TL; DR: You’re being watched. Whether it’s a tracking cookie or a criminal, someone can track every step of your online activity. As the world becomes more connected and accessible, VPN services like Private Internet Access can keep you off the grid and safe, whether you’re at home or on a public wifi network. As a satisfied customer myself, I was excited to talk with Co-Founder Andrew Lee and CEO Ted Kim about how the company provides a secure tunnel to their network.
It’s time for a bathroom break, and you’re home alone. What do you do? Do you close the door?
If so, you understand the importance of individual privacy, according to Private Internet Access CEO Ted Kim (By the way, he would close the door). Even if you don’t think anyone is watching, it’s better to be safe just in case.
“It doesn’t mean I’m doing anything bad in there, it just means I have an expectation of privacy in certain areas of my life,” he said.
The same can be said for online privacy. In an age where governments, Google, and Facebook watch what you do online, more people are looking for ways to protect their online activities. Just like you wouldn’t want someone to watch you enter your PIN into an ATM, you don’t want someone to know what you’re doing online.
Enter Private Internet Access, otherwise known as PIA. The company provides Virtual Private Network (VPN) access to users who wish to hide their browsing history and physical location from anyone who might be looking.
“We want people to be able to use technology and the Internet as they want to, as it should be: to share information, to learn things about the world, to be able to go out and experience things they could not in the real world,” Ted said. “We want to enable people to do all that without fear of being judged or being watched or having somebody looking at you all the time.”
How Private Internet Access Keeps You Anonymous — And Proves It
As people started to use the Internet and understand the capabilities of technology, the concept of data mining or invading others’ privacy didn’t really register on the general public’s radar.
“However, privacy has always been a big issue on the Internet among early, experienced users,” Andrew said. “The awareness of it has been growing among society.”
In the early days of the Internet, masking your IP address “was kind of the same thing as brushing your teeth,” Andrew said, keeping the bathroom analogy alive. “You just don’t connect to the network with your IP because everyone is going to send all kinds of attacks. It was a world where it was just normal to hide your IP.”
Re-Routing Web Traffic Through a Limited Number of IP Addresses
In layman’s terms, a VPN replaces a user’s IP address with one of the company’s anonymous IP addresses, meaning a user’s data is encrypted and geographic location is changed. PIA operates at the TCP/IP interface level, meaning all of your applications — not just your web browser — will be secured.
PIA, whose services can cost as little as $3.33 per month, routes VPN users through gateways in nine US locations and 24 international locations in places such as Canada, Europe, Australia, Russia, Turkey, Hong Kong, Singapore, and Brazil.
“We actually have a very limited number of IP addresses because we want all of our users essentially to be using the same IP addresses,” said PIA Co-Founder Andrew Lee. “You could call it obfuscation. The traffic gets lost in the crowd because everyone has the same IP address.”
No Logging Means No Records — Just Ask the FBI
While most VPNs — including PIA — claim not to log or keep any records of users’ behaviors, there’s essentially no way to verify that.
PIA, however, was put to the test earlier this year when the FBI ordered the company to turn over information about a Georgia man who had sent a number of false bomb threats.
While PIA will comply with valid legal requests, the fact of the matter is that they just don’t have the data to give. In the case earlier this year, all PIA could tell the FBI was that the user was a subscriber to the service after they located his PIA login through separate means.
“We don’t monitor anything, so we don’t know what anybody is doing,” Andrew said. “You can safely use PIA and know who we are and what we stand for. Our network is completely uncensored, unfiltered, unmonitored, and has no logging. It’s the Wild, Wild West.”
Building and Scaling a VPN is Filled With Nuances and Proven Programs
Andrew says that, while PIA built its network a bit differently, he can’t go into too many details without revealing the recipe to the secret sauce. Hard to fault a company brokering Internet privacy for keeping proprietary details close to their chest.
At the most basic, he said, you start with servers and really fast Ethernet connections. The servers run various VPN server daemons; PIA runs PPTP, IPSEC/L2TP, OpenVPN, and SOCKS5 for proxy servers.
As for software, Andrew said that PIA tends to shy away from cutting-edge products. They’ll review a program’s code and features and file it away in their memory in case they want to backport it eventually.
“We like to use stuff that has been tried and true and tested,” Andrew said. “We don’t want to take any chances.”
As more people flocked to PIA, Andrew said his team quickly discovered the limits to servers, ports and switches.
“Scaling is not as linear as it sounds,” he said. “You can’t just add servers. It’s hard to explain without giving it away. It’s really cool, though.”
Lifecycle of Development: Internal Communications to Pushing Code Live
PIA employs roughly 10 developers who work in Java and Objective-C to maintain their native Android and iOS apps. The developers originally used Titanium to facilitate a cross-platform desktop codebase, but the company recently began sponsoring and using NW.js, formerly known as Node-Webkit.
Encrypted Messaging is the Norm for Employees Spread Around the Globe
Although PIA is based in Los Angeles, employees also live and work in South America, Europe, and Asia. Unsurprisingly, PIA employees adhere to a “crazy strict” internal security policy when it comes to communicating with each other, Andrew said.
“We’re a privacy company. We can’t have even a single instance of compromise,” he said. “It’s a crazy policy, but there’s reason for it.”
Instead of the standard Slack that most tech companies tend to use, PIA has used mostly Off-the-Record Messaging, or OTR. If they need to communicate with someone outside PIA, employees will use IRC.
“We kind of stick to anything that’s end-to-end encrypted, if possible,” Andrew said.
New Code is Funneled Through QA and Co-Founders
New features and user-interface-related updates go through the QA department. Once it passes, PIA will publish betas on their forums for users to try out.
According to Andrew, PIA developers need to make internal requests to move code through one of the Co-Founders, who incorporates the changes into the live version.
Apps and Infrastructure are Updated to Ensure Best Connection
PIA recently released new versions of their iOS and Android apps, and they’re working on changes for their Mac, Windows, and Linux desktop apps.
“One of the cool things inside our Android app is that we actually allow the end-user to specify which apps go through PIA and which don’t,” Andrew said. “That’s just one of the many features to come this year as we focus on the user experience, the features in the apps, as well as the security itself.”
The PIA team continually works on improvements to their network and datacenters to ensure users get the best connectivity.
“In order to do that, it requires significant changes in actual core routing infrastructure at these facilities,” he said. “It can be costly and difficult, but we’re going through one location at a time.”
PIA Keeps You Anonymous as the World Becomes Increasingly Connected
The need for privacy can be applied to all sorts of routine, day-to-day operations beyond the bathroom or the Internet, Ted said. For example, we wouldn’t think about getting into a car that didn’t have airbags, anti-crumple zones, automatic brakes, or any number of other safety features.
“But how long do we spend in our car — an hour a day, maybe?” he asked. “We’re on our phones and connected 24/7. You utilize technology much more than your car, but you’re not always thinking about how you need to protect yourself and everything you’re doing.”
Just as automakers introduce new safety features as various hazards present themselves, PIA will continually evaluate their services and features.
“We’re still really early in the beginning of all this,” Ted said.
“As data and access to data and connectivity become more a part of our lives, these things will continue to be ever-evolving,” he said. “The challenge for us is that, as people become more aware of this and as the technologies continue to grow, we have to make sure that our products and services continue to advance along with it.”