Why is 'pia_nw.exe' trying to connect to Google?

az888883az888883
in General VPN Support
I recently re-upped my subscription and updated PIA and noticed that an hour or so after connecting, my firewall now catches pia_nw.exe randomly trying to connect to an IP belonging to Google. This happens every time (with various Google IPs) about an hour after I connect normally. This has never happened in the past. What is this?

Comments

  • Max-PMax-P
    This is a known one. In short, we use nwjs for PIA's GUI which is based off Chromium which is made by Google, and it seems the version we use have missed some of the Google stuff. The requests in itself are benign, one of them is to check the time and the other I'm not sure.

    More info there:
    https://www.privateinternetaccess.com/forum/discussion/30808/nwjs-query/p1
    https://www.privateinternetaccess.com/forum/discussion/30575/after-upgrade-pia-going-to-clients2-google-com
  • az888883az888883
    the other I'm not sure.
    Then how do you know it's benign?

    I appreciate the clarification, but even so, I use VPNs for the sake of privacy. The fact that Google (one of the worst offenders in this area) is able to connect to it directly is more than a little concerning to me. Is this going to be fixed?
  • Max-PMax-P
    Sorry for the delays, I was busy on other projects.

    Yes, it is reported and the developers are working on it.

    I know they are benign because they are all part of the open-source Chromium project, which means what the requests do is publicly documented (although arguably maybe not in the easiest to read format). I'm pretty sure it's likely generating a key for features that ever end up being used like the web store. The same reason it actually initializes a cookies, history, bookmarks, settings, cache databases and a whole bunch of other things despite never ever putting anything there.


    If you still do not trust those however, I would highly recommend setting up the OpenVPN client instead. This will configure PIA for use with the vanilla OpenVPN client which is fully open-source and does only one thing: connect the VPN. I think it doesn't even have an update checker!
  • anonamoosanonamoos
    Looks like it's contacting Google to update part of the Chromium framework. A Google search shows this to be the Widevine Content Decryption Module built into Chrome/Chromium.

    This is an excerpt from Wireshark monitoring nwjs on a Mac:


        <?xml
            version="1.0"
            encoding="UTF-8"
            ?>
        <request
            protocol="3.1"
            dedup="cr"
            acceptformat="crx2,crx3"
            version="chrome-65.0.3325.181"
            prodversion="65.0.3325.181"
            requestid="{86b2181c-eb7a-4b8a-b0bc-b7c7da27bd29}"
            lang="en-US"
            updaterchannel=""
            prodchannel=""
            os="mac"
            arch="x64"
            nacl_arch="x86-64">
            <hw
                physmemory="16"/>
            <os
                platform="Mac OS X"
                arch="x86_64"
                version="10.13.4"/>
            <app
                appid="oimompecagnajdejgnnjijobebaeigek">
                <event
                    eventtype="14"
                    eventresult="1"
                    downloader="direct"
                    downloaded="1758863"
                    total="1758863"
                    download_time_ms="18206"
                    previousversion="0.0.0.0"
                    nextversion="1.4.8.1030"/>
                <event
                    eventtype="3"
                    eventresult="1"
                    nextfp="1.941c2390ee06475e0ec91a545f990b6d44a2b3a2d88ef8c02fa588cbeb228604"
                    previousversion="0.0.0.0"
                    nextversion="1.4.8.1030"/>
                </app>
            </request>

  • bean_drewbean_drew
    I just upgraded to v80 client for MacOS and noticed this behaviour (PIA client callouts to Google-related IPs) is still happening. Even a connection that is benign today is a potential vulnerability, which is why network activity in general should be limited to that which is strictly necessary. Of course one can use a third-party client, but the PIA native client allows for straightforward connection configuration and easy access to deeper options too. In short, here's hoping that future versions can strip out the call-out behaviour.
  • WestieWestie
    edited June 2018
    This is very disturbing. I thought I was using PIA to help protect me from evil companies like Google. But after all PIA did decide to make a plugin for Chrome too, long before ever making one for a safe browser like Firefox. So it would seem PIA is all "benign" in its view of Google.
  • [Deleted User][Deleted User]
    @bean_drew, @Westie

    I recently reached out to the devs on this issue again, and they are working to fix the Google connections in v81. I'd recommend signing up for the beta program to get access to the fixed version as quickly as possible. 

  • HawkTroyHawkTroy
    Westie said:
    But after all PIA did decide to make a plugin for Chrome too, long before ever making one for a safe browser like Firefox.
    It can be argued that Chrome users need the protection of PIA more than Firefox users. There are also more Chrome users, making a Chrome extension more impactful.
  • WestieWestie
    HawkTroy said:
    It can be argued that Chrome users need the protection of PIA more than Firefox users. There are also more Chrome users, making a Chrome extension more impactful.
    There is nothing PIA can do to protect customers from Google's spying when PIA, in effect, encourages its customers to use a browser that guarantees Google can and will spy on them. PIA should be encouraging customers to avoid Chrome and use open source apps like Mozilla/Firefox, etc. By releasing a Chrome plugin, while brushing off the pleas of customers for months for a Firefox plugin, PIA sent a loud message that Chrome is a safe browser when it's anything but that.
  • pvicy_foxpvicy_fox
    I just wanted to add that I'm also experiencing this issue and eagerly await a fix. Why is PIA connecting to google account services to access the internet??? This is very sloppy.
  • Omnibus_IVOmnibus_IV
    It is probably like Android, and Apple, and others. If one wants to build an app or plugin for anything and they are going to use the browser from the mentioned vendors, then they have to allow that vendor access. It is all in the plugin/app agreement, if you read them.

    Get off anything made by Google or Apple and go with an indie browser. Don't use plugins, run your PIA straight off your PC/Mac. You should be in control, not Google or Apple and others.

    JMHO
Sign In or Register to comment.