Exposing a Scam Content Protection Company

trackment-logo(Note: Though I am going to mention the name of the company involved I will not be providing any links to their domain for obvious reasons.)

Update: Within 15 minutes of posting this article I received an email from Çağsan Özbek, who purports to be from Trackment. The email threatened to take legal action against me if I did not remove the article and responded to some, but not all, of my points. I’ve added his responses below.

I often get emails and calls from companies that are entering the content protection field. Some I cover, some I don’t. But most are honest companies that, while they sometimes make promises they simply can’t keep, they at least are attempting to provide what they see as a valuable service.

But every once in a while I run across a site, service or company that raises so many red flags for me that I can’t simply ignore them.

One such company is Trackment.

To be clear, I don’t use the term “scam” lightly. I haven’t paid any money to this company nor have I tried their service. However, as I’m going to show, there are so many red flags and warnings that there is virtually no way that this company provides a legitimate service that does all it claims.

Compliment that with unethical ties and questionable marketing practices and what we have is a clear picture of a service where, at the very least, something serious is wrong.

To explain why I feel that way, I’m going to walk you through step by step what I learned as I began to research their offering.

First Warning Signs

I first heard about the service through a questionable comment on my site, one posted by a person claiming to be “Greg”. The comment, posted on July 8, linked to a spammy site in the URL box and, in the body said:

The best one to stop content thieves so far is ((REDACTED LINK))
It’s easy to use and reliable. I’ve been with them for 2 years, highly recommended.

I make it a general policy not to involve myself with sites that spam me but since it was just one comment on a somewhat-relevant post, I figured it could have been the result of an overzealous affiliate or user. I gave them the benefit of the doubt.

When I visited the site, I realized quickly that it was making some fairly bold claims, including being able to prevent content theft, stop malicious bots and prevent website attacks.

Trackment Image 1

Further down, they were making even more grandiose claims, including that they could provide scrape protection, image theft protection, copy protection, DDOS protection, Spam protection, Flood protection, malicious bot protection and much more. The service also said it could reduce your server load, speed up your website.

At first blush, I thought it was a service similar to Distil or Cloudflare, a content delivery network that also provides site protection tools.

Trackment 2However, it was then I noticed another amazing claim. According to Trackment, all of this protection could be done by simply adding one line of code. Specifically, a line of JavaScript (see right).

This sounded impossible to me. A remote cache, which is what it was described as being “like” in the testimonial video, has to sit between the viewer and the site. Distil and Cloudflare do this by having users edit their site’s DNS settings. JavaScript can only be loaded after a visitor comes to the site (and the JavaScript file).

It was at this point I went from curious to completely suspicious and began to really dig deep into the site.

New Domain, Fake News Coverage and More

The first thing I did was look at the information available on the domain. One thing that was immediately clear was that the domain was registered on May 30, 2012. This directly contradicts the original commenter saying that he had used the service for two years (unless they changed names which I was unable to find evidence of).

Trackment Domain Info

I then noticed the site advertised media coverage in various prestigious publications including Mashable, The Wall Street Journal, TechCrunch and more.

trackment-4

However, a cursory search of these sites revealed that none of them had covered anything by the name “Trackment” in the past (I asked Trackment for links to the news coverage but they have not responded).

Trackment Search

(Response: Özbek, in his response, said: “We didn’t mention “as seen on” on these brands, so that your compliant about this one is also incorrect.” I would say that the inclusion of the logos was intentional to give the impression that it was covered, explicitly stated or not.)

Once again, this could be explained if the service changed names recently, but no previous names were listed.

I then turned to the site’s testimonials and watched a video testimonial by a person who calls himself “Jonathan Chase” and is identified solely as a “Blogger” without a site given.

Trackment 6The video contains several obvious misstatements about WordPress security, indicating that it had “lots of vulnerabilities” he was hacked regularly just for using it, and that Trackment was what made him secure.

Finally, the website is slathered with dubious awards and accolades. In one place it claims to be the “World’s Most Preferred Website Security Guard in 2013″ though it doesn’t say who gave the award or what metric they used.

Trackment Award

And, in another, they claim to be “Website Security Guard Since 2009″, even though that date clearly contradicts their domain information and there’s no information on what that means.

Trackment Award 2

(Response: Özbek said: “We have been in this industry since 2009, our domain registry name date just shows when this domain name was created.” I have asked for clarification and the names of other companies or services he has been a part of.)

However, I discovered the biggest issue days later when I was searching for additional information on the service and discovered a posting on a black hat SEO program trying to get the users there to sign up for their referral service (Link nofollowed).

Trackment Blackhat

In short, the service is actively courting and working with black hat SEOs, the very people the service is supposed to protect against, to sell their product. This is unconscionable.

What Trackment (Likely) Really Does

I emailed Trackment on the 9th via their contact form as I began my investigation and I have not heard back from them. At that time, I only had basic questions about how the service worked.

(Clarification: I emailed them on June 9th, 2013, two days before this column was posted. It was the only contact information I had at the time and I can not confirm if it arrived.)

Because of that, I have not been able to use the service as I am not comfortable sending them money (There is no free trial, another red flag).

However, a lot of what Trackment claims to be able to do can be done through JavaScript. You can block IP addresses, break frames, prevent right clicking, disable text selection/copy and much more. I suspect what Trackment really does is provide a remotely-hosted JavaScript file that does all of that and can enable/disable those features at will.

While interesting, this is not a service that requires $15 per month, the cost of the cheapest account. In fact, you can find JavaScript code to do all of those features and more for free online and host them on your site at zero cost. Of course, many of those features are bad ideas anyway.

However, since Trackment is just a JavaScript, it can be easily defeated by simply disabling JavaScript in the browser. In fact, many bots don’t have the ability to parse JavaScript at all. Also, since it’s installed in your theme, it can’t do things such as protect your login page. That has to come from a system that manipulates your DNS, poking more holes in their security claims.

Unfortunately though, this is just guesswork. I have no way of knowing what, if anything, Trackment really does. But given all of the red flags I encountered (and this only lists half of them), I simply can not trust them or their claims.

Bottom Line

To many, it might seem outrageous that anyone would fall for this site. There’s so many dubious claims and questionable statements on the home page alone that it was difficult to choose the ones to include (I left out no URLs with testimonials, a largely non-functioning “Vulnerability Scan” and a promise to “Stop threats before they hit your website.” to name just a few more.) it seems obvious that one should stay away.

But people do fall for sites like this. I know well how frustrated people are with content theft issues and how desperate they are for an easy solution when there isn’t one to be found. The combination of people who are desperate for a solution but aren’t tech savvy creates an opening.

That is a big part of why I made Plagiarism Today, to have a site for people who are dealing with content theft issues and want answers but don’t know where to turn.

As part of that effort, I gladly provide assistance and feedback to many companies of all sizes, often giving my time for free, so they can make their products better.

I will continue that tradition and I openly invite any companies with legitimate products and services to email me both for coverage and feedback. I’m here to help you thrive.

(Note: I also invite Trackment to email me and correct me on anything that is factually inaccurate in the story.)

2 comments
Sheogorath
Sheogorath

I can protect your site from some forms of copying right now. Just click here today! (Disclaimer: the method described herein is not proven to be effective against people using smartphones.)

Sheogorath
Sheogorath

I can protect your site from some forms of copying right now. Just click here now!