Private Internet Access is committed to maintaining the security and privacy of its users. In order to facilitate this, our engineers have built a decentralized system and continue to follow industry best practices. However, sometimes vulnerabilities can still exist.
If you believe you have discovered a vulnerability, we encourage you to follow whitehat practices and practice responsible disclosure, by informing us right away. We prioritize the investigation of reports and harden our systems if they are legitimate.
In order to provide a reward to whitehat security researchers and multi-hat wearing security researchers alike, we would like to offer a monetary prize, anonymously, in Bitcoin to an address you may specify. If you would like to have recognition by name, or nickname, we will also be happy to interview you on our blog. Some examples of potential rewards include thousands of US dollars for confirmed, unique SHELL access or SQL access like vulnerabilities. Each report will be examined on a case by case basis for legitimacy and severity. Note that at this time, forum software vulnerabilities are not eligible for this program; we encourage you to report them directly to the Vanilla Forums developers.
In addition, if you provide us time to respond to your discovery and do not damage our systems, then we will not pursue any criminal charges. Please e-mail [email protected]