
The Delpan Incident - joeyespo
http://blog.gittip.com/post/35314128322/the-delpan-incident
======
nathanb
Sounds like they're misusing the word "suspicious". Either that, or they're
setting themselves for PayPal-esque issues at scale.

If your business model is "one suspicion means your account is frozen", once
you are at a scale large enough to have false positives, you are destined for
scandal. I guarantee that if you hope to have a million users and you retain
this model, "Gittip froze my account and I can't get my money" is going to be
on the front page of HN at some point.

As with other commenters, I applaud the desire to be responsible with others'
money and I completely understand the need to be conservative if you want
others to trust you with their funds. But scale does funny things to good
intentions. You will wind up with insufficient funds to staff an adequate
support desk. You will wind up with bogus users trying to do shady things with
your service, and they will be very convincing and make you want to help them.
And you will wind up with legitimate users who love your service and want to
use it the way you've designed it but end up tripping your heuristic. And
those users will not love you and will feel hurt and betrayed by you, and if
you do that to the wrong user it will quantitatively affect your business and
the public perception of your organization.

~~~
whit537
> But scale does funny things to good intentions.

This is great feedback, thanks! You really nailed the ways that fraud burns
both good people and good companies. What's the right thing to do, then?

In publishing a detailed report about this incident, I hope to establish a
pattern of adjudicating these things in public:

<https://www.gittip.com/about/fraud/2012-11-05.html>

Everyone who was affected by this incident is listed right there on that page.
If someone wants to make the case that they're a false positive, they are free
to do so, and we can all decide the case together.

I think that's different than PayPal.

> You will wind up with insufficient funds to staff an adequate support desk.

Gittip is a community-managed resource, not a closed product. Right now I'm
the support desk. As we scale, the support desk will be staffed by members of
the community, chosen by the community, as the community has need.

> You will wind up with bogus users trying to do shady things with your
> service, and they will be very convincing and make you want to help them.

If they ask for help they'll be doing so in public, and I'll have you to help
me spot them. Many eyeballs, etc. For example, here's a brand new GitHub
account asking for details of Gittip's anti-fraud measures and making
recommendations:

[https://github.com/whit537/www.gittip.com/issues/364#issueco...](https://github.com/whit537/www.gittip.com/issues/364#issuecomment-10186628)

[https://github.com/whit537/www.gittip.com/issues/357#issueco...](https://github.com/whit537/www.gittip.com/issues/357#issuecomment-10179510)

[https://github.com/whit537/www.gittip.com/issues/347#issueco...](https://github.com/whit537/www.gittip.com/issues/347#issuecomment-10186850)

[https://github.com/whit537/www.gittip.com/issues/357#issueco...](https://github.com/whit537/www.gittip.com/issues/357#issuecomment-10179510)

Waddya think? Fraudster? :^)

> And you will wind up with legitimate users who love your service and want to
> use it the way you've designed it but end up tripping your heuristic.

This has already happened. Half the accounts I originally suspended last week,
I ended up reinstating with an apology:

[https://github.com/whit537/www.gittip.com/issues/329#issueco...](https://github.com/whit537/www.gittip.com/issues/329#issuecomment-10000001)

Again, that was done in public, as is the matter of recovering stolen money
that was passed off on innocent bystanders:

<https://github.com/whit537/www.gittip.com/issues/371>

> if you do that to the wrong user it will quantitatively affect your business
> and the public perception of your organization.

Again, Gittip is a community-managed resource, not a business. The wrong user
can say very little that I wouldn't welcome them to say publicly.

~~~
nathanb
In my opinion, by linking a person's gittip account with their public persona
(twitter or, worse, github) and then calling a person out as "suspicious", you
are doing your user base a disservice. If I was trying to do the right thing
by tipping someone I appreciated and then not only did you tell me I was
suspicious but you also told the world, I would not be passionate about how
great your service was. At the very least I would have a bad taste in my
mouth, and at the worst I would likely flee entirely.

At a scale of a million people, 0.3% is 30k. Can you imagine a human trying to
parse that page at that scale? I can't. You wave the magic phrase of
crowdsourcing at the objections, but what person has the sort of energy,
patience, and free time to sift through all that? Paypal can't _hire_ enough
folks to do that sort of thing; what makes you think you can convince them to
work at it for free, month after month, year after year? Oh, you might gittip
me fifty cents if I do that for you? Well, OK then.

I understand that the last thing you want is for gittip to become a money
laundering site. If news got out that your pet project is a great way to get
funds out of stolen credit cards, that could easily destroy you completely.
Perhaps avoiding that scenario makes the measures you've put into place worth
it. But it feels like you've limited both the rate at which you can grow and
the scale to which you can grow.

Every now and again you read about someone's Amazon account being closed
because it gets caught up in their automated scam dragnets and the customer
service drone assigned to their case is monumentally unhelpful. Do you think
that a system similar to yours (aggressively flagging accounts, exposing
presumed fraudsters, relying on community volunteers and public transparency)
would make their system better, at their scale? Do you think they could have
reached their current scale if they used such a system?

~~~
whit537
I'm open to alternatives. What would you suggest?

~~~
whit537
The primary goal is to keep stolen money out of Gittip. The secondary goal is
to recover stolen money once it's inside of Gittip. There are other kinds of
fraud to watch for but let's focus on this for now.

If Gittip does nothing, then stolen money gets into Gittip, and some portion
of that is reported to the banks, and Gittip gets hit with chargebacks.
Chargebacks are financially onerous, and if Gittip gets too many of them then
we'll lose our privileges with the banks altogether. Moreover, chargebacks
take months to hit. It's neither economical nor efficient to use chargebacks
as the primary signal for bad accounts. Therefore, I don't see a choice but to
try to predict which accounts are going to inject stolen money into Gittip
before it happens.

Once stolen money is in Gittip, some of that goes to good accounts and some to
bad. Either Gittip makes an effort to recover that money somehow, or we simply
factor the entire stolen amount into our cost of doing business.

------
hsmyers
While I'm not truly clear on what gittip does, I applaud the message from the
guy in charge. I like the approach and the intent---and above all the open-
ness. Curiously that is combined with a sensible amount of 'quiet' with
reference to exactly what they are doing to combat the problem. Insert
applause here...

~~~
whit537
Thanks! :^)

Gittip lets you set up small anonymous weekly gifts between $1 and $24 to
people who do good work. It ticks over every Thursday. Gittip is funded on
Gittip and is trying to be an "open company:"

[http://blog.gittip.com/post/26350459746/the-first-open-
compa...](http://blog.gittip.com/post/26350459746/the-first-open-company)

------
relix
Not sure if having a boolean value where "null" and "false" mean two different
things is a good idea. Sounds like a source for a lot of bugs in business code
and SQL.

~~~
krapp
naive but honest question -- _aren't_ 'null' and 'false' different?

~~~
majormajor
They are, and that's where the bugs can come from. :) It leads to a situation
where it's easy to come back to the code in the future (or have a new
developer working on it) and see a field that's a boolean and make an
assumption like "well, this is a boolean, so if it's not True than it's
False." I like to make my booleans not-null so that they're, well, actually
booleans, and leave stuff with three or more states to enum-like behavior.

~~~
whit537
Yeah, maybe should've gone with an enum. I end up doing "is_suspicious IS NOT
null" etc.

~~~
groby_b
Or you could just admit that it's lots of grays and use an actual number.
[0..1] for a trust scale. Trust _never_ is binary. (It also rarely is one-
dimensional. But that's a different story... You might get away with one
dimension, since it's restricted to a very limited set of interactions)

~~~
whit537
Good point. I was trying to get something going quickly. I expect the system
to continue evolving.

------
MattGrommes
I think this just means that I've had a long, tiring week but the fact that
the amount of stolen money was 56789 was really messing with me. I kept
scanning for the part where he said the numbers were made up or something.

That said, this is a great article and definitely educated me to a bit of
potential fraud I hadn't considered before.

~~~
whit537
Got me, too. :^)

<https://twitter.com/whit537/status/266285523872657408>

------
dredmorbius
Holy unreadable contrast, Batman!

<http://contrastrebellion.com/>

~~~
whit537
Yeah, sorry. We have a new visual design waiting in the wings.

<https://github.com/whit537/www.gittip.com/issues/66>

Hopefully this fraud thing dies down long enough for me to implement it,
and/or someone else steps up to the plate.

------
lmm
So now when you're "given" money through gittip you can't get it back out
until their system decides you're trustworthy? Sounds like the first step on
the road towards turning into paypal (and the incident gives you some insight
into why paypal ended up like that).

~~~
RobAley
I think one of the main problems with PayPal is that their procedures are
opaque and when your funds get frozen there is no information as to why. It
sounds like his intention is the opposite of that.

~~~
whit537
We shall see if this intention is ultimately realizable.

~~~
whit537
On another HN thread I learned about potential legal ramifications for
"tipping off" criminals that seem to be behind PayPal's characteristic
behavior:

<http://news.ycombinator.com/item?id=4744371>

------
debacle
You can't really solve this problem. It's why things like Stripe and PayPal
cost so much money. The only way to solve it would be a la Google, where you
need to have a certain account balance before withdrawl, but that opens you up
to other regulatory issues.

------
pfortuny
It looks like a great project and this kind of message is encouraging about
its leadership.

Yes, you cannot get rid of fraud. However, 0.3% of suspicious accounts seem a
reasonable number.

Great job but as others point out it looks quite hard for it to become
profitable.

~~~
whit537
Thanks! :^)

Gittip is funded on Gittip, and isn't designed to be profitable per se. More
info:

[http://blog.gittip.com/post/26350459746/the-first-open-
compa...](http://blog.gittip.com/post/26350459746/the-first-open-company)

~~~
pfortuny
Oh, great but then, who is accountable for precisely these rogues? That is
certainly a systemic problem or am I missing something? I like the idea.

~~~
whit537
Well, Zeta Design & Development, LLC is technically the legal owner of Gittip,
and I'm the owner of Zeta Design & Development, LLC. The open company
philosophy means that I'm managing it as a community resource and not a closed
product. Am I answering the question?

~~~
Permit
I imagine the problem he's addressing is what you're going to do in any
instances where a member lost money and you'd like to reimburse them.

In a traditional company, this might cut into your profits, but might simply
be the cost of doing business. In your case, if you have no profits to cut in
to, how will you reimburse people if that sort of situation were to arise?

I think Gittip looks really cool, and the concept of an "open company" is
intriguing. I'll definitely be interested how you guys tackle these sorts of
problems.

~~~
whit537
Gittip doesn't have profit, but it does collect a fee, and that fee needs to
cover reimbursements and chargebacks. Here's the ticket:

<https://github.com/whit537/www.gittip.com/issues/152>

