When shoddy journalists sponsor shoddy cybersecurity services | by Aleksey | Oct, 2021

Shared By

Visit The Original Post

A case study in The Young Turks’ promotion of NordVPN

Image Source: Cisco Systems (Fig 9–1)
  1. B​ackground
  2. The Young Turks and NordVPN
  3. D​iscussion
  4. C​onclusion

T​he Young Turks is a fake news outlet that mainly produces commentaries from a progressive-liberal perspective. They brand themselves “rebels” and “against the establishment” a la InfoWars and Alex Jones, but their behaviour suggests that they are more along the lines of a medium-sized corporation looking to maximise profits as opposed to promoting the welfare of the poor, the needy or those who don’t have much political influence.

In this article, I shall offer a fascinating case study where The Young Turks promote a defective VPN service provider called NordVPN. At best, this demonstrates their carelessness and inability to perform due diligence (which seriously questions their ability to accurately report the news). At worst, this serves as evidence that they will happily promote a lousy service to maximise their profits.

The main goal of this article is to demonstrate a case of The Young Turks’ greedy, for-profit behaviour through their indifferent promotion of the NordVPN service. However, it is important to look at the history of The Young Turks’ disingenuous behaviour to provide a bit of context. Others have discussed the unethical behaviour and low-quality reporting of The Young Turks, so I will just list a select few of them:

  • P​ower (2017) demonstrates how The Young Turks are poor in their science journalism. They misrepresent the science of genetically modified organisms (GMOs), provide their viewers with dodgy and second-hand information regarding GMO research, and (ironically) falsely accuse the Monsanto company of shoddy business practices.
  • t​hunderf00t (2017) supplies further evidence on how The Young Turks are poor in their science journalism. The Young Turks misrepresent information in an Environmental Protection Agency (EPA) document regarding radiation. They do this by paraphrasing a Bloomberg News article (as opposed to reading the original EPA document). thunderf00t believes that this is dishonest reporting for the purposes of “media sensationalism.”
  • S​pangler (2019) reports on how Bernie Sanders and other left-leaning politicians have retracted their support for Cenk Uygur (The Young Turks’ CEO) possibly for his past racist and sexist remarks.
  • J​aeger (2019) reports on “how corporate money and hypocrisy turned TYT into [mainstream media].”
  • J​amieson (2020) reports on how Cenk Uygur “urged his staff not to unionize.” It should be noted that The Young Turks are generally pro-union.
  • Solicisting money during the coronavirus pandemic (Dore, 2021a) and engaging in tabloid journalism (Dore, 2021b). In The Young Turks’ tabloid publications, Cenk Uygur and Ana Kasparian would discuss the “camel toe” of various celebrities and post uncensored and semi-naked pictures of women onto their website.

W​ith this context out of the way, I can get to the focal point of this article.

N​ordVPN is, as the name implies, a virtual private network (or VPN) service with the primary purpose of acting as a means to defeat censorship and protect anonymity (NordVPN “About Us” page, n.d.). However, it has been demonstrated that they are incompetent in protecting their users’ anonymity as well as maintaining confidentiality. Before and after NordVPN’s shoddy cybersecurity was exposed, The Young Turks promoted their services.

Since at least October 2019, NordVPN’s shoddy security practices have been well known. The first major bombshell was when cryptostorm (2019) pointed out an 8chan post citing a ghostbin.com post (here, n.d.) showing leaked private certificate authority keys belonging to NordVPN. With these private keys, hackers can generate their own NordVPN-based certificates, allowing them to intercept the internet traffic of NordVPN’s customers. hexdefined (2019) had a detailed discussion of this leak, and mainstream tech journalists Whittaker (2019) and Hodge (2019) reported on it.

A​nother separate, but related nonetheless, incident regarding NordVPN’s bad security practices involves a credential stuffing attack (Goodin, 2019) where hackers took leaked credentials from the first incident and used automation tooling to try different login combinations given the leaked credential data (as opposed to the more common brute force or dictionary attacks). This demonstrates that NordVPN didn’t insist that their users reset their hacked passwords, which is bad information security practice.

Computer technician Louis Rossmann (2019a, 2019b) discusses how NordVPN is more concerned with advertising its services than making them of higher quality. Rossmann discussed how a suspicious NordVPN recruiter spammed himself with multiple requests to sponsor them, which ultimately led Rossmann to publicize the emails. Rossmann also points out that NordVPN spent more money on advertisements and very little on information security, and that content creators should only sponsor products or services that they have a keen understanding of.

H​ere is a brief timeline of significant events regarding NordVPN’s security problems:

D​espite the many problems with NordVPN that I just discussed, The Young Turks still chose to promote their services. First, I shall construct a non-exhaustive list of the instances that The Young Turks or their partners promoted NordVPN before the initial news report:

  • O​n 15 Jul., 2019, The Young Turks’ main channel published a video discussing a “xenophobic senator” appearing on Fox News with a NordVPN promotion in the beginning. Link: https://www.youtube.com/watch?v=BkYB0NlIEOs
  • O​n 30 Jul., 2019, The Young Turks’ main YouTube account published a video discussing Donald Trump with a NordVPN promotion in the beginning. Link: https://www.youtube.com/watch?v=ajA1RM-VEbM
  • On 6 Aug., 2019, The Young Turks’ main YouTube account published a video criticising The New York Times, which included an advertisement for NordVPN’s services near the end. Link: https://www.youtube.com/watch?v=dzidBFMMCE8
  • On 12 Aug., 2019 The Young Turks’ main YouTube account published a commercial that is around forty seconds long advertising NordVPN’s services. Link: https://www.youtube.com/watch?v=rZe-AYboX2o
  • On 19 Aug., 2019, The Young Turks’ main YouTube account published a video criticising Eric Gardner’s murderer with a NordVPN promotion near the end (isn’t it great how The Young Turks are profiting from someone’s death?). Link: https://www.youtube.com/watch?v=yyWhpU7ls9g
  • O​n an unknown date (I shall assume before the initial news report for the sake of charity), The Young Turks’ Facebook page published a post advertising NordVPN’s services. Link: https://archive.today/HoHat

Next, I shall construct a non-exhaustive list of the instances that The Young Turks or their partners promoted NordVPN after the early news report and after the auxiliary news report:

Figure 1
Figure 2
Figure 3

I​t should be noted that while The Young Turk’s main channel’s affiliate link (here) is no longer working, The Ring of Fire’s affiliate link (here) is operational as of 3 Aug., 2021.

A​t the risk of sounding repetitive, the lists that I provided of The Young Turks and their associates promoting NordVPN, both before and after the initial reporting of NordVPN’s security problems, are not exhaustive. Nonetheless, from these examples, one can draw the conclusion that The Young Turks are willing to promote a faulty security service for the sake of profit. It may be irresponsible, but The Young Turks don’t care. They only care about maximising profits.

I would like to address some potential objections to this article:

“The Young Turks are not an information technology company; they are in the business of journalism. It is unfair to expect them to assess the quality of an information security tool or service.”

W​hile The Young Turks may not be information technology specialists, they are nevertheless endorsing a VPN service and making bold claims about its quality through their hosts and associated programmes. They should have done research into NordVPN before promoting their services. They could have hired a third-party IT consulting firm to assess the quality of NordVPN’s service or to interrogate NordVPN’s technicians into explaining the details of their products and services.

F​urthermore, reputable news outlets like TechCrunch and Ars Technica reported that NordVPN has lousy operation security. The Young Turks position themselves as experts in news journalism (they even have a “TYT Academy”), and therefore cannot plead ignorance when promoting NordVPN after the initial news report.

“The Young Turks probably signed a contract before the initial news report, and were legally obligated to sponsor NordVPN’s services. It is unfair to demand that they stop promoting them just after the initial news report because that could land them in legal trouble.”

R​emember that The Young Turks brand themselves as “rebels” and “against the establishment” in an effort to boost their journalistic authority. They should not fear the legal consequences of abruptly ceasing to promote a defective service if it means that they are doing the ethical thing. Unfortunately, this incident merely serves to demonstrate that The Young Turks would rather look out for their self-interest and are of a profit-maximising motive.

For some odd reason, being a part of “independent media” funded by the common man increases the authority of the media entity in question. However, as I have demonstrated, for-profit news media outlets are generally going to act in a manner that maximises their profits and minimises their losses. T​his is not to say that all news is bad, “independent” or not. But try to find high-quality news outlets like the BBC, PBS, C-SPAN, Ars Technica, The Economist, or even just your local news station.

T​he Young Turks, along with their associates, can go on about how they are “people funded” and how they don’t accept money from elite institutions. This does not change the fact that they will act not just like their mainstream media counterparts, but their right-wing, alternative-media counterparts. The Young Turks do not care about their audience, they will happily promote a defective security service and are quite frankly no better than CNN, MSNBC, InfoWars and the like.

I​ would like to thank a number of friends and collaborators, who shall remain anonymous, for giving me feedback with this article. I fully accept the responsibility for any errors in this article.

Backup of videos and pages discussed in this article: https://0xacab.org/Aleksey/journalism/-/tree/no-masters/NordTYT

Leave a Reply

Your email address will not be published. Required fields are marked *