CNET is also available in Spanish.
Don’t show that anymore
Read more: How we look at VPNs
In CyberGhost’s first CNET review in 2019, we praised the service for its list of competitive features, but we noticed poor effects on speed testing, some disruptions with your privacy team, and, more importantly, the security check that failed due to its lack of. obfuscation technology. Its low value considering whether you had to replace the look of your online location, but not if you were looking for the most productive in its class.
Initially, I was very happy with the Romanian jurisdiction of the privacy-abiding company, located outside the U.S. intelligence exchange agreements, and its team of German developers, who seemed willing to answer giant and small questions about CyberGhost’s history and vision. To the most sensible, some of the smartest technology enthusiasts I know have learned to love service, joining CyberGhost’s unwavering base of cyberGhost fans known as “ghosts.”
Unfortunately, lately I can’t propose that you register with the Phantom Brigade, and it’s not entirely CyberGhost’s fault.
Of course, CyberGhost draws my attention to the top number of crawlers on its page and online app. And, yes, your ad blocker is almost absolutely powerless and uses an unreliable traffic manipulation approach that no VPN deserves to touch. And, of course, I have problems with CyberGhost because I don’t have the right obfuscation, which means that your web service provider can see that you are a VPN, which puts other people at risk in countries where VPNs are prohibited.
But what keeps me from recommending CyberGhost is the sordid history of your company, Kape Technologies.
Read more: CyberGhost VPN Review: Improvements to this privacy product are promising, but your parent company is concerned
For maximum confidentiality, I submit VPN providers with five Eyes outdoor jurisdiction and other foreign intelligence exchange agreements, i.e. an outdoor headquarters in the United States, the United Kingdom, Australia, New Zealand and Canada. So, initially, this turns out to be a positive sign that, if CyberGhost has offices in Germany, its headquarters are in Romania. German businessman Robert Knapp said he founded the start-up of $114,000 thanks to a low-wage workforce in Bucharest before returning it for $10.5 million in 2017.
The challenge is who he sold it to: the infamous author of a pernicious publicity, Crossrider. The UK-based company was co-founded through a former Israeli surveillance agent and a billionaire in the past convicted of insider trafficking who was later named in the Panama Papers. It has produced software that in the past allowed third-party developers to hijack users’ browsers by injecting malware, redirecting traffic to advertisers and retrieving personal data.
Crossrider was so successful that it eventually caught the attention of Google and UC Berkeley, who met the company in a 2015 conviction study. (You can read the Web Archive edition of this document).
This practice, known as manipulation of human trafficking, is condemned on a large scale on the web. And the only difference between this and one of the oldest cyberattack bureaucracies, called man-in-the-middle (MitM), is that you clicked “OK” in terms and conditions.
In a blog post that CyberGhost deleted from its website (now available in Internet archives), CyberGhost CEO Robert Knapp even noted that “while CyberGhost focused on privacy and security from day one, Crossrider started as a company that distributed browser extensions. and has evolved advertising generation products. Quite the opposite of what we’ve done.”
Crossrider replaced his call to Kape Technologies PLC in 2018, in the words of CEO Ido Erlichman, to escape “the agreement with activities beyond the company”.
The call’s replacement allegedly accompanied a complete change for Kape, as he said he was withdrawing from the malware and moving toward cybersecurity. However, in the same year, Kape continued to exploit the notorious scareware Reimage, a potentially unwanted program that positions itself as an enhancer of PC functionality, but is known to report false positives about security threats to convince him to pay his premium. a service.
And the new Crossrider-Kape mutations have given the impression on the Internet as recently as August 2019, even when other people are still jumping through obstacles to remove the old Crossrider malware.
“CyberGhost has never been to Crossrider technologies,” Beyel told CNET in June. “So I can tell you that cyberGhost is running independently right now. We have, of course, the Kape Group which, from a strategic point of view, owns CyberGhost, an independent entity. And we have our own goals and strategies, vision and also our culture.”
After buying CyberGhost, Kape bought ZenMate VPN in 2018 and, more recently, Private Internet Access, a U.S.-based VPN, to a move Erlichman said in a press would allow Kape to “aggressively expand our footprint in North America.”
Although CyberGhost can lately function as a completely independent holding company under Crossider-turn-Kape, it should be noted that in 2018, Crossrider was still indexed on CyberGhost’s terms and conditions.
“Crossrider would possibly cooperate with the public government or its own in its sole discretion, in accordance with the law,” reads the document. “(The company) will likely process and use the non-public knowledge collected for the configuration and provision of the service (connection knowledge). This includes the identity of the visitor and the time and volume of knowledge of use.”
When asked about the terms and situations in August 2019, a CyberGhost spokesman told CNET that it would discuss the matter, but that it was not transparent at the time why he called it Crossrider.
However, more troubling than Crossrider’s past based on the UK for user knowledge is that CyberGhost’s existing terms and situations (Web Archive edition here) do not seem to reveal that the company still belongs to the same (renamed) company, Kape Technologies’ Privacy Policy. Array CyberGhost indicates that CyberGhost can share your knowledge with your limited parent company.
“We would possibly disclose your non-public knowledge to any member of our corporate organization (i.e., our subsidiaries, our final controlling corporation and all of its subsidiaries) to the extent that it is mandatory for the purposes set out in this policy,” the document states. .
In addition, CyberGhost’s existing terms of service stipulate that any dispute with a visitor will be resolved in the United Kingdom.
“On the occasion of a dispute arising out of the terms of this agreement, the parties irrevocably submit to the exclusive jurisdiction of London, United Kingdom,” he says. The same clause is in ZenMate’s terms of service, which also brabably calls Kape.
In an email, I asked CyberGhost why neither its privacy policy nor its terms of service indicated to Kape Technologies, founded in the United Kingdom, as the parent company (or ZenMate and Private Internet Access as sister companies) with which it reserves the right to percentage user information. I asked if CyberGhost was willing to update its terms and privacy policy for the sake of greater disclosure and transparency.
I also asked why someone has trouble opting for a VPN in Romanian jurisdiction outside the doors of Five Eyes if possible legal disputes were resolved through the British courts, their data can simply be shared with a parent company founded in the UK as well as with their sister. corporations founded in Germany and the United States.
CyberGhost had responded at the time of publication.
Conclusion: Even a careful interpretation of these clauses suggests that, CyberGhost’s advertising jurisdiction is in Romania, CyberGhost can simply share its knowledge not only with its UK-based parent company, but also with its US-based sister company.
CyberGhost publishes its own annual transparency report, which includes data on all subpoena requests it receives so that others can more easily see if the service has been queries by law enforcement. The company also provides quarterly updates on its website. But consumers don’t have to rely on corporate self-assessment of privacy and knowledge sharing. That’s not good enough. I need audits, not only from CyberGhost, but also from any entity or company to which CyberGhost can send my data.
I’m talking about more than a gesture of transparency. I am referring to genuine evidence of insecure knowledge collection policies that obstruct CyberGhost and its sister companies. These are even more vital as CyberGhost called the mat to collect potentially harmful information when it discovered that certain main points of the user’s hardware were being recorded.
I’m the Ghosties to be right. But first, we all want more transparency and we all want answers about Kape before you can submit your products.