‘They weren’t bad people. They just did bad things’
Those perks came with a condition, the employees said: a wide-ranging non-disclosure agreement employees had to sign, and which extends long after they leave their job. The Financial Post attempted to contact nearly 100 current and former employees of Ashley Madison for this story. But with the company under intense scrutiny, following a serious data breach in which hackers — claiming to be offended by the website’s practices — leaked a database of the site’s member information, none of the current employees agreed to be interviewed. Only one responded with an explanation, citing a “conflict of interest.” However, several former employees agreed to speak only on the condition of anonymity, as a way to protect themselves from legal repercussions.
Most of them said they experienced a psychological disconnect between the positive work environment and the company’s business practices, which they described with words like “sleazy,” “scummy” and “blatantly manipulative.” Their comments perhaps explain how elements of the company’s business model revealed by the hack worked in practice, with the promise of sex and suggestive comeons that were, in later years, frequently generated by computers that could part lustful men from hundreds of dollars within minutes of logging on.
Paul Keable, a spokesman for Avid Life, the parent company of Ashley Madison, provided an emailed statement in response to a request for comment regarding the allegations made by former employees. “As we have stated in the past, as this is an ongoing investigation, we are limited in what we can say. That said, the information that has been provided to you contains a number of inaccuracies,” the statement read.
Another former customer service worker, who claimed to have left over concerns that the job was not conducive to good well being, offered a succinct summary of the workplace experience.
“They weren’t bad people,” the worker said. “They just did bad things.”
Calls from angry spouses were traumatizing, but far more common, former workers say, were calls from angry men — clients demanding a refund after finding out they had rapidly racked up bills far steeper than they had realized. That’s because every attempt to make contact with a potential mistress on the site costs money — often much more than what clients expect.
A basic starter package of 50 credits costs US$59.99. Sending a message costs five credits and replies are free. But if the message is marked “priority,” the site deducts an additional five credits. And many new users miss the fact that their messages are automatically marked priority by default, unless users make a point of changing their settings to turn the default option off.
That means a user who sent messages to the 10 female profiles on the first page of results (which is generally a new member’s first move) had already burned through his 50-credit starter package. But many also complained they were unaware of another default setting, one that automatically charged their credit cards for a new package of credits, once credits ran out — at a cost of US$79.99. In a few minutes, with just a few messages, the charges could quickly mount to US$140.
With a few more messages, some 20- to 50-credit “virtual gifts” to the ladies on the other end and some time spent in a chat session (30 credits for 30 minutes), the client could find himself having burned through more than $500. There was also a US$19.99 activation fee for the mobile app.
“It’s designed to take advantage of horny guys with tunnel vision,” said the former customer service worker who left over well-being concerns. “And it does it really well.”
Inside Ashley Madison’s terms of agreements, the money-back policy is clearly stated: “all purchases are non-refundable.” A number of third-party consumer review websites are rife with complaints from users who were shocked to find themselves on the hook for these fees — although few attached names to their grievances. Still, for every client who angrily cancelled his account after receiving his first bill, employees note that there were new waves of men signing up. The company was brilliant at winning media attention for getting itself into controversies. When an ad would be refused by a TV network or transit system, or would inflame the Internet for being so provocative, a spike of new sign-ups would shortly follow.
Whatever else you’ve heard, the employees confirm that there really were actual live women who signed up to cheat on Ashley Madison. One of the former customer service representatives estimated that just under one-third of the calls that came in were from female members. But because the ratio was far from even, the company looked for ways to keep men messaging and chatting, and spending.
An analysis of the leaked data by the web-publication Gizmodo last month revealed that tens of thousands of female profiles on the site showed signs of being unattached to real women, while leaked internal documents from the company appear to suggest that it was sometimes computer algorithms that were automatically generating the flirtatious responses to eager men. All but one of the unnamed former employees interviewed say that this technique was widely known among Ashley Madison staff. One alleged that the photos for the profiles were sometimes taken from the free-licensing area of the photo-hosting service Flickr. Another alleged that deactivated accounts were recommended as a photo resource.
Prior to that, up until about 2011, the company had employed live “chat hostesses” to engage the men, but the company found a way to replace the live workers with computerized bots, multiple former employees alleged.
That would mean that Ashley Madison’s bots could effectively pass the famous “Turing test” for artificial intelligence — where a human could not detect even after a few questions that he was talking to a machine and not another person. (Not always, though: a consumer complaint was sent to Ashley Madison by the office of California Attorney General Kamala Harris in 2012 after a member became suspicious of how many women were starting conversations with the exact same phrase: “are you online?”) Gizmodo claimed in its reporting that users would spend their first dollar on the site engaging with a computer 80 per cent of the time.
The only allegation that Keable, the Avid Life spokesman, responded to directly in his emailed statement to the Financial Post, and specified was inaccurate, was the claim that Ashley Madison did not fully scrub the accounts of users who paid extra to have their information deleted. “The paid-delete function will hard-delete a member’s information, including all posted pictures and all messages sent to other system users’ email boxes. Once this process is complete the information cannot be accessed,” he wrote. One of the customer service representatives alleged a different account: That user information and chat logs remained accessible to those web administrators with a certain level of access clearance. Various reports about the leaked Ashley Madison information allege that some account information was re- tained even after a paid delete.
Still, whatever the claims about the company’s practices, Avid Life executives were evidently ready to answer to more scrutiny and transparency in a bid to take the company public on capital markets. Another former employee with knowledge of the company’s higher-level planning — who said she left because she felt she did not share the company’s values — said Avid Life executives made multiple, serious attempts to take the company public in both New York and Toronto. Most recently the company discussed going public in London. The main stumbling block in the past, she claims, was that banks didn’t want to be associated with a company that promotes adultery.
“They wanted investment. They wanted the money. They needed the cash flow coming into the company,” she said. “But it was mission impossible… I don’t think any bank wanted to have that relationship.”
Meanwhile, staff were reportedly also spending a lot of time protecting members from each other — and from themselves. Former workers described a heavy moderation process for profiles before they could go live, with staff removing photos featuring identifying details such as licence plates, visible address numbers on houses, shots including the members’ wives and children, and even visible work identification badges with members’ full names. They also banned profiles that showed signs of connection to escorts, journalists and snooping divorce lawyers. And the former customer service representatives interviewed said there was a strict policy to never divulge any information about a member to anyone, including the police, unless the request came with a court order.
But inside the office, a typical workday was free of drama, the former workers attest. In most ways it was just a normal office job, they said — quite different from the image depicted in the company’s sexually charged advertisements featuring models in various states of undress. And most of those interviewed remembered Noel Biderman, the long-serving chief executive — who took the company from a small local startup to a global brand, before stepping down last month — as a kind and approachable boss.
Some of the former employees are still in touch with people who currently work at Ashley Madison. They report that the office was badly shaken by Biderman’s departure — and rattled by the fact the hack is reported to have been an inside job from a disgruntled one-time employee. Understandably, there is also a growing concern that they might not have their jobs for much longer if the repercussions from the hack drive the company out of business. The company said in August that “hundreds of thousands” of new users have signed up since the hack became public, and that “Recent media reports predicting the imminent demise of Ashley Madison are greatly exaggerated.”
Hany Fahim, who was director of network operations from 2008 to 2010, was the only former employee who agreed to be named in this story — although he declined to comment on any allegations about artificial profiles, the ratio of women to men on the site, or other controversies, citing his non-disclosure agreement. Fahim described his job as “the guy behind the scenes making sure everything runs smoothly,” reporting directly to the executive level of the company.
Fahim said that while the company did ever ything commercially reasonable to protect the site, the site’s age posed security and logistical challenges. Launched in 2002, Ashley Madison’s code grew clunkier and hard to change, initially written by developers who left the company long ago.
“They took security as seriously as any web organization would. There wasn’t anything they were lax on,” Fahim said. “Any organization that inherits an old code base would have the exact same problem.”
He said that the Ashley Madison hack demonstrates the importance of s af e - guarding web-based businesses from internal threats, not just external ones; that no single person should ever have “the keys to the entire kingdom.”
But a former employee who worked in a technical role at Ashley Madison said there was another obvious security threat: The fact the company’s entire business was based on something that would anger people. It was predictable, he said, that the site would someday peeve the wrong person — someone with the technical know-how and persistence to pull off a hack.
“But was this hacker group justified in doing what they did? I don’t think so. I think it’s none of their business,” said the former tech worker. “This whole thing just has a fine layer of sleaze over it. No one in this situation is right.”