WebRTC moves fast. As part of writing my 2014 Edition research report, I'm trying to keep on top of all the various new market entrants, especially the proliferating range of platform and API providers. So I was unsurprised when a search threw up a new (and UK-based) WebRTC company called Streamserver. I clicked the link, thought "Oh, another one" and fired off an email to the CEO asking for a briefing, and inquiring how he was positioning and differentiating his company in an increasingly crowded space.
Then I noticed something familiar - a reference to Double, the company making the cute telepresence robots that are familiar sights at WebRTC conferences (and which feature in most of my slide-decks). I know that Double has worked with Tokbox, so I was a bit surprised - maybe they had a better platform, and had ousted their rival? Maybe they provided a bit of software that was incorporated into Tokbox's platform?
Then I had another look at the "About Us" page. The CTO's picture looked very familiar to me. But his name didn't ring any bells. One of his colleagues looked like somebody I'd met at a conference as well. Then I realised - the CTO, allegedly "John Bair" looked like the identical twin of Tokbox CEO Scott Lomond, who's almost as prominent a figure as the robots his WebRTC software powers.
[I've got screen-caps if/when the site is taken down]
In fact, the whole website looked remarkably similar to Tokbox's - the people, the proposition, the customer references. The prices were much lower though. Initially I thought that maybe this was Tokbox trying a clever approach to price discrimination, or testing elasticity curves, with a cut-price sub-brand. Then I realised that giving pseudonyms to your executives is probably not best-practice for that type of exercise. Also, having no contact address, news, blog and - most-tellingly - no Twitter icon seemed dubious.
So I asked Tokbox directly, and judging from their response on Twitter, something dodgy is indeed afoot. I'd probably best avoid too many defamatory comments, but it seems like I've uncovered a rather "clumsy" (*cough*) attempt to gather names or payment details illicitly. Now it could be that the company is legitimate, but it hired a dodgy website designer who's copied some content into a template, or who put the website up live, while it should have still been locked-down. Or maybe there's another wholesale explanation - but I'll leave that one up to Tokbox's lawyers.
The other question is whether this is a one-off, or might get repeated elsewhere. I have no idea whether there are questionable cloud-services offers elsewhere in the web universe, although a search for cloud+fraud throws up various types of exploits. Presumably there are both financial and content/security-related risks in working with an untrusted WebRTC platform, although actual P2P media traffic should be secure unless it goes via a TURN or media-processing server. So I'd add "caveat emptor" to the already lengthening set of decision criteria about choosing a WebRTC platform. And I'd suggest that other platform players' web designers do an image search to see if their execs' mugshots are lurking elsewhere on the net.
I guess this means I can now describe myself as a WebRTC Analyst, WebRTC Pioneer and now the first WebRTC Private Investigator. And I can categorically confirm that clicking the "buy" link for my research report will take you to a genuine payment service, and only deduct the right amount of money from your credit card. And if you're a shady character thinking about setting up a dodgy platform company, forget it, read my report & exploit one of the genuine WebRTC opportunities instead....
EDIT - I've also noticed that the copied Terms of Service page, here, clumsily leaves in TokBox's street address and even Lomond's name as DMCA contact. Oops.
Then I noticed something familiar - a reference to Double, the company making the cute telepresence robots that are familiar sights at WebRTC conferences (and which feature in most of my slide-decks). I know that Double has worked with Tokbox, so I was a bit surprised - maybe they had a better platform, and had ousted their rival? Maybe they provided a bit of software that was incorporated into Tokbox's platform?
Then I had another look at the "About Us" page. The CTO's picture looked very familiar to me. But his name didn't ring any bells. One of his colleagues looked like somebody I'd met at a conference as well. Then I realised - the CTO, allegedly "John Bair" looked like the identical twin of Tokbox CEO Scott Lomond, who's almost as prominent a figure as the robots his WebRTC software powers.
[I've got screen-caps if/when the site is taken down]
In fact, the whole website looked remarkably similar to Tokbox's - the people, the proposition, the customer references. The prices were much lower though. Initially I thought that maybe this was Tokbox trying a clever approach to price discrimination, or testing elasticity curves, with a cut-price sub-brand. Then I realised that giving pseudonyms to your executives is probably not best-practice for that type of exercise. Also, having no contact address, news, blog and - most-tellingly - no Twitter icon seemed dubious.
So I asked Tokbox directly, and judging from their response on Twitter, something dodgy is indeed afoot. I'd probably best avoid too many defamatory comments, but it seems like I've uncovered a rather "clumsy" (*cough*) attempt to gather names or payment details illicitly. Now it could be that the company is legitimate, but it hired a dodgy website designer who's copied some content into a template, or who put the website up live, while it should have still been locked-down. Or maybe there's another wholesale explanation - but I'll leave that one up to Tokbox's lawyers.
The other question is whether this is a one-off, or might get repeated elsewhere. I have no idea whether there are questionable cloud-services offers elsewhere in the web universe, although a search for cloud+fraud throws up various types of exploits. Presumably there are both financial and content/security-related risks in working with an untrusted WebRTC platform, although actual P2P media traffic should be secure unless it goes via a TURN or media-processing server. So I'd add "caveat emptor" to the already lengthening set of decision criteria about choosing a WebRTC platform. And I'd suggest that other platform players' web designers do an image search to see if their execs' mugshots are lurking elsewhere on the net.
I guess this means I can now describe myself as a WebRTC Analyst, WebRTC Pioneer and now the first WebRTC Private Investigator. And I can categorically confirm that clicking the "buy" link for my research report will take you to a genuine payment service, and only deduct the right amount of money from your credit card. And if you're a shady character thinking about setting up a dodgy platform company, forget it, read my report & exploit one of the genuine WebRTC opportunities instead....
EDIT - I've also noticed that the copied Terms of Service page, here, clumsily leaves in TokBox's street address and even Lomond's name as DMCA contact. Oops.
1 comment:
Wow! I'm glad you caught that. I like that you take initiative to contact the heads of these companies to ask how they are different. Once the market is more defined, it will definitely be beneficial for those that want to choose a WebRTC.
Would you mind checking out our product, Mikogo, and letting us know what you think? I can put you in contact with those more closely involved with its development. We'd love your thoughts. The website (and the product) is www.mikogo.com
Post a Comment