Kape Technologies (formerly Crossrider) has now acquired four different VPN services and a collection of VPN “review” websites that rank Kape’s VPN holdings at the top of their recommendations. This report examines the history of Kape Technologies and its rapid expansion into the VPN industry.
Update: We have added new information and corrections to this report, while also publishing another article that closely examines the business of Kape and Crossrider.
As is normal in the tech industry, the VPN world is undergoing some major changes and consolidation. The most recent example of this is with ExpressVPN, which announced plans this week to be acquired by Kape Technologies. While this may come as a surprise to some, it is nothing new in the industry. In fact, Kape has been on a VPN buying spree since 2017.
Unfortunately, many VPN users remain oblivious about the real owners of the VPN they are using as well as the history behind some of these entities. This is not because the owners are concealing anything, but rather, most “VPN review” websites fail to mention these important facts. This in-depth report intends to reveal the details for all to see. Here’s what we’ll cover:
- Kape (formerly Crossrider) was previously attributed to malware and adware, but it was not in fact responsible for creating the malware (this is addressed in detail here)
- The people behind Kape and Crossrider
- Crossrider begins purchasing VPN services, then changes name to Kape Technologies
- Kape purchases a collection of VPN “review” websites, then changes the rankings
- The future of Kape’s VPN ventures
To get a better understanding of the situation, we must first examine the history of Kape.
Kape (formerly Crossrider) created a cross-browser development platform
Before 2018, Kape Technologies was called Crossrider and it was often discussed in the malware and adware industry. You can still find numerous outlets that discussed Crossrider malware and adware infecting various devices, such as with Malwarebytes, Symatec, and Security Beulevard in 2019.
Below is an excerpt from a Malwarebytes article that discussed how Crossrider malware infected devices through software bundles:
Crossrider offers a highly configurable method for its clients to monetize their software. The common method to infect end-users is software bundlers. The installers usually resort to browser hijacking. Targeted browsers are Internet Explorer, Firefox, Chrome, and sometimes Opera. Crossrider not only targets Windows machines but Macs as well.
PUP.Optional.Crossrider installs are typically triggered by bundlers that offer software you might be interested in and combine them with adware or other monetizing methods.
While many outlets attributed this “Crossrider malware” to the people/business behind Crossrider itself, the truth is that Crossrider never created malware. Instead, the Crossrider platform was abused by third parties to spread malware and adware.
Crossrider offered monetization options that were used by ad injectors
We closely examined Crossrider’s history here and learned that it was a big player in the ad injection industry. In fact, there was even a research paper published by UC Berkeley, Google, and other co-authors who called out Crossrider’s business practices.
Crossrider is a mobile, desktop, and extension development platform that enables drop-in monetization via major ad injectors. Crossrider provides its affiliate ID to ad injectors while separately tracking kick-backs to developers. The other top affiliates listed in Table III are all cross-browser extensions and plugins that impact Chrome, Firefox, and Internet Explorer.
We summarized our investigation into Crossrider’s business history as follows:
- Crossrider created a development platform, which was used for many different purposes (both good and bad).
- Crossrider offered monetization options with its platform and was used by major ad injectors.
- Third parties also used Crossrider’s platform for malware distribution, but Crossrider was not the owner or creator of that malware.
- Crossrider completely shut down the program in 2016, changed out the company’s leadership, and pivoted to the privacy and security niche.
- In 2018, Crossrider changed its name to Kape Technologies.
Now that we’ve examined the business operations of Kape/Crossrider, let’s look at the leadership.
The people behind Kape and Crossrider
The main investor behind Kape is Teddy Sagi, an Israeli billionaire who previously spent time in jail for insider trading — but this happened all the way back in 1996, early in Sagi’s career. Sagi acquired Kape Technologies in 2012 and is an investor in many other industries.
Interestingly, Sagi is also named in the Panama Papers that detail a “rogue offshore financial industry.”
Another key figure behind Crossrider/Kape is Koby Menachemi. Forbes wrote a interesting article on Menachemi, detailing his ties to Israeli intelligence and cyber espionage.
Forbes noted the ties that Crossrider had to Israeli state surveillance entities:
A vast number of companies are affiliated with ad injectors, either packaging their tools or funnelling ads down to them. One of the biggest is Crossrider, the majority stake of which is held by billionaire Teddy Sagi, a serial entrepreneur and ex-con who was jailed for insider trading in the 1990s. His biggest money maker to date is gambling software developer Playtech. Co-founder and CEO Koby Menachemi was part of Unit 8200, where he was a developer for three years.
What went unnoticed, until now, is that most of the searchable organisations involved in this potentially dangerous business are based in Israel. They also happen to have links to the nation’s military and its top signals intelligence agency, the Israeli equivalent of the NSA or GCHQ: Unit 8200, which works out of the Israel Defense Forces (IDF).
It’s important to note, however, that Menachemi is no longer with Kape. And as we noted here, nearly the entire leadership of Crossrider left the company when Crossrider closed down its development platform. Furthermore, today, Kape is led by CEO Ido Ehrlichman, who was never part of Crossrider.
Interestingly, we also just learned that ExpressVPN’s CIO, Daniel Gericke, also has ties to state surveillance activities. According to Reuters, Gericke and two others are accused of “violating U.S. hacking laws and prohibitions on selling sensitive military technology” to the United Arab Emirates. According to reports, this “sensitive military technology” helped the UAE spy on dissidents and human rights activists.
“Hackers-for-hire and those who otherwise support such activities in violation of U.S. law should fully expect to be prosecuted for their criminal conduct,” Acting Assistant Attorney General Mark J. Lesko for the Justice Department’s National Security Division said in a statement.
Note: We have an article on this case as well:
High-Level ExpressVPN Executive Ensnared in Criminal Surveillance Operation
Make of this situation what you will. However, keep in mind that when you use a VPN, you are trusting the service to handle all of your internet traffic and not do anything questionable in the background.
Crossrider begins purchasing VPN services, then changes name to Kape Technologies
Now that you understand the background and leadership behind Kape Technologies, let’s examine its involvement in the VPN industry.
2017: Crossrider purchases CyberGhost VPN for $10 million
Crossrider’s first big VPN acquisition was in March 2017 when it purchased CyberGhost VPN for about $10 million. Originally founded in 2004, CyberGhost was a big player in the industry that experienced rapid growth before it was acquired.
2018: Crossrider changes name to “Kape”
Sometime in 2018, Crossrider decided to change its name to “Kape Technologies” as part of a rebranding effort. Ido Erlichman, the CEO of Kape, stated that the name change was an attempt to distance Kape from “past activities”:
The decision to rename the company, explains Erlichman was due to the strong association to the past activities of the company as well as the need to enhance the consumer facing brand for the business.
CyberGhost founder Robert Knapp also stated in a blog post that Crossrider was an “ad tech” company that did the “opposite” of what CyberGhost does (privacy and security):
While CyberGhost focused on privacy and security from day one, Crossrider started out as a company that distributed browser extensions and developed ad tech products. Quite the opposite of what we did.
2018: Kape purchases Zenmate VPN for $5 million
Not being content with just one VPN service, Kape then moved on to purchase Zenmate VPN, based in Germany, for around $5 million.
2019: Kape purchases Private Internet Access for $127 million
The next acquisition came in 2019 when Kape purchased Private Internet Access (PIA) for $127 million in cash and shares. At the time, PIA was a major player in the VPN industry with a substantial user base.
We wrote an article about it back in 2019 and described how many PIA users were upset about the acquisition and did not trust Kape. This screenshot from a PIA user on the PIA subreddit summarizes the sentiment of some users.
But the acquisitions were not over…
2021: Kape purchases ExpressVPN for $936 million
The latest major VPN acquisition we have for Kape Technologies is ExpressVPN, which it agreed to purchase for nearly $1 billion. This is by far the largest VPN acquisition to date and a major addition to Kape’s portfolio.
Watching this same story play out over and over again over the past four years is kind of like Groundhog Day. We generally find two reactions, with the user base being upset and the acquired VPN trying hard to calm everyone down.
- ExpressVPN users largely seem upset by the news.
- ExpressVPN issues canned statements and press releases along the lines of “Don’t be alarmed, everything is good!”
Let’s see how many more times this same story plays out with future VPN acquisitions.
Kape purchases a collection of VPN “review” websites for $149 million, then changes the rankings
In another twist to the plot, Kape Technologies also purchased a collection of VPN review websites in 2021. Yes, you got that right. The parent company that owns these VPNs now also owns a few high-profile websites that “review” and recommend VPNs to users around the world.
This is clearly a conflict of interest, but that goes without saying.
In May 2021, news broke that Kape had purchased a company called Webselenese. According to various press releases, we learned that Webselenese operates out of Israel and runs the websites vpnMentor.com and Wizcase.com. Collectively, these two websites have monthly search traffic of around 6.1 million visitors according to Ahrefs traffic analysis tool (September 2021).
Note that there may be other VPN review websites in Kape’s portfolio that we’re not aware of.
We also have a dedicated article on this topic:
These VPN “Review” Websites are Actually Owned by VPNs
Visiting vpnMentor’s homepage today, we find that the parent company’s three large VPN services all hold the top 3 spots in the rankings of the best VPNs for 2021.
Wizcase.com: Similarly, we find the exact same top 3 rankings on Kape’s other website Wizcase.com.
Note: As we showed here, both vpnMentor and Wizcase had NordVPN and Surfshark in their top rankings just a few months ago. However, since Kape purchased these websites, we see big rankings changes, with all of the top 3 recommendations given to Kape’s own VPN companies. However, ExpressVPN has held the top #1 spot, even before the recent acquisition was announced. You can see the exact changes (before and after the Webselenese acquisition) documented in this article.
The future of Kape’s VPN ventures
If the past is an indication of the future, Kape will continue to expand its holdings in the cybsersecurity and VPN industry, which only continues to grow. Perhaps in the not-so-distant future, this conglomerate of VPNs and VPN review websites will be spun off and potentially sold as its own company.
In the meantime, there are now millions of VPN subscribers who fall under Kape’s ownership and control. Unfortunately, none of Kape’s VPNs that I have tested have been stand-out performers. The one exception would be ExpressVPN, but it too has fallen behind in the past year and dropped a few spots in our rankings, which are regularly updated to reflect industry news and our own test results.
Hopefully, this trend in consolidation will slow down as it gives the end-user fewer choices with independently-owned VPN services.
[https://www.safetydetectives.com/] ,which Reviews Antivirus and VPN products is owned by Kape technologies as stated by their website.
I wonder is it safe now to use these VPNs? Currently I have ExpressVPN and PandaVPN (from this company [http://pandavpnpro.com/]) at the same time in case sometimes anyone is not working… If it’s not as safe as before, I won’t continue the subscription.
On a positive note, ExpressVPN will continue to operate independently, last I heard, and it is performing very well right now. But go with services you trust.
is proton vpn worth getting, I know they gave details to french authorities about a french national and their ip address, I contacted them because I am a proton mail user (not a proton vpn user.) and their reply was that it was under court orders, and that they fight against this!. would you rate their vpn as good or would you even entertain the idea of getting proton vpn. ?
Thank You
Biden my Time.
Here is the ProtonVPN review for your consideration.
My next guess are:
Surfshark, IPvanish, PrivateVPN and VyprVPN.
Well dang, guess I need a new VPN… is the mozilla one ok?
Of the three main VPN criteria: fast, private, and cheap. Pick two. IVPN is the best I’ve found that is fast and private, but not too cheap (but really not that expensive either). ¯\_(ツ)_/¯ but I’m just some random commenter on the interwebs. I have no affiliation w/ ivpn, but I do use their product.
what speeds do you consider ‘fast’
i’m content with anything around 120Mbps
You might also try Bitdefender’s VPN. It’s the Hotspot Shield but coupled with Epic Privacy Browser with a perfect encrypted proxy selected, you could be safer,if not the safest.
It’s quite logical really. If any secure and private service is created by humans, it can be hacked into by humans as well.
bitdefender, microshit (or soft), romanian company acquired.
everything microshit touches is shi*
Microsoft is a great company, unlike Google whose basic business model is monetizing user data, and gathering as much as they can about users so they better sell their ads. Microsoft is a software company whose main revenue comes from consumer products like Software, software services, cloud services etc. It is a well-trusted company that doesn’t drop into shady tactics like Google, which frequently gets fined by European regulation authorities for its bad business model and violations of user privacies.
Bitdefender is an independent company not owned by Microsoft.
“Bitdefender provides cybersecurity solutions with leading security efficacy, performance and ease of use to small and medium businesses, mid-market enterprises and consumers. Guided by a vision to be the world’s most trusted cybersecurity solutions provider, Bitdefender is committed to defending organizations and individuals around the globe against cyberattacks to transform and improve their digital experience.” – Bitdefender Official
I believe they are using Mullvad servers but can’t tell if it is rebranded.
I would go straight to Mullvad because you would be under Mozilla’s ToS and Privacy Policy rather than Mullvads and while I am not sure how strong they are, I would trust Mullvad more than Mozilla.
But I am biased against Mozilla and unless things take a huge 180, I would never trust them. I believe they are in Google and Microsoft’s back pocket.
https://www.tomsguide.com/features/firefox-vpn
As for my concerns about Mozilla and their VPN, this site really lays it out and shows the dangers.
https://www.security.org/vpn/mozilla/review/
The Firefox VPN is just a rebranded and more expensive version of mullvad. Otherwise it is pretty good, I’ve only brought it to support Mozilla. But yeah look into mullvad
Skip Mozilla and go straight for their provider, Mullvad. The difference? Mozilla is US-based and can be subpoenaed and searched by US authorities who may force them to turn over your logs and billing info. Mullvad is not US-based and they do not keep logs.
Great article Sven.
Buying the VPN review sites reminds me of old Black Hat tricks. Like setting up one perfect looking Web Hosting Provider review site with one of the available WP review site plugins. And start promoting it. Then, to become your own competition, at the same time duplicate that first site and change the look of it on as many other domains that you could afford. That way it didn’t matter where buyers closed the deal. There was a high probability that it would be one of the review sites owned by you. Of course, the top choice in the number one spot paid out the highest affiliate commission. 🙂
Im terribly dissappointed and frustrated with this unfortunate event. I have been a loyal and support to ExpressVPN for years and influence like-minded community to level up privacy with ExpressVPN and now everything is a disaster. Now it is clear based on this action, ExpressVPN is no longer value PRIVACY and its DIGNITY uphold and MONEY cannot buy DIGNITY. You, ExpressVPN, may release a statement to defend your DIGNITY but WORDS are just WORDS not supported by actions and facts, in fact, with all fishy news going on recently with your troublesome CIO Daniel Gericke involved in serious case and now government crony British-Israeli company purchase ExpressVPN, this is real fact that contradict your no-backed statement. There are a lot privacy enthusiast billionaires out there like example CEO of Swisscows but why in God’s sake must GOVERNMENT CRONY BRITISH-ISRAELI company? Im not to influence nor spread hate against you but cant you see the real event and fact here? It is conclude here and now, ExpressVPN is only value PROFIT and MONEY FIRST than everything. I hope my humble expression may guide everyone here to make CAREFUL decisions as you are about to fully TRUST your internet traffic to a VPN.
Thank you for bringing this important news. I cancelled my subscription to ExpressVPN the same day (“vote with your feet”).
After carefully checking your VPN reviews I ended up with a shortlist of 2 VPN providers, OVPN (Sweden) and Perfect Privacy (Swiss). I like a.o. their no-logs policy, their hardware without hard disks and their IPv6 support.
Before making my decision I subscribed to both providers for a month; testing for (no) leaks, speeds etc. I found that both providers make use of third parties; OVPN uses M247 Ltd. (UK, 5 eyes) and Perfect Privacy uses Leaseweb (NL, 9 eyes). I am not legally trained, but if the jurisdiction of a VPN provider is given, shouldn’t that be factored in?
M247 and Leaseweb are just data centers where the VPN has a server, and these data centers and servers are obviously all around the world. Nothing to fear.
The server jurisdiction is important but in some cases it cannot be helped. If you want to connect to a server in the Netherlands, you will have to pay for one there. Moreover, if the server is configured properly, encrypted fully and running in RAM mode, it doesn’t matter much. It can be disabled, wiped and terminated instantly and remotely.
Both VPN’s have been proven to not keep logs. As said, the location doesn’t bother me as long as that evidence was there.
Teddy Sagi also own Avast, which own AVG. Sagi also owns Intego. So Sagi has also expanded into anti-malware companies, purchasing some of the largest of those firms.
No, it does not look like Sagi owns Avast.
So I’m not going to get any of these Kape products.
I decide to order NordVPN after trying SurfShark for 3 weeks.
I go to their page, click on the 2 year deal, click “continue to pay” and on the left side is the payment info I have to fill out which is all I’m focused on. But on the right side? Is the 2 year deal AND their Nord Pass. My invoice total is both combined. It’s up to me to remove the Nord Pass.
They intentionally added an item to my invoice and I have to pay attention and find the light gray “remove” button to get rid of it.
That’s some sleazy behavior. Crikey, it’s back to SurfShark I guess.
Surfshark is moving to the Netherlands. Better stick to Nord.
Ever wondered why VPN companies started offering deep discounts for their 2 and 3 year subscriptions?
They are building their member base, to be attractive enough for that takeover and then cash out with the lump sum. In true ExpressVPN style. NordVPN next? Can you blame them?
It doesn’t really matter with diskless servers (100% RAM only servers) : https://surfshark.com/blog/surfshark-upgraded-to-ram-only-servers
Perfect Privacy and other VPN providers have this too.