PIA is a powerful VPN that ticks (almost) all the boxes.
Private Internet Access (commonly known as PIA) is a capable VPN provider, now owned by Private Internet (formerly known as KAPE), who also owns CyberGhost and ZenMate. The company stands out immediately for its ‘NextGen VPN Network’, now a massive 35,400+ servers in 78 countries (that’s double the number of servers we saw in our last review.) This isn’t just about the numbers, PIA says. The NextGen servers ‘utilize better hardware components’, ’10Gbps network cards instead of 1Gbps’, use RAM Disks to ensure ‘all sensitive information is lost as soon as the server loses power’, and now support both WireGuard and OpenVPN. You’re able to access that network via apps for Windows, Mac, Android, iOS and Linux, browser extensions for Chrome, Firefox and Opera, and there are detailed setup tutorials for routers and many other device types. PIA supports connecting up to 10 devices simultaneously. That’s twice the allowance you’ll get with most VPNs, although Windscribe, Surfshark and a few others have no limit at all. Extras range from the simple and straightforward (built-in blocking of ads, trackers and known malicious websites) to the more low-level and technical: a SOCKS5 proxy for extra speed, port forwarding support, the ability to select your preferred encryption, authentication and handshaking methods, and more. Major additions since our last review include dedicated IPs,24/7 live chat support, and a bonus Identity Guard system (free with all plans) which alerts you if your email address appears in a network breach. Welcome app tweaks include encryption improvements (SHA-4096 is always used for authentication handshakes, OpenVPN CBC always uses SHA-256 for data authentication), a highly flexible Automation Rules system enables automatically connecting or disconnecting when you access certain networks, and a string of low-level fixes and enhancements (check out the PIA changelog if you’d like to know more.) (PIA has dropped the old handshaking and authentication options as a part of the encryption changes. Losing features is always disappointing, but as they were implemented by messy custom OpenVPN patches, losing should speed up development and reduce the chance of problems. There’s more on the change here.) Transparency is important in a VPN, so we’re happy to see that almost all of PIA’s apps are open source. Developers can check out the source code for the Windows clients, the browser extensions, iOS and Android apps and more on GitHub. There are surprise app-related extras, too. For example, a capable command line app for Windows, Linux and Mac enables automating VPN operations from scripts. At its simplest, you could use this to create a shortcut which automatically connected to the VPN and then launched an app, but it can do much more (we’ll talk about that later.) The Private Internet Access monthly plan is priced at an average $9.95. You’ll pay something close to that with most providers – Hotspot Shield, IPVanish and Ivacy all charge around $10 for monthly billing – but a few ask more ( CyberGhost, ExpressVPN and Hide.me are all priced around $13.) The real value begins to kick in with the annual plan, priced at a very low $3.33 a month. Most top providers only get close to that with special introductory offers (Hide.me is just $3 a month for year one, but $3.75 on renewal.) The two-year plan is even cheaper at $2.65 a month for the first term (with two months free), $2.91 on renewal. The plan also throws in a free one-year license for BoxCryptor, a powerful service for encrypting cloud files from just about any provider (OneDrive, Dropbox, Google Drive, more.) This is already available in a basic free-for-personal-use version, but what you’re getting here is a license for the more capable Personal plan. This supports unlimited devices (the free version limits you to two) and cloud providers, and includes email support, and is worth $48 a year if your purchased it separately. Even if you’ve not the faintest interest in BoxCryptor, the two-year plan looks like excellent value to us. It’s significantly cheaper than NordVPN’s two-year deal, for instance ($3.71 a month), and although you could save a little with Surfshark ($2.49 a month on its own two-year plan), that’s only the introductory price – it doubles on renewal. PIA can now provide dedicated IPs in five locations: Australia, Canada, Germany, UK and US. This gets you the same IP address every time you log on, and as no-one shares it, you’re less likely to find you’re blacklisted due to someone else’s dodgy activities. But using the same IP also means you’re more likely to be recognized by websites, so this isn’t an option for everyone. Pricing is fair at $5 a month, with no discounts for longer terms. NordVPN is a little more expensive at $5.83 on its annual plan, but CyberGhost undercuts everyone at just $2.25 a month on its three-year plan. If you’re tempted to sign up for any of these plans, a wide choice of payment methods includes support for cards, PayPal, Bitcoin, gift cards and more. There’s no free trial, but PIA does give you a 30-day money-back guarantee. PIA’s Terms and Services has another surprise (and unusually for small print, it’s a good one.) Many VPNs say customers are only allowed one refund, ever. Private Internet Access says that if you purchase a new account more than three months after the last refund, you’re eligible for another. That’s unusually generous, but seems fair to us. If you try out a VPN and the service doesn’t work for you, it shouldn’t matter if you had a refund three years ago – you ought to have the same money-back rights as everybody else. All VPNs claim to deliver great privacy, but Private Internet Access combines an unusual mix of features which goes further than most. PIA’s apps mostly use only the latest and most secure protocols, for instance, in OpenVPN and WireGuard. OpenVPN protection is AES-128 by default, but in a click or two you’re able to switch it to AES-256 CBC or GCM, set local or remote ports or switch to WireGuard. Private Internet Access provides its own DNS to reduce the chance of DNS leaks. The apps are flexible, though – the Windows client can be set to use your default DNS, or any custom DNS of your choice. There’s also a kill switch to disable your internet access if the VPN drops. Unlike some of the competition, this isn’t only available on the desktop – the iOS and Android clients get it, too. Get connected with the Chrome extension and you’ll find a bunch of bonus privacy features (block location access, third-party cookies, website referrers and more). You could set these up separately and for free, but the extensions make it easier and they do add worthwhile extra layers of protection. PIA’s MACE feature blocks access to domains used by ads, trackers and malware, further limiting the ways companies can follow you around the web. As we mentioned above, and perhaps best of all, Private Internet Access has open-sourced its desktop clients, mobile apps and many other components and libraries. This allows other developers to freely examine the source code, assess its quality, report bugs, and maybe check to see whether it’s doing anything which might compromise the user’s privacy. While most VPN’s claim they don’t log customer activities or traffic, there’s rarely much to back this up. You’re expected to cross your fingers and trust they’re being honest. Private Internet Access is far more confident, claiming to be ‘verified’ as ‘the only proven no-log VPN service.’ The company seems to be referring to court cases where subpoenas have been served on PIA asking for account information, but the only data provided was the general location of the server IPs. Absolutely no user-related data was given up. Private Internet Access also publishes a Transparency Report detailing any official requests for information, and user data handed over. The report covering the first four months of 21 records two court orders, three warrants and 12 subpoenas received, with no logs produced for any of these requests. The Privacy Policy is normally the best place to look for more details about what a VPN is doing, but PIA’s is mostly about the website, and says almost nothing about the VPN. Eventually we found a support article, ‘Do you log the traffic of your users?’, which stated that Private Internet Access « absolutely does not keep any logs, of any kind, period. » It explains that logs which might otherwise be maintained are redirected to the null device rather than being written to the hard drive, which means they simply disappear. The article also includes this paragraph, which explicitly states that the firm doesn’t log session data or your online activities: « We can unequivocally state that our company has not and still does not maintain metadata logs regarding when a subscriber accesses the VPN service, how long a subscriber’s use was, and what IP address a subscriber originated from. Moreover, the encryption system does not allow us to view and thus log what IP addresses a subscriber is visiting or has visited.