Before I get into it, here is some background information that you’ll need to know. First off, Librem Tunnel is basically a rebranded PIA client for PIA services.
Secondly PIA announced this week that they are being purchased by CyberGhost. This is deeply concerning because CyberGhost is owned by Kape Technologies which used to be known as Crossrider. There is a troubling history when it comes to CyberGhost and privacy which this article explains in far greater detail than I care to as part of this post. Here are a few relevant tidbits:
Crossrider changed its name to “Kape Technologies” in 2018 – for reasons that we’ll explain below.
Then in October 2018, Kape purchased Zenmate, a Germany VPN provider, for an undisclosed amount. This lines up with the trend we’ve observed of VPNs getting bought up by outside investors. It is the consolidation of the VPN industry.
Now here’s where things get interesting. When you research the company Crossrider (now Kape) you learn it is a company known for infecting devices with malware.
When you research the company Crossrider, you find numerous articles about Crossrider malware and adware, such as this article from Malwarebytes:
Crossrider offers a highly configurable method for its clients to monetize their software. The common method to infect end-users is software bundlers. The installers usually resort to browser hijacking. Targeted browsers are Internet Explorer, Firefox, Chrome, and sometimes Opera. Crossrider not only targets Windows machines but Macs as well.
PUP.Optional.Crossrider installs are typically triggered by bundlers that offer software you might be interested in and combine them with adware or other monetizing methods.
According to Malwarebytes and many other reputable online security websites, Crossrider was hiding malware in software bundlers, which would then infect the user’s computer with “adware or other monetizing methods”.
So yeah for those reasons, as somebody who has been buying VPN service from PIA for the last three years, I severed my ties with them earlier this week. I want nothing do with this company at all.
The question for Purism here is simple: Are you going to transition Librem Tunnel to a different VPN provider and if so, which ones are you considering? If not, can you explain why you don’t consider PIAs new owners and their shady history to be an issue here?