
Trim seeks out and destroys awful monthly subscriptions - shawndumas
http://www.theverge.com/2015/12/20/10597788/trim-subscription-canceller-forgotten-bills-texts
======
wh-uws
Despite it being quite the first world problem its a problem I have.

I've been wanting to use a service like this but here is my question.

Whats with the whole text message as a ui craze?

I don't get it / like it.

Especially for this app. The explanation I usually hear is its good for people
who dont have smartphones or at least good ones.

But I think the overlap of the set of people with this problem and no
smartphone are vanishingly small.

This is the kind of service I want an app/ website that I can analyze the data
with and push notifications work for the text message case.

~~~
colmvp
Lower friction as you are creating a process that works on multiple OS'
without needing to download an app

Also, everyone largely keeps text message notifications on so it's easier to
maintain communication compared to relying on the user enabling app
notifications

~~~
caseysoftware
You nailed it. It gives you 100% market penetration with _one_ system, _one_
UI, and then you can focus on the backend processing and workflows. It also
doesn't require data or the like. If you throw in some phone number -> country
processing, you can even make some best-guess
localization/internationalization with pretty minimal effort.

It's a simple but powerful approach.

~ Former Twilio evangelist, so biased :)

~~~
ufo
I'm curious about how you can deal with security/authentication in these SMS
APIs. In theory, sending spoofed SMS messages to Trim would let you cancel
someone else's sbuscriptions.

~~~
caseysoftware
There are a few tactics but first consider the odds:

\- First, the target would have to be a subscriber to Trim so that's a small
group.

\- Then you'd have to cancel something they actually have so that further
shrinks the group. (Netflix would be a likely candidate.)

\- But then Trim could thwart most attacks with a simple "Are you sure? If so,
respond with " \+ rand(0, 100) If Trim used a simple Y/N the attacker could
spoof that easily.

Spoofing a message from another number is relatively easy. Catching Trim's
responses is more effort and most attackers aren't going to go to that level
of effort.

------
dghughes
I was a Netflix user but one day as I was looking at my credit card statement
I saw I was charged twice three months in a row.

I called Netflix support and was told some excuse their computer had already
billed me so their hands were tied.

Somehow with no interaction Netflix was able to sign me up for another account
on my credit card not authorized by me. And they didn't seem the least bit
worried and we're actually defensive or insulted.

I can't recall the end result but I think I was given a month free or
something like that.

The support person was sorry I didn't want to stay with them I said you have
no idea how I need up with two accounts! Why would I stay?

Anyway I guess this service wouldn't trim that duplicate account but it shows
how easy we can lose control of our money.

~~~
lfowles
This is why I prefer to use YNAB for budgeting, because at some point I have
to manually verify every charge is accounted for.

------
mynewtb
> it can be difficult to keep track of where your money is going on a monthly
> basis

Uh, really? Just look at the list of your transactions and that's it.

We all live on the shallow submarine.

~~~
colindean
> Just look at the list of your transactions and that's it.

Not if you have several cards through several servicers. I myself have eight
_servicers_ that I'd have to check. I only actively use four of them, though.
I'm acutely aware of this complexity and have over time moved most recurring
bills to a single card on a single servicer.

~~~
mynewtb
I know one weird trick to reduce your friction easily by at least 50%. ;-)

~~~
ry_ry
I can't believe it's not butter.

------
eykanal
So, I'm supposed to hand over my credit card to some unknown stranger and hope
that they're good people? Holy privacy intrusion, Batman!

There's nothing on the website stating that they're not storing information.
(They do list that they don't have access to certain info, such as
credentials, but nothing discussing actual transaction data.) I would hope
that sort of thing would be explicitly called out. There's also no mention of
security audits or anything other than their use of 256-bit encryption for
lots of stuff, which frankly I don't know whether is good or bad, enough or
nowhere near that. Also, companies of this size go out of business or get
acquired or whatever all the time... where's some assurance that my data will
be purged when the company dissolves or gets bought out by WeSellYourData.com?

Color me somewhat skeptical.

On a related note, the fact that TheVerge talks about it as though "what an
awesome service" without mentioning ANY sort of "oh and by the way they can
see ALL YOUR DATA because they're TEXTING IT TO YOU BY GOLLY" makes me think
the less of them, as well.

~~~
mattmanser
Like every shop, bar and website you've ever been to?

Colour me confused Robin!

You read [http://www.asktrim.com/security](http://www.asktrim.com/security),
did you read the last paragraph where they say you can email them directly at
security@asktrim.com, why don't you do that instead of over-reacting in the
comments?

------
pjc50
Hang on, how does it get your list of transactions using just a credit card
and phone number?

~~~
walterbell
Yes, why are banks releasing purchase history to a third-party data processor
without customer authentication by the bank?

~~~
bhandziuk
It seems they are authenticated because you gave them your bank password. As
far as your bank knows they're you.

------
rwmj
Nice! Sounds like they are solving the chicken-and-egg problem properly
([http://www.joelonsoftware.com/articles/fog0000000054.html](http://www.joelonsoftware.com/articles/fog0000000054.html)).

------
supercanuck
I subscribe to the Economist digital edition, and I recently noticed that I
was being billed twice for my quarterly subscription.

It turned out, I had "two digital subscriptions" albeit ONE username and
password.

The person kindly informed me this was going on for 3 years and could only
refund me a year's worth after I protested how it was possible to have two
digital subscriptions with the same Userid.

------
jenshoop
May be useful at the enterprise level/in a work context. I will be honest and
admit that as an executive at a startup, I often sign up for tools that I plan
to later sunset but forget about / think "Well, I might use that next month."
Totally different mindset than I might apply personally.

------
blisterpeanuts
Maybe simpler to just cancel your credit card? Probably a good idea to do
periodically, in this age of massive id theft.

Just update your legitimate subscriptions with your new card number, keep
careful notes, and wait to see who else out there starts squawking.

------
biot
Next service: an automated means to cancel Trim.

------
ergest
Mint can already look at your CC transactions if you connect the bank account
to it. I wonder how come they've never done something similar. It wouldn't
really cost them that much to maintain a database of subscription based
services and do a text match to highlight them. Heck it can even be a
category. You can of course do this manually, but they could automate it just
as easily.

~~~
Raphmedia
By bank offer built-in online services that are pretty much identical to
Mint's. I thought this was the standard in this day and age.

------
Animats
This should be a standard feature of online banking web sites - a list of all
your recurring transactions, with CANCEL buttons.

