Kape Technologies, formerly known as Crossrider, is a holding company that owns several VPN services and review / affiliate websites.
Israeli businessmen Teddy Sagi is the majority shareholder of Kape, via his firm Unikmind. Its current portfolio includes ExpressVPN, CyberGhost, Private Internet Access, Zenmate, and VPN review website VPN Mentor.
Kape shot into the limelight with its $936 million acquisition of ExpressVPN in 2021. Before then, it was a relatively unknown player, despite owning a few other smaller VPN brands.
While on the subject of ExpressVPN the TL;DR is that it has a…questionable past. From hiring private spies to DNS leaks and connections to China, they haven’t had the smoothest transition from fledgling VPN to household name.
But let's get back to Kape and how this company has its eyes squarely set on the digital privacy and security space.
Kape's Sketchy Beginnings
Let’s just take a brief moment to look at the origins of Kape. It wasn't always known by this name, the original company was called Crossrider.
Crossrider dealt in Malware (they called it “ad injection”), and their specialty was building a platform that allowed mobile app developers to easily inject ads into their software or web application. They were so good at it, they caught the attention of Google’s security research team who were incredibly alarmed by what they had found: an entire ecosystem of thousands of companies, broken down into various segments (Software, Distribution, Injection, and Ads).
Crossrider’s main purpose was to function as a distributor, and they were incredibly effective at this. They used their network to drive as many installs as possible, all while collecting a commission for each install of the ad injection software. For those curious about this ecosystem, an archived version of Google’s Security Blog can be found here.
Rebranding as Kape Technologies
Due to the increasing negative attention their antics were causing, the company underwent a massive rebranding and emerged as Kape Technologies.
Nowadays, Kape Technologies is a conglomerate of multiple “privacy-first” software companies, including Express VPN. Express is not their only play in the VPN space though: they’ve also acquired a few larger-scale VPN operations over the past few years. Their first VPN acquisition was Cyberghost for €9.1M back in 2017, followed by Private Internet Access for $127M and Zenmate for €4.8M in 2018. Then came the Express VPN whale in 2021 for $936M, giving Kape a massive foothold in the VPN marketplace.
If Kape VPNs are known for anything, it’s being kinda sketchy. Since we’ve already covered Express in a previous article, the focus will be on the other three lesser-known VPNs that are part of the Kape Corporate Umbrella
Kape Acquires Cyberghost
Cyberghost was the first VPN that Kape acquired, back when they were still called Crossrider. Cyberghost was founded in 2011 by German entrepreneur Robert Knapp, who moved to Bucharest with $100,000 in seed capital ready to exploit the cheaper labor market in Romania. Robert’s own bio on the Cyberghost website claims that he’s passionate about building a privacy-preserving product, yet he had no problem cashing out for almost $10 Million to a company run by ex-Israeli spies and insider-trading billionaires. The irony is apparently lost in translation I suppose.
There’s also an issue with vulnerabilities. In 2023, professional pen testers exposed a vulnerability in the Cyberghost VPN client that could lead to system compromise, yet they had an incredibly difficult time getting any sort of response from the Kape security team (who quickly and quietly patched the issue).
Kape Acquires Private Internet Access (PIA)
Kape acquired PIA in 2019, a company founded by another individual with a questionable background.
A man by the name of Andrew Lee (when someone has their own Wikipedia page, you know it’s gonna be good). I’m just going to brush over the whole heir to the Korean Dynasty thing as that’s way out of my niche, but that alone probably merits further investigation for another day. Regardless of that whole royalty thing, he’s a man with a (well-earned) reputation. Some of his antics include:
- Purchasing Freenode IRC, then completely fucking it up, causing all the staff to leave.
- Went on an unhinged rant on Hacker News, opening up a smear campaign against ProtonVPN.
- Hired the former CTO of Mt Gox, Mark Karpeles.
- For those unaware, Mt. Gox is a former cryptocurrency exchange. At their peak in 2014, they were processing over 70% of all bitcoin transactions, followed by a quick liquidation and over 744 thousand bitcoin unaccounted for.
- Andrew Lee defended the hiring of Mark Karpeles by saying “People make mistakes” (I’d also love to lose billions of dollars worth of crypto tokens and be given virtually 0 penalty if that’s an option).
- Hired another Crypto Convict on the advisory board.
It’s also worth mentioning that at the time of the Kape acquisition, PIA was $30 million in debt and allegations of a toxic work culture were swirling around the internet. The details of the merger deal are rather opaque, but at this point it seems clear that the only real winners were Andrew Lee and the C-Suite of executives at Kape.
Kape Acquires Zenmate
While the history of Zenmate is less…colorful than the other two VPNs we’ve gone over, that doesn’t mean they’re without blame. They technically don’t exist anymore, and have been fully merged with Cyberghost as of May 2023. But prior to the full merger (and while still under the Kape umbrella) they had a potentially serious vulnerability within their MacOS app that hackers could theoretically exploit to cause a denial of service.
It’s Not Just Mid VPNs
Kape doesn’t just own multiple VPN companies, they also own several media outlets and other ‘cybersecurity’ software. Let’s start by looking at one of their most egregiously misleading ‘cybersecurity’ software offerings: ReImage.
ReImage is/(was?) marketed as a PC scan and repair tool. It’s actually something called scareware and it’s specifically designed to ping you with alarming messages about your computer containing multiple vulnerabilities, and prompting you to purchase a license to have their software perform the critical fixes necessary. I say ‘was’ marketed because when you go to their website, it doesn’t work. I was only able to look at their website through the web archive tool. Their crunchbase page gives the appearance that they’re still in operation, and you can still download their software off third-party websites. I wouldn’t though.
Kape Owns VPN Review Sites Too
You know what’s better than gobbling up market share of the VPN space? Gobbling up the websites that review them too, and creating your own vertical integration.
So not only does Kape own some of the biggest VPNs in terms of market share, but they also have complete control over the affiliate ecosystem that shills their subpar products onto unwitting consumers. Oh and that’s not all, they also own a middle-man company that specializes “in monetizing high-quality traffic by connecting them with the brands they need.” In other words, they own the VPNs, the VPN affiliate marketing platforms, and the VPN review websites. They’ve created an entire ecosystem that they control, all explicitly designed to go after your data and your wallet.
Here are some of the Kape Controlled entities that you may or may not have heard of before:
- Webselence
- Affiliate monetization platform.
- VPN Mentor
- VPN “review” site peppered with affiliate links from Kape VPNs and other owned software like Intego antivirus.
- Safety Detectives
- Another VPN “review” website, loaded up with affiliate links from Kape-owned businesses.
Obscurity and Dubious Intent Never Mix
Let’s take a moment to critically examine the position that Kape is currently in. They’ve scooped up a significant share of the market, they own the pipeline to funnel new customers into their world, and to top it all off, they no longer have to comply with public reporting standards since they’re now a private company. Now it’s time to introduce the final piece to this puzzle: Teddy Sagi, the man who this starts – and ends – with.
Who is Teddy Sagi?
Teddy Sagi, the billionare Israeli businessman and the owner of Kape, made his money selling payment processing software to the gambling industry. He's currently worth approximately $6.4 billion.
To be blunt, Teddy Sagi is filthy stinking rich. He’s in the three-comma club, probably because he’s really good at not paying taxes. If you don’t believe me, there is this thing called the Panama Papers that proves otherwise. Mr Sagi made a bunch of his money in the online gambling industry, but had significant influence in the founding and running of Kape’s predecessor, Crossrider. Being from Israel, Teddy Sagi had connections with the Israeli military intelligence sphere and was able to procure himself a real-life cyber spy from the famed Unit 8200 (kinda like Israel’s version of the NSA).
In 2022, Mr. Sagi’s holding company purchased the remaining shares he didn’t already own of Kape Technologies, all placed under the ownership of a shell company he alone controls, registered in one of the British Isles that is but isn’t a country (looking at you Isle of Man, wtf even are you?). As I mentioned already, the fact that it’s now a private company means they don’t have to offer an ounce of visibility into their inner workings.
A Question of Trust
At this point, you should be asking yourself if this is a company that you really want to trust with your private data, let alone give your hard-earned money to. I’d argue that their track record of sketchiness merits a cold hard NO. The odds that Kape technologies are operating with your best interests in mind are next to none. This is the point in the article where I’m supposed to pitch Windscribe and how much more open and transparent we are, but honestly, at this point, our actions speak for themselves. We’re the only company in this entire industry that is shining a light on things our competitors don’t want you to be looking at. We’re open with our faults, and we strive every day to deliver a high-quality service to people that absolutely require it to get around whatever bullshit blockers their ISP or government has placed on them.
