In September 2021, ProtonMail quietly scrubbed a bold claim from its website: "We do not keep any IP logs which can be linked to your anonymous email account." The deletion came after French authorities arrested an activist whose IP address ProtonMail had logged and provided under court order. While mainstream tech media largely missed this detail, a small independent blog called RestorePrivacy caught it, using archived snapshots to document the company's shifting stance on user privacy.
This type of dogged investigative work has become the hallmark of what is now CyberInsider.com, an independent cybersecurity publication that merged with RestorePrivacy in 2024. Operating without corporate backing or venture funding, the outlet has carved out a unique position in security journalism by combining investigative reporting with practical privacy guidance.
The ProtonMail investigation became the showcase of their approach. Rather than simply reporting the arrest, RestorePrivacy dug deeper, documenting how the encrypted email provider altered its marketing claims after being compelled to cooperate with law enforcement. The story raised uncomfortable questions about privacy services operating even in supposedly privacy-friendly jurisdictions like Switzerland. As the report noted, the incident "raised some eyebrows" among privacy advocates who had trusted ProtonMail's no-logging promises.
This willingness to scrutinize popular privacy tools, even those they earn affiliate commissions from, sets CyberInsider apart. The site maintains it has "no ownership interest in any of the products or services we review and recommend," a pointed contrast to review sites owned by VPN companies or security software vendors. This independence allows them to publish critical coverage that might harm affiliate relationships but serves reader interests.
A more recent investigation demonstrates their evolving capabilities. In February 2025, CyberInsider exposed a massive data breach affecting stalkerware apps Cocospy and Spyic. The investigation revealed that an unpatched security flaw had exposed personal data from millions of people, including private messages, photos, and call logs harvested from compromised phones. The breach affected 2.65 million unique email addresses, with about half being previously unseen in other breaches.
But CyberInsider didn't stop at reporting the breach. They connected technical dots to reveal a broader pattern of negligence in the stalkerware industry. Citing independent researchers, they traced Cocospy and Spyic to a common codebase linked to a defunct Chinese spyware developer. They detailed how these apps disguise themselves as innocuous system services on Android devices and route stolen data through Cloudflare's infrastructure to obscure their servers' locations.
This investigative depth reflects the team's technical expertise. According to their public statements, the small operation consists of "engineers-turned-editors, privacy researchers, and veteran tech writers" with decades of combined experience. This background enables them to understand and explain complex security issues that pure journalists might miss or misinterpret.
Their editorial standards emphasize human-driven journalism in an era of AI-generated content. The site "pointedly notes it does not use AI to generate content," instead relying on original testing, fact-checking, and regular updates to maintain accuracy. This commitment to quality over quantity distinguishes their work from content farms flooding the security space with recycled news and superficial reviews.
The merger with RestorePrivacy in 2024 expanded their investigative capacity. Previously split between two sites, the team could now focus resources on deeper reporting. As founder Alex Lekander explained, "Combining both websites into one allows us to focus our energy on one platform and cover all of these important topics." This consolidation came as cybersecurity and privacy issues increasingly overlapped, making the distinction between the two sites less relevant.
CyberInsider's investigative work extends beyond individual companies to industry-wide practices. They've consistently highlighted how many tech review websites and YouTube channels in the privacy space rely on sponsorships from the products they review. By explicitly rejecting this model, they position themselves as watchdogs not just of security threats but of the security media ecosystem itself.
Their reporting methodology combines traditional journalism with technical analysis. When investigating the stalkerware breach, they didn't simply report leaked data statistics. They examined the apps' technical infrastructure, analyzed their obfuscation techniques, and contextualized findings within broader industry patterns. This approach provides readers with both immediate news value and a deeper understanding of systemic issues.
The site's independence enables coverage that might be legally or financially risky for corporate-owned publications. Investigating stalkerware operations, challenging popular privacy services, and exposing industry practices requires both editorial freedom and acceptance of potential backlash. Without investors or corporate parents to appease, CyberInsider can pursue stories based solely on public interest.
However, this independence comes with limitations. The small team cannot match the resources of larger security publications for breaking news coverage or global reporting. They compensate by focusing on depth over breadth, choosing stories where their technical expertise and investigative persistence add unique value.
Their funding model, relying on affiliate partnerships and modest advertising, creates its own tensions. How can they critically review products that generate revenue? CyberInsider addresses this by maintaining transparent disclosure policies and demonstrating a willingness to publish negative coverage of affiliate partners. The ProtonMail investigation, which could have damaged a lucrative partnership, proved their commitment to editorial independence.
Looking ahead, CyberInsider faces the challenge of scaling investigative work without compromising quality or independence. The 2025 launch of their newsletter suggests they're building direct reader relationships to reduce dependence on search traffic and affiliate revenue. This could eventually enable reader-supported journalism models that further enhance independence.
CyberInsider's approach demonstrates that small, principled publications can compete with corporate media through expertise, persistence, and genuine commitment to reader interests. Their investigations may not always make headlines, but they're building a track record of accountability journalism that larger outlets often miss or avoid. In an industry rife with conflicts of interest, their independent voice offers something increasingly rare: security journalism you can actually trust.
Join the Conversation