That's a pretty big WTF right there.
I know PayPal has a on overall pretty scummy reputation, but I still I cannot imagine PayPal doing this because they themselves think they'll benefit from this data.
To me this seems like a demand which comes "upstream" from above PayPal, from its payment providers (VISA, MasterCard, American Express, etc). Would I be overly paranoid to imagine these demands and claims are the result of lobbing by entities like RIAA and MPAA? They do have a history for blocking payments to known pirate-friendly services after all.
And as such, they clearly have too much power, and there needs to be some anti-discriminatory financial regulation to stop business-hostile practices like this from being lobbied and put in place.
Because this is just madness.
You may have not realised but banks and any financial institutions have been deputised by the regulators to be the financial police. They need to ensure that none of their client use financial services to commit crimes or launder the proceeds of a crime, under the penalty of heavy (up to multi billions) fines. Particularly in the US.
I am pretty sure this is what is forcing paypal to do this. And also why I wish good luck to startups who think they will disrupt this massively over regulated industry.
Paypal does it's own risk assessment for business partners, what I'm pretty sure this is is a simple "classification" case.
Paypal classifies the type of business you are and if you belong to certain types of businesses they put some requirements on you based on regulations and their own internal requirements usually produced by their legal department.
Paypal has probably seen what happened to file sharing websites like Mega and if you are tagged as a file sharing service they want to ensure that you do everything to prevent it being used for piracy, including being able to audit it themselves and to be able to either put pressure on you or cut off their services if they think they are at too much of a risk.
Now I understand that Seafile isn't anything like Mega but It's also not exactly on the scale of dropbox this also means that most likely no one at Paypal really knows what it is, or where they are heading business wise and so they just stick some additional requirements on them.
Also (this is true for 2-3 years ago, I don't know if it is still the case) filesharing websties and other sites that you can buy "premium currency" such as various online games, vidoe chat apps (usually porgnography) etc. are the main source of fraud for compromised accounts as far as Paypal goes this on it's own can bring on additional requirements from Paypal.
That's the minimum, but it's certainly not all there is to it.
Know Your Customer really means know your customer.
As one of many practical examples, when dealing with a legal entity such a trust, merely identifying its officers is insufficient -- you must also identify the beneficial owner (BO). Effectively, this means that you have to look through all possible shell companies until you arrive at a natural person.
> You may have not realised but banks and any financial institutions have been deputised by the regulators to be the financial police. They need to endure that none of their client use financial services to commit crimes or launder the proceeds of a crime, under the penalty of heavy (up to multi billions) fines. Particularly in the US.
While I fully agree with this statement, PayPal's actions here seem excessive even by the broadest interpretations of anti-money-laundering regulations. Furthermore, AML regulations target a specific set of transactions and/or individuals.
"Monitoring all traffic for illegal content" is a vague statement that could mean anything. Illegal where? Illegal how?
Edit: I forgot to mention: PayPal operates as a credit institution (ie, a bank) within the EU, so the strict AML regulations the parent alluded to apply to it directly.
They lock down donations to any unpopular group, and refuse to release already-held funds. They freeze Kickstarter campaigns as soon as someone says the word "fraud", and cause the exact damage they're trying to prevent by tying up all the funds so neither backers nor creators can get the money.
They're incredibly capricious, and as far as I can tell have taken the stance that overcaution is always acceptable.
As far as donations for dubious causes goes well if they think that it will either lose them business due to reputation, or worse lose them money if a government decides to freeze those funds they will cut it off.
PayPal for the most part is not a fractional lender when you have a 1000$ in a PayPal account PayPal has to reserve the full amount, PayPal isn't protected from a run over by central banks and what limited protection it has is probably performed by underwriters at not the most beneficial of terms.
If some one is opening a donation account for ISIS, anti LGBT or w/e you might call an "unpopular cause" and that either causes them a huge PR headache or worse a government decides to freeze those funds they lose a lot of money.
This can be complicated even further since while the funds are frozens the users who transferred these funds might be eligible for protection under PayPal's own policies and if not then they can always initiate a chargeback from their own credit card company.
It is true that banks will go a long way to try to satisfy banking regulators. But unless you have some evidence I am simply unwilling to believe that banking regulators can make up any restrictions they like without regard for the actual requirements of federal law.
The actual requirements of federal law are often (intentionally) formulated on such a high level that in practice, the banking regulator does end up specifying the actual rules.
Say, for example, a federal law requires that banks "take reasonable measures to impede money laundering".
Now what those "reasonable measures" are is usually determined by the overseeing regulator (eg: the SEC). Sure, you can disagree with their assessment, but they'll fine you anyway and then, the best-case scenario is that after X years in court, the fine gets overturned.
Point being, regulators can justify just about anything. That is why all large banks have an army of lawyers. They then work with regulators to find some middle ground.
And the bank has to do it or they end up like HSBC. In fact, that was exactly why HSBC was fined billions. Regulators told them to do specific things, like use Form X in Iran instead of Form Y, or classify Mexico with risk measure N+1 instead of N, and they didn't do them. This is all in the various public records.
e.g. from https://www.theguardian.com/business/2012/dec/14/hsbc-money-...
"In some branches the boxes of cash being deposited were so big the tellers' windows had to be enlarged."
This entire subthread is about how AML is enforced. Specifically, it's enforced by regulators doing whatever they feel they need to do. The punishment wasn't for money laundering, it's for money laundering in a manner that obedience, according to the regulators, would have caught.
For international banks, it's especially arbitrary because regulations are so loose overseas. In the UK it's very easy to move small amounts anonymously. This is routinely used for small-time laundering by organized crime and banks are fully aware of it. The long arm of US law goes after UK banks handling Mexican dirty money, but not UK banks handling UK dirty money. A lot of what constitutes "illegal money laundering" is actually political.
GP was making a vague reference to Rulemaking.
You should be willing to educate yourself, not be
But payday loan companies and credit cards that charge 29% interest plus hundreds of dollars in feeds to "help people with poor credit" are fine.
Supporting US government entities in defense that kill tons of innocent people every day; that's fine too.
Self regulating? Man that works so well, especially in 2008. We're going to let you keep doing that too.
Weed stores in states where it's legal? Hi it's the DEA. We're confiscating these accounts for you. Here's a fine (at least until later this year, but still only for medicinal marijuana)
It's a cluster fuck of bullshit. Of course you can always use a different payment provider, but with PayPal being just so damn easy with very little competition, it's like saying if Amazon removed your eBook, just publish it somewhere else. The trouble is the distribution networks are so big that they become the only means of distribution. If you control 90% of the market and shut down a DropBox competitor, you're choosing which companies succeed.
What self regulating existed in 2008? Banking and finance have been hyper regulated for decades. There are no industries more regulated than those. There was no self-regulating and you won't be able to point to any substantial self-regulating that caused the housing bubble and crash (unless you're talking about the Fed's low interest rate policies). The SEC, Fed, FHA, CFPB, and Treasury were intentionally looking the other way while vast fraud was occurring because all of the voters were getting rich off of housing and stock market bubbles. The Fed was laughing during their meetings about the bubble, you can read the minutes today.
Oh yeah, and guess what, housing is higher today than it was at the bubble peak (and so is the stock market mini-bubble today). So are we self-regulated again now? Nope, we're even more regulated now, with all the big banks directly and strictly under control of the Fed; it all has to do with artificially low interest rates, which is universally understood at this point - the Fed now openly admits to creating asset inflation to try to spur the economy.
There are industries which tend naturally toward monopolies, with transport, communications, broadcast, and software among them. There are also industries which tend naturally away from monopolies, such as sandwich shops, cement providers, and laundromats.
(Not that there cannot be some concentration, or even national chains among these. But they're rarely dominant.)
Transport, comms, banking, and information technology, tend toward monopolies.
Consulting is a mixed bag -- if you're relying on creativity, not so much, but if you're relying on marketing and business contacts, both of which are far more a network effect (with strong lock-in elements), yes. Contrast your typical small-gig design shop vs. the Big Declining n Accounting Firms, or IBM and Oracle (consulting / business services).
Retail can be local (small effects) or global: large grocery stores, WalMart, Amazon.
There are other effects as well. I've been curious about Maersk's adoption of ultra-large cargo ships, even as shipping volumes have been falling. While there's a financing-design-build lag, there's also the possiblity that having and operating a large ship puts pressures on other operators -- if you're operating and loading, you're taking cargo which would go onto smaller vessels.
Part of this also plays into concepts of what and how technological mechanisms actuall function: https://ello.co/dredmorbius/post/klsjjjzzl9plqxz-ms8nww
I'd include among "network effects" urban and even empirical structures.
Lobbying from these industries players for bad regulation might have helped but regulation is usally nothing bad. I'm happy in EU knowing that most stuff I can buy is at least to some degree vetted for killing me.
Nope, you do not even need to commit crimes to be targeted by the DOJ:
Payday loan companies in particular were hit hard by Operation Choke Point in 2013 (I worked at a "lending startup" that was targeted and had to pivot; a lot of payday/consumer lending companies ended up shutting down).
I think what the grandparent meant to say with being "deputized to be the financial police" is that the extent of this mandatory service has become so substantial that financial institutions often are left with the feeling that they are performing work (at their own expense) which feels like work that law enforcement should be doing.
It used to be that law enforcement pointed out the bad guys, or even just suspects, to you. Now, you're supposed to identify and report possible bad guys to law enforcement.
There's nothing wrong with that on principle, of course, but in practice, every bank must now train some personnel to detect not only suspicious individuals or transactions, but even suspicious patterns of transactions.
And that's when you start feeling like you've been deputized -- it feels like you are performing a criminil investigation on behalf of others.
There are also laws that give financial institutions due diligence obligations to ensure they're not facilitating "unsanctioned boycotts".
For example, Seafile could have said "Files are accessible only to one customer. It is of course possible to share passwords. However, we use geoip to monitor the number of locations used by each customer, and take appropriate action when a customer's set is oddly large. This should effectively block the use of Seafile for piracy." Perhaps Paypal would have said no, but perhaps yes.
edit: looks like paypal openly states it won't process for file sharing services who don't monitor content. I guess most services that don't have a high dispute rate...
And I must say I find it particularly strange that you seem to find it somehow impossible how someone could use an internet service from 20 countries in one day. I mean, it's the internet, right? A computer on every continent is only a few mouse clicks away. And international teams, either of freelancers, or of employees of a company, working together on projects, isn't exactly unusual either.
If my account was accessed from 20 different countries in a day you can be damn well sure I'd want to be given a heads up too, as it's likely my account has been compromised.
How could something be obvious if you have to check? Lots of stuff you can do in an appartment is illegal, too. That's still no reason for a landlord to install cameras to check. It's just none of their damn business.
It's obvious if a potential customer asks whether your service is good for warez hosting, or if a potential tenant ask whether your appartment is well-suited for getting rid of bodies. Anything where you have to violate their privacy in order to find out just is not obvious, and it's not your job to monitor people's private lives for possible illegal activity (and it is highly unethical to do so--it's what totalitarian regimes do, read up on the GDR's Stasi if you want to know what living in such a society is like).
> If my account was accessed from 20 different countries in a day you can be damn well sure I'd want to be given a heads up too, as it's likely my account has been compromised.
If you want to monitor your own account (or want to have someone, like the hoster, monitor it for you), feel free. It's still none of the hoster's business to investigate it any further without your explicit instruction to do so.
As for 'were you wrong', no, not if you ruled out the above. That doesn't make it something that you should have to do though.
- Suspicious Activity Reporting
Paypal decided, about 9 months in, to close their account in a similar fashion to the service here and deny them access to thousands in funds, touting an irrelevant bong sales ban in a state somewhere in the US (he was in Canada). It took years for him to get the seized funds back from Paypal.
I try to boycott them unless absolutely needed.
See, for example, how US Senators pressure payment providers to check up on whether their customers may be profiting from illegal file-sharing:
If Dropbox-style hash checking of files could be seen as the standard in the industry, I can see how failing to do that could be seen by a court as potentially negligent.
Visa and MasterCard eventually stepped in and made the banks do extra legwork for the porn sites. That had to leave a bad impression on them.
It's not even really the chargebacks: You'll still be considered high-risk even if you can demonstrate having very few chargebacks. It's more that you're lumped into a pool with some very bad actors in an industry that has a bad history.
porn sites either charged you or installed dialers, not both.
and the charge backs on the legit ones were so high because the operators for the scammy ones needed to sign up, download everything, get his money back, and serve you the stolen content.
"May 8, 2016: When you signed up for your PayPal account, you agreed to our User Agreement and Acceptable Use Policy. Because some of your recent transactions violated this policy, we've had to permanently limit your account.
Please remove any references to PayPal from your website."
They never mentioned which transactions violated the policy, we have never had any complains from our customers. There was no prior warning. We called them and they asked us to email them. We sent multiple emails and nobody bothered to respond back. We lost 30% of our recurring monthly revenue right away!
We now use Stripe as our sole payment service provider. After this experience, we will probably never accept Paypal again.
I guess this is how it is for most people, at least, I can use PayPal as a buyer on most online businesses I deal with.
PayPal support was so inept they claimed that I had not returned the merchandise despite giving them the DHL tracking number and shipping receipt multiple times and eventually they closed my case in favor of the merchant.
I had to keep calling and harassing them and finally threatening to have the charges reversed by my credit card company when they suddenly reversed their decision.
I will never use PayPal for anything if I can avoid it.
I immediately closed my bank account (PayPal wouldn't let me remove it while a refund was being made. Yes they were going to debit my bank account since I had no funds in my account, which I never kept).
Now they've put that amount in collections and honestly, as someone who cares about his credit, that one will stay the time until it's removed. I'm not paying them, or the thief.
I would raise the stakes a bit more and send PayPal a hard copy of supporting documentation and tell them that you will be disputing any negative report. Send this by a recorded delivery method like registered mail or courier. This means you can go to court and prove that PayPal had clear evidence of fraud and failed to take appropriate action. It also proves that they had knowledge of these facts prior to making the negative report to the credit agencies, which puts them in a bad spot if this all ends up in court. In the USA, the Fair Debt Reporting Act covers this scenario but similar laws exist in other countries.
Keep good documentation and send everything by a trackable method and never let these companies get away with ignoring you when you have a legitimate issue. Just make sure you are sure you have proof that you are correct, otherwise keep better documentation next time.
Forget all the policy problems. PayPal's basic technology platform doesn't work.
Has that changed?
Another thing to bear in mind is lots of people outside the "main Western" countries (for lack of a better term) still don't have credit or debit cards that can be used to pay online. PayPal accepts a lot of local payment methods and even lets you transfer funds from your bank account.
I live in Lithuania (part of the EU since 2004, and Euro since 2015) and only this year have major retailers started to accept cards online. Before that you would receive an invoice and have to make a bank transfer (each bank had their own online payment system merchants could integrate to make it more streamlined) before goods were dispatched. Even now most cards need to be opted in for online payments.
Paypal is huge: https://www.paypal.com/us/webapps/mpp/country-worldwide
And not enough people use Bitcoin to remove PayPal entirely.
EDIT: Yes, I know we have iDeal in the Netherlands. Every single company that processes it alongside other methods is either a nightmare to integrate, charges ridiculous fees, requires significant volume, doesn't do payouts over SEPA, or is similarly problematic as PayPal.
In my particular case, an added problem is that most of them refuse to process donations.
Money talks. If revenue goes up, then people use PayPal. It's that simple.
As a result, I feel it is much safer to avoid typing my credit card number into random websites. Thus, my first reaction to a site which asks for my credit card (directly or via Stripe) is 'OK, are there any alternatives which take a safer payment method'
It is also a little entertaining that their "brand risk" department is probably doing so much unintentional damage to the brand.
They've been screwing over their customers, closing accounts on allegation of fraud and dragging out refunding the alleged victims for months and months, since before they were acquired by eBay. People still use their service.
It's always been this way. People use PayPal because it's convenient, and because there's no real competitor with comparable market penetration. No, I'm not sure that PayPal's brand will suffer much from continuing to act the way they've always done.
I'm not saying you're wrong (because I actually don't know) but this seems to be way off base. What specific regulations are they ignoring? My understanding is that most of the things people gripe about with PayPal are borne out of PayPal's attempt to stay in line with regulations.
You should have alternate payment channels - even if you don't want to use them now, even if they're twice as expensive, if you need that money flowing then you want to have a solid alternate payment channel. Even if you don't want to advertise them to your customers due to e.g. costs, then you want to have all the legal agreements and technical integration in place so that you can turn it on right now if you needed to.
Their brand risk department obviosly tries to optimize the brand for someone big, someone nameless, and not for the customers.
This itself leads to questions about paypals business model. Are they in business to provide payment services to users, or are their primary customers actually not end users, but someone buying something else?
Compare this with setting up a merchant account to take payments (here in the UK), which takes weeks, involves finding a payment gateway, all sorts of paperwork and hoop jumping.
Fortunately companies like stripe.com have appeared here and will now eat in to PayPals user base. I can't wait for PayPal to go away.
The sad truth is that Stripe is behaving exactly like PayPal. What's worse is that Stripe's fraud protection is non-existing. In other words, Stripe is actually worse than PayPal, as you risk the same account freeze, closing etc, but in addition, you will be swamped down with fraudulent purchases and chargebacks.
We're constantly working on product & performance improvements, but feel free to get in touch with me directly (email@example.com) to ask questions or share feedback on our models (and fraud product in general).
Though I'm sceptical to this approach. In machine learning 101 we learned that there always exist a statistical method that would beat a neural network. In this case, a system that gathers actual relevant data for statistical scoring. You know hard data, like an up to date list of stolen credit card numbers, a history of chargeback per credit card etc. PayPal has this and of 1000 transactions, we have 1-2 fraudulent chargebacks. Compared to Strip this is the difference between heaven and hell. PayPal sucks, but at least they have a working fraud protection system.
Nothing kills an online business faster than being swamped in fraud and chargebacks. I mean, good APIs are great and Stripe certainly has that, but a working fraud protecting system is what really matters to those of us who sell online.
Good PayPal competitors have existed in this space for a long time. PayPal still remains.
When looking at practices these financial institutions use it makes me wonder what can't they do?
Everyone cites "regulations", but as far as I understand, they make the regulations. Directly or indirectly.
Take for example the known cases where PayPal freezes accounts holding people's money. If I take someone else's money and refuse to give it back to them, it's a crime in pretty much every nation. But when banks and financial institutions do that, they get away scot-free (with maybe some small rants from the internet) and keep doing this systematically profiting in almost all cases.
If we're not bound to middle men like Stripe and PayPal, we're bound to Visa and Mastercard. Is there any way out of this madness?
Also an interesting example of bank politics is that Khadaffi made several laws in Libya against UN bank rules, for example providing loans with infinite term and zero interest for newlyweds. During the civil war, one of the first things the rebels did was create a central bank in Misrata, pledge loyalty to UN and then redquest to be recognized as the true Libyan Government.
This does not exist. Central banks interface with each other. The closest thing to what you're describing is the European Central Bank.
> pledge loyalty to UN
This is gibberish. One can be recognised by the United Nations (UN). One can also, by accepting its Charter and paying one's fees, become a UN Member. But there is no pledging of fielty involved.
None of these is referred to as "a UN Bank". Only the World Bank is a part of the United Nations system. It makes loans to developing countries. The only way being "kicked out" of the World Bank makes sense would be if it refused to lend to you (which it does often and usually with minimum consequence). Note that the World Bank System lends to many non-UN member entities, e.g. private businesses and non-profits. China got pissed off at the World Bank and IMF last year and effectively kicked itself out by starting a competitor in its "New Development Bank".
The Bank for International Settlements is a discussion forum whose recommendations are not binding. The United States, for instance, added its own touch to Basel III, Switzerland layered on a "Swiss finish" and China, India and many others simply ignored it. Being "kicked out" of the BIS would simply mean you don't get to go to its meetings. Many countries do fine without being BIS members. The Financial Stability Board is an even smaller group with even less tangible activity than the BIS. (It published a book report on rules it thought sovereign wealth funds should follow. Compliance is voluntary and one need not be a member to read or implement, or as more countries have done, ignore, the report's suggestions.)
The closest international financial systems one can be "kicked out" of with consequence are the electronic-dollar transmission system operated by the New York Federal Reserve  (you can still use printed dollars if America "kicks you out") and the Society for Worldwide Interbank Financial Telecommunication (SWIFT) . SWIFT is not a club for only central banks–many private banks are SWIFT members, too, and many get "kicked out" for doing varieties of stupid things. They can still move their money around by asking other banks to do it for them.
The international financial Illuminati you think exists does not.
Why not just call it a tax free gift from the government then? And print the money from the central bank. It's about equivalent.
Nothing about the process is transparent AFAIK.
If I'm a bank with billions of dollars worth of money from third parties, can't I use a big portion of that money to profit? Moving money around, gaming the currencies, stocks, etc.
Maybe I'm too naive at this, but in my mind, they have to keep some money ready for people to pick up, but the rest of it, they use it for whatever they want. If I go to my bank and ask to take a large sum of cash, they won't give it to me right away.
They profit when money is not at your hands, therefore even if people do get their money back some day, they would have already profited from it.
I'm quite intrigued by this topic, but never got around to really dive into it, so please... if you can educate me on how this is not profitable for financial institutions, I'd be glad to read it!
Can't even think on who's the third most used credit card provider.
As always with lack of competition all of these institutions are free to do as they wish. Specially since they deal with money, that can be (and often is) used for lobbying.
But I'm a pessimist, and these are just my 2 cents
Maybe it's all in my head and people are not influenced by money, democracy is a real thing and big companies obey all laws.
I've mentioned multiple times "financial institutions", which include banks and paypal in my book.
Bitcoins are amazing. Just not there yet. I can't give a credit card of bitcoins for my wife to buy groceries :)
But that's off-topic.
You clearly just want to disagree and that's fine, but please bring arguments instead of weird accusations of bitcoin hatred
Yes you can. There are actually even multiple providers for just such a card.
For sure banks and paypal have overstepped but I wouldn't call it "madness". If you want to sell filesharing accounts try bitcoin, I hear it works very well
They're well within their rights to decline your business. If a bank told the government, "We have no absolutely no idea what our customers are doing with their money or who they're sending it to. Maybe they're sending it to terrorists or drug lords, maybe they're not; it's none of our business and we respect their privacy", they'd get shut down in a heartbeat.
I can understand if Paypal doesn't want to appear on the front page of the news for funding an underground child porn ring that signed up as one of your "enterprise clients".
They are. Should we condone it?
> "Maybe they're sending it to terrorists or drug lords, maybe they're not; it's none of our business and we respect their privacy"
Isn't this similar to the idea of banning web browsers, as they render HTML which, as we all know, can be used to write text (<span>plaintext!</span>) inciting terrorism? And it sometimes is. Are you using a browser right now?
Things we deem "evil" are planned using technology. Should we ban technology?
Nicely answered. This 'safety' insanity is getting way out of control.
Search engines and hosting services already monitor for illegal content.
Reasonable people can disagree over whether requiring a filesharing service to monitor for illegal content is excessively onerous, but the slippery-slope fallacy does noone any favours. You can make any policy sound absurd by taking it to a far enough extreme. Often we do need to weigh up costs and benefits and take a policy line somewhere in the middle.
Assuming that you actually value logic, given your choice of words, how do you not see that the magnitude of the absurdity is directly related a faulty premise - a fallacy?
Live and let live * [1..1000] = nice .. nice
Kill at random * [1..1000] = bad .. horrific
That is your point, not mine. I'm saying that you're focusing on the wrong part of the equation. Imagine a machine with two variables that you have influence over, calibration error and runtime. You are suggesting short runtimes in order to minimize the impact of calibration error, I'm suggesting recalibration.
I'd love to hear an extreme for "Live and let live", but I'm guessing that whatever scenario you can imagine is based on a faulty premise like "How can we wreak revenge without a death penalty?!".
Please stop with the extended metaphors and just say what you're trying to say directly.
> I'd love to hear an extreme for "Live and let live", but I'm guessing that whatever scenario you can imagine is based on a faulty premise like "How can we wreak revenge without a death penalty?!".
Whatever. Are you interested in a constructive discussion or not? There are plenty of silly extremes for "live and let live" - harming the environment in ways that don't kill anyone? Harming themselves in all the various ways that can happen? Harming their children?
I count two metaphors, used only because the direct explanation failed to get through to you.
> Whatever. Are you interested in a constructive discussion or not?
I think it is clear that won't happen, "Whatever" is a strong indicator of disinterest.
> There are plenty of silly extremes for "live and let live"
None of those examples make any sense, which can be explained in two way: you don't know that "live and let live" is an idiom related to coexistence and tolerance, or you think that "extreme" necessitates mutual exclusivity.
That's a business decision like any other. There are other ways to accept payments if you don't like the terms under which they sell their service.
This is very recent (June) and I expect more of this in the future. So it is a real threat especially to smaller companies.
Yes I know that. Yet I don't know of any company being shut down who violates this. There are some minor fines which afaik are disputed. In my opinion this decision has been pretty toothless so far.
PayPal is a shitty company, with a borderline monopoly on online payments until very recently.
They don't. If you look at the website now, they are offering their services for free temporarily, because they don't have any payment providers anymore. It seems Paypal was their only method of payment.
> I can't remember the last time people mentioned terrorists (or other criminals') bank accounts in the news
You might just need to look deeper. There was a Planet Money episode about how the IRS & DEA created an entire fake bank just to catch people laundering drug money:
This surprised me. The only time I've set up transactions with Paypal as the only option was when I didn't expect any transactions (a nonprofit that needed to have a public donation function for legal reasons, but actually got all its money from foundation grants).
As a user, I don't mind Paypal as an option, but when it's the only option it doesn't give a good impression.
Just to give one example: If you sold a comic that was offensive to Muslims in the US, it might get on the news but would ultimately be permitted. If Paypal allowed it, they could get blocked from countries that are predominantly Muslim.
My bank offers international ACH, but only to Canada, Mexico, and Europe. I believe there is strength to limiting yourself to these. Paypal have chosen to operate as widely as possible, which can be a weakness in what they can allow
From what I've seen, it's generally far more expensive to do international banking in most countries. My bank will do it for places like the Phillipines, but only as an expensive wire transfer. I think if it were easy to offer low-cost banking, they would offer it.
Germany has a much stronger attachment to privacy than does the US, so maybe they have fewer "Know Your Customer" laws.
Suppose I build a road. I would also have no idea what people are transporting on that road: maybe they’re moving drugs or sending stuff to terrorists, as you say. And it would be absolutely ludicrous to hold the road-builder in any way responsible for activities on the road.
At some point, a service is just a service and it should remain firmly bounded. Yes, bad people exist. No, we shouldn’t screw with every little thing just in case bad people use those things.
I would interpret this restriction for services similar to RapidShare, MegaUpload, etc. with the only intention of sharing files. Seafile is primarily for hosting your personal data.
Similar to when people use an email account and only ever save drafts. Two people have the login info, connect to the account and write draft emails but never send them. I think I saw that in a tv show, not sure if it's a real thing.
"They would share an email account, with one saving a message in the drafts folder and the other deleting it after reading it."
It would sure be nice if the next Satoshi, whoever he/she/it is, manages to create something (a) that scales properly, and (b) that ordinary people can actually use.
Its just a really really simple form of "encryption", which most torrent clients do support
When the file is opened in a torrent client, it will recognize these changes, revert them (in memory) and seed the original file.
Not sure why you would go the route of having it predictable?
Even if that's not the case they'd just switch from grabbing a hash of the entire file to finding sub-hashes of the file or other fingerprints. You'd have to do a lot of corrupting to make this worth it.
If adobe premiere can sync my audio tracks when one is barely audible and the other has background noise you better believe there's a service that can find stored movies against a database of files
Also if you're already using BitTorrent why are you sharing these files on Dropbox et al
Your torrent client would see the normal file, they wouldn't see anything except random garbage.
Why? Um, perhaps to have a "torrent box" which stored data in a more accessible place?
Perhaps just to crap on someone's stupid censorship.
Ok, ok. That's not statistically likely to happen. But you do have the problem then of other files being shared via bittorrent, it's not all movie files. You'd also have to re-start basically the entire BT network too, as all clients would no longer be backwards compatible - Good luck too getting every single torrent client dev to implement this at the same time!
A preselected and stored in a dotfile or windows equivalent 9 digit number, or the bottom nine decimal digits of a MAC address, or some chunk of a UUID, or whatever. You could salt which bit is gonna get flipped by adding in the filename, or the partial timestamp of the first time the torrent client was ever executed, or one way or another your specific client has a secret nine digit decimal number that it only uses for file operations involving .mp4 extension files longer than a gig (or whatever seems appropriate).
One way or another when you copy a buffer from the torrent system to the filesystem you flip every X-th bit where X is stored locally. Make sure to flip it BOTH when downloading and again when uploading. Your video player won't care when it impacts a single bit error, the other torrent users won't ever know because they never see a flipped bit. Well, technically other torrent users see a flipped, flipped bit, aka the original, unless you're using trinary or something (LOL)
Maybe a mental model is imagining it as the worlds most incompetent FUSE/loop encrypted file system such that the "encrypted" contents on the hard drive have only 1 bit in 1e9 bits flipped and otherwise the remaining billion bits are identical to the "unencrypted" file. Only for "long" .mp4 files, perhaps.
The main problem that would develop is people downloading a torrent, then trying to seed using a machine that has a different "secret bit" above. It would look like your seeder has a tiny bit of file system corruption, which I guess does happen today and is apparently survivable. I would guess most people most of the time do not download a torrent on one system them upload a new torrent on another machine.
There need be no coordination with torrent client devs. Someone could implement this today without anyone else knowing, or it could be done using a FUSE loop filesystem without changing the torrent client at all. I suppose if you never seed a file after copying it to dropbox it would be easy to write a "special cp" that inserts bit error rates around 1e-9 rather than making a perfect copy.
I have no idea based on security posture if you want to slightly obscure every file or just some. Also no need to flip a completely random bit, a smart enough parser could pick the next bit that won't utterly trash the container spec for avi or mkv or ogg or mp3 or pdf or jpeg. So I'm saying flip the next bit that isn't a major file format protocol bit to make it user transparent.
Another weird mental model is think of it like steganography but to defeat 3rd party hash scanners not to hide real data. In fact its hiding not much.
Also its a bit unfair. Given this attack, design a perfect defense. OK here's an easy one. Oh OK well that works, but they'll just try a different attack. Well yeah, but that wasn't the initial challenge provided.
Also precomputed rainbow tables aren't so funny when you have gig wide columns instead of hash wide columns. For that alone its an entertaining idea.
Source: I'm a paying Dropbox customer living in the UK and my invoices are issued by Dropbox Ireland Limited.
Around the world. To provide you with the Services, we may store, process and transmit information in the United States and locations around the world - including those outside your country. Information may also be stored locally on the devices you use to access the Services.
Safe Harbor. Dropbox complies with the EU-U.S. and Swiss-U.S. Safe Harbor ("Safe Harbor") frameworks and principles. We have certified our compliance, and you can view our certifications here. You can learn more about Safe Harbor by visiting http://export.gov/safeharbor. JAMS is the independent organization responsible for reviewing and resolving complaints about our Safe Harbor compliance. We ask that you first submit any such complaints directly to us via firstname.lastname@example.org. If you aren't satisfied with our response, please contact JAMS at http://www.jamsinternational.com/rules-procedures/safeharbor....
NOTE: When transferring data from the European Union, the European Economic Area, and Switzerland, Dropbox relies upon a variety of legal mechanisms, including contracts with our users. Dropbox doesn’t rely upon Safe Harbor as a legal basis for data transfer but does adhere to the Safe Harbor Privacy Principles while specific guidance for the forthcoming EU-US Privacy Shield program is developed. For information about data transfers from Europe to the United States, please visit this page.
This is one of the reasons the EU courts have found that US law is not at all adequate for storing EU citizens data. In the EU, the Charter of Fundamental Rights ("Constitual rights") do very much apply to your dealings with a private company.
>Merchants offering file-sharing programs or access to newsgroup services must monitor for and prevent access to illegal content.
Searching for this entry with keywords like "file-sharing" did not turn up anything.
Well that's really helpful of them.
I've updated the link, can you read it now?
Edit: FWIW, this was on the first page of Google for me - in Poland - when searching "paypal file-sharing"
Apparently this depends on the country. Your link includes JP for Japan and the contact mail address for Japan (which ironically is spelled wrong).
I really cannot reach it from Germany without this ?country.x=JP.
Nobody needs paypal in Europe. Of course, they try to sell themselves as "the easiest way" (which is right to a point) but it's mostly unneeded
Without Paypal a lot of european customers wouldn't be able to buy from international vendors.
It's a shitty company, with a shitty product.
Edit: EUR 0.00 annual fee, of course.
It's more or less the same here, almost no one has real credit card, they're mostly VISA (co-branded) or MasterCard branded debit cards, but everyone has a card that can be used online.
Er, no. Almost everyone has a branded debit card, as most banks will give you that for free, but nearly 75% of the country has at least one actual credit card.
Seriously, if you're european, try these guys out - they're worth it.
Not the case. Digging deeper  we can find this: The only conditions are that you're at least 18 years old and have a residential address in Germany or Austria.
Pretty sure they have customers in Ireland (some discussion about stamp duty on debit cards few months ago)
Surprisingly large restaurants in Nuremberg do not take credit cards. A lot of German and Austrian small business owners see no good reason to pay the credit card companies the ~3% fee when most of their customers are perfectly happy to settle a 500 EUR bill in cash. Always pay your hotel bill in rural Austria the night before you leave to prevent an emergency dash to the village ATM :)
Well, and mostly to avoid paying taxes. Card acceptance cost is down to under 1% since last year and often depositing money costs more.
There is no requirement for proper cash registers here in Germany, so card acceptance remains low in small businesses.
* No Card-Not-Present-Transactions, because the cobranding is only for abroad
* Visa/MasterCard cobranding was not allowed until a few days ago (when the EU introduced new laws)
* Used to have high minimum fees (7 cents) for a long time, so expensive for smaller transactions
* Cashback only from 20€
* No damn contactless
=> Germanys banking sector is still mostly stuck back in 2000. Debit cards are around, but mostly for cash withdraws. Smaller transactions are mostly paid in cash, because they used to be expensive and no contactless.
The big banks have no interest in changing that, because as long as card payments are unpopular, they can charge >5€ for cash withdraws if you make "out-of-network" ATM withdraws.
tl;dr: Germany has its own shitty debit card system stuck in 2000 which sucks.
I love Germany, but the credit card thing drives me nuts. I understand Germans like financial privacy, but I like having an electronic record of my purchases instead of having to write down every cash transaction I make before I forget it. (If there was a way to get a prepaid EC Karte as a tourist, I might not mind so much.)
PS: The proper domain is paydirekt.de
Going via a payment provider, like Strip, PayPal, PayEx and a boat load of other companies, reduces your PCI compliance to a self assessment form, which talk all of 10 minutes to fill out.
But all banks will transfer money if you have a recipient account number and sort code.
In Europe (Germany and Austria from my experience), many online services specifically support bank transfers using an IBAN number. It does seem to take a little longer though for the money to process.
Anyone? Anyone in the UK? Or anyone in the UK with a Barclays or Natwest account? Paypal is still probably the quickest and easiest way to send money to 'anyone' in the world.
Typically 24h in the SEPA.
No need for handwritten pieces of paper
Merchants also seem to prefer PayPal because it gives them an instant payment confirmation.
Was never asked for this in Ireland, though they use an electronic token (because paper is outdated) if the transaction is outside of Ireland
We tried two other card providers before we found Stripe, and my inner cynic has been silenced. I strongly recommend them.
That's why we offer Stripe and Paypal in our store. Dropping Paypal would be insane as it is our most popular payment method, with Stripe coming in as a close second.
Every bank here does this.
But for other things it's ok
I still use Paypal quite a bit, but because it's simply convenient to use it and be able to change where my payments go from (which card/account etc.) without having to change what's on file with merchants.
For selling goods that you hand over (e.g. irrevocable product keys) it's much trickier and depends on the specific business whether it makes sense to have the customer wait.