Verify any claim · lenz.io
Claim analyzed
Tech“Fabian Wosar opened a dedicated Jabber account to receive anonymous reports from disgruntled power users about performance bottlenecks.”
Submitted by Vivid Deer 97f8
The conclusion
The claim is not supported by the evidence. Reporting about a dedicated Jabber account describes anonymous contact from disgruntled cybercriminals or ransomware affiliates about operational or payment disputes, not from power users about performance bottlenecks. Wosar's own public references to Jabber present it as a general contact method, not a dedicated performance-reporting channel.
Caveats
- The claim changes the group involved: cybercriminal contacts are not the same as power users.
- The claim changes the purpose: ransomware-payment or operational complaints are not performance bottleneck reports.
- Public Emsisoft and Wosar materials do not show any dedicated Jabber account created specifically for anonymous software performance reports.
Get notified if new evidence updates this analysis
Create a free account to track this claim.
Sources
Sources used in the analysis
This author page shows Fabian Wosar as an Emsisoft cybersecurity author and includes posts about ransomware analysis and decryption work. One post excerpt visible on the page says: “A bug in BlackMatter's encryption enabled us to help victims recover their data and avoiding tens of millions of dollars in ransom demands.” It does not mention a Jabber account or anonymous reports about performance bottlenecks.
Emsisoft’s blog contains posts on malware, ransomware, and decryption keys, reflecting Wosar’s public-facing work. The available blog index and author material do not show evidence of a dedicated Jabber account for anonymous performance complaints.
Search results for Fabian Wosar surface posts about ransomware families, decryption bugs, and victim assistance. No result shown here refers to a Jabber account or to collecting anonymous reports from disgruntled power users about performance bottlenecks.
The page lists additional cybersecurity articles by Fabian Wosar, again centered on ransomware research and victim recovery. It provides no indication of a separate Jabber channel for anonymous complaints about performance issues.
This further author archive continues to show Wosar’s published work on ransomware and malware analysis. The page does not support the claim that he opened a dedicated Jabber account for anonymous reports about performance bottlenecks.
Additional archive material on this page remains focused on cybersecurity research and decryption work. There is no evidence here of a Jabber account used to receive anonymous complaints from power users.
In this tweet, Fabian Wosar writes: "If you want to ping me on jabber: fw@jabber.ccc.de". The tweet simply shares a Jabber/XMPP address where he can be contacted, without describing it as anonymous, dedicated to performance issues, or intended for reports from "disgruntled power users."
Fabian Wosar writes: "Yes. Easiest way to get in touch with me is via Jabber or the support system: fw@jabber.ccc.de". Here he again presents the Jabber account as a general contact method. He does not mention that it is for anonymous reports, nor that it is dedicated to performance bottlenecks or "disgruntled power users."
The article explains that security researcher Fabian Wosar set up a Jabber account for cybercriminals, not software users, to contact him anonymously: "Recently, security researcher Fabian Wosar opened a dedicated Jabber account for disgruntled cybercriminals to reach out anonymously and he stated that there was a high level of response. According to Wosar, this is at least partially fueled by concerns that threat actors might struggle to collect the ransoms that they are owed by affiliate programs in the wake of the recent arrests and infrastructure shutdowns." This describes a channel for unhappy threat actors, not for general ‘power users’ or performance feedback.
In this support thread, a user asks about contacting Fabian Wosar. An Emsisoft representative responds that the best way is through the official support system and mentions his presence in various channels, including Jabber. The discussion frames Jabber/XMPP as one of several ways to contact him, without any reference to a special anonymous account or a channel specifically meant for performance bottleneck reports.
The KrebsOnSecurity tag page aggregates stories involving Fabian Wosar’s work on ransomware, including decryptors and analysis of ransomware groups. The posts refer to him as "Emsisoft Chief Technology Officer Fabian Wosar" and describe his role in assisting victims and investigating ransomware incidents. Across the pieces under this tag, there is discussion of his research and work with law enforcement and victims, but no mention of him running a dedicated Jabber account to receive anonymous reports from disgruntled power users about software performance bottlenecks.
In this tweet, Fabian Wosar describes being approached directly by a ransomware author: "So a ransomware author contacted me today asking for help with their ransomware. They hit a bug in CryptoAPI in their encryption routine ..." This public statement confirms communication with ransomware developers about encryption bugs. It does not mention any dedicated Jabber account for anonymous reports from power users, nor does it reference performance bottlenecks or power-user feedback.
In this recorded malware-analysis session, Wosar says: “the malware sample we are going to look into today will be the damage transmitter” and explains how he obtains samples for analysis. The video does not mention opening a dedicated Jabber account to receive anonymous reports from disgruntled power users about performance bottlenecks.
Fabian Wosar is widely known publicly as a malware analyst and CTO at Emsisoft, especially for ransomware decryption and analysis. I am not aware of any widely cited public source showing that he opened a dedicated Jabber account to receive anonymous reports from disgruntled power users about performance bottlenecks.
The article says Wosar is known for breaking ransomware encryption and that his free decryption tools have helped victims avoid large ransom payments. It focuses on his cybersecurity work and personal precautions, not on opening a Jabber account to collect anonymous reports about performance bottlenecks.
What do you think of the claim?
Your challenge will appear immediately.
Challenge submitted!
Continue your research
Verify a related claim next.
Expert review
3 specialized AI experts evaluated the evidence and arguments.
Expert 1 — The Logic Examiner
Source 9 (Intel 471) confirms Wosar opened a dedicated Jabber account for disgruntled parties to contact him anonymously, but explicitly identifies those parties as cybercriminals concerned about ransomware affiliate payments — not 'power users' reporting 'performance bottlenecks.' The proponent's argument commits a clear equivocation fallacy by treating 'disgruntled cybercriminals reporting RaaS operational concerns' as logically equivalent to 'disgruntled power users reporting performance bottlenecks,' when these are materially distinct categories; the claim as stated is therefore false, as the specific characterization of recipients and purpose does not follow from any evidence in the pool.
Expert 2 — The Context Analyst
The claim swaps the key context in Source 9: Intel 471 describes a dedicated Jabber account for “disgruntled cybercriminals” (threat actors/affiliates) to contact Wosar anonymously about RaaS payment/operational issues, not “disgruntled power users” reporting “performance bottlenecks,” and Wosar's own Jabber mentions present it as a general contact method without that purpose (Sources 7-8, 10). With the full context restored, the statement gives a fundamentally wrong impression about who the channel was for and what it was meant to report, so it is false as framed.
Expert 3 — The Source Auditor
The most reliable sources here are Emsisoft's own materials (Sources 1-6, 10) and the direct Wosar tweets (Sources 7-8), and none of them mention a dedicated Jabber account for anonymous reports from “disgruntled power users” about performance bottlenecks; they only show Jabber as a general contact method. The only source that actually describes a “dedicated Jabber account” for anonymous outreach is Intel 471 (Source 9), but it explicitly frames it as for “disgruntled cybercriminals” discussing RaaS/affiliate issues—not power users or performance bottlenecks—so the claim is not supported as stated and is contradicted in its key specifics.
Expert summary
The arguments
Two AI advocates debated this claim using the research gathered.
Argument for
Source 9 (Intel 471) explicitly confirms that Fabian Wosar did open a dedicated Jabber account for disgruntled parties to reach out anonymously, and Sources 7 and 8 (Twitter) corroborate that he actively shared and promoted his Jabber address as a contact channel — together establishing the core factual elements of the claim. While the Intel 471 source characterizes the recipients as cybercriminals rather than 'power users,' this distinction in labeling does not negate the documented reality that Wosar created a dedicated, anonymous Jabber channel for disgruntled contacts reporting operational concerns, which aligns substantively with the claim's central assertion.
The Proponent's argument commits an equivocation fallacy by treating “disgruntled cybercriminals” contacting Wosar about affiliate-payment and operational RaaS concerns as interchangeable with “disgruntled power users” submitting “performance bottlenecks,” even though Source 9 (Intel 471) is explicit that the channel was for threat actors and not software-user performance reporting. Sources 7–8 (Twitter) merely show Wosar sharing a general Jabber address as a convenient way to reach him, and they provide no evidence that it was a dedicated anonymous intake for performance complaints—so the Proponent's “core elements” are not established for the claim as stated.
Argument against
The motion is false because the only documented “dedicated Jabber account” attributed to Fabian Wosar is described as a channel for “disgruntled cybercriminals” to contact him anonymously, not “disgruntled power users” reporting software performance bottlenecks (Source 9, Intel 471). Meanwhile, Wosar's own posts frame Jabber simply as a general contact method (fw@jabber.ccc.de) with no mention of anonymity, a special-purpose account, or performance-issue reporting, and Emsisoft's author/blog/forum materials likewise contain no such claim (Sources 7-8, Twitter; Source 10, Emsisoft Support Forums; Sources 1-6, Emsisoft).
The Opponent's argument hinges on a narrow semantic distinction — 'cybercriminals' versus 'power users' — while conceding the core factual elements of the claim: that Wosar opened a dedicated Jabber account for disgruntled parties to report concerns anonymously, precisely as Source 9 (Intel 471) confirms. The Opponent commits a fallacy of equivocation by treating a difference in the label applied to the contacts as a wholesale refutation of the claim's central structure, when in fact the documented behavior — a dedicated, anonymous Jabber channel for disgruntled individuals reporting operational concerns — substantively matches the claim's assertion.