Protect your online privacy as the Coalition turns the screws

Between mandatory metadata retention, website blocking and the piracy crackdown, Australians have more reason than ever to be concerned about online freedoms and privacy. Of course if you find yourself on the NSA hit list then you can kiss your liberties goodbye, but the rest of us might put our faith in a privacy-focused Virtual Private Network to protect against mass surveillance.



There's no shortage of free and paid VPN providers, but a few such as Private Internet Access (PIA) stand out from the crowd thanks to the extra steps they take to protect the privacy of their customers. At $US39.95 per year, PIA supports five simultaneous users with unlimited bandwidth, global VPN gateways and the protection of OpenVPN security.



Anonymous billing and no traffic logs



If you're not keen on handing over your credit card or PayPal details, PIA accepts anonymous payments via the Bitcoin cryptocurrency and Ripple payment system. It also has a deal with PayGarden.com which lets you subscribe to PIA anonymously using gift cards from hundreds of retailers like US giants Walmart, Target, Best Buy and Starbucks.



PIA keeps track of your registered email address but, as for keeping records of your online activities, you'll have to take the VPN provider at its word.



"We absolutely do not log any traffic nor session data of any kind, period. We have worked hard to meticulously fork all daemons that we utilize in order to achieve this functionality. It is definitely not an easy task, and we are very proud of our development team for helping Private Internet Access to achieve this unique ability."



It's obviously difficult to test the validity of such claims, and you have to balance them against the fact that PIA is a US-based company and thus subject to the Patriot Act and PRISM surveillance. Despite PIA's promises, if the spooks come knocking it has little choice but to cooperate. Of course the spooks clearly aren't afraid to bend the rules so you could argue that no jurisdiction is truly safe.



Who are you hiding from?



All that said, PIA rates highly in TorrentFreak's review of the global VPN providers which take privacy seriously. PIA may or may not be able to keep the NSA at bay, but you might consider its efforts sufficient protection against Australia's metadata retention scheme and website filters, as well as Hollywood's piracy hunters – at least until we see the final wording of the Trans Pacific Partnership.



Once you engage PIA's VPN, efforts to trace your online activities back to you should hit a dead end with PIA's IP addresses rather than the IP address logged by your Australian ISP as part of the metadata retention scheme. Using a VPN to tunnel to another country also bypasses mandatory website filtering enforced by your Australian ISP.



Remember, your appropriate level of security depends on who you're trying to hide from and why. Cookie analysis, web bug tracking, browser fingerprinting and other tricks can help identify you even behind a VPN without logs, especially if you use the same browser with and without the VPN enabled.



You might consider "hardening" your browser with plugins like HTTPS Everywhere, Disconnect, Ghostly and NoScript – although unfortunately these can make your browser fingerprint more distinct. Alternatively you could run a fresh browser on a fresh OS installed on a virtual machine and blow it away after each browsing session. It all depends on how paranoid you are, and whether it's with good reason.



How about Australia?



PIA operates 27 VPN gateways across 17 countries, with the two in Australia theoretically offering the fastest connection speeds – although not necessarily putting you beyond the reach of local website blocking. It's easy to switch between countries on the fly depending on your needs.



It's very unlikely that the Australian government will block VPNs as part of the copyright crackdown or under the TTP, with communications minister Malcolm Turnbull acknowledging that thry have many legitimate uses. That said, if the Australian government decides to specifically target seemingly pirate-friendly VPN services then PIA would likely be on the hit list.



Unlike many VPN providers, PIA doesn't throttle peer-to-peer file-sharing traffic such as BitTorrent. Opinions vary on the best international VPN server to use if you're concerned about being nabbed for copyright infringement. Switzerland and the Netherlands were once considered file-sharing havens – PIA runs VPN servers in both and a SOCKS5 proxy server in the latter – but European law is bringing them into line.



Australia's piracy crackdown and the boom in legitimate alternatives might be cause to reconsider your approach to copyright infringement rather than use a VPN to fly under the radar.



SOCKS5 proxy server



Proxy servers offer an alternative to VPNs by routing your traffic via a middleman to mask your location and bypassing restrictions. While they're handy for beating roadblocks like network or ISP-level web filtering, you're forgoing the extra protection of an encrypted VPN connection.



Only a handful of VPN providers such as PIA and TorGuard offer access to a SOCKS5 proxy server, PIA's is in the Netherlands. While you can alter the proxy server settings in a wide range of devices and applications, using the PIA server demands support for SOCKS5, which is relatively common, and support for password authentication, which is not.



The SOCKS5 service is most likely to appeal if you want to use it with a compatible BitTorrent client. If you can't run a VPN then you might consider SOCKS5 your plan B (or you might employ the belt and braces option and use them in conjunction). The proxy server masks your true IP address from other BitTorrent users, which in theory should keep you safe from the pirate hunters. It doesn't encrypt your traffic to shield it from your ISP – which in theory shouldn't matter in Australia, at least for now. At this point it's not your ISP's job to detect illegal file-sharing.



A SOCKS5 proxy server isn't a great choice if you're just looking for a browser-based solution, as it's much slower than a straight HTTP proxy server. You might also struggle to find a browser or browser plugin with supports SOCKS5 with authentication if you're using MacOS which often insists on using the system settings. Windows is more flexible.



PIA offers VPN client software for Windows and MacOS, plus detailed set-up guides for Windows, MacOS, Android, iOS and several flavours of Linux. Add to this specific devices like the D-Link Boxee Box and routers running DD-WRT, Tomato or PfSense.



I also supports PPTP, L2TP/IPsec and OpenVPN connections – the latter considered the most secure. The Windows and Mac desktop clients offers several encryption, authentication and handshake settings, offering OpenVPN AES-128 encryption by default with the option to bump it up to AES-256. You might be limited to AES-128 on some devices, which is more likely to concern military whistleblowers than illegal file-sharers.



Kill switch



The desktop clients deserve specific mention, not just for AES-256 support but also because of the kill switch option which instantly cuts internet access if the VPN connection fails. This ensures that you don't accidentally use the open internet for activities that you'd rather keep to yourself.



While the kill switch is a handy safeguard it alters your system network settings. Temporarily disabling it should be as simple as unticking a box, but on Windows it's temperamental and if you upset it you can cripple your internet access completely. At this point I needed to uninstall the VPN client, the VPN network adaptor and the physical network card before I could connect to the internet, then reinstall it all to use PIA again.



If you regularly want to use your computer for other tasks with which the VPN interferes, then PIA's temperamental Windows kill switch might be impractical (I can't vouch for the Mac client). Your mileage may vary but the VPN is likely to interfere with servers designed to run over your LAN around your home, whether it be a streaming media server or a gaming server.



If you want a file-sharing machine to double as your media server and run into trouble then one workaround might be to automatically copy across downloaded files to your Network Attached Storage drive which acts as the media server. That's assuming you can't run appropriate privacy protections on the NAS itself, although this would come at the expense of the kill switch and perhaps SOCKS5 support.



If you want your VPN computer to be a multi-purpose machine then you might want to forgo the extra protection of the kill switch (making SOCKS5 an attractive backup security measure for file-sharers). Alternatively you might look to competing services such as VyprVPN or NordVPN which offer an application-specific kill switch but no SOCKS5 support. You'll also find standalone VPN kill switch apps.



Keep in mind that running extra servers on your privacy-centric PC and dealing with issues like port forwarding and uPNP can compromise your security efforts. It's important to do your research when configuring your computer to run silent, start by reading PIA's uTorrent configuration guide. Depending on how concerned you are about security and who you're hiding from, you might decide it's best to keep your VPN computer as a dedicated privacy workstation.



DNS and IPv6 leaks



If you're using the SOCKS5 proxy server with a BitTorrent client then you'll want to test it with tools like TorGuard's Check My Torrent IP Address before you enable the VPN. Once your VPN is running, file-sharing or not, you'll also want to check for DNS leaks – when your computer gives away information by inadvertently using your ISP's DNS server to look up a website rather than the VPN provider's DNS servers.



The PIA Windows client offers options to block DNS and IPv6 leaks (MacOS only offers IPv6), but as an extra security precaution you might want to assign your computer a fixed IP address on your network rather than let it grab a new one each time it reboots.



So what's the verdict?



PIA's VPN kill switch and SOCKS5 support make it particularly attractive for people looking to set up a dedicated privacy workstation – running a VPN and perhaps a hardened privacy-conscious browser – whether they're sharing files or simply concerned about the implications of the metadata retention scheme.



Others might find PIA overkill for their privacy needs, but it all depends on who you're hiding from and what you're prepared to trade in return for convenience. If you don't care about SOCKS5 then evaluate rivals like NordVPN and VyprVPN, but make sure you also evaluate their billing options, privacy statements and overall reputations.



There are no 100 per cent guarantees when it comes to online privacy and security, it comes down to striking the right balance according to your risk profile. If you're trading military secrets then you'll obviously set the bar much higher than if you're trading episodes of Game of Thrones.



At the end of the day a service like Personal Internet Access is better-suited to protecting you against mass surveillance rather than targeted surveillance. If the Eye of Sauron looks your way, you'll need more than a VPN to keep you safe.

