Hacker News new | past | comments | ask | show | jobs | submit login
Kape Now Owns ExpressVPN, CyberGhost, PIA, Zenmate, and VPN “Review” Sites (restoreprivacy.com)
275 points by walterbell 11 days ago | hide | past | favorite | 85 comments





Yet Sven Taylor recommended ExpressVPN for years despite the fact that its ownership was quite suspect (secret). We've never fully known who was behind it and from where it was truly operated.

The ranking of best VPNs on the site is mostly a ranking of VPNs that offer the largest referral fees [1].

One of the largest, most honest and transparent VPN, Mullvad, does not have an affiliate program. And guess what, it's not even reviewed on Restore Privacy!

[1] https://onemorecupof-coffee.com/best-vpn-affiliate-programs/


> The ranking of best VPNs on the site is mostly a ranking of VPNs that offer the largest referral fees [1].

Can't we replace "VPNs" with pretty much any service at this point though?

I haven't trusted 'review/ranking' sites in ages, because after see the same top 5 "best hosting providers ever!" lists one 3 sites, you kind of get a hint.


As someone who has been working on an honest web hosting review site for a decade now. You're totally right. I see the same pattern in this article talking about fake review sites. The biggest offender in hosting was Endurance International Group who owned so many major brands and gobbled them up. You'd often find any ranking full of the brands they owned (BlueHost, HostGator, iPage, JustHost, Site5, Arvixe, etc, etc, etc).

Since you're really skeptical, I'd love to hear your take on what I've done (and been doing) in terms of trying to create an honest system.

The gist is, I scrape Twitter data, filter out spam, affiliate links, etc, and use sentiment analysis to see which brands people actually like. My hypothesis was that reviews are fundamentally a weird human behavior. The real 'reviews' are embedded in normal conversation when you talk to people. With enough data of these signals, you can get a much better picture of what people really think. The results seem to line up basically like an NPS measurement.

https://reviewsignal.com/webhosting/compare has all my data if you want to see how the rankings actually look. Not every company has an affiliate program. Many smaller companies aren't listed because I can't get enough data.


What has helped me a lot making better purchasing decisions on sites with a ranking system ala Amazon is only reading the 3 star reviews (or whatever is in the middle)

The 5 stars are somewhere between suspicious and just not that useful because of people being overly excited and the 1 star reviews is often people just having bad luck or not understanding what the product is and for whom.

Meanwhile the 3 stars I feel are the most sober ones, often pointing out flaws (and every product/service has them), that I can then make a more informed decision whether those flaws are going to affect me at all or going to be a show stopper.

That's why I'm a bit skeptical about the use of sentiment analysis or similar, independently of how well they work. I'm not necessarily convinced that excitement is actually that good a signal. E.g. there are many movies, books, etc that are generally well received but I don't like them at all. Doesn't make the other people or me wrong, I just have different expectations and preferences.

Similarly for tech services I would prefer having a much, much easier time being able to map the systems capabilities and limitations to my use case and budget than knowing whether other people like or dislike it.


Honestly I don't see a 5 star rating as being euphoric/excited about the product.

The 5 stars are basically baseline if the product is good enough for the price it's sold at. Giving anything besides a 5 star is a massive FU to the vendor, as dropping below 4 is basically a death sentence for the listing. That can be warranted for sure, but only if there was something very wrong.

The biggest issue I'd see with your approach is how hard it's going to be to separate bots talking to each other from actual people writing these messages.

Most research on the matter seems to conclude that anything between 25 and 70% are written by bots.

The high range is because it's actually quite hard to confidently assess wherever a message is written by a human. Surprisingly not because it's hard to classify bots, but because people often write borderline incoherent messages too.


I don't disagree with you, and I should have written better that I use them as part of an overall evaluation process.

As an example how I use them. Some time ago I was looking into buying a audio hardware unit for music production (advanced hobbyist use I guess). Superficially, from the marketing copy and some reviews I have skimmed it had everything I wanted, like Midi in/out connectors.

Then I went to the 3 stars section and one of the first comments said:

"Great device, but had to return it, because it doesn't support part X of the MIDI protocol."

Whether this is written by a human or a bot is irrelevant. What matters is, if it is true and if it affects me. In this specific case it simply didn't matter to me, so ignored the comment. In case it would have, the comment would have served as a red flag to do further investigation to see if the claim is true.

I don't do an elaborate process on everything I buy, especially not low cost every day dispensable items (just buy different brands over time until I stumble upon one I like), but the more specialized the use case and the bigger the buy in and cost of reversing decision, the more I wish I had better tools to figure out whether a product/service actually matches my use case.


> The 5 stars are basically baseline if the product is good enough for the price it's sold at

That is absolutely not my interpretation of such a scale. I would naturally map 5 stars to "exceeds expectations". If the best a product can do is meet expectations, how do you disambiguate from the truly excellent?

One of a multutude of issues with reviews is our differing interpretations of what a score represents


So, would you ever consider buying a product that has less then 4 stars?

Very few would, which means that giving anything but a 5 star effectively means "I don't want you to ever sell this product again"


In the early days of the “sharing economy” I gave a Taskrabbit cleaner 4 stars, thinking “they did a really good job!” But they called me nearly in tears asking what they had missed to get five stars.

Paid reviews seem easy enough to spot, they hype up the product/service too much, I'd read a VPN review, notice those canned phrases, and sigh because in my view the review site just scammed me of my time...

Maybe a bot that collects reviews and detect similar sentences can also rate those bullshit "review sites"..


For hosting, it's pretty clear based on who they put at the top and top few rankings. Is it one of the cheap, high affiliate hosts? Fake. Problem is, people unfamiliar with the space might not be aware of it. For people who know, web hosting reviews are generally crap.

As far as rating sentences of bullshit review sites. How do you think that would work and how would you train such a system? I'm worried about the non-paid training, where might one get enough sample data to show 'normal' vs 'paid'?


When a lot of the reviews use literally the same words or phrases cut-n-paste or templates in, it’s pretty transparently a scam.

Yeah, I pick that up as spam detection looking for identical type of messages/content.

This is awesome. I'd love to see this exact setup applied things other than web hosts!

If I’m reading your table correctly, you say Linode’s VPS plans start at $10/mo, but they’re actually $5/mo.

Is this meta-data, the stuff outside the rankings, hand-entered?


Yes and updated it, thanks!

I don't know how accurate your ranking method is - NLP is tricky - but the idea is very very cool!

Yeah, I custom wrote a lot of the NLP years ago. It was adapted from my Master's thesis predicting box office sales using sentiment analysis on twitter data (and a few other variables like number of theaters it plays in). Back then, nothing out of the box was accurate enough to my liking and I had to custom write a lot of stuff to analyze it and it's pretty web hosting specific for understanding context. I honestly haven't tested much on newest sentiment analysis stuff available. I wonder how accurate it would be. But the biggest problem I am finding is that there is less data on Twitter. Not sure if that's fewer people talking about these companies or just lower Twitter volume in general.

Mullvad is wireguard based with extremely easy to use apps. Highly recommended.

Not just wg they offer openvpn too.

How do we know someone not paying you for recommending Mullvad here or you do not have conflict of interest in recommending Mullvad, I have seen people recommending ExpressVPN everywhere even on HN before this whole fiasco. Problem with paid reviews is that it is very difficult to ascertain and detect them for ordinary consumer. Don’t know the solution but now i am skeptical of comments like you have posted.

You're absolutely right! I could be paid to recommend Mullvad and my praise of it should be taken with a grain of salt!

The point I was trying to make is that it is not a small provider, it is well rated by reputable privacy reviewers such as privacytools.io - who do not use affiliate link or take payment from providers - so there is no reason it should be ignored by Sven Taylor. I'm less trying to praise this particular VPN than to show that that review website is somewhat "provably" an affiliate link farm.


I can't access Mullvad website:

Secure Connection Failed

An error occurred during a connection to mullvad.net. SSL received a record that exceeded the maximum permissible length.

Error code: SSL_ERROR_RX_RECORD_TOO_LONG


I see that error sometimes when a content filter blocks a website.

Do you have an internet filter that also blocks vpn sites so you "can't" get around it?


I tried to visit the site again and this time I got a "Parental Control Restrictions" page from my router (filter managed by TrendMicro?). This is strange, because I have never seen this before, not even for p*rn websites...

Mullvad it is! I'm potentially a new customer.

Yes Mullvad is one of the best options!

What are other best/better options?

(Due to my use-case and currency I find Mullvad pricey and would be interested in alternatives hence the question)


I'm not sure who I trust less, a shady Israeli proxy (VPN) company that claims not to track you, or Verizon/AT&T/T-Mobile/Comcast who successfully lobbied the US Government for permission to record and sell your network behavior, or Webpass (Google).

How much of your traffic is HTTPS and do you use DoH? I guess reverse DNS mappings can still get you something.

I just signed up for 3 months of Mullvad a few weeks ago. So far so good. Didn't even need my name or anything. I paid anonymously.

It's super fast with wireguard.

No affiliate links, no special discounts, no special sales prices. No coupon codes. Just privacy.


What's the point of paying anonymously if you are presumably going to be connecting to it from your IP anyway? Unless you're using it with another anonymizing option first.

If you are using it from behind a CG-Nat this could be a very effective form of privacy.

Not at all. Unless there are tons of people on that network who are using the same VPN as you, it would be trivial to figure out the endpoint.

> Unless there are tons of people on that network who are using the same VPN as you, it would be trivial to figure out the endpoint.

This is why I hedged my statement with "could be". While it's unlikely that this other condition is met, it is possible.


Yes, you're totally right. If the conditions are met that you are 1) behind a CG-NAT, and 2) a statistically significant sample of other users on that CG-NAT is using the same VPN node, then yes it "could be a very effective form of privacy" in this extremely unlikely and contrived example. But in most real-world cases, it is not.

Does your ip come attached with your name?

Yes, in standard consumer ISP cases, it literally does.

If investigated by law enforcement.

In court precedent is an ip address doesn't equal a person.

...because that IP address is just the public side of a NAT'ing router, likely a wifi router.

If you're logged into a VPN, that IP is much more likely to be you, since you had to authenticate to it and you're very unlikely to share the account particulars like you would your wifi password with friends/family/neighbors.


This particular discussion surrounds anonymously using a VPN. In this scenario, your VPN does not know who you are.

So, even though you have to authenticate, your privacy is still preserved.


Sadly I cannot remember the specific case but seem to remembeer at least one occasion where it did

No, but in a subpoena it is.

How do you pay anonymously?

You can snailmail them cash along with a random token you get from their website/account management page, and that gets credited to your account.

https://mullvad.net/en/pricing/


Every single piece of postal mail is scanned front/back. If you've signed up for the USPS's delivery notification stuff for your mailbox, that's where the scanned "previews" come from. And it's notable how often those previews show a pretty good representation of what's inside, even without messing with the preview image in an image editor to play with the levels/contrast/etc.

So yeah, if you'd like to hand the feds evidence you're using a VPN, go right ahead, mail Mullvad cash?


I would assume the person mailing them cash is not sending it from their mailbox on their property, but instead a public access mailbox in a town or city.

If you’re worried about being actively followed by the feds and they’re tracking you drop that letter, you have much, much more to worry about than your VPN usage.


They have a variety of crypto options. You can also mail money directly to their office and if you are in Sweden you can buy physical vouchers in-store at several places (which can be paid in cash.)

(Just a happy customer.)


Giftcards or crypto. You could even mail cash to pay for it.

If I was in charge of intel ops for any country with a decent budget, first thing I would do is build or buy a VPN company.

You have a self-selected group of people with something to hide. What could be more ideal to gather kompromat?


most often though the thing they're hiding is watching movies and shows they couldn't get in their country otherwise.

But the great thing about the vpn is some people leave it on and forget about it.

So then you invest in a free porn service.


> most often though the thing they're hiding is watching movies and shows they couldn't get in their country otherwise.

Sure, but the .0001% of users who use grindr while trying to hide their preferences, and hold a position of influence in government or a corporation make the whole effort worthwhile.

As a bonus, the op is actually profitable because the 99.9999% of people you don't care about, and don't have to spend man-hours on, are actually paying for all the man-hours that you spend on the people of interest!

The intel flywheel is up and spinning!

edit: this is all conjecture.


There are hundreds, if not thousands, of VPN services. Why would someone you care about targeting use your specific one? Or is the point that you're just conducting a massive dragnet operation to see what you find? In that case, it's probably way cheaper to just send agents out to search people's trash every night /s.

There are hundreds of vpn services, but as the topic article tells us more and more of them are owned by the same entity. And this same entity tries to obscure this fact. And this same entity under a different name was allegedly "involved in browser hijacking, malicious software bundlers, adware, and other monetization methods" (Crossrider past). This same entity is registered in a country with influential and capable intelligence services, and not particularly known for its privacy laws. And if you google names behind this entity, you'll find mentions of bribery, jail time, gambling industry, and Israeli intelligence. I don't see why you put /s on your post.

https://privacyguides.org/providers/vpn/

A community led guide for the best VPN's.


Shouldn't some kind of anti-trust agency forbid such mergers, or break them up after the fact? At least in an alternate world where anti-trust law was still enforced.

> Shouldn't some kind of anti-trust agency forbid such mergers, or break them up after the fact? At least in an alternate world where anti-trust law was still enforced.

Even without anti-trust, it should be illegal to own or buy a "review site" for something you sell. That kind of thing is very counter to consumer interests and a blatant conflict of interest.


That sort of rule would quickly become very hard to untangle. For example news papers are often the only good source of reliable, in-depth book reviews and for historical reasons the companies that sell books and sell news papers are often owned by the same parent company.

In the Kape case I think it is clearly dishonest, and the same can be said for the online order mattress space among others. Most online direct to consumer spaces (for example gaming and anti-virus) probably has some actor that is dishonestly setting up or buying review sites.

But it is not exactly clear how you would in a legal sense draw the line.


> That sort of rule would quickly become very hard to untangle. For example news papers are often the only good source of reliable, in-depth book reviews and for historical reasons the companies that sell books and sell news papers are often owned by the same parent company....

> But it is not exactly clear how you would in a legal sense draw the line.

You could probably address that problem by permitting common ownership in cases where the company could prove to a court that it's implemented effective and rigorous firewalls, such that the reviews are independent and not affected by the common ownership and do not show evidence or tampering of bias. My understanding is those kinds of firewalls are de rigueur in the newspaper industry.


Sure, but it'd be extremely hard to prove if that bias has penetrated that firewall or if it hasn't. I think the reason it has (mostly) worked for journalistic institutions is that it is a profession that are taught a set of ethics as a part of their education and it has a history of adhering to those ethics.

Proving a non-bias for what is your own actual financial interest seems almost impossible. I'm not saying it can't be done ever, but I would not want to have to argue either side of that.

I said this in a comment below but I think it is relevant here too:

Restricting speech is in general hard, what would be much easier is to require clear and obvious disclosure. Since journalistic ethics already requires that it should only require changes for dishonest actors.

EDIT: To clarify: those firewalls are often in the journalistic institutions currently but it becomes a whole other ballgame when something needs to be proven in court. The suggestion to make them legally mandated is where I think we run into problems.


Newspaper book reviews certainly can have the suggested problem.

The Times would arrange for positive reviews of HarperCollins books by giving them to a reviewer who they knew would provide one.


It'd be interesting to see a source for that although I don't doubt that similar things have happened. I'm just saying that such a rule would not just untangle Kape, but would also unravel most larger media companies.

Depending on how it would be written things like a youtuber reviewing a pixel phone or one TV show talking about a different TV show might be illegal.

Restricting speech is in general hard, what would be much easier is to require clear and obvious disclosure. Since journalistic ethics already requires that it should only require changes for dishonest actors.


The story of Sleepopolis changed the way I think about review sites.

https://www.fastcompany.com/3065928/sleepopolis-casper-blogg...


I frequently encounter 1-off review sites that are owned by the #1 product on the list. Many are transparent about it, and some even do a good job listing their competitors and describing them in a fair light. I think they are mostly a response to Google's algorithms prioritizing reciently published blog style top-10 lists.

Here is the first result when I google "best free youtube downloader"

https://www.gihosoft.com/hot-topics/best-free-youtube-downlo...


I feel like this should fall under advertising laws. Maybe it does and I'm not familiar with the area. Does the review site need to disclose the fact of ownership?

> I feel like this should fall under advertising laws. Maybe it does and I'm not familiar with the area. Does the review site need to disclose the fact of ownership?

Even if they do, they can probably satisfy the requirement with disclosure where no one would actually notice it.

The only kind of disclosure I'd be happy with is if at the top of the page and next to any self-endorsement they would have to show a garish warning banner with a legally mandated design that called out their conflict of interest in blunt terms. It would be easier and better to just ban the practice.


Anti-trust is meant to protect competition against monopolies, not everything against anything evil. At least that's how I've understood it.

It'd be hard to argue that Kape is even close to becoming a monopoly.


AIUI antitrust also covers cartels, e.g. this one from the early 20th century controlling lightbulbs: https://en.wikipedia.org/wiki/Phoebus_cartel

Isn't a cartel a type of threat to competition via monopoly? The wikipedia first-line definition of a cartel is "A cartel is a group of independent market participants who collude with each other in order to improve their profits and dominate the market". The monopoly in that case is by the group.

It seems like a cartel can form without having a collective monopoly. It's the collusion that's problematic, not the combined percentage.

There's no Kape cartel if they just own lots of brands, Kape can't collude with itself...

Right. There are dozens of different VPN providers and switching costs are pretty low.

I studied competition law and I think the regulators would probably struggle to even understand what a VPN is

They don't even have to though. All they have to know is that it's a market.

They won’t look to investigate if they don’t even understand the product

I suppose, but they have better things to do with their time than prevent consolidation in the snake oil market.

Isn't this the outfit associated with the "Emperor of Korea" who took over Freenode?

> Isn't this the outfit associated with the "Emperor of Korea" who took over Freenode?

“Crown Prince”; the would-be Emporer who named him is still alive.


Not really, the Emperor sold PIA to Kape, but that's the only known association, and the association seemed to end there.

Is there a reason why people are not using distributed/blockchain VPNs as https://mysterium.network?

I cant understand why put your data on these shady VPNs.


Because nobody wants to host an exit node.

No you dont.

If you use your free credits you can buy more.

No need to host an exit node.


I don't trust that the exit nodes are safe.

The entire vertical industry segment?

Or is that horizontal??

Or is it the entire path of an industry segment?

Yeah, just a path, a control path, to market control.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: