Private Internet Access MACE™ Technical Explanation

edited July 2016 in Software and System Updates Posts: 167
Last week, Private Internet Access introduced Private Internet Access MACE™ in v60 for Windows, Mac OS X, and Linux as well as our latest Android and iOS mobile apps.



Many of our users have asked about the specifics of the MACE™ ad blocker, so we are breaking down the technical details so our users can know that they are safe.



When you are connected via the Private Internet Access client, PIA handles all DNS requests on your behalf. It is because of the valued feedback and feature requests from our loyal customers that we decided to implement a basic and privacy-conscious ad blocker.



Turning on MACE™ causes your DNS requests to be resolved by a special DNS process

that has been set up with a simple blacklist of known advertising or malware domains. PIA doesn’t do anything besides block domains associated with advertisements, trackers and malware at the DNS level. For instance, website owners might have noticed that they have had issues accessing Google Analytics while MACE™ is turned on.



Unlike some ad blockers, we do not inject any SSL certificates or analyze your traffic in anyway to identify ads. Additionally, because of the way our VPN service is setup, we are unable to do a man in the middle attack or perform any content analysis on the traffic flowing through our servers.



We hope that MACE™ shows the privacy community that PIA is forever committed to our users’ privacy.


Post edited by Support on

Comments

  • Does this mean we must PIA's DNS servers for Mace to work? For example will this work with DNScrypt?
  • Posts: 122
    Hi track_this,

    To use MACE you will need to be using our DNS servers, yes. I'm not entirely sure about DNScrypt, but I'll note your request with our team and ask them to take a closer look at it.
  • edited October 2016 Posts: 1
    Hi track_this,

    To use MACE you will need to be using our DNS servers, yes. I'm not entirely sure about ...............edited................................
    doaks said:
    Hi track_this,

    To use MACE you will need to be using our DNS servers, yes. I'm not entirely sure about DNScrypt, but I'll note your request with our team and ask them to take a closer look at it.

    Post edited by utsav99 on
  • Posts: 122
    Hi guys,

    We are aware of DNScrypt and will keep the request in mind going forward, but at this time we don't have plans to introduce it.

    If there's anything else I can help you with, please let me know.
  • Posts: 136
    Do this even work? 

    Cause I see ads on YouTube on Android still. 
  • edited October 2016 Posts: 181
    Toriko said:
    Do this even work? 

    Cause I see ads on YouTube on Android still. 
    This feature only blocks domains which are associated with ads, trackers, and malware. This feature is not meant to block ads in YouTube videos.
    Post edited by OpenVPN on
  • doaks said:
    Hi guys,

    We are aware of DNScrypt and will keep the request in mind going forward, but at this time we don't have plans to introduce it.

    If there's anything else I can help you with, please let me know.
    Thank-you for the response :)
  • Is there something else we can do to be able to utilize mace while not using the client. For example, I want to run pia on my router but still use the ad blocking features?
  • Do you publish the MACE DNS servers?

    I run pfSense with PIA running and historically used other DNS.  When you announced MACE I connected using a PIA client with MACE enabled, looked up the DNS servers it assigned, and set my router with the same, but is there a preferred method instead?
  • Posts: 122
    JKVStang,

    At this point there isn't a preferred method for doing so without the app. However, I'll make sure the request is forwarded to our team.
  • MACE seems to work and then quits working on the Android version.  It'll block ads for a while and then suddenly seems to shut off and the ads come through even though I'm still connected to the VPN.
  • Posts: 1
    How does this affect router setups?! I use Merlin on my asus ac-66u router.

    Thanks

  • Posts: 122
    kjordan,

    Hmm, that's strange. I'll alert our developers and we'll take a closer look at that, thanks for letting me know!


    smyr,

    It doesn't affect router setups at this time. I'm sorry for any inconvenience!
  • Posts: 15
    i have the same issue, nougat gets some dns leaks in changing states? Some Ads came through on wlan. android with mace
    all options tested
  • doaks said:
    kjordan,

    Hmm, that's strange. I'll alert our developers and we'll take a closer look at that, thanks for letting me know!


    smyr,

    It doesn't affect router setups at this time. I'm sorry for any inconvenience!
    Have they discovered anything on what causes the DNS leak?
  • Posts: 28
    Should this slow down loading ad heavy web pages?
  • Posts: 14
    Mace blocks liveperson.net.....i opened a topic about it, but so far no responds so i will put it here. https://www.privateinternetaccess.com/forum/discussion/23435/having-trouble-opening-pages-of-liveperson-net
  • MACE is blocking katcr.co. The site won't load while I have MACE enabled. The site has become obnoxious with pop up ads, but uBlock handles them sufficiently. Despite the ads, I don't want to stop using katcr.co so I had to disable MACE. Hopefully there is something y'all can do about this.
  • Posts: 106
    MACE is blocking katcr.co. The site won't load while I have MACE enabled. The site has become obnoxious with pop up ads, but uBlock handles them sufficiently. Despite the ads, I don't want to stop using katcr.co so I had to disable MACE. Hopefully there is something y'all can do about this.
    I have Mace enabled not blocked for me?---
    --WIN10 64 bit Opera Browser with uBlock enabled (Opera's default block disabled)
  • Looks like with that MACE twitch's streams won't play.
  • Posts: 17
    PIA recently came out with a Chrome Extension from the Google Chrome webstore.  We are using PIA on our two phones and two PCs.  The license is good for five devices, so one device is open for use.

    PIA on Chrome, when it is OFF does not show as a proxy under Settings (unlike most other VPN Extensions I've used), so there is not conflict even with newer versions of Chrome that complain about proxies.  We have the Extension set with MACE OFF.  Now, once in awhile when MACE blocks a site, we just turn on the Extension for that use.

    On our Androids, unlike on our PCs, the Settings can be viewed while the VPN is running.  If we hit a site blocked by MACE, we can easily turn off MACE and restart PIA, just for the time we need this Setting.  Previously we had to use a different VPN.

    This is working out OK for us.

    Lester
  • Hi,

    Some good lists to add to your own: https://github.com/StevenBlack/hosts.

    Would love to see in future releases of the PIA client the ability to select what blacklists to enforce via MACE.
Sign In or Register to comment.