PIA is included as Hosting server IP range!

edited March 2015 in General Privacy Discussion Posts: 4
Dear PIA,

Your VPN's IP range was listed in "Hosting Servers and Cloud VPS" IP list(1).
Please consider change IP range. Thank you.

1 ... http://pie.estiva.org:1223/data/ip/svrhosting.txt (IP addresses of hosting providers)

--
I can see PIA is supported by multiple VPS.
Even PIA says "We don't log nothing"(e.g., VPS's setting: log goes to /dev/null),
there's a chance that VPS primary administrator logging connection of "PIA VPN Server".
Post edited by ibeamcoy on

Comments

  • VPNVPN
    Posts: 795
    Since such a list exists, it is very likely that all available IPs PIA could potentially use are included on that list.
    Why is the exclusion of PIA IPs from that list desireable?

    It is in the nature of a server which is routing all your traffic that anyone with access to that server will see your traffic. PIA administers their own servers, it is very unlike that anyone else has direct access. Administrators from the Datacenters that host PIA servers will always be able to log any traffic that goes through those servers, but not see which exact connection belong together.
    The NSA will likely be able to monitor any traffic that goes through the big US and international internet exchanges, but it is very hard to find connections that belong together for arbitrary targets, easier for selected targets.
    What is your threat model?
  • Posts: 1,103
    Since such a list exists, it is very likely that all available IPs PIA could potentially use are included on that list.
    Why is the exclusion of PIA IPs from that list desireable?

    It is in the nature of a server which is routing all your traffic that anyone with access to that server will see your traffic. PIA administers their own servers, it is very unlike that anyone else has direct access. Administrators from the Datacenters that host PIA servers will always be able to log any traffic that goes through those servers, but not see which exact connection belong together.
    The NSA will likely be able to monitor any traffic that goes through the big US and international internet exchanges, but it is very hard to find connections that belong together for arbitrary targets, easier for selected targets.
    What is your threat model?
    Can anything really thwart an NSA threat model? Maybe Tails/Tor, if that's what Edward Snowden relies on.
  • Posts: 170
    We do not have any VPS's in our server count.  All servers are bare metal.

    Best,
    Andrew
  • Posts: 4
    > We do not have any VPS's in our server count

    Really?

    romania.privateinternetaccess.com
    inetnum: 93.115.92.0 - 93.115.95.255
    netname: VOXILITY-SRL
    descr: VOXILITY SRL
    descr: Dimitrie Pompeiu 9-9A, Cladirea 24,
    descr: Bucuresti, Sector 2, Romania, RO
    country: ro

    = VOXILITY Hosting (Listed)

    I have the same thoughts which "VPN" said.
    "Administrators from the Datacenters that host PIA servers will
    always be able to log any traffic that goes through those servers"
  • Posts: 4
    PIA, you are NOT a ISP.
    You have multiple VPN account on multiple VPS/Rental Server companies.
    Even you say "We don't log anything", there's a chance to break anomity by VPS provider.


    Would you clarify "All servers are bare metal." means?
  • Posts: 4,013
    > We do not have any VPS's in our server count

    Really?

    romania.privateinternetaccess.com
    inetnum: 93.115.92.0 - 93.115.95.255
    netname: VOXILITY-SRL
    descr: VOXILITY SRL
    descr: Dimitrie Pompeiu 9-9A, Cladirea 24,
    descr: Bucuresti, Sector 2, Romania, RO
    country: ro

    = VOXILITY Hosting (Listed)

    I have the same thoughts which "VPN" said.
    "Administrators from the Datacenters that host PIA servers will
    always be able to log any traffic that goes through those servers"
    Show me how to sign up for PIA VPS service? If you cannot then you are just fluffing a moot point.
    PIA, you are NOT a ISP.
    You have multiple VPN account on multiple VPS/Rental Server companies.
    Even you say "We don't log anything", there's a chance to break anomity by VPS provider.


    Would you clarify "All servers are bare metal." means?
    You mean PIA is not my ISP? Gasp!

    I guess you have no idea how datacenters work. There are exactly zero VPS systems in use. They mean that the servers are actual servers dedicated to their task and not shared for other purposes.
  • Posts: 4
    Hey, let's just talk. No offense here okay?

    > Show me how to sign up for PIA VPS service
    I have several VPS servers with some US companies.

    For example, this one:
    us-midwest.privateinternetaccess.com
    208.53.158.60

    NetRange: 208.53.128.0 - 208.53.191.255
    CIDR: 208.53.128.0/18
    NetName: FDCSERVERS

    --->

    1. PIA support buy VPS from https://www.fdcservers.net/
    2. PIA support configure it remotely from control panel(or SSH) to setup VPN server software(e.g., OpenVPN)
    3. PIA support add it's global IP address(208.53.158.60) to DNS.

    us-midwest.privateinternetaccess.com A 208.53.158.60

    4. Now you(PIA customer) can use it for VPN access.

    Do I make myself clear? If you don't understand what I meant, you're not a server administrator.


    > You mean PIA is not my ISP? Gasp!
    Are you joking or you're just offending me?
    Yes, PIA is NOT an ISP.
  • Posts: 861
    PIA support has already said all servers are bare metal - not virtual.
  • Posts: 4,013
    I did not mean to insult you. I am just pointing out what looks like a rather presumptive PoV to me.

    But just because the IPs used by PIA fall into a range of a company that sells VPS services, that in no way means that they run their servers on any VPS servers, nor that there is any overlap on the hardware or software of the two.

    I am no server administrator, but I certainly know better than to trust that an IP range is always used for a single purpose only.
  • Posts: 1,545
    They have their mind made up already that they think pia used vps's. Looks like they were sent here to spread FUD. Pia has always used physical bare metal servers that they buy themselves
  • VPNVPN
    edited March 2015 Posts: 795
    @ibeamcoy: Someone from PIA said a while ago that they ship servers to the datacenters, meaning they use their own hardware. And, as I said before, someone will always be able to sniff traffic, even if you run your own datacenter or run your own TIER1 backbone, so that isn't really something you can avoid. That's what end to end crypto is for.
    Post edited by VPN on
Sign In or Register to comment.