PIA programs are leaking your username and password

The PIA program for Linux and Windows have a program design flaw, which temporarily stores your username and password in an unencrypted file.

“It happens because there are 2 (main) processes one handling the GUI and one which handles the connection. As someone is connecting to the VPN the GUI process writes the username and password in plain text into a file called user_pass.txt in the installation folder. Then the second process is being spawned an reads from the file and deletes it. So if you block the file from being deleted you can read the username and password in plain text.”

MacOS is unaffected.

github.com/offsec1/PIA-username-and-password-leak

Private Internet Access is one of the most commonly used VPNs

Attached: 1533006279788.jpg (868x960, 60K)

Other urls found in this thread:

en.wikipedia.org/wiki/Pia,_Pyrénées-Orientales
twitter.com/AnonBabble

>not using openvpn

>The PIA program for Linux
Literally what?
I was using OpenVPN version on Linux.

what the fuck is a pia program

is this like those pia pets they used to advertise on tv 12 years ago

This

Looking at your own hand jerking you off is the last thing you want to do while masturbating

Jesus jacking me

I wouldn't call it a leak so much as a design flaw. It stores it in plaintext in your own filesystem, if that has been compromised an attacker could just as easily capture all of your keyboard input. Nevertheless, you should use your credentials to connect directly to the VPN via OpenVPN.

This. My seedbox comes with openvpn.

What an awful post. You probably thought that was really clever, didn't you?

There is always this.
Fact is that you have to assume the client's machine is secure anyway. If it's compromised then what can you do?

>imagine tatoo like tis with ur waifu

Attached: Sevenvaganias.png (1139x1079, 470K)

Why use any VPN client other than OpenVPN? On desktop at least.

The PIA android app isn't awful, I like the adblocking

you can't prove VPNs aren't a scam

>storing passwords unencrypted on a text file, even if temporarily
lmaoing @ these retards.

>pay money for service
>receive service
???

Attached: f3sryshho4d11.jpg (3024x4032, 636K)

>your waifus left hand is hairy and manly

Ew

>service is not as promised
>they it's not as promised
>take your money anyway
>not a scam

In what way is it not as promised? Your traffic is routed through their network, that's the service, and it's trivially verifiable.

Now why would they lie about it?

what is pia?

private(lol) internet access

cheap VPN

en.wikipedia.org/wiki/Pia,_Pyrénées-Orientales

Unless malware was installed on my pc to intercept the login info at that very instant its not much of a concern.

>His waifu's let hand is NOT hairy and manly

Attached: __dark_skinned_girl_original_drawn_by_23_real_xxiii__sample-6a1c66e724650a31366b757effc5fcc6.jpg (850x1203, 236K)

What an awful post. You probably thought that was really clever, didn't you?

But the girl in your picture still is pretty feminine and her hands are too even though she's buff

PIA is a scam. Who cares about LTT's dumb audience falling for it?

Scam VPN service.

>PIA
American based, it's a scam. As for others, it's doubtful as long as they're listed on privacytools.io

Anischerally thou probably clever, didn't you? Anischer, didn't that awful probably thou? Anischer, didn't yought an awful post. Yought an awful post. You? Anischer, didn't you post. You? Anischer, didn't was really clever, didn't was really clever, didn't yought an an an awful post. Yought that awful probably thou? Anischer, didn't thou? Anischer, didn't you? Anischer, didn't was really cleverally that that was really cleveral! What awful probably thought was really thou probably that an awful pos

Is PIA the only VPN that has gone to US court and not given up user data?

fuck off

cringe

Probably not, but it's probably the only one that's done it three times.

Also protip: PIA works fine with OpenVPN, you don't need their client at all.

i've used open vpn but it was too laggy
I currently use pia, guess im riding it out till the subscription expires

>using your left hand to masturbate

are you retarded?

>user_pass.txt

Attached: 1509731792344.png (3160x3254, 1011K)

>American based, it's a scam.

except every compromised VPN out there has NEVER been PIA , always someone else

How is it a scam?

Nice propaganda

So how would Jow Forums solve the problem is the 2nd process needing to log in with the 1st process' credentials?

>he doesn't use a long sleeved hoodie to jerk it

That's what I'm interested as well.
This seems like the quickest and most intuitive implementation, but also kinda hacked together.

Storing the password in a text file isn't the issue. The issue is that every single program running as your user can read it. If the file was owned by another user then this would be a mute point as only that user would be able to read it.

any normal method of IPC, like a socket

Actual ipc

>using private botnet access

There's no breaks on this train user...

Attached: Lucifuge(handsome).jpg (388x591, 58K)

>PIA programs
I have no idea what that's supposed to mean.

>not using NordVPN
Haha

a pain inthe ass

t. uses Russian vpns and reads reuters

They're officially based in Panama but they have servers in the USA in a city where there happens to be an NSA office. Combine that with the fact that they run ads all over the place for their service, and suffice to say that there's more than enough reason to suspect it's an NSA botnet.

I am not a lardmerican.