Why We Stopped Recommending PIA

Private Internet Access (PIA) took off quickly after its release in August 2010. It was touted as a P2P-friendly VPN with loads of servers and a low price. PIA’s efforts at transparency, like making their Android and computer clients open-source, drew in even the most skeptical users.

PIA’s Rise to Fame

PIA’s premise was simple: charge below competitors’ prices and provide more options. It’s known to be jam-packed with features. These include 10-device support, SOCKS5 proxies, no logging, and servers in 77 countries. Most importantly, PIA was owned by London Trust Media from its inception through November 2019.

London Trust Media is a small Colorado-based company and went to great lengths to be transparent. PIA had such unique features because it wasn’t simply a rebrand of another program. It was an original product and was regularly maintained by trusted programmers. Though it has servers in various countries, London Trust Media is fully US-based. In general, the US has strong speech protections and search warrant standards. These factors prompted many prominent security experts to back the company.

PIA was begun as London Trust Media’s first startup. It initially had load balancing issues due to unprecedented demand. This and some support quirks that annoyed users were quickly resolved. Over a period of around nine years, its value increased from $0 to $95,000,000. The financiers at London Trust Media determined that they’d had their prime days, and it was time to move on.

It’s quite possible that PIA provided too many services to its users. With its low prices and rich features, the company burned more money than it made. Right before it switched hands, PIA was $32,000,000 in debt.

The PIA Merger Deal

The more recent controversy over PIA is largely due to a merger or “buyout”. Kape Technologies, a subsidiary of LTMI Holdings, purchased PIA for $95,000,000. They now fully own the intellectual property behind the service and run it. The Israeli company’s questionable history raised red flags with VPN watchdogs.

The original name of Kape Technologies was “CrossRider”, as it used to specialize in advertising. More specifically, it was known for producing and selling adware. Its deceptive business practices led most antivirus engines to ban its products. Users would see that malware named “Adware.CrossRider” had been blocked. The company changed its name to Kape Technologies to dodge the stigma associated with the name.

Who Really Runs Kape Technologies?

Some VPN users did some digging shortly after the company switched hands into its new owners. There are two primary problematic ties. The original SEO back when the company was still known as “CrossRider” was Koby Menachemi. Certain security experts see the fact that he was part of “Unit 8200” in the Israeli Army. The unit is essentially Israel’s version of the US’s NSA. While this association is certainly questionable, it does not prove any wrongdoing.

The second connection is to the infamous “Panama Papers” of 2016. These documents were leaked from a wealthy law firm in Panama to journalists. They had extensive records of communications with very wealthy people, their companies, and their lawyers. Teddy Sagi, a prime investor in Kape Technologies, was featured in the Panama Papers. It’s important to remember that simply being named in these papers doesn’t imply criminal guilt. Though many named in them are guilty of some crime, some are simply wealthy people and companies.

Kape Technologies’ Other Holdings: CyberGhost and ZenMate

This isn’t the first VPN service that Kape Technologies has acquired. The acquisition of PIA makes Kape the owner of three VPN services. The first two were prominent services CyberGhost and ZenMate. All three of these used to be independent VPN services with their own, internal security measures and protocols. There’s good cause to believe that Kape is trying to “buy out” as much of the VPN market as possible. The reason for doing so remains unclear.

Our Recommendations Regarding PIA and CyberGhost

Out of an abundance of caution, we are saddened to say we can no longer recommend PIA or CyberGhost. To be clear, both of these were well-respected services with excellent track records. They ran for many years and respected the promises they made to their users. However, the track records of their new owners are ambiguous. We do not know their true intentions or if our concern is overblown. Our revocation is because there are enough suspicious factors and unknowns regarding how private your usage will actually be.

As Kape continues to run these services, we’ll keep tabs on them. After all, the trust people have in VPN services is based on how well they’ve held up under scrutiny. For example, when the “HideMyAss” service exposed a user’s IP accused of attacking Sony, most users lost trust for the company. When a VPN service who claims to not log goes to court and states they have no logs to show, more trust is built.

There is certainly reason to switch providers if you currently use PIA or CyberGhost. However, the fact the Kape now owns both of them doesn’t mean you must swear off them forever. Monitor how the company responds to complaints, subpoenas, and accusations over time. VPN choice is all about personal choice and acceptance of risk level.

Be Careful Reading About These Services Online

As a final piece of wisdom, be careful about the information you get online about these services. It would be fair to say that the reaction of many in security communities is overblown. The backgrounds of the former CEO and investor in the Panama Papers aren’t foreign. They match up with the backgrounds of many wealthy engineers all over the world.

Some have used paranoia and creative thinking to conclude there is a conspiracy going on. Others believe it’s run by criminals because of Sagi’s name being in the Panama Papers. Again, there is simply not enough information out to prove the veracity of PIA one way or another. We accept that it isn’t a good sign that the company has specialized in quasi-malicious adware in the past. What we don’t accept is that this is an indictment on PIA and CyberGhost’s new owners. However, we deem that it would be irresponsible to vouch for both these VPNs in their current states.