CyberGhost is a VPN service you see recommended all over the internet on various “best VPN” and assorted “review” websites.
However, after doing an honest and in-depth analysis for this CyberGhost review – including extensive performance tests – I found a number of concerning issues:
- CyberGhost was found to be using session recording scripts on their website (Hotjar), which record everything visitors do on the site and store this information on third-party servers.
- CyberGhost’s “ad blocker” does not block anything on HTTPS websites. Also concerning is that the ad blocker works through traffic manipulation, rather than blocking DNS requests.
- The performance was also poor – especially when compared to other industry-leading VPN providers.
- CyberGhost is now owned by an Israeli company called Kape (previously Crossrider), which has an alarming history of producing malware, as we will examine in detail below.
*But owned by an Israeli company called “Kape” (formerly Crossrider), which has a history of producing malware.
- User-friendly applications
- Competitive price
- Live chat support
- Poor speeds and performance
- CyberGhost’s website uses invasive session recording scripts
- False “no logs” statements
- Broken ad blocker for HTTPS sites
- Selling “lifetime VPN” subscriptions through third-party websites
NOT RECOMMENDED – Due to the issues uncovered in this CyberGhost review, I cannot in good faith recommend CyberGhost VPN to any of my readers, especially considering the history of the parent company and its involvement with malware.
There are, however, some alternatives that are faster and also do a better job respecting user privacy (no invasive data collection or false “no logs” claims).
Best alternatives to CyberGhost VPN:
Who owns CyberGhost? Crossrider – now “Kape”
CyberGhost was previously owned by Robert Knapp – a German tech entrepreneur – and based/operated out of Romania. However, that has all changed since Knapp sold CyberGhost VPN to Israeli investors.
In 2017 Knapp sold CyberGhost to an Israeli company called Crossrider for €9.2 million.
Crossrider is owned by the Israeli billionaire Teddy Sagi. According to Wikipedia, Sagi has an interesting history, which includes being a convicted of “grave deceit, bribery and insider trading”, for manipulating bond prices in Israel.
In 2018, Crossrider decided to change its name to Kape Technologies:
Why did the parent company of CyberGhost VPN decide to change its name to Kape? The answer to this is clear when you look into the shocking history of Crossrider.
Crossrider, CyberGhost VPN, and malware
When you research the company Crossrider, you find numerous articles about Crossrider malware/adware and how to remove it from your device, such as this article from Malwarebytes (emphasis is mine):
Crossrider offers a highly configurable method for its clients to monetize their software. The common method to infect end-users is software bundlers. The installers usually resort to browser hijacking. Targeted browsers are Internet Explorer, Firefox, Chrome, and sometimes Opera. Crossrider not only targets Windows machines but Macs as well.
PUP.Optional.Crossrider installs are typically triggered by bundlers that offer software you might be interested in and combine them with adware or other monetizing methods.
According to Malwarebytes and many other reputable online security websites, Crossrider was hiding malware in software bundlers, which would then infect the user’s computer with “adware or other monetizing methods”.
While some may dismiss this as old “history”, recent articles from 2018 illustrate how Crossrider malware is still deceiving users and infecting computers with fake Adobe Flash updates:
A new variant of the Crossrider adware has been spotted that is infecting Macs in a unique way. For the most part, this variant is still quite ordinary, doing some of the same old things that we’ve been seeing for years in Mac adware. However, the use of a configuration profile introduces a unique new method for maintaining persistence.
…This new Crossrider variant doesn’t look like much on the surface. It’s yet another fake Adobe Flash Player installer, looking like the thousands of others we’ve seen over the years….
Now it becomes clear why Crossrider decided to change its name to “Kape”, as the CEO admitted here:
The decision to rename the company, explains Erlichman was due to the strong association to the past activities of the company as well as the need to enhance the consumer facing brand for the business.
This is shocking when you consider that malware is often used to exploit the user’s device and collect data, which can then be sold to third parties. The fact that this is the type of company that purchased a VPN service, which promises to protect users privacy, is quite ironic.
CyberGhost even hinted at this ironic conflict of interest in their blog post (emphasis added):
While CyberGhost focused on privacy and security from day one, Crossrider started out as a company that distributed browser extensions and developed ad tech products. Quite the opposite of what we did.
Crossrider describes itself as an “online distribution and digital product company” and appears to be heavily focused on advertising and data collection (the two go hand-in-hand). There isn’t much discussion about Crossrider on the CyberGhost website, other than the Terms and Conditions page.
Reading through the Terms and Conditions, I did find this excerpt:
You understand that CyberGhost undertakes no responsibility for your actions. In case of statutory violations by the user, Crossrider may cooperate with public or private authorities at its sole discretion as provided by law.
This is “lawyer speak” for saying that the parent company can and will cooperate with third parties. Cooperation with “public or private” authorities essentially means any third party. Furthermore, there is also the statement, “at its sole discretion” which could mean at any time and for any reason “as provided by law”.
To summarize these findings:
- Cyberghost started out as a VPN provider based in Romania
- Cyberghost’s owner sold out to an Israeli company called Crossrider in 2017
- Crossrider is known for hiding malware/adware in software bundles to infect users’ computers for monetization purposes (according to different security experts)
- Crossrider changed its name to “Kape Technologies” in 2018
- Crossrider malware is still a threat and infecting computers, according to different security blogs
Is this the company you want to trust to encrypt and handle all of your internet traffic?
CyberGhost VPN website (tracking)
Another concerning issue I found is that CyberGhost is utilizing aggressive tracking measures on its website.
I found Hotjar session recording scripts, which are used to literally record everything a visitor does on the website, from clicks, scrolling behavior, to any information entered in forms – it’s basically a surveillance camera capturing video. These “session recording scripts” are increasingly common, despite posing risks to privacy and security, as explained in this article by Motherboard (Vice).
We discussed VPNs that were found to be using session recording scripts in the article ‘VPN Websites Caught Recording Visitors‘ after examining the findings published by a group of researchers from Princeton University. Another concern with using this invasive tracking software is that the recorded sessions (videos) are typically stored on third-party servers. Furthermore, there is no option to opt-out (but you can block the scripts from executing).
Here is Hotjar session recording script that I found to be in use on the CyberGhost website, as well as the embedded scripts.
CyberGhost uses Piwik, an Open-Source-Software for the statistical assessment of user access on cyberghostvpn.com.
But rather than using Pikwik, we find Hotjar, Mixpanel, and Google Analytics.
This is not what you should find from a company that sells “privacy” and security tools.
CyberGhost VPN price
CyberGhost VPN offers the following pricing tiers:
This is on the lower end of the price spectrum, particularly for the longer-duration plans.
CyberGhost lifetime subscription
CyberGhost is now marketing lifetime subscriptions through the third-party sales website StackSocial.
This is a red flag.
As explained in the VPN scams guide, “Lifetime subscriptions” have typically been associated with the worst VPN providers in the industry.
There have been many examples of VPNs offering discounted “lifetime” subscriptions, only to close down a few years later and run with the money. There have also been cases of VPNs converting all “lifetime” accounts into recurring paid subscriptions.
Also keep in mind, the “lifetime VPN” subscription is not the lifetime of the buyer, it is the lifetime of the VPN company – however long it stays in business.
CyberGhost VPN apps
CyberGhost offers dedicated VPN apps for:
- Mac OS
Additionally, CyberGhost claims to offer support for Linux, routers, NAS, and Chromebooks.
We’ll take a closer look at the Windows app and Mac OS app below.
CyberGhost encryption and servers
CyberGhost currently uses an AES 256-bit cipher with a 4096-bit RSA key and SHA256 for authentication. They recently updated the certificate and the authentication to SHA256. CyberGhost refers to this as “military grade encryption”, which the VPN industry typically associates with the 256-bit cipher.
According to the CyberGhost website, they offer about 2,000 servers in 60 different countries.
It is not possible to see real-time server bandwidth loads on the website – only server status. However, you can see available bandwidth for every server directly in the VPN apps.
In general, server loads seemed a little heavy, which may explain the performance issues noticed below.
I tested out the CyberGhost Windows client using a Windows 10 desktop.
The CyberGhost Windows app has a good design and layout. Accessing various settings and features is easy and intuitive. Here is the main connection screen for the CyberGhost Windows app.
Within the CyberGhost Windows client you can select different startup options, languages, proxy settings, and also get detailed information on every server in the network.
Operation profiles – Another interesting option with CyberGhost are the different operational profiles you can select. Each profile is designed to meet a different use case. The main difference here with the profiles are the servers you will be using and the VPN settings. The VPN encryption, however, stays the same for every option.
I ran the Windows client through some basic VPN tests and did not find any issues. Below I am testing the CyberGhost client with a VPN server in Sweden.
There are many factors that may contribute to IP address leaks or DNS leaks. That’s why it’s always good to regularly check your VPN to make sure everything is working. See the VPN test guide for more information.
CyberGhost offers a decent Mac OS app that includes all of the main features as discussed above. For this CyberGhost VPN review, I tested the Mac OS client on High Sierra.
Here is what the CyberGhost Mac client looks like, along with the connection notification that appears below the Mac OS menu bar.
CyberGhost is still using version 5 for the Mac OS client, compared to version 6 with the Windows client.
Below is a test of the CyberGhost Mac client for leaks. I did not identify any obvious leaks when running some basic VPN tests and checks.
Overall it seems to be a decent application for Mac OS. If you are a Mac user, you can also check out the guide on the best VPNs for Mac.
CyberGhost “ad blocking”
UPDATE: Unfortunately, after performing a number of real-world tests, I found that CyberGhost’s “ad blocker” does not do very well. In fact, it does not even function on HTTPS websites, which is problematic since most websites are now encrypted. Furthermore, it only works on HTTP websites through traffic manipulation – something a VPN service should not be doing.
See the VPN ad blocker test results for additional details.
The CyberGhost ad-blocking feature is currently available for Windows, Mac OS, and iOS devices. Android is currently under development.
An alternative that offers better protection against advertisements and tracking is the TrackStop filter from Perfect Privacy, which effectively filters thousands of advertisement, tracking, and malware domains at the VPN server level (rather than locally on your device).
CyberGhost VPN speed test
I tested CyberGhost VPN in a number of different speed tests with servers around the world. Overall the results were not very good.
My baseline speed (without a VPN) was about 100 Mbps, and my physical location for testing was Germany.
With nearby servers (Western Europe) I could typically get about 20 to 40 Mbps, with a few servers around 60 Mbps. Here was the first test I ran with a nearby CyberGhost server in Zurich, Switzerland.
Download speed: 22 Mbps
For this CyberGhost review I also decided to run some back-to-back tests with ExpressVPN.
Here was a test of a Switzerland server with ExpressVPN (approximately 70 Mbps faster than CyberGhost):
Here are a few other comparison speed tests:
CyberGhost speeds with a Netherlands server were about 52 Mbps.
Next, I ran a comparison speed test with ExpressVPN, also using a server in Amsterdam.
ExpressVPN outperformed CyberGhost in this speed test, at about 72 Mbps download speed with the Amsterdam server.
The other location I tested was New York.
Next I tested speeds with a CyberGhost server in New York. The results were mediocre, with speeds around 5 Mbps.
Immediately after testing CyberGhost I tried ExpressVPN and tested one of their New York servers.
Again, the speeds with ExpressVPN were better at around 35 Mbps.
I ran a few other tests with servers in Europe and Canada and the results were similar. Of course, with servers located further from my location, slower speeds are to be expected due to the increased latency.
Speed Test Winner: ExpressVPN
Overall it’s important to remember there are many factors affecting VPN speed and performance, so it’s always good to test the VPN yourself. If performance is important to you, two faster alternatives would be ExpressVPN and Perfect Privacy.
CyberGhost free trial
UPDATE: It appears that CyberGhost is no longer offering a free trial. They are instead giving users a 30 day refund window with all subscriptions.
CyberGhost’s free Windows VPN appears to give you all the features of the full VPN client. Whenever you connect with the Windows client, you will be alerted to how much time is remaining on your free trial.
I also tested the CyberGhost free VPN on Mac OS. It gave me lots of annoying popups trying to get me to upgrade. I’d just avoid the CyberGhost free trial and rely on their refund window instead.
You can get more information on the CyberGhost free VPN from their website.
CyberGhost offers good support, which is available via live chat most of the day. At the time of this CyberGhost review, live chat was available from 8:00 to 17:00 Central Europe Time (CET).
However, the representative informed me that they will be switching over to 24/7 live chat support soon.
Aside from chat support, the CyberGhost website also offers various guides, troubleshooting information, FAQs, and a support ticket system.
The chat support seemed to work well. I was usually connected to a representative within a few minutes and they were helpful with all questions/issues.
You can access chat support directly on the website in the bottom right corner (but beware of the invasive website tracking).
CyberGhost seems to be an OK option if you’re looking for a torrent VPN – although there are better choices that offer more speed.
There are certain servers in the CyberGhost network that are designated for torrenting and P2P filesharing. If you use the CyberGhost Windows client, you can select the torrenting profile from the home screen. This will connect you to a nearby torrent-designated server.
Regarding the policy on torrenting, here is the exact explanation from the CyberGhost website.
None of the current P2P technologies are illegal per definition, but we have to block P2P protocols on certain servers, either due to strategic (this is traffic that unnecessary slows down other user’s traffic) or due to legal reasons in countries where we are forced by providers to block torrent traffic, among them USA, Russia, Singapore, Australia and Hongkong (China).
In the list of servers you will find a check mark on P2P/Torrent compatible servers.
Many VPNs block or restrict torrenting on various servers, simply because multiple copyright violations may cause the VPN to lose server hosting. See the VPN for torrenting guide for additional options.
Does CyberGhost work with Netflix?
Perhaps, although it was not tested for this review. Check out the best VPN for Netflix guide to see other options.
Does CyberGhost work in China?
I did not test CyberGhost to see what obfuscation methods (if any) that they use with their VPN apps. Therefore, I do not know if CyberGhost VPN works in China, or if it is one of the many VPNs that are effectively blocked in China.
Check out the best VPN for China guide if you are looking for good options to use in restricted networks, such as in China, the UAE, or school networks that block VPNs.
CyberGhost is another VPN service that carries out logging, but still claims to be “no logs” in its advertising and marketing practices.
You see the “no logs” mantra repeated often on the website. Here it is directly on the homepage:
Additionally, the “No Logs” claims are also repeated in the applications. You can see this in the screenshot above in small print at the bottom.
Other than what you see above, CyberGhost does not disclose exactly what’s being logged with these third-party analytics services. When I spoke with a chat representative, he confirmed that there is no way to opt-out of this data collection when you use CyberGhost apps.
One solution here would be to not use CyberGhost’s applications. Instead, you could go with open-source alternatives, such as Tunnelblick (Mac OS) or the OpenVPN GUI (Windows). Another alternative is Viscosity, which is a third-party app that costs $9 for a lifetime license (Mac OS and Windows).
See the no logs VPN guide for better alternatives.
Is CyberGhost recommended?
No. CyberGhost is not recommended at this time.
As a brief recap, this CyberGhost review identified the following issues:
- CyberGhost is using invasive session recording scripts on their website that record visitors.
- CyberGhost is falsely claiming to be “no logs” when their VPN apps are in fact collecting statistical data.
- CyberGhost’s “ad blocker” is completely broken for all HTTPS websites.
- CyberGhost offers very mediocre performance – especially in back-to-back testing with other VPN services.
There is also the issue of CyberGhost selling cheap “lifetime” subscriptions through third-party sites – a troubling sign for long-term sustainability. And the final issue is that CyberGhost is now owned by an analytics/advertising company with a history of creating malware with browser-hijacking capabilities. While this may have absolutely nothing to do with the VPN service today, it’s still worth noting.
Check out the best VPN report for a list of recommendations based on the latest testing results.
Best alternatives to CyberGhost VPN:
I have also published two CyberGhost comparison guides below:
If you have used CyberGhost VPN, feel free to share your honest review (good or bad) below.