I believe everyone that uses the internet on a daily basis has experienced or at least heard a story about shady practices coming from specific vendors or providers and because I hate it when people are overall lame I’ve decided to start a series of posts where I’m going to report well known and documented experiences concerning the shady practices of online business.
I’m going to start with Nextcloud, a self hosted cloud provider which was born after one of the associates left Owncloud to make his own company. Needless to say that he copied the same business model and product line as Owncloud had, yet if there wasn’t any “no compete” clause in his contract there’s no legal issue with that. Just that it’s not fair play after all.
Owncloud was bad, I had it myself and there wasn’t a new version upgrade that didn’t break as soon as installed. The installer was thin too, it was setting up SQLite by default and it was crashing as soon as you added several thousands of files to it.
So at some point I ditched it and went for online services that offered the same deal even if it was for good money.
Earlier this month I hit Reddit and noticed a post from several sysadmins exposing the shady practice Nextcloud folks have been up to. Basically, the folks from Nextcloud have started to scan subnets for both Owncloud and Nextcloud instances in order to determine if they have security vulnerabilities or not and if they found those vulnerabilities they passed the info along to several “security agencies” which alerted the abuse departments of the ISP’s so that the ISP’s could go on and threaten their users with shutting down their service if they don’t fix stuff.
Now that’s lame and it would probably be understandable if this happened only with Nextcloud instances and if the Nextcloud folks would have notified the owners instead, but going to security agencies so that matters get treated like actual abuse or fraud is more than lame.
More details about this shady practice can be found here, here and here.
In the end all I wanted to say is that although seemingly legit, this practice isn’t ethical at all because you don’t just go around scanning the entire internet for specific vulnerabilities in your competitor’s software and your own software just to prove a point. You have nothing to prove like this.