Editorial — Statement

We Are No Longer Volunteers

Why we are retiring a word that has been weaponized against the public interest

PhishDestroyIndependent anti-phishing research operation5 min read
We Are No Longer Volunteers — a PhishDestroy editorial statement

For most of our existence, we have called ourselves volunteers. It felt accurate. We work without salaries. We work without grants. We work without a legal entity collecting donations on our behalf. By any plain-language definition, “volunteer” fit.

We are retiring the word.

Not because the work changed — but because we no longer recognize ourselves in the company the word keeps.

The word is broken

In the past twelve months we have documented two organizations that publicly describe themselves as volunteer-driven:

Paid governance

ICANN

A 501(c)(3) non-profit collecting mandatory fees on every domain name registered on Earth. Annual revenue exceeds fifty million dollars. Its board members, formally classified as volunteers, receive five-figure annual compensation. The “volunteer” designation is a tax category, not an ethical stance.

Theft

xmrwallet.com

A self-described volunteer Monero web wallet. Our forensic investigation documented that it has been extracting private view keys from users since 2016, with over two million dollars in confirmed losses across more than fifteen victims. The operator’s farewell letter is signed “The Creator. No longer a person.” The “volunteer” framing was legal distancing from a compromised identity, not community service.

Between these two reference points, the word has lost its meaning. On one end: paid governance describing itself as voluntary. On the other end: theft describing itself as voluntary. Somewhere in the middle, our actual work was supposed to live.

It cannot live there anymore.

What we actually are

We are an independent, public-interest anti-phishing research operation. We are unpaid operators. These are the terms we will use from this point forward, in every report, every disclosure, every partnership document, and every page of this site.

The distinction matters: a volunteer donates time to an organization. An unpaid operator runs an operation that has no organization to donate to.

There is no PhishDestroy Foundation. There is no PhishDestroy Inc. There is no donation address. There is no token. There is no treasury. There is no board. There are no salaries — including zero, because zero is still a number that implies a payroll exists.

There is only the work, the public archive, and the people doing it.

What changes

On the site

  • All references to “volunteers” are being replaced with “operators” or “researchers”
  • The About page will lead with the unpaid-operator framing
  • Author bylines will be updated accordingly

In reports

  • Investigative materials will be signed as “PhishDestroy — independent anti-phishing research operation”
  • Individual contributors will be referred to as “operators” or “contributors,” not “volunteers”

In external communication

  • Partnership documents, abuse reports, and regulatory correspondence will use the new terminology
  • We will continue to refuse donations, grants, and any form of monetization

What does not change

The pipeline. The seven-stage validation. The public, hash-verifiable evidence archive. None of this depended on the word “volunteer,” and none of it will be affected by its absence.

~170K
verified phishing domains in the DestroyList (12 months)
~14h
median time-to-takedown
28
global partners
7-stage
validation pipeline

A note to those who still use the word honestly

This statement is not an attack on volunteering as a practice. People who genuinely give their time to genuine causes are the connective tissue of civil society. We have nothing but respect for them.

Our objection is narrow and specific: the word has been adopted as protective coloring by organizations that are not what the word implies. When a fifty-million-dollar regulatory body and a decade-long credential-stealing operation both call themselves voluntary, the word no longer protects anything except the entities hiding behind it.

We are stepping out from behind it.

Going forward

If you have referred to us as volunteers in the past — in press, in academic citations, in partner documentation — we are not asking you to retroactively change anything. We are simply telling you what we are now.

The work continues. The word does not.

Independent. Public-interest. Unpaid. Operators.

PhishDestroy — An independent anti-phishing research operation