Shill City: The Dark World of Privacy Tech Marketing

Wednesday, 5 October 2022
Bob Leggitt

Privacytests.org - a performance table site which ranks Brave as its best-performing browser - is maintained by the Senior Research and Privacy Engineer at Brave Software. But sure, let's all take this quagmire of shilling and sockvertising seriously.

There should never be any trust where brands are concerned - especially in the tech genre. But after it was revealed that the self-styled privacy brand Startpage had bribed its way back into the recommendation resource privacytools.io’s listings after being legitimately booted out, the focus of suspicion split in two. Not only were the “privacy brands” untrustworthy - at least some sources of recommendation were a sham too.

As the seriousness of the privacy debate escalates to uncharted levels, perhaps this is a good time to ask how many of the voices in the privacy arena are being incentivised by brands. Perhaps, indeed, it may be better to ask how many of them are not being incentivised...

We can easily establish through affiliate linking that professional marketers like Naomi Brockwell are paid to promote brands. But what if the promotion has no affiliate link and is dressed up to look incidental? In those instances we can often observe clear biases. For example, endless evangelism for Signal on Brockwell’s Twitter feed, but not a single recommendation of Session, despite Session offering better privacy, and despite Brockwell’s perpetual receipt of incoming replies suggesting it.

You can observe the same pattern with Ed Snowden. Snowden has claimed he wasn’t paid to promote Signal, but that doesn’t pass a reality check. The evidence of a promo contract is less in the products or services a social media personality does recommend, and more in the obvious (not to mention better) alternatives that no amount of public prodding can get them to name.

Once someone’s audience volume is sufficient for the space on their social feed to have a financial value, the dynamics align with those of a billboard. Publicity professionals’ social feeds are modern day billboards. The public visibility of their space is simply too valuable to give away for free. It’s basic economics.

If you saw Facebook on a billboard, you wouldn’t question whether or not Meta paid to be there. The space is a monetisable asset, so you know they paid. The same applies when you repeatedly see Signal or Brave on a monetisably-visible Instagram/Twitter feed or a well-subscribed YouTube channel, to the persistent exclusion of rival products.

So shilling from publicity professionals is quite easy to recognise. But what about some of the smaller voices in the privacy genre? The anon tweeters. The recommendation sites? The assessment resources? Can they be shills too?

This is where it gets more hazy. You can’t prove someone has taken an incentive if there’s no affiliate code and they don’t disclose the association. But I can confirm from personal experience that if you write about privacy-themed tech and you show up in search, brands WILL privately creep into your inbox on the chat-up. Some of them more than once. It’s fairly safe to conclude that if you present yourself as a gob-for-hire and have sufficient reach, those types of encounter are unlikely to end at: “Thanks for stopping by - have a nice life".

On social media, it's almost true to say that if someone who's not a brand is easily visible, they are by definition a shill.

Likewise, you can’t prove anon user X on Reddit is astroturfing for a tech brand, or that a nameless, faceless Twitter account is run by some cryptocoin rug-pull bro. What you can do, is reality-check the authenticity of each contribution, and make an educated guess as to the motivation behind it.

Obviously, if a privacy-themed Tweet ends with “...and that’s why I bought into [insert bullshit ponzi cryptocoin here]”, you can safely discard everything else the authoring account ever says. But most shilling is more sophisticated than that. And if there’s an established brand behind it, it’s likely to be much better organised. Networked. Because brand-shilling often operates as a trained and incentivised network (and we’ll be seeing a pretty dire example of that shortly), it can often help if you take your eye off individual people, and cast it onto the wider picture...

The life history of a privacy tool, as expressed in a mock DM conversation

I SHILL, THEREFORE I EXIST

Even at a glance, the general conversational culture surrounding privacy technology looks startlingly inauthentic. Virtually none of the conversation is focused on privacy concepts; almost all of it is focused on recommending brands and products.

In these circumstances, we should not consider shilling to be confined to paid operatives, and here's why...

In environments such as Twitter, it’s actually necessary for most ordinary users to shill in order to gain any voice or visibility at all.

As a fundamentally elitist cartel, Silicon Valley has set up its social platforms as deeply hierarchical brand megaphones, in which external status translates directly into internal status. Driving this dynamic is social media’s forcibly-visible badging system, which is designed to heighten the credibility of brands, whilst trampling the credibility of anyone without brand status. Twitter only surfaces, and is designed only to surface either...

a) People who are already successful.

b) People who reliably sycophanticise people who are already successful.

c) People who labour the entertainment content mill.

You won't, for example, see anyone with a plebian badge (like a very low total of followers) being taken seriously as a critic. Even if their commentary is dumbfoundingly on-point.

Due to the way the platforms' algorithms suppress anything which is not taken seriously, we plebs remain invisible. Which is the whole point. That's how elitism works. How it's always worked. All the help goes to the already successful. Obstacles are thrown in front of everyone else. The lower you are down the status ladder, the more obstacles you face. It's equal opportunities in reverse. In short, no one has a voice unless it is approved by someone with power.

In this oppressive, elitist system, the easiest route to visibility is to sycophanticise parties who have higher status. As far as the privacy genre is concerned, in plain language, if you want a voice, you have to - as we in England put it - lick arse. In commercial terms that means helping to do brands’ marketing for them - for free. Shilling then becomes viral. And the near-voiceless are not just shilling for brands. They're shilling for higher-ranking shills too. On social media, it's almost true to say that if someone who is not a brand is easily visible, they are by definition a shill.

A cursory dig behind the scenes on freelance boards confirms that these large tech blogs are routinely seen as covert advertising silos, and judging by the amount of smoke, we can conclude that the fire is pretty damn big...

True, you can instead post valuable media, or entertainment, and build engagement that way. Labour the entertainment content mill. I've done it. But that's not really having a voice. It's work. And if you veer off your narrow entertainment brief, you'll go straight back into algorithmic jail. There's no crossover potential. Once you have your audience, you're trapped in what becomes a labour mill. You will get bored with it. You either monetise it and consider it work, or you feel exploited and pack it in.

This again evidences the fact that in the one-topic world of social media, high-vis people can only really be there for the money. I know what it feels like to feed those insatiable, content-guzzling silos for free. It gets incredibly thankless.

You don't imagine the excitement of the applause will wear off, but it does. It's not like blogging, where you can produce sporadically, without caring about maintaining critical engagement levels, and build a web of long-term visibility. For publishers, social media is a factory. You couldn't remain enthusiastic about running what's basically a production line without a paycheque. Without cash, the novelty wears off and the incentive steadily evaporates to zero.

So there's a need to shill at the top, because promotion is the only way to monetise an ungated production line. And there's a need to shill at the bottom, because short of setting up and treadmill-pounding a production line, licking brands' or personal brands' arses is the only way to be seen.

Anyone significantly visible is a shill. And that includes the brands themselves, as most of them shill other brands in order to boost their own visibility.

Worst of all, brands exploit social media's oppressive dynamics (which notably did not exist on traditional forums, where visibility was equally shared). They use it as a means to mobilise free or extremely cheap marketing.

ORGANISED MOUTHPIECING

Enter Brave Software, and its cult-style BAT Ambassadors project, which recruits young people as marketing labourers for the company's crypto token - BAT. The cult is referenced in various recruitment calls as the "BAT Brigade", and the childish theming extends well beyond that title.

Much of the imagery and topic focus looks like something you’d find in a school rest room, and it appears that in Indonesia they’re even using schools as boot camp venues. I could link, but the whole thing looks so fucking wrong that I'd feel irresponsible even showing it to anyone. They've evidently been targeting Indonesian students, and some of the people in their “community event” photos are clearly children - although in what capacity they were in attendence I don’t know. The online community is walled off on Discord. Be honest, have you ever yet encountered anything that walled itself off on Discord and didn't turn out to be deeply problematic?

Since the number of Twitter accounts involved in this organised promo campaign is not trivial, and the accounts engage with Brave's marketing, there's inevitably an artificial algorithmic effect on Brave’s social visibility.

There's also a range of other accounts run by Brave associates which are barely recognisable as Brave-biased. For example, the account @PrivacyMatters. There is a disclosure at the bottom of the bio. But when you combine these accounts - which are not identified as Brave-associated in everyday activity, and which boost each other's engagement and amplify each other's visibility - the collective effect has clearly been distortive and corruptive of public perception.

Here's an example of how the network can be used as a convincer mechanism. This is a senior member of Brave management publicising a Brave tip he's paid to a member of the "BAT Brigade". It's really just a boss paying a marketing labourer for services rendered, but when viewed on a timeline it appears as a random person choosing to tip a random creator. In fact, you see in the replies someone literally admitting they hadn't realised that the Tweet author worked for Brave. It appears the other person replying didn't realise this was essentially an in-house transaction either.

The overall picture can be described as viral marketing through brute force.

Indeed, it was admitted by Brave's Director of Community & Partnership in a Reddit recruitment thread that...

"We've got all the ingredients to go viral, we just need to stir the pot!"

The BAT Ambassadors are incentivised by the company with merchandise and other low-cost trappings, and the purpose of the network is to drive virality. On that basis, Brave can be construed to have bought engagement. On Twitter, that would technically be a breach of the rules. But the dynamics behind this cult-like and predatory campaign are where our focus should lie. If a brand is prepared to specifically chase and exploit people who will become marketing labourers in exchange for a merchandise pack (in itself an advert) and other bits of shit that cost the company next to nothing, what won’t it do?

Well, the company certainly will try to present employee-run websites as independent resources. privacytests.org - a performance table site which ranks Brave as its best-performing browser - is maintained by Arthur Edelstein. Look up Edelstein and you'll find he's the Senior Research and Privacy Engineer at Brave Software. Other contributors to privacytests.org include fellow Brave insider Peter Snyder. Snyder is designated Director of Privacy, but he’s basically a marketer.

Towards the bottom of the About page on Privacytests, Edelstein does declare that he works for Brave. However, virtually no one will read that disclosure. Both Edelstein and Brave know that. The site should clearly identify itself to ALL visitors as a Brave asset. And it very definitely doesn’t. But sure, let's all take this quagmire of shilling and sockvertising seriously.

A LOT of people in the privacy arena have been bought in by Brave. You may be interested to know, for example, that the maintainer of critical blocklists which power many third-party content blockers - Fanboy.nz - also works for Brave. Even if you have no concern about the integrity of the blocklists, this surfaces yet another of the myriad social media accounts amplifying Brave's presence.

TECH BLOGS

It's fairly well recognised in the mainstream that "review" and "brand interview" blogs are typically little more than advertorial silos. But in the privacy genre I'm constantly amazed at the number of people who take them seriously.

I explored the broad dynamics behind tech journalism in the Privacy Washing article. Essentially, even if the blogs have honourable intentions and are not directly funded by brands (which some are), they don't want to lose critical access to their early information sources. And who are their early information sources? The very brands they're writing about. If they publish any significant criticism (and certainly anything potentially brand-damaging), they know they'll be cut off, and their competitors will get the news ahead of them. They can't afford that, so unless they're extremely big and powerful (and sometimes even if), they won't rock the boat.

Like billboard vendors, the larger tech blogs know the value of their page space, as well as the added value for brands that comes with dressing up an ad as an article.

TechRadar is particularly well known for unrealistically biased, advertorial-style articles. Some are written by staffers, but the site also has a doorway for freelance writers. Here on a gig site, a freelancer is offering to place a guest post on TechRadar for $1,800. The only entity who would pay that is a brand, and we don't even know that TechRadar did not arrange that ad itself.

You can also find many requests for TechRadar article placements on the same board. Some of the requests clearly come from serious marketers with copious budgets, and require the freelancers to sign NDAs. In itself, an admission of guilt. Outside of security, NDAs should be illegal.

A cursory dig behind the scenes on freelance boards confirms that these large tech blogs are routinely seen as covert advertising silos, and judging by the amount of smoke, we can conclude that the fire is pretty damn big. As I say, if you read some of the "articles" on the blogs themselves, you don't need any proof that the system is wide open to corruption.

But to explore a case sample, I established that in 2021, TechRadar reviewed the Signal messaging app. As we've seen is quite typical in areas of suspected shillery, the site has given Signal plenty of coverage, but has never done a piece on Session.

The writer of the Signal review was a sales and marketing copywriter whose resume cites experience with advertorials. TechRadar had never used him before. So who hired him? Did Signal hire him to approach TechRadar as a freelancer? And if TechRadar hired him directly, why hand a tech journalism gig to a previously untried writer whose resume is wall to wall with sales (as opposed to journalistic) experience? Why indeed.

In summary, no commercial tech blogs should be trusted any more than the brands whose products appear on them. Their articles should not be considered in any way distinct from their adverts.

THE NIHILISTIC TRUTH

I know I'm pissing in the wind with this article, because the amount of money, corruption and public brainwashing involved in the tech world makes resistance futile. We're calculatedly pushed down pointless avenues of discussion designed to waste our time and energy while the tech industry's lobbyists bribe the babylon to chuck our privacy under a bus at infrastructure-level.

We're all doomed, it's all bullshit, and if you think there's no privacy now, wait until you see the cashless, convict-level surveillance hellscape we'll be living in by 2032. There will, in ten years' time, be no difference in surveillance-exposure between law-abidng citizens and prisoners. Hand in hand with their good mates Amazon, the likes of Brave will doubtless be hard at work handing out privacy-centric ankle tag software to your local educational establishment.

And if you think those "privacy tech" brands are fiercely opposed to that kind of evil, just remember who first said "Don't be evil", and how many of us applauded it, and how well that managed to age.

Sweet dreams.