Kape Technologies (formerly Crossrider) has now acquired four different VPN services and a collection of VPN “review” websites that rank Kape’s VPN holdings at the top of their recommendations. This report examines the history of Kape Technologies and its rapid expansion into the VPN industry.
Update: We have added new information and corrections to this report, while also publishing another article that closely examines the business of Kape and Crossrider.
As is normal in the tech industry, the VPN world is undergoing some major changes and consolidation. The most recent example of this is with ExpressVPN, which announced plans this week to be acquired by Kape Technologies. While this may come as a surprise to some, it is nothing new in the industry. In fact, Kape has been on a VPN buying spree since 2017.
Unfortunately, many VPN users remain oblivious about the real owners of the VPN they are using as well as the history behind some of these entities. This is not because the owners are concealing anything, but rather, most “VPN review” websites fail to mention these important facts. This in-depth report intends to reveal the details for all to see. Here’s what we’ll cover:
- Kape (formerly Crossrider) was previously attributed to malware and adware, but it was not in fact responsible for creating the malware (this is addressed in detail here)
- The people behind Kape and Crossrider
- Crossrider begins purchasing VPN services, then changes name to Kape Technologies
- Kape purchases a collection of VPN “review” websites, then changes the rankings
- The future of Kape’s VPN ventures
To get a better understanding of the situation, we must first examine the history of Kape.
Kape (formerly Crossrider) created a cross-browser development platform
Before 2018, Kape Technologies was called Crossrider and it was often discussed in the malware and adware industry. You can still find numerous outlets that discussed Crossrider malware and adware infecting various devices, such as with Malwarebytes, Symatec, and Security Beulevard in 2019.
Below is an excerpt from a Malwarebytes article that discussed how Crossrider malware infected devices through software bundles:
Crossrider offers a highly configurable method for its clients to monetize their software. The common method to infect end-users is software bundlers. The installers usually resort to browser hijacking. Targeted browsers are Internet Explorer, Firefox, Chrome, and sometimes Opera. Crossrider not only targets Windows machines but Macs as well.
PUP.Optional.Crossrider installs are typically triggered by bundlers that offer software you might be interested in and combine them with adware or other monetizing methods.
While many outlets attributed this “Crossrider malware” to the people/business behind Crossrider itself, the truth is that Crossrider never created malware. Instead, the Crossrider platform was abused by third parties to spread malware and adware.
Crossrider offered monetization options that were used by ad injectors
We closely examined Crossrider’s history here and learned that it was a big player in the ad injection industry. In fact, there was even a research paper published by UC Berkeley, Google, and other co-authors who called out Crossrider’s business practices.
Crossrider is a mobile, desktop, and extension development platform that enables drop-in monetization via major ad injectors. Crossrider provides its affiliate ID to ad injectors while separately tracking kick-backs to developers. The other top affiliates listed in Table III are all cross-browser extensions and plugins that impact Chrome, Firefox, and Internet Explorer.
We summarized our investigation into Crossrider’s business history as follows:
- Crossrider created a development platform, which was used for many different purposes (both good and bad).
- Crossrider offered monetization options with its platform and was used by major ad injectors.
- Third parties also used Crossrider’s platform for malware distribution, but Crossrider was not the owner or creator of that malware.
- Crossrider completely shut down the program in 2016, changed out the company’s leadership, and pivoted to the privacy and security niche.
- In 2018, Crossrider changed its name to Kape Technologies.
Now that we’ve examined the business operations of Kape/Crossrider, let’s look at the leadership.
The people behind Kape and Crossrider
The main investor behind Kape is Teddy Sagi, an Israeli billionaire who previously spent time in jail for insider trading — but this happened all the way back in 1996, early in Sagi’s career. Sagi acquired Kape Technologies in 2012 and is an investor in many other industries.
Interestingly, Sagi is also named in the Panama Papers that detail a “rogue offshore financial industry.”
Another key figure behind Crossrider/Kape is Koby Menachemi. Forbes wrote a interesting article on Menachemi, detailing his ties to Israeli intelligence and cyber espionage.
Forbes noted the ties that Crossrider had to Israeli state surveillance entities:
A vast number of companies are affiliated with ad injectors, either packaging their tools or funnelling ads down to them. One of the biggest is Crossrider, the majority stake of which is held by billionaire Teddy Sagi, a serial entrepreneur and ex-con who was jailed for insider trading in the 1990s. His biggest money maker to date is gambling software developer Playtech. Co-founder and CEO Koby Menachemi was part of Unit 8200, where he was a developer for three years.
What went unnoticed, until now, is that most of the searchable organisations involved in this potentially dangerous business are based in Israel. They also happen to have links to the nation’s military and its top signals intelligence agency, the Israeli equivalent of the NSA or GCHQ: Unit 8200, which works out of the Israel Defense Forces (IDF).
It’s important to note, however, that Menachemi is no longer with Kape. And as we noted here, nearly the entire leadership of Crossrider left the company when Crossrider closed down its development platform. Furthermore, today, Kape is led by CEO Ido Ehrlichman, who was never part of Crossrider.
Interestingly, we also just learned that ExpressVPN’s CIO, Daniel Gericke, also has ties to state surveillance activities. According to Reuters, Gericke and two others are accused of “violating U.S. hacking laws and prohibitions on selling sensitive military technology” to the United Arab Emirates. According to reports, this “sensitive military technology” helped the UAE spy on dissidents and human rights activists.
“Hackers-for-hire and those who otherwise support such activities in violation of U.S. law should fully expect to be prosecuted for their criminal conduct,” Acting Assistant Attorney General Mark J. Lesko for the Justice Department’s National Security Division said in a statement.
Note: We have an article on this case as well:
High-Level ExpressVPN Executive Ensnared in Criminal Surveillance Operation
Make of this situation what you will. However, keep in mind that when you use a VPN, you are trusting the service to handle all of your internet traffic and not do anything questionable in the background.
Crossrider begins purchasing VPN services, then changes name to Kape Technologies
Now that you understand the background and leadership behind Kape Technologies, let’s examine its involvement in the VPN industry.
2017: Crossrider purchases CyberGhost VPN for $10 million
Crossrider’s first big VPN acquisition was in March 2017 when it purchased CyberGhost VPN for about $10 million. Originally founded in 2004, CyberGhost was a big player in the industry that experienced rapid growth before it was acquired.
2018: Crossrider changes name to “Kape”
Sometime in 2018, Crossrider decided to change its name to “Kape Technologies” as part of a rebranding effort. Ido Erlichman, the CEO of Kape, stated that the name change was an attempt to distance Kape from “past activities”:
The decision to rename the company, explains Erlichman was due to the strong association to the past activities of the company as well as the need to enhance the consumer facing brand for the business.
CyberGhost founder Robert Knapp also stated in a blog post that Crossrider was an “ad tech” company that did the “opposite” of what CyberGhost does (privacy and security):
While CyberGhost focused on privacy and security from day one, Crossrider started out as a company that distributed browser extensions and developed ad tech products. Quite the opposite of what we did.
2018: Kape purchases Zenmate VPN for $5 million
Not being content with just one VPN service, Kape then moved on to purchase Zenmate VPN, based in Germany, for around $5 million.
2019: Kape purchases Private Internet Access for $127 million
The next acquisition came in 2019 when Kape purchased Private Internet Access (PIA) for $127 million in cash and shares. At the time, PIA was a major player in the VPN industry with a substantial user base.
We wrote an article about it back in 2019 and described how many PIA users were upset about the acquisition and did not trust Kape. This screenshot from a PIA user on the PIA subreddit summarizes the sentiment of some users.
But the acquisitions were not over…
2021: Kape purchases ExpressVPN for $936 million
The latest major VPN acquisition we have for Kape Technologies is ExpressVPN, which it agreed to purchase for nearly $1 billion. This is by far the largest VPN acquisition to date and a major addition to Kape’s portfolio.
Watching this same story play out over and over again over the past four years is kind of like Groundhog Day. We generally find two reactions, with the user base being upset and the acquired VPN trying hard to calm everyone down.
- ExpressVPN users largely seem upset by the news.
- ExpressVPN issues canned statements and press releases along the lines of “Don’t be alarmed, everything is good!”
Let’s see how many more times this same story plays out with future VPN acquisitions.
Kape purchases a collection of VPN “review” websites for $149 million, then changes the rankings
In another twist to the plot, Kape Technologies also purchased a collection of VPN review websites in 2021. Yes, you got that right. The parent company that owns these VPNs now also owns a few high-profile websites that “review” and recommend VPNs to users around the world.
This is clearly a conflict of interest, but that goes without saying.
In May 2021, news broke that Kape had purchased a company called Webselenese. According to various press releases, we learned that Webselenese operates out of Israel and runs the websites vpnMentor.com and Wizcase.com. Collectively, these two websites have monthly search traffic of around 6.1 million visitors according to Ahrefs traffic analysis tool (September 2021).
Note that there may be other VPN review websites in Kape’s portfolio that we’re not aware of.
We also have a dedicated article on this topic:
These VPN “Review” Websites are Actually Owned by VPNs
Visiting vpnMentor’s homepage today, we find that the parent company’s three large VPN services all hold the top 3 spots in the rankings of the best VPNs for 2021.
Wizcase.com: Similarly, we find the exact same top 3 rankings on Kape’s other website Wizcase.com.
Note: As we showed here, both vpnMentor and Wizcase had NordVPN and Surfshark in their top rankings just a few months ago. However, since Kape purchased these websites, we see big rankings changes, with all of the top 3 recommendations given to Kape’s own VPN companies. However, ExpressVPN has held the top #1 spot, even before the recent acquisition was announced. You can see the exact changes (before and after the Webselenese acquisition) documented in this article.
The future of Kape’s VPN ventures
If the past is an indication of the future, Kape will continue to expand its holdings in the cybsersecurity and VPN industry, which only continues to grow. Perhaps in the not-so-distant future, this conglomerate of VPNs and VPN review websites will be spun off and potentially sold as its own company.
In the meantime, there are now millions of VPN subscribers who fall under Kape’s ownership and control. Unfortunately, none of Kape’s VPNs that I have tested have been stand-out performers. The one exception would be ExpressVPN, but it too has fallen behind in the past year and dropped a few spots in our rankings, which are regularly updated to reflect industry news and our own test results.
Hopefully, this trend in consolidation will slow down as it gives the end-user fewer choices with independently-owned VPN services.
I wonder is it safe now to use these VPNs? Currently I have ExpressVPN and PandaVPN (from this company [http://pandavpnpro.com/]) at the same time in case sometimes anyone is not working… If it’s not as safe as before, I won’t continue the subscription.
On a positive note, ExpressVPN will continue to operate independently, last I heard, and it is performing very well right now. But go with services you trust.
is proton vpn worth getting, I know they gave details to french authorities about a french national and their ip address, I contacted them because I am a proton mail user (not a proton vpn user.) and their reply was that it was under court orders, and that they fight against this!. would you rate their vpn as good or would you even entertain the idea of getting proton vpn. ?
Thank You
Biden my Time.
Here is the ProtonVPN review for your consideration.
My next guess are:
Surfshark, IPvanish, PrivateVPN and VyprVPN.
Well dang, guess I need a new VPN… is the mozilla one ok?
Of the three main VPN criteria: fast, private, and cheap. Pick two. IVPN is the best I’ve found that is fast and private, but not too cheap (but really not that expensive either). ¯\_(ツ)_/¯ but I’m just some random commenter on the interwebs. I have no affiliation w/ ivpn, but I do use their product.
what speeds do you consider ‘fast’
i’m content with anything around 120Mbps
You might also try Bitdefender’s VPN. It’s the Hotspot Shield but coupled with Epic Privacy Browser with a perfect encrypted proxy selected, you could be safer,if not the safest.
It’s quite logical really. If any secure and private service is created by humans, it can be hacked into by humans as well.
bitdefender, microshit (or soft), romanian company acquired.
everything microshit touches is shi*
I believe they are using Mullvad servers but can’t tell if it is rebranded.
I would go straight to Mullvad because you would be under Mozilla’s ToS and Privacy Policy rather than Mullvads and while I am not sure how strong they are, I would trust Mullvad more than Mozilla.
But I am biased against Mozilla and unless things take a huge 180, I would never trust them. I believe they are in Google and Microsoft’s back pocket.
https://www.tomsguide.com/features/firefox-vpn
As for my concerns about Mozilla and their VPN, this site really lays it out and shows the dangers.
https://www.security.org/vpn/mozilla/review/
The Firefox VPN is just a rebranded and more expensive version of mullvad. Otherwise it is pretty good, I’ve only brought it to support Mozilla. But yeah look into mullvad
Skip Mozilla and go straight for their provider, Mullvad. The difference? Mozilla is US-based and can be subpoenaed and searched by US authorities who may force them to turn over your logs and billing info. Mullvad is not US-based and they do not keep logs.
Great article Sven.
Buying the VPN review sites reminds me of old Black Hat tricks. Like setting up one perfect looking Web Hosting Provider review site with one of the available WP review site plugins. And start promoting it. Then, to become your own competition, at the same time duplicate that first site and change the look of it on as many other domains that you could afford. That way it didn’t matter where buyers closed the deal. There was a high probability that it would be one of the review sites owned by you. Of course, the top choice in the number one spot paid out the highest affiliate commission. 🙂
Im terribly dissappointed and frustrated with this unfortunate event. I have been a loyal and support to ExpressVPN for years and influence like-minded community to level up privacy with ExpressVPN and now everything is a disaster. Now it is clear based on this action, ExpressVPN is no longer value PRIVACY and its DIGNITY uphold and MONEY cannot buy DIGNITY. You, ExpressVPN, may release a statement to defend your DIGNITY but WORDS are just WORDS not supported by actions and facts, in fact, with all fishy news going on recently with your troublesome CIO Daniel Gericke involved in serious case and now government crony British-Israeli company purchase ExpressVPN, this is real fact that contradict your no-backed statement. There are a lot privacy enthusiast billionaires out there like example CEO of Swisscows but why in God’s sake must GOVERNMENT CRONY BRITISH-ISRAELI company? Im not to influence nor spread hate against you but cant you see the real event and fact here? It is conclude here and now, ExpressVPN is only value PROFIT and MONEY FIRST than everything. I hope my humble expression may guide everyone here to make CAREFUL decisions as you are about to fully TRUST your internet traffic to a VPN.
Thank you for bringing this important news. I cancelled my subscription to ExpressVPN the same day (“vote with your feet”).
After carefully checking your VPN reviews I ended up with a shortlist of 2 VPN providers, OVPN (Sweden) and Perfect Privacy (Swiss). I like a.o. their no-logs policy, their hardware without hard disks and their IPv6 support.
Before making my decision I subscribed to both providers for a month; testing for (no) leaks, speeds etc. I found that both providers make use of third parties; OVPN uses M247 Ltd. (UK, 5 eyes) and Perfect Privacy uses Leaseweb (NL, 9 eyes). I am not legally trained, but if the jurisdiction of a VPN provider is given, shouldn’t that be factored in?
M247 and Leaseweb are just data centers where the VPN has a server, and these data centers and servers are obviously all around the world. Nothing to fear.
The server jurisdiction is important but in some cases it cannot be helped. If you want to connect to a server in the Netherlands, you will have to pay for one there. Moreover, if the server is configured properly, encrypted fully and running in RAM mode, it doesn’t matter much. It can be disabled, wiped and terminated instantly and remotely.
Both VPN’s have been proven to not keep logs. As said, the location doesn’t bother me as long as that evidence was there.
Teddy Sagi also own Avast, which own AVG. Sagi also owns Intego. So Sagi has also expanded into anti-malware companies, purchasing some of the largest of those firms.
No, it does not look like Sagi owns Avast.
So I’m not going to get any of these Kape products.
I decide to order NordVPN after trying SurfShark for 3 weeks.
I go to their page, click on the 2 year deal, click “continue to pay” and on the left side is the payment info I have to fill out which is all I’m focused on. But on the right side? Is the 2 year deal AND their Nord Pass. My invoice total is both combined. It’s up to me to remove the Nord Pass.
They intentionally added an item to my invoice and I have to pay attention and find the light gray “remove” button to get rid of it.
That’s some sleazy behavior. Crikey, it’s back to SurfShark I guess.
Surfshark is moving to the Netherlands. Better stick to Nord.
Ever wondered why VPN companies started offering deep discounts for their 2 and 3 year subscriptions?
They are building their member base, to be attractive enough for that takeover and then cash out with the lump sum. In true ExpressVPN style. NordVPN next? Can you blame them?
It doesn’t really matter with diskless servers (100% RAM only servers) : https://surfshark.com/blog/surfshark-upgraded-to-ram-only-servers
Perfect Privacy and other VPN providers have this too.
Aw c’mon guys. Just because the previous owner Crossrider, who previously wrote spyware and malware, and changed their name to Kape Technologies to lose their reputation, who previously hid who is behind not revealing who is behind it with the phrase to “protect their employees”, who began purchasing VPNs such as CyberGhost, PIA, and Zenmate, and now ExpressVPN for $1B that came out of nowhere, with another 1/3rd that much to invest in it, and then purchased review sites and changed the scores to show theirs having the highest scores, and just now it comes out their CTO plead no-contest to illegally spying for the UAE, is no reason to doubt their integrity. Just because it looks like a duck, quacks like duck, and walks like a duck, now all of the sudden you guys believe that it could be a duck. You guys are just being paranoid. (tic)
Lmao
**EXCELLENT SUMMATION.**
😂😂😂
Hi Sven,
Great article.
I have never used this companies services (as far as I am aware – nod, nod).
They are truly disgusting.
There must be a lot people who sign up and forget about there subscription or use vpns for access to geo-blocked content. Maybe it’s all those ads and paid sponsorships? (rhetorical)
Regards,
BoBeX
Hi Again,
Concerning VPN paranoia (I am quite paranoid myself):
One’s paranoia level is tied to one’s risk level. Someone trying to elude a government – or the law – should be far more paranoid than someone trying to prevent his ISP, and commercial companies, from tracking his web browsing habits.
Analogy: an animal must always be vigilant for predators or it won’t survive. But an animal also has to eat so it can’t stay in hiding all day. Therefore it *has* to trust its camouflage, or cryptic behavior, or nocturnal activity, or hair-trigger reflexes and fast running speed.
Likewise: privacy paranoia is essential but beyond a certain point it cripples or eliminates one’s ability to use the Internet, or computers in general. No one is fully trustworthy but you must trust someone to use the Internet.
ISPs log, share and sell user data so they can’t be trusted.
Cell phone service providers can’t be trusted.
Tor browser can’t be fully trusted, situation depending.
No other browser, or browser privacy add-on, can be fully trusted.
Social media can’t be trusted (some trust fully encrypted messaging).
Free VPNs can’t be trusted.
Microsoft and Apple can’t be trusted.
Google, Adobe and most other IT companies can’t be trusted.
Independent software developers can’t be trusted – who’s verifying their claims ?
We just saw that even Protonmail can’t be trusted.
What if espionage agencies are snooping on (or hacking) NordVPN and Surfshark servers, and using supercomputers + artificial intelligence to ferret out users’ IP addresses ? What if Mozilla or privacy add-ons (e.g. HTTPS Everywhere, NoScript) are secretly collecting / monitoring user data ?
So it’s not a matter of who is fully trustworthy – nobody is – but who is *most* trustworthy.
The answer, I’d argue, is companies whose entire business model is providing privacy. All their revenue comes thence. One violation and they’re out. These companies include major, for-profit VPN providers and cybersecurity firms.
One can’t fully trust these at their word, so how do we assure safety ? Reputable 3rd party auditing.
BUT – who is auditing the auditors ? Maybe the auditors are colluding with government agencies to certify faulty VPNs ? Who vets auditors and deems them “reputable” ?
At this paranoia level one might, perhaps, pursue IT training and build one’s own hardware and software. But what if the processors have built-in backdoors enabling espionage agencies to control the BIOS ? Who is watching Intel ? And who is watching that watcher ? What if spy agencies have a secret method to decrypt top-rated encryptions ?
Bottom line: paranoia is essential but so is realism. Surveillance & espionage agencies themselves have to trust *someone* with security / privacy. So do all governments, militaries, banks and major financial institutions. And periodically they do get hacked because nothing is 100% safe. But they survive.
Hence my previous comments about caution with assailing ExpressVPN contingent upon passing credible, 3rd party audits for best practices and maintaining transparency. ExpressVPN’s statement about Daniel Gericke – actually about the company’s trustworthiness – is honorable (https://www.expressvpn.com/blog/daniel-gericke-expressvpn/). Note especially:
“an ongoing part of our work to invite auditors, penetration testers, and other third parties to evaluate and stress-test our systems… we transitioned to using BugCrowd… [this] encouraged even more researchers to look at our apps and make them safer for our users. It also encouraged greater transparency, since all bugs and their respective fixes can be publicly disclosed…
we’ll be increasing the cadence of our existing third-party audits to annually recertify our full compliance with our Privacy Policy, including our policy of not storing any activity or connection logs…
the extensive steps we take to prevent anyone from injecting malware into our apps.”
(https://www.expressvpn.com/blog/build-verification-system-prevents-malware/)
Most people would be well served with a (relatively) secure browser, reputable privacy add-ons, an externally-audited VPN and safe browsing habits. The truly paranoid would daisy-chain 2 or 3 VPNs and then use Tor browser, all running through TAILS on a dedicated computer. Beyond this, one is in professional IT territory – if not spy territory.
Good points.
I would add that ExpressVPN provided a tangible proof of their declarations with their server seizure. Well, that could be marketing too, as can be “independent” audits, but seriously, can be a better confirmation of the company policies?
Thank you.
I was unclear, I tried to convey too much with too little, I apologize, not throwing shade at you, just vpns in general… The news being so fresh coupled with that it was so short a time ago you recommended expressvpn in the mentioned article….and as you are someone as diligent in your research, to have to reverse course with the new revelation…now all vpns in any list are suspect. Especially so with controlled ‘independent’ review aka propoganda (marketing) sites out there they just purchased, so obvious the strategy with that move. Totally dishonest practice, and anything Kade says about turning over a new leaf should fall on deaf ears, especially when considering the totality of their actions. A new grift on a larger and more complex scale. Which leads me to my next thought.
If a vpn that was generally regarded as secure and highly recommended is now clearly a threat, what hope of securing trust, and what lengths will other vpns need to go to in order to keep/grow their customer base?
What a weird time to be alive…trust is being eroded in so many areas of life all happening simultaneously.
Also what is weird is the financial purchasing power Kape has. Is it financed? Is it profits from their illicit business? Or is it something more sinister given the involvement of a former intel agent, state sponsored through shell company investments/fundraising? Were they so unsatisfied with their previous success or more emboldened.? Is the UK aware, if so, the lack of investigation/fines implies possible sanctioning of or silent partnership with…If true, what other services are compromised?
With the proliferation of scraping tech by facebook, google, apple, microsoft, do vpns even matter? Is the essential info about the activity hidden behind vpns compromised at the base system level and Kape saw this and saud, why not us too, we are going legit too, wink wink…
You have heard of the central bank system? They have unlimited money to do whatever they want.
Thank you much for this review.
On the one hand, this is clearly bad news and betrayal of user trust. ExpressVPN shouldn’t have done this.
On the other hand, I think we are seeing an over-reaction. Condemnation of ExpressVPN should be based on facts, not suspicion and perhaps paranoia.
To date, ExpressVPN hasn’t been found to do anything bad. As far as I know they haven’t changed their terms of service, which would signal trouble. These terms are available publicly, hence easily monitored. What if they will continue 3rd party audits which would verify their privacy claims ? What if they retain their current, relative transparency ?
To date, has Kape been found to violate Zenmate and PIA privacy practices ?
Kape’s rating manipulations are slimy but these sorts of things occur frequently. Same for closing comments for controversial blog articles and disabling user reviews following controversy. Privacy-conscious people do their research before signing up, e.g. on this excellent website.
More importantly – if they sell customers a privacy service and then are found to violate it, not only ExpressVPN but Kape could face costly lawsuits for breaching the official terms of service. They will also lose perhaps the majority of customers for all VPN services Kape owns. Being based in Israel is no protection because under Israeli law, its businesses and citizens are subject to foreign lawsuits and legal proceedings.
Kape has invested nearly a billion dollars acquiring ExpressVPN, and the other VPNs. If they get caught violating privacy this investment will go down the drain. They will also lose a fortune due to customer departures and possibly lawsuits. Kape knows from first-hand experience it can’t get away with shady practices. They would get exposed.
Hence Kape has a vested interest to let its VPN acquisitions continue running their routine operations, thus getting return-on-investment and helping to clear their sketchy reputation. With VPNs, one confirmed breach of user privacy / trust and you’re out of business.
So while this acquisition is bad news, it would be wiser to monitor the situation and see what happens rather than accuse ExpressVPN of wrongdoing without credible evidence. Let’s see if ExpressVPN’s terms of service change and, especially, if they continue 3rd party audits.
Only the paranoid survive, somtimes they are out to get you…
A sensible perspective. Somewhat agree that being paranoid is the optimal strategy with this class of risk however your points are spot-on.
I think though, they have proven their tactics to be dirty still by buying the VPN review websites & placing the results in their favour very sneakily. Shows they are still up to their old tricks and not playing by the book.
I wonder if you would disclose your relationship to Kape…. Employee? Owner? Consultant?
3rd party audit companies are owned by the same owner of the company they are auditing. buying review sites by kape, classic example. also monopolizing the market not good either. I’ll give my money to the small unaudited vpn provider who provides.
If you use a vpn that doesn’t disclose ownership and or has an affiliate programme you are doing it wrong.
was cyberghost sold for 10 mil?
they pretty much gave away the company for free.
Excellent article!
In light of these events Mullvad has published the following blog post: https://mullvad.net/en/blog/2021/9/16/ownership-and-future-mullvad-vpn/
Looks like VPN companies will now have to not only guarantee a no-log policy, but a promise of commitment to not selling out to shady businesses like Kape…
It’ s only a matter of time until VPN’s will be declared illegal by western governments and you’ll need an internet-access passport backed by your social security number.
Anonymous access is a thorn in the side of governments.
You can always run your own VPN on any Linux KVM VPS or Dedicated hosting provider.
In which the hosting provider has your payment information, connection logs, signup information etc. And server centers keeps logs of everything. Hosting your own VPN is the worst idea.
Good article and glad you covered this. Thankfully ExpressVPN posted they were bought out by Kape Technologies on their blog which I go to at least once every 3 or 4 days, usually once a day or every two days. And thankfully I was already aware of Kape Technologies past as Crossrider making malware. As soon as I read it was The Kape Technologies and not just some random company named Kape, I installed Nord VPN and set it up and closed my virtual card I used for ExpressVPN. I warned my brother and sister and my friends that ExpressVPN shouldn’t be trusted. This was all before I even read about the CIO selling data on activists.
Also, for some weird reason, my public reviews on the Google Play Store on ExpressVPN keeps getting removed or something. I’m not deleting it either. I’ve changed up the wording, removed the sources, etc, but it keeps getting removed. I want to contact Google about this but I’m not sure if they’ll be of any help. Perhaps, regardless of who runs the Play Store page for ExpressVPN, maybe they’ve been told to go into damage control and are having Google remove the comment. (Thankfully other people have posted about the acquisition and are warning others). Also, on the blog article on the new acquisition, at least for me, they disabled the comments and removed any and all comments they had on that article.
Kape/PIA to provide VPN services for mobile subscribers in Hong Kong: https://www.londonstockexchange.com/news-article/KAPE/pia-introduces-a-new-way-of-vpn-subscription/15059584
How interesting!
“China to allow overseas investment in VPNs but Beijing keeps control…”
https://www.theregister.com/2021/10/20/china_vpn_foreign_investment/
这个以色列人的背后资金可能就是某些国家机器,比如美国DS和中共CCP。
Crunchbase lists the companies owned by Kape here: http://www.crunchbase.com/organization/crossrider/company_financials
WOW-WEE-WOW! I’m so glad I purchased the services of VPN.ac based on your sites description and recommendation. Hope they never sell out Internet criminals!!! Cheers, George
https://2009-2017.state.gov/j/inl/rls/nrcrpt/2012/vol2/184110.htm
So, a privacy jurisdictions mean nothing, as well. It’s just another myth, unfortunately.
No, that’s not necessarily true. Just look at real-world cases. Sure, there are MLAT treaties for cooperation on certain criminal cases, but that may or may not lead to anything. It’s a lot easier for US, UK, or Australian governments to force logs and compliance out of a business in their own jurisdiction than one on the other side of the world. Switzerland is proving to be an interesting case, however, and probably not as “safe and secure” as we expected. This is evident with the recent ProtonMail logging case.
The big wildcard, however, is whether the privacy service is willing to fight these requests in court, as we have seen with OVPN and the recent Rights Alliance copyright case, or bow down to 3,000+ requests per year, as we see with ProtonMail. Either way, the argument still stands. A safe offshore jurisdiction is an additional layer of safety for the end user.
Sven, I was referring on ExpressVPN’s claims that the company will stay in the same jurisdiction (BVI), trying to prove they remain autonomous, I guess?😊 These treaties will obviously help authorities and lawyers to get whatever they want, Kape won’t fight against that for sure. So, again, jurisdiction is not much if the people behind the company can’t be trusted. Right?
Ah gotcha. Yes, I would agree that the company behind the VPN is even more important than jurisdiction.
Boy am I glad my Express subscription runs out this month. I’ll probably move to something else. Anything else except this cancer.
The only real currency in the VPN industry is Trust, and it’s safe to say ExpressVPN went completely broke in that department. I really hope this news goes out to every single Express customer and they cancel their subscription and run this company into the group for all the stupid decisions their management took and all the criminals they hired (and will hire).
Riddle me this.
How in the f*&% does an israeli malware company have billions (?) of dollars just sitting around to literally buy up the vpn industry???
Seriously frens. What the f*&% is going on here??? How do you make this much money from malware, or is something else going on? What are these shady f*&%s doing behind the scenes? Think about that frens. What is happening to your data when you connect to their vpn servers? Follow me yet?
If data = money, and vpns can collect data when they abuse privacy and LOG EVERYTHING, and these guys are buying up the industry, then that points to one scary f*&%ing conclusion.
Or do you really believe these malware criminals (yes they are literally convicted criminals) just woke up one day and decided they REALLY CARED ABOUT YOUR PRIVACY? Or is something else going on?
Ask the hard questions. Solve the riddle.
Riddler out.
People associated with Kape (founders, stakeholders) have history with the IDF, particularly Unit 8200 (which also has ties with the NSO group), so we can speculate where at least part of their funding comes from.
ExpressVPN staff also have dirt on their hands;
https://uk.pcmag.com/vpn/135678/expressvpn-cio-helped-united-arab-of-emirates-hack-into-phones-computers
Not surprising Kape would want ExpressVPN in their honeypot.
Yeah, it’s just like I wrote in my other comment: these companies are military intelligence agency money laundering fronts.
These companies are military intelligence agency fronts (CIA, MI6, GRU, Mossad, etc). Their funding comes from intelligence agency money laundering operations.
ExpressVPN, seeking to assway everyone is doing just the thing all companies do in a merger.
The bought company assures that nothing will change.
And the parent company agrees….until it doesn’t.
And all purchased companies will remain the same….until they don’t.
I understand the users frustration.
Edward Snowden just publicly denounced ExpressVPN. As far as I’m concerned, ExpressVPN is as good as malware.
https://twitter.com/Snowden/status/1438291654239215619?s=19
Yep, we’ll be covering that this week as well. What a storm of news we have had in the past few days!