As far as I am aware (unless the NSA knows better) is that once the VPN is connected and the traffic is encrypted then DPI can not work on that data stream. The only way someone could use DPI is to intercept your traffic once it leaves the PIA network and onroute to the destination and then only if the traffic is non SSL, so it is also wise to use the EFF HTTPS Everywhere browser add-on
DPI is always done between endpoints, the way it works these clowns do DPI so another ip address can be added to database. Try to open blocked.com from PIA ip address. Https is no help, they already know you
Deep packet Inspection can only tell them that you are using encryption and that your packets are coming from a PIA server.
It is not a magic wand that breaks encryption. And so far, despite pretending to do exactly that, not even the NSA has ever broken a single packet with or without DPI.
So why do the NSA and other agencies love DPI? Because the average user is an idiot and gives away too much details that can be used to determine who they are even when they use encryption.
Check this out for an example of what I mean. Your browser tells every site you go to if it has the right fonts for the site. It tells them your time zone and screen size and aspect ratio and a thousand other things. All this combined makes it trivial to figure out if your browser was the one that connected to a honeypot site.
PIA just runs a VPN. They do not make your browser, so it is still a problem that they cannot fix. I advise you to contact whoever made your browser of choice and ask them to make it less identifiable on sites like Panopticlick. https://panopticlick.eff.org/
Speaking of which, does anyone know of something for Firefox that will obfuscate Browser Plugins when javascript is enabled?
Only Noscript, and that is an evasion rather than an answer...
Depending upon your needs, RequestPolicy may work even if you permit JS, but sites tend to look awful since half the content will be missing. https://www.requestpolicy.com/ (Firefox gives me a warning about the page for some reason. But you can search for it via FF's extension page and doubtlessly find it there.)
I had Request Policy installed at one time, but I got rid of it due to some issue that it was apparently causing (I don't recall what it was now). I might give it another shot and see how it works out. Appreciate the suggestion!
You know, a guy (or gal) can spend all their time just attempting to secure things and never actually enjoy life, or the internets. I find it interesting and educational though, so I'm mostly OK with that. <:-P
I had Request Policy installed at one time, but I got rid of it due to some issue that it was apparently causing (I don't recall what it was now). I might give it another shot and see how it works out. Appreciate the suggestion!
You know, a guy (or gal) can spend all their time just attempting to secure things and never actually enjoy life, or the internets. I find it interesting and educational though, so I'm mostly OK with that. <:-P
Just remember that EVERYTHING is going to look like smeared shit until you permit the site with RP. That is likely why you got rid of it.
Personally I think RP is aimed more at people who already run NS and have very limited bandwidth. (The same people who disable site images and run a plain text interface wherever they can.)
The reason I still use it is that some sites fail to load without enabling JS via NS. But once I do, RP blocks JS elements like Flash from loading anything that may be hazardous.
P.S. what op was asking whether PIA offers any masking against DPI.
Correct, I was looking to see if PIA could do something similar to TorGuard's Stealth VPN that can obfuscate around DPI firewalls (like some that are used in corporate firewalls, the Great Firewall, etc.). Yes Tor has obfs3 and that can work, but I'm just as interested in whether PIA can do it as it can take some of the burden of Tor.
Blocking VPN traffic to PIA would take time, but as they publicly put out all their VPN hosts, it'd be fairly easy to add a drop rule for all the whois records on ca-toronto.privateinternetaccess.com, france.privateinternetaccess.com, romania.privateinternetaccess.com, etc., etc.
I realize this isn't an easy question, but if I can't access PIA, then I can get private internet, which is why I'm asking.
Deep packet inspection is an advance technique which is used analyze traffic beyond layer 2 and layer 3 on osi model.but if the whole traffic is encrypted then its difficult to analyze. hammer vpn and fich vpn offers this feature.
Comments
It is not a magic wand that breaks encryption. And so far, despite pretending to do exactly that, not even the NSA has ever broken a single packet with or without DPI.
So why do the NSA and other agencies love DPI? Because the average user is an idiot and gives away too much details that can be used to determine who they are even when they use encryption.
Check this out for an example of what I mean. Your browser tells every site you go to if it has the right fonts for the site. It tells them your time zone and screen size and aspect ratio and a thousand other things. All this combined makes it trivial to figure out if your browser was the one that connected to a honeypot site.
PIA just runs a VPN. They do not make your browser, so it is still a problem that they cannot fix. I advise you to contact whoever made your browser of choice and ask them to make it less identifiable on sites like Panopticlick.
https://panopticlick.eff.org/
Depending upon your needs, RequestPolicy may work even if you permit JS, but sites tend to look awful since half the content will be missing.
https://www.requestpolicy.com/
(Firefox gives me a warning about the page for some reason. But you can search for it via FF's extension page and doubtlessly find it there.)
You know, a guy (or gal) can spend all their time just attempting to secure things and never actually enjoy life, or the internets. I find it interesting and educational though, so I'm mostly OK with that. <:-P
Personally I think RP is aimed more at people who already run NS and have very limited bandwidth. (The same people who disable site images and run a plain text interface wherever they can.)
The reason I still use it is that some sites fail to load without enabling JS via NS. But once I do, RP blocks JS elements like Flash from loading anything that may be hazardous.
Blocking VPN traffic to PIA would take time, but as they publicly put out all their VPN hosts, it'd be fairly easy to add a drop rule for all the whois records on ca-toronto.privateinternetaccess.com, france.privateinternetaccess.com, romania.privateinternetaccess.com, etc., etc.
I realize this isn't an easy question, but if I can't access PIA, then I can get private internet, which is why I'm asking.