Submitted by alqm in Privacy (edited )

"Today marks the start of an exciting shift over here at Private Internet Access. As long-time supporters of the Free and Open Source Software community, we have started the process of open sourcing our software, and over the next six months we will be releasing the source code for all our client-side applications, as well as libraries and extensions."

6

Comments

You must log in or register to comment.

OpSecLevelBaNaNaS wrote

So, here's the issue: the servers are not open source. It doesn't matter if the client software is open source, they could still be bulk collecting your data on their servers either intentionally or due to a security flaw. A VPN service concerned with assuring users of their privacy would be more interested in disclosing their server source code as compared to the client side software. In fact, any good VPN is using OpenVPN protocols, which there have long been open source client software for.

This issue of server vulnerability is also an ongoing issue in other projects that people in our community rely on heavily, and which are also almost certainly getting spied on by our governments too, such as Signal Private Messenger's servers. While they are open source, and try to avoid collecting or retaining too much metadata about the messages in the system, those servers retain the phone numbers of all current signal users in plaintext, and some additional info about the date of registration with the service and the date of their last use of the service. Signal developers have also not made it easy or intuitive to set up one's own independent servers, making the users dependent on a centralized service. There are some positives for these tactical decisions by the developers, such as increased utility and ease of adoption, but I also have no doubt in my mind that all of the above info is logged by the US government (and others, probably)

I would suggest scepticism of PIA's move here. Treat all VPNs like they are run by the CIA. never rely on only one layer of digital security, and recognize when a VPN will be a liability rather than a benefit to your OPSEC.

For torrenting movies? Yeah, this isn't a bad move. But for anything political? Forget VPNs!!

2

jaidedctrl wrote

I guess you could say… the client's source-code is now not Private. :-P

1