When will PIA upgrade to multi-hop VPN?

edited November 8 in General VPN Support Posts: 14
Some of the most favourable VPN's out there have a multi hop VPN settings for added protection and privacy (such as VPN.AC with 18 hops).

When will this be implemented into PIA?
Post edited by Bojack on
Tagged:

Comments

  • Posts: 223
    Bojack said:
    Some of the most favourable VPN's out there have a multi hop VPN settings for added protection and privacy (such as VPN.AC with 18 hops).

    When will this be implemented into PIA?
    You're opening up a lot of discussions!  :p :D That's certainly why this forum exists and we will try to help you as best we can.

    Double-hop has been suggested by many other users but I'm not aware of any plans they may have to upgrade.
    PIA has always been pretty secretive about internal operations, you're welcome to suggest the feature to the support staff and they will happily add it to "the list." The company's decisions are mostly democratic, if a great majority of users suggest a particular feature they'll likely implement it in the future
  • edited November 8 Posts: 84
    @Bojack I can't even imagine how slow 18 hops would be, as a full-time Tor user, 3 hops is unbearable for me as it is. I think your information might be inaccurate.

    I noticed they claim double hops (certainly more manageable than 18), but in the end it doesn't do anything for you privacy-wise because the principle is that you're trusting the security and privacy provided by PIA.

    If PIA node #1 is compromised, then the exact same issue will happen for PIA node #2 as they're all run with the same integrity, security policies, gaurantees, etc.

    The reason people proxychain like you're describing (there's even a program in GNU/Linux called proxychains for doing just this with proxies, not VPNs though) is because they don't trust the integrity of the hop. For PIA, you're trusting they don't keep logs and would rather shut down than give you up to anyone coming around to ask. If you trust one hop, what difference is it going to make to trust two from the same company? The only way I would see double hopping to be more than marketing snakeoil is if it were, like Tor, between providers (which is silly for a centralized, for-profit VPN company).

    Of course you could argue that by having hops in multiple countries you'd be adding to the pool of anonymity, but again, the question comes down to "if you trust one node, you'd trust all of them", as I understand it, PIA doesn't operate in countries there could be such a threat.

    Hope this makes sense!
    Post edited by sn0wmonster on
  • Posts: 14
    @Bojack I can't even imagine how slow 18 hops would be, as a full-time Tor user, 3 hops is unbearable for me as it is. I think your information might be inaccurate.

    I noticed they claim double hops (certainly more manageable than 18), but in the end it doesn't do anything for you privacy-wise because the principle is that you're trusting the security and privacy provided by PIA.

    If PIA node #1 is compromised, then the exact same issue will happen for PIA node #2 as they're all run with the same integrity, security policies, gaurantees, etc.

    The reason people proxychain like you're describing (there's even a program in GNU/Linux called proxychains for doing just this with proxies, not VPNs though) is because they don't trust the integrity of the hop. For PIA, you're trusting they don't keep logs and would rather shut down than give you up to anyone coming around to ask. If you trust one hop, what difference is it going to make to trust two from the same company? The only way I would see double hopping to be more than marketing snakeoil is if it were, like Tor, between providers (which is silly for a centralized, for-profit VPN company).

    Of course you could argue that by having hops in multiple countries you'd be adding to the pool of anonymity, but again, the question comes down to "if you trust one node, you'd trust all of them", as I understand it, PIA doesn't operate in countries there could be such a threat.

    Hope this makes sense!
    Brilliant explanation. Thanks!
  • Posts: 223
    @Bojack I can't even imagine how slow 18 hops would be, as a full-time Tor user, 3 hops is unbearable for me as it is. I think your information might be inaccurate.

    I noticed they claim double hops (certainly more manageable than 18), but in the end it doesn't do anything for you privacy-wise because the principle is that you're trusting the security and privacy provided by PIA.

    If PIA node #1 is compromised, then the exact same issue will happen for PIA node #2 as they're all run with the same integrity, security policies, gaurantees, etc.

    The reason people proxychain like you're describing (there's even a program in GNU/Linux called proxychains for doing just this with proxies, not VPNs though) is because they don't trust the integrity of the hop. For PIA, you're trusting they don't keep logs and would rather shut down than give you up to anyone coming around to ask. If you trust one hop, what difference is it going to make to trust two from the same company? The only way I would see double hopping to be more than marketing snakeoil is if it were, like Tor, between providers (which is silly for a centralized, for-profit VPN company).

    Of course you could argue that by having hops in multiple countries you'd be adding to the pool of anonymity, but again, the question comes down to "if you trust one node, you'd trust all of them", as I understand it, PIA doesn't operate in countries there could be such a threat.

    Hope this makes sense!
    If I want to double-hop use the chrome extension or TOR browser in conjunction with PIA, I really don't see the need for having multi-hop servers except in this case: https://www.privateinternetaccess.com/forum/discussion/18692/p2p-fix-in-certain-regions
  • Posts: 572
    @sn0wmonster, while I largely concur with your assessment of multihop vpn, I also have a hard time viewing it as "marketing snakeoil." From what I've seen of those few vpns that offer multihop, for the most part they seem to be giving it rather limited exposure. Their target market are whistleblowers, gov't reform activists, and those living in highly repressive regimes who merely engage in activities the rest of us consider perfectly legal. Ed Snowden comes to mind (I can promise you Snowden is using multihop vpn, rather than just Tor alone, because NSA long ago identified all Tor entry and exit nodes and figured out how to do timing correlations).

    For those who really do need it multihop offers great promise in the way of adding a significant additional layer of obfuscation. The question is do I need it? Maybe someday I will, but so far I seldom ever even use TorBrowser, other than when I'm traveling abroad working in countries run by repressive regimes (and thankfully I rarely have need of doing that anymore).

    So ask yourself, "Do I really need it?" I would guess that 99% of PIA's customers don't, so it really wouldn't make any economic sense for PIA to offer it. If it were offered many PIA customers would use it without any legitimate need for it. All that would accomplish is placing a larger traffic burden on PIA servers, potentially decreasing performance for the rest of us.

    For those who actually do need multihop vpn feel free to PM me and I can give you a couple recommendations. Just be prepared to pay double and triple what PIA charges.
  • edited November 9 Posts: 84
    @tomeworm Again, it isn't that multiple hops isn't useful, it's just that they would only be useful in an environment where you don't trust any individual hop and want to decrease your chances of collusion and correlation. If the same VPN provider owns all of those hops and they're all equally secure (or insecure), my point was just that they'd be redundant, and advertising it as increasing privacy would be dishonest.

    I'm sure there's other use cases that I'm not considering which I'm happy to admit wouldn't apply. As for whistleblowing, Tor or i2p (and pretty soon, GNUnet!) is still the best way to go imho. The NSA has not broken all of Tor yet, only significantly weakened it and increased your chances of a jackpot honeypot |)7))7))7) where they own all the hops. If PIA for example offered a public bridge to users who trust PIA, and assuming PIA is not secretely in cahoots with them, that would foil them completely. Tor itself is very much secure, its just that the NSA has better resources for rigging the line.

    For the record, I've petitioned PIA to offer a public Tor bridge. Now idea if it'll happen or not, but it's my intention anyway. Hard to be a leader in privacy if you're only providing one type of it!
    Post edited by sn0wmonster on
  • Posts: 572
    For the record, I've petitioned PIA to offer a public Tor bridge. Now idea if it'll happen or not, but it's my intention anyway. Hard to be a leader in privacy if you're only providing one type of it!
    An excellent idea. It would also further demonstrate PIA's commitment to network privacy and security by directly contributing resources to the Tor network.
Sign In or Register to comment.