James Stanley

Someone cloned my website and is using it to scam people

Fri 16 June 2017
Tagged: smsprivacy

I was looking on the DuckDuckGo search results for "anonymous bitcoin sms" today, just to see what was out there. My SMS Privacy was the top result, as expected. But the second result was new to me:

Update: Kevin has replied on HN and my payment is now showing up. The site is not a scam, although it has copied an awful lot of text from my site, and payment processing is seemingly performed at the speed of email. I've left the rest of the article unchanged, but note the site does appear to basically work.

(I won't hyperlink it here as I don't want to give it any link juice, but you can see the URL in the screenshot.)

I clicked around the site a little and was surprised to find that it had blatantly ripped off almost all of the text from SMS Privacy, including (with the order slightly rearranged) the example use cases on the home page, the FAQ text, and the getting started guide.

So far, most of this is flattering. It's a bit annoying that it's copying my site without giving any credit, but I can live with that. The pricing even happens to be just slightly lower than the SMS Privacy pricing. Fair enough, I can take some competition.

I signed up for an account to see how the user experience was, and things got worse. Suddenly the entire page layout was almost identical to SMS Privacy, including much of the HTML (although parts of the CSS were missing so it didn't quite render properly). The greeting on first sign in was identical to SMS Privacy. I tried to see what phone numbers were available to purchase but couldn't find a way to do so without sending any money. No matter, I can afford to send a few quid to check out a competitor.

The payments page was again very similar to SMS Privacy, with much of the text copied verbatim. I sent some payment and things got even worse. My payment transaction was first mined over 3 hours ago, and has since had over 20 confirmations, and yet there's still no mention of it (not even showing up as unconfirmed) on anonymousbtcsms.

So at this point I started thinking it's not just ripping off my text, it's actually a deliberate scam!

There's no evidence that this site can actually provide the service promised. There's not even any evidence that it can process payments. It just copies the marketing text off my site, then shows a new bitcoin address for each user (I wonder if it's a hardcoded list?), and the trail ends there. It doesn't handle incoming payments, and it almost certainly doesn't have any phone numbers for sale.

Shortly after I sent my payment, I sent an email to the contact address listed on the site (k@anonymousbtcsms.com) asking for the copied text to be removed, although I haven't received a reply and no longer expect to. With the help of some friends, I've since done some investigating. The whois record for anonymousbtcsms.com names a Kevin Coleman as the domain registrant:

We found a Kevin Coleman in Buenos Aires who is a software developer at Spark Start. His site (www.kcoleman.me) includes a link to anonymousbtcsms so it seems as though he is the real developer of the project and is not trying to hide it. From browsing the site, a couple of his "Coleman Laws" are particularly notable:

8. There is nothing more critical to true success than openness, honesty and integrity.
18. Don’t ever take credit for others' work.

I have emailed Kevin's personal email address but he hadn't replied by the time I published this post.

My suspicion is that this is all an accident, and that Kevin is basically a decent person: I imagine at one point he was intending to compete with SMS Privacy. On the basis of "fake it until you make it", he got an MVP up and running quickly by copying the SMS Privacy marketing text and accepting payments straight away, but he lost interest and never got around to actually building the service.

If you're a would-be customer: stay away from anonymousbtcsms. It doesn't provide the service it promises.

If you're Kevin: please, stop ripping people off. Either finish the project or take the site down. The current situation is completely indistinguishable from a scam.

Thanks for reading.

If you like my blog, please consider subscribing to the RSS feed or the mailing list: