|Support||Chat & Email|
CyberGhost is a larger VPN service that you’ll often see recommended on various “review” websites.
But don’t be fooled by fake reviews that only regurgitate marketing slogans.
In this new and updated CyberGhost review, I will reveal everything I found out about the company, while also publishing the in-depth VPN test results.
Overall, CyberGhost has made some nice improvements since my last review, but it also has some noteworthy shortcomings. Here’s an overview of my findings:
- User-friendly applications
- Good leak protection features (kill switch)
- Competitive prices
- Live chat support
- Troubling history with parent company
- Slow to establish connections
- The website uses aggressive tracking measures
- Broken ad blocker for HTTPS sites
- Connection logs
- Does not work with Netflix (or in China)
As with all of my VPN reviews, I begin by thoroughly researching the parent company and the history of the VPN service.
In the case of CyberGhost VPN, this research revealed some very interesting issues, which is where we will start with right now.
Who owns CyberGhost? Kape Technologies (formerly Crossrider)
Officially, CyberGhost operates under the company CyberGhost S.A. in Bucharest, Romania. That being said, there’s an interesting history with the ownership of the company and outside investors.
CyberGhost was previously owned by Robert Knapp – a German tech entrepreneur – and based/operated out of Romania. However, that has all changed since Knapp sold CyberGhost VPN to outside investors.
In 2017 Knapp sold CyberGhost to an Israeli company called Crossrider for €9.2 million.
Crossrider changed its name to “Kape Technologies” in 2018 – for reasons that we’ll explain below.
Then in October 2018, Kape purchased Zenmate, a Germany VPN provider, for an undisclosed amount. This lines up with the trend we’ve observed of VPNs getting bought up by outside investors. It is the consolidation of the VPN industry.
Now here’s where things get interesting. When you research the company Crossrider (now Kape) you learn it is a company known for infecting devices with malware.
Troubling ties: Crossrider, CyberGhost, and malware
Crossrider offers a highly configurable method for its clients to monetize their software. The common method to infect end-users is software bundlers. The installers usually resort to browser hijacking. Targeted browsers are Internet Explorer, Firefox, Chrome, and sometimes Opera. Crossrider not only targets Windows machines but Macs as well.
PUP.Optional.Crossrider installs are typically triggered by bundlers that offer software you might be interested in and combine them with adware or other monetizing methods.
According to Malwarebytes and many other reputable online security websites, Crossrider was hiding malware in software bundlers, which would then infect the user’s computer with “adware or other monetizing methods”.
While some may dismiss this as old “history”, recent articles from 2018 illustrate how Crossrider malware is still deceiving users and infecting computers with fake Adobe Flash updates:
A new variant of the Crossrider adware has been spotted that is infecting Macs in a unique way. For the most part, this variant is still quite ordinary, doing some of the same old things that we’ve been seeing for years in Mac adware. However, the use of a configuration profile introduces a unique new method for maintaining persistence.
…This new Crossrider variant doesn’t look like much on the surface. It’s yet another fake Adobe Flash Player installer, looking like the thousands of others we’ve seen over the years….
With such a troubling history, it appears that the parent company attempted to distance itself from its own past. In 2018, Crossrider decided to change its name to Kape Technologies.
As the CEO admitted here, the name change was an attempt to distance Kape from shady “past activities”:
The decision to rename the company, explains Erlichman was due to the strong association to the past activities of the company as well as the need to enhance the consumer facing brand for the business.
CyberGhost even hinted at this ironic conflict of interest in their blog post:
While CyberGhost focused on privacy and security from day one, Crossrider started out as a company that distributed browser extensions and developed ad tech products. Quite the opposite of what we did.
Crossrider describes itself as an “online distribution and digital product company” and appears to be heavily focused on advertising and data collection (the two go hand-in-hand). There isn’t much discussion about Crossrider on the CyberGhost website, other than the Terms and Conditions page.
Reading through the Terms and Conditions, I did find this excerpt:
You understand that CyberGhost undertakes no responsibility for your actions. In case of statutory violations by the user, Crossrider may cooperate with public or private authorities at its sole discretion as provided by law.
This is “lawyer speak” for saying that the parent company can and will cooperate with third parties when it deems necessary.
To summarize these findings:
- Cyberghost started out as a VPN provider based in Romania
- Cyberghost’s owner sold out to an Israeli company called Crossrider in 2017
- Crossrider is known for hiding malware/adware in software bundles to infect users’ computers for data collection monetization purposes (according to various security experts)
- Crossrider changed its name to “Kape Technologies” in 2018
- Crossrider malware is still a threat and infecting computers, according to different security blogs
This isn’t the first time we’ve seen VPNs and malware discussed together. Malware is often hidden in free VPN services to collect your data, which is then sold by the parent company.
Ultimately, choosing a good VPN all comes down to trust, which is a subjective topic that only you can decide.
CyberGhost price and refund policy
The cheapest that you can get CyberGhost for right now is $2.75 per month, but you’ll have to purchase the three-year plan. Monthly plans will be significantly more money at $12.99 per month, as you can see below.
This is on the lower end of the price spectrum, particularly for the longer-duration plans. This makes CyberGhost one of many cheap VPN services.
The key question with pricing is always value, or what you get for your money. I’d say there are other VPNs that offer more value with certain coupons (see the ExpressVPN coupon for example).
Refund policy – CyberGhost offers two different refund windows, depending on the subscription plan you choose:
- 45 day refund window for all plans that are 6 months or longer.
- 14 day refund window for monthly plans.
This is a pretty good refund policy, and it is apparently “no questions asked” – so they don’t require troubleshooting before the refund is issued. For this review I purchased a one-month subscription via Bitcoin. I’ll update this section if there are any problems with the refund.
CyberGhost VPN apps
CyberGhost offers dedicated VPN apps for:
- Mac OS
Additionally, CyberGhost offers support for Linux, routers, NAS, and Chromebooks.
We’ll take a closer look at the Windows app and Mac OS app below to see how they performed in real-world testing.
CyberGhost encryption and VPN servers
CyberGhost currently uses an AES 256-bit cipher with a 4096-bit RSA key and SHA256 for authentication. They updated the certificate and the authentication to SHA256. CyberGhost refers to this as “military grade encryption”, which the VPN industry typically associates with the 256-bit cipher.
According to the CyberGhost website, they offer about 4,900 servers in 60 different countries.
In general, server loads seemed a little heavy, which may explain the performance issues noticed below.
In the screenshot below, you can see that many CyberGhost UK servers were overloaded, between 75% to 100% + capacity.
If you need a VPN for the UK, or a UK VPN server, CyberGhost probably isn’t the best choice.
On a positive note, I did find that there were other servers throughout Europe that had more bandwidth. CyberGhost’s servers in the United States and Canada were somewhat of a mixed bag. Fortunately, the CyberGhost VPN client shows you server load, which is helpful if you want to optimize performance.
CyberGhost VPN Windows test results
One of the main reasons for doing an updated CyberGhost review was to test out their new VPN client (version 7). Overall I have to say it’s a good improvement over the previous CyberGhost clients.
Below is the CyberGhost Windows client I tested out for this review.
Clicking the server location will allow you to select different servers – but only after disconnecting from your current server. If you click the arrows on the left side of the VPN client, a new window will open up that reveals more servers, settings, and configuration options.
Overall I think this is a great improvement over the older CyberGhost client version – but I did identify a few problems…
CyberGhost is slow to establish VPN connections
One problem that I had when testing CyberGhost is that it could be extremely slow to establish connections. This wasn’t always the case, but in many instances, it could take longer than two minutes to establish a connection.
The problems with CyberGhost not connecting seemed to occur randomly.
Changing the VPN protocols did not seem to make much difference. I’m not sure exactly what was causing these issues, and support was not able to help much, either.
CyberGhost Mac OS app (strange)
In testing out the new CyberGhost Mac OS client, I was a bit surprised by what I discovered.
After installing the Mac OS client, I saw a box explaining that CyberGhost would be using “system services to create VPN connections” and I would need to give CyberGhost permission to do this on my operating system.
Next, CyberGhost was requesting access to the Mac OS keychain, which I also found to be rather alarming.
At this point I decided to deny CyberGhost these permissions, delete the app from my MacBook, and abandon testing.
Why would I do this?
CyberGhost has a history of getting deep into the operating system’s permissions, which is not only shady but also a potential security risk. Recall the following:
- In 2016, CyberGhost was called out for installing a root certificate on desktop and mobile apps as part of their ad blocker software – a huge security risk.
- When I tested and examined their VPN ad blocker again in 2018, I found them to be utilizing traffic manipulation to apparently block ads, which is also problematic.
Given the past history and shady behavior, I denied all permissions and immediately removed CyberGhost from my Mac OS test computer.
The CyberGhost Mac client basically looked the same as the Windows client, and would drop down from the top taskbar.
If you are looking for the best VPNs for Mac, there are better options out there that do not need all these permissions.
CyberGhost leak protection settings and kill switch
On a positive note, the new CyberGhost client seems to have improved the leak protection settings – and the test results were good.
If you are in the CyberGhost Windows client, you can click the arrows on the left side to access the client settings and features.
By default, CyberGhost has the kill switch feature and DNS leak protection options enabled.
I ran some basic VPN tests to check for leaks and everything seemed to be working fine.
Here were the test results with the Windows client:
No leaks were identified when running the basic tests.
Of course, I did not test any leak protection settings on Mac OS, for the reasons explained above (denied permissions and deleted the app).
CyberGhost ad blocking feature
CyberGhost offers an ad-blocking feature, but it does not work well and I would not recommend using it.
Here’s what the CyberGhost ad blocking features look like in the Windows client:
I took a close look at this feature and even tested it out in comparison to other VPN ad blockers. The results were not good. Here’s what I noted about CyberGhost in my guide on different VPN ad blockers:
CyberGhost is an interesting case, but not in a good way. Instead of filtering ads and malicious content via DNS requests, they actually look inside the traffic and modify requests to certain domains so they display content from Cyberghost instead.
This is problematic for a few reasons. First, manipulating traffic is something a trustworthy VPN provider should not do – even with good intentions. Secondly, this only works over http since https connections are encrypted and Cyberghost cannot (easily) access that content.
With the CyberGhost version tested for this article, there is no root certificate being installed. But because they are still using the same methods to filter traffic, that means their “ad blocker” does not effectively work on HTTPS websites. Basically, CyberGhost’s ad blocker is barely working, especially since it will be ineffective on all HTTPS websites.
CyberGhost VPN speed test results
As an update to this review, I ran new speed tests with CyberGhost on servers in Europe and North America.
On a positive note, the speeds were better than last time. Unfortunately, however, they still weren’t great.
To begin, I ran some speed tests with nearby CyberGhost servers in Europe, which should (theoretically) provide me with the best speeds. Note: my baseline speed was about 160 Mbps and my testing location was in Western Europe.
Speed test with a CyberGhost server in Paris, France:
Definitely not the best result, considering my baseline speed of 160 Mbps.
I then ran some tests with CyberGhost servers in Germany, and the results were a little better.
CyberGhost server in Berlin, Germany: 78 Mbps
As a brief comparison, I was able to get 147 Mbps when I tested an ExpressVPN server location.
COMPARISON: Here is the speed test with ExpressVPN, also in Germany.
Next up I decided to test some CyberGhost servers in the United Kingdom. As you recall from before, UK servers were a bit congested.
CyberGhost UK server: 56 Mbps
Again, not very good considering my baseline (non-VPN) speed.
Now for another comparison.
COMPARISON: Here is a test result from an ExpressVPN server in the UK: 147 Mbps
As you can see, there is a big difference in performance between CyberGhost and ExpressVPN.
Overall speed tests with nearby CyberGhost servers should have been better, given my close proximity. One explanation for the mediocre speeds may have been server congestion and not enough bandwidth.
I also ran some long-distance speed tests with servers in the United States. Again, the results were somewhat below average.
CyberGhost server in New York: 76 Mbps
When you consider the long distance (higher ping), this isn’t too bad. Nonetheless, it still is not on par with other leading VPN services.
COMPARISON: As a final comparison, here is the same speed test that I ran with an ExpressVPN server in New York.
Conclusion on speeds: CyberGhost has improved in speeds since the last review, and for that, I give them credit. Nonetheless, they are still a long ways off from other VPN services, particularly ExpressVPN. (For more info about these two VPNs, see the CyberGhost vs ExpressVPN comparison.)
Invasive tracking measures on the CyberGhost website
Although nearly every VPN service runs Google Analytics to track the effectiveness of their Google ads (which can be very important for acquiring customers), some VPNs go overboard with tracking.
Unfortunately, CyberGhost falls into the second category, and I’ve pointed this out before. Here’s what I found when visiting CyberGhost’s website for this review update: a whole mess of trackers and third-party cookies.
This, of course, was not very surprising.
The last time I looked at CyberGhost’s website, I found them to be utilizing Hotjar session recording scripts. These session recording scripts literally record every interaction you have with the website in a video, which is stored on third-party servers. I discussed the problem in this article after examining findings published by other researchers.
Here were the session recording scripts that I previously found:
Hopefully this is an area where CyberGhost can improve.
To be fair, nearly all VPNs have some basic tracking and analytics on their websites, which usually includes Google Analytics. Running a website without any analytics is basically impossible, because you have no idea what to improve and fix for your readers. Unfortunately, Cyberghost goes a bit overboard in this regard.
Testing out CyberGhost support
For support, CyberGhost offers chat, email, and various guides on their website.
I tested out the chat support and it seemed alright.
The chat representatives were prompt and helpful, although the random slow connection problem did not really get fixed.
CyberGhost offers 24/7 live chat and I was able to connect with a chat representative in under 30 seconds every time I tested it out. I did not test out the email support, but I did find quite a few different help guides on their website.
For the support category, CyberGhost does pretty well.
CyberGhost for torrenting
Officially, CyberGhost is a torrenting-friendly VPN service. They are based in Romania, which does not fall under any stringent copyright laws (unlike the United States and DMCA, for example). Many VPNs also restrict torrenting, such as TunnelBear.
Regarding their torrenting policy, CyberGhost explains this on their website:
We also have servers optimized for torrenting ensuring a smooth and seamless torrenting experience.
Torrent through a secure encrypted VPN tunnel and leave any surveillance worries behind. Say goodbye to any throttling from your Internet Service Provider and unblock restricted torrent domains!
Within the CyberGhost VPN client, you can select any of these torrenting servers. That being said, not all servers work with torrenting and P2P traffic:
None of the current P2P technologies are illegal per definition, but we have to block P2P protocols on certain servers, either due to strategic (this is traffic that unnecessary slows down other user’s traffic) or due to legal reasons in countries where we are forced by providers to block torrent traffic, among them USA, Russia, Singapore, Australia and Hongkong (China).
In the list of servers you will find a check mark on P2P/Torrent compatible servers.
This is fairly common in the VPN industry, where VPNs can get kicked out of data centers for too many copyright violations (such as in the US).
Overall, CyberGhost isn’t the worst option, but it’s also not one of the best VPNs for torrenting based on the speed tests above.
On the homepage, CyberGhost claims to be a “no logs” VPN provider with a “strict no logs policy”.
Here you can see their claims:
But this is not really accurate.
Additionally, when you log in to your account, you can see that the devices you use with CyberGhost are being logged. Here’s a screenshot from my test account, showing that two of my devices are being logged:
Therefore it is clear that there are some connection logs being maintained. Many VPNs maintain some basic data to enforce the connection policy. There are also some VPNs that have undergone ‘no logs’ audits to verify their claims.
Whether or not this is a big deal all depends on your threat model and how much privacy you desire.
CyberGhost blocked by Netflix
Another drawback with CyberGhost is that I found it to not work with Netflix. I maintain an American Netflix account specifically to test which VPNs work with Netflix.
With CyberGhost, there are dedicated servers that should work with Netflix. Here are the Netflix servers which you can access directly in the VPN client:
Next, I fired up my Netflix account and attempted to stream House of Cards. That didn’t work out so well.
The CyberGhost dedicated server for streaming Netflix was blocked by Netflix.
If you are looking for the best VPN to use with Netflix, CyberGhost would not be a good option.
CyberGhost is not a good VPN for Netflix based on my own tests.
CyberGhost does not work in China
Because I am not physically in China, I cannot test VPNs there. Nonetheless, I posed the question to CyberGhost staff.
The answer is clear: CyberGhost does not work in China.
A few years back, Robert Knapp was interviewed by CNN and he voiced frustration with trying to make CyberGhost work in China. It seems they are not even working on that today.
If you are in China or going to China, not to worry. There are still some great VPNs for China that are still working.
Conclusion on the CyberGhost VPN review
Taking everything into consideration, CyberGhost is somewhat of a mixed bag.
CyberGhost has made some improvement since the last review. Their new VPN client (version 7) is an improvement over the previous version, and speeds are better than the last time I tested their servers.
Nonetheless, there are still some shortfalls that prevent me from recommending CyberGhost:
- Troubling history with parent company (Kape, formerly Crossrider)
- Slow to establish connections
- The website uses aggressive tracking measures
- Broken ad blocker for HTTPS sites
- Connection logs
- Does not work with Netflix (or in China)
One recurring theme I stress here at Restore Privacy is that trust is a major factor when it comes to selecting privacy tools. This is because these tools can also be undermining your privacy and security. With the history behind the parent company (Crossrider / Kape) and the issues with root certificates, there are definitely some things to consider. Of course, only you can decide which products and services to trust – and this is a subjective decision.
At the end of the day, CyberGhost has made some improvements, but there is still more work to do.
A comparable VPN in the low-price category also worth considering is NordVPN, which has also passed a third-party ‘no logs’ audit.
Check out my list of the best VPN services for other options that did better in testing.
If you have used CyberGhost VPN, feel free to share your honest review (good or bad) below.