Hijacking Trust? Bitvise Under Fire for Controlling Domain of Open-Source Project PuTTY
PupRed bigtech bitvise domainsnatcher putty ssh
In the open-source world, trust, transparency, and community stewardship form the foundation of public credibility. But a recent case involving the domain name putty.org calls these values into question.
The domain, long associated by users with PuTTY, the widely-used open-source SSH and Telnet client, is not controlled by the PuTTY project itself — but by a commercial competitor: Bitvise.
Bitvise offers its own SSH client, and while their software is available free of charge, the company now faces criticism for its appropriation of a domain name that clearly and historically signals the PuTTY project — a project maintained for over two decades by developer Simon Tatham.
A visit to putty.org brings users to a page that references PuTTY, links to the official download site — but also prominently advertises Bitvise's own SSH client. Critics argue this amounts to misleading branding and exploitation of public trust in open-source software.
Update: Bitvise escalates with personal attack after publishing private correspondence
Following publication of this article, Bitvise took the unusual step of publishing the entire email exchange with the journalist on their public support site, including the journalist’s full name without consent — despite a clear request to anonymize or redact personal information.
When asked to censor the name, a Bitvise representative responded not with a correction, but with verbal abuse:
“Lol 😂 You fucking idiot.”
This statement — sent via the company’s official support channel — raises serious concerns not only about Bitvise’s domain practices, but also about its conduct, professionalism, and treatment of individuals engaging in legitimate inquiry.
The incident reflects a pattern: rather than addressing substantive criticism about its use of the putty.org domain, Bitvise has responded with deflection, hostility, and now a personal attack on a journalist — further distancing itself from the transparency and accountability expected in both commercial and open-source communities.
Requests for formal comment remain open.
“The PuTTY project never had this domain”
When approached for comment, Bitvise’s response sidestepped the ethical questions entirely, focusing instead on technicalities of ownership:
“The PuTTY project, or its author, did not originally own this domain. It is misleading to talk about 'returning' a domain which the PuTTY project never had,”
— Denis Bider, Bitvise representative
Asked whether Bitvise would consider transferring the domain to PuTTY’s actual maintainer, or whether they believed such use could be ethically problematic, Bider replied dismissively:
“What you dislike is that the page appears high in search results because it provides a useful service.”
He later escalated the tone further, stating:
“It speaks to the nature of someone's mind when the first thought that occurs to them is expropriation and confiscation.”
A question of ethics, not legality
While Bitvise claims no financial gain from the domain, the issue is not about profit, but intentional association. The choice to register putty.org — and use it to promote a product — inherently capitalizes on PuTTY’s reputation, regardless of whether revenue is generated directly.
Asked whether such use was ethically justifiable, Bitvise offered instead a philosophical statement:
“The difference is not one of profit, it is one of philosophy. You believe software can be managed by a committee. I believe software requires an owner, otherwise it is dead.”
Yet this framing ignores the core issue: controlling a domain name that misleads users into associating Bitvise’s product with the PuTTY project. It’s not about software governance — it’s about public trust and digital responsibility.
Exploiting visibility, eroding integrity
Search engines treat domain names like putty.org as authoritative. A user looking for the PuTTY project might easily assume they are visiting an official or affiliated site. That’s what makes Bitvise’s claim of providing a “service” ring hollow: the service comes wrapped in misleading branding that benefits the company at the expense of clarity.
Digital rights advocates argue that just because a domain is legally available doesn’t mean it should be claimed, especially when it mimics a widely known, community-driven project.
As the open-source community continues to grapple with questions of ownership, sustainability, and trust, this case serves as a potent example of how ethical lines can blur in the space between legality and legitimacy.
So far, Bitvise has shown no sign of releasing the domain — and no willingness to address the broader ethical dilemma behind their actions. Their responses raise a final question:
When a company benefits from the public’s confusion, is that smart business — or quiet deception?
Written by PuPRed.com - Last updated 13.July.2025
ⓘ Download the original Putty here: www.chiark.greenend.org.uk