Hacker News new | past | comments | ask | show | jobs | submit login
Tell HN: Stripe killed my music locker service, so I'm open sourcing it
446 points by grose on June 20, 2023 | hide | past | favorite | 173 comments
I'm writing this to warn anyone who might have a similar service, including backup hosting services.

I run a small website at inter.tube. It lets you upload your music collection and stores it in Backblaze B2. It provides a simple web interface to listen to your collection, and support for the Subsonic API (allowing native apps to use it). Fundamentally it is not very different from something like Dropbox or Backblaze: it is a "dumb" backup that simply stores what you give it. It doesn't perform "matching" against other files, it doesn't allow you to access music you didn't explicitly upload, and it doesn't even deduplicate files between different users. It doesn't allow "sharing" of music either, download links are tied to a short access token for a specific user's login session. The only difference between other backup services is that we use the metadata tags in your uploads to organize things better. According to Capitol Records, Inc. v. MP3Tunes, LLC, this is absolutely OK in the eyes of the law (thank you to a fellow HN user for telling me about this court case). Note that we don't even perform deduplication, which was the main controversy in that case.

I have been using Stripe happily for a couple years now, but suddenly (less than 10 minutes after a subscription payment went through), Stripe decided that I violated their Restricted Business policy, in particular "Products and services that infringe intellectual property rights: Sales or distribution of music, movies, software, or any other licensed materials without appropriate authorization". I thought this was a misunderstanding so I clarified that we don't sell music, just storage space (see paragraph above), but they denied my appeal with a short template response.

This saddens me because my reasons for starting the site are the exact opposite of piracy! I was sick of artists getting paid virtually nothing for streaming service plays, so I decided to buy full albums directly from the artist as much as I could. inter.tube just allows you to keep your collection safe and easily accessible.

I'm posting this mostly to warn other Stripe users that essentially any backup service could "violate" these terms, so be careful about the marketing blurbs on your website. Probably any mention of "music" whatsoever is enough to get your account nuked. I really liked Stripe, always recommended it because of its nice API, but I won't be doing that anymore.

inter.tube will likely die. I'm going to refund my few paying users and disable account registration later, I guess.

As a bonus, I've open-sourced inter.tube. However, it is difficult to run because it relies on a bunch of random cloud services (Backblaze B2 + Cloudflare Workers + Lambda) and there's some hard-coded stuff in there, so it's probably not very useful beyond curiosity. If anyone would like to help me with the open sourcing, let me know, and I'll get back to you whenever I have time. Of course, feel free to fork it as well. I am also on GitHub sponsors if anyone would like to sponsor me to help make it easier to self-host (or at least self-deploy).

Source code: https://github.com/guregu/intertube




UPDATE 2: My Stripe account is back! Thank you so much! inter.tube will remain online, but open source from now on!

Update: I have reached out to the nice Stripe employee who volunteered their email, let's see what happens.

It's been pointed out a few times that my marketing says the site won't die, and me killing it would be very ironic. This is 100% true, and I have decided to leave the site up even if Stripe decides to ultimately close my account. Luckily, our infrastructure costs are very low (<$5 month currently).

I created this site when Google Play Music went down and lots of people were complaining about Google killing yet another product. I don't want to do the same thing to my users.

Finally, I would like to take this opportunity to plug a similar service that I am completely unrelated to. I saw its author post on HN and they seem like they are also a one-man-shop: https://asti.ga This service is different in that it lets you hook it up to your own cloud storage. I am only now realizing why this is such a brilliant idea.


So Hackernews is once again the only way to truly get proper stripe support?


I'm just happy to be in an exclusive club that can request stripe support on demand.


There's a 2016 cutoff unfortunately. Anyone joining after that date does not get the premium HN VIP support package.

Our messages go to /dev/null with the rest of the plebs.


And those of us who recycle our social media accounts routinely are just SOL.


What exact date of 2016 we are talking here?


September 13, 2016 when sama became president of YC Group.


Great news, thank you, I am eligible!


This is standard corporate strategy nowadays. Instead of staffing up expensive customer service departments they wait for posts to go viral on Twitter, Reddit, HN etc. and only handle those.


Externalize triage costs to public forums. Prioritize human support for high profile social media users and viral posts. Reap good PR of solving the problem publicly. Forum owners like this too because it underlines their community value. Win win win (unless you don’t have social media clout).


This is actually really concerning at this point.


As they grow, it will become like google - even willing employees helpless to escalate internally


While not ideal, it's cool and I think companies definitely keep an eye on HackerNews thanks to the moderation! Once I read more of Dang's moderation comments I realized how deeply he cares about HN. He takes time to explain his view point (which can also change over time), he answers emails, he develops new features to fight spam. I value that more than changing the website layout, dark-mode, font-size.


It's not cool. It shows that companies like Stripe care more about public image than actually delivering a quality product/service


Always has been.


Thanks very much for mentioning Astiga. I am the 'author' you mention, but I only just saw this because I only consume HN via Hacker Daily, so I'm a day behind.

When I saw your headline though, I almost choked on my coffee. We use Stripe too, but as you mention we aren't a locker, we just connect to the user's pre-existing cloud storage (including self hosted if you have that Internet accessible). That said these kind of corporate decrees are often pretty unsubtle and we could easily get caught up in this. I've had enough "policy" nightmares with Paypal and Google to instill a sense of dread when these black box titans change their mind about something and expect you to dance to their tune.

> This service is different in that it lets you hook it up to your own cloud storage. I am only now realizing why this is such a brilliant idea.

I should mention it's not my idea originally - I purchased the service almost two years ago from this guy: https://koenvh.nl/en/ . Funny story really: https://community.asti.ga/discussion/378/astigas-new-owner


One thing I would strongly recommend. GET OFF STRIPE. Talk to a proper bank like USBank or Chase. It is not hard to integrate with their payment processor. They WILL send you through proper underwriting and will have your back. At least they had and continues to have mine with a firearms business.

Let me be also very clear. When you are going through underwriting, you will feel at times that this was a colossally bad idea, but it pays off its trouble in gold.


Right, to anyone looking for alternatives, check out FISGlobal/Worldplay. They have a payment product that is "closer" to the card network, so it can be cheaper than Stripe.


I would say, they are not Stripe, yet. Unless you go through underwriting, it means nothing.

Also, they just failed a basic sniff test. I called their 800 number to ask if they would work with a firearms business and reached a voicemail. They say department is available between 8AM and 8PM Eastern. It is just after 6PM eastern right now. That does not instill a lot of confidence.


What tech do you use to integrate it with your apps? Especially ones that seem to greatly prefer Stripe? Chase has been a solid bank for us but I'd like to not mix my payment processor and bank in case things go south. What are your rates? Do you have to pay monthly gateway fees or minimums? How long did the underwriting process take and what were the major headaches?


My web store runs WooCommerce and there are multiple plugins maintained by the processor that makes the payment processing seamless. They also provide SDKs for many popular frameworks for the integration.

Rate wise, I pay about 2.8% + 0.15c. Obviously different mechanisms (dipped vs typed vs internet) have different rates. There are no monthly gateway fees. The underwriting took about 3 weeks, but again I was very prompt in answering followup questions. I did not feel any additional headaches that I already did not anticipate due to the underwriting process. They did ask for a lot of documentation (that I totally expected them to ask and in my opinion is very relevant), licensing and such but again I am operating in a VERY regulated industry. They did want some clarification of business processes since they were not 100% familiar with selling guns online and in person. But I will say, they were very interested in understanding my requirements and help me do things according to the published laws and guidelines. Feel free to write to me at my hn_username at 80386 dot org if you want to chat. I would love to help with this if you are interested.

You do not need to mix your bank and payment processor. For example, my credit/debit card stack is USBank + Elavon but I bank with Navy Federal. I don't even have a checking account with USBank.


Thanks! I'll definitely reach out as I'm getting closer to the 2nd bank alternative for sure. I'm on Woocommerce as well. Is this Paymentech? You have a business bank account with Navy Federal? Lots of questions ;)


Email me and we will discuss more. :)


happy to hear it worked out and that other users have provided some great options other than going straight to OS(ing) it. best of luck on your future.


[flagged]


Your ideas are intriguing to me and I wish to subscribe to your newsletter.


I'm a messenger of the invoker.


THE INVOKER HAS SPOKEN.


Instead of closing your service, may I recommend switching to payplug.com ? Started as a small smartup, now bought by a french main bank chain but has english documentation, very clean API, easy to get support, low fees. Easily handle refunds, payment link, payment page integrated or separate, 3D Secure, subscription/recurring payment, etc etc ...

Been using them for a few companies the past year and a half, and migrated more and more of my stuff over to them, it offers the simplicity and clarity of "stripe at the beginning" while already being backed and owned by a major bank (BPCE, 2nd biggest banking group in France). They don't have all the bells and whistles of current Stripe, but for most projets we don't need that anyway.

And there is no bullshit about random overnight account closure with no recourse.


> "no bullsh*t about random overnight account closure..."

Is it possible to predict this in advance? Can't these companies just do it any old time they feel like it? There's always a first.

Or is there good regulation in France?


I would say it's mostly the attitude, it's just a very different way to view things and to have a relation with your payment processor ; where there is an issue my experience has been that they talk to you to find a solution together, which may be higher fees or some options and controls becoming mandatory for your account, rather than throwing you away to avoid being stained like Paypal is known for and Stripe is more and more moving toward (again, my opinion).

In terms of regulation though, short of explicit chargeback or disputed charges, they will never hold your money hostage.

Which is why I added that they're already backed and owned by a major bank, so it's not at risk of changing overnight after being acquired. For reference they exist since 2012 and have over 16k merchant account, including some big names in France (Veepee, Lastminute.com, ...) including some big names in business I feel like Stripe wouldn't touch (Dorcel store / adult toys and movies, Winamax and Pokerstar / online betting and poker, ...).


> where there is an issue my experience has been that they talk to you to find a solution together

Processors take note, this is the way. btw, in person-to-person processing deals (which can provide APIs in most cases) this is just how it works.

Note for business owners: Those annoying merchant services calls you get as a business owner, yes, those are the people to speak to. A bit of research into what interchange is, and what those rates are, and you can write your own contracts. It is exceedingly simple and as fine-grained as you'd like to make it (we are nerds, after all). Merchant services partners ultimately want to make money, and if you have an understanding of fee structures, you will find someone local to you who will sign you on favorable terms for both parties, it's free money for them.


Thank you for the suggestion. I'll check it out.


Would it be a good idea to have multiple payment methods ? So that if one goes down this way, the other still exists ?

"Not all eggs in the same basket" ?


This is very relevant to my immediate needs. I just posted a question to Ask HN seeking advice on this topic and hadn’t heard of payplug. Do you have any experience with them as part of a multi-vendor marketplace product?


I don't but I doubt they would have any issue. You will need to deal yourself with the % owned to each and stuff like this, but beside that I don't see any issue arising


Does Payplug solve global VAT or at least EU VAT?

I can't seem to find any mention on their website about this.


No that's one thing they don't do that I do miss, for the value they just take an amount and charge that, how to cut it into product and taxes is yours to deal with.


This is sad. May be it is too late now. But you should have come to HN aka official Stripe Support Forum and ask for support first before closing it down.


It's a shame that we have to complain on social media to get an actual human response to this kind of thing. If Stripe decides to reverse their decision, I'll leave it up, but it will remain open source.


When I was starting up a small business, Stripe decided that it needed to “verify my activity” or some such nonsense and withheld all of my payments for several weeks. Meaning that I could not pay my team.

As far as I can tell, a client paid in a funky way that set off some automated system, and no real person was willing to work with me to get it resolved.

I will never trust Stripe with my business again.


You have a choice when you partner with a payment gateway.

You can work with a laissez-faire gateway. It will not exist for long, because your company will be people who figured out they're not complying with various laws, so they will either disappear without a trace, or in the worst case scenario, take you down with them. You may end up having to explain to various authorities what you were doing.

Or, you can work with one that's serious about AML/KYC compliance. This means sometimes your account gets flagged for suspicious activity, and you have to play by their rules to get it back. Depending on the provider, they may actually have some ways for you to get your account back, or they won't be bothered.

Stripe is in the category of providers that will actually work with you to get your account back, but they're certainly not perfect. On the other hand, try something like Paypal and you're screwed. Or go with a different big player and find out how much nobody cares about you and the $40 a month of revenue you bring them.

Every time I hear some horror story about Stripe, either the account is back up and running very quickly, or the business was doing something egregiously bad. YMMV, this is just the professional opinion of someone who has been working in FinTech for a long time, and with Stripe for quite some time too.


Well no, Stripe suspends accounts and ignores them. As shown again and again on HN.


Or you can forge ahead and accept cryto payments which will reduce your customer pool but eliminate fraud


> but eliminate fraud

How does crypto eliminate fraud? It eliminates KYC and AML (until you try to turn crypto into fiat), and you probably won't be held accountable for accepting a fraudulent transaction (yet), but stolen crypto wallets are definitely for sale and being used:

https://cybersecurityventures.com/dark-web-price-list-crypto...


You're wallet being stolen does not count towards fraud for the store owner. The store owner verifies the transaction before sending the product. You losing your money before you make it to the store is unrelated


What does it mean to pay in a funky way?


Every bank/money transmitter has a list of transaction patterns/behaviors that are basically red flags for criminal activity. A lot are heuristics based, few are right out documented anywhere, but one example is # of credit card/account numbers bound to an account, another is structuring, i.e. a paytern of transaction activity specifically intended to avoid bank reporting controls. Or stupidly, putting words that are high risk w.r.t sanction compliance in memo fields, or getting a false positive OFAC hit.

None of this is discussed with customers in a candid way; as a result it can feel very off putting. It's one of the things that bugs me about modern finance. It's too busy building itself into a governmental reporting mechanism, and far too prone to overreach through the exploitation of sanctioning mechanisms.

It's one of those "can't have nice things" sorta bits.


There are also explicit laws forbidding telling your customers of your suspicions ("tipping off" in the context of money laundering).

Of course, this doesn't mean your customer service agents should never be helpful and forthcoming, but it's easier and less risky to tell them to say nothing and burn the odd legit customer, rather than risk being on the wrong side of AML legislation.


If a mandatory reporter files a SAR, they are forbidden to share that info with customers. This doesn’t apply so much with payment processors. Stripe and others just don’t want to share their heuristics, because carders can thwart these heuristics. That’s more reasonable suspicion than some laws.


I suspect tsuujin was not privy to that information and that Stripe were vague and ambiguous regarding the details.


Discover card


It's a shame there is no regulation protecting small business from these practices. It shouldn't be legal for a big corporation to shut down someone's business on a whim.


Sadly, not only is it legal, but it is incentivized. Financial service providers have enormous civil and criminal liability by tech company standards, and some regulations require them to use "risk-based" approaches to decline service to clients. The legal consequences of shutting out innocent small businesses are essentially nothing compared to the consequences of allowing a single criminal or terrorist to use their service.


The regulations in practice do the opposite. Customers can easily issue charge backs, which puts the cost of fraud on the payment processor, which makes them too aggressive with the big red button. It costs them less to vaporize a small business than for their fraud prevention system to have a false negative.

The right way to fix this is for something like Zelle to get a standardized payment request API. Then the merchant submits a payment request using the customer's email address (the only information the merchant needs from them, so no data breaches), and payments go through irreversibly if they haven't been contested in 30 days, or immediately if the customer affirmatively legitimates the payment on their bank's website/app because the merchant needs to be paid before delivering goods or services. (And payment requests from merchants the customer has never used before get denied after 30 days if not affirmatively legitimated.)

That also removes the credit card fees because it's really a bank transfer.

But where is it?


"think Google Play Music, except we won't disappear. currently in early access."

You can't just give up at the first sign of a payment issue, otherwise you're no better than google ;)


You're right :). Let's say inter.tube is not dead after all. I'll leave it up and try and figure something out. I'm willing to eat the charges while we figure it out (it's also very cheap to run -- I prioritized cheapness in the design).


If it helps you to keep it afloat I'm willing to offset some or all of your costs depending on how high those are.


Thank you for open sourcing it! That's a really neat thing to do. Further, thanks for open sourcing it as is and not doing the whole "it's not ready to open source" feet dragging thing.

And thanks for not closing it back up if you find another payment provider!

I would actually bet that open sourcing it is the best thing you could do for it if you end up wanting to grow the business, especially with how niche it is. There are people like me who wouldn't even consider using the service with it being closed, but it being open gets my attention. It would be absolutely bad ass if the official hosting solution could:

- Let me put in a backblaze token and bucket name

- Store all my uploads in the aforementioned bucket, in a format that I could switch back and forth between open source and hosted versions

I self host a ton of stuff but I'd gladly pay $10 to $15 a year for that service so I can easily switch to self-host in the future but don't have to manage yet-another-service. Given that the bulk of the expense would be backblaze and that would be paid for directly by me, that's almost entirely profit margin for you.

I can see really neat future ideas along this line too, like possibly even point a (to be created in the future) desktop app like Strawberry straight at the bucket and have it play/download my music!


Did you have a Stripe account manager? If so, get them on the case – they know you and can advocate for the business and explain the product internally. At the very least they might be able to give you a much more detailed explanation of which precise features are causing issue and how you could resolve those things.

If not, why? Payments are a core part of any SaaS business, and it's important to have trust with important suppliers like that. Getting an account manager and proper business contract go a long way to preventing issues like this. It's somewhat unsurprising that Stripe don't have much trust for companies just signing up for the service as it's generally high risk for abuse.


I don't. My MRR is $5 currently, peaked at around $40. I'm far too small for Stripe to care about me. I was running this as a passion project. I'm not sure how to even get an account manager (does it just happen if you become big enough to matter?)


Some companies will proactively reach out, others need to be reached out to. It's possible this is too small, but then again many pre-revenue startups will get this sort of treatment so it's not just about money.

The thing to remember is that Stripe (or your cloud provider, or your email sending provider, or any other SaaS) get something out of that relationship – they get a sales channel, they can trust you more, they can lock you into their services, they can show you more of their value – these sorts of companies basically want these relationships. The fact you can sign up with a credit card and never talk to anyone is sort of just to appease devs that don't want to talk to anyone, it's not how they make money in the B2B market (it's a bit different for B2C or B2B-ish services like Squarespace).

This project sounds pretty neat, and I could see it appealing to the audiophile market. I know people who would be interested.

But, I'm sorry to say, it sounds like Stripe cancelling your service wasn't the biggest issue, but that the service never found its market. Looking at the site I couldn't tell what it was or who it was for, and it looked a bit dodgy. Copy like "we're not google. we won't kill the site" (said twice) makes it sound like a hobby rather than a company, and even if that's true, it's not going to go over well for marketing. Also, it's sadly somewhat ironic given that the service has indeed gone. I totally see the vibe you were going for, but I think that vibe is one that typically maxes out at a handful of friends using it.


Thanks, I agree... it was never intended to be a "real company", which was ultimately to my detriment. The irony of killing it hurts, so I'll probably just leave it up for the existing users, and (hopefully) find some other payment processor. It only costs me a few dollars per month to host it, so I am not super worried about the money, but it's a huge motivation killer to be ousted from Stripe. I was happy with keeping it "indie and scrappy" and only friends using it, and I went through a lot of pains to make it so the architecture was always break-even, but I never expected my payment processor to bail on me.


Yeah it's tough. I'd love for hobby projects to be able to be sustainable like this, but I understand that taking money comes with so much regulation and auditing throughout the whole stack (KYC, credit card companies, taxes, etc), so I can see why it's not always viable.


At an MRR like that I wonder why you even bother with the payment service. It seems like a giant barrier to entry if it isn't making money anyway. Or do you use it to limit the influx?


Honestly good question. Mostly I do it to discourage abuse. I configured the infrastructure so that it should always break even if people fully utilize their storage. But this project would probably be more suited to use something like Patreon (assuming it's OK with their ToS!). I'm open to alternative ideas for sure.


Its unsurprising that stripe doesn't trust their customers who sign up for them via their standard channels?


It's not that they don't trust them, it's that those accounts are the least possible trusted accounts that they have. They have the least information, the least relationship, the fewest checks have been done.


And yet they're paying customers, and deserve respect as such.


Sure, but it's understandable that there are malicious users paying for these services as well, and it's hard to distinguish between them when there's this little info.

This is my whole point – by getting an account manager and building that relationship you quickly, and massively, change the level of trust compared to a credit card number you stuck in a landing page.


> This saddens me because my reasons for starting the site are the exact opposite of piracy! I was sick of artists getting paid virtually nothing for streaming service plays, so I decided to buy full albums directly from the artist as much as I could.

Ironically, by buying instead of pirating, you directly funded the legal and corporate environment that killed your service.


Right, so what is your alternative for paying musicians en masse for their music?


How do Backblaze and Cloudflare R2 get away with being storage and not violating these kinds of terms?


As someone who worked in the payment gateway industry, they go through underwriting. They provide all necessary documentation, a person reviews it and periodically re-reviews that information. Another item to note is that the Sponsor Bank sets most of these rules. For a product that is making <$100/mo, the risk is too great and not worth answering a ton of questions every month by the sponsor bank and/or visa/mc each time the re-review comes up.


This. It's a simple calculation of risk vs profit. Payment gateways are happy to put up with more risk, and put more effort into de-risking you as a client, if they are getting lots of profits from you.

Whereas if you have a turnover of $10k/year, and they're earning only 0.5% of that in fees, then it isn't worth them taking much risk or putting much effort in to earn $50.

It would be nice if people like stripe were more upfront about this. They could easily say "We have determined that your business might be high risk for us. If you pay us $1000 (which will be credited towards transaction fees), then we will work with you to mitigate these risks".


> It would be nice if people like stripe were more upfront about this. They could easily say "We have determined that your business might be high risk for us. If you pay us $1000 (which will be credited towards transaction fees), then we will work with you to mitigate these risks".

Nowadays people are tip-toe-ing around egg shells constantly to avoid being the latest outrage that goes viral, but that would be wildly refreshing to see. Honesty from companies (even internally when you work for them!) is getting so rare that a blunt and honest message like that makes me happy just to think about.

It would be awesome to start a new cultural movement toward radical honesty. Just being able to acknowledge the realities around incentives would be a great start.


Problem is our common law system incentivizes dishonesty. There is also the problem that everyone tends to start suing the financier if they can't get the results they want out of the business, and the cumulative end result is that financial institutions (through the resulting excess of caution) have become de facto arbiters of legitimate economic activity rather than dumb pipes.

For some people this is apparently okay and desirable. To me it's horrifying, and tends toward centralizing power far too much.


Appreciate the inside perspective.


By being well known, established brands. Sad but true


Silicon Valley and investor nepotism. The sad reality is that tech, no matter what size, is an elite club. Some get to play, some don’t.


Responding to and complying with DMCA take downs and making efforts to ban repeat infringers probably. Also a large enough client that their head of sales/revenue would notice if they suddenly disappeared.


You're implying that OP failed to do so, but you have no evidence of that.


By offering storage solutions, not music storage solutions.

(not blaming OP, it's a cool project and a shame that people aren't being allowed to exercise their right to make a private copy)


Well, maybe they don't use Stripe for payment processing?


Not being advertised for or primarily used for copyright infringement.


In what way is uploading the music you bought to private cloud storage illegal?

Google Music asked me to upload songs and I did. Is Google really going to get sued to oblivion? I doubt it.


Depends where you live

In the UK its technically illegal to rip a CD to your own PC to back it up, for example, see the recent high court case(s) about it where the government won against Brennan (who make hifi gear which can do this) - no different to this app.


In 2014 the government passed a law making ripping explicitly legal. In 2015 the music industry sued and the High Court ruled that the law was contrary to some EU directive and thus invalid. But I don't know if that law was annulled by the court decision, or if it was merely dormant until we left the EU. The Brennan ripping devices are still on sale. Do you have a link to this case?


I was under the impression that this had been changed in the last few years. Do you have a link for that case?


I’m still getting adverts for Brennan thingies online, did they find a way around the court judgement?


Google Music (fka Google Play Music) have license agreements! e.g. https://www.cmrra.ca/socan-csi-strike-licensing-deal-with-go...

Part of the reason google/youtube are quasi-monopolistic is that they've already been through all of this, they've had the arguments and the lawsuits in various different territories, and they've reached agreements and paid money to deal with the copyright issues.


They had matching though, so if you had a lousy quality mp3 that matches through audio fingerprinting it would be upgraded.


To be fair, the music industry knows they couldn't beat Google in court on this.

The same can't be said for OP who probably doesn't have the time or money to fight it as evidenced by this post.


Did you miss this sentence, or are you disagreeing with it?

> According to Capitol Records, Inc. v. MP3Tunes, LLC, this is absolutely OK in the eyes of the law


What precisely does "this" refer to in that sentence?

https://casetext.com/case/capitol-records-inc-v-mp3tunes-llc

From a quick read of that, it appears that Mp3tunes lost the case, had a huge damages award made against them, as happens a lot, and the overall damages were deemed excessive and reduced to $750k.


I haven't actually read the case, but from the summaries I've seen it sounds like MP3Tunes won on the parts that matter when it comes to whether or not one can legally run a music locker service without permission from the copyright owners.

In particular is said that the DMCA safe harbor is available to such services, and that deduplication is not a problem.

MP3Tunes did not adequately deal with DMCA takedown requests so didn't get full safe harbor protection leaving them liable for some user's uploads. Also MP3Tunes' founder had infringing songs stored and they got nailed for those.


This is straight up victim blaming.


As someone running about to start a SaaS, this is scary. Can you comment on if you've tried alternative payment providers/gateways?


Stripe approves most if not all accounts without underwriting.. People wrongly assume this means their business is "OK".. Stripe then waits until the account begins processing transactions before underwriting.. Oh woops, after proper underwriting/review, your business type is not allowed!


I haven't tried any others (yet). I would be open to suggestions. Currently I only have 3 paying users and I will probably just throw in the towel. I will leave the files online for a long time and let everyone know so they have ample time to migrate elsewhere.


Paymentech. It's a hassle to get started but it's worth it. It's also a lot cheaper than Stripe and you don't have to worry about random account closures.


I'm looking for backup providers as well. I absolutely hate how you have to go to complain on HN (and have the post noticed) to get any support at all from Stripe. What is the hassle involved with Paymentech? How easy is it to integrate like Stripe is? How is it cheaper?


I'm in the same boat.

Signed up to Paddle and immediately got flagged as high risk with no explanation. I complained on Twitter and the CEO had a human check us out manually. We're in the process of verification but honestly I don't have big hopes.


Sorry about this. I work at Stripe — could you email me at edwin@stripe.com and we can dig into this further?


Why is it so hard to fix your processes instead of relying on the HN Support Forum for the privileged few that know it’s an option?


Because at $5 MRR any time Stripe spends on this translates into a loss for them. But it's good PR so they should solve it anyway. Realize that operating a business like Stripe at scale is a lot harder than it may seem to be on the outside.


Today its $5 MRR... tomorrow it could turn into millions annually. They are shooting themselves in the foot. They live to give startups a leg up in terms of monetizing. I doubt this issue would take more than an hour for someone to look at it and realize someone goofed internally. Hell, someone internally goofed and wasted more money probably by not being thorough thereby forcing further time wasted.


Stripe approves accounts without underwriting.. They wait until the account begins to process transactions before underwriting.. This is the result.


I don't believe this to be true. In the US you have KYC laws which are a part of underwriting. We also use Stripe Connect which also onboards new stripe accounts and can watch the automated underwriting happen.


KYC is part of the underwriting process... You have to first know your customer before you can understand their business and assume the risk of processing their transactions..


The catch-22 here is that it doesn't become good PR for them until the customer posts a complaint on social media. If Stripe solved it privately and then released a press release, people would accuse them of either lying or being manipulative, and there goes their good PR.


Yes kind of, although if they fix it they could become the de-facto home for startups. That kind of market ubiquity is hugely valuable. Every time something like OP happens it pushes people (like me) away from using Stripe. I don't want to spend time integrating with a service that might pull the plug from me, and I don't have time to research all the various little ways that my business might be "too risky" to extreme regulation. I get that some stuff is too risky, but a service that lets me talk to a human before wiping me out would be real nice.


HN Support = press prevention plan


What's the maximum number of false positives they are allowed to have before you consider the process "fixed"? And do you think it would be an improvement if they purposefully didn't check HN for bad support experiences?


It'll be fixed when the number of "but they denied my appeal with a short template response" drops to 0. A template response means they didn't even read the appeal, which has nothing to do with the original false positive.


Stripe is not the only option for payments. Why not switch instead of giving up? Sounds like a neat product.


What are the best alternatives to Stripe that offer better quality service, the same ease of integration especially with Wordpress based plugins, good pricing, and much better customer support?


I'm not saying they're not the best. I'm just saying they're not the only ones.


I'm looking for alternatives, so what would be a good alternative? Anything you have specific experience with?


I wonder if things looked different if you had a legal team and deep pockets.

It's worrying that this concentration of wealth and such services acting as gatekeepers and essentially deciding whether you can run your business or not are not properly regulated yet.

I mean, it certainly plays into hands of big corporations, who don't want to see new players and challengers on the market.

The way things seem to be going is talented people shouldn't run their own business, but rather be employees of big corporations and help shareholders buy new private jets and so on.

In my opinion, company like Stripe shouldn't be allowed to block small business like that.


Maybe the laws should be changed so that freedom of association is properly only a human right, and for corporate persons, instead having it be a privilege that phases out as the corporation grows, and going away entirely for FAANG-sized corporations.


Laws should mandate the federal government operate an electronic money account and transfer capabilities to everyone at all times. Just like the federal government is tasked with issuing cash.

If there are illegal activities being done, then that is for the courts to decide (but they still do not get to take away the electronic money account and receiving/sending capability of anyone, just the money assuming conviction).


This is an interesting idea, is there any reason why the government owns the supply of money but they don't own a way to transfer it? Especially with electronic money, why isn't there a government payment processer? It kind of touches on the topic of taxes too, doesn't it?

If the government owned a transaction system and you used that exclusively then they'll know everything you bought and sold. It's already an honour system so it's not like you're eliminating cash or even need to. Paranoid people could continue to use cash and the tax system would work exactly the same for those people. The government transaction system would be a convenience for most of the population.

I'm spitballing here - my comment may not even make sense in context.


I noticed that this website does not meet the requirements of Japan's "Act on Specified Commercial Transactions" because it only lists part of the address [0]. The Q&A page states that the address information needs to be an "address at which you are actually doing your business without any omission (e.g., including room number)" [1][2].

[0] <https://inter.tube/terms#tokusho>

[1] <https://www.no-trouble.caa.go.jp/foreignlanguage/english/qa/...>

[2] <https://www.no-trouble.caa.go.jp/qa/advertising.html#q17>


Why not switch payments providers? Stripe decided they don't want to do business with you, which is their right, but there are dozens of others in the space.


> I decided to buy full albums directly from the artist as much as I could. inter.tube just allows you to keep your collection safe and easily accessible.

Unfortunately too often people will take advantage of those with the best intentions.

I see you got your account back and that's really great. The project looks really interesting and was similar to one I started and never completed. So great to have an option!


This scares the crap out of me. Is there any way to migrate existing subscriptions from Stripe to another provider if you get banned like this?


On the homepage: "laid back. lowercase."

Maybe it's just me, but I dislike the trend of putting everything into lowercase. Not only do I find it more difficult to read, but my brain is constantly in "grammar correcting" mode. Usually I'm fine correcting the occasional typo in my head, but with this it's like having a mini interrupt at the start of every sentence.


I did something similar. I ripped my DVDs and music CDs to a NAS-box. Then later moved some of them to S3 so I could access them while on the road. I wrote a very simple service to look at the list of files in S3 and provide a list of video and audio files. Like you, I bought every CD and DVD in my collection. I did not make the service available to anyone else and I didn't share access to my files.

I think the only difference is I didn't put in the effort to make it look nice and didn't try to make a commercial service out of it.

But it did get me thinking about whether there's a market for people who have their own AWS account and are willing to run software in their own instances. But not corporate stuff, but things you might have had on your PC in the 90s: catalog of media, simple task list, etc.


ex-stripe employee. Keep in mind that Stripe is a big global company who errs on the side of being risk averse. Even the smallest hint of something that would violate the merchant policies may get you banned.

At their scale, not everything goes through human oversight.


I have tough question for you: how good your service in understanding convoluted metadata and non-traditional formats?

I have about 2.5Tb of Music, and I can not import it to any media management / streaming self-hosted service (including Subsonic and all other DLNA servers & Ko).

Problem is... Metadata. Messy metadata.

Typical solution imports 1/2 of my collection Ok, 1/4 with mangled metadata and 1/4 without metadata at all or can not import completely.

Typical pain points:

(1) Metadata contains "Unknown Artist - Track01", but filenames are Ok and all information can be extracted from file names.

(2) It is FLAC, one file per Album, internal CUE and additional CUE file which references (absent) WAV file in same folder. Typical software duplicate such albums and one copy works, and other is "Not found" - and you must try to play to distinguish two. Some software can not understand embedded CUE at all, and show this as one big track + not-working album (because it can not find WAV referenced by CUE).

(3) FLAC, file per track, with per-track metadata, and CUE which reference all these files to add proper between-track pauses. Typical result: two identical albums. Often such CUE is rejected as "invalid" (because such CUE are "non-standard" extension invented by Exact Audio Copy software), and then it is Ok, but - see next item.

(4) FLAC, flile per track, files doesn't contain any metadata, but there is CUE which reference all these files. It works Ok, if CUE is not rejected as invalid, and, again becomes "Unknown Author - Unknown Album - Track N" if CUE was rejected (often).

(5) Same as 2-4 with APE, WavePack or TTA (do you know this format?) instead of FLAC.

(6) Such monstrosity as ISO9660 image which contains WavePack file (one, whole album), CUE, LOG, some JPEGs. With extension ".iso.wv". Looks like only foobar2000 on Windows can show such container properly, as one album packed with WavePack.

(7) ID3v1 with some non-latin characters in some 8 bit codepage (typically Win-1251 Cyrillic, but not always).

(8) ID3v1 with UTF-8 characters.

(9) ID3v2 with non-UTF-8 national characters.

(10) CUE files in single-byte codepages and not UTF-8 / CUE files in UTF-8. Different variants cause problems for different software.

I'm really struggle to "publish" my collection to listen to it on-the-go...


I'm very confused by the pricing here. $20/month ($240/year) gives you only 2TB of storage. But Backblaze's consumer product provides unlimited storage for $7/month (or $70/year). The offering closest in price is the $5/month one here, which only gives 250 GB - a very big difference for people with large music collections.

I get that this provides additional value on top of the Backblaze consumer offering, but at the same time, that seems like a massive markup for the underlying storage, for people who have large music collections (ie, the people most likely to want a service like this).


Backblaze B2 and Backblaze's Personal Backup product are completely different and have completely different pricing strategies and customers. B2 is priced at $5/TB/mo in storage, so this is 2x that. But the service also has to cover API costs and transit egress fees, so you can't just run it exactly at market price, either.

I guess you could just put all your music on a Personal Backup account and use whatever music player you want, but the whole point is that you're kind of paying money for the web UI, for it to be always online and available, etc. I don't even know if Personal Backup will let you do things like shallow copies of subsets of your backups, which would be necessary to get music on multiple devices. Why copy your 1TB music collection to 5 computers? How do you get it on mobile, etc.


Yes, I get that this adds value on top of Backblaze (e.g. Dropbox is not just rsync), though even then, usually services that resell or build on top of an established commodity product (e.g. storage) model their own pricing models off of the underlying commodity, which is why I was surprised.

But I didn't realize that Backblaze B2 had a completely different pricing scheme. This makes more sense now.


The Backblaze consumer offering does not have a freely available API.

As the post says - they use B2: https://www.backblaze.com/b2/cloud-storage-pricing.html


This is basically what I've been looking for ever since GPM died. I hope you reconsider (and possibly introduce a lower tier; I don't have a ton of music, so $2 for 50GB would be amazing).


I just added a 50GB plan for $1.50/month. Check it out and let me know if anything is messed up.


Just out of curiosity, what is the average library size of your userbase?

I ask because my collection would throw me into the "big chungus" plan--maybe the default plan if I trimmed everything out that I'm not reasonably likely to actually listen to.

I have nothing wrong with the service, but for $20/mth, it would probably be cheaper for me just to buy a NAS with a 2TD drive and find some way to share it out over a VPN.


Why not move to a different payment processor?


Good question. I'm open to it, but this project is already not very successful (see my comments in an old thread here: https://news.ycombinator.com/item?id=35461596). I think I'm just a bit burnt out on it. Perhaps open-sourcing it will reinvigorate the project a bit. Ultimately I made it to scratch my own itch and I'm happy with what it is now, so at the very least I can use it for my own needs.

I would be happy to hear any advice for better payment processors, of course.


Stripe didn't kill your service, you did by not building it with the ability to switch to a different processor.


This comes up a lot but instead of victim shaming, we need to look at the fact that a lot of small mom and pop indie businesses do not have the resources, time and need to really have a backup plan like the one you are suggesting. The cost of implementing a backup processor for a small indie business is almost always not worth it. In hindsight in this case, one could argue but no.

Instead, we need to hold Stripe responsible to do a better due diligence upfront if they want to do business with these small indie hackers. That was the point of Stripe and now they have become that giant incumbent.

I am not advocating against Stripe relaxing their rules. I am just saying that they need to do better job enforcing early on than one random day. If it was not good enough today, it was not good enough on Day 1. Stripe needs to invest in figuring that out early. Reject me on Day 1 than Day 90 or a year later.


This is why we bitcoin


No.

Bitcoin will not help you here. At all.


It will help if you have a way to turn bitcoin into your preferred currency and vice versa. It's an option, not a complete replacement.


/s Helpfully, Stripe provides a path for exactly this https://stripe.com/docs/crypto/overview


Why not?


How many people use bitcoin for daily purchases today? How many want to use bitcoin for daily purchases ? How many people CAN use bitcoin for daily purchases ?


The actual questions you should ask in this situation are:

How many people who use bitcoin would use this product? How many want to use this product and don't know how to use bitcoin? How many people CAN use bitcoin for THIS purchases?

We're never going to switch to bitcoin for daily purchases but that doesn't mean it shouldn't be an option for people.


Because the answer is that nobody uses Bitcoin for anything legitimate other than speculation, paying off ransomware debts to criminals and just down right scams and fraud.

I am yet to see any viable usecase of this bitcoin mania that is legitimate and doesn’t need tons of energy waste to accomplish its goal.

For almost 15 years of bitcoin it has completely failed and we have no use for it.

So yes, we should never switch to bitcoin for daily purchases (because it fails at that) and we should never switch to an ‘alternative’ like bitcoin if that said alternative is even worse than the current system, which it is.


That isn't true. I have a PornHub subscription that uses bitcoin. There's nothing speculative about it and it's completely legitimate. I've also used to to purchase indie games instead of giving Steam/Google/Apple/Epic a cut. I'm looking for a Spotify alternative and this seems to fit the bill and I'd give OP some bitcoin to check it out.

Just because viable usecases don't exist today isn't proof that they'll never exist and isn't a reason to stop development. If we gave up on hard problems because we didn't solve them in 15 years we wouldn't have the AI we have today.


"Bitcoin is only used for scams. Since this isn't a scam, Bitcoin can't solve the problem."


The main use of Bitcoin is for purchasing drugs by mail-order on the darknet. There you have the purpose and the value in Bitcoin. The value of that usability is massive.


You should check out nostr :)


Because you'll still need to exchange it to real currency.


That's not the problem. If you had cryptocurrency from a lawful business activity in a non-custodial wallet, there are any number of places you can convert it to US dollars, and if you had a dispute with any of them you could use any of the others.

The problem is the easy way to accept cryptocurrency is with a custodial wallet, and then they can be the same kind of jerks as PayPal et al. The premise of cryptocurrency was that it should be decentralized and as yet, it's... not.


It is decentralized in a way, like cash, but it's not as safe as cash. Technically cash isn't decentralized but for all intents and purposes it may as well be. Especially USD because anyone in the world will accept it.

It's a little harder to scam/dupe someone with cash (especially in the US with USD because of the centralization) and you have the government to help if you receive counterfeit money. That's the part that makes bitcoin fully decentralized and a pain in the ass to deal with other people and trust - nobody wants to help you if you get scammed with bitcoin. You're completely on your own and wholly responsible for anything that goes wrong.

There's nothing stopping you from meeting with someone and sending them bitcoin to their non-custodial wallet to buy their old patio set. There's also nothing stopping you from making a craigslist ad to trade your cash for someone's bitcoin from their non-custodial wallet. Well, except for fear and how sketchy it would be to stand around waiting for a confirmation before handing over the cash. I can admit the fear and sketchiness goes to 11 though and if that never changes bitcoin will never go mainstream because cash will always be better.


> It's a little harder to scam/dupe someone with cash (especially in the US with USD because of the centralization) and you have the government to help if you receive counterfeit money.

How is this any different?

If you give someone a stack of hundred dollar bills and they rip you off and disappear where you can't find them, you're out of luck.

If someone commits fraud and you do know who they are, that's still illegal even if you paid them in Bitcoin.

The primary difference is that you can send someone Bitcoin over the internet. And then if they're on another continent your local law enforcement isn't going to have much to say about it and their local law enforcement may not care.

But in many cases that doesn't really matter. How many times do you actually pay anything to disreputable nobodies over the internet? It's mostly established merchants with known reputations that they're not inclined to sully just to rip someone off for a couple bucks, regardless of whether the customer can do a charge back.

It's not the irreversibility that's the problem. It's the UX, or the regulatory overhead, or the network effect. It has to get to the point that Netflix says "hey, Mastercard is charging us 3% and we could avoid that with Bitcoin, why are we leaving money on the table"?


Why not use another payment method ?


At Stripe, we believe that the burden of proof is on he who denies, not on he who declares.


With a small VPS + B2 + rclone, I just run my own dockerized *Sonic for my own use.

I mean good on your for opening it to others, but this sort of stuff is why I just roll my own for my own use.


This is awesome! Have you given any thought to writing a Sonos connector? It would be great to have streaming of my own collection. Right now, my solution is a NAS.


Can you start the free trial anytime after registration? I'd like to register to poke around but wouldn't be ready to start using it yet.


Are there any decent alternatives to stripe or is it the only game in town?


would recommend changing the license to something more restrictive like AGPL if you're going to keep it open source


Permission-less banking is the solution.


What is stopping more people from using blockchain networks for payments on their SaaS? From what I've seen, the transactions are just as easy to craft as a Stripe API.


Because running a business on cryptocurrency adds a lot of other operational headaches. Like volatility and currency conversion. If I’m running a small business, I want to focus on that and not an additional forex business


USDC is stable, not to mention you can charge in cryptocurrency based on the value of it compared to your native dollar. Not to mention the fees of using Stripe are insane compared so some networks that have native USDC.


should have had your lawyer send their lawyer a letter

doesnt have to be a big mega highly paid lawyer


You know that Stripe isn't the only payment game in town right?


Maybe you should accept crypto as payment and keep the service up?


y helo thar


>inter.tube will likely die

TBH the first sign of adversity and you're already looking to call it quits. Its not a real big selling point




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: