really protected.”
Correct. In other words, using fear as a marketing tool.
@John
FUD – Fear, Uncertainty, and Doubt
Used not just in marketing, but in politics too.
They use it because, evidently, it “works”.
In the end, we each get to decide if we are moved by such things…
… at least in the countries where we have freedom to choose.
I don’t like much ads, particularly where they veer towards being deceptive / manipulative, but I’d rather have that than the opposite – where no ads are allowed.
“Open Source” is both a technical term and a marketing term.
But, we have good people like Anon who reminds us the short comings of PIA’s use of the term.
Is there a “line” crossed by PIA, in using it to “generate revenue”? There are hundreds more marketing ads that venture much further than PIA, imho.
@BM: “In the end, we each get to decide if we are moved by such things”
Indeed — which is why I think it’s good to call it out when it appears. It’s not always obvious.
“Open source”, to me, is neither a technical nor a marketing term (and when used as a marketing term, I tend to look in askance at the company doing so). It is more of a developmental philosophy and, to a lesser degree, a description of a certain type of licensing.
“Is there a “line†crossed by PIA, in using it to “generate revenueâ€?”
As you point out, no more so than many companies. To be clear, I was not criticizing PIA for their approach to marketing, I was only pointing out that the sales pitch in question was indeed fear-based marketing.
In their eyes… should it be explicitly mentioned that indeed I’d agree with your argument, Sophie. But it’s not mentioned that this appreciation is… in their eyes ; I’d agree here with Anonymous to consider that such wordings are the very pseudo arguments of companies which indeed exaggerate, inflate reality, particularly its dangers and that any newbie reading such crap could be inclined to believe it.
But these eccentricities are numerous, in business, on the Web, in life : we live constantly under the pressure of people, of entities who use this “market of fear” rather than an elaborated argumentation (found often when reading further on, to be honest) to catch who they can. It’s not only for profit, even is simple debates, many of us often exaggerate, sometimes even affabulate in order to try to prevail. You know as well as me, Sophie, the importance of words.
“in their eyes” you are just an open potential source of revenue. “this only occurs on their home page” > their hidden eyes are everywhere.
“Source of Revenue” .. we should be aghast!
Capitalism be damned!
Everything should be free.
Let’s start with Mr. Cynic Anon’s labour.
/jk ;)
“Capitalism” should not have stolen a word like “open source” to confuse people.
…why do you think they made an extention for Google Chrome, because Chrome protect you better, because Chrome is open source, or just to become millionaires faster? what a joke these VPNs.
At the top of their .com home page > “Your IP Address + Your ISP = You are not protected > Learn More”
In France we call that “Le Marché de la Peur”.
Hope Useful features like cutting your entire connection when the vpn connection dies out and stopping dns leaks get ported into the official Openvpn software.
Yes, they *claim* to support Linux, but they don’t. They refused to do anything about my problems after upgrading to Xubuntu 17.10 and after *several* emails after they instructed me to do the same thing multiple times, even after I told them I already had, they finally admitted that “at this time we don’t fully support Linux 17.” They don’t even understand what they’re writing, much less the OS they claim to support.
You’re right, they don’t “support” Linux. What they do is provide the ability to use openvpn on Linux.
I had to use a script written by someone else to get it to work which you can find at Github as “GitHub – dagrha_pypia – Configuration of Private Internet Access VPN routes for Linux”.
This script will support out of the box:
Fedora,,Manjaro, Ubuntu (various flavors, e.g. Lubuntu, should also work), Elementary OS,, Antergos, Linuxmint, openSUSE, Kali, Arch, Solus, CentOS
Others can be supported if you provide the developer with certain information about openvpn availability on your distro.
@Richard: That’s been my experience too. I had trouble using PIA on a Linux system until I used someone’s custom script. I’m using Mullvad these days and have no trouble. Mullvad has its own Linux client rather than requiring use of openVPN like PIA.
PIA should release as snap or flatpak. It should avoid such problems.
That sounds more like “they don’t support the latest Ubuntu” than “they don’t support Linux”. And, to be honest, I’ve had numerous problems in the past (admittedly I haven’t tried in a number of years now) with applications not running properly under Ubuntu, but being fine in every other distro. That’s one of the reasons I don’t use Ubuntu.