The Moral Repugnance of Fraudulent "VPN Review" Extortions & Kickbacks
When we started providing network security service to folks in 2007 that was intended not just as security theatre but rather to provide serious, no-compromise protection, many challenges presented themselves. At a technical level, repurposing so-called "VPN" toolsets in a way that was suitable for protocol- & application-agnostic network transit - not to mention cryptographically robust - took some real work. Determining optimal server-side configurations also involved more than a little effort. What we didn't worry so much about, to be honest, was "marketing" or "branding." No sense in carts before horses: make the service work, then worry about telling the world how well it does its job.
In the intervening years, we've watched with dissapointment & eventual resignation as the "VPN industry" copied our core approach to network provisioning (OpenVPN-based, Linux-served, etc.) with next to no innovation or improvements of note. At the same time, enormous effort & creativity has been brought to bear on the "marketing side" of things - with dozens and dozens of me-too technical copycats springing up, distinguished from each other only based on marketing gimmicks & snazzy logos. When a "brand" whose logo is a smiling Ass, and whose claim to fame is betraying its customers despite enormous "no-logging" hype, came to be a leading "competitor" in the field, the accelerating silde of the "VPN industry" into disrepute & dishonour was fully complete. Yes, that means you, Snitch My Ass.
But, of all the dirty & dishonest scams that have burst forth during this ugly slide into the gutter, the one that is perhaps least well-understood and yet most widespread is that of the fraudulent "VPN review" websites & their scammy behaviour behind the scenes. Of course, we've written about that broadly in the past - there's an entire subforum here devoted to just that topic - but in that morass of dishonesty one practice stands forth as the nadir of deceit: extortion-based efforts to coerce "advertising" by fraudulent review websites.
Here's how it works:
A scammy "VPN review" website - inevitably run by some get-rich-quick schemer with no technical expertise & a history of activity in other, similar web-based frauds - makes contact with a network security provider. "Hey," the scammer says, "we've decided to 'review' your service - congratulations. Only, err, if you want a 'real' review & not just our 'free' version, you have to pay us for 'advertising.' Otherwise, we'll just publish our 'free' review... & there might be errors, ha ha." What they mean is that they've drafted a dishonest, inaccurate "review" that they will then post to their cheap-o blog... unless the service provider pays up to "correct" the lies that have been drafted up. Here's a sample "rate sheet" we received from one such entity.
In a word: extortion.
This happens routinely, and is a core element of the "VPN review" website scam. Ever notice that all the same, poorly-performing, unreliable, betrayal-centric "VPN services" always end up at the top of those lists? It's not because folks are so keenly positive about their crapware services; rather, those marketing-focused companies do two things to ensure their placement. One, they provide extensive kickbacks to these sites via "affiliate programs" (more below). Two, they pay to "advertise" on the very-same sites. You will notice that even TorrentFreak, which used to have a reputation for legitimate journalism, engages in the second form of dishonesty with its readers. We hope we're reading TF's stance wrong, but the "advertise with us = better coverage" connection seems hard to ignore.
The second part of this, the extortion gambit, hasn't been publicly discussed before. After all, those who pay the extortion shakedowns ("advertising fees") don't want to mention it. And those who refuse generally get pummelled by the negative "publicity" of the fraudulent bad write-ups & are not heard from again - after all, if it's all about making "easy money," then when the easy cash isn't there, these coattails-riding copycats move on to the next get-rich-quick scheme on the internet.
But, we don't work that way on our team.
Rather than give in to extortion, we refused - and we don't really care if some amateur-grade crook pastes up some lies about our project, our community, or our team. We've been at this long enough to speak for ourselves, and we trust that the truth of our approach to serious network security service is well-understood by the community & by legitimate tech review sites. In the example last fall, the scammer decided - ironically enough - to attack one of our project's original founders, repeating verbatim a line of US-sponsored disinformation that's long since been proved false, & shown to be part of a black propaganda campaign now exposed as routine for unse in targeting substantial NSA/GCHQ enemies & encryption activists. Whenever our team is attacked with government-sponsored disinfo, we consider it a win - it shows just how much the spooks & rogue military goons fear the work we do. For the win!
Anyway, as part of that reaction our team decided to put forth some principles we follow when it comes to such questions. Rather than doing so piecemeal, we've put them together here in one place. We're publishing them publicly, both to make our own stance clear & we hope to motivate other legitimate security providers to do likewise. Without further ado, here goes...
- 1. We do not have an "affiliate program" that pays kickbacks to people who convince customers to join our network, and we never will. While the idea seems ok in theory - spreading the word, adding more folks to the team - in practice these programs have turned into cesspools of fraud, over-promising, and dishonesty. We want none of it, and never will. Sure, some are not scammy... but the structural pressure for them to become exactly that is just too great to ignore. We provide, instead, token resales to anyone who would like to become a reseller. Our resales program has an open, standard pricing model & there's no shady back-room dealing taking place. That way, members always know that overall network security & reliability comes first and foremost - not sneaky "affiliate marketing" tricks that are really just MLM scams wearing different skins.
2. We refuse to advertise or otherwise pay money to any website or other resource that represents itself as an independent "review" service for network security companies. Again, some such sites might actually be able to retain a 'Chinese wall' between advertising sales and reviews... but most don't. Most, in fact, just sell the putative top ranking to whoever pays the most "advertising" dollars per month - often going so far as to promise to create fake customer reviews to be added as comments to the fake reviews! By removing ourselves from this sordid environment, we take away the temptation to have reviews be anything but honest or objective. What advertising we might do in the future (we don't actually 'advertise' anywhere currently, and may well never do so... more on that in another whitepaper) will only take place on neutral, independent platforms - not places that are directly involved in reviewing services such as ours. That's the only way to be sure (no need to nuke 'em from orbit, thank heavens!).
3. Finally, and most vehemently, we will never pay extortion demands from small-time crooks threatening to post lies about our work if we don't pay up. Never. Rather, we will expose these frauds publicly & rain all available contempt on their execrable, dishonest practices. We call on other legitimate providers to do exactly the same, and drive these scum from the world of legitimate security services. They are a disgrace to our "industry," and their falsely-created gibberish serves to confuse & misdirect customers seeking legitimate advice on legitimate security questions. Only through an ironclad, unwavering rejection of such nonsense can we continue our leadership role in supporting honest, objective, fact-based decisions regarding security technology.
Phew. There you go. Hopefully, this will help to cut down on the volume of overt & semi-covert efforts to approach our team for payouts in order to get "good reviews." We're of course deeply committed to the process of member review & member feedback; here, in our forum, anyone can post such review - members & nonmembers alike, anonymously or via a named account here - without censorship or constraint. However, that process is perverted when scammers make up fake "customer" comments, write fake reviews, and otherwise pollute the legitimate information flow with their cheap-assed efforts to make a quick, dishonest buck.
Last year, when this most egregious scammer tried to extort our team (& failed, of course), the phrase "morally repugnant" came up. We think it's a great phrase! Those who spread government-sponsored black propaganda against well-respected, well-tested, well-credentialled members of our team are indeed morally repugnant. Those who run fake "review" websites that attempt to extort money from legitimate service providers are, indeed, morally repugnant. And, those who seek to profit from shady "affiliate marketing" programs that run counter to the interests of paying customers are also, in their own way, morally repugnant to us.
As a team, we value honesty, integrity, loyalty, & proven professional competence. That is the foundation on which our project is built, & to which our team strives. This means that, quite often, we're attacked & besmirched by dishonest scum who only want to find a way to act as a lazy parasite on the real work of others. That, indeed, is morally repugnant behavior. We abjure those who engage in such despicable acts, and call on them - here, in public - to grow up & earn a living as real contributors to our society, our culture, & our planet. It's not so hard - give 'er a try!
This thread, as is every thread here, is open for any and all replies. If the scammer in question wants to defend himself, he's welcome to do so here - publicly, without editing or censorship by anyone. His earlier extortion efforts were done via PMs in twitter; we've screenshotted them, since as soon as we rejected his overtures he (not surprisingly) deleted the PMs at once. If it's appropriate, we'll post those screenies here... if he denies the extortion, that is. But we doubt it'll come to that. Let's see...
Often, we're told that our "no compromise" attitude comes off as intense & a bit spooky. Fair enough. That's not our intention, of course - but we can see how it happens. As a team, we're actually pretty nice gals & guys... but, yes, we do take this work seriously. For that, we cannot offer any apologies. This is what we do, & we're proud to put our spirits & our expertise fully into the task at hand. As it should be.
- ~ cryptostorm_team