pia-v76-installer-win Smaller?
Just downloaded the new v76, and I'm just checking on the file size. My Windows Explorer says the file size is only 43,664 KB. I still have v75 in my folder, and that one is 63,223 KB. An earlier version from well before, v68, was 59,989 KB.
It's kind of unusual for a software's new version to be 31% smaller than its immediate previous version (Apple would never allow that with iTunes), so I just want to check and make sure this is correct, and that I am not downloaded some rogue program under the guise of PIA that my ISP is using to fool me into thinking I'm not being tracked after all.
Please advise? Thanks.
It's kind of unusual for a software's new version to be 31% smaller than its immediate previous version (Apple would never allow that with iTunes), so I just want to check and make sure this is correct, and that I am not downloaded some rogue program under the guise of PIA that my ISP is using to fool me into thinking I'm not being tracked after all.
Please advise? Thanks.
Comments
MD5
F20965B1D4DE093A6BB1BF9011284F42
SHA-1
980EC776051FFE72FF9382D3A168A10059B144C3
SHA-256
2664C6717359D389CE35FA9FC95A9ABD4B3C2CA4F8218AA4FBBE27068014CCB8
The size is 42.6 MB (44,711,864 bytes)
I suggest PIA to publicize the installers hashes for increased security.
Edit: Turns out PIA publicizes the hashes on this page https://www.privateinternetaccess.com/pages/downloads
however it's not as easy to find as the regular download page and v76 hasn't been listed yet.
As for the size difference, yes this is normal! The new installer is completely different and as such we were able to remove a good chunk of data that was used just to run the installer script (previously also written in Ruby).
The v76 installer is also signed, and Windows should also now present it as being published by "London Trust Media Inc" when it asks for administrator permissions!
like this one:
https://installers.privateinternetaccess.com/download/pia-v76-installer-win.exe
edit: MD5 hash checks out fine..
We pulled out v76 purely because of the issues on Mac. We are not aware of any security issues related to this build, when it does run it runs just fine. The issue is as simple as the app was compiled with compiler flags targeting a too instruction set and consequently systematically crashing on Macs made in 2012 or older.
Ultimately if people feel adventurous and want to install v76 despite us having pulled it out, I don't see any problem with that as again this release is safe to use. Due to the nature of the issue, it either works perfectly fine, or not at all so it's not like it will crash in the middle of browsing and suddenly expose you.
In particular we've made the decision of leaving the Linux version of it up as it is a very good release for those particular users.
If v76 had a security flaw, we would have immediately released a fixed (or even just a rebranded v75) to ensure those v76 would have immediately be notified to update to v77. We would also have published an announcement and made sure to fully purge the file from our servers. However in this situation it wasn't necessary, we only need to stop people from wasting their time updating to a version we know doesn't run on some machines. Anyone that has downloaded v76 and is using it is perfectly safe and have no reason to worry.
So, if people want to go ahead and go out their way to find that download link to enjoy an early beta, I don't have any problem with that
sidenote (and a longstanding windows issue it seems).. if I hover over the PIA icon in windows I used to see an accurate public IP reflecting the info from sites like whatismyip and ipleak. however since a few major versions ago it displays a different IP. I used this crossover check regularly to make sure who's who and what's what, but now together they are inconclusive..no matter what "who is my public ip?" site i go to they all give the same answer which is now different than PIA . I believe it's been discussed before but I never found a conclusive fix or answer. If there is, can you point me in the right direction?
edit: i never have this problem on the Android app.. always shows the right original IP and current IP reflected by whatmyip sites
also a rather small detail.. though it's very nice to see that the installer is digitally signed, when I open "process explorer" by MS sysinternals, the "Ruby interpreter (GUI) 2.4.1p111 [i386-mingw32]" says "(No signature was present in the subject) http://www.ruby-lang.org/" Is this a ruby issue?
It's 2018, by now everything should be hashed, signed, and maybe even 2-form authenticated. Take for example Titanium backup (http://bit.ly/2npBfPC) which allows implementation of a user generated 4096 master key for maximum security of local and cloud backups.
It usually last 11 - 12 hours before it disconnects. Stronger encryption last for a a couple of hours and the strongest one you offer 4096, using TCP etc, last 2-3 minutes with OpenVPN on Debian Stretch 9 before it disconnects.
Curious to see if you can offer a stabile Linux version for V76.