PIA Announces Transparency Efforts, Including Open-Source Desktop Client

[hellcat707hp]

In a blog post on the PIA site, PrivateInternetAccess VPN co-founder Andrew Lee announced several measures aimed at improving the company's transparency and trust in the community. Transparency and trust which has seemingly withered since the Kape acquisition was announced.

 

The biggest initiative is open-sourcing their clients, starting with the desktop client. A new Github repo has been started here.

 

From the blog post: 

Quote

We encourage everyone NOT to trust, but instead, to verify. In order to deliver a verifiably secure infrastructure and ecosystem, we are embarking on a journey which will lead us to a fully verifiable infrastructure to our community; this will require a number of steps which we will share with you as we progress starting with the following:

1. Open Sourcing the PIA Clients, Starting with the Desktop Client – Your machine is your private space. You deserve to know what you’re putting on it, and what it’s doing. With the open sourcing of our clients, you can now verify what you’re installing. Please check it out!
2. Verifiable Zero Access: Start! – We’re building an internal roadmap to create a transparent and verifiable infrastructure, in which no one, including ourselves, is permitted access to the servers through which VPN traffic flows. We will keep you abreast of all progress, and moreover, this will be a community-led effort.  Verifiable Zero Access proves that we cannot log or monitor your traffic.
3. Random Audited Truths (I smell a rat!) – We have begun reaching out to external auditors and, in tandem, are opening up our operations to review by our users. This allows you to verify with your own eyes, whenever you want.  WYSIWYG.

 

Link: https://www.privateinternetaccess.com/blog/2019/12/dont-trust-verify/

 

Love to hear everyone's thoughts on these efforts. I know many people are waiting to hear what the company has planned to do in order to make a decision on whether to switch VPNs.

[Eniqmatic]

I think this a very smart move from them, it should help to silence the "spyware" issues that were discussed a while back and generally make everyone feel a bit easier about trusting them, of course we will need to wait for a while to give people time to look through the code and verify, but overall a very smart business move IMO!

[Bananasplit_00]

nice but this dosnt make me trust them any better. Kapre are still shady as shit

[WereCat]

Correct me if I'm wrong but even if we get clean open source VPN client with nothing shady in it, the data is still collected on the VPN provider servers right? So this is pretty much meaningless besides "good" PR? 

[Kilrah]

That's my take on it too. Open sourcing the client is nice but what people worry about is what happens on their servers.

[Sauron]

8 hours ago, hellcat707hp said:

Love to hear everyone's thoughts on these efforts.

An open source desktop client is great and honestly should be baseline for any service like this, but it doesn't help in terms of trust - I already know all my traffic is going to their servers, that's just how the service works. The question is what happens to that traffic once they have it.

[hellcat707hp]

1 hour ago, Sauron said:

An open source desktop client is great and honestly should be baseline for any service like this, but it doesn't help in terms of trust - I already know all my traffic is going to their servers, that's just how the service works. The question is what happens to that traffic once they have it.

I'd agree that open source should be standard with VPN clients.

 

Now, point 2 on their list is the most important,"verifiable zero access". I just don't know how they plan to make that provable or how to make their customers see that for themselves.

 

I got PIA a year ago and still have 3 years left so I'm still using it unless something more comes out. Granted, I use a VPN very infrequently, but for those using a VPN regularly, I think part 2 of their plan, whatever it means, is critical. 

[rcmaehl]

While this doesn't address 100% of all concerns, it's at least an effort and some good PR. I'll be keeping an eye out especially for the LTT video coming soon.

[captain_to_fire]

On 12/19/2019 at 3:43 AM, rcmaehl said:

While this doesn't address 100% of all concerns,

I wonder if PIA would follow what other VPN vendors are doing by moving their servers to RAM only.