UPDATE September 2021:
Kape continued his acquisition spree and bought ExpressVPN. We have a new more detailed article on the situation here:
Kape Technologies (formerly Crossrider) now owns ExpressVPN, CyberGhost, Private Internet Access, Zenmate, and a collection of VPN "review" sites
Kape Technologies, a relatively unknown name, has announced plans to acquire Private Internet Access, one of the most well-known names in the VPN industry. Kape Technologies was formerly called Crossrider, and the name "Crossrider" is often associated with malware and adware, as we'll see later.
Many speculations and questions have arisen since this news was released. With the merger between PIA and Kape, many VPN users are wondering whether now is the time to jump ship or trust that all will be well.
In this article, we're going to put Kape and Private Internet Access under the microscope and show you exactly why people are alarmed.
Kape Technologies Acquires Private Internet Access, Plans Another Name Change
On November 19, 2019, Kape Technologies officially announced its plan to acquire Private Internet Access.
Kape Technologies is pleased to announce the transformative acquisition of Private Internet Access (PIA), a leading US-based digital privacy company. This acquisition will significantly increase the company's presence in North America anddoubles its existing user base to over 2 million paying customerswith a truly global brand.
This catapults Kape to become the privacy company of choice for consumers, paving the way to dominate the fast-growing digital privacy space, already valued at $24 billion in 2019 and expected to grow by 50% by 2022. with the Breach Level Index, in the first half of 2018, more than 25 million records were compromised every day, which equates to 291 records per second. As technology develops and more and more data is shared online, the need for online protection increases exponentially.
This all sounds good on the surface, and there really is a need totrusted privacy tools. As we discussed before, thecybersecurity statistics and trendsthey are becoming more alarming with each passing year.
But this acquisition also raises some interesting questions:
- What is the history of Kape Technologies?
- Is Kape Trusted to Protect Your Privacy Online?
- Why do many longtime PIA customers freak out and cancel their subscriptions?
Kape plans to change name (again)
While most acquisitions are designed to boost the parent company's name, in this case, Kape Technologies apparently plans to drop its own name. Kape will adopt the name "Private Internet" as the parent company of Private Internet Access. That would mark thesecond time that kape(ex-Crossrider) haschanged namein the last years.
Why would Kape submitanother name change? (We'll answer that below.)
Kape Technologies also owns CyberGhost and Zenmate
This latest acquisition marks another trend we've seen develop over the years:VPN market consolidation. But this isn't the first time Kape Technologies has been involved in a VPN acquisition. Before changing its name to Kape Technologies, the company was calledcrossrider– and was buying VPN.
Prior to 2017, Crossrider was not in the VPN business, but created a browser development platform (we'll cover that below). However, in March 2017, Crossrider purchasedVPN ciberfantasmafor around $10 million on a pivot to break into the VPN and security industry.
Despite being bought by an Israeli company, CyberGhost says that it is still a Romanian VPN provider under the jurisdiction of Romania.
Then, in 2018, Crossrider bought another VPN service, Zenmate. According toedison, Crossrider paid €4.8 million for Zenmate, a Berlin-based VPN provider.
With the latest acquisition ofprivate internet access,Cafeteriais the parent company ofthree different VPN services.
This is the consolidation of the VPN industry as smaller companies are bought out by the big players.
Now let's take a closer look at Kape Technologies.
Crossrider (Kape) is often associated with malware and adware
Before changing its name to Kape Technologies in 2018, the company was called Crossrider.
If you take a minute to research Crossrider, you'll see that it's a company often mentioned with malware and adware. There are many different articles about Crossrider malware andadware, asthis Malwarebytes article:
Crossrider offers a highly configurable method for its customers to monetize their software. the usualThe method of infecting end users is software bundling.. Installers often usebrowser hijacking. Targeted browsers are Internet Explorer, Firefox, Chrome, and sometimes Opera. Crossrider doesn't just target Windows machines, but Macs as well.
Installations of PUP.Optional.Crossrider are usually triggered by packages offering software you might be interested in andcombine them with adware or other monetization methods.
According to Malwarebytes and many other security websites, Crossrider (the development platform) was used to infect devices with malware.
OfSymantec:
risk impact: alto
affected systems: windows
Behavior
Adware.Crossid is a security risk that displays advertisements on certain social networking sites and web browsers.
Another article from 2018 byMalwarebytesdescribes how Crossrider was infecting computers withfake adobe flash updates:
A new variant of Crossrider adware has been detected which is infecting Mac in a unique way. For the most part, this variant is still pretty common and does some of the same things we've seen in Mac adware for years. However, using a configuration profile introduces a unique new method of maintaining persistence.
…This new Crossrider variant doesn't look like much at first glance. It's yet another fake Adobe Flash Player installer, similar to the thousands of others we've seen over the years...
The main question is why Crossrider is associated with malware and adware. We cover this in a new article that examines theCrossrider history and business. Eventually, we found out that Crossrider created a development platform that was also used by major ad-injectors.
Who is behind Crossrider and Kape Technologies?
One of the biggest investors behind Crossrider and Kape Technologies is Israeli billionaire Teddy Sagi. In fact, someoutletsrefer to the company as "Teddy Sagi's Kape" when discussing the latest PIA merger news.
You can read about Teddy Sagi atWikipedia; it has an interesting history.
Forbes wrote ainteresting article(filed) which discusses Crossrider, Sagi, and the company's ties to the Israeli intelligence community.
The Forbes article had the following to say about Sagi and Crossrider:
A large number of companies are affiliated with ad injectors, bundling their tools or funneling ads to them. One of the biggest is Crossrider, whose majority stake is owned by billionaireTeddy bear, a serial entrepreneur and ex-convict who was arrested for insider trading in the 1990s. His biggest money maker to date is gambling software developer Playtech. Co-founder and CEO Koby Menachemi was part of Unit 8200, where he was a developer for three years.
So what is Unit 8200?
Forbes explains this connection this way:
What has gone unnoticed, until now, is that most of the investigated organizations involved in this potentially dangerous business are headquartered in Israel. They also have ties to the country's military and its main signals intelligence agency, the Israeli equivalent of the NSA or GCHQ:unit 8200, who works for the Israel Defense Forces (IDF).
Crossrider's co-founder and CEO was Koby Menachemi, who was also part of Unit 8200, as seen in hisLinkedIn archived page.
But I'm not the first (or only) person to point these things out. The news seems to have spread, withother articles(filed) pointing these same references to ties.
You can read more aboutunit 8200 here.
And these developments seem to be worrying many PIA users.
2021 update
we learn in ourcrossrider investigationthat almost thethe entire Crossrider team and leadershiperafiredwhen the company shut down its development platform and entered the security/VPN industry.
Why another name change?
As mentioned above, this latest decision will be the second time in recent years that the company changes its name:
Crossrider > Kape Technologies > Private Internet (planned)
So why does this company keep changing its name?
Responder: Distance yourself from past controversies and activities.
as CEOadmitted here, the name change was an attempt to distance Kape from the controversial "past activities":
The decision to change the company's name, explains Erlichman, was due to thestrong association with past activitiesof the company, as well as the need to improve the consumer-facing brand for the business.
CyberGhost also admitted in ablog postthat Crossrider was an "ad tech" company that did the "opposite" of what CyberGhost does (privacy and security):
While CyberGhost was focused on privacy and security from day one, Crossrider started out as a company that distributed browser extensions and developed ad tech products.the complete opposite of what we did.
This latest name change appears to serve two purposes:
- This further distances the company (Kape/Crossrider) from its past.
- It changes its company name to focus on "privacy" now that it has three different VPNs.
Some PIA Users Are Going Crazy
While I'm not sure if this trend is representative of a large percentage or rather a vocal minority, there are clearly some angry PIA users unsubscribing. Several forums lit up with conversations about Crossrider, Kape, malware and links to overseas intelligence operations.
When asked why everyone is skeptical of PIA after the Kape merger, one reddit user put it succinctly this way.
The alarm among Private Internet Access users was apparently enough for PIA to go into damage control mode. They published a reddit post to try to allay fears and mitigate the cancellations.
So now let's get to the million dollar question.
Is PIA safe and reliable after merging with Kape?
Short answer: you decide.
With Private Internet Access merging with Kape and keeping the "Private Internet" name for the parent company, there's a lot to consider. Ultimately, only you can decide whether PIA is still an appropriate privacy tool to trust for your unique threat model and needs.
Until that point, Private Internet Access had a very good track record. It is one of the few verified no-logs VPN providers, having been tested in two separate court cases and found to have no logs. But it is also a VPN that operates in the United States, afive eye surveillancecountry with bad privacy laws.
Now, fast forward to today, and the good track record might not be enough for some people.
One of the great attractions of PIA is that it is a battle-tested VPN that has been shown not to keep records in court. On a positive note, there are a few otherno-logs tested vpn providers, some of which have passed third-party audits.
It is also a cheap VPN service with very reasonable prices. But then again, there are many others.vpn baratoin the market. Lastly, ourbest vpn listincludes other recommendations as well.
At the end of the day, only you can decide whatprivacy toolsthey are safe and effective for your specific needs.
Finally, if the news about PIA's merger with Kape Technologies has you uneasy, there are plenty of other VPNs to consider.