How Not To Respond To Criticism Online
from the just-a-suggestion dept
Yesterday, at about this time, I posted a story talking about a security company, CipherTrust, refusing to let someone buy their product. The buyer in question was a consultant and a Network World writer — so he wrote up the story, noting the problems he had with CipherTrust. In my post, I noted how odd the story seemed, and wondered if there were more to it. Normally, that would be the perfect opening for someone from CipherTrust to stop by and respond with their side of the story — or, alternatively, to ignore it and wish that the whole thing went away. In the comments to the post, a few people suggested the possibility that CipherTrust was worried that the writer, Joel Snyder, was actually trying to buy the product to pass on info to a competitor — which could explain their actions. In fact, I half expected someone from the company to say just that. However, instead, an interesting thing happened.
Some comments started showing up on the story totally trashing Joel Snyder, first calling him a pissy reporter and then claiming he must have had a conflict of interest while demanding that he “come clean.” What was interesting about these comments was that they all happened to come from an IP address at (you guessed it!) CipherTrust — though, the commenter didn’t happen to “come clean” on that fact. You would think that folks at a security company would know that their IP address was recorded whenever they commented on a blog. Those comments certainly seemed a bit unfair, so I posted a quick comment pointing out that these comments came from someone at CipherTrust. Apparently, whoever it was didn’t bother to read those comments, because he or she came back again later to once again anonymously bash Mr. Snyder. Mr. Snyder, himself, came by to refute the accusations, perhaps without realizing they actually came from CipherTrust. Obviously, the company or its employees are free to try to respond to critics in whatever manner they please. However, this seems particularly silly in an age when (a) it’s pretty easy to see where these anonymous comments came from and (b) they could have revealed themselves and presented actual reasons for their actions. Instead, the company ends up looking even more petty than it did at the beginning of this whole thing. In the end, it seems like commenter Chris Maresca has the best response, noting not only how bad this looked for the company, but also how “foolish” it is for the company to think that any part of this strategy (from denying the sale to Mr. Snyder to anonymously bashing him here on Techdirt) made any sense. Update: Someone from CipherTrust has finally showed up to post an official explanation for their actions regarding Mr. Snyder. I should mention that the post comes from the same IP address as the original disparaging posts. However, the official explanation from CipherTrust does not address the comments anonymously bashing Mr. Snyder.
Comments on “How Not To Respond To Criticism Online”
Crazy...
Good work exposing them.
Slandering tech reporters is probably not the most healthy marketing plan for a tech company.
Anonymous Cowards…
Re: Crazy...
Isn’t slander a crime if proven?
Re: Re: Crazy...
Isn’t slander a crime if proven?
No, it’s a civil tort that the damaged person (if proven) can sue under for money damages, but it’s not a crime.
Re: Re: Crazy...
slander isn’t under the criminal code, IIRC. It’s under the Torts code, so it’s a civil action pursued by two private parties. It may not be a crime, but it might be actionable.
Low...
Brainless keyboard heroes, how sad. Unfortunately management or PR people often ruin the hard work engineers spend years developing, this is a classic example.
Re: Low...
Not to distrust your methods or abilities or put a grain of salt on this, but we’re sure these IP’s weren’t spoofed?
Transparency... some people get it... and others d
Interesting stuff here. Thre’s always three sides to any story (your side, my side, and the truth); I’m wondering what the third side of the story is. Hell, actually I’m wondering what the second side of the story is. If CipherTrust is going to hide behind anonymous postings that libel the reporter and don’t address the issue… well, if certainly fuels the fire and my imagination.
In the world of decision making, I’m a big fan of transparency. Certainly in government, but also in business, transparency only helps build trust and relationships. At this point, I’m more inclined to believe that Mr. Snyder is “putting it all out there’ than CipherTrust. At least with Mr. Snyder we’re getting something fairly logical and understood. Perhaps there’s more to Mr. Snyder’s situation — I’d be interested to learn about any relationships he has with other venders, for instance — but I’m leaning toward his side of the story. At the very least, were I in the market, I’d never consider a CipherTrust product at this point.
Customer Service
Obviously a company who I wouldn’t want to do business with. Imagine what hassles I’d have if I called in to ask for help …probably accuse me of pirating their software.
Sad Situation
Surely this is a sad situation that seems to have been made worse, but I think many of us can appreciate how easy it is to lash out when feeling attacked rather than try to solve the problem. It is a good reminder for me to deal with conflict in a straightforward manner.
My company has been a customer of Ciphertrust for just over 2 years now. I do not know why Mr. Snyder was refused a product. I do know that the author’s attempt to malign the customer service at CT on this basis is off the mark. The customer service at CT is probably the best customer service I have had for a technical product bar none. The support guys are very courteous and know the product better than I ever did and multiple times in the past, have identified and solved problems I couldn’t even have thought of. Even the sales guys are some of the best engineers I have met. One of the reasons we bought the product was the quality of pre-sale support that we got. I will ask my sales rep what the context around this issue was but I’d like to state, categorically, that I would go back and buy a Ciphertrust product as much for their great service as for their great products.
As you will note, I have refrained from posting from my company IP. If Mr Snyder’s consulting customer has a right to be anonymous, so do I.
Re: Re:
If you are not working for Ciphertrust, then you all I can say is your expatiations for Customer Service are quite low. Any Vendor/Salesman that comes into my business had better know his product better than I do, and if customer service doesn’t know the product better than I do, and is not able to fix the problems I can’t find then why the heck am I calling them???. And lastly how is not giving your company equal to not giving the name of a client? Yours is hiding; his is protecting his customer base. Ah well enough grumping on this
GOM
Signatures are for wimps…..Doh!!!!
Re: Re:
Seems to me, the issue wasn’t whether CT provides good customer service or not. Maybe they do.
Obstufication never seems a good sign though. And since I only have CT’s actions on this blog to go on, well my opinion is clouded.
There are always two ways to do things, CT chose to go about it, in this case, the wrong way.
Aha….looks like Ciphertrust people have finally learnt there lesson. Can we now trace the IP to a starbucks down the road from ciphertrust?
Seriously though, I have SOME security (IPSec and related protocols) background myself and with that (limited) authority, I say: the only place where the ‘security by obscurity’ (and the companies that try to sell it) belongs to is your dust bin.
Please feel free
to trace whatever you want wherever you want. Maybe mastmaker would like to have us all authenticate with social security numbers before we can get on this Internet thingy?
As an admin I take pride in the security of my installations. I don’t use products that aren’t secure. I can vouch for the product I have – CT Ironmail – and it has stood the test of time for us.
Beyond that, as immortalized by Homer, this is a game where people throw ducks at balloons, and
nothing’s the way it seems! Have a great day folks.
CipherTrustNot
I agree with the 3rd poster, Peter Stinson. It appears Mr Snyder has put it all out there for us and Ciphertrust is hiding in the shadows. It seems that something like this can really hurt a company’s rep. It would also appear that it would be easily fixed by just stepping forward and saying they had security concerns with Mr. Snyder, even if that was not the case. I don’t condone blatant lying to the public but since it is common practice in big biz it seeems a very easy way out in this situation. I also agree that Ciphertrust will not be on my vendor list anytime soon.
Did I hit a raw never?
Sorry. I meant: Did I hit a raw nerve?
I completely respect the fact that TechDirt tells it like it is. If someone calls TD’s bluff or disagrees with what TD had written, the article writer follows-up within the next few replies and explains his actions or even (in the very rare cases), apologises for his mistakes and correct them…. publicly.
This is a very admirable trait to have and I wished that most businesses who intend to stick around for the long-haul, do just the same.
It’s disgusting to see a “professional” business act any other way – it presents them as being illegitimate.
CipherTrust Position
Please consider this CipherTrust’s official position regarding the opinion piece from Joel Snyder and the postings on the subject. After Mr. Snyder originally contacted us to purchase our product, we learned that it was for the benefit of a third party. When asked for the name of the end user, Mr. Snyder refused to give us that information. Because of this, CipherTrust was reluctant to sell Mr. Snyder our appliance. Our well defined business best practice is to identify each customer of a CipherTrust product because the initial sale is only the beginning of a long-term relationship with that customer. This process has served us well over the past six years – as evidenced by the 2000+ global organizations that make up our customer base. Our relationship with these customers includes set-up support, ongoing technical support, product updates, and upgrades to ensure that we provide them the most up-to-date security solutions. Furthermore, as a mature leader in this market, we have well defined financial processes that ensure we correctly attribute every product sale to the respective customer. The procedure we followed with Mr. Snyder is standard business practice that we believe any company should follow. We have explained our business practices to Mr. Snyder and have informed him of our willingness to support him on future projects.
Re: CipherTrust Position
Why didn’t you just say that from the beginning? Why all the anonymous postings, name calling and such?
Your position doesn’t seem unreasonable, your actions enforcing it do.
Like I said earlier, there is a right way and wrong way to go about things. Too bad its taken a day and a half to figure out which is the better way.
Re: Re: CipherTrust Position
Point taken.
We did talk to Network World and the author yesterday and have sent a letter to the eidtor explaining our position
We posted our official position here to make sure to clarify the companies position on this matter versus the opinions of any individuals.
Thanks
Re: Re: Re: CipherTrust Position
Good show. glad to hear the Ciphertrust side it helps us form a better opinion of the matter. Now that Ciphertrust has finally come forward and explained and kinda aopologized for the comments it makes much more sense. I just hope the person that did the posting is not the same one that made the nasty comments yesterday.
Interesting opinion/position put forth by ciphertrust, Still doesnt even come close to addressing the serious issue of the nasty comments made by that company’s emplyees.
So, Mr. VP, here’s my question for you:
What, in your opinion, do the comments from your employees say about the internal workings of your “mature” corporation?
Not Anonymous
No one has to do their fun tracing tricks here – I am Franklin Warlick with Cox Communications.
I dont have any inside information, I am just a very satisfied customer, and cannot even partially understand what Snyder wrote. The Company is the reason we chose the product, and both Company and Product have been rock solid. I have seen many other compoanies on their 3rd email security solution since we chose CipherTrust. Cant be all bad.
Anonymous means Anonymous!
Okay the fact that remarks where made by an IP from within CT doesn’t amount to much. How many IT people do you think work in that building. That fact that one employee came on to Tech dirt and defended his company doesn’t make it an official opinion from CT.
People run there mouth every day it’s a fact of life.
I don’t believe it was appropriate for Tech Dirt to come out and say that these posting where coming from a CT IP (Although it was cleaver). I work for a Government agency and if I come onto Tech Dirt and made a comment about something in regards to the government I don’t want them pointing out what government agency I’m from…. Thatโs breaking trust. If you want to remain anonymous you should be able to remain anonymous.
Anyone agree with me?
Re: Anonymous means Anonymous!
Normally i’d agree with you but if the anonymous person is slandering someone, such as what was done here, then said anonymous person is just begging to be exposed.
Re: Anonymous means Anonymous!
I work for a gov’t agancy, too. AND I work in IT. So what do I tell my gov’t end users about internet and email use?
“If you don’t want what you’re writing to appear on the front page of the Washington Post, with your name attached, then don’t send it or post it on the Internet!”
If you truly want to be anonymous, try sending it from an Internet cafe, and use cash, not a debit or credit card, to pay the bill! (Oh, and don’t use you’re real name, either…)
Re: Re: Anonymous means Anonymous!
This is a forum…. Where supposedly Anonymous people can make comments and discuss situation in the Tech industry.
Notice most of us don’t use are real names. But Tech Dirt went out of it’s way to find out the IP address from this individual and then state that there company has done something wrong when it could have been some phone technician making the comments.
Being a IT individual you should know for a FACT that most end users don’t think, they just do.
If you want to keep the Trust of the individuals using your product you don’t go running around stating that you can pull up there IP address and have no problem saying what location it was taken from…..
If the Internet isn’t the place where you can speak freely where can you? Keep in mind What this individual did was shady however it’s still a matter of trust with your fan base. It wasn’t the place of Tech Dirt to call this individual out.
Re: Re: Re: Anonymous means Anonymous!
I know they don’t think, that’s why I keep reminding them, and will continue to do so. That’s why sites like Tech dirt need to continue to call people out by reminding them that they are not really anonymous – it’s capers like this that will help people realize that in the long run!
Speaking freely doesn’t equate to dirty tricks. This vendor tried just that, and got caught, as they should have been. If they had played it straight from the git-go, none of these comments would be getting posted!
And yes, it IS the place of a journal like TD to catch them out – if journalists couldn’t do that, who would?
If you don’t want to get caught, don’t play dirty!
Re: Re: Re:2 Anonymous means Anonymous!
I do see your point….. To be honest I just don’t like it. LOL
But going with your statement that CT was playing dirty…. It may have been some no talent ass clown just taking a personal intrest in this and not a company reperesentive.
Then you can go into the entire argument that all your employee’s repersent your company… Which in my opinion is a bunch of BS you can control everyone’s opinions. Most people are clueless and there is a reason there not speaking for the company in business offers. They’re pushing paper or answerings phones.
What the person did was not the issue I was trying to state….. TD made CT look horrible because of the postings of some moron that happened to work for that agency.
Re: Re: Re:3 Anonymous means Anonymous!
This CT person obviously took it way too personal to be just some ass clown. This site is TECH DIRT and the slander that person published is REAL dirty. Tech Dirt did its journalistic duty as far as I’m concerned.
Re: Re: Re:3 Anonymous means Anonymous!
Sorry you don’t like it. C’est la vie!
Don’t care about whether all employees represent an employer – doesn’t matter. The IP that posted both the slander and the ‘official’ company position were the same. That means he may, or may not, have been the same guy. If the company uses a proxy IP to the outside world, it could have been a completely different person. We’ll never know.
If it was, bad karma. If it wasn’t, it still doesn’t look good, given the way the company acted in an official capacity.
TD didn’t make them look bad – CT did that to themselves.
Re: Anonymous means Anonymous!
Uh, yeah, anonymous means anonymous. Look it up in a dictionary. it will tell you so.
However, when you post to a blog, forum or other public outlet, you’re informed that your IP address is being logged. That means even though you’d like to hide behind your monitor pretending you’re not really a snivelling coward, somebody knows where you are.
Anyone that’s been on the Internet for more than three days has at least HEARD the fact that there is nothing anonymous about it.
Anonymous means anonymous. Posting to a public forum means nothing about it is anonymous. Learn it. Live it. Get over it. Big Brother is watching you. If you want to be anonymous, keep your snivelling whining mouth shut and your cowardly fingers off the keyboard.
This is a free country, supporting free speech. You have the right to say anything you want. And I have the right to cram jumbo dill pickles down your throat if I don’t like what you’re saying.
If you don’t like dill pickles, I suggest you have a tall cold glass of “shut-the-f***-up”.
spy vs. spy
you neglected to mention the possibility that someone outside of ciphertrust managed to spoof the ip address of the company
CipherTrust was wrong and right
Clearly the way CipherTrust handled the situation was wrong. Took a bad situation and made it 1000 times worse, which is unfortunate because they were actually right in not selling Joel the box. I used to be the VP Marketing at CipherTrust and I share my recollection of the review in this post.
http://securityincite.com/snyder-hack-job
I congratulate Techdirt on exposing these sneaky posts. I run a popular site and I do the exact same thing when multiple personalities from the same IP start spamming my board.
Since Ciphertrust claims to be “the global market leader in messaging security, provides layered security solutions to stop inbound and outbound messaging threats“, they should take more than a small amount of responsibility for these ‘outbound messages’ from their IP.
They should buy one of those little boxes that monitors and filters what their employees can post on the Internet. Where can you find those again…?
A company that claims to deal in trust, security and “mitigating corporate liability” should have a MUCH tighter reign on their network users.
I bet techdirt.com will be a permanent part of their corporate firewall very soon. I just hope they don’t retaliate by firewalling Techdirt in the products they sell to end users. Wouldn’t surprise me.
at the core...
FIX THE COMMENTS FORM!!!
You know.. at the very core of this whole thing, it boils down to the fact that if Ciphertrust had contacted My Snyder OR this forum with a very simple statement, none of this would have been an issue. I would certainly not hold it against a company to state, “We feel that Mr So&so is currently doing business with a competitor, and that it is not currently in our best interest to release a product into his posession at this time. We apologize for any inconvenience this may cause and will certainly look into the issue if the request is indeed valid and the client is willing to sign non-disclosure and non-comete agreements.”
Of course, such agreements do not offer complete protection, but the explaination and show of mature willingness to re-review the issue based on WHATEVER your criteria are go some distance with myself, and I believe most users.
Internet Protocol
There are many sites that allow you to post “anonymously” but not giving your name or email address but which substitute your computer’s IP address in place of the name. Perhaps TD should post IP’s instead of “Anonymous Coward.” Wikipedia does this. Instead of Bob, my name would be 123.234.213.111 or something like that. And we all know that if the libelling poster was in fact at CT, then CT has logs and knows the internal IP address of the employee that made the posts. It’s up to them to supend, terminate, warn, slap or cane the individual who fuled this PR fire. If it was Atri Chatterjee, well, naughty naughty.
Misinformation and Disinformation
Well, since we have an official answer from Ciphertrust, I thought I’d offer up an official answer to the official answer.
We’re a consulting company. People pay us to do work for them. As part of that, we have a large stock of machines and systems that we use to help solve their problems. For example, from where I’m sitting, I can see 6 different SSL VPN appliances (one of our areas of expertise).
We have a number of large clients that ask us questions like “What’s the best firewall for us?” These are the smart ones and they are willing to invest tens of thousands of dollars in finding the right answer. If you’re Xerox, for example, picking the wrong answer for something big and central to your company is a lot more expensive than paying some guy in Tucson to help come up with the right answer.
As a business decision, we (my company) sometimes take money that is paying for consulting hours and buy hardware, because that’s what it takes to be in this business. Sure, I could go and beg with vendors every 2 months to borrow 5 different boxes for a month to help with a project, but frankly it’s a lot cheaper to buy this stuff than waste the time talking to sales people. At this moment in time, I’ve got 15 different anti-spam/anti-virus products working (isn’t VMware wonderful???).
Having all that hardware and software puts me in a good position, especially when I’m competing with other consulting companies, to say “I can help you make good decisions about products.” People have lots of reasons NOT to hire a 2-person consulting company, but when we come to the table with the same or MORE resources than a huge consulting company, that’s a good competitive edge for us. And, it’s worked very well over the years.
When I first contacted Ciphertrust, I told the sales guy that the primary purpose of the box was to help in an evaluation project (one which, by the way, Ciphertrust was eventually disqualified from). His mind, evidentally, was elsewhere because the word ‘evaluation’ seems to have consumed his every neuron and so I got this ship-around-the-room treatment.
When I saw what was going on, I said “look, I’m buying the box, it’s for me, sell it to me.” This was very clear—it went to Ciphertrust’s VP of sales and to another person in the company. So, from my point of view, for Ciphertrust to say that this is “for the benefit of a third party” and then spout a load of crap about why they didn’t like that is entirely disingenous, because Ciphertrust has known for over a month that it’s ME that wanted to buy the box for MY COMPANY. When I buy it, it’s mine, and they have always known that.
Now, maybe Ciphertrust wants to pull a Network Associates and say “oh, you can only have our box if you promise not to test it; we don’t want you to actually look at it and tell people about it.” But if that’s the truth of the matter, they should come out and say it: “We are afraid to have people look at our box except under controlled circumstances that we dominate.” Then everyone can know that this is their motivation.
In any case, I think that there’s a simple acid test: I have again offered to buy, from Ciphertrust, a box, for my company. I sent them my credit card number, and the sales order from the reseller that they mysteriously and without comment refused. If they are truly willing to sell a box, then I’ll have it tomorrow and that will be the end of it. But if there is some hidden agenda, some deception, malice, or other misdirection going on, then their actions will speak much more clearly than some posts.
I guess I’ll check in tomorrow and see what the FedEx lady brings.
I’m sorry to hear TechDirt are tracing IP addresses – so from now on I will have to stop agreeing with my own posts
๐
Re: Re:
LOL. I agree.
R Ahrens, Road you’re both right, funny isn’t it, so much for black and white….
Bad Business
I control purchasing for my company and have place CypherTrust on our “Do Not Engage” list due this incident.
Crazy Employee
I think all employees do represent an employer. I’ve worked at a lot of retail stores and I get a lot of people that say they won’t go to our competitors because their employees are rude or not helpful or whatever. Usually it’s a specific instance that the people are sighting. This is the proof that one employee can represent the entire company. Just becuase the employee that talked to us wasn’t a PR or in sales doesn’t mean that he doesn’t hold the same sway as a representative of the company that he works for.
Do Not Buy List
Our companies investors have a Do Not Buy list. It’s like the Do Not Fly list except that it works.
We have now, as a direct result of their behavior here, added Ciphertrust to this list. Neither we, nor any other of our investors’ companies will do business with them.
Welcome to time-out in the corner, Ciphertrust. Say hello to the rest of the scumbags.
E