Private Internet Access users can now resolve internet names with the Handshake Naming System (HNS)

Posted on Aug 5, 2019 by Caleb Chen
Private Internet Access added support for Handshake

Starting since version 1.30, the Mac, Linux, and Windows Private Internet Access (PIA) desktop clients have come with the ability to change the selected Name Server from PIA’s Domain Name System (DNS) servers to using one of PIA’s Handshake Name System (HNS) servers. Once this setting is changed, you’ll be well on your way to accessing the internet in a more censorship resistant manner.

Instead of having to install a browser extension, or wait for a browser to implement Handshake, over a million internet users are now currently able to resolve Internet names using the Handshake Naming System (HNS) just by turning on the option in their settings. Since the Handshake mainnet is not yet running, currently the list of names that is resolvable is based off of the Handshake testnet (testnet4). You can view registered names and other such HNS blockchain information at this HNS blockexplorer: HNScan.

How to enable HNS in your Private Internet Access Settings

Follow the below instructions to start using the Handshake name resolver in your Private Internet Access client

  1. Open your Private Internet Access Settings window

Right click the Private Internet Access system tray icon and left click on “Settings…”

pia settings

The Settings window will appear.

  1. Navigate to the Network tab of the settings window, which is fourth from the top on the menu.
pia settings window

The default settings on Private Internet Access are to use the PIA DNS server (which is already more secure than using your Internet Service Provider’s DNS server). It has been shown that ISPs do store and share your DNS queries – and since they have the ability to tie them back to your IP address, this providing a vector for tracking. PIA always endeavors to provide better solutions to its users as they’re created and verified to be working. PIA is proud to offer internet name resolution via HNS instead of DNS.

  1. In the dropdown menu, change “PIA DNS” to “Handshake.”
private internet access pia client handshake
  1. Connect to a Private Internet Access server to enable the name server change. Any location will work.
private internet access connected

Once you’ve done that – Now you’re ready to resolve Handshake names in any browser.

How can you tell if HNS is working?

In most browsers, without HNS, if you type in a singular word in the navigation bar, you’ll automatically be redirected to Google Search or an ISP or data provider branded page of Google Search results. Without your HNS enabled PIA desktop client, trying to navigate to (a claimed Handshake name on the Handshake testnet) would essentially result in a DNS query followed by a search engine query.

However, once you turn on PIA with HNS enabled, you’ll be able to resolve those names easily with HNS queries. Your browser window will look like this instead:

namebase resolved with hns

Click around and you’ll see that even if you navigate to another page it’s the same – there is no top level domain because the name itself is the “top level” domain name. Ie. Clicking the FAQ link on the top right of the page takes you to http://namebase./faq/

handshake resolution

If you go to namebase/ – it will default you to the .com tld and send you to In fact, you’ll be able to go to facebook/ or github/ and be redirected to their respective websites because HNS comes with the top 100,000 domain names from the established DNS included. Using PIA, internet users in countries that block Facebook at the DNS level will never be unable to resolve Facebook’s name to its servers’ IP addresses because their DNS queries will be done on the censorship resistant HNS network instead of using the censorship prone DNS system.

Why you should use Handshake with Private Internet Access

The shorter urls are easier for humans to memorize and share in real life – but this is just a tiny benefit of using handshake names. The real benefit lies in censorship resistance. While DNS is already fairly decentralized, the centralization exists because of ICANN’s gatekeeper control of issuing top level domains (TLDs) and maintenance of the DNS root zone file which is used by all DNS root servers. ICANN ultimately has control over what internet names are acceptable – and serves as a singular point of failure.

Handshake isn’t the first blockchain based solution to internet naming but it is the first to attack the problem with a plan that works with the current DNS infrastructure to help combat name squatting issues that have plagued previous projects such as Namecoin and ENS. As emphasized in the Handshake whitepaper:

“The Handshake naming protocol differs from its predecessors in that it has no concept of namespacing or subdomains at the consensus layer. Its purpose is currently not to replace all of DNS, but to replace the root zone file and the root servers.”

As just a singular example of ICANN’s control, recently, ICANN increased the price of name registrations on the .org TLD – despite holding a public comment period where 3252 out of 3258 comments were opposed to the change. Beyond increasing the barrier to entry for participating on the supposedly uncensorable internet with a name, these move showcased the undue power that ICANN has disregard for what the wider internet wants. Handshake distributes names via a Vickrey auction, which is proven to get closest to the true value of the auctioned item.

Earlier this year, Cisco researchers revealed that DNS hackers have used DNS to redirect surveillance targets to spoof websites to be spied on in an attacked since dubbed Sea Turtle. The DNS infrastructure as is has even proven to be vulnerable to denial-of-service attacks. In 2016, a DDOS attack on Dyn’s widely used DNS network caused large portions of the internet to be inaccessible – and even affected Private Internet Access users.

PIA believes in censorship resistance because private and secure internet access is a basic human right as laid out by the United Nations. Internet naming has increasingly become a vector by which freedom of internet users has been repressed. PIA’s hard stance against censorship is why PIA has taken out ads in the largest newspapers in the past and continually supports organizations such as Fight for the Future, the Electronic Frontier Foundation, Open Rights Group, Creative Commons, and more.

The internet is currently imperfect when it comes to censorship resistance, but Handshake’s inclusion in PIA’s desktop clients moves the needle forward by removing centralization away from a crucial cornerstone of internet infrastructure.

For more information on Handshake, nothing beats reading the whitepaper. However, there are additionally articles in the wild by Chjango Unchained and Steven McKie that are top notch explainers. If you’re interested in Handshake, also consider joining the Handshake community.

Comments are closed.


  1. William Null

    Why making your own system when distributed, block-chain naming system already exist, i.e. namecoin?

    5 years ago
  2. Yourmom

    How is this better than a hosts file? Seems stupidly heavy for a basic name to IP resolver.

    5 years ago
  3. Milan Hudacek

    Instructions how to install handshake email me

    5 years ago
  4. Aden

    I love the potential this offers in circumventing censorship, and i look forward to its implementation on the mobile platform as well.

    5 years ago
  5. Kandi Klover

    The Dyn outage didn’t affect PIA. I have PIA on all the time and never realized until a week later thanks to PIA built in DNS.

    5 years ago