Express VPN sells for $1 Billion 24hrs after the CIO is forced to pay $335k for hacking

[Fasterthannothing]

Summary

The founder of ExpressVPN is charged with hacking on behalf of the United Arab Emirates then immediately sells the company to largest VPN conglomerate in the world Kape Technology.

 

Quotes

Quote

 The three defendants have agreed to cooperate with US authorities and pay the fine in exchange for deferred prosecution, according to a Justice Department release. The three have also forfeited foreign and US security clearances and face future employment restrictions. The agreement comes a day after ExpressVPN announced it had been sold as part of a $936 million deal to former adware distributors Kape Technologies, a company co-founded by an ex-Israeli surveillance agent and a billionaire previously convicted of insider trading. 

 

My thoughts

This sounds like the sketchiest VPN deal I've ever heard in my entire life. A hacker runs a VPN company, gets a sketchy deal from the government and then promptly sells off to a conglomerate of VPN services run by someone convicted of insider trading. Kape technologies sounds extremely sketchy and worrisome with what they are doing. Imagine how easy a security breach or warrent will be when every VPN is owned by the same company. Also someone who is more well versed in laws explain how Kape isn't a monopoly now? And if someone wants to recommend a good VPN not owned by Kape please let me know.

 

Sources

 https://www.google.com/amp/s/www.cnet.com/google-amp/news/expressvpn-cio-among-three-facing-1-6-million-doj-fine-project-raven/

[Mark Kaine]

1 hour ago, SlidewaysZ said:

And if someone wants to recommend a good VPN not owned by Kape please let me know.

Proton VPN.

 

Can't say for sure because I find vpns fundamentally untrustworthy,  but supposedly it's "good".

 

 

OT: isn't this the same guy who "bought" the 90s chat room thingy recently under highly suspicious circumstances? 

 

Edit:oh that was PIA iirc.  Only upright people,  you see. 

[divito]

If they're truly maintaining separate service, staying in the BVI and continuing to not log, the controlling company isn't as much of a concern (they also run Private Internet Access, CyberGhost and ZenMate). ExpressVPN is one of the better VPNs available.

 

The selling of the company came before the news of the fine for the US intelligence/military people, and your thoughts don't really match the information presented in the article. ExpressVPN wasn't part of the hacking or fine, these "acts" that resulted in the fines to those individuals happened before Gericke was brought into ExpressVPN.

Also, Gericke was the CIO, not a founder.

[staticpage]

PSA the title here sorts sucks the news states Express VPN CIO Daniel Gericke is a former US intelligence and military operatives who, under a deal to avoid prosecution, admitted to violating US hacking laws by working as "cyber spies under Project Raven" for the United Arab Emirates and were fined $1.6 million.

 

 Express VPN then the following day was sold to a Jewish Israeli ex surveillance agent and billionaire previously convicted of insider trading, under umbrella corp. "Kape Technologies" (Private Internet Access, ZenMate and CyberGhost.)

 

In 2016, Project Raven was moved to DarkMatter, a UAE cybersecurity company allegedly involved in targeting US nationals for surveillance.

 

 

[poochyena]

1 hour ago, SlidewaysZ said:

This sounds like the sketchiest VPN deal I've ever heard in my entire life.

Practically every VPN is sketchy. They are borderline scams when they say they protect you, and sell themselves through fearmongering.

The only thing they "protect" you from are ad trackers.. which aren't harmful to begin with unless maybe you are an secret agent or performing criminal activity.

[Fasterthannothing]

1 hour ago, Mark Kaine said:

Proton VPN.

Isn't that literally the same company who handed over logs to authorities... and changed their TOS to allow it? Gosh all this makes me realize how sketchy as heck VPNs actually are. Why in the world has not one single company stuck to their principles and managed to make a secure VPN and not turn into a sellout! It's not like Express VPN was hurting for cash like what did they have to lose by running it themselves?

[Mark Kaine]

18 minutes ago, SlidewaysZ said:

Isn't that literally the same company who handed over logs to authorities... and changed their TOS to allow it?

Tbf they did not change it, its a swiss company in Switzerland that needs to follow Swiss laws.

 

But what they did is kinda false advertising saying they wouldn't*

 

*but would anyways when asked by Swiss authorities which is law in Switzerland with similar laws all over the globe

 

 

But yeah, this is typical for VPNs, theres only two reasons to use a VPN imo, and that's because your work requires it (which is the original use case) or to circumvent region blocks... 

 

The stuff about "privacy" is more or less snakeoil... sure tracking will be slightly more difficult,  but thats about it. Plus you trust random people to not sell out your data ... kinda not great. 

[divito]

1 hour ago, poochyena said:

Practically every VPN is sketchy. They are borderline scams when they say they protect you, and sell themselves through fearmongering.

The only thing they "protect" you from are ad trackers.. which aren't harmful to begin with unless maybe you are an secret agent or performing criminal activity.

All the more reason the ExpressVPN was/is different and lauded. They didn't/don't really push or focus on that fear angle through the majority of marketing compared to others.

[poochyena]

24 minutes ago, divito said:

They didn't/don't really push or focus on that fear angle through the majority of marketing compared to others.

They did. Here is a nostalgia critic video with an ad focused on keeping hackers out of your network 15:30

Even saying hacking your info is so easy, a 12 year old could do it. Thats serious fear mongering.

[divito]

2 minutes ago, poochyena said:

They did. Here is a nostalgia critic video with an ad focused on keeping hackers out of your network 15:30

Even saying hacking your info is so easy, a 12 year old could do it. Thats serious fear mongering.

While a fair post, it's far less egregious in comparison to the rest of the market. Their website is also quite subtle in their claims/approach.

[tikker]

20 hours ago, SlidewaysZ said:

Isn't that literally the same company who handed over logs to authorities.. started logging someone after getting a court order to do so.

There's whole thread about this in TN already, so I won't repeat it all here, but they didn't just hand over logs. They were ordered by the court and as any legal entity had to oblige with that.

20 hours ago, SlidewaysZ said:

Why in the world has not one single company stuck to their principles and managed to make a secure VPN and not turn into a sellout!

Because VPN companies aren't some magic above the law entity that exists untouchably to 100% hide you from its eye. They need to comply with law enforcement just as we would. If they wouldn't they'd have the same problems people like to blame e.g. crypto for and may get in trouble for enabling criminal activity through anonimity.

20 hours ago, SlidewaysZ said:

and changed their TOS to allow it?

It changed from

Quote

Does ProtonVPN store user information?

ProtonVPN respects its users’ privacy and enforces a no-logs policy. This means your VPN connections remain private, and we do not store information about your connections or the websites you visit.

To secure your account and make sure it’s you who is signing in, we store a single timestamp of your account’s most recent login. Again, we do not store any information about where you signed in from or how long you were logged in.

to

Quote

Does ProtonVPN keep logs?

In order to respect our users’ privacy, ProtonVPN enforces a strict no-logs policy. This means we keep no session usage logs of what you do online, and we do not log metadata that can compromise your privacy. 

• We don’t log which websites you visit
• We don’t log your traffic or the content of any communications
• We don’t log your IP address
• We don’t log your session lengths
• We don’t log or track any location-based information

This level of privacy is possible in part because we are based in Switzerland, which has some of the strongest data protection and digital privacy laws in the world. Data required for maintenance and troubleshooting purposes is secured using full-disk encryption on all our bare-metal servers, over which we have full control. Full details about the information that we do store (such as account information) are available in our Privacy Policy. Our apps are all fully open source and independently audited so that you can be sure they are trustworthy, and we aim for transparency in everything we do.

I still trust them. Performance is great and I have nothing to compain about so far.

 

On topic:

The timing of the deal is interesting for sure. One more for on the not-any-time-soon list I guess.