
The toxic side of free – how I lost the love for my side project (part 4) - ColinWright
https://remysharp.com/2015/09/17/jsbin-toxic-part-4
======
Mz
_The second, major issue was that I had hoped, naively, that the web community
will swoop in and pony up some cash.

With JS Bin, everything users need is given away and open source. That's
honourable, but doesn't pay the mortgage._

He has come up with a very jaded either/or point of view. You can visit
Patreon and find sites being supported by user "donations". There are sites
making money on ads. There are sites making money on product sales. There are
sites supporting staff from a combination of the above.

It is naïve to think "If you build it, they will throw money at it," but that
doesn't mean you can either cut your own throat by giving it away for free
until you feel like a chump or you can hold everything hostage until people
pony up.

It's fine if you have a service that works well with a pay per use or
subscription model of some sort, but lots of services are not monetizable that
way. Television, print magazines, newspapers and on and on have to find ways
to pay the bills using a combination of charging the end user and selling
advertising and possibly other things I am not thinking of. As far as I can
tell, it would not work to _only_ charge the end user for quite a lot of
things we use regularly.

The world would be a poorer place if the only services that lived were ones
that charged the end user. There are some services that are just not conducive
to that model.

I hope he revisits the question of how to monetize JS Bin. Do some
brainstorming. Do some research. Try to figure out a monetization scheme that
is a good fit for the specific service in question.

I think the best salve for this wound would be a monetization scheme that
works. There are enough embittered, jaded people in the world already. We need
to find more ways for people to follow their bliss and also pay their bills.

------
ChuckMcM
I discovered a similar problem with writing, which is that writing an email or
a comment takes no time at all, but when someone is paying for what I write it
takes _a lot more effort_. I wrote a column for a couple of years and it
wasn't until the second year that I actually took my editors advice to just
send her the first version and work on it collaboratively rather than try to
get it perfect.

I see side projects also get bushwacked by this mental shift.

~~~
teddyh
_Studies Find Reward Often No Motivator_

[http://www.gnu.org/philosophy/motivation.html](http://www.gnu.org/philosophy/motivation.html)

~~~
ChuckMcM
That was a good read, but there was a different mechanism at work for me. When
I do something for free, and someone complains about it or finds it wanting,
it does not bother me. Sort of like "Double your money back on Free Advice you
don't like." But when I am being paid to provide the thing I am providing, a
big sense of my wanting to make sure they are getting their value kicks in,
and since I undervalue my time tremendously I try to over deliver on value.
And that slows me down. Letting my editor have an early draft let _her_ decide
if there was sufficient value and on at least one occasion she took my column
as written and said, "This is great, we'll have proofs ready tomorrow." Had I
not sent the draft I would have spent at least another week writing and re-
writing.

~~~
kelnos
I guess I've just become a bit more jaded. Or maybe I always have been. I used
to maintain a good amount of open source stuff, and the entitled complaints
really got to me.

But if I'm being paid for something, I feel the obligation to deliver what
I've promised, and I feel bad if I fall short. I do struggle sometimes with
valuing my time "correctly", but overall I think I've experienced less stress
building software for a paycheck vs. dealing with the (minority of) ungrateful
leeches in the open source community.

~~~
fsloth
"the entitled complaints really got to me."

Having done some voluntary work long time ago - I would say providing value to
a community in any context seldom pays in direct gratitude.

In direct communication, complaints are always more likely than compliments.
The value must come from somewhere else than direct feedback from
beneficiaries, like observing the thing you just pulled off being enjoyed by a
lot of people and being pleased of it. The corollary to this is that it's much
more enjoyable to work for free in a friendly group than alone because then
the company and support of peers can be an equivalent source of joy.

I suppose a lone free software project lacks these both, unless one can
visualize the value by looking at the number of downloads...

------
Osiris
Regarding his fraud issue, I found that my website was being used in the same
way when I added a credit card payment form. I implemented a system that first
does an "Auth". If that passes, then I pass details to MaxMind and get back a
response with a "riskScore". If the score is too high, I void the auth and
decline the transaction. This has saved me a lot of chargeback fees, though
it's still not perfect. I prefer PayPal because a "not authorized" just
reverses the transaction; there is no chargeback fee.

~~~
TheSmoke
risk score means the possibility of a transaction being fraudulent. here's
another way you can do this for cards issued in Europe: if the risk score is
too high start a 3D secure transaction. if the risk score is acceptable then
start a normal transaction. a full 3D transaction will never mean it is not
fraud however you will have no liabilities when a chargeback is issued by the
card holder. many of your US customers, if not all, will fail to pay via
3D-secure because god knows why tons and tons of US card holders or issuing
banks are not enrolled in 3D-secure system.

~~~
daxelrod
As a US customer, I'm hesitant to use 3D Secure because:

1) The implementations by Visa and MasterCard have security weaknesses,
terrible usability and look like phishing:
[http://www.cl.cam.ac.uk/~rja14/Papers/fc10vbvsecurecode.pdf](http://www.cl.cam.ac.uk/~rja14/Papers/fc10vbvsecurecode.pdf)

2) My understanding is that my bank shifts liability to me for 3D Secure
transactions. Why would I want extra liability?

~~~
PhantomGremlin
Yeah, "Verified by Visa" is exactly like phishing. Good paper.

Fortunately here in the USA I haven't been asked for my credentials in at
least 10 years. So it seems to have died the death it so richly deserved.

Do people encounter this on a daily basis?

~~~
derefr
Visa and co. are big—really big—so I've never understood why they've not just
leaned on the OS manufacturers and browser makers to provide them some form of
unique, unforgeable signal to users that they're interacting with a real bank.

There could be, say, an HTML5-exposed API capable of triggering "super-modal"
forms (like OS UAC does) if-and-only-if the page is being served from a secure
origin cross-signed by some "Web Banking Working Group Certificate Authority"
that all the banks and OS makers are members of.

~~~
acdha
The better way to do this would be some sort of two-factor thing – e.g.
imagine if the physical card had the equivalent of an embedded RSA-style one-
time code generator or, better, a U2F USB/NFC device – which would be
resistant to UI spoofing or, in the U2F case, phishing.

Unfortunately the banks have less motivation to invest in this as long as the
costs of fraud are pushed onto merchants and all of the major players charge
similar fees. If something like Apple Pay starts to catch on, perhaps we'll
see that change once the banks’ main concern is avoiding a single vendor
getting too much market share.

~~~
kalleboo
One of my Swedish banks uses a chip-and-pin reader for 3DSecure. You insert
your card, authenticate with your PIN, and then sign a nonce to validate your
transaction.
[https://farm4.staticflickr.com/3237/2486214902_8feafd8200_b....](https://farm4.staticflickr.com/3237/2486214902_8feafd8200_b.jpg)

Another one uses a smartphone 2FA app.

------
Mahn
> it's cost me, £21.54 to allow some shithead to use JS Bin as a stolen card
> testing facility.

Not sure if it's standard practice, but in our case we let the users use the
"free tier" service _first_ , and we offer the paid plans only once we can
validate they have a genuine interest in the product . It works well for us to
avoid these cases.

~~~
markbnj
That's an interesting approach, but if the "pro" features are something the
user really needs, then don't you risk losing a sub if the feature is withheld
until you "get to know each other?"

~~~
dbpatterson
You could give them 15 days free use, and only charge it after that... there
is a risk that the charge doesn't go through (in which case you've given a
couple weeks free service - big deal), but otherwise, you've just made it much
less useful for card testing (to the point that they certainly won't use your
site).

~~~
msandford
Yeah, that's all of the upside and none of the downside really. Introducing
ANY kind of delay between taking the order and charging the card will just
about eliminate these kinds of fraudulent transactions.

------
ffn
Okay, say you're a US citizen building some digi service like JS Bin, and
VATMOSS starts fling threats at you, for how long can you go about ignoring
them? I mean 3.5k GBP and however many weekdays it took isn't exactly
affordable for every small business, and if you don't even have many Euro pro-
users, I don't see the cost-benefit justification of giving VATMOSS priority
unless they can reach across the Atlantic.

~~~
bluecalm
VATMOSS is a nightmare for small businesses. I am lucky that authorities in my
country decide that I can avoid it with my project (because it doesn't fit
exact definition of electronic service so I can pay VAT in my country as it's
a place the service is provided in according one interpretation of the new
law) but they have plans to extend it and I may be forced to go through
accounting hell to comply with this regulation in the future.

It's one of the most ridiculous regulations there could be. As a small
business founder you are not really in position to do the accounting for it
properly and most accountants here have very little idea how to prepare all
the documents either. You are required to keep 2 pieces of evidence of
customer's location (IP, address etc.) which you often just don't have access
to in the first place (if you payment gateway provider doesn't make this
information available to you).

So not only you need to find someone who knows what to do (already very hard),
pay them significantly more than you would for normal accounting (big burden
for small business owners and especially people who start), keep accounting
information you often don't have access to, then prepare this accounting
information as well (which means you spend resources for writing the scripts
yourself as most tools accountants use don't track needed info).

Additionally to all of this there is no more VAT free quota for people who
just start (usually there is for business who don't qualify for VATMOSS, size
of the quota depends on the country).

When I've learnt about it (I started my business in 2015, the regulations
started to be law Jan 1th 2015) I was really depressed about the whole thing.
I was spending my days reading some contrived law and various interpretations
of it instead of doing the actual programming. Nobody had answers for me (I've
got different opinions from 2 tax advisors, different one from our tax office
and yet different one from national tax information line) and I was just close
to giving up altogether (I didn't expect my project getting as much traffic as
it did and I wasn't really in position to spend significant resources for
accounting when I didn't even know I would make enough to cover it).

It's a hostile piece of regulation which very severely disincentivize you from
starting a business or paying your taxes properly. It only shows how out of
touch EU bureaucrats are. I guess they think typical business is like Google
or Amazon or something.

~~~
pjlegato
> I guess they think typical business is like Google or Amazon or something.

Exactly. Many in the EU imagine that "business owner" is a synonym for "evil
capitalist plutocrat." For them, if you are not someone's employee, you are by
definition rich. Questions of scale are ignored.

~~~
PythonicAlpha
I don't think, that so many (at least educated) people in the EU believe that
... but the problem is (and I saw evidence for that again and again), that the
politicians like to talk about the "Founder culture" or that they want to aid
smaller businesses ... but in fact, they do the absolute opposite.

I see that, because at least in Germany (where it is very chic in the
political class to talk how to aid smaller businesses and startups ...!) the
tax rules are in favor of the big corporations (they have been changed in the
last decades, so the corporations got better and better conditions) ... but of
course this relieves for the big ones must be compensated somehow -- so the
smaller companies have to pay even more taxes.

The current VATMOSS legislation is also a good example: It was announced to be
a means to counter the fact that bigger corporations like Amazon avoid VAT by
having subsidiaries in Luxembourg. But the biggest problems with the new
rulings have now the smaller companies, that never had the chance to open
subsidiaries in Luxembourg. For Amazon it is a small drawback and they may
have to raise some prices -- but the troubles of other companies are
tremendous.

So: The politicians are talking much about smaller companies -- but are only
thinking about the bigger ones. And in Germany, many laws are even written by
people from the bigger corporations.

~~~
wobbleblob
I know two people who tried to start a business in Germany and failed, not
because of the EU but because of domestic, German rules.

One tried to start some kind of innovative form of pharmacy (the details
weren't clear to me), but found himself unable to join the pharmacy guild, and
apparently it is illegal to start a business without joining the guild. The
other tried to start a bed & breakfast business, but the 'breakfast' part was
closed down indefinitely when the food safety inspection found he didn't have
the right license for a Sandwichtoaster. Apparently there are different
regulations for serving a hot breakfast.

~~~
pluma
Yes, all professions are regulated. Sadly this has less to do with an
overzealous government and more with lobbies and accidents of history.

Guilds used to rule all professions in the middle ages and a lot of the
regulations are sadly derived from that. This means you can't do certain
things without the proper certifications (e.g. if you're a licensed car
mechanic or "KFZ-Mechatroniker" that doesn't mean you're also allowed to do
paint jobs because for that you'd need to be a licensed "Lackierer").

Likewise, pharmacies and pharmaceuticals in general are heavily regulated,
especially with regard to prescription drugs. I think online pharmacies only
became legal quite recently (previously most of them operated out of other EU
countries, effectively creating a grey market with all the problems that
entails for the customers).

What killed your friend's B & B idea was likely the strict requirements for
food safety. It's practically impossible to use private kitchens to produce
commercial food products and commercial kitchens have to conform to various
rules (plus the employees working in them have to obtain the necessary
certificates). IMO this is a good thing, but it can of course make easy things
(like serving a breakfast in a single bedroom B & B) very difficult.

The huge difference between the US and Germany is that in Germany suing for
damages results in compensations that are a fraction of what you see in the
US. But at the same time companies are more likely to run into trouble with
the authorities before they can harm you and even if you end up with permanent
injuries the public healthcare covers them in most cases -- i.e. you're less
likely to be harmed and the economic damage of that harm is likely
considerably smaller.

But as an employer I have to say some of the regulations, laws and
restrictions can be incredibly tedious and annoying. Especially if you're
running a very small business.

~~~
PythonicAlpha
> But as an employer I have to say some of the regulations, laws and
> restrictions can be incredibly tedious and annoying. Especially if you're
> running a very small business.

Yea. My impression is (too), that the regulations in Germany are much more
harmful to smaller companies than to big corporations. As big corporation, you
basically can do very, very much, without being penalized much. In Germany,
you always can say, that health costs are covered by the public health
insurance. So, it is common, that compensations are small fractures of that
which is paid in the US or even no compensations are made.

My feeling is, that German judges are much more reluctant to rule against
corporations, as long as their fault can not be proven 110% -- for common
people on the other hand, 80% prove are enough most of the time (I remember,
that not long ago a young girl was convicted for computer fraud, just because
Siemens said, that the 4 digit PIN-system for EC cards was 100% secure --
something we soon later found out, was never true!).

------
stevoski
Please, please, anyone, if you are getting started in online payment
processing, don't do it yourself. Use a service that already handles the VAT
and fraud detection issues.

Then, when you've proven your product, and got substantial sales, you can
write your own. Maybe.

The author of the article spent weeks and thousands of euros to implement a
payment system. And yet he had only a handful of customers.

~~~
jlongster
Well, he used Stripe, so he didn't write his own. Personally I wasn't aware
that there was such a high fee for a chargeback. Is that because Stripe
doesn't handle fraud well?

Seems like most of his time was spent dealing with tax issues, which you'd
have to do regardless of how money is actually transferred.

~~~
stevoski
Good point. I consider using Stripe a "do-it-yourself" solution, which
requires manual coding. As far as handling EU VAT, Stripe offers nothing, and
you need to manually implement this.

I meant that you should use a service last FastSpring or Avangate initially,
which require no coding, and completely take care of VAT.

~~~
vfdfv
Do you know if Braintree handles EU VAT in an automatic way? I've read the
article below but I'm not totally sure what to make of it:

[https://www.taxamo.com/braintree-announce-partnership-
taxamo...](https://www.taxamo.com/braintree-announce-partnership-taxamo/)

I am definitely not interested in hand-coding a solution.

~~~
thibaut_barrere
I don't know about Braintree, but I can report that for my SaaS app
([https://www.wisecashhq.com](https://www.wisecashhq.com), currently priced in
$ but France-based), I used Recurly
([https://www.recurly.com](https://www.recurly.com)) which handles EU VAT very
nicely (including VAT changes happening in 2015).

I use them together with Stripe as my gateway, it generates proper invoices
and applies the rate of the buyer's country unless a valid VAT number has been
provided. They also provide a stripe-like js library so that the credit-card
number doesn't go through my server.

With regard to VAT MOSS report, they do most of the checks, I only wrote a
little ETL script using [http://www.kiba-etl.org/](http://www.kiba-etl.org/)
to create a break-down of the related amounts for each quarter and each
country, which I then submit manually to the VAT MOSS French website.

So in my case, this is fully automated, and I'm pretty happy with this :-)

Feel free to email me if you have questions.

~~~
djm_
This is the setup (Recurly + Stripe) the article is complaining about though,
it doesn't protect well against fraud.

------
imchillyb
Following the bliss isn't supposed to pay the bills.

Following the bliss increases skill-sets, creates necessary connections
between persons, and gives the bliss-seeker an out. Out is good.

The bliss is not the means to an end. The bliss is self serving and self
improving, while also finding an escape from the daily grind and its
deleterious effects.

Follow your bliss, by all means. But, at the same time, realize that it's not
the end goal. You're not learning programming to make money. You're learning
programming because you enjoy it, and or it increases your skill-sets.

Also, programming isn't bliss. Programming is an addiction. It's a sometime
beneficial addiction, but an addiction nonetheless. Something to consider.

~~~
inDigiNeous
If you're dedicated enough to follow the bliss, it will pay your bills, and
also do the other things. If you have failed personally, please don't
discourage others.

Programming can be bliss, at least seeing the results. I mean, why else would
anybody program? Just for the money?

~~~
jakevn
> I mean, why else would anybody program? Just for the money?

Considering the pay, absolutely!

~~~
inDigiNeous
Then, I would recommend, through experiences of doing what I dont love long
enough, to reconsider what is more important, money or doing what you love. Of
course, sometimes it can be just the money, or the learning, or working with a
great team, but to recognize when it turns into a struggle and just drains our
energy is something that is important.

Working with software, it is such a toll on the mind and the body, that doing
it just for the money seems really pointless at least for me.

But I understand that this realization may come through only going through
enough work that is not really fulfilling us inside on a deep level.

On a superficial level programming can be good just to gather resources, but
is this really the best we can do? I mean, what if Elon Musk, Nikolai Tesla,
Newton or other brightest minds would just worked for money ? Would we have
the inventions we have today ? This is my point I want to remind people
everyday.

I have worked for 5 years (3 of those fulltime, and so that I have always
managed) on a project ([http://GeoKone.NET](http://GeoKone.NET) and now
[http://Geometrify.net](http://Geometrify.net)) that is the product of my pure
love, and at times it has been difficult, yes, eaten a lot of porridge during
those days, but the Universe has a way of supporting those who really want to
help others, and to provide something to support others in their quest too!

But you have to give back something too in order for it to work. I think this
is also a big problem in our society right now, not giving back, but just
gathering resources for selfish uses, like many big companies do.

This is why I am reminding to really think about what we are putting our
energy into.

------
aianus
How would the EU enforce VAT requirements on an online business based in the
U.S.? If I have an online business in the US and no presence in the EU and no
intention to ever go to the EU, I don't have to charge VAT, right?

~~~
JoshTriplett
Correct. In theory if the project grew large enough (as in "billion-dollar
industry"), the EU might start attempting to control it or block it, or
attempt to regulate transactions involving it under the auspices of
import/export/tariffs, but in general the EU (or any non-US company) has no
jurisdiction to impose taxes on a US company. (Nor does the US have
jurisdiction to impose taxes or regulations on an EU company, for that
matter.)

------
javajosh
Remy, I'm sorry. JSBin is my favorite live JS environment, and I use it
several times a week, and I haven't paid a thing. That's not fair to you.

I'm also sorry that I haven't sent the emails that probably still sit in my
drafts folder, because I think that the JSBin genre of software development
tools has a very bright future - and I encourage you to not give up.

For now, is it at all possible to just send you $100 via paypal?

~~~
remysharp
<3 there's a "keep me honest: donate" button at the bottom of my blog.

~~~
javajosh
Done. And I stipulate that you spend at least some of the money on a beer.
Cheers.

------
dspillett
This is why if any of my personal projects go anywhere they'll remain free
while they are in my hands. They can act as a portfolio ("look what I've done,
aren't I clever") for when job hunting but I'll not even try make money
directly from them even to cover costs.

If they become worth charging for then someone can buy the rights from me and
run it. Yeah they'll take the lion's share, but also all that hassle and I can
still have credit for having created the thing in the first place. This is
assuming that whatever project I'm talking about isn't released F/OSS of
course, at which point if there is any sort of demand someone will already be
hosting an instance or few.

If the costs of running one of the projects gets higher than pocket money and
no one else wants to run it? It either stops taking new users or is otherwise
rate limited, or gets turned off completely, or in the case of a F/OSS project
my instances become "friends and family only" and others can host their own.

My side projects are just that: personal time projects, either just playthings
or intended to grow my experience in something. They are not second jobs and I
wouldn't want them to become so.

Similarly I'll be careful not to include any features that can send mail or
SMS, or call other sites, in a publicly addressable service that isn't locked
to F&F-only. I don't want the faf of accidentally becoming a spam source due
to a silly bug in my code or some support library I happen to be using.

~~~
srtjstjsj
This is why Amazon DevPay(?) exists. You ship software, and Amazon directly
bills your customers for the AWS usage. you don't have to get into the AWS-
reselling business just because you wrote cloud software.

~~~
gkop
Except

    
    
        Sellers of Amazon DevPay applications must be able to do business in the 
        United States. Funds earned through the sale of Amazon DevPay applications
        can only be withdrawn to U.S. bank accounts.
    

[https://aws.amazon.com/devpay/faqs/#general_10](https://aws.amazon.com/devpay/faqs/#general_10)

    
    
        Q: How are taxes handled?
    
        Amazon DevPay does not provide tax collection services for you. You are
        responsible for paying the appropriate taxes (local, state, federal,
        etc.) as applicable.
    

[https://aws.amazon.com/devpay/faqs/#pricing_7](https://aws.amazon.com/devpay/faqs/#pricing_7)

------
scrollaway
This was a great read. The VATMOSS stuff was especially scary. I don't
understand why there isn't a lower bound on how much money you have to make
before you have to worry about bureaucracy like that =/

Monetizing foss projects is hard. It's funny... at this very moment, in
another corner of Github, there are people fighting against ads being
introduced in Flyspray, a self-hostable gpl issue tracker. There's good
discussion in the commit and it's a perfect lesson in how _not_ to monetize
FOSS projects.

I thought it was relevant so I submitted the details here:
[https://news.ycombinator.com/item?id=10235858](https://news.ycombinator.com/item?id=10235858)

------
sergiotapia
This is incredibly interesting and something most pet-project hopefuls don't
even consider. Building the project is the easy part, what comes next is where
things sink or swim.

Thanks for sharing!

------
umziehennachbar
If $6 is too cheap and encourages fraudsters to test credit cards on your
service because banks don't get concerned about transactions at that cost, how
much should he have charged at a minimum? $10 $20?

~~~
StillBored
I wondered that myself, especially since it doesn't have to be more expensive
to the end user. Instead of selling them 1 month for $6, sell them 12 for $72
or some such, or make them buy a minimum of 10 accounts to get a monthly rate.

Yah, I know the trend is to do a bunch of little micro payments, but its not
like you can't do the math for them an say "$6 a month" then when they go to
order it, limit the minimum number of months in order to increase the total.

~~~
umziehennachbar
does Fivvr.com experience this problem?

------
pcr0
There was a post here recently trying to figure out why Europe's startup scene
was falling behind the US.

Kudos to companies that can survive past monstrosities like VAT and VATMOSS.

Out of curiosity, how is VAT enforced for a non-EU seller and an EU buyer?
Let's say my business was registered in the Cayman islands for example.

~~~
toddkazakov
I can tell you about EU seller and US buyer - there's no VAT

------
chejazi
JS Bin is a service that appeals to techies. As such, it should see moderate
success accepting Bitcoin! Bitcoin transactions are non-reversible, which
would solve the fraud complications.

~~~
Nexxxeh
But would it fuck him on the VATMOSS? Would he lose the ability to verify the
address via the cardholder billing address?

A question I don't know the answer to.

~~~
joshvm
At the moment it's a bit of a grey area. In the future, the Government is
already planning:

[https://www.gov.uk/government/publications/revenue-and-
custo...](https://www.gov.uk/government/publications/revenue-and-customs-
brief-9-2014-bitcoin-and-other-cryptocurrencies/revenue-and-customs-
brief-9-2014-bitcoin-and-other-cryptocurrencies#vat-treatment-of-bitcoin-and-
similar-cryptocurrencies)

You'll have to charge VAT as normal, before the price is converted into
bitcoin.

------
emilburzo
> With JS Bin, everything users need is given away and open source. That's
> honourable, but doesn't pay the mortgage.

Well that hit home pretty hard, I think I've made the same mistake with my
project.

Although the great reviews and personal "thank you"'s are great, as the author
said, they don't pay the bills.

------
saidajigumi
> I can't win the complaint. The card was stolen, the £6 belongs to the
> original card owner, no question.

This is so wrong. Business owners, on average, have little to no information
or power to deal with this. The only agencies that have ultimate ability to
deal with fraud are the card issuers and banks. IIRC, it was Bruce Schneier
who first clearly articulated this for me. By placing all fraud risk on the
issuers, they're fully incentivized to fix the problem as well as possible.

But instead when small (or even large) business customers are subjected to
ridiculous fraud charges as described in Remy's article, fraud is transformed
into a kind of externalized cost imposed by these same issuers.

~~~
hughw
Does Paypal ameliorate the problem? Is there less fraud if you accept Paypal
only?

~~~
cpncrunch
Yes, paypal seems to have very good fraud detection. I've been using them for
the last 9 years for mostly $10 transactions (about $30k a year or so) and I
don't think I've had a single fraudulent transaction in that time. Before
paypal I used worldpay, and although their support is infinitely superior
(paypal's support sucks balls), I did have a few fraudulent transactions a
year.

Also, paypal's refund fee is just $0.30. (Not sure if it costs any more for a
chargeback).

------
petercooper
_I pay for Gmail, because I need real business email accounts._

Did I get lucky with being one of the early Apps for Your Domain users? We
don't pay a bean for our company's Gmail accounts but seem to get most of the
features (no ads, custom domain, etc).

~~~
pluma
You've been grandfathered (i.e. you got lucky and Google decided to uphold the
original terms you signed up on).

Frankly, as a European I don't find the paid version worth the price tag
(which can be hefty if you have a lot of freelancers working for you). Yes,
it's Google Apps, so if you use the entire stack you can avoid the cost of a
lot of additional services, but at the same time that means you need to be
okay with storing all your confidential data with Google.

But for me the deal-breaker was the way e-mail accounts work when using the
same Google Apps for Business account with multiple domains. At least when I
evaluated it, there was no way to define aliases per-domain. So if you add
both domain-a.example and domain-b.example and want contact@domain-a.example
to go to a different person than contact@domain-b.example -- no dice. Also if
you want to be able to receive e-mails on firstname.lastname@domain-a.example
but not firstname.lastname@domain-b.example, again: not a chance. I'm not sure
whether this has changed since then, but this is why I took my business to
Fastmail and other isolated services.

------
Mahn
Good read, but I wonder why didn't he hire a tax advisor to deal with VATMOSS?
It's usually not that expensive even if you are not doing revenue, and unless
you are in the business of taxes there's little to gain in doing it yourself.

~~~
jpallen
The VATMOSS rules mean that you need to collect, verify and store a bunch more
info than previously: You need to be able to show evidence for the country the
buyer is in, and check that ip address, address, credit card, etc match. It
sounds like the cost came from the software development required to put the
infrastructure in place to adhere to this and so wasn't something an advisor
could help with.

With it being a new rule, there was very little info about the penalties for
not complying. The penalties for normal UK VAT are only proportional to
revenue, so not much risk for small companies getting it wrong. It wasn't
clear that this was true for VATMOSS and so there was fear amongst even tiny
company of big penalties for getting it wrong.

We went through the same worries last Nov/Dev, but were lucky that our billing
provider dealt with adding in all the required logic. (Shout out to Recurly!)

~~~
pnathan
Stupid question: is there a service which you can hand off the evidence-
gathering to? Seems like a very good opportunity.

~~~
TheOtherHobbes
There are various attempts, but currently no one - especially not HMRC - has
any idea how to handle VATMOSS correctly.

I've heard a few stories about small businesses suddenly getting demands for
thousands of pounds (etc) after only a handful of transactions.

But what I suspect will happen is that HMRC will realise that chasing and
fining microbusinesses for non-compliance is a complete waste of everyone's
time. They won't bother unless businesses are being obviously, blatantly
fraudulent - and considering how short-staffed they are, perhaps not even
then.

It'll be similar to the EU's legislation about cookie notices, which created a
big initial compliance explosion, but now seems to be being quietly forgotten.

The UK is lobbying hard to set a minimum threshold for VATMOSS. It will take a
few years for the idiot lawyers in Brussels to catch up, but even though some
member states seem to think VATMOSS is a good thing, common sense and
experience will prove that it's utterly unworkable and destructive in its
current form.

~~~
tzs
The stories you heard may have been due to the Irish fuck up a month ago. The
Irish tax authorities mistakenly sent out a couple thousand notices claiming
completely bogus deficiencies. More info here:
[https://news.ycombinator.com/item?id=10083238](https://news.ycombinator.com/item?id=10083238)

Germany and one or two others have also sent deficiency notices to UK sellers.
The UK tax authorities have complained about that, saying one of the main
points of the VATMOSS system was that sellers would only have to deal directly
with the tax authorities in their country. If Germany, for example, thinks a
UK seller underpaid for VAT on German customers, the UK's understanding was
that Germany was supposed to bring that up with the UK tax authorities, and
they would be the ones to get it straightened out.

------
Asbostos
I know PayPal isn't popular but it's by far the easiest way to accept payments
online that I've found. You don't have to live in the US,Canada or EU, which
is a weakness of all the new services like Stripe and every other startup
promising to "fix payments". I set it up for my small business years ago with
no coding or worrying about weird tax rules and it just works. I process each
payment manually so there's a bit of a delay for the customers but I've never
had a chargeback although my prices are a bit higher.

The main drawback is customers think they need a PayPal account and nobody
wants to open one - for good reason. The payment page has a dark pattern that
makes it look like you have to sign up to pay by credit card.

------
boyter
I can totally understand. I just read through each post and I can relate to
pretty much every point.

For searchcode I have not implemented paid accounts though I have considered
it for a while. This post pretty much confirms for me that it would be a bad
idea. searchcode also gets a lot of abuse, particularly to the API's (millions
of requests) and though hot-links. I think the worst part for me though is the
constant takedown notices. Most are nicely worded emails, but quite a few have
been very nasty threatening legal demands.

I haven't lost my love for my side project yet and the ad's that are running
at least cover hosting costs. Really looking forward to the next part in the
tale.

------
rokhayakebe
There is a need for services that can let indie developers do what they do
best, and handle all the admin, business, marketing for them for a significant
% of revenue and % of ownership earned over time.

~~~
roel_v
Yeah, such a service is called 'being an entrepreneur' and what the developers
in your scenario do is 'doing their job'.

------
voltagex_
[https://github.com/jsbin/jsbin/issues/2320](https://github.com/jsbin/jsbin/issues/2320)
is a good read, too.

------
archagon
Reading this stuff makes me glad my side projects are all native apps sold
through app stores. No servers, no payment processing, little upkeep; once
you're done, you're done.

------
TheHolyLancer
Honestly, his target users are those who needs a free place to try out web
coding, which means many of his users are likely not well off enough to be
able to want to throw money at something that they get the full use out of.

I won't say the thing is bad, but the business behind it is bad. Got to have a
viable targeted userbase as the core, and handle any new userbase as they come
in.

------
paulus_magnus
Why don't you "motivate" frequent users to start paying?

ex. by making the free version (gradually) worse until you see revenue.

ex.

\- non pro user pastebins last 5mins, 5 views etc

\- non pro users can post 1 pastebin per day (cookies, IP)

\- non pro user pastebins are max x characters long.

\- you get the idea

\- there are clever people on this forum who will come up with good ideas to
help you out.

\- do everything BUT show ads, PLEASE. Internet's sole purpose is almost all
that already.

~~~
tobr
You're confusing pastebin.com with jsbin.com. None of those restrictions
wouldn't really make much sense for JS Bin I think.

~~~
paulus_magnus
None of _those_ ...

Hope you got my point. The above are only meant as an example.

Main idea is to cripple* the free tier enough to push a chunk of current users
from free into pro. Some will leave but you don't want them anyway (they will
never pay).

* how exactly cripple? This is the product design / product-market-fit stage work that was skipped when building jsbin.com

------
jondubois
Free products need to have a way to lock users in. It's not evil or unethical
- In fact, it's the opposite; if you don't lock your users into your free
product, your competitor will lock them into an expensive alternative which
will give them less flexibility.

------
aldanor
The credit card problem is quite easy to solve: allow a few months of free
"pro" functionality upon signup, and _then_ allow users to upgrade. During
that period of time, you can also track whether they actually used the service
at all.

~~~
degenerate
But then you'll have people creating new accounts every time the trial ends,
instead of paying! The sweet spot is probably 24 hours. Too long for a
fraudster to wait around, and too short for people to bother making an account
every day for pro fuctionality.

~~~
munificent
> But then you'll have people creating new accounts every time the trial ends,
> instead of paying!

These would be _malicious users_. Both words are significant here. People
using the service just to check credit cards are malicious, but not users.
Free users are users but not malicious.

I think for most services, the set of actual malicious users—people who do
want to use the service for its intended purpose, but don't want to support
it—is fairly small.

~~~
Namrog84
Yeah and if heavy users want to constantly deal with changing email addresses
and moving accounts just to get out of it. Like you said is few. Let them be?
It's likely they generate word of mouth and other value being invested enough
to go thru the hassle.

~~~
Paul-ish
>Like you said is few. Let them be? It's likely they generate word of mouth
and other value being invested enough to go thru the hassle.

This sounds a lot like the arguments piracy apologists use. A lot like the
arguments people looking for free web design use. I am very skeptical whenever
anyone asks for anything to them for free now because it will somehow
(nebulously) come back to me later in a good way.

~~~
crazypyro
I think he's just thinking about it practically. Its potentially not worth
your time and effort as a business owner to go after that tiny minority who
abuse the free trials.

------
wyager
Are US businesses obligated to pay VATMOSS? Does the EU have any recourse if
you don't?

~~~
germanier
Yes and no. If you have a physical presence in an EU state, that one will
probably get you for tax fraud. If you have sufficiently high transaction
volume they might find another way.

I have never heard of it happening, but theoretically any member state in
which you sold can start a criminal trial against the responsible persons,
making travel to Europe a bit more complicated.

------
curiousjorge
this is my worst nightmare. free users are some of the most abusive and
aggressive people that will without question overrun and destroy your product.

