One of the best VPN services out there today, Private Internet Access (PIA) recently conducted an independent third party audit on no-login privacy promises, with positive results.
Responsible for giving the long-awaited, successful seal was Deloitte, considered one of the Big Four auditing companies around the world. In particular, Deloitte Audit Romania looked at PIA’s VPN server infrastructure and management systems for any flaws or vulnerabilities that could disclose and / or store user data.
As of June 30, 2022, audit experts confirm that the server configurations comply “with internal privacy policy and are not intended to identify users or indicate their actions.”
PIA network designed to prevent data retention
“We have long been a proponent of digital privacy and cybersecurity in the US, and now we have an independent audit to validate our No Log VPN service,” the provider wrote in a blog post. (opens in a new tab).
The developers explained that they specially designed the network infrastructure to prevent any kind of data retention. The provider uses RAM only servers, for example. Unlike those running on hard drives, memory is volatile and information is not retained when the power is turned off. All servers are also set up for routine rebooting so all data is instantly wiped out.
PIA also claims that disable all error logs and debug information to protect user data even in the event of a break-in. “Despite the potential shortcomings of our development and debugging processes, this is an acceptable trade-off in securing user data,” he explains.
And for those worried that the company is based in the US – a member of the Five Eyes Alliance – PIA ensures that consumer protection laws actually prohibit the government from coercing US VPN providers from violating their zero-logging policy.
What’s next?
“This Deloitte audit is another milestone in our journey as privacy activists,” wrote PIA.
Customers worried about their online privacy need to know if their data security is actively protected. This is the reason why VPN audits by trusted third party experts are an increasingly popular practice among leading VPN providers.
Independent verification of company policies and software infrastructure can ensure that companies actually live up to their marketing claims while also ensuring that nothing is missing from the development process.
While the no-logs verification can be considered only the first step in the security audit process – other providers such as ExpressVPN, NordVPN, Surfshark and Mullvad have put their entire security infrastructure under third party scrutiny – this still demonstrates PIA’s commitment to delivering safe and trustworthy services to their clients.
PIA is one of the few VPN providers on the market to make all its applications open source, for example. This means that anyone can analyze their code for errors.
The supplier also announced an ongoing extensive hardware optimization and an upcoming update to its Transparency Report, as well as a willingness to conduct further independent audits.
“We are serious about our no-logs policy and this audit is not our final endeavor. In the future, we will be transparent about the safeguards we have put in place for our users. ”