This is a crosspost from my post on reddit. In hindsight this went almost viral. I happy it got the visibility it deserved. This post is just here to have a backup of the content in case something happens to it on reddit.
TL;DR: Apono is creating fake posts with fake user review comments, who get vote manipulated, then end up on google, also shit on competitors and block me in an attempt to silence alternatives/critique.
Hi r/devops, I’ve already commented on a few of their posts and wrote a longer linkedin post on the topics. Feel free to read the full story there:
- https://www.reddit.com/r/devops/comments/1elp829/db_access_and_all_night_pings/lguk4qs/
- Linkedin Post
But there is no better place to call them out than on the very communities that they are trying to manipulate, is there?
Who is Apono.io even?
Apono.io is a cybersecurity, privileged access management software. That is used to allow developers and other members of an organization, to access restricted resources like databases, servers, etc., at least this is what I got from their web page, correct me if I am wrong.
The only reason I noticed what they are doing is because I tried myself founding a company in a similar space and ended up open-sourcing it. But this isn’t a self promotion post, look into my post history if you’re interested.
What are they doing?
Apono is systematically creating posts on various subreddits where they post a problem statement in one way or another and then comment with another account how Apono was the best solution for a person. Problem is: Neither the original account, nor the user responding are actually real. Both of them are usually bought accounts with minimal relevant post history. And they never answer anything else, often aren’t even used again after this usage.
These threads are also heavily vote manipulated on the thread from wednesday, my comment suggesting my open-source tool went from +6 votes to -4 within half an hour (now it’s even at -8 but this could also be the hivemind).
Why would they do this?
Developer/Tech People marketing is notoriously difficult. Engineers are well known to be more or less immune to Ads, and hang up on Sales calls. Instead we often rely on social proof (recommendations by friends and colleagues) or user reviews on what we think are somewhat neutral platforms like reddit, hackernews and Github. Additionally Reddit has been ranking very highly on Google since about one year so if you create a reddit post “Alternative to xyz” and the first comment is your tool, this can drive a lot of traffic to your website for cheap.
Examples
As you can see this has been going on for a while, and I think if you check any of the accounts you’ll most likely agree that they look quite suspicious. They usually have little history and no activity in any engineering subreddits. Then suddenly come with a production access problem or recommend Apono as the magical solution for such a problem.
One thing that baffles me a bit is: They blocked me from any account that is newer than ~8 months, which is roughly when I started being active and trying to market my tool. Probably in the hope that I won’t see their posts and don’t recommend my tool as an alternative. This however lets me tie all of them together in the same scheme and made me suspicious in the first place. I have never interacted with most of the accounts that they blocked me from, so why would these random users put me on their block list?
An additional thing I find extremely scummy is that they are bad mouthing their existing (probably leading) competitor StrongDM continuously in a lot of their posts. In one of them they claimed a double price hike and the StrongDM CEO even commented “that they have never raised prices this much” but of course the OP never answers and there is an Apono recommendation in the post.
So what? Everyone buys reviews.
Maybe true, but that doesn’t make it right and if you get caught you deserve being shamed for it. Especially selling a cyber security product that relies on trust should not use such scummy marketing campaigns in my opinion. I for my part will recommend people to rather use StrongDM or Teleport if they want to pay for a solution. Maybe we as a community can spread the word and make them stop this.
Note: This is not about Apono’s product, I have never tried it. It might very well be a good solution. I’m just trying to shine some light on how a company is flooding reddit with fake reviews.