Company please respond
Yesterday I posted this https://www.privateinternetaccess.com/forum/discussion/28678/shopping-for-a-vpn-company-please-respond asking for a response from the company.
Today my friend tells me that a Private Internet Access employee named sn0wmonster posted that Private Internet Access had evidence that it does not log so I came to take a look. Thought maybe I would give Private Internet Access another look.
I could find no evidence posted, just the post from sn0wmonster saying "We have public *evidence* that logging is not happening, but you will have to decide on your own if that evidence is sufficient enough to trust PIA in your own OPSEC threat model."
So accepting that invitation, I would like to see this evidence Private Internet Access claims to have via the employee sn0wmonster statements to this effect so I can decide.
Thank You
Today my friend tells me that a Private Internet Access employee named sn0wmonster posted that Private Internet Access had evidence that it does not log so I came to take a look. Thought maybe I would give Private Internet Access another look.
I could find no evidence posted, just the post from sn0wmonster saying "We have public *evidence* that logging is not happening, but you will have to decide on your own if that evidence is sufficient enough to trust PIA in your own OPSEC threat model."
So accepting that invitation, I would like to see this evidence Private Internet Access claims to have via the employee sn0wmonster statements to this effect so I can decide.
Thank You
This discussion has been closed.
Comments
Evidence comes in many forms.
For starters, PIA's owner is a privacy and FOSS advocate who has stopped at nothing to spread the word and continues to run PIA because of his disgust for mass surveillance and belief in the need for anonymization networks (such as Tor). In fact, he brought me into PIA personally because we share in that disgust!
PIA's employees are also privacy advocates (myself included) who increasingly take a skeptical look at company policies and actions and demand more transparency (like making the app open source, including additional failsafe networks like Tor into the mix, etc). All of these efforts and more are in the works in some form or another, so there's not much I can say about them.
Then there's the subpeana and response, which I myself do not find to be sufficient evidence alone and completely agree with your original conclusion, but also believe it to be some form of evidence that other VPN providers have yet to produce.
Then there's PIA's actions over the past decade, its participation in movements to promote and strengthen privacy for everyone, but importantly its willingness to react quickly to countries that threaten PIA's ability to make such a guarantee (like removing its servers from Russia the moment Russia showed it wasn't interested in respecting privacy).
I abhor false senses of security and want no one to take unnecessary risks. I do not believe VPNs alone to be a magic bullet and always try to educate people on overall OPSEC, as statistically, all individual tools will fail. Having said that, when you pay a company to provide you with a VPN, it all comes down to trust. Do you trust PIA? I do, but I also keep a watchful eye on anything that could shake that trust, and spend most of my time at PIA purposely shaking trees in the hopes of finding something lurking in the shadows that I can stamp out to make PIA more transparent. So far? No boogiemen, just a closed source app that I have petitioned to be open source (in the works) and working on devising more anonymization options for users.
I cannot personally attest that no logging is taking place as I have yet to inspect the thousands of baremetal servers operated and maintained by PIA, but I believe the evidence so far to be genuine, accepting that it's never going to be enough, and continue to work to make PIA more transparent for everyone. I also cannot personally inspect all airplanes I ride on, but trust that they are in good enough fitness to carry me safely. Again, it's all about rational trust. The key to this type of assessment is rationality and a proper OPSEC threat model to insulate yourself from any threats, not just VPNs. If you don't *want* to trust airplanes, take a boat instead!
My recommendation for you is to have a threat model that suits you, and find out if *any* VPN fits the bill. Some will find their threat model requires a VPN in another country that isn't part of the 13-eyes (for when they cannot trust secret courts to abide by the constitution and do not want to take that risk). Some may find that having a company in the US that is protected by data privacy laws and a constitution is a better gamble, but in the end it's always going to come down to a choice of threat models.
Personally, I don't trust *just* VPNs and mix it up, like a VPN tunnel originating from a VPS where I use Tor to connect to, but for most people who just want to download something while obfuscating their location, to protect themselves from stalkers or abuse, and who just don't want to contribute to the mass surveillance efforts of alphabet soup, using PIA is probably the right move.
As I said in the other thread, whether you stay or go, so long as it's a calculated and rational decision based on your specific threat model, it is the right choice.
sn0w
Thanks for your response;
Evidence does not come in many forms, it only comes in one form and that is a form that is either true or valid with the true or valid supported by proof. Although there is the subpoena response, its not proof that Private Internet Access does not log and your semantics with the word "evidence' applied, and the long post support for it, is also not proof or evidence that Private Internet Access does not log.
I don't want to be rude, by nature I am not a rude person. However, since my time has been wasted, by none of the claimed "evidence" being provided, I will be blunt.
Your semantic expansion of the word "evidence" is somewhat unsettling. I thought since the claim of "evidence" had been made that it would be available and that caused me to come back for one more look. I also thought that someone at Private Internet Access would know what "evidence" was, I was wrong to think that. It does not leave me with a good feeling when a company plays semantics games trying to portray an image that is false which in this case is the claim of "evidence" that does not seem to exist. The effort to defend or support the semantics "evidence" with a long post is just more of what Private Internet Access says in the usual creepy cultist brain washing chant manner that appears in the forums. All this talk of "threat model", when all I wanted was a straight forward answer by the claimed "evidence" being provided as requested. You mention "trust" but then play semantics games with the word "evidence". I am well aware of what "trust" actually is and means, but the Private Internet Access version of "trust" you posted was entertaining in a fairy tale sort of way.
I do not have a good feeling about Private Internet Access. The word play and semantics games along with disingenuous statements that Private Internet Access employs does not give me any confidence or provide a basis of trust. In addition, the rude customer treatment thing is unsettling, I am not even a customer and the semantics games with the word "evidence" was rude and insulting.
My original decision to look elsewhere was correct.