So that is what I’m proud of. What about the humility?
Well it’s always good to be humble, but there’s more to it to that. I’m going to level with you and just tell it like it is. Cryptocloud has been in the VPN business since 2007, and I’ve been with the company every step of the way - so I can talk about the entire history of our company firsthand. When we started in 2007, there was no “VPN industry.” There was one other company of note - Relakks - and they were merely selling PPTP-based VPN service (amazingly, they still are). With my co-founder, we did some heavy research and right away saw that PPTP was close to useless in terms of real security. So we decided to build our VPN business on OpenVPN - nobody had done that when we decided to do it, and everyone said we were nuts.
Maybe we were, but we pioneered an entirely new way of protecting our customers. Instead of just using the easiest tech pieces to do the job, we set out to use only the best tools in terms of real customer security - and whatever it took to make those tools work, that was our job, what our customers pay us to do, basically. Producing our first OpenVPN-based client wasn’t easy and we burned through plenty of midnight oil to get it done and make it reliable and easy to use.
Back then, there weren’t off the shelf “graphical” OpenVPN clients that normal people like me could actually use, not like today - you had Yonan’s codebase (which was solid then, and is solid now)… and the rest was up to you. It was a wild time, and we broke new ground every day with our approach to VPN service.
So when we got around to building our first website to market the service, we were in a headspace to bring the same attitude to everythingabout our business - not just our choice of world-class technology. We got to writing the HTML for our first Terms of Service page (it’s probably still lurking out there in the Wayback Machine archives, if anyone cares to dig it up that’d be cool - we were known as ‘goldens.com’ back then) and the lawyers told us to stick in pages and pages of legalese and other crap. Standard practice, they said - everyone does it.
To hell with that;
We told them, with due respect, to take their legalese and use it for wiping. Instead, our little team of hardcore privacy zealots did something that “everyone” said you couldn’t do: we wrote our Terms of Service as if they actually mattered - like they were what defined our responsibilities to our customers, and that we were signing them in blood. We stripped out all the garbage, and squeezed them down to the core elements. And we wrote them in English - not lawyerspeak. We argued about them, we edited them, and then we published them.
Nobody had done anything like that. But we were helping to invent a new “industry” so why not? There were no rules, so we made new rules. Our rule was “customer privacy comes first” and our second rule was “we’ll take a bullet to protect our customers” - if they watch our back not doing the (very few) things we said weren’t ok in our ToS (our stance against underage content was hugely controversial at the time, and we had some good debates with the privacy community about our unambiguous, honest, direct approach to the issue), then we’d watch their back like nobody’s business. And if the shit really hit the fan, we’d shut the company down before we’d become snitchware and turn on our customers.
That was more than five years ago. We took some flak for doing what everyone said “you could’t do.” The other big thing we did was announce a “no logging” policy, from Day One. They said that was impossible, too - and look how things have turned out. Anyway, it was pretty clear that we COULD use whatever ToS we wanted to - who was going to stop us?
But in the last couple of years, our ToS kind of bloated out. An edit here, a little bit of language that the lawyers said really had to be added there. Each step made sense, one at a time. But… the whole thing was a mistake. We let our ToS drift off into something that didn’t really reflect who we are as a company, and as a team.
We were fighting battles on many fronts - some you probably know about, a few nobody outside the company understands (yet). And we took our eye off the ball with our ToS. The version that eventually came out of that wasn’t terrible - but it wasn’t great, either. It’s not something we’re proud of.
That is the humility.
We screwed up, and we drifted from our principles and from our roots as a groundbreaking industry leader. True enough that those ToS never actually resulted in us doing wrong by any customers - they were “just” words on a page, and didn’t change how we do business in real life. But they were still wrong, and we were wrong to let them get established in our company.
Recently one of our forum admins called out another VPN company for some ugly ToS terms - and everyone assumed that the company, and me, were secretly pulling his strings. Hah. Right. Point in fact: when he went public with that critique - which has yet to be answered by Torguard in any public way, I might add (forum trolling and comment spambots don’t count lol) - I went back to make sure our own ToS were up to snuff and… holy shit. So it’s pretty clear that my friend PJ did what he so often does - took a stand, went public, and didn’t ask advice or approval from anyone first. Yep, that’s him.
Once that happened, I saw right away that our ToS were not going to cut it. Our team got together for some pretty heated meetings, and we hashed through a re-write. Really more of a return to what our ToS always were: reflecting our company, our values, and our “no compromise” stand for customer privacy. They’re a little different from the ones we had back in 2007, since we’ve learned since then and the world also has evolved. But the spirit is there, and they are honest. They say what we want to say, in words that mean something. We stand behind them.
That’s my challenge to other leaders in the VPN industry. Nowadays there are hundreds or maybe thousands of “VPN companies” out there. Most of them are just a kid in his bedroom, leasing a cheap server someplace with PPTP on it and convincing VPN review sites to pimp him out. Other companies are pure hype, making crazy promises with no substance to back them up. But mixed in with that slurry of mediocrity and half-truths, there’s some other VPN companies that are leaders: they take it seriously, they want to do right, and they don’t shy away from making hard decisions when it comes to real customer protection.
How about it? To the other leaders in the industry, what are your Terms of Service? Are you proud of them, or is it humbling to actually read through them? If humility is order, maybe follow my example and eat some Humble Pie. It’s not very tasty, but it has to be done and better to do it now than try to hide it for later when it gets moldy and nasty. If you don’t like your ToS, fix them! Go public, like I did here, and talk about what happened - and what you’re doing different now. That’s how we all improve, and it’s the key to leadership - real leadership, not fakery. Be a leader - the buck stops somewhere, does it stop with you?
Because you know what? People are starting to notice those rotten ToS. It’s not a dirty little secret any more. I can’t protect you from that visibility - nobody can, except you if you get out in front and do the right thing.
Cryptocloud pioneered no-bullshit Terms of Service in the VPN industry. Then we drifted away from that, but now we’ve fixed it. We’re back to our roots. I apologize to the community that we took our eye off the ball like that. We can do better, and we must do better. There’s no excuses offered - we screwed up. Now we fix it, we learn from it, and we improve each and every day. That’s how our company started back in 2007, when we took the path of doing it the RIGHT way instead of the easy way.
And that’s the path we are on today, and always.
Who else will stand tall and show true leadership?