Cyberghost VPN Review

CyberGhost is a larger VPN service that you’ll often see recommended on various “review” websites. But don’t be fooled by fake reviews that only regurgitate marketing slogans.

Most of these “review” websites ignore the fact that CyberGhost, Private Internet Access, and ZenMate are all owned by the same company, called Kape. Kape is an Israeli business with a history of infecting devices with malware hidden in software bundles.

Aside from examining the questionable track record, in this CyberGhost review we will also publish all test results to see if this VPN is worth your attention.

After covering the pros and cons, we will examine these frequently-asked questions (FAQs) and discuss a few CyberGhost alternatives.

And as with all of my VPN reviews, I begin by thoroughly researching the parent company and the history of the VPN service.

In the case of CyberGhost VPN, this research revealed some very interesting issues, which is where we will start.

Who owns CyberGhost? Kape Technologies (formerly Crossrider)

Officially, CyberGhost operates under the company CyberGhost S.A. in Bucharest, Romania. That being said, there’s an interesting history with the ownership of the company and outside investors.

CyberGhost was previously owned by Robert Knapp – a German tech entrepreneur – and based/operated out of Romania. However, that has all changed since Knapp sold CyberGhost VPN to outside investors.

In 2017, CyberGhost was acquired by an Israeli company called Crossrider for €9.2 million.

Crossrider changed its name to “Kape Technologies” in 2018 – for reasons that we’ll explain below.

Then in October 2018, Kape purchased Zenmate, a German VPN provider, for an undisclosed amount. Later, in December 2019, Kape acquired Private Internet Access. This lines up with the trend we’ve observed of VPNs getting bought up by outside investors.

Now here’s where things get interesting…

Troubling ties: Crossrider, CyberGhost, and malware

When you research the company Crossrider, you find numerous articles about Crossrider malware and adware, such as this article from Malwarebytes:

Crossrider offers a highly configurable method for its clients to monetize their software. The common method to infect end-users is software bundlers. The installers usually resort to browser hijacking. Targeted browsers are Internet Explorer, Firefox, Chrome, and sometimes Opera. Crossrider not only targets Windows machines but Macs as well.

PUP.Optional.Crossrider installs are typically triggered by bundlers that offer software you might be interested in and combine them with adware or other monetizing methods.

According to Malwarebytes and many other reputable online security websites, Crossrider was hiding malware in software bundlers, which would then infect the user’s computer with “adware or other monetizing methods”.

Now let’s look at an example. This article from 2018 illustrates how Crossrider malware was infecting computers through fake Adobe Flash updates:

A new variant of the Crossrider adware has been spotted that is infecting Macs in a unique way. For the most part, this variant is still quite ordinary, doing some of the same old things that we’ve been seeing for years in Mac adware. However, the use of a configuration profile introduces a unique new method for maintaining persistence.

…This new Crossrider variant doesn’t look like much on the surface. It’s yet another fake Adobe Flash Player installer, looking like the thousands of others we’ve seen over the years….

Is this a company you’d trust to run your VPN service and handle all your internet traffic?

With such a troubling history, it appears that the parent company attempted to distance itself from its own past. In 2018, Crossrider decided to change its name to Kape Technologies.

As the CEO admitted here, the name change was an attempt to distance Kape from shady “past activities”:

The decision to rename the company, explains Erlichman was due to the strong association to the past activities of the company as well as the need to enhance the consumer facing brand for the business.

CyberGhost even hinted at this ironic conflict of interest in their blog post:

While CyberGhost focused on privacy and security from day one, Crossrider started out as a company that distributed browser extensions and developed ad tech products. Quite the opposite of what we did.

This is concerning since a VPN can be a data collection tool in disguise. I discuss this in my Hotspot Shield review, a VPN that was found to be embedding tracking libraries in its VPN apps.

Crossrider describes itself as an “online distribution and digital product company” and appears to be heavily focused on advertising and data collection (the two go hand-in-hand). There isn’t much discussion about Crossrider on the CyberGhost website, other than the Terms and Conditions page.

Reading through the Terms and Conditions, I did find this excerpt:

You understand that CyberGhost undertakes no responsibility for your actions. In case of statutory violations by the user, Crossrider may cooperate with public or private authorities at its sole discretion as provided by law.

This is “lawyer speak” for saying that the parent company can and will cooperate with third parties when it deems necessary.

To summarize these findings:

• Cyberghost started out as a VPN provider based in Romania
• Cyberghost’s owner sold out to an Israeli company called Crossrider in 2017
• Crossrider is known for hiding malware/adware in software bundles to infect users’ computers for data collection and monetization purposes (according to various security experts)
• Crossrider changed its name to “Kape Technologies” in 2018
• CyberGhost’s privacy policy explicitly states the company will cooperate with third parties “at its sole discretion”
• Crossrider malware is still a threat and infecting computers, according to different security blogs

This isn’t the first time we’ve seen VPNs and malware discussed together. Malware is often hidden in free VPN services to collect your data, which is then sold by the parent company.

The most recent development with all of this is that Private Internet Access (PIA) has been added to the portfolio of Kape. As we noted in our Private Internet Access review, PIA was acquired in December 2019.

Ultimately, choosing a good VPN all comes down to trust, which is a subjective topic that only you can decide. So now let’s examine the VPN itself.

CyberGhost price and refund policy

The cheapest that you can get CyberGhost for right now is $2.75 per month, but you’ll have to purchase the three-year plan. Monthly plans will be significantly more money at $12.99 per month, as you can see below.

This is on the lower end of the price spectrum, particularly for the longer-duration plans. This makes CyberGhost one of many cheap VPN providers. But you often get what you pay for with VPN services.

The key question with pricing is always value, or what you get for your money. I’d say there are other VPNs that offer more value with certain coupons. NordVPN is comparably priced to CyberGhost, and they also offer a NordVPN coupon for more savings. (Check out the Cyberghost vs NordVPN comparison for more info.)

Refund policy – CyberGhost offers two different refund windows, depending on the subscription plan you choose:

• 45 day refund window for all plans that are 6 months or longer.
• 14 day refund window for monthly plans.

This is a pretty good refund policy, and it is apparently “no questions asked” – so they don’t require troubleshooting before the refund is issued. For this CyberGhost review I purchased a one-month subscription via Bitcoin. Getting a refund was not very difficult.

CyberGhost VPN apps

CyberGhost offers dedicated VPN apps for:

• Windows
• Mac OS
• Android
• iOS

Additionally, CyberGhost offers support for Linux, routers, NAS, and Chromebooks. However, without a dedicated Linux app, it’s not the best VPN for Linux you will find.

We’ll take a closer look at the Windows app below to see how it performed in real-world testing.

CyberGhost encryption and VPN protocols

CyberGhost currently supports three VPN protocols in the desktop and mobile VPN apps: OpenVPN, IKEv2, and WireGuard. For encryption, they use an AES 256-bit cipher with a 4096-bit RSA key and SHA256 for authentication with the OpenVPN and IKEv2 protocols. With the WireGuard protocol, CyberGhost uses the ChaCha20 cipher.

CyberGhost now supports WireGuard

CyberGhost also now supports the WireGuard VPN protocol. This protocol usually offers faster speeds and better reliability over legacy VPN protocols. For example, in our OpenVPN vs WireGuard tests, we found WireGuard to significantly outperform OpenVPN with all locations. With CyberGhost, you can use WireGuard with the desktop and mobile apps. You can change VPN protocols in the settings area of the CyberGhost VPN apps:

As you will see below, however, speeds with CyberGhost were not very good, even when using the WireGuard protocol.

CyberGhost VPN servers (overloaded)

According to the CyberGhost website, they offer about 6,700 servers in 89 countries. This is about on par with ExpressVPN, which we noted in the ExpressVPN vs CyberGhost comparison report. When testing out the CyberGhost VPN apps, I noticed that many servers were overloaded with users. This may explain why speeds were so slow.

In the screenshot below, you can see that many CyberGhost UK servers were overloaded, between 75% to 100% + capacity. And when servers are overloaded, performance suffers and things online take longer.

If you need a VPN for the UK, or a UK VPN server, CyberGhost probably isn’t the best choice.

CyberGhost servers in Europe seemed to be more congested than servers in the US.

CyberGhost VPN Windows test results

For this CyberGhost review, I tested out the New CyberGhost version 8 app on a Windows 10 machine. The app has a minimized design that sits in the bottom-right cover of the desktop, just above the tray. Unlike with previous version, the client can now be moved if you don’t want it stuck above the desktop tray. Here’s the CyberGhost Windows app that we tested for this review:

While minimized, it doesn’t take up too much space. To adjust settings or change servers, you need to click the arrow pointing left, which will expand the app. Unfortunately, the expanded VPN client takes up an enormous amount of space on your desktop. I found this design to be clunky and inefficient. Here is the full layout of the CyberGhost VPN app, which takes up most of the desktop space:

When selecting different servers, you can see that CyberGhost categorizes servers for different use cases. This may be useful in certain cases, such as when using the VPN for torrenting, streaming, gaming, or with a dedicated IP. While some people want a VPN with a dedicated IP, there are drawbacks to this as your traffic is not getting mixed with other users (such as with shared IPs).

Overall, I liked the general design when the apps are minimized. However, when changing settings or switching the servers, the apps are quite clunky and take up lots of space. Therefore I would not consider this to be the best VPN for PC.

CyberGhost is slow to establish VPN connections

Another problem that I had when testing CyberGhost is that it could be really slow to establish connections. This wasn’t always the case, but in many instances, it could take several seconds to connect to a VPN server.

Normally, the WireGuard VPN protocol would solve this problem, since WireGuard has been designed to quickly establish connections (the handshake). And we have even noted this in testing out other VPNs with WireGuard, including NordVPN and Surfshark.

With CyberGhost, however, we found that it was very slow to establish connections, regardless of which VPN protocol we were using. You’d see a “Connecting” notification that would continue for several seconds:

The problems with CyberGhost not connecting seemed to occur randomly. Changing the VPN protocols did not seem to make much difference. I’m not sure exactly what was causing these issues, and support was not able to help much, either.

CyberGhost leak protection settings and kill switch

On a positive note, the new CyberGhost version 8 VPN client offers some good leak protection settings and a functioning kill switch to block VPN traffic if the connection drops. If you are in the CyberGhost Windows client, you can click the arrows on the left side to access the client settings and features.

By default, CyberGhost has the kill switch feature and DNS leak protection options enabled under the “Privacy Settings” tab:

With the kill switch and DNS leak protection settings enabled, I ran some basic VPN tests. These are to check for any data leaks with the VPN apps.

Here were the test results with the Windows VPN client (no leaks):

Similarly, I also tested the CyberGhost Mac OS VPN client and did not find any leaks. The kill switch and leak protection settings seem to be working well.

CyberGhost ad blocking feature

CyberGhost offers an ad-blocking feature, but there are some problems with this VPN ad blocker.

You can find the ad blocker feature under the Privacy Settings in the VPN client. It is an option called “Block content” to block domains for ads, trackers, and malware, as you can see below:

I took a close look at this feature and even tested it out in comparison to other VPN ad blockers. The results were not good. Here’s what I noted about CyberGhost in my guide on different VPN ad blockers:

CyberGhost is an interesting case, but not in a good way. Instead of filtering ads and malicious content via DNS requests, they actually look inside the traffic and modify requests to certain domains so they display content from Cyberghost instead.

This is problematic for a few reasons. First, manipulating traffic is something a trustworthy VPN provider should not do – even with good intentions. Secondly, this only works over http since https connections are encrypted and Cyberghost cannot (easily) access that content.

With the CyberGhost version tested for this article, there is no root certificate being installed. But because they are still using the same methods to filter traffic, that means their “ad blocker” does not effectively work on HTTPS websites. Basically, CyberGhost’s ad blocker is barely working, especially since it will be ineffective on all HTTPS websites.

If you want a good VPN ad blocker, there are some better options to consider. I’d recommend checking out other options, such as in the NordVPN review.

CyberGhost VPN speed test results (slow)

For this updated CyberGhost review, I ran all new speed tests with servers in the United States and also the United Kingdom. All tests were conducted on a 500 Mbps baseline connection using the official CyberGhost VPN client.

Note: To test CyberGhost with the fastest speeds possible, I used the WireGuard VPN protocol.

First, I tested servers in the United States. Here was a CyberGhost server in Seattle at about 12 Mbps.

This is really bad when you consider that my baseline speed is 500 Mbps. Most VPNs can easily get over 100 Mbps, some can even get over 400 Mbps. This isn’t a good start to the speed tests.

Next I tested a CyberGhost server in Los Angeles, and the speeds were slightly better at 32 Mbps.

This is another slow speed test result from CyberGhost VPN.

The last CyberGhost VPN server I tested in the United States was the New York location. It gave me download speeds of 46 Mbps.

Ok, so we’re not looking good with US servers. And with 46 Mbps being the fastest speed test result, I’m starting to think CyberGhost is just a slow VPN. Maybe servers in the UK are faster?

For my final CyberGhost VPN speed test, I connected to a server in the UK. The results were dismal at around 6 Mbps.

At 6 Mbps, it’s clear that CyberGhost is not the best VPN for the UK if you value performance.

I’m not sure you can reliably stream video with speeds like this. Even the Tor network is faster (see the VPN vs Tor tests).

To summarize these tests, CyberGhost is not the fastest VPN we have tested. In fact, it’s far below the industry average. One factor affecting speeds is server loads. And as we noted above, many of CyberGhost’s servers are loaded with users, which can slow down performance for all users.

Comparison speed tests with NordVPN

To put the CyberGhost speed tests in comparison, let’s take a quick look at NordVPN. Like CyberGhost, NordVPN also uses the WireGuard VPN protocol. Unlike CyberGhost, however, NordVPN is seriously fast. Above we found the CyberGhost server in Seattle to have download speeds of about 12 Mbps. Here is the NordVPN server in Seattle with download speeds of 445 Mbps:

If you want to see how these VPNs compare in different categories, check out our CyberGhost vs NordVPN comparison guide.

Invasive tracking on the CyberGhost website

Although nearly every VPN service runs Google Analytics to track the effectiveness of their Google ads (which can be important for acquiring customers), some VPNs go overboard with tracking.

Unfortunately, CyberGhost falls into the second category, and I’ve pointed this out before. Here’s what I found when visiting CyberGhost’s website: a whole mess of trackers and third-party cookies.

This lines up with previous CyberGhost reviews and trackers I found. Not long ago, I found CyberGhost to be utilizing Hotjar session recording scripts on their website. These session recording scripts literally record every interaction you have with the website in a video, which can include payment details and credit card info, and this data is stored on third-party servers.

To be fair, nearly all VPNs have some basic tracking and analytics on their websites, which usually includes Google Analytics. Running a website without any analytics doesn’t work well, because you have no idea what to improve and fix for your readers. Unfortunately, CyberGhost goes a bit overboard here.

Testing out CyberGhost support

For support, CyberGhost offers chat, email, and various guides on their website.

I tested out the chat support and it seemed alright.

The chat representatives were prompt and helpful in my tests.

CyberGhost offers 24/7 live chat and I was able to connect with a chat representative in under 30 seconds every time I tested it out. I did not test out the email support, but I did find some helpful guides on the website.

Does CyberGhost work for torrenting?

Officially, CyberGhost is a torrenting-friendly VPN service. They are based in Romania, which does not fall under any stringent copyright laws (unlike the United States and DMCA, for example). Many VPNs also restrict torrenting, as we noted in the TunnelBear review.

Regarding their torrenting policy, CyberGhost explains this on their website:

We also have servers optimized for torrenting ensuring a smooth and seamless torrenting experience.

Torrent through a secure encrypted VPN tunnel and leave any surveillance worries behind. Say goodbye to any throttling from your Internet Service Provider and unblock restricted torrent domains!

Within the CyberGhost VPN client, you can select any of these torrenting servers. That being said, not all servers work with torrenting and P2P traffic:

None of the current P2P technologies are illegal per definition, but we have to block P2P protocols on certain servers, either due to strategic (this is traffic that unnecessary slows down other user’s traffic) or due to legal reasons in countries where we are forced by providers to block torrent traffic, among them USA, Russia, Singapore, Australia and Hongkong (China).

In the list of servers you will find a check mark on P2P/Torrent compatible servers.

There are many good VPNs for torrenting that allow torrenting traffic on every server in their network. So we can see that CyberGhost is somewhat limited in this regard. Another drawback with using CyberGhost for torrenting is the slow speeds.

CyberGhost logs

On the homepage, CyberGhost claims to be a “no logs” VPN provider with a “strict no logs policy”.

Here you can see their claims:

But this is not really accurate.

The CyberGhost privacy policy explains how some connection logs are being recorded.

Additionally, when you log in to your account, you can see that the devices you use with CyberGhost are being logged. Here’s a screenshot from my test account, showing that two of my devices are being logged:

Based on this information, it is clear that there are some connection logs being maintained. Many VPNs maintain some basic data to enforce the connection policy. CyberGhost, however, goes so far as to log the devices you use and then save this under your account info — all while claiming to be “no logs”.

If you want to see alternatives, there are some good VPNs with no logs that have been verified in real life.

Does CyberGhost work with Netflix?

CyberGhost has generally not worked well with unblocking Netflix. While they always claim to work with Netflix, many of their streaming servers are blocked and unable to get through to Netflix and other sites.

Here’s a previous example of CyberGhost’s streaming server getting blocked out by Netflix:

With the latest round of tests, however, I found one CyberGhost server to get through to US Netflix. Overall, it seems that CyberGhost is hit or miss with streaming. It’s not the best Netflix VPN, but it does offer some dedicated streaming servers.

Aside from Netflix, CyberGhost does have a few other servers for different streaming channels around the world. For example, they also have a server if you need a VPN for BBC iPlayer.

Firestick streaming – Streaming on a Firestick with a VPN is increasingly popular, especially since a VPN will unlock more streaming channels for you. Fortunately, CyberGhost does offer an app in the Amazon Store for Firestick. This makes it easier, but there are still the performance issues that may result in buffering and playback issues.

Does CyberGhost work in China?

Because I am not physically in China, I cannot test VPNs there. Nonetheless, I posed the question to CyberGhost staff.

The answer is no. CyberGhost does not work in China.

A few years back, Robert Knapp was interviewed by CNN and he voiced frustration with trying to make CyberGhost work in China. It seems they are not even working on that today.

If you are in China or going to China, not to worry. There are still some VPNs that work in China.

Does CyberGhost work for gaming?

When selecting the best VPN for gaming, you’ll want to look for these characteristics:

• Fast speeds
• Low latency (ping)
• Large server network

While CyberGhost does have a large server network, it does not do well with performance. This could really be a problem with gaming, resulting in lag and interruptions. We would not recommend CyberGhost for gaming.

CyberGhost Review Conclusion: Not Recommended

Taking everything into consideration, CyberGhost is somewhat of a mixed bag. They offer user-friendly VPN apps with secure encryption, but there are lots of drawbacks to consider before signing up for this VPN.

Here’s what keeps me from recommending CyberGhost VPN:

• Troubling history with parent company (Kape, formerly Crossrider)
• Slow to establish connections and below-average speeds
• The website uses aggressive tracking
• Broken ad blocker for HTTPS sites
• Connection logs
• Does not work well with Netflix, or in China

One recurring theme I stress here at Restore Privacy is that trust is a major factor when it comes to selecting privacy tools. This is because these tools can also be undermining your privacy and security. With the history behind the parent company (Crossrider / Kape) and the issues with root certificates, there are definitely some red flags. Of course, only you can decide which products and services to trust – and this is a subjective decision.

At the end of the day, CyberGhost still has a lot of work to do – and there are some other great alternatives you could instead consider using.

Alternatives to CyberGhost VPN

Click the VPN name below to read our full review – or grab the discount for the best savings. All three of these VPNs have a 30 day refund window.

1. NordVPN review  [68% discount + 3 Months FREE]
2. Surfshark review  [81% discount coupon]
3. ExpressVPN review

You can also check out our guide on the top-rated VPNs for other recommendations.

If you have used CyberGhost VPN, feel free to share your honest review (good or bad) below.