"Kape Technologies was originally found under the name of Crossrider in 2011 developing advertising apps until they changed their name in 2018.
However, their software was treated as malware by companies such as Malwarebytes and Symantec begging one to ask, how can such a company despite rebranding itself change the shoddy culture that it had?
But the connections don’t end there. The very first CEO of Crossrider, Koby Menachemi, happened to be once a part of Unit 8200 which is an Israeli Intelligence Unit in their military and has also been dubbed as “Israel’s NSA.” Teddy Sagi, one of the company’s investors was mentioned in the Panama Papers which were leaked in 2016."
I don't think tagging people as ex 8200 is very helpful. Israel has mandatory military service and at this point if you have aptitude or are in a high school computer club in Tel Aviv or a few other places, you probably end up in 8200 for your service. For that matter, half the people who say there were in 8200 were either 1) listening to telephone calls 2) relegated to writing memos about the data people did hack and get. Of course, there are things one could have done that would raise serious questions. See, e.g., the issues raised for the people we know who worked on DualEC_DRBG.
On the other hand, there are other sketchy things about express VPN.
FWIW, I once worked at NSA, and likely care more about privacy than anyone you know. These places employ 10s of thousands of people, and the people that come out are as varied as the industry at large.
Indeed, and if you've ever used a machine in China with that crap installed you know how well that went.
Speaking of China, it has always been strange how well ExpressVPN worked there even during high pressure moments where all other vpn operators bit the dust, with some already wondering a few years ago if there wasn't something more shady going on. Eventually I ended up using some self managed shadowsocks servers and it's been a while, so no idea what the current state of affairs is, but I'm even less convinced to use them now.
I interviewed with ExpressVPN (NetworkGuard) not too long ago. While the founders are American and they're incorporated in the Virgin Islands, their actual base of operations is Hong Kong and they have no intention of moving out despite the recent upheaval there. So either they have serious guanxi, which seems improbable for pasty white dudes (sorry, but in China race matters), or they're very naive.
As of 18 months ago to my knowledge most expats still used name brand ExpressVPN, Astrill, etc. while techie types used stuff like v2ray+shadowsocks or shadowsocks alone. Shadowsocks is really underrated, once you’ve found your location, plugins and obfuscation “stack” that just work on the gfw it’s also super handy in other countries that have lighter and less sophisticated censorship.
I've never been to China, but I'm curious - is it possible to connect to EC2 instances in us/eu? Anything stopping an SSH tunnel or wireguard to such a machine?
But if you need security, roll your own VPN. You can set up a Digital Ocean droplet as one. It's a pain, but you only need to do it once.
I'm not sure there's much of a persuasive reason to use any of these big providers. That's why they always fall back on claims of security – unsophisticated users always fall for it.
How so? All you see is that a random DO droplet is pinging your service. You'd need a legal request to get any further info about the droplet. And in that situation, it's equivalent to any other VPN service that will comply with legal requests.
He is talking about government level threats, DO provides no benefit.
I'll add that rolling your own means you're the only one exiting that IP address, so if your threat model involves websites profiling you and/or alternative accounts that won't help.
Where did someone mention government level threats?
If the threat model is a government, Tor is the only safe solution, and only after extensive training and safeguards. Using anything else is actually-crazy.
This is precisely the point that the threat model bares its fangs. You can ignore it, but you should be aware that you're putting all your faith in that service.
A hypothetical Good VPN doesn't exist in China, for example, because they're legally not allowed to do what you suggest. Many of us don't live in China, but some do. Even outside of China, is it really true that a VPN service will simply give LEO the finger when they ask "Who was downloading child porn off your servers?" I'm skeptical they can.
That's the thing though, not all legal requests get the same weight or priority. I wouldn't trust a VPN to not roll over for your example cp case, but I think a middle finger equivalent isn't unreasonable for the less severe and more common case of receiving a complaint that the IP was observed as part of a swarm seeding copyrighted material. For lesser things, where does DO sit on the spectrum of will rat you out (which ISPs do), and likely won't rat you out (basically any paid VPN because their reputation depends on not doing so)?
If you are outside the US this is sufficient protection for many people. For example even close US allies (eg five eyes) have to go through the US court system to get this warrant, and that is a slow, annoying process when you aren't based in the US.
It raises the level of friction to meaning it will only happen for somewhat major investigations. If you are a major drug dealer, then yes, they'll do it. If they catch you with some small amount of some drug, then it's unlikely they'll chase it.
> How can such a company despite rebranding itself change the shoddy culture that it had
This is the nature of VPN companies. You must do your research. Sadly most consumers don't do their research and blindly trust that the VPN provider has their best interests at heart.
Should that mean we trust a provider that has zero scandalous pasts? Hardly. Treat every VPN provider as if they peddled malware in the past I say.
However, their software was treated as malware by companies such as Malwarebytes and Symantec begging one to ask, how can such a company despite rebranding itself change the shoddy culture that it had?
But the connections don’t end there. The very first CEO of Crossrider, Koby Menachemi, happened to be once a part of Unit 8200 which is an Israeli Intelligence Unit in their military and has also been dubbed as “Israel’s NSA.” Teddy Sagi, one of the company’s investors was mentioned in the Panama Papers which were leaked in 2016."
https://www.hackread.com/israeli-firm-kape-technologies-expr...