NameCheap, the Domain Name Registrar, has recently started a VPN service. It is a full fledged effort to enter the space, with strange unicorns and all.
It has the usual marketing claims of being private, fast and secure, but one thing caught my attention immediately. They have a large network of “40 locations and 1000+ servers.” Rolling out that kind of infrastructure takes a while. Not only do you have to design and implement your VPN services, but you have to work with and vet 40 different datacenters. Unless of course you don’t do any of that and just resell someone else’s VPN service…
Now, before we go deeper, I like NameCheap as a brand. They do a lot of privacy activism work that is admirable including working with the EFF, fighting for Net Neutrality, fighting to keep domain registrations private, etc.
NameCheap has partnered with IPVanish, who develops their apps and provides the network. They share the same servers and use the exact same technology. This means that if a person gets a NameCheap VPN subscription, they are really getting IPVanish and that’s a problem. IPVanish was caught logging their information after claiming that it was a no log service. After a violation of trust this large, no company should be working with them, especially if they take privacy and security seriously.
Because we are all about proof, let’s do some digging:
A Reddit user noticed some curious similarities between the IPVanish and NameCheap VPN website, showing that they both refer back to the same parent website.
This lengthens the list of IPVanish connected brands to VPNHub (PornHub VPN), Overplay.net, Unblock.us, Encrypt.me, and StrongVPN.
You should not, ever, trust brands that have outed (and lied to) their users before.