• Skip to main content
  • Skip to header right navigation
  • Skip to site footer
Restore Privacy

Restore Privacy

Resources to stay safe and secure online

  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact
  • News
  • Tools
    • Secure Browser
    • VPN
    • Ad Blocker
    • Secure Email
    • Private Search Engine
    • Data Removal
      • Incogni Review
    • Password Manager
    • Secure Messaging App
    • Tor
    • Identity Theft Protection
    • Unblock Websites
    • Privacy Tools
  • Email
    • Secure Email
    • ProtonMail Review
    • Tutanota Review
    • Mailfence Review
    • Mailbox.org Review
    • Hushmail Review
    • Posteo Review
    • Fastmail Review
    • Runbox Review
    • CTemplar Review
    • Temporary Disposable Email
    • Encrypted Email
    • Alternatives to Gmail
  • VPN
    • What is VPN
    • VPN Reviews
      • NordVPN Review
      • Surfshark VPN Review
      • VyprVPN Review
      • Perfect Privacy Review
      • ExpressVPN Review
      • CyberGhost Review
      • AVG VPN Review
      • IPVanish Review
      • Hotspot Shield VPN Review
      • ProtonVPN Review
      • Atlas VPN Review
      • Private Internet Access Review
      • Avast VPN Review
      • TorGuard Review
      • PrivadoVPN Review
    • VPN Comparison
      • NordVPN vs ExpressVPN
      • NordVPN vs PIA
      • IPVanish vs ExpressVPN
      • CyberGhost vs NordVPN
      • Surfshark vs NordVPN
      • IPVanish vs NordVPN
      • ExpressVPN vs PIA
      • VyprVPN vs NordVPN
      • CyberGhost vs ExpressVPN
      • NordVPN vs HideMyAss
      • ExpressVPN vs ProtonVPN
      • Atlas VPN vs NordVPN
      • ExpressVPN vs Surfshark
      • NordVPN vs Proton VPN
      • Surfshark vs CyberGhost
      • Surfshark vs IPVanish
    • Best VPNs
      • Best VPN for Torrenting
      • Best VPN for Netflix
      • Best Free VPN
      • VPN for Firestick TV
      • Best VPN for Android
      • Best VPN for Gaming
      • Best VPN for PC
      • Best VPN for Disney Plus
      • Best VPN for Hulu
      • Best VPN for Mac
      • Best VPN for Streaming
      • Best VPN for Windows
      • Best VPN for iPhone
    • VPN Coupons
      • ExpressVPN Coupon
      • NordVPN Coupon
      • Cyber Monday VPN Deals
      • NordVPN Cyber Monday
      • Surfshark VPN Cyber Monday
      • ExpressVPN Cyber Monday
    • VPN Guides
      • Free Trial VPN
      • Cheap VPNs
      • Static IP VPN
      • VPN Ad Blocking
      • No Logs VPN
      • Best VPN Chrome
      • Best VPN Reddit
      • Split Tunneling VPN
      • VPN for Binance
      • WireGuard VPN
      • VPN for Amazon Prime
      • VPN for Linux
      • VPN for iPad
      • VPN for Firefox
      • VPN for BBC iPlayer
    • By Country
      • Best VPN Canada
      • Best VPN USA
      • Best VPN UK
      • Best VPN Australia
      • VPN for Russia
    • VPN Router
  • Password
    • Best Password Managers
    • Comparisons
      • NordPass vs 1Password
      • 1Password vs LastPass
      • NordPass vs LastPass
      • RoboForm vs NordPass
      • 1Password vs Bitwarden
      • Dashlane vs NordPass
      • 1Password vs Dashlane
      • NordPass vs Bitwarden
    • KeePass Review
    • NordPass Review
    • 1Password Review
    • Dashlane Review
    • RoboForm Review
    • LastPass Review
    • Bitwarden Review
    • Strong Password
  • Storage
    • Best Cloud Storage
    • pCloud Review
    • Nextcloud Review
    • IDrive Review
    • SpiderOak Review
    • Sync.com Review
    • MEGA Cloud Review
    • NordLocker Review
    • Tresorit Review
    • Google Drive Alternatives
  • Messenger
    • Secure Messaging Apps
    • Signal Review
    • Telegram Review
    • Wire Review
    • Threema Review
    • Session Review
  • Info
    • Mission
    • Press
    • Contact

Taking a Closer Look at Kape Technologies, Crossrider, and Malware

November 29, 2021 By Sven Taylor — 39 Comments
Crossrider Kape Malware

Kape Technologies is a growing player in the VPN industry and now owns four VPN providers. Given this entity’s prominence in the privacy/security space, we felt the need to closely examine its history, past business activities, and involvement in the ad injection industry.

When you use a VPN service, you are putting a lot of trust in the VPN itself and the people running it. You trust that they are properly encrypting your traffic, securing their server network, infrastructure, and apps, and also not doing anything shady in the background. In a sense, you are choosing to trust a VPN service with your traffic instead of your internet service provider (ISP), which will not be able to see any activity with all traffic being encrypted through the VPN.

And while there are verified no logs VPN services that have been audited or passed real-world tests, there have also been a handful of VPNs that have given up logs to various entities. Additionally, we have seen security breaches, such as the recent WindScribe security incident where servers were left fully unencrypted — a fact that came to light only after their servers were seized by Ukrainian authorities. Needless to say, finding a VPN you can trust is crucial.

Note: And for anyone foolishly claiming that an ISP deserves your trust and is not tracking all your online activities, read this first. (Everyone needs a good VPN for basic digital privacy when ISPs collect everything.)

Now let’s take a closer look at Kape Technologies.

Numerous publications discussing Crossrider and malware

Over the past few years, we have frequently connected Kape Technologies (formerly Crossrider) with malware distribution. Why did we do this? Well, there are numerous outlets and security experts that discussed the problems and removal techniques of Crossrider malware and adware.

Crossrider malware

Here are just three examples of this:

  • this 2018 article from Malwarebytes
  • this article from Symantec
  • this 2019 article from Security Boulevard

Based on this information and other sources, we previously assumed that Crossrider was the creator of this malware. However, it’s important to get the details exactly right, so let’s dig deeper.

Crossrider created a development platform for browser extensions

Crossrider was founded all the way back in 2011, when there was no native extension interoperability between browsers. This meant that development for browsers was more time-consuming. Crossrider developed a platform to address this exact issue, as TechCrunch noted in a 2012 article:

Crossrider, which is coming out of beta today, aims to make things a bit easier for developers. The service offers a cross-platform development platform for Chrome, Firefox, Internet Explorer and Safari.

Developers who want to use the service, which is available for free, only have to write their code once and can then deploy their extensions across the supported browsers.

We also see developers praising Crossrider as a tool for developing browser extensions. Here are a few quotes:

Crossrider is, in layman terms, a wrapper around your JavaScript code with a consistent set of API methods.

–Amaslo.com

Crossrider also makes it easy to publish to chrome store as well and provides an easy way to sign your extension for executable downloads on windows.

–StackOverflow

Crossrider created monetization options that were used by ad injectors

Longtime readers of RestorePrivacy know that advertising and data collection go hand in hand, along with the abuse of privacy. And while it is true that Crossrider created a development platform, we must also point out that Crossrider offered monetization options that were used by major ad injectors.

What is an ad injector exactly?

A Forbes article from 2015 discussed the topic in more detail, where they noted the following:

[Ad injection] effectively intercepts users’ traffic to inject content, namely, those irritating adverts and popups that seem to come from nowhere. Media rightly jumped on the report, highlighting the companies named as the top ad injectors. What went unnoticed, until now, is that most of the searchable organisations involved in this potentially dangerous business are based in Israel. They also happen to have links to the nation’s military and its top signals intelligence agency, the Israeli equivalent of the NSA or GCHQ: Unit 8200, which works out of the Israel Defense Forces (IDF).

The report that Forbes noted above is this 2015 research paper that was co-authored by UC Berkeley, Google, and a handful of other organizations and individuals. The paper describes the ad injection industry as follows:

Today, web injection manifests in many forms, but fundamentally occurs when malicious and unwanted actors tamper directly with browser sessions for their own profit. In this work we illuminate the scope and negative impact of one of these forms, ad injection, in which users have ads imposed on them in addition to, or different from, those that websites originally sent them.

The research paper also describes Crossrider involvement in this industry:

Crossrider is a mobile, desktop, and extension development platform that enables drop-in monetization via major ad injectors. Crossrider provides its affiliate ID to ad injectors while separately tracking kick-backs to developers. The other top affiliates listed in Table III are all cross-browser extensions and plugins that impact Chrome, Firefox, and Internet Explorer.

We can see Table III from the research paper below. In it, we find that Crossrider listed as a “Top Affiliate” with different Ad Injection Libraries.

Crossrider ad injection industry

The exact relationship between the ad injectors and affiliates is complex.

In the context of Crossrider, it was the underlying tool that developers used to create extensions, rather than the owner of the extension itself or the monetization platform responsible for the ads.

Legitimate (non-malicious) apps were also made with Crossrider

While Crossrider did offer monetization options that were used by ad injectors, we should also point out that Crossrider’s platform was also used for legitimate (non-invasive) purposes.

You can see this with the FC Barcelona official fan app, which was attributed to “Crossrider Advanced Technologies Ltd.”

Additionally, we see CNet and The Next Web writing about an app called Chat Undetected, which was also attributed to Crossrider.

Now let’s examine how the Crossrider platform was also used for not-so-good activities.

Various third parties used Crossrider’s platform for bad practices (malware)

While Crossrider created tools for software developers and ad injectors, these tools were also useful to bad actors.

We see a few examples of this on herdProtect, a malware scanning platform:

  • mySupermarket Companion (flagged as malware) – “It is built using the Crossrider cross-browser extension platform. While the file utilizes the Crossrider framework and delivery services, it is not owned by Crossrider.”
  • I Want This (flagged as adware) – “Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.”

We also see Brian Krebs, the renowned cybersecurity expert, further clarifying how the Crossrider platform was being used by third parties for malicious endeavors:

  • “Last week, I wrote about LilyJade, a new computer worm that was spreading across Facebook accounts by abusing the free services offered by Crossrider, a platform that makes it simple to develop browser extensions that work seamlessly across browsers and operating systems.” (KrebsOnSecurity.com)
  • “The purpose of this post is not to cause alarm about legitimate development platforms like Crossrider and Kango, or even to dissuade people from using Facebook. It’s also true that rogue browser plugins are hardly a new problem.” (KrebsOnSecurity.com)

A Crossrider employee also explained on StackOverflow how the company’s tools were being exploited by bad actors:

We had some incidents in the past where developers had tried to write malicious extensions using our framework, but with our security co-operations with Google and Facebook we managed to mitigate them.

Following the news about Kape buying Private Internet Access, Andrew Lee, the PIA co-founder, explained Crossrider’s business on a HackerNews thread as follows:

To be clear, in the past the company was known as CrossRider and provided a developer SDK that could be used to integrate with browsers. Unfortunately, CrossRider didn’t do enough to prevent malware (like platforms these days and their fake news) and the platform was used by some bad people for bad purposes.

Kape was never directly involved in adware other than providing SDKs that let developers create positive and negative things.

Crossrider shuts down the platform and rebrands the business

In September 2016, Crossrider officially announced it was shutting down entirely, as you can see in this official tweet. Crossrider provided RestorePrivacy with further clarification about their decision to shut down operations in 2016:

The team saw that abuse of the platform was not showing signs of slowing down, and the very openness and flexibility that made the platform useful for developers also made it difficult to effectively combat abuse.

The following year, in 2017, we see that the business pivoted to an entirely different niche: online privacy and security. The purchase of CyberGhost in 2017 kicked off this strategy, followed by a name change to Kape Technologies shortly thereafter.

Additionally, we learned that Crossrider had a major personnel change to refresh the business with new leadership. The Crossrider co-founders, CEO Koby Menachemi and CTO Shmueli Ahdut, left the company, along with most of the original Crossrider team and its entire C-suite of executives.

Today, Kape is led by CEO Ido Ehrlichman, who was not part of Crossrider’s original team. Kape is a global company that is headquartered in London and publicly traded on the London Stock Exchange.

Kape’s statement to RestorePrivacy

In our research for this article, Kape provided us with a statement to further clarify the past events and explain their reasoning to change their business strategy:

The Crossrider SDK and development platform was used by tens of thousands of independent developers to create cross-browser extensions, and unfortunately a small number of bad actors misused the platform to develop adware and malware. The team at the time attempted to combat the problem, including as a participant and supporter of the Clean Software Alliance, but ultimately decided to shut down Crossrider altogether in 2016 in the face of rising abuse.

Due to how the Crossrider platform worked, extensions by developers using the platform typically appeared linked to Crossrider in one way or another. This had the unfortunate effect of some of these extensions being incorrectly attributed to Crossrider itself, including by automated adware and malware scanning and removal tools. And while Crossrider itself didn’t exist anymore after 2016, developers who had developed or compiled their app using Crossrider prior to its shutdown were able to continue distributing their own apps by themselves.

Kape is now a leading privacy-first digital security software provider, with a fully refreshed team led by new CEO Ido Erlichman and informed by having identified a market need for privacy solutions to protect users’ data.

Conclusion: Why this is important

For years, we have been discussing Kape under the assumption that it was responsible for the malware being associated with Crossrider. The full story, however, is more nuanced.

For starters, it is clear that Crossrider provided a platform that was used by ad injectors.

However, it also appears that Crossrider’s development platform was used by third parties to spread malware, and Crossrider was not responsible for this.

Getting the details correct is important because it helps people decide whether or not to trust a business that offers privacy tools. And with trust being a huge consideration, it’s important to focus on verifiable facts.

Given everything we learned in our research, we can conclude that:

  • Crossrider created a development platform, which was used for many different purposes (both good and bad).
  • Crossrider offered monetization options with its platform and was used by major ad injectors.
  • Third parties also used Crossrider’s platform for malware distribution, but Crossrider was not the owner or creator of that malware.
  • Crossrider completely shut down the program in 2016, changed out the company’s leadership, and pivoted to the privacy and security niche.
  • In 2018, Crossrider changed its name to Kape Technologies.

Now that Kape is a big player in the VPN industry, hopefully this article can help people who are considering whether or not to use Kape’s products. These products now include ExpressVPN, Private Internet Access, CyberGhost, and ZenMate VPN.

About Sven Taylor

Sven Taylor is the lead editor and founder of Restore Privacy, a digital privacy advocacy group. With a passion for digital privacy and accessible information, he created RestorePrivacy to provide you with honest, useful, and up-to-date information about online privacy, security, and related topics.

Reader Interactions

Comments

  1. Motoko Kusanagi

    November 10, 2021

    Thanks Editor for this excellent in dept analysis on Kape Technologies. Looking back at beginning of Kape, they have involved in numerous UNETHICAL yet SO CALLED LEGITIMATE activities and even WORST is PROVIDING digital intelligence for GOVERNMENT and WORKING for GOVERNMENT. Then, the shareholders of Kape decided to restructure its entire business practices and activities. There are noticeable optimistic changes but there are still noticeable things which are DUBIOUS and SCEPTICAL. From a dissapointed and frustrasted long time consumer of ExpressVPN consumer like myself, here are my humble opinion on this matter and may be a worthwhile reading.

    FIRST, as a legitimate business entity and listed in London Stock Exchange like Kape Technologies, they will ABIDE THE RULE OF LAW especially in terms of thorough AUDIT (every profit from every source, must report) and MUST WILLING TO GIVE IN ANYTHING FOR NATIONAL SECURITY SAKE in the country Kape headquartered which is UNITED KINGDOM. This show it is THE FIRST IN HISTORY of a VPN provider listed in a reputed stock exchange which require integrity and transparency of every aspect to be report to government and to public. THIS CLEARLY SHOW KAPE PRIORITIZE PROFIT ABOVE ANYTHING AS THEY OWN NUMBERS OF VPN BUSINESSES AND THEY LISTED IN STOCK EXCHANGE AND THEY WILLING TO GIVE IN ANYTHING FOR PROFIT AS BEING LAW ABIDING BUSINESS ENTITY. PRIVACY IS JUST FOR MARKETING. MARKETING FOR SALES. SALES FOR PROFIT.

    SECOND, Kape and ExpressVPN key people and management team EMPLOY NUMBERS OF GOVERMENT ASSOCIATES AND CRONIES from UNITED STATES, UNITED KINGDOM AND ISRAEL. One NOTICEABLE example in the ‘GOVERNMENT LINKED PERSON’ list example is ExpressVPN CIO’s Daniel Gericke.

    THIRD, ACTIVIST, WHISTLEBLOWER and EX-CIA ENGINEER Edward Snowden advises ‘you should not be an ExpressVPN customer now’.

    In conclusion, everyone now have WITNESS REAL FACT AND SITUATION of what Kape Technologies and ExpressVPN now. Im happy to quote from our esteemed Editor, ‘you are putting a lot of trust in the VPN itself and the people running it’. Thank you dear Editor and everyone.

    Reply
    • KM

      November 23, 2021

      TLDR. Why was the post by Motoko Kusanagi approved? He’s also shouting? C’mon Sven.

      Reply
      • Motoko Kusanagi

        November 26, 2021

        Hi KM and distinguished readers. Im sorry if made any mistake and i was not shouting. I know its long but it is worthwhile reading. Im a long time consumer of ExpressVPN and now im very dissapointed and frustrated with recent unfortunate event. ExpressVPN is good by product and services itself but with recent unfortunate event has raised a lot of question and scepticism. This is my humble expression i would like to share with like minded community for us to make better decision and understanding in subscribing a VPN service with our hard earned money.

        Reply
  2. Sipla

    November 7, 2021

    Hi Sven, great website. RP is one of the 3 website I have bookmarked and I visit it nearly daily for new articles and new comments on the older articles.

    Reply
    • John Doe

      November 16, 2021

      What are the other 2 websites you visit if you don’t mind me asking?

      Reply
  3. Hans

    November 4, 2021

    Even with all this info, I still don’t trust Kape or their VPN services that they own. I would rather put my trust a smaller independent company for a VPN service than a large company like Kape who owns several VPN’s. Thankfully, there are several good VPN services out there that are still independent and not owned by a large company. Hopefully that won’t change anytime soon.

    Reply
  4. Sori

    November 1, 2021

    “And for anyone foolishly claiming that an ISP deserves your trust and is not tracking all your online activities, read this first. ”

    Which is a big reason why I think comparing VPNs and TOR is like comparing apples and oranges. TOR is primarily a tool for web browsing, while VPNs are essentially a replacement for your ISP. That said, TOR isn’t completely worthless even though it is at least partially compromised by the US government. However, using TOR directly without going through a good VPN first is very foolish because it is better for your ISP to see your VPN instead of TOR.

    Reply
    • Bronco

      November 1, 2021

      There is another food for thought here, for privacy conscious people: if 90% of your online activities goes through your browser, or, say, through the encrypted messenger, then why do you need system-wide VPN? That means a good browser is most important. As is a good privacy mail client. If we agree that VPN is not the magic bullet anyway, you simply can’t defeat surveillance. So, keep it simple and protect what is essential.

      Reply
      • BoBeX

        November 4, 2021

        Hi Bronco and RP Community,

        Do you know much about browser finger printing?

        Restorer posted some links to the finger printing test websites in the RP finger printing article comments. I have been testing my browsers against them and posting my results.

        If you have an interest in good browsers you may have something to contribute?

        Regards,

        BoBeX

        Reply
        • Bronco

          November 4, 2021

          Hi BoBeX
          I think a good browser is the vital part of all the privacy tools to keep your data “yours”, as much as possible. I’ve checked quite a few. Just a few months back, for example, only one or two privacy browsers could pass the test in nothingprivate.ml. On mobile, SnowHaze was the ONLY browser that did the trick successfully. Brave couldn’t, Firefox couldn’t. Now many others can do it. Which is great, you can finally choose the right one for you. My criteria for a good browser is that it should be efficient in ad blocking and trackers. And that means: no mercy for ads, if there’s no ability or customization in a browser to stop these things, or to block certain Java scripts – it’s not good enough. Turns out browsers that are good in this are very strong in anti fingerprint as well.

  5. Flanders

    October 31, 2021

    “leadership of Kape is still scummy”

    AGREED.

    This is an obvious puff piece, probably by Kape themselves, designed to exonerate rather than inform the public of their scum networks hidden in the background.

    Reply
    • Sven Taylor

      November 1, 2021

      I can assure you, Flanders, that Kape did not write this article.

      Reply
      • BoBeX

        November 1, 2021

        Hi RP Community,

        I have read many, many articles produced by RP, I have found them educational and informative.

        What I find most outstanding about this site is the integrity of the publisher; this is an article which informs a view that is contrary to previous published views. It is commendable to the RP publishers that they have taken this action when they believe the understood facts need to be re-established and discussed.

        Most publishers shy at making and informing of corrections, this site is up front about the facts and new information about those facts.

        I also admire this site for posting views that are contrary to the views of the authors; again this demonstrates integrity.

        Regards,

        BoBeX

        Reply
        • Sven Taylor

          November 1, 2021

          Thanks BoBeX

  6. KapeCrusader?

    October 31, 2021

    The Kape provided parts read like something Facebook would come up with and Facebook is global malware. There’s far more to the Kape story than this, which sidesteps the Express CIO/spy and exiled owner issues, although the CIO debacle was covered here a month or so ago. Is he still there?

    In some industries acquisitions are allowed to operate as they see fit as long as they send the figurative annual check to corporate. In so called Tech, this is rarely the case (Instagram, WhatsApp etc.), acquisitions are regularly compromised in major ways by corporate or disappear completely.

    The future of agglomerated VPN companies (honestly, none of these companies have ever inspired trust in me at all) isn’t great. But, Kape deserves watching; if regular NEW independent audits show their VPN’s to be equivalent to the very few real VPN’s, good for them. Not holding my breath and in my case I’d never use any of them Kape or not. I used PIA and Express for a while.

    Reply
  7. One of your reader

    October 31, 2021

    Thank you for this new article as clear as water. Always good to have your expert opinion on those things and I did not expect this company to rise in my esteem.
    I take this new article to ask you something new…
    I read all of your secure cloud articles and ended up choosing a solution that, i think, is not listed on your site.
    Could you tell us about the seriousness of Boxcryptor and Cryptomator associated with big clouds like Google Drive?
    They allow end-to-end encryption with zero knowledge coupled with the speed and stability of these big clouds, but I wonder what you think of these solutions.

    Best regards,

    Reply
  8. BoBeX

    October 31, 2021

    Hi Sven,

    Great article.

    It is commendable that you put so much effort it t setting the ledger straight.

    I do wonder why Crossrider didn’t contact Symantec and Malwarebytes at the time and offer an objection and get the details corrected.

    As said in previous comments, a vpn company has no business owning a vpn review site.

    Regards,

    BoBeX

    Reply
  9. questionnaire

    October 30, 2021

    A couple of canned statements and corporate face changes does not convince me at all that they are to be trusted in any respect. The fact they have acquired VPN review sites and are hoarding VPN providers is still a huge red flag.

    Reply
  10. JB

    October 29, 2021

    The most scummy part of Kape is that they own VPN “review” sites bought for millions of dollars, and those sites list Kape´s own VPN companies as the best ones without telling readers that they are all have the same parent company, the review site and the product they recommend.

    Reply
    • Sven Taylor

      October 30, 2021

      As we showed in this article, there is an ownership disclosure at the top of the site, but you have to click it to see the disclosure.

      Reply
    • Yogstrix

      October 30, 2021

      Kape has to right to tell their side of the story and I have a right to discard it. All of this being said, the fact that Express CXOs got caught hacking journalists for the Arabs, and then paid millions in fines to the US feds, doesn’t exactly raise my confidence in them. Plus the fact that they sold of Express to Kape literally in the middle of this clusterf*ck.

      Sorry, but I’m happy with Proton and I’ll stick to it. Might get Nord for backup.

      Reply
  11. Doublesafe

    October 29, 2021

    I’ve decided not to completely trust any one VPN with my traffic. Instead, I have selected two different VPN providers, both with DHE and RAM disks. Vpn1 is installed on my router, vpn2 is installed on all of my devices. This is the only way to achieve privacy. Believe it or not, depending on which vpns you select, there is no appreciable performance hit.

    Get smart, get a fast router and two vpns.

    Reply
    • Sven Taylor

      October 30, 2021

      I agree this is the best setup. And it distributes trust.

      Reply
    • Moby

      October 30, 2021

      I’ve been contemplating doing this too. But I read installing VPN at the router level reduces speeds by half immediately. Is this true?

      Reply
      • Sven Taylor

        October 30, 2021

        There are many factors, but most consumer-grade routers are not super fast with VPNs. The big exceptions to this are the Vilfo router and a few of the newer high-end Asus routers.

        Reply
    • Bronco

      October 30, 2021

      This is super safe. Another and easier way is to use VPN1 app for the system and VPN2 in-browser add-on.

      Reply
  12. Doug

    October 29, 2021

    “Kape is a global company that is headquartered in London and publicly traded on the London Stock Exchange.”

    This sentence alone should convince everyone to avoid their acquired VPN services. Britain is every bit as bad as the U.S. in disregarding people’s privacy, and work directly with the U.S. in that regard. Their acquired VPNs may not be based in Britain, but their parent company is, which must comply with their laws.

    Reply
    • Eric

      October 29, 2021

      That’s not how VPN jurisdictions work. The company HQ and the VPN HQ are not the same thing. Like NordVPN that’s entirely based in Vilnius but HQed in Panama. Also, the US and the UK have like, lots of consumer protections in digital privacy, typically moreso than many European countries.

      Reply
      • Brody

        October 29, 2021

        Might not be the same thing, but in a way it matters a lot. You can run a worldwide toy company HQ’d in Panama but if the toy company’s parent company and board of directors are all based in Michigan, it’s very easy for the feds to f*ck thing up for you. The Panama jurisdiction can becoming meaningless if the parent company itself is a shi*show.

        Reply
        • Eric

          October 30, 2021

          I don’t disagree with you but its also not relevant to the original point. The VPN brands of a parent company operate on their own jurisdictions, not the parent company’s.

      • Sori

        October 31, 2021

        “lots of consumer protections in digital privacy”

        The laws on the books are frankly irrelevant considering the fact that both the US government and US corporations have shown that they are willing to violate your privacy whenever it is convenient for them to do so..

        Reply
  13. Urusa

    October 29, 2021

    The leadership of Kape is still scummy, and their actions (of buying and consolidating VPNs and fudging reviews by buying review sites) speak louder than their canned statements. Kape can get bent.

    Reply
    • Doug

      October 29, 2021

      I fully agree with you. They have proven that they are/still shady and people must avoid their services/products.

      Reply
  14. Bronco

    October 29, 2021

    Considering Kape’s and its owner’s background, I would definitely take their statements with a pinch of a salt. There are more better and more secure options anyway.

    Reply
  15. Brody

    October 29, 2021

    Another excellent article by Sven. Enjoyed reading this. RIP ExpressVPN.

    Reply
  16. Just a guy

    October 29, 2021

    They might not be directly involved on the malware part, but the strategy of buying multiple VPN services over the years, and also buying VPN review portals to promote their VPNs, surely raises concerns.

    Reply
    • Andrew Chen

      September 15, 2022

      Not just that but private internet access had a notoriously scummy ceo. Making that the first stop on their acquisition tour really cemented their untrustworthy reputation. I was getting ready to switch to expressvpn when I heard kape had acquired them. Now you couldn’t pay me to use it.

      Reply
  17. templerun

    October 29, 2021

    Sorry, this is unrelated to this post, but could you please review Adguard VPN, Sven?

    Reply
    • Sven Taylor

      October 29, 2021

      We’re so behind on getting existing content updated, while also covering news items like this, that doing brand new reviews of other services (whether it’s email, cloud storage, VPN, messengers, etc.) are completely on hold, and this likely won’t change anytime soon.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Sidebar

Digital Privacy Essentials:
Secure Browsers
Private Search Engines
Secure Email
Best Password Managers
Secure Messaging Services
Best Ad Blockers
Best VPN Services
Secure Cloud Storage

Privacy & Security Guides:
Privacy Tools
Alternatives to Google Products
Firefox Privacy Modifications
Five Eyes, 9 Eyes, 14 Eyes Spying
Browser Fingerprinting
Is Tor Safe?
Alternatives to Gmail
VPN vs Tor
Alternatives to WhatsApp
Is Your Antivirus Spying on You?
Controlling Communication Channels is Crucial for Privacy
Anonymity Networks: VPNs, Tor, and I2P
How to Really Be Anonymous Online
Private and Anonymous Payments

Secure Email Reviews:
ProtonMail Review
Tutanota Review
Mailfence Review
Mailbox.org Review
Hushmail Review
Posteo Review
Fastmail Review
Runbox Review
CTemplar Review
Temporary Email Services
Encrypted Email

Password Manager Reviews:
Bitwarden Review
LastPass Review
KeePass Review
NordPass Review
Dashlane Review
1Password Review
Best Password Managers

Secure Messaging App Reviews:
Wire Review
Signal Review
Threema Review
Telegram Review
Session Review
Wickr Review

Secure Cloud Storage Reviews
Tresorit Review
MEGA Cloud Review
Sync.com Review
Nextcloud Review
IDrive Review
pCloud Review
SpiderOak Review
NordLocker Review

How To Guides
How to Encrypt Files on Windows
How to Encrypt Email
How to Configure Windows 10 for Privacy
How to use Two-Factor Authentication (2FA)
How to Secure Your Android Device for Privacy
How to Secure Your Home Network
How to Protect Yourself Against Identity Theft
How to Unblock Websites
How to Fix WebRTC Leaks
How to Test Your VPN
How to Hide Your IP Address
How to Create Strong Passwords
How to Really Be Anonymous Online

About RestorePrivacy

Contact

Restore Privacy Checklist

  1. Secure browser: Modified Firefox or Brave
  2. VPN: NordVPN (68% Off Coupon) or Surfshark
  3. Ad blocker: uBlock Origin or AdGuard
  4. Secure email: Mailfence or Tutanota
  5. Secure Messenger: Signal or Threema
  6. Private search engine: MetaGer or Brave
  7. Password manager: NordPass or Bitwarden

About

Restore Privacy is a digital privacy advocacy group committed to helping people stay safe and secure online. You can support this project through donations, purchasing items through our links (we may earn a commission at no extra cost to you), and sharing this information with others. See our mission here.

We’re available for Press and media inquiries here.

Restore Privacy is also on Twitter

COPYRIGHT © 2023 RESTORE PRIVACY, LLC · PRIVACY POLICY · TERMS OF USE · CONTACT · SITEMAP