PIA does something else good

[Khariz 109]

This is pretty cool, just thought I'd share.  I'm already using the 2.4 release candidate. Good stuff.

 

https://www.privateinternetaccess.com/blog/2016/12/private-internet-access-funds-openvpn-2-4-audit-noted-cryptographer-dr-matthew-green/

[LZ1 672]

Hello!

 

Makes you wish they'd invest the same into their own client firstly lol. What's the point in having the latest security review of X, Y, Z, when your own software is classed as malware. While I certainly think it looks cool to do this, it's just marketing. It seems they're always trying to "show up" everyone else, by talking about how good they are, what they're doing and so forth. But in a sense, I feel that talk is cheap. If they would actually back it up and "get the basics" down first, then I'd see more value in that move. Thank you for sharing of course . I do wish AirVPN would be *just a little* more like PIA in terms of announcing though.

[Khariz 109]

Yeah, I can't believe how much garbage their client is.  But their heart seems in the right place, if they would just hire a real application developer.  I'm glad they are paying for an additional audit of 2.4.  Can't hurt.

[Staff 9972]

We are reflecting on this carefully due to OSTIF comments. Below you find quoted the passages that in our opinion deserve further consideration.

 

https://ostif.org/openvpn-audit-updates-news-and-more/

 

Two days ago, we learned about another effort to get OpenVPN 2.4 audited. We are thrilled to know that there are VPN companies that are willing to contribute significantly to the OpenVPN project. [...]

 

They have made it clear that they have no intention to support the community effort, nor will their audit project collaborate with ours for the greater good.

 

 

We do not know the circumstances that led up to their decision. We have reached out to them directly and through multiple parties to collaborate on this effort. The only response we have received was through a 3rd party, and that they do not intend to collaborate. We are confused as to their intentions with this effort, but the evidence leads us to believe that this is an effort to derail the community audit, and possibly take all of the credit for themselves for marketing purposes.

 

Kind regards

[go558a83nk 362]

We are reflecting on this carefully due to OSTIF comments. Below you find quoted the passages that in our opinion deserve further consideration.

 

https://ostif.org/openvpn-audit-updates-news-and-more/

 

Two days ago, we learned about another effort to get OpenVPN 2.4 audited. We are thrilled to know that there are VPN companies that are willing to contribute significantly to the OpenVPN project. [...]

 

They have made it clear that they have no intention to support the community effort, nor will their audit project collaborate with ours for the greater good.

 

 

>

We do not know the circumstances that led up to their decision. We have reached out to them directly and through multiple parties to collaborate on this effort. The only response we have received was through a 3rd party, and that they do not intend to collaborate. We are confused as to their intentions with this effort, but the evidence leads us to believe that this is an effort to derail the community audit, and possibly take all of the credit for themselves for marketing purposes.

 

Kind regards

 

interesting.  PIA have a win-win scenario.  If their audit finds problems - they look like heroes not only because they found problems but because they are probably still using some ancient hacked version of openvpn that they can claim is SAFE!.  If their audit doesn't find problems they still take credit in marketing for the wonderful work they've done.

[Ricnvolved1956 51]

Is this just a puff piece for PIA? Or something more substantial?

 

http://www.tomshardware.com/news/amd-radeon-crimson-relive-driver,33155.html

[serenacat 83]

I think that url is for the next article.

http://www.tomshardware.com/news/matthew-green-audit-openvpn-software,33157.html

seems to be an edit down of the PIA "press release".

<p>

But I have seen Linuxers complaining about vendors like AMD forcing dependency on closed source drivers and utilities which are a potent risk of spyware and refusing to cooperate or legally threatening efforts to create open source drivers for desirable devices.

<p>

The OpenVPN source is interesting at https://github.com/OpenVPN/openvpn/tree/master/src/openvpn

C code from the mid 70s and 80s. An earlier generation language vulnerable to intermittent bugs and security weakness in the programming code. But well understood and simple for experienced software engineers, and built using GNU tools which are well trusted rather than depending on a few vendor tools.

<p>

Having competing audits seems like a good thing if a bragfest at the end, and they should just get on with it rather than do a food fight.

[LZ1 672]

Well Khariz, AirVPN can play the audit game too

[Revelead 16]

Cool, PIA did something for openvpn 2.4

But why do they need OpenVPN 2.4 if their client sucks ass. I tried them out and most of the servers were slow and i had disconnects the whole time. Their client? Lacks of basic features. Even TorGuard has more client features *shrugs*

[Khariz 109]

I would never use the PIA client.  OpenVPN only if you are going to use PIA.

[Khariz 109]

Well Khariz, AirVPN can play the audit game too

Good Stuff.  I contributed to OSTIF as well.  It may be worth noting that OSTIF is Derek Zimmer (VikingVPN).  Although he tries to maintain OSTIF as a completely seperate entity from VikingVPN, I don't find his non-profit agency performing an audit to be terribly different than PIA paying for one to be done, other than he doesn't plan to *directly* profit from it. 

 

Don't get me wrong.  I really like Derek Zimmer.  I think he's a good guy.  I've talked with him via e-mail a few times, and I think he has his head in the right place.  I bought a year's sub to VikingVPN just to support his company as well ( I don't really use it because my devices pretty much stay connected to AirVPN servers).  I tossed some cash to OSTIF too.  Good project.