State of the Cloud, February 2020
Hello and welcome to this latest State of the Cloud, the monthly column where the Cloudwards editorial team takes a look at the latest tech news. In this edition, we’re taking a slightly new approach. Figuring that you’re well capable of finding most mainstream news on your own, we’re focusing on industry news that likely flew under most radars and spinning a story about that.
So from now on, expect fewer appearances by Google and Facebook, companies you probably know are playing fast and loose with their societal responsibilities, and enter instead smaller players whose actions affect fewer people. A lot of industry-specific news misses the spotlight from larger news organizations, and hopefully we can fill that gap a bit.
Not that it’s all doom and gloom, of course. It’s actually in the fringes that a lot of good is being done to hopefully stem the tide against the megacorps and their disregard for privacy and consumers’ concerns. We’ll also have a few examples of that in this edition, so let’s get started.
Zoolz: A Lifetime of Worries
As we all prefer villains over heroes, however, we’ll first start with some skulduggery. Our first example is Zoolz, which operates a grand total of four online backup providers. Two are under the Zoolz name, one for individual use and one for businesses, and two — similarly divided — are under the BigMIND name.
If all this seems needlessly complicated, that’s only because it is, but the company is working on slimming down the options. Part of that is cancelling its basic plans on some providers, as well as slowly unsupporting others. That’s all well and good as long as subscribers are given plenty of notice, but there’s a twist to this story concerning the Zoolz Cloud Backup lifetime plans.
Until a year ago, Zoolz offered a lifetime plan for about $30 to $40 for 1TB of backup space, we presume as a kind of deal to get people interested in the service. Plenty of people — about half a million, according to a Zoolz rep — signed up for it assuming they would have this space for, well, life. However, this probably ate up a lot of the company’s resources: 30 bucks isn’t a lot of money, and server space isn’t exactly cheap.
It seems that Zoolz took action to lessen its pain and sent out an email in mid-January of this year stating that, starting the first of February, subscribers would have to start paying a maintenance fee of $1.50 per month to keep access to their storage space.
To add insult to injury, Zoolz described the buck-and-a-half as a “very nominal fee,” and gave people a discount if they decided to pay up within a few days of receiving the email — $13.50 instead of $18 for a year.
The Altered Deal
As a salve to this wound, however, Zoolz promised that paying up would entitle people to features including GDPR compliance, round-the-clock email support, client upgrades (remember that one) and a few other things you’d figure they were supposed to be providing paid subscribers anyway.
If the recipient of this bit of corporate downplaying didn’t like Zoolz’s new, altered deal, they had two weeks to remove their files from the server. After that, the client would automatically upgrade — an upgrade the user, of course, wouldn’t have access to because they didn’t sign up for the new maintenance plan.
A very nasty tactic altogether, and Zoolz was quickly inundated with angry emails and telephone calls. Our Zoolz Cloud Backup review received several comments, some of which we were forced to delete due to the language used. Rightfully used bad language, mind you, but still.
The silver lining here, however, is that Zoolz quickly retracted its threats and sent out an email titled “we want to make this right.” The message stated that customers would under no circumstance lose access to their files, and it blamed the whole affair on poor communication on Zoolz’s part (which was also the line we were fed when we asked Zoolz about this).
Whether or not this was honestly a case of poor email-writing skills or, more cynically, a quick retraction of a poorly thought-out policy, we may never know. However, the lesson here seems to be that maybe you shouldn’t sign up too quickly for lifetime plans, unless you know and trust the company behind it. After all, this is the internet, and anything can happen.
Avast and Be Boarded: Piracy of a Different Kind
To underline that last sentiment, we have Avast, a company that has passed over the line from questionable into outright crooked. The company offers all kinds of security software, though it oddly enough markets itself with “Avast,” a bit of nautical slang usually associated with pirates (it just means “stop” or “halt,” though, several hundred years ago).
Avast is the parent of a whole bunch of brands, all of which you probably know if you’ve spent any significant time on the internet the last decade or so. We’ve also reviewed most of these brands at some point or another, with the biggest being Avast Pro, SecureLine VPN and AVG, one of the biggest free antivirus providers around.
Now, there have been stories published in the past that claimed Avast sold user data, and even more unpublishable rumors, so we’ve always stuck a tentative disclaimer on our reviews. In January, however, a large investigation by Motherboard and PCMag blew the lid right off of Avast’s data-dealing practices, and it’s not a pretty picture.
We’ll refer you to the linked article for the whole story, but, in short, Avast software was actively scanning people’s devices for data of all stripes, collecting it and then selling it to a who’s who of corporations through its subsidiary Jumpshot. If you’ve ever had an Avast program installed on your computer or phone, your data was sold.
Of course, Jumpshot’s operations were suspended a few days after the piece was published. However, here at Cloudwards we definitely recommend avoiding Avast products from now on, and we have placed warnings on all relevant reviews and articles. It’ll take the company a long time to regain our trust, and we’re sure that goes double for affected consumers.
In VPNs We Trust
Another branch of security software, virtual private networks, suffers from its own set of trust issues, which we’ve covered in detail in several reviews. Some services, for instance, sell your data much like Avast does, or don’t offer the security they promise. Others are more pedestrian in that they won’t refund your cash or are owned by reviewers (looking at you, Buffered).
Seeing that these kinds of practices were seriously harming their own credibility, several leading VPN providers have banded together and formed the VPN Trust Initiative. Going by its website, this organization has the goal to both act as a representative of the VPN industry as well as set some form of self-regulation.
The members section of the VTI is a collection of some of the biggest names in the VPN market, most of them well in the upper regions of our rankings. ExpressVPN and NordVPN are represented, as well as Golden Frog (of VyprVPN fame) and IPVanish, among many others.
Self-Regulation or Self-Gratification?
We’re not ones to spit on a good idea, but we do wonder about the benefits of corporate self-regulation. Although most of the names on the VTI list are ones we trust, that trust is often based on our judgment rather than hard facts. It’s very hard to make sure that a service is above board, for a number of reasons.
First off, VPNs are intangible creatures. Many of them are headquartered in offshore havens, for example, and more often than not we’ve run into nothing but a series of shell corporations when tracing their origins.
This makes their inner workings opaque, to say the least, and keeps them well out of reach of government regulation. In many ways that’s a good thing, as it’s often governments that we need protection from, but it also makes it hard to set a standard that VPNs should be held to.
On top of that, there’s no good way to check to what extent a service keeps logs, and, if they do, whether or not they sell that data. The Avast scandal illustrates this nicely: it was a whistleblower that blew the lid off it, not an auditor trying to make sense of some back-end code.
Taken altogether, we think the VPN Trust Initiative is a good thing because when nobody is in power to regulate this industry, a best-practices standard is the next best thing. However, we caution you to not implicitly trust this organization, as some of the signatories are less clean than others. For example, Encrypt.me is the new incarnation of Buffered.
Add to that the inherent problems with self-regulation — the biggest of which is that it’s awfully easy to adhere to standards when you set them yourself — and we’ve decided to take a wait-and-see approach before coming to any conclusion. Maybe the solution is to make all VPN apps open source and fully audited, like ProtonVPN did.
Final Thoughts
With those thoughts, we’ll leave you for the month. January had some pretty good stories come out of the industries we cover, and February is already shaping up to beat it in that regard, in some ways.
Of course, we rely on you, dear reader, to let us know when these things are happening, so please email our chief editor whenever you catch on to something hinky. The Zoolz story, for example, would have never taken shape unless two readers hadn’t sent in an absolute treasure trove of correspondence with the company, for which we thank them.
What do you think of all the above? Was the Zoolz affair merely a case of miscommunication? Did Avast do nothing wrong? Did we miss the mark on the VTI? Let us know in the comments below and, as always, thank you for reading.
Fergus is the former chief editor and resident curmudgeon of CommQueR.com. Though he no longer steers the team, he's stuck around to write investigations and news stories (and to annoy newer team members with tall tales). You can contact him at fergus [at] commquer.com if you've got a hot lead; anything else will likely get ignored.