PIA Announces Completion of Independent Audit Conducted by a Big Four Firm

Posted on Aug 30, 2022 by Adina Matei

Our commitment to online privacy stands at the core of our service – we operate under a 100% transparency credo. That said, we know VPN use is tied to trust. We know reviewers and journalists have often mentioned our US headquarters as a concern. We’re here to say that we’ve always abided by our airtight No Logs policy. We’ve never retained any metadata, and we’ve never had any data to share with the authorities. 

But we are a company that wants our actions to speak for us. We don’t want you to take our No Logs promises at face value. Just like we’re transparent with our source code and regular Transparency Reports, we aim to be honest with our infrastructure too. Because of this, Private Internet Access underwent an independent audit to review our No Logs policy

Deloitte, one of the Big Four auditing firms, reviewed our server environment and found that we store no logs and no details that could be used to identify our users or pinpoint their activities.

How Did Deloitte Test PIA’s Infrastructure?

We invited Deloitte Audit Romania to review our VPN server network and management systems and to examine how we maintain a zero-log VPN service, in order to confirm that server configurations align with internal privacy policies, and are not designed to identify users or pinpoint their activities. As part of this assurance engagement project, Deloitte inspected our server configuration and examined how we maintain a zero-log VPN service. The auditing firm found that server configurations align as of June 30, 2022 with internal privacy policies and are not designed to identify users or pinpoint their activities.

The audit has been conducted in accordance with the International Standard on Assurance Engagements 3000 (Revised) applicable to Assurance Engagements Other Than Audits or Reviews of Historical Financial Information (ISAE 3000 (Revised)) established by the International Auditing and Assurance Standards Board (“IAASB”) and should be read in full.

What Does This Mean for Our Customers?

To put it simply, there is no trace of your activity on our servers. This is because our VPN service runs on RAM-only servers. These servers boot on a read-only image and use RAM modules, as opposed to hard disks. Hard disks are traditionally used as storage, whereas a RAM-only environment is more volatile. We also configured our servers to routinely reboot. With every reboot or power outage, all data is immediately deleted.

We designed our network architecture specifically to prevent data retention. We have no user data, and we can’t be compelled to share information on our users – in fact, the US government can’t force US-based VPN providers to violate a zero-log policy because of consumer protection laws.

Furthermore, we have security systems in place to ensure third-party entities can’t force their way into our network. One way we do this is by disabling all error logs and debug information. If we ever require error logs for development purposes, we create an entirely new traffic server inside an isolated environment. Despite potential drawbacks to our developing and debugging processes, it’s an acceptable trade-off to securing user data.

Even our Dedicated IP service is built as a token-based system to prevent any association with a specific user. This token is only saved in the client, which isn’t enough for a server-side association.

This No Logs Audit Is Another Milestone for PIA

We’ve always stayed true to our commitment to online privacy. We’ve always advocated for digital freedom and anonymity. This Deloitte audit is just another milestone in our journey as privacy activists, but it’s not the first time our No Logs policy has been scrutinized. PIA is one of the few VPN providers to have proven their zero-log service in court. We were subpoenaed multiple times for logs, and each time we had no data to share.

We are honest and transparent with our users, and we don’t cut any corners with the VPN service we offer. PIA is one of the few VPN providers offering 100% open-source VPN apps, despite this not being an industry standard practice. Our code is available for anyone to inspect and analyze. 

We’re also open with any changes to our server infrastructure and keep our users informed. Recently, in light of India’s No. 20(3)/2022-CERT-In directive, we’ve pulled out our Mumbai servers and replaced them with virtual server locations. We made this decision to circumvent mandatory logging laws, as we refuse to compromise our service and No Logs commitment. 

Back home in the US, we’ve launched our 50 Servers in 50 States campaign. Unfortunately, state and federal laws are still playing catch-up with cybercrime, so we’ve taken it upon ourselves to help Americans protect their online privacy and secure their traffic from malicious actors.

More updates to our infrastructure are coming soon, as we’re undergoing extensive hardware optimization. For example, we’re slowly transitioning our fleet to colocated servers to provide increased security measures, better VPN speeds, and more reliable connections. This also means we’re investing in and managing more of our own next-generation servers.

We’ve always put our users’ privacy and digital safety at the forefront of our service, and we’re grateful for the users who put their trust in us. We’ll never break that trust, and we’re holding true to our commitment to bring more transparency to the industry. We’re open to future independent audits and will also be updating our Transparency Report editions on a more regular basis throughout the year.

Choose PIA for Top-Quality Security and Online Privacy

We’re long-time advocates for digital privacy and cybersecurity in the US, and now we have an independent audit that attests to our No Log VPN service. We offer the strongest data protection software possible, and our VPN online shield is critical to keeping your information safe in this digital age. It doesn’t matter if you need a macOS VPN, Windows VPN, or a VPN that’s compatible with iOS or Android, PIA protects up to 10 of your devices simultaneously.”

We can unequivocally state that we don’t store any user activity log or metadata. And we wouldn’t have it any other way.

We take our No Logs policy seriously, and this audit is not our final endeavor. In the future, we’ll continue to be transparent with the security safeguards we put in place for our users. 

Comments are closed.

119 Comments


Notice: Undefined index: screen_reader_text in /var/www/blog/wp-content/themes/privacynews/functions.php on line 594
  1. Colin

    Well done guys/girls. As it should be. It is nice to see an “official” audit result which confirms your no log policy, congrats on designing a system that we can continue to trust.
    I’ll keep my metadata to myself :)

    2 years ago
    1. PIA Team

      Hi, Colin. Thank you for your kinds words and for being part of the team!

      2 years ago
  2. Simon

    Thank you PIA Team. I have been your customer for many years now. Knowing this convinces me more and more that I made the right choice.
    Ready for the next Milestone!

    2 years ago
    1. PIA Team

      Hello Simon, thank you for your support and trust, we appreciate it!.

      2 years ago
  3. Charles Behling

    Am very pleased with PIA. The only negative comment I have (and it’s not a biggie) is that I have to disable the service in order to log in to Netflix. Otherwise it’s all good.

    2 years ago
    1. PIA Team

      Hi Charles! We’re sorry to hear you’ve encountered difficulties with our apps. Please contact our support team. They’ll happily look into the matter for you.

      2 years ago
  4. Kevin

    Top class best off them all

    2 years ago
    1. PIA Team

      Hello Kevin, thank you for your support.

      2 years ago
  5. John schandl

    I have your VPN installed on my laptop. However advertisement is comming through. I need a router hat I can install your VPN I am looking a Nighthack 1750. I am not sure it will instll your VPN. Your assistance is welcoe.

    I

    2 years ago
    1. PIA Team

      Hi, John! Thank you for your support.

      For a quick list of PIA-compatible routers, you can visit FlashRouters. If you do, don’t forget to use the PIA20 code to get 20% off your order!

      For more information, you can always reach out to our friendly customer support.

      2 years ago