On September 14, the US Department of Justice announced that it had resolved an earlier investigation into an international cyber hacking campaign coming from the United Arab Emirates that has reportedly impacted hundreds of journalists, activists, and human rights defenders in Yemen, Iran, Turkey, and Qatar. The campaign, called Project Raven, has been in clandestine operation for years, and it has relied increasingly on a computer system called “Karma.”

But in a bizarre twist, this tale of surveillance abroad tapered inwards into a tale of privacy at home, as one of the three men named by the Department of Justice for violating several US laws—and helping build Karma itself—is Daniel Gericke, the chief information officer at ExpressVPN.

Today, on Lock and Code, host David Ruiz explores how these developments impacted his personal decision in a VPN service. For years, Ruiz had been a paying customer of the VPN, but a deep interest in surveillance and a background in anti-surveillance advocacy forced him to reconsider.

Tune in to hear the depth of the unveiled surveillance campaign, who it affected, for how long, and what role, specifically, Gericke had in it, on this week’s Lock and Code podcast, by Malwarebytes Labs.

This video cannot be displayed because your Functional Cookies are currently disabled.

To enable them, please visit our privacy policy and search for the Cookies section. Select “Click Here” to open the Privacy Preference Center and select “Functional Cookies” in the menu. You can switch the tab back to “Active” or disable by moving the tab to “Inactive.” Click “Save Settings.”

You can also find us on Apple PodcastsSpotify, and Google Podcasts, plus whatever preferred podcast platform you use.