Private Internet Access MACE™ Technical Explanation
Many of our users have asked about the specifics of the MACE™ ad blocker, so we are breaking down the technical details so our users can know that they are safe.
When you are connected via the Private Internet Access client, PIA handles all DNS requests on your behalf. It is because of the valued feedback and feature requests from our loyal customers that we decided to implement a basic and privacy-conscious ad blocker.
Turning on MACE™ causes your DNS requests to be resolved by a special DNS process
that has been set up with a simple blacklist of known advertising or malware domains. PIA doesn’t do anything besides block domains associated with advertisements, trackers and malware at the DNS level. For instance, website owners might have noticed that they have had issues accessing Google Analytics while MACE™ is turned on.
Unlike some ad blockers, we do not inject any SSL certificates or analyze your traffic in anyway to identify ads. Additionally, because of the way our VPN service is setup, we are unable to do a man in the middle attack or perform any content analysis on the traffic flowing through our servers.
We hope that MACE™ shows the privacy community that PIA is forever committed to our users’ privacy.
Comments
To use MACE you will need to be using our DNS servers, yes. I'm not entirely sure about DNScrypt, but I'll note your request with our team and ask them to take a closer look at it.
To use MACE you will need to be using our DNS servers, yes. I'm not entirely sure about ...............edited................................
We are aware of DNScrypt and will keep the request in mind going forward, but at this time we don't have plans to introduce it.
If there's anything else I can help you with, please let me know.
Cause I see ads on YouTube on Android still.
I run pfSense with PIA running and historically used other DNS. When you announced MACE I connected using a PIA client with MACE enabled, looked up the DNS servers it assigned, and set my router with the same, but is there a preferred method instead?
Hmm, that's strange. I'll alert our developers and we'll take a closer look at that, thanks for letting me know!
smyr,
It doesn't affect router setups at this time. I'm sorry for any inconvenience!
--WIN10 64 bit Opera Browser with uBlock enabled (Opera's default block disabled)
PIA on Chrome, when it is OFF does not show as a proxy under Settings (unlike most other VPN Extensions I've used), so there is not conflict even with newer versions of Chrome that complain about proxies. We have the Extension set with MACE OFF. Now, once in awhile when MACE blocks a site, we just turn on the Extension for that use.
On our Androids, unlike on our PCs, the Settings can be viewed while the VPN is running. If we hit a site blocked by MACE, we can easily turn off MACE and restart PIA, just for the time we need this Setting. Previously we had to use a different VPN.
This is working out OK for us.
Lester
Some good lists to add to your own: https://github.com/StevenBlack/hosts.
Would love to see in future releases of the PIA client the ability to select what blacklists to enforce via MACE.