xyzio

Posts Tagged ‘privacy

Private Internet Access Review – Only The Paranoid Survive

with one comment

I bought a 1 year subscription to Private Internet Access (https://www.privateinternetaccess.com) about three months ago in order to protect my privacy when traveling and to ensure that my information was protected at my house.  I live in a high density neighborhood where I can see at least 10 WiFi access points from my laptop. At home I regularly check my router logs to ensure there are no new users but I’m paranoid that someone will hack in and cover their tracks.

Private Internet Access gives you access to VPN clients in many countries. They assign you a username and password when you sign-up and this is used to log into their servers worldwide. They state that they keep no logs and store no data. However take this with a grain of salt and avoid passing sensetive information via non-HTTPS connections. For additional protection you can daisy-chain your own server in the flow to get more privacy.

I chose Private Internet Access because they were highly rated at the VPN sub-Reddit, they have a representative on Reddit answering questions, and because they offer clients for all major operating systems.

So far I’ve had no issues and they say they don’t throttle bandwidth.  My usage is light but I have a feeling I might be restricted if I tried to pull 10TB of data through their servers.

Cost:

Private Internet Access is relatively cheap.  At one year, it is cheaper than hosting your own VPN server and definitely much less hassle.  A one-year subscription costs $40, one month is $7, and six months costs $36.  It is apparent that they steer you towards the 1 year plan.  They occasionally have discounts so keep your eye on the Reddit VPN page.

Android Client:

The Android client is very easy to use. Its usage can be summarized in three steps:
1) Download and install from the Android Play Store
2) Launch app and enter your username and password
3) Click the ‘Connect’ button

You can optionally select a server but it defaults to picking the fastest host.

A nice feature is that the app shows the current up/down transfer rate as well as the total usage for that session. However when transitioning from wireless to the cell network and vice-versa the app introduces additional delay as it gets disconnected and needs to re-authenticate with the VPN server. This is annoying because it usually happens when I’m walking out of a building checking my messages or getting directions.

PIA Android Login Screen

PIA Android Login

PIA Android Select Server Screen

PIA Android Select Server

PIA Android Status Screen

PIA Android Status Screen

Windows Client:

The Windows client is equally easy to use. Installation and execution can be summarized in four steps:
1) Download from Private Internet Access
2) Run executable
3) Enter your password
4) Run

PIA Windows Screen

PIA Windows Connect Screen

PIA Windows Login Screen

PIA Windows Login Screen

Linux Client:

Linux client setup proved to be difficult. Rather than providing a client, PIA provides instructions to perform the setup. While the instructions worked in a graphical Ubuntu VM on my laptop, they do not work on my non-GUI DigitalOcean VPS. I was able to figure out an alternate way to perform the setup however it took a lot of digging. It would be nice if PIA incorporated instructions for manual setup and connection on their site.

Pros:

  • Privacy
  • It is cool to connect to server in Romania and see the Google Romania page show up.  However using it is impractical due to latency
  • Multiple sites around the world to reduce delay wherever you go
  • Easy setup

Cons:

  • Android client introduces delay as it re-authenticates when transitioning between data providers
  • Private Internet Access says they don’t log data and that they would reject PRISM monitoring requests.  Take this with a grain of sand and always encrypt your data!  This does not guarantee that your data is not being monitored at PIA’s outgoing ISP or that your home computer does not have a keylogger.  Or if they are really watching you!

Final Thoughts:

It is hard to see if connecting to Private Internet Access is protecting me. I’ve used it at home, around town, and when traveling in hotels, coffee shops, and airports. As far as I know none of my data has been compromised. I think it is hard to see if it effective, but it is an additional layer of protection and you protect yourself just by being more difficult to hack than the next guy. Ultimately the only way to be safe online is to not go online!

Advertisements

Written by M Kapoor

July 4, 2013 at 9:34 pm

Private Internet Access OpenVPN on Ubuntu at Linode or Digital Ocean

with one comment

Update 9/14: These instructions no longer seem to work at Linode.  Please leave a message in the comments if you see a mistake in my directions.

I’ve written about using Apache to proxy connections over SSH in order to hide sensitive information in public places. For an extra fee you can gain additional anonymity on the internet via companies like Private Internet Access which provides multiple VPN gateways for around $40/year without the risk of hacking or mis-configuration that comes with doing your own setup.  You also get the ability to use VPNs in multiple countries and US locations thus further obfuscating information.

Private Internet Access has instructions on how to set up a VPN on Ubuntu using Network Manager.  However I’m using a server install at Digital Ocean and I don’t feel like installing the desktop just to use Network Manager.  In addition there is setup required to allow you to access the VPS while still routing outgoing data through the VPN.  This should also work at Linode. Here is how to do it:

1) Install open-vpn : apt-get install network-manager-openvpn

2) Download a copy of Private Internet Access’ config files or if their site is down, here.  Unzip the files in a new directory.  The zip file contains everything you need to access their VPN servers without dealing with Ubuntu’s Network Manager.

3) Now you configure your VPS so that any traffic that comes to the VPS is responded to by the VPS.  Otherwise once you start your VPN any attempt to connect to the VPS will be answered through the VPN which is not what the connecting software expects.

Type this at the prompt:
ip rule add from x.x.x.x table 128
ip route add table 128 to y.y.y.y/y dev ethX
ip route add table 128 default via z.z.z.z

Where x.x.x.x is your public IP y.y.y.y/y is the subnet of your public IP address ethX is your public Ethernet interface z.z.z.z is the default gateway To get the x, y, and z use ip route: ip route show. The last three lines of the output will look something like this:

93.115.84.202 via 127.0.0.1 dev eth0
128.0.0.0/1 via 10.155.1.5 dev tun0
127.0.0.0/24 dev eth0 proto kernel scope link src 127.0.0.1

Match the color coded output to the ip commands above.  You need to type these in every time you restart your VPN so it helps to save them in a shell script.

4) Optional: Create a password file.  You can create a password file to supply OpenVPN with your login info If you are lazy and don’t feel like entering a password every time you connect to Private Internet Access.  To do this, make a file that contains your username on the first line, password on the 2nd line, and nothing else.

5) Start OpenVPN using one of the config files from step 2.  Each config file is set up to connect to one of the VPN servers run by Private Internet Access.  You can specify your password file from step 4 using the auth-user-pass argument.  Here is what I use to connect to their Romania server:

openvpn –config Romania.ovpn –auth-user-pass password_file

Finally, check your IP using their ‘Where’s My IP‘ page.

Questions or comments?  Feel free to leave a message using the comments box below.

Sources:
http://openvpn.net/index.php/open-source/documentation/howto.html#client
http://www.cyberciti.biz/faq/how-to-find-out-default-gateway-in-ubuntu/
https://forum.linode.com/viewtopic.php?t=8737
https://www.privateinternetaccess.com/pages/client-support/#ubuntu_openvpn

Written by M Kapoor

June 27, 2013 at 7:25 pm