Secret Shopping & Affiliate Policies

Last Updated Sep 23, 2016

“Affiliate Marketing” aka “Native Advertising” – the idea that a third party will promote a commercial VPN by creating content that closely resembles a review or feature.  When a potential customer searches for a review of the service in question, legitimate reviews (if any exist) are drowned out by a sea of fake ones.  This creates an environment in which inexperienced customers are usually fooled into thinking what they’re reading is impartial and unbiased, and in turn, saddles them with something they don’t need or want.

Let’s look at each party’s motivation in this model:

VPN Service – Wants to spread the word about their features, service, and to bring in new customers.

Affiliate – Wants to make money by selling VPN Service.

Customer – Wants an impartial and unbiased review of a given service.  Wants a quality product.

When there isn’t full disclosure between the VPN Service and the Affiliate, which party gets shafted with this model?  The Customer – because interests are misaligned.  The VPN Service makes money as do Affiliates, but the Customer oftentimes ends up with a worthless VPN that neither has professionals running it nor the inclination to provide a truly excellent product.  This isn’t just unethical, it’s illegal in most developed countries.

Shortly after the project started, several companies were quick to update their terms and policies.  Some of them were honestly trying to make improvements in the light of renewed transparency, others just wanted to look better on the comparison chart and considered it a place they could show off their willingness to improve.  A number of companies decided to update one such policy, which is: requiring affiliates to provide full and prominent disclosure of their financial relationship with the company they advertise for – as per FTC rules (regardless of country or jurisdiction).

“Secret Shopping” / Undercover Investigation

So, what is the point of this?  The point is that I approached each of these companies in secret as a potential affiliate.  I then asked questions about their policies to see if they were serious about enforcing them.

I want to focus on the 5 companies on the Chart who have a policy in their terms requiring their affiliates to provide full and prominent disclosure.  These companies are:

  • BolehVPN
  • IVPN
  • Private Internet Access
  • SaferVPN
  • Trust Zone

The plan:

  • Send an initial email/support ticket to each company stating that I have questions about their affiliate policies.
  • When they reply, state that I don’t want to abide by their disclosure policy, and is it okay if I just ignore it.
  • If they say yes, it is okay to ignore it – approach the company (as TOPG), ask them to explain their decision, and what, if anything they plan to change for the future.
  • If they say no, it is not okay to ignore it – point out that their existing affiliates don’t follow the policy and ask further questions.

Here were the relevant responses:


(Tepid response, not okay to ignore disclosure policy, but no penalty if not in compliance)

“I would still prefer that it’s mentioned somewhere that it’s an affiliate link”

(Tepid response when confronted about existing affiliates in non-compliance)

“We are beginning to look through our affiliates list and although we won’t penalize, their earning level might be capped.”


(Weak response – Yes, okay to ignore disclosure policy)

“You are welcome to handle the situation at your discretion. We have made the legal requirements available to you as per the FCC [US], the “call” as to whether they apply to you or have jurisdiction over you is your own.”
–John V.

(Strong response when confronted as TOPG)

“I’m disappointed at John’s response.  He doesn’t have any authorisation to approve new affiliates and I’m betting he was not briefed on our new policy in which case our management is partly to blame.  There is absolutely no ‘call’ to be made, the rules are clear and we intend on enforcing them strictly.

We’ve started the process of contacting our [existing] affiliates and are giving them until 31st August [2016] to comply [with this policy].  Failure to do so will result in [their] affiliate agreement with IVPN being cancelled.”
–Nick P.

(I’ll be following up on August 31st)

Update: 9-23-2016

I have been speaking to IVPN behind the scenes about the announcement that they finally made today – partially in response to this site’s inquiry, they have made the decision to close their affiliate program.  This shows a tremendous commitment to both the industry and their potential customers to support an ethical and responsible business model.  The VPN comparison chart has been updated as a result – Kudos to IVPN for making this big decision!

Private Internet Access:

(No direct response given)

Even though PIA did not directly reply to my question, it’s worth pointing out that they are consistently included in almost every affiliate operation I’ve ever seen.  While certainly not alone, they are arguably the biggest abuser of this kind of marketing in the industry.  Based on their track record, they show no desire to change.


(Weak response – Yes, okay to ignore disclosure policy)

“Sure, you can do that.  I am not aware of this clause in our terms. We work that way with most of our Affiliates (sponsored reviews, paid placements on ranking websites etc) so there shouldn’t be any issue at all”

–Anna F.

(Here’s the clause in your terms, Anna, see #4)

(No response when confronted as TOPG)

Trust Zone

(Weak response – Yes, okay to ignore disclosure policy)

“We will not penalize you in the event of non-compliance with this requirement”

(Strong response when confronted as TOPG)

“Unfortunately, some affiliates try to avoid a disclosure.  It’s not a good choice and may lead to ban. To be honest, we don’t ban our affiliates immediately but give them several chances and finally ask them to put texts like this at least:

When you buy VPN services by clicking links on our website, we sometimes earn affiliate commissions that support our work.

Recently, we banned our biggest affiliate… (named, but not mentioned here) and some other partners

The reasons of bans are not full disclosure and twitter spam (according to our terms:  5. FTC Endorsement Compliance  and 3. Promotion of Affiliate Links)

If our affiliate ignores all our requests and requirements during 30 days – his account could be deactivated.   

I have to notice that our tech specialist was not 100% correct. We don’t penalize our affiliate first time (immediately), but we will do that if he continued violations of term”

–Jack S.

A reminder that the purpose of this exercise is about industry improvement and transparency, not to stick it to any of the aforementioned companies.  It just isn’t enough in my opinion to have a policy if it’s not enforced.  We need better if this industry is going to create and form standout services.  Representatives from these companies who may read this are free to respond, I will update this article with a relevant statement if they wish to provide one and it adds to the conversation.

I also want to give a message to companies who intend to change policies for the sake of looking better than those that don’t:  Your reputation is at stake.  I don’t take what you say as gospel – I intend to look into things a little deeper than you might be comfortable with if you’re just trying to score some easy credit on the chart.  Follow through with your policies and everyone in the industry will be better off – except for those whose interests are not aligned with an ethical and transparent VPN industry.

About the Author

About the Author

I started researching data about VPN services for my own knowledge, then posted the information online in the hopes the Internet might find my work useful for themselves. Through the positive feedback and assistance those in the community offered, I’ve been able to take this step into compiling all of my related work in one location and moving away from the Google Spreadsheet that it was originally created on.