You Should Probably Stop Using ExpressVPN | WHAT REALLY HAPPENED X-Frame-Options: SAMEORIGIN

You Should Probably Stop Using ExpressVPN

For years, ExpressVPN has been one of the most popular and widely used privacy products of its kind on the market. It’s often ranked highest on top 10 VPN lists; a recent Tom’s Guide review called it the “hands-down best” VPN available. In the past, if you wanted to stay anonymous on the web, Express would’ve likely been the way to go.

However, all of this has been called into question following the revelation that ExpressVPN Chief Information Officer Daniel Gericke previously worked as a hacker-for-hire at DarkMatter—a cybersecurity firm based in the United Arab Emirates. Between 2016 and 2019, Gericke helped to hack systems and devices all over the world as part of “Project Raven,” a secretive operation designed to help the UAE monarchy track and surveil critics of its regime, including activists, journalists, and some individuals based in the U.S.

Gericke and two other former U.S. intelligence operatives recently faced federal charges for their involvement in “Raven” but managed to reach deferred prosecution agreements with the government, allowing them to pay fines to avoid jail-time, while also agreeing to certain terms.

If the idea of an ex-spy helping a Middle Eastern government hack U.S. computers is disturbing to you, don’t worry—you’re not alone. On top of that, the news of Gericke’s employment with the company has rightfully startled customers of ExpressVPN, leading to a torrent of online criticism. Express initially tried to quell concerns about their executive’s ties to “Raven” by weirdly admitting that they knew “key facts” about his prior employment when they hired him and were pretty much fine with it. This strategy didn’t quite pan out. They subsequently published a more extensive statement, noting that they did “not condone” Project Raven” as the “surveillance it represents is completely antithetical to our mission.” They also promised to increase third-party audits as a way to continue showing compliance with their own privacy policy.