Private Internet Access Features
Rating:3.5/5
Price:$2.03 – $11.95 per month
Refund period: 30 days
Based in which country: The USA
# devices per license: 10
# servers: Unknown
Server locations:142 locations in 85 countries, including the USA, UK, Australia, Canada, China, Germany, and Japan
Streaming sites unblocked: Netflix, Disney+, BBC iPlayer
Supports torrenting: Yes
Does VPN keep logs:No
24/7 customer support: Yes
Website: https://www.privateinternetaccess.com

Private Internet Access began commercial operation in 2010, and it was taken over by Kape Technologies in 2018. Kape Technologies also owns three other VPN providers: CyberGhost, Zenmate, and ExpressVPN.  The four VPN systems operate separately, and each has a unique selling point that enables them to appeal to different segments of the market.

The service of Private Internet Access changes your real IP address for one allocated by a VPN server. By choosing the location of the server that you connect to, you alter your apparent location in the world. This is a very useful trick, which we will explain later. The VPN connection between your device and the PIA server network is encrypted, blocking anyone, including your internet service provider, from identifying and logging your internet activity.  

In order to create this secure link, which is called a tunnel, the PIA system requires a piece of software on the protected device. This is the VPN app that enables the user to control the VPN system. This involves choosing the settings for the app, which influences how the VPN connection behaves, the server that a connection is made to, and the VPN protocol that will be used for the session.

Private Internet Access provides free apps for all of the major operating systems. It has mobile apps as well as desktop apps. The iOS apps for iPads and iPhones can be downloaded from the Apple Apps store, and the Android app is available from Google Play. PIA’s VPN system can also be accessed via a browser extension, which is available for Chrome, Firefox, and Opera. The VPN system can be set up on games consoles, smart TV, set-top boxes, and routers.  

You can install the PIA app or extension on as many devices as you like; however, you are only allowed up to 10 simultaneous connections.

Private Internet Access offers a secure system. Different elements in the service contribute to the high level of privacy offered by this VPN provider.

Private Internet Access location

Private Internet Access is based in Denver, Colorado, in the USA. Although this city is lovely, a base in the USA is not a good idea for a VPN. IPVanish also takes the same risk with its base in Orlando, Florida.

The problem with a US base is that US copyright lawyers are the most active anti-privacy force globally. This group of professionals is charged with stopping the illegal copying of media through torrenting. Cross-border access to entertainment is also illegal, and so the ability of PIA to get its customers into the US library of Netflix from abroad could get the business and its customers in legal trouble.

The US legal system has a lot of ways to force US companies and the individuals who work for them to break confidentiality. This is a particular problem for PIA because it has invested heavily in providing a large number of server locations in the US, with a stated aim of providing at least one server in each state.

This issue is the reason why VPNs boast about having a no logging policy. The theory is that if there are no records of user activity, there is nothing for the authorities or copyright lawyers to steal.

A VPN provides location anonymity by allocating a different IP address to a user to the connecting user’s real IP address. In order to know where to forward replies to fake IP addresses, the VPN needs to maintain a cross-reference table. Some VPN providers store these records beyond the end of a session. With this mapping, a copyright lawyer can break a torrent’s anonymity and make a link between a person and illegal internet activity.

PIA does not keep those mapping after a VPN session closes. However, US security agencies could easily force the VPN provider to commence activity logging for a specific user.

Payment anonymity

Until quite recently, a number of VPNs offered anonymous payment methods through the use of gift cards. This removed the possibility of a customer of a VPN service from being traced through the bank account that paid for the service. Just about all of the VPNs that used to offer this option no longer provide it. Private Internet Access is just about the only VPN system that operates such a service, and they don’t provide any links to the option on their main menu, and it isn’t offered as an option on their service order page. You must access the special Gift Card page to access the service.

This would be a handy service if a relative gave you a gift card for a store you don’t want to shop at. However, that isn’t the main reason that PIA offers this option. You can buy a gift card online using your credit card or walk into a store and pay cash, which gives you complete anonymity. You then pay for a number of days’ service with the PIA system using your gift card. As example of pricing, a $50 Walmart gift card gets you a 366-day credit, which works out at 13.66 cents per day. A $25 Best Buy gift card gets you 95 days of access, which is 26.3 cents per day.

To use the VPN service, you need to download a VPN app, which is the client for any connection you make. The app is very easy to use. You select a server location from a list and then click on a big button.  

PIA interface

The client then sends a connection request to the selected server. As part of this process, the client accesses the SSL certificate of the server, which is an identification system that provides authentication details. This holds the public key for the server. The client uses the public key to encrypt a challenge message and sends it to the server. The server decrypts the challenge and then accesses the SSL certificate for the client, encrypts an answer with the client’s public key, and sends it back.

That authentication process is a standard procedure in the SSL system (Secure Socket Layer), and it provides authentication for HTTPS, which keeps websites secure. The SSL details are actually implemented by Transport Layer Security (TLS).

An important feature of TLS is that it uses public keys, and the key for each device’s encryption cipher is held on a digital certificate, which is accessed through a certificate authority. A public key system uses different keys to encrypt and decrypt a text. You can decrypt with the encryption key, and you can’t derive the decryption key from the encryption key. Thus, the owner of a key pair can publish the encryption key (public key), and as long as the decryption key is kept private, only the true owner of the public key can read messages encrypted with that key.

PIA uses the RSA cipher with a 4096-bit key in its TLS procedures. This is the best security on the market – ExpressVPN, NordVPN, and CyberGhost also use this key length. Most paid VPNs available today, including Surfshark and IPVanish, use a 2048-bit RSA key.

The effective security of public key encryption key systems is not so great. PIA just uses it for the session establishment process and protects the passing of an AES key for the main session. You can read about AES further down.

All communications over networks and the internet are cut up into segments. Each segment is put into the payload of a packet, and the packet has a header on it with the destination IP address and source IP address. When you want to open a page in your Web browser, the browser sends a request for its code to the Web server that holds that site. Other internet-based software on your computer, such as torrent clients, do the same.

While the VPN connection is active, the VPN client encrypts every packet with AES – which includes encrypting the header.  Routers on the internet need to read the destination address, so encrypting the header means the packet can’t be routed over the internet. For this purpose, the PIA app puts that encrypted packet in the payload of a carrier packet and addresses that packet to the VPN server you chose. This process is called “encapsulation.”

The VPN server receives the packet, takes the inner packet out and decrypts it, removes your real IP address from the source address field in the header, and replaces it with its own IP address. It then sends the packet to the internet, where routers read the unencrypted IP address of the Web server that your browser put in the original packet.

When the VPN server receives a response from the Web server, it looks up which client it is for, encrypts and encapsulates the packet, and then sands it to your computer. The VPN client intercepts the arriving packet, unpacks the inner packet, decrypts it, and then passes it to your browser.

Why does the PIA VPN do this?

When the VPN tunnel operates, your internet service provider only sees the outer packet. Your ISP is legally obliged to record every IP address with which your computer communicates. These records must be stored – the exact retention period varies by country but is usually between six months and two years.

The purpose of activity logging is to enable security services and copyright lawyers to get information on what you did on the internet and when. The websites and Web services you access can be traced by the destination IP address. So, encapsulation masks your activity and makes the logs of your ISP useless for prosecution. ISPs can also use the IP address to block your access to sites, and the PIA VPN confounds that strategy, too.

The value of the VPN server’s actions in replacing your computer’s address in the source address field of the packet it forwards is that all IP addresses can be referenced to a physical location. This enables sites to decide whether to serve a request or block it based on where you are in the world. This is how websites can restrict access to people in specific countries.

It is important to select a VPN server in the right location if your purpose is to get around website access restrictions, such as a block on people outside the UK from streaming from the BBC iPlayer or the restriction on Netflix that limits each account holder to the media library for the country that they are in.

Private Internet Access VPN protocols

The operating procedures, message codes, and other rules about operating a connection features are laid down in standards called protocols. There are a number of VPN protocols in circulation, and PIA offers a choice of three of them. You can switch to a specific protocol in the Settings screens of the VPN app.

The VPN protocols that Private Internet Access offers are:

  • OpenVPN with TCP or UDP
  • WireGuard
  • IKEv2 with IPSec

OpenVPN is used by most VPN services. It is long-serving and provides stable service. Internet communications are governed by a large collection of protocols that are organized into the layers of a stack to ease comprehension. The Transport Layer of this stack takes care of session management, and the main system available here is the Transmission Control Protocol (TCP). You can use this service with your OpenVPN connection or forego all transport verification functions, such as checking for lost packets and ensuring that all packets are in sequence by opting for the User Datagram Protocol (UDP).

OpenVPN with UDP is the default protocol used in the Private Internet Access VPN app.

WireGuard is also provided. This is generally thought to be faster than OpenVPN, although it performs almost identical procedures. This service only uses UDP.

IKEv2 with IPSec is only available on iOS devices. This is another UDP-only system that uses less power and causes less drain on the batteries of mobile devices.

Private Internet Access encryption

Whichever protocol you choose, you get AES encryption for encapsulation. This is the Advanced Encryption Standard, and it was commissioned by the US government for its own use. This is probably the most secure encryption cipher in use in the world today.

An encryption cipher transforms the characters of a text into other characters by running each character through a formula. Most encryption ciphers are known to all, so anyone can decrypt a text just by reversing the encryption formula. However, this task is made harder by a missing element in the formula – a variable. Altering the value used for this variable completely changes the outcome of the encryption. The variable is known as the key.

Knowing the formula, it is possible to crack the cipher by running through every possible value for the key. Therefore, making the key longer makes the cipher harder to crack. Typical key lengths for AS are 128 bits and 256 bits. PIA offers AES-256 in all of its protocol options. With the open-source OpenVPN option, users can also opt for AES-128, which converts text faster.

Private Internet Access DNS leak protection

Web browsers work with Web addresses (URLs), but routers on the internet work with IP addresses. Before the browser can send a request for a Web page, it needs to find out the IP address for the relevant server at which that domain is hosted. This mapping between URLs and IP addresses is held in a network of distributed databases called the Domain Name System (DNS).

Your computer’s default DNS server is provided by your ISP, and this presents more opportunities for access blocking and activity logging. If your VPN requires your system to access the DNS of your ISP, this is known as a DNS leak. PIA provides its own DNS system, so you avoid the pitfalls of your ISP’s DNS service.

It is possible to alter the treatment of SNS queries within the VPN app. There is an option to leave DNS access outside the tunnel. However, this is not an advisable choice.

Private Internet Access IP leak protection

Unintended disclosure of an IP address can occur when a VPN drops a connection, leaving the computer to send traffic unprotected. This situation occurs when the internet connection breaks, causing the VPN session to end. However, if the loss of service is only brief, the device will quickly recover the connection and continue the connection. The user doesn’t notice the break or that the VPN is no longer active and so doesn’t know to turn the VPN back on.

PIA prevents any internet activity through a system called the Kill Switch. This blocks all access to the internet if the VPN is not working. Thus, the user notices the loss of service and turns the VPN on. This is an optional setting.

It is possible to choose which traffic goes through the VPN and which is left outside the service. This feature is called split tunneling. The Split Tunnel in PIA can be set to be split-include or split-exclude. You can channel only specified traffic through the tunnel (split-include) or protect all traffic except for that specified (split-exclude). This treatment applies to Web transactions and other internet traffic.

If you want to operate your own games server or a Web server for your small business, you need to have a fixed IP address available to you and you only at all times. The IP changing function of a VPN works against you in this scenario.

You can solve this problem by buying a dedicated IP address from Private Internet Access. You then set up your games console or Web server so that it automatically connects to the server on which you bought your IP address. Then you can tell others your fixed IP address and set up your website’s DNS entries to point to that address for incoming requests.

PIA offers dedicated IP addresses in:

  • Australia
    • Melbourne
    • Sydney
  • Canada
    • Montreal
    • Toronto
    • Vancouver
  • Germany
    • Frankfurt
  • United Kingdom
    • London
  • Singapore
  • United StatesAtlantaChicago
    • Denver
    • Jersey City
    • Las Vegas
    • Los Angeles
    • Miami
    • New York
    • Phoenix
    • Washington DC

The Dedicated IP service incurs an extra charge on your plan subscription:

  • One-month plan – $5 extra
  • One-year plan – $51 extra
  • Three-year plan – $135 extra

Private Internet Access hides your true IP address through a technique called Port Address Translation (PAT). This is a variation on Network Address Translation (NAT). One of the consequences of this system is that it is impossible for outsiders to see the actual port and IP address of your computer through the VPN., This is a great security service and acts as protection against hackers and malware – when implemented on routers, it is called a NAT firewall.

A problem with this system is that some services, such as P2P networks and games servers, expect you to be able to accept connections from other users and will advertise your IP address. The PAT system of Private Internet Access makes those direct connections impossible. So, the service offers a Port Forwarding service to solve this problem.

You activate the Port Forwarding functionality before connecting to a VPN server. To do this, go to the Settings menu, select Network, and then check the Request Port Forwarding box.

One of the main reasons people use a VPN is to dodge the geoblocking mechanisms on many websites. This annoyance is particularly prevalent on streaming services. This is because entertainment companies sell their content by territory, and streaming systems either only buy content for their home country and block anyone from overseas, or they just buy the rights to show the movie or show in specific countries.

Netflix, Amazon Prime, and Disney+ are available in many countries, and if you buy a subscription to any of these, you can still access the service when you travel abroad. However, the entertainment offered will be different in each country. You might also prefer to access the library in a different country even if you are not traveling – in systems such as Netflix, some national versions have more videos available than others, with the USA having the best choice.

By selecting a server in the appropriate country before turning the PIA VPN on, you can trick the access controls for streaming services and get into a system that is intended for a location other than your own.

Here is a list of the streaming services that we tested with Private Internet Access:

ServiceTest
NetflixTests confirmed for access to Japan, the UK, the USA, and France
Disney+Tests confirmed for access to the USA and France  
BBC iPlayerTests confirmed, accessing from the USA
ITV HubTests confirmed, accessing from the USA
Channel 4Tests confirmed, accessing from the USA
NBCTests confirmed, accessing from the UK

Other major streaming services that Private Internet Access gets cross-border access to include HBO Max and ESPN+. Private Internet Access wasn’t able to fool the UK or Japan servers for Disney+, and it couldn’t get into ABC streaming video from outside the USA. The system also has difficulty getting into Hulu and Amazon Prime.

Private Internet Access offers three payment plans. The price per month gets lower with longer subscription periods.

The options are:

  • 1-month plan: $11.95 per month
  • 1 year plan: $39.95 ($3.33 per month)
  • 3-year plan: $79.00 with an extra three months ($2.03 per month)

Many VPN providers add sales tax to their prices – Private Internet Access does not.

All plans, even the one-month option, come with a 30-day money-back guarantee. The free extra three months of service with the three-year plan only applies to the first subscription, so when it renews for three years, the monthly price works out at $2.19.

As a bonus, the one and three-year plans include a free one-year subscription to Boxcryptor, which is a third-party encryption system for files and folders held on cloud storage platforms. A package of malware protection is available as a paid add-on.

Private Internet Access accepts payments by credit card (Mastercard, Visa, American Express, or Discover), PayPal, Amazon Pay, and cryptocurrency. The cryptocurrency payment method is processed with Bitpay, which accepts Bitcoin, Ethereum, Dogecoin, and other cryptocurrencies.

When signing up, you will be asked for an email address. It is important that you give a real address because your username and password will be sent to it. Create a free Web email account for this use if you don’t want to give out your regular email address.

We tested the performance of Private Internet Access in the UK on a wireless mobile internet system run by the 3 networks, a division of CK Hutchison Holdings. For all of these test runs, the VPN protocol settings in the app were set to use OpenVPN over UDP with 256-bit AES encryption. Tests were carried out using the Ookla system at speedtest.net.

First, we tested a connection to a nearby server without the VPN turned on:

The download speed shown was 8.85 Mbps, and the upload speed was 3.70 Mbps. The PIA app shows the latency (connection speed) from your location to each VPN server, and at the time of the test, it showed the fastest speed within the UK to the Southampton server. After connecting to this VPN location, the speed test was run again.

The VPN dragged down performance, with the download speed reducing to 6.64 Mbps and the upload speed falling slightly to 3.53 Mbps.

Long distance didn’t show any speed deterioration on the unprotected line. This test went to Sydney, Australia:

Connecting to the other side of the world gets a download speed of 8.65 Mbps and upload speed of 3.59 Mbps.

Connecting through the Private Internet Access Southampton server showed the same degree of slowdown in download speed as that on a local connection:

The download speed dropped to 5.85 Mbps, the upload speed was around the same as that of the unprotected connection at 3.74 Mbps.

Other international connections through PIA servers in different locations showed varying performance. Connecting to Sydney through a VPN server in Philadelphia, USA, gave a download speed of 5.25 Mbps and an upload speed of 4.06 Mbps.

At the time of testing, all of the VPN servers in East Asia showed very poor latency in the speed test report within the server list. This statistics check gives you a good idea about which location to choose. It also showed a sudden deterioration in the speeds of all PIA servers during the short time span of the test. For example, the Southampton server’s latency dropped from 126 ms to 450 ms, and tests had to be suspended temporarily until performance improved.

Although Private Internet Access had decent speeds, the variation in the performance of the entire VPN network means that you could get very different results from one minute to the next.

  1. When you complete your purchase, you will be shown a Thank You page. This includes buttons to download the installer for desktop computers. Get the Android app at the Google Play Store and the iOS app at the Apple App Store.
  2. Click on the button for your operating system and accept the download. Once the process completes, click on the downloaded file to run it. The installer doesn’t require you to click through endless approval screens – it just runs to completion and then shuts down. It won’t put an icon on your Desktop, so you must find it in your applications menu to open the app.
  3. Look for an email from Private Internet Access at the email address you gave when buying the service. This contains your username and password for the app.
  4. If you install the mobile app, you can avoid having to copy and paste the user name and password by opting for a login email to be sent. Open this email on your device and tap on the button in the message. This logs you into the app.

Is there a Private Internet Access VPN free trial?

You can get a 7-day free trial of Private Internet Access through the VPN’s mobile app.  Get the Android app from Google Play or the app for iPhones and iPads from the Apple App Store and then open it. You will be presented with an offer to get the one-year plan or the one-month plan. Choosing the One year plan gets you the 7-day free trial. However, you have to enter your payment details. The company will delay taking the payment for seven days, and if you cancel before that period expires, you don’t pay anything.

How much does Private Internet Access cost?

The price per month for a Private Internet Access subscription is $11.95. If you take out a longer subscription, the monthly price gets cheaper. The longest plan is for three years, and PIA adds an extra three months to that for free. That plan costs $79, which is $2.03 per month.

Can Private Internet Access unblock Netflix?

Private Internet Access is able to get you cross-border access to Netflix. That means, if you already have an account with Netflix, you aren’t restricted to the entertainment library for the country you are in if you use the PIA VPN app. Select a VPN server location for the Netflix country you want access to and turn the VPN on before accessing Netflix to switch Netflix versions.

How do I use a VPN?

To use the Private Internet Access VPN, you must download and install an app. This is because a VPN connection is a secure link that is established between two points, and you need the software on your device to create one of those endpoints. The other endpoint is one of the servers operated by PIA. Once the VPN is connected, you just use the internet as you normally would.

Does Private Internet Access keep logs?

No. Private Internet Access does not keep logs, so this system provides strong privacy. You can ensure total privacy by paying with a store gift card. Go into the store and pay cash for the gift card and then buy usage credits for PIA with it. This way, your association with Private Internet Access can’t be traced through your bank account.

The verdict

Private Internet Access is a strong and secure service. Its speeds aren’t the hottest, but they are by no means the worst among the top 10 VPNs in the world. The system, however, does have variable speeds, so you can find that its performance will suddenly deteriorate for no apparent reason.

The PIA VPN is able to get cross-border access to Netflix – a task that is the touchstone of VPN excellence. Many VPN services claim that it is impossible to get past the proxy detection system of Netflix. This capability is also a good sign for those who want to get access to websites in China from outside the country or outside of Chine from within the country.

Take advantage of the 30-day free trial offered by Private Internet Access. The VPN provider’s prices are reasonable when compared with the other leading VPN systems.