Responsible for giving the long-awaited successful rubber stamp was Deloitte, considered one of the Big Four auditing firms across the globe. Specifically, Deloitte Audit Romania has been looking into PIA's VPN servers infrastructure and management systems for any faults or vulnerabilities that could expose and/or store users' data.
As of 30th of June 2022, the auditing experts confirm that server configurations align "with internal privacy policies and are not designed to identify users or pinpoint their activities."
PIA network designed to prevent data retention
"We’re long-time advocates for digital privacy and cybersecurity in the US, and now we have an independent audit that attests to our No Log VPN service," the provider wrote in a blog post.
The developers explained that they have specifically designed the network infrastructure to prevent any type of data retention. The provider uses RAM-only servers, for example. Unlike those running on hard disks, the memory is volatile and information is not retained after power-off. All the servers are also configured to routinely reboot so that all data is immediately deleted.
PIA also claims to disable all error logs and debug information to secure users' data even in case of a hack. "Despite potential drawbacks to our developing and debugging processes, it’s an acceptable trade-off to securing user data," it explains.
And, for those worried about the company having its headquarters in the US - a member of the Five Eyes Alliance - PIA assures that consumer protection laws actually bar the government from forcing US-based VPN providers to violate their zero-log policies.
"This Deloitte audit is just another milestone in our journey as privacy activists," wrote PIA.
For customers worried about their online privacy, it is vital to know if their data security is actively protected. This is the reason why VPN audits conducted by trusted third-party experts are a growing practice among leading VPN providers.
An independent verification over companies' policies and software infrastructure can ensure companies actually stand up to their marketing claims, while checking that nothing is missing during the development process.
Even though a no-log verification can be considered as just a first step in the security auditing process - other providers like ExpressVPN, NordVPN, Surfshark and Mullvad have all subjected their whole security infrastructure under scrutiny to third parties - it still shows PIA's commitment to delivering a secure and trustworthy service to its customers.
PIA is one of the few VPN providers on the market to have all its apps open-sourced, for example. This means that everyone can analyze their code looking for any bugs.
The provider also announced ongoing extensive hardware optimization and an upcoming update on its Transparency Report together with the willingness to carry on further independent audits.
"We take our No Logs policy seriously, and this audit is not our final endeavor. In the future, we’ll continue to be transparent with the security safeguards we put in place for our users."
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to email@example.com