ExpressVPN
ExpressVPN is a virtual private network service that encrypts internet traffic and masks users' IP addresses to provide privacy and security online. The subscription-based service offers apps for multiple platforms and was acquired by Kape Technologies in 2021.
Score generated by AI agents based on publicly cited evidence and reviewed by the project maintainer. Not independently validated.
Score History
Timeline events are AI-curated from public reporting. Score trajectory is derived from documented events.
ExpressVPN was founded by Peter Burchhardt and Dan Pomerantz as a straightforward consumer VPN service incorporated in Florida. The product was technically sound but unaudited, with no independent verification of its no-logs claims. The VPN market was small and fragmented with minimal regulatory attention. Separately, Crossrider (the future parent company) was founded in 2011 and acquired by convicted fraudster Teddy Sagi in 2012, planting governance risks that would only materialize later.
ExpressVPN reincorporated in the British Virgin Islands in late 2014, gaining genuine privacy protections but also placing itself beyond most consumer protection jurisdictions. The VPN market was growing rapidly as privacy awareness increased. Meanwhile, the Google-Berkeley study in 2015 publicly named Crossrider as a major ad injection affiliate, and the Crossrider IPO in September 2014 raised $75 million under Teddy Sagi's controlling stake — setting the financial foundation for the later VPN acquisition spree.
ExpressVPN reached its reputational peak: TrustedServer RAM-only infrastructure launched, PwC conducted the first independent no-logs audit, and the company co-founded the VPN Trust Initiative. The Turkey server seizure had validated its no-logs claims under real-world law enforcement scrutiny. However, the Kape consolidation engine was already in motion — CyberGhost (2017), ZenMate (2018), and PIA (2019) were acquired — and Reuters had just exposed Project Raven in January 2019, revealing that ExpressVPN's future CIO Daniel Gericke worked as a UAE hacker-for-hire.
The September 2021 acquisition by Kape Technologies for $936 million triggered a governance and trust crisis. The DOJ simultaneously fined CIO Daniel Gericke $335,000 for Project Raven, Edward Snowden warned users to leave, employees protested internally, and Gizmodo told readers to stop using the service. Kape's earlier acquisition of vpnMentor and Wizcase for $149 million gave it control over both VPN products and VPN review channels. The competitive conduct dimension spiked as four VPNs and two review sites fell under one entity.
The first full year under Kape ownership saw the review site rankings manipulation become public — vpnMentor and Wizcase gave all top positions to Kape-owned VPNs while removing competitors. The DNS leak bug was silently introduced in May 2022. ExpressVPN launched the Aircove router, creating its first hardware lock-in vector. India server removal demonstrated willingness to resist data retention mandates, but the Keys password manager launch would later become an unbundling vector.
Teddy Sagi took Kape private through Unikmind Holdings at ~$1.5 billion, delisting from the London Stock Exchange on May 31, 2023 and eliminating all public reporting requirements. Within weeks, approximately 180-200 employees were laid off. Founder Peter Burchhardt and CTO Daniel Gericke both departed, removing the last independent voices from ExpressVPN's leadership. The privatization pattern — acquire at premium, delist, slash costs, extract value — became unmistakable.
ExpressVPN's enshittification has intensified through multiple simultaneous vectors. A $50 million class action over deceptive auto-renewal practices, tiered pricing that unbundled previously included features, and legacy router firmware discontinuation pushing users toward proprietary Aircove hardware all demonstrate extraction acceleration. A second round of undisclosed layoffs occurred in 2024. The company now faces active litigation, declining user trust, and growing recognition that a privacy company owned by a convicted fraudster with adware origins may be fundamentally compromised.
Alternatives
The privacy purist's VPN — accepts cash and cryptocurrency, assigns random account numbers instead of email addresses, and has never had a successful data request from law enforcement. $5/month flat with no discounts to push long subscriptions. Easy switch. Smaller server network than ExpressVPN but better privacy posture.
Swiss-based, open-source VPN operated by the same company behind ProtonMail, with a genuine no-logs policy verified by independent audits and a free tier that doesn't require a credit card. Unlike ExpressVPN's Kape Technologies ownership, Proton is a mission-driven company with no PE extraction. Easy switch — apps available on all major platforms.
Dimensional Breakdown
Summaries below were written by AI agents based on the cited evidence. They are editorial interpretations, not independent research findings.
Dimension History
Timeline (46 events)
ExpressVPN Founded by Burchhardt and Pomerantz
Peter Burchhardt and Dan Pomerantz, Wharton School alumni, founded ExpressVPN as a consumer VPN service initially incorporated in Florida. The company focused on providing encrypted internet connections and IP masking for privacy-conscious users.
Crossrider Founded as Browser Extension Platform
Koby Menachemi and Shmueli Ahdut founded Crossrider in Tel Aviv as a cross-browser extension development platform. The SDK enabled developers to build, distribute, and monetize browser add-ons at scale, with monetization options that facilitated ad injection.
Teddy Sagi Acquires Crossrider for $37 Million
Israeli billionaire Teddy Sagi, who was convicted of fraud and bribery in Israel in 1996, acquired Crossrider for $37 million in cash just 16 months after its founding. Sagi's criminal record and involvement in gambling technology (Playtech) raised governance concerns that would later become relevant to ExpressVPN.
Crossrider IPO Raises $75M on London AIM Exchange
Crossrider raised $75 million in its IPO on London's AIM Stock Exchange at a valuation of $250 million. After the offering, Teddy Sagi retained a 56% controlling stake. The IPO was led by Shore Capital and provided the funding base for Crossrider's later VPN acquisition spree.
ExpressVPN Reincorporates in British Virgin Islands
ExpressVPN moved its legal incorporation from Florida to the British Virgin Islands, citing privacy advantages. The BVI has no data retention laws and is not party to international surveillance alliances. While providing genuine privacy benefits, this also places the company beyond the regulatory reach of most consumer protection agencies.
Google-Berkeley Study Names Crossrider as Major Ad Injector Affiliate
A joint study by the University of California, Berkeley and Google identified Crossrider among approximately 1,000 businesses enabling unwanted ad injection into users' browsers. The study found over 50,000 browser extensions and 34,000 software applications that hijacked browsers to inject ads, with nearly 30% being outright malicious, including credential theft.
Crossrider Shuts Down Adware Platform After Rising Abuse
Crossrider officially shut down its browser extension development platform after failing to control its misuse by malware and adware developers. The platform's openness made it impossible to effectively combat abuse. Malwarebytes, Microsoft, Trend Micro, and other security firms had flagged Crossrider extensions as PUP (Potentially Unwanted Programs) and adware.
Crossrider Acquires CyberGhost VPN for ~$10.5 Million
Crossrider acquired CyberGhost VPN for approximately $10.5 million (€9.1M), marking its first VPN acquisition and a decisive pivot from ad-tech to recurring-revenue consumer privacy products. This initiated the consolidation strategy that would eventually bring ExpressVPN under the same corporate umbrella.
Apple Removes ExpressVPN from China App Store
Apple notified ExpressVPN that its iOS app was removed from the China App Store following new Chinese regulations requiring government approval for VPN operations. All major VPN apps were removed simultaneously. ExpressVPN publicly criticized Apple for 'aiding China's censorship efforts,' calling it the most drastic measure the Chinese government had taken to block VPN use.
Turkish Authorities Seize ExpressVPN Server in Assassination Investigation
Turkish investigators seized an ExpressVPN server in connection with the investigation of Russian Ambassador Andrei Karlov's assassination in Ankara. Someone had used a VPN connection through ExpressVPN to access and delete the assassin's Gmail and Facebook accounts. The seized server yielded no user data, effectively validating ExpressVPN's no-logs policy under real-world conditions.
Crossrider Rebrands as Kape Technologies
Crossrider officially changed its name to Kape Technologies PLC and began trading under the KAPE ticker on the London Stock Exchange. The company acknowledged the rebrand was necessary due to 'the strong association to the past activities of the company' — its adware and browser hijacking origins. The name change accompanied a strategic pivot to consumer privacy and security products.
Kape Acquires ZenMate VPN for €4.8 Million
Kape Technologies acquired ZenMate, a Berlin-based VPN provider with 50,000 premium customers, for €4.8 million ($5.5M). This was Kape's second VPN acquisition after CyberGhost, continuing the industry consolidation pattern that would eventually absorb ExpressVPN.
Reuters Exposes Project Raven UAE Hacking Operation
Reuters published a major investigation revealing Project Raven, a secretive UAE government program that used former NSA employees to hack espionage targets including journalists, politicians, activists, and Americans. Daniel Gericke, who would later become ExpressVPN's CIO, was among the operatives who worked for DarkMatter as part of this program between 2016 and 2019.
ExpressVPN Launches TrustedServer RAM-Only Technology
ExpressVPN introduced TrustedServer technology, becoming the first major VPN to operate entirely on RAM-only infrastructure. Servers run only on volatile memory, ensuring all data is wiped on every reboot. Each server loads a fresh software stack from a read-only image on boot, guaranteeing consistent and up-to-date code across the network.
PwC Publishes First Independent Audit of ExpressVPN No-Logs Policy
PwC Switzerland conducted the first independent third-party audit of ExpressVPN's privacy policy compliance and TrustedServer technology. The audit confirmed compliance with ExpressVPN's published no-logs policy under the International Standard on Assurance Engagements (ISAE) 3000, establishing an audit program that would eventually reach 23 independent assessments.
Kape Acquires Private Internet Access for $127.6 Million
Kape Technologies purchased Private Internet Access (PIA) for a total enterprise value of $127.6 million, including $52.9 million cash, 42.7 million new Kape shares, and $32.1 million in debt payoff. This was Kape's third VPN acquisition, doubling its paying subscriber base to over 2 million and aggressively expanding its North American footprint.
ExpressVPN Co-Founds VPN Trust Initiative
ExpressVPN became a founding member of the VPN Trust Initiative (VTI) alongside NordVPN, Surfshark, VyprVPN, and IPVanish. The industry group was established through the i2Coalition to promote best practices and consumer safety standards for VPN providers, representing a voluntary self-regulation effort in a largely unregulated market.
ExpressVPN Launches Lightway VPN Protocol in Beta
ExpressVPN released its proprietary Lightway protocol in beta, designed to improve connectivity speeds and reduce power consumption compared to OpenVPN. The protocol uses the wolfSSL library and comprises only about 2,000 lines of code, making it significantly lighter than alternatives while supporting both TCP and UDP connections.
ExpressVPN Launches Bug Bounty Program on Bugcrowd
ExpressVPN extended its bug bounty program to Bugcrowd, offering rewards up to $2,500 for critical vulnerabilities plus a $100,000 bonus bounty for the first person to find a valid vulnerability in VPN servers. The program covers unauthorized server access, remote code execution, IP address leaks, and traffic monitoring capabilities.
Kape Acquires Webselenese (vpnMentor, Wizcase) for $149.1 Million
Kape Technologies acquired Webselenese, the parent company of VPN review sites vpnMentor and Wizcase, for $149.1 million. The sites collectively reached over 105 million readers globally in 2020. This acquisition gave the VPN vendor direct control over ostensibly independent review channels that millions of consumers use to evaluate VPN products.
ExpressVPN Open-Sources Lightway Protocol on GitHub
ExpressVPN released the full source code of its Lightway protocol on GitHub under the GPL v2 license, accompanied by an independent security audit by Cure53. The audit found 14 issues (none critical), all of which were addressed. The open-sourcing allowed community contributions and invited other VPN providers to use the protocol.
Kape Technologies Announces $936 Million Acquisition of ExpressVPN
Kape Technologies announced the acquisition of ExpressVPN for $936 million, the highest sum ever paid for a VPN business. This made ExpressVPN the fourth VPN brand under Kape's ownership alongside CyberGhost, ZenMate, and PIA. The deal consolidated a significant portion of the consumer VPN market under a single entity controlled by convicted fraudster Teddy Sagi.
DOJ Fines ExpressVPN CIO $335K for Project Raven Hacking
The U.S. Department of Justice announced that Daniel Gericke, ExpressVPN's Chief Information Officer, agreed to pay a $335,000 fine and entered a Deferred Prosecution Agreement for his role in Project Raven, the UAE's covert hacking operation. Gericke and two other former U.S. intelligence operatives admitted to violating International Traffic in Arms Regulations while working for DarkMatter.
ExpressVPN Admits Knowing 'Key Facts' About Gericke's Spy Background
Vice/Motherboard reported that ExpressVPN acknowledged knowing 'key facts' about Daniel Gericke's involvement in Project Raven before hiring him. The company stated his history and expertise 'made him an invaluable hire' and refused to change his position, arguing his background helped protect customers.
Edward Snowden Warns Users to Stop Using ExpressVPN
Former NSA whistleblower Edward Snowden publicly warned users to abandon ExpressVPN, posting 'If you're an ExpressVPN customer, you shouldn't be.' The warning, triggered by the DOJ's revelations about Daniel Gericke's Project Raven involvement, amplified public concern about trusting a privacy tool whose senior executive hacked human rights activists for a foreign government.
ExpressVPN Employees Protest Gericke's Role Internally
ExpressVPN employees raised internal complaints about Daniel Gericke's continued employment. Over 40 employees voted to escalate questions about his role during an internal session. One employee wrote: 'This episode has eroded consumer's trust in our brand, regardless of the facts. How do we intend to rebuild our reputation?' Management maintained its support for Gericke.
Gizmodo Publishes 'You Should Probably Stop Using ExpressVPN'
Gizmodo published a widely shared article advising readers to stop using ExpressVPN, citing the convergence of Daniel Gericke's Project Raven involvement, the Kape Technologies acquisition by a company with adware origins, and the broader consolidation of VPN providers under a single entity controlled by a convicted fraudster. The article crystallized public trust concerns.
Kape Completes ExpressVPN Acquisition for $936 Million
Kape Technologies formally completed the acquisition of Express VPN International Ltd from Access Global Limited. The deal closed three months after its announcement, giving Kape ownership of four VPN brands (ExpressVPN, CyberGhost, PIA, ZenMate) plus two major VPN review sites (vpnMentor, Wizcase), creating unprecedented consolidation in the consumer VPN market.
vpnMentor and Wizcase Shift Rankings to Favor Kape-Owned VPNs
Following Kape's acquisition of the review sites, vpnMentor and Wizcase reportedly shifted their VPN rankings to give all top three positions to Kape-owned VPNs (ExpressVPN, CyberGhost, PIA). Competitors NordVPN and Surfshark were reportedly removed from top recommendations. The word 'Kape' appeared nowhere in on-page text, and ownership disclosures were buried in hard-to-find locations.
ExpressVPN Launches Keys Password Manager
ExpressVPN unveiled its Keys password manager feature in beta, initially available as a Chrome extension and built into the Android app. Keys allowed users to create unique passwords and store them in a digital vault. Notably, Keys was included in ExpressVPN subscriptions at no extra cost — a benefit that would later be moved behind a paywall in the 2025 tiered pricing restructuring.
DNS Leak Bug Introduced in Windows Split Tunneling Feature
ExpressVPN version 12.23.1 for Windows introduced a bug (later assigned CVE-2024-25728) that caused DNS requests to leak to users' ISPs when split tunneling was enabled. The vulnerability went undetected for nearly two years, affecting all Windows versions through 12.72.0, exposing the browsing domains of approximately 1% of Windows users using split tunneling.
ExpressVPN Removes Indian Servers Over Data Retention Mandate
ExpressVPN removed its physical servers from India after India's CERT-In mandated that VPN providers store user data including real names, IP addresses, and usage patterns for at least five years. ExpressVPN stated its RAM-only TrustedServer architecture was incompatible with the regulation and instead offered virtual server locations routing through Singapore and the UK.
ExpressVPN Launches Aircove VPN Router Hardware
ExpressVPN launched Aircove, a Wi-Fi 6 router with built-in VPN protection, as its first hardware product. The router only works with ExpressVPN and cannot be used with any other VPN provider. If a user cancels their subscription, the router becomes a paperweight. This created the first significant hardware lock-in vector in ExpressVPN's business model.
Teddy Sagi Launches $1.5 Billion Bid to Take Kape Private
Unikmind Group, Teddy Sagi's investment vehicle, launched a bid to acquire the remaining shares of Kape Technologies at $3.60 per share (290 pence), valuing the business at approximately $1.5 billion. Sagi already held a controlling stake and signaled his intention to delist the company regardless of the offer's outcome.
Kape Technologies Delisted from London Stock Exchange
After securing acceptances for 98.54% of shares, Unikmind completed its privatization of Kape Technologies on May 31, 2023. The delisting from AIM eliminated all public financial reporting requirements, making it impossible for users, journalists, or competitors to assess the company's financial health, R&D investment, or strategic direction.
Founder Peter Burchhardt Departs ExpressVPN
ExpressVPN co-founder Peter Burchhardt left the company after completing his transition to the new Kape ownership. Burchhardt had sold the business in 2021 and completed his earn-out period. His departure removed the last original founder from ExpressVPN's leadership, leaving the company fully under Kape Technologies' operational control.
Kape Lays Off ~200 Employees Including ExpressVPN Leadership
Kape Technologies laid off approximately 180-200 employees (12-30% of workforce, depending on source) following its privatization. The layoffs impacted teams across engineering, IT, support, HR, design, marketing, and operations. Daniel Gericke announced his departure as CTO of ExpressVPN and the Kape Privacy Division. Reports suggest ExpressVPN's team took a disproportionate hit.
Nearly Two-Year DNS Leak Bug Disclosed (CVE-2024-25728)
CNET journalist Attila Tomaschek discovered that ExpressVPN's Windows split tunneling feature had been leaking DNS requests to users' ISPs since May 2022. The vulnerability (CVE-2024-25728) affected versions 12.23.1 through 12.72.0. ExpressVPN temporarily disabled split tunneling for all Windows users and released a fix in version 12.73.0 on February 21, 2024.
ExpressVPN Launches Aircove Go Portable VPN Router
ExpressVPN expanded its hardware line with Aircove Go, a palm-sized portable Wi-Fi 6 VPN router priced at $169.90. Like the original Aircove, it only works with ExpressVPN subscriptions, extending the hardware lock-in strategy to travelers. The device includes a USB-C power adapter and Wi-Fi Link for connecting to local hotspots.
ExpressVPN Launches Identity Defender Suite for U.S. Users
ExpressVPN introduced Identity Defender, a suite of identity protection tools including ID Alerts, ID Theft Insurance (up to $5 million), Data Removal, and Credit Scanner. Initially included free with new 2-year VPN subscriptions, the suite would later be gated behind higher-priced tiers in the September 2025 pricing restructuring, becoming a feature unbundling vector.
ExpressVPN Rewrites Lightway Protocol in Rust for Memory Safety
ExpressVPN announced the complete reimplementation of its Lightway protocol in Rust, eliminating memory-safety vulnerabilities inherent in the original C implementation. The rewrite was backed by security audits from Cure53 and Praetorian conducted in late 2024, finding only low-risk issues. The Rust version rolled out to Aircove first, with platform-specific releases through 2025.
Second Round of Layoffs at ExpressVPN
ExpressVPN announced its second workforce reduction in two years, stating it could deliver its service 'more efficiently.' The company did not disclose the number of jobs cut, only that it had taken the 'difficult decision to reduce the size of our workforce.' This followed the July 2023 layoffs of approximately 180-200 employees, continuing the cost-cutting pattern since privatization.
RDP Vulnerability Exposes User IPs in Remote Desktop Sessions
Security researcher 'Adam-X' reported a vulnerability through ExpressVPN's bug bounty program that exposed users' real IP addresses during Remote Desktop Protocol sessions. Debug code intended for internal testing had been mistakenly included in production builds (versions 12.97 to 12.101.0.2-beta), causing RDP traffic to bypass the VPN tunnel. A fix was released on June 18, 2025.
$50 Million Class Action Filed Over Illegal Auto-Renewal Practices
Plaintiff Timothy Millar filed a class action lawsuit (Millar v. ExpressVPN) in California seeking $50 million in damages, alleging ExpressVPN violated California's Automatic Renewal Law by enrolling users in auto-renewing subscriptions without clear disclosures or affirmative consent. Millar claimed he purchased a one-month plan in September 2022 believing it was a one-time purchase.
ExpressVPN Introduces Three-Tier Pricing Restructuring
ExpressVPN made the largest pricing change in its 16-year history, replacing its single subscription plan with Basic ($3.49/month), Advanced ($4.49/month), and Pro ($7.49/month) tiers on 2-year plans. While the entry price dropped 30%, previously included features like the Keys password manager and Identity Defender were moved behind higher-priced tiers, effectively unbundling the existing product.
Legacy Router Firmware and App Support Discontinuation Announced
ExpressVPN announced that legacy app versions and third-party router firmware would cease connecting after March 31, 2026, as the company retires older security certificates. Several popular router models including Linksys WRT3200ACM, older Asus RT-AC models, and Netgear R-series routers were designated end-of-life. Users were directed to purchase Aircove routers for continued router-level VPN protection.
Evidence (42 citations)
D1: User Value Erosion
D2: Business Customer Exploitation
D3: Shareholder Extraction
D4: Lock-in & Switching Costs
D5: Twiddling & Algorithmic Opacity
D6: Dark Patterns
D7: Advertising & Monetization Pressure
D8: Competitive Conduct
D9: Labor & Governance
D10: Regulatory & Legal Posture
Scoring Log (4 entries)
Added 1 missing dimension narrative