What does a company with a history of producing malware have to do with a VPN service that offers privacy and security?
There is a lot speculation and questions that have surfaced since Private Internet Access announced that it was acquired by Kape Technologies. With the merger between PIA and Kape, many VPN users are wondering if now is the time to jump ship or trust there will be smooth sailing ahead.
In this article we’re going to put Kape and Private Internet Access under the microscope and show you exactly why people are alarmed.
Kape Technologies acquires Private Internet Access, plans another name change
On November 19, 2019, Kape Technologies officially announced its plan to acquire Private Internet Access.
Kape Technologies, is delighted to announce the transformational acquisition of Private Internet Access (PIA), a leading US-based digital privacy company. This acquisition will significantly increase the company’s presence in North America and doubles its existing user base to over 2 million paying customers with a truly global brand.
This catapults Kape towards becoming the ‘go-to’ privacy company for consumers, paving the way to dominating the rapidly growing digital privacy space, which is already worth US $24 billion in 2019 and is expected to grow by 50% by 2022. According to the Breach Level Index, in the first half of 2018, more than 25 million records were compromised every day, which equates to 291 records every second. As technology develops, and more and more data is shared online, the need for online protection is increasing exponentially.
This all sounds fine on the surface, and there is truly a need for reliable privacy tools. As we’ve covered before, the cybersecurity statistics and trends are only getting more alarming with each passing year.
But this acquisition also raises some interesting questions:
- What is the background of Kape Technologies?
- Can Kape be trusted with protecting your privacy online?
- Why are many longtime PIA customers freaking out and cancelling their subscriptions?
Kape plans to change its name (again)
While most acquisitions are designed to boost the parent company’s name, in this case, Kape Technologies is planning to drop its own name. Kape will be taking on the name of “Private Internet” as the parent company of Private Internet Access. This actually marks the second time that Kape (formerly Crossrider) has changed its name in just the past few years.
Why would Kape undergo yet another name change? (We’ll answer this below.)
Kape Technologies also owns CyberGhost and Zenmate
This latest acquisition marks another trend we’ve seen developing over the years: consolidation in the VPN market. But this isn’t the first time Kape Technologies has been involved in a VPN acquisition. Before it changed it’s name to Kape Technologies, the company was called Crossrider – and it was buying up VPNs.
Before 2017, Crossrider was not in the VPN business, but rather, the malware business (we’ll cover this below). However, in March 2017, Crossrider purchased CyberGhost VPN for about $10 million.
Despite being purchased by an Israeli company, CyberGhost claims it remains a Romanian VPN provider under the jurisdiction of Romania.
Then, in 2018, Crossrider purchased another VPN service, Zenmate. According to Edison, Crossrider paid €4.8 million for Zenmate, a Berlin-based VPN provider.
With the latest acquisition of Private Internet Access, Kape is the parent company of three different VPN services.
This is the consolidation of the VPN industry, as smaller companies get bought up by the big players.
Now let’s take a closer look at Kape Technologies.
Crossrider (Kape) created “high risk” malware and adware
Before changing its name to Kape Technologies in 2018, the company was called Crossrider.
If you take a minute to research Crossrider, you see that it is a company that built a (bad) reputation from creating malware and adware products. There are many different articles about Crossrider’s malware and adware, such as this article from Malwarebytes:
Crossrider offers a highly configurable method for its clients to monetize their software. The common method to infect end-users is software bundlers. The installers usually resort to browser hijacking. Targeted browsers are Internet Explorer, Firefox, Chrome, and sometimes Opera. Crossrider not only targets Windows machines but Macs as well.
PUP.Optional.Crossrider installs are typically triggered by bundlers that offer software you might be interested in and combine them with adware or other monetizing methods.
According to Malwarebytes and many other reputable online security websites, Crossrider was hiding malware in software bundlers, which would then infect the user’s computer.
From Symantec:
Risk Impact: High
Systems Affected: Windows
Behavior
Adware.Crossid is a security risk that displays advertisements in certain social networking sites and Web browsers.
And for those who want to dismiss this as old history, there are articles as recent as 2018 warning about Crossrider malware infecting computers. And note, this was after Crossrider had purchased CyberGhost in 2017.
A 2018 article from Malwarebytes describes how Crossrider was infecting computers with fake Adobe Flash updates:
A new variant of the Crossrider adware has been spotted that is infecting Macs in a unique way. For the most part, this variant is still quite ordinary, doing some of the same old things that we’ve been seeing for years in Mac adware. However, the use of a configuration profile introduces a unique new method for maintaining persistence.
…This new Crossrider variant doesn’t look like much on the surface. It’s yet another fake Adobe Flash Player installer, looking like the thousands of others we’ve seen over the years….
So is this old history, or a pattern of behavior?
Can a company that built a business around malware and adware be trusted with running a VPN service and protecting user privacy?
Importantly, we see that even in 2018, after Crossrider had already purchased CyberGhost VPN, its malware was still making headlines and infecting peoples’ computers.
Who is behind Crossrider and Kape Technologies?
The main figure behind Crossrider and Kape Technologies is the Israeli billionaire Teddy Sagi. In fact, some outlets refer to the company as “Teddy Sagi’s Kape” when discussing the latest merger news with PIA.
You can read about Teddy Sagi on Wikipedia; he has an interesting history.
Forbes wrote an interesting article (archived) that discusses Crossrider, Sagi, and the company’s ties to the Israeli intelligence community.
The Forbes article had this to say about Sagi and Crossrider:
A vast number of companies are affiliated with ad injectors, either packaging their tools or funnelling ads down to them. One of the biggest is Crossrider, the majority stake of which is held by billionaire Teddy Sagi, a serial entrepreneur and ex-con who was jailed for insider trading in the 1990s. His biggest money maker to date is gambling software developer Playtech. Co-founder and CEO Koby Menachemi was part of Unit 8200, where he was a developer for three years.
So what is Unit 8200?
Forbes explains this connection as follows:
What went unnoticed, until now, is that most of the searchable organisations involved in this potentially dangerous business are based in Israel. They also happen to have links to the nation’s military and its top signals intelligence agency, the Israeli equivalent of the NSA or GCHQ: Unit 8200, which works out of the Israel Defense Forces (IDF).
The co-founder and CEO of Crossrider was Koby Menachemi, who was also part of Unit 8200, as you can see on his archived LinkedIn page.
But I’m not the first (or only) person pointing these things out. It seems word has gotten out, with other articles (archived) pointing out these same concerning ties.
You can read more about Unit 8200 here.
And these developments seem to be worrying many PIA users.
Why another name change?
As noted earlier, this latest decision will be the second time in the past few years that the company has changed it’s name:
Crossrider > Kape Technologies > Private Internet (planned)
So why does this company keep changing its name?
Answer: to distance itself from a questionable and controversial past.
As the CEO admitted here, the name change was an attempt to distance Kape from controversial “past activities”:
The decision to rename the company, explains Erlichman was due to the strong association to the past activities of the company as well as the need to enhance the consumer facing brand for the business.
CyberGhost also admitted in a blog post that Crossrider was an “ad tech” company that did the “opposite” of what CyberGhost does (privacy and security):
While CyberGhost focused on privacy and security from day one, Crossrider started out as a company that distributed browser extensions and developed ad tech products. Quite the opposite of what we did.
This latest name change seems to fulfill two objectives:
- It further distances the company (Kape/Crossrider) from its controversial past.
- It rebrands the business to be about “privacy” now that it owns three different VPNs.
Some PIA users are freaking out
While I’m not certain if this trend is representative of a large percentage, or instead a vocal minority, there are clearly some upset PIA users canceling their subscriptions. Various forums have been lighting up with talk about Crossrider, Kape, malware, and links to overseas intelligence operations.
When asked why everyone is skeptical about PIA following the merger with Kape, one reddit user succinctly put it this way.
The alarm among Private Internet Access users has apparently been enough for PIA to go into damage control mode. They issued a post on reddit to try to calm fears and mitigate subscription cancellations.
So now to the million-dollar question.
Is PIA safe and trustworthy after the merger with Kape?
Short answer: you decide.
With Private Internet Access merging with Kape, and retaining the “Private Internet” name for the parent company, there is a lot to consider. Ultimately, only you can decide if PIA is still an adequate privacy tool to place trust in for your unique threat model and needs.
Up until this point, Private Internet Access had a pretty good track record. It is one of a few verified no logs VPN providers, having been tested in two separate court cases and proven to not keep logs. But it is also a VPN operating in the United States, a Five Eyes surveillance country with bad privacy laws.
Now fast forward to today, and the good track record may not be enough for some people.
One of the big draws of PIA is that it was a battle-tested VPN that was proven to not keep logs in court. On a positive note, there are a few other proven no logs VPN providers, some of which have passed third-party audits.
It is also a cheap VPN service, with very reasonable pricing. But again, there are many other cheap VPNs on the market. Lastly, our best VPN list includes other recommendations as well.
At the end of the day, only you can decide which privacy tools are safe and effective for your unique needs. This case is somewhat similar to the recent news of System1 acquiring an undisclosed portion of Startpage.
Ultimately, if the news about PIA merging with Kape Technologies leaves you feeling uneasy, there are many other VPNs to consider.
Because pia didn’t tell us now they trying to put out the fire, well i’m one for sure who’s jumping ship.PIA lost our trust, your business is privacy and this is whom you sold out to
I left PIA for ExpressVPN once I got the news. I don’t feel comfortable with the new owner or even a buyout from a saint.
These kind of things will surely happen more often. Simply because it’s the clash of concepts, of how people treat internet network. The majority of finances are of course in companies that damaged internet . So they tend to dominate and companies concerned with privacy are such small islands on the web, with comparably less economic power. There is a little hope that the more people get to know how their privacy is damaged, the more chance is to educate people and spread the free alternatives. This website is one of the few that fights for that goal.
You are right. One way that can help is that when you read anything online regarding security or privacy, link to this site or the others.
This acquisition of PIA is really sad for the privacy industry. Unfortunately, it seems to be a funding problem/issue leading to this deal with Kape/Crossrider. It is more problematic than it appears because PIA is/was a sponsor for so many privacy/open source initiatives that made me think it would lead to series of similar real privacy firms acquisitions particularly by big companies with questionable reputation. I am not going to be surprised if next on the line is a reputal privacy & security email provider. At the end of the day, businesses are money-driven activities and without a good self-sustaining plan for making profits leads to the outcome of PIA/StartPage/Wire.
While we don’t know for sure, I don’t think Startpage was in debt. They claim to have been profitable for years. Their big problem was lack of market share, not debt. They probably could have kept going indefinitely, provided Google didn’t let their contract expire.
But their user base was small compared to other private search providers. DuckDuckGo, which started years later than Startpage, took venture capital money. They used some of that money to pay Apple to be listed as a search engine in Safari for iOS, which caused their user base to skyrocket past Startpage. DDG got to where it is by selling stock to venture capital investors. It seems that’s what Startpage was doing with System1.
Qwant grew by taking venture capital investments AND partnering with the French government. They have probably also used venture money to pay Mozilla and Google to be listed in Firefox and Chrome. So Startpage is doing nothing that others in this space haven’t already done. And by the way, both DuckDuckGo and Qwant are still listed on https://restoreprivacy.com/private-search-engine/
As for PIA, they probably were always planning on a buyout. Now that we know they had over $30 million in debt, and were paying for all those sponsorships with money they didn’t have in order to get more users, it seems that selling the company was always the plan. It’s classic Silicon Valley: run a business that constantly loses money by borrowing, get a bunch of customers, then sell the company before it collapses so the owners become millionaires.
Lots of useful information here directly in the public investment disclosures of Kape:
https://investors.kape.com/~/media/Files/K/Kape-IR/reports-and-presentations/2019/pop-ir-presentation.pdf
https://investors.kape.com/~/media/Files/K/Kape-IR/reports-and-presentations/2019/project-pop-nov-2019.pdf
Hi
very bad and worst Vpns : cyber ghost ,Pia , wind scribe , Zen mate , Speedify very be careful for using them , always use AUDITED and PROVEN vpn services
in during they are !! We never know about future !!!
Finally do it for yourself , for better life , for better privacy , for better security .
good luck nice moments .
This isn’t really the same as Startpage, and describing Startpage as being “acquired” is inaccurate. Taking on a substantial investor (which is what Startpage did) is not the same as being wholly bought out (what PIA did). The former has a lot of leeway in how the contracts allow the company to function; in the latter, the parent company is 100% in control.
It’s true that in some sense there has been a lot of hysteria over PIA, but considering who the new owner is it’s not unjustified. PIA was in serious debt due to undercutting other VPNs on price for so long and they probably needed a sale to get bailed out. It makes sense, and it would be wrong to oppose that across the board. Plus, an acquiring company could have added a lot of value. It just so happens that PIA unfortunately is selling to one of the shadiest companies in the business. I don’t think they did this deliberately to “sell out,” but nevertheless they did choose to sell to Kape knowing it would upset consumers and that they would lose business.
How many customers have they lost? It’s impossible to say, but if you figure every forum post/comment probably represents at minimum hundreds of other people who feel the same way and didn’t comment, then across all these forums and articles we might conclude PIA is losing at least tens of thousands of customers (including those who will run out their subscriptions). Enough to destroy their company? Highly unlikely. But enough to hurt their sales and make the acquisition go less smoothly than planned.
Will Kape preserve PIA’s historical reliability and reputation? Maybe. There’s a big market for privacy, so maybe things will continue the way they have. Maybe Kape really does just want to capitalize on the growing market for privacy and rebrand after their prior shenanigans.
But for me, this was the last straw. I’ve been irritated for some time by PIA’s sanctimonious politicizing and lecturing about their view of the world. And when I read Andrew Lee’s announcement post of the sale, it was one of the most ridiculous, self-praising pieces of PR garbage I’ve ever seen from a company. But I don’t think he was lying; I think he is so deluded he actually believes it.
There’s too many other good options out there to wait around and see how it plays out with PIA. For me, I switched to Mullvad and despite a few quirks it’s fantastic. Their Wireguard deployment is amazing and far better than anything I’ve ever gotten after years of PIA. The fact that recently Mozilla announced they are partnering with Mullvad to use their servers as Firefox VPN indicates that Mullvad was a good choice.
Hello Derek,
[This isn’t really the same as Startpage, and describing Startpage as being “acquired” is inaccurate. Taking on a substantial investor (which is what Startpage did) is not the same as being wholly bought out (what PIA did).
The former has a lot of leeway in how the contracts allow the company to function; in the latter, the parent company is 100% in control.]
Ok, I’ll agree in this as who really knows if the startpage CEO Robert Beens
OR “Startpage BV, a Dutch inc.” controlled the investment talks with Privacy One / System1 – as their money’s influence did most of the talking really.
I say there’s at least two views of the coin to see and when flipped fallen to the ground by gravity what side shows face up.
You can only say No for so long till the money hit’s your mark or the deals to good to pass up. We’ll never know and can’t even guess what’s next to keep our interests in this snafu on users privacy.
Two strong enough opposites can cancel out each others driving force to a neutral state.
That’s what people understand strong opposites do as opposing each other – not in an attraction to get unionize.
For a union as this (the former) in point must get consumed to a lesser roll than of master supreme overall ~ under agreed terms to a sub tier ranks position in the company as of an after effect. A real question here is who consumed the other or magnetized it’s mission to their forces directives.
Any of the deals contracts terms and/or clauses of these specific details need relayed to the users base as what they say it is ~ is what it is by proof given… It’s moved far from trust for many users, I was since ixquick days.
If their not going to make it public those parts of the contracts intents of purpose, giving relieve or resolve of these situations apparent issues causing alarm to their users, to them and this class of software and services gearing down to strict standards of user privacy from their side of the coin.
How can anyone find a continuing faith to carry on using them?????????
Especially when it’s of business niches as VPNs and there’s talks of substantial investors, buyouts, mergers, takeovers, restructuring and seizures. The using base has a right to know for being loyal to a point, in where the companies actions now causes these questions and firm attentions to answers.
All these causing the original TOS and PP to change most often as a case when your former % of ownership shrinks where their not in line to the ruling % directives…
Who’s to say or know that startpage investors purpose wasn’t to keep the team on as the forefront still in the public’s view to appear as normal.
While then appearance wise acting as a facade or storefront in what purpose ?
They’ve made the business a guess game for users privacy where it wasn’t as such before.
Greetings
> “This isn’t really the same as Startpage, and describing Startpage as being “acquired” is inaccurate.”
Good point, because we don’t know exactly how much System1 acquired and they have not disclosed exact numbers. But we do know it was enough to land the System1 co-founder and an outside investor on the board of directors for Startpage’s parent company, which they waited many months to disclose.
Dear Sven,
Thanks, as always, for the stellar quality output from this site. I was on edge waiting for your newest release, and it looks as though you’re back to cracking open exposés the world over! On the subject, I’ve been wondering as to your thoughts (and maybe yours too, @HardSell, along with anyone else willing) on this trend of privacy services being gobbled up by corporations. I ran with Startpage for a good while, more than most people, before the news aired of its purchase. Luckily, I never touched PIA, but there are doubtless people who are in a position like mine after the Startpage scandal.
Basically, do you see this as a growing problem? Do you think that the privacy market, which ironically is large enough to attract the usual fraud of corporate lollygagging, is doomed? I’m all for decentralized applications — I run Freenet, Retroshare, use only federated social media, and so on. The idea seems to have yet to catch on, but it could possibly help to stem the issue. I’m just worried considering that it seems every week brings to light a new cave-in to financial pressure. Thanks for covering the real issues.
Sincerely,
Anonymous
Yeah, it’s a trend we’ve been seeing, but there’s a solution: for people to “vote with their dollars”. Support the businesses and companies that align with your beliefs, while boycotting and raising awareness about the bad actors. If enough people did that, it’d make a huge difference.
I would also add in that for many, it is important to support the companies that are doing it right…as you can. Support can come in a multiple forms: I do pay for my VPN and Mail service now that I am in a position where I can. However, lending advice as we see it on the ground is another good way to help.
I just sent an email to my VPN provider and told them about this site as well as some suggestions that I think they could do to help strengthen themselves. I will see if they do that. I am sure it will be reported here as well.
I’d looked at PIA throughout the years but never tried it.
I did run with CyberGhost before it was bought.
About 4 years ago I tagged up with VPN.ac and loved much about it’s style.
But I do recall getting infected with this guys malware way before 2017.
NO WAY TO SAY IT CLEARER THAN – STAY AWAY…
PS: Sven please we need you to sometime look at users Privacy of these security certificates that are getting installed to device systems.
With apps and software/firmware installs, and usually are left on the devices OS after it’s parent was uninstalled.
Do these old leftover security certificates pose any dangers in the devices security, of which could put your privacy at risk in being leaked ???
Can a device be compromised by malware using an old security certificate in some way ???
What about the ones in your browser, as such was the case with IE 11.
Years after uninstalling cyberghost VPN and updating my version of ie11 a few times.
I was finding a huge amount of cyberghost security certificates in Internet options>content>certificates in the header tabs to the boxes that displays to see your certificates. That where cyberghost still lived many years after it uninstall.
Sven is there a place in Win OS where you can see all of these security certificates in one place ??? Or are they compartmentalized somewhat as was with the browser certificates.
Thank you greatly any way you go.
Hey HardSell, interesting, I haven’t yet researched this issue.
Yes it is, and it seems compartmentalized within windows (called – Stores) from the links I’ve added. This with a very brief scanning over, looks like it for developers making software products for the windows platform and info they’d want.
*It gives me the ideal that it’s not going to be simple as to open a folder – find a certificate expired and click to delete it.
Wonder, if I can find and install a certificate tool that doesn’t let me work directly from the command prompt or command-line.
But from it’s programs GUI and it then accesses that system level from it running processes.
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/local-machine-and-current-user-certificate-stores
– Local machine certificate store
– Current user certificate store
https://docs.microsoft.com/en-us/windows/win32/seccrypto/system-store-locations
– System Store Locations
https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/certmgr
– CertMgr (Certmgr.exe) is a command-line CryptoAPI tool that manages certificates, certificate trust lists (CTLs), and certificate revocation lists (CRLs).
– – Will update here if and when I find such a Certificate Tool to remove old and uninstalled software/drivers security certificates leftover.
Thanks
I have really grown to appreciate the site and work you put into it. Thanks Sven.
And dont forget Windscribe vpn
https://www.reddit.com/r/Windscribe/comments/e6m0te/windscribe_keep_logs_everything/
I fully disagree with you. Please check their last review here:
https://restoreprivacy.com/windscribe/
Also, it is useful to understand their no-logging policy. They keep only bandwidth on a monthly rolling bases and a timestamp of last activity mainly because they offer freemium accounts (10 GB per month free plans). Please read here:
https://blog.windscribe.com/windscribe-logging-explained-in-detail-387ad63f646
Last but not least, Windscribe is very transparent on those issues. Here you could check:
https://windscribe.com/transparency