Interview with CyberGhost VPN
0)Please tell us, what is your role (in the VPN company, where do you stand, owner, marketer, advertiser etc)?
My name is Robert Knapp and I am co-founder and CEO of the CyberGhost SRL. Our company consists of 20 employees, a team of software developers in Germany and a group of young, highly motivated IT experts in the company’s headquarters in Bucharest, Romania, who established in an extremely short time an extraordinary service with more than 2.5 million users, meant to provide the best and most effective way of Internet security: anonymity!
1) Does CyberGhost VPN keep any logs, IP Addresses, Timestamps, Bandwidth caps, Traffic or other data?
No! Why? People in non-democratic countries are in real danger, just for expressing their opinions. If we implemented backdoors, deep packet inspections or stored information about our users and share those with authorities regardless their origins, we would risk the lives of people. We would never do that!
We don’t want people to blindly trust us, either. We want them to be suspicious and think for themselves, but, of course, we will do anything necessary to earn your trust. Please consult our FAQ on www.cyberghostvpn.com regarding Internet security, visit our board for discussions and contact us any time on Facebook or Twitter you feel the need to have some questions answered. We would also like to invite civil rights and net activists or NGO members to our headquarters, to study our source code as well as our locations.
2) What type of Encryption do you use?
CyberGhost VPN offers a 256 bit encoding for your traffic from your PC to and inside the CyberGhost network. It works regardless of the application you use and keeps you safe from data sniffing like Deep Packet Inspection.
3) Where are your servers located and what jurisdiction do you operate under?
Our servers are located in different data centers in more than 20 countries. The CyberGhost SRL is a private company based in Romania, so we operate under the legislation of Romania that provides a high legal standard of civil rights and data security.
4) How do you generally handle requests from law enforcement and copyright agencies?
We are simply service providers. CyberGhost VPN does not operate outside the legal system and therefore cannot ignore the legislation in force. If there is a data communication request issued by a court, if we did not check up on that person, we would violate the legal provisions.
Nevertheless, even if there were a court request, we cannot identify a user of our network. The same mechanisms that offer protection to respectable citizens, journalists and other persons against data espionage and more serious deeds make it impossible for us to identify or track users suspected of having committed crimes using the CyberGhost VPN network.
There is only the theoretical possibility to intercept them, based on a court order, to record future surfing on a specific account (for example, to survey the activities of a terrorist cell). However, such operations require that, in addition to the court request, the relevant investigation authorities communicate us a connection IP or log-in data. In practice, this theoretical hypothesis is almost completely void of significance, and we have never used it.
5) Do you have access to all your servers, and does the datacenter you use log?
CyberGhost VPN consists of more than 200 servers in 20 countries and partners with different providers. All servers are installed and configured by CyberGhost, so we have access to all our servers!
To get access to a server one needs a RSA key (just a user name and password are no option). That key will be generated individually and is secured on an encrypted mobile media (usually an USB stick with a TrueCrypt Volume). Furthermore the private key on that drive will be encrypted with a different password.
A direct access to our VPN servers is restricted to a small group which consists at the time being of four persons. Neither a worker of a computer center nor a server provider is included to this group of persons. Furthermore we have strict contracts with our partners, establishing very harsh security requirements (based on ISO 27001), e.g. that a system has to be wiped completely, before a server can be withdrawn.
Please note also that we don’t store any data on our VPN servers or login system that could be used to find out, who accessed which server at what time or compromise the anonymity of our users in any other manner.
6) Does your service support bittorrent?
Sure, none of the current P2P technologies are illegal per definition. We block P2P protocols on our Free servers due to strategic reasons. We think this is traffic that unnecessary slows down the Free service and we want to keep the “lines free” for people that need a Free VPN to access and surf the web. We have Premium servers that allow the use of P2P networks.
Check out the official CyberGhost VPN website here!
Read our CyberGhost VPN Review here!
Q: “How do you generally handle requests from law enforcement and copyright agencies?”
A: ” If there is a data communication request issued by a court, if we did not check up on that person, we would violate the legal provisions.”
In other words, using a VPN does not always protect your privacy.
Yes, but if you read on, he explains that they have no data to hand over – same as with other reputable VPNs.
Can I use the TOR browser with this VPN?
I’m not sure how this all works, but I want to be able to search the internet anonymously.
You should be able to, I don’t see why not. Also a VPN is built to protect you and help you browse the web anonymously.
But if you desire two layers of security, you can turn the VPN on, and turn TOR on over it.
Back in 2013, CEO and co founder of Gyberghost Robert Knapp said “There is only the theoretical possibility to intercept them, based on a court order, to record future surfing on a specific account (for example, to survey the activities of a terrorist cell). However, such operations require that, in addition to the court request, the relevant investigation authorities communicate us a connection IP or log-in data. In practice, this theoretical hypothesis is almost completely void of significance, and we have never used it”we have never used it
Is the statement that “we have never used it” still true to this date?