For decades, developers worldwide have trusted PuTTY—Simon Tatham’s indispensable open-source SSH and telnet client for Windows—for secure server access. Yet confusion has persisted around its true online home (chiark.greenend.org.uk), while the intuitive PUTTY.ORG domain remained under the control of Bitvise, a commercial SSH tool vendor. This week, that confusion turned toxic.

The Longstanding Illusion

Bitvise acquired PUTTY.ORG in 2008, hosting a page that linked to PuTTY alongside its own paid tools. Though labeled as unofficial, the domain’s simplicity made it a top search result, misdirecting countless users. Hostinger tutorials, StackExchange answers, and Bing searches all prioritized it over Tatham’s authentic site—a server so ancient it runs a 32-year-old Debian installation.

The Provocative Pivot

After blogger PupRed inquired about the domain’s ownership, Bitvise co-founder denis bider replaced all software links with COVID-19 misinformation, embedding a video by discredited anti-vaccine activist Michael Yeadon. Bider defended the move, calling it a "critical public service" and accusing critics of "communist" motives. His personal blog claims "viruses are made up"—a statement The Register’s biology-trained FOSS desk explicitly refutes.

Simon Tatham told The Register: "Whatever the legalities... running a site like that seems like shockingly unprofessional behaviour. I wouldn’t buy any product from a company who I knew behaved like that!"

Why Developers Should Care

  1. Source Integrity at Risk: Tools like PuTTY underpin critical infrastructure. Domain confusion creates supply-chain vulnerabilities.
  2. Trust Erosion: Bitvise weaponized a trusted name to platform harmful content, damaging industry credibility.
  3. The .ORG Paradox: Nonprofits aren’t the only entities using .ORG domains, complicating authenticity checks.

Navigating the Fallout

  • Verify Official Sources: Bookmark PuTTY’s canonical home: https://www.chiark.greenend.org.uk/~sgtatham/putty/
  • Scrutinize Redirects: Use whois checks for unfamiliar domains linked to essential tools.
  • Report Misinformation: Flag deceptive sites to registrars and search engines.

As Tatham’s work continues powering secure connections globally, this saga underscores a darker truth: in the digital age, even the most trusted tools can be compromised not by code, but by confusion.

Source: The Register (https://www.theregister.com/2025/07/17/puttyorg_website_controversy/)