Free tier and free trial abuse is a huge problem, but also a huge opportunity.
We have seen customers where free tier abusers created 80k+ accounts in a day and cost millions of dollars. We have also seen businesses, like Oddsjam add significant revenue by prompting abusers to pay.
The phycology of abuse is also quite interesting, where even what appears to be serious abusers (think fake credit cards, new email accounts etc.) will refuse a discount and pay full price if they feel they 'got caught'
I’d love to hear more about the idea that somebody making a fraudulent signup with a stolen credit card is potentially going to pay full price if they “get caught”
There are obviously people who are doing free trial abuse for commercial gain eg. Signing up 1k accounts to get test credit cards or to resell accounts. They are not going to convert (although sometimes you can successfully convert them into affiliates)
We have seen individuals just trying to get free accounts week after week, who when nudged once pay immediately thousands of dollars even after using fake, stolen or empty cards.
These individuals think they are being cheeky and when they are 'caught' they revert to doing the right thing.
> We have seen individuals just trying to get free accounts week after week, who when nudged once pay immediately
This pattern is everywhere. It was foreign to me for a long time because I'm the type of person who likes to play within the rules. There are a lot of people who get a kick out of gaming the system to their advantage, even to the point of breaking the law.
Many people have zero qualms about stealing things when they imagine it's a faceless corporation on the other side. They might even rationalize it with mental gymnastics until they think they're doing the right thing. You see it most often when the topic of media piracy or sharing Netflix logins comes up.
This mindset is very common in startup communities. I've heard so many stories from founders gloating about how they abused some system or used a loophole to avoid paying for something they could clearly afford. It's like a badge of honor to some people. I know one guy who bought an EV but hasn't installed a charger because he drives it to a business down the street and uses the EV charger they installed for their employees every night. Another guy used to brag about sneaking into a cafeteria for another organization and stealing lunch every day. A while ago I talked to a guy who liked to "dine and dash" without paying his tab, even though he could easily afford it. For them, it's all about getting away with it and winning a game.
As soon as you make it obvious that someone is watching them, they cave. They don't want to be the type of person who abuses actual people. They only like to abuse what they see as faceless systems.
I was referring to generated or disposable card numbers rather than stolen. maybe that is the confusion?
An concrete examples of converting a user using these types of cards for free trial abuse is a user who signed up 8 week in a row using different emails, names, IPs and cards. Nudging of these users was enabled and on trying to sign up for their 9th trial they immediately switched back to their original account and converted at full price.
OP here, I was trying to say that these pages were behind an authwall and loading with userids from a specific user but without any of their cookies to support that auth.
This led us to believe this page was MitM rather than crawled directly (as they would not be able to impersonate the user)
That's how I read it also. If the ids you're referring to were in the URL, it's almost certainly URL Filtering. The URLs are fed to the crawler via MITM, so you were basically right.
On the other hand, as someone with ADHD who is easily distracted, I couldn't even finish reading the article. Those GIFs are super annoying and don't play once, no they play again and again.
Sad, because it sounded interesting, but no way I could focus enough to actually comprehend it.
Browser extension is what we originally thought for exactly the same reasons you did. We started to see some requests show up from iOS devices which didn't support extensions so that made us think MitM corporate proxies.
The diversity of cloud networks looks to be due to these being deployed by individual institutions (eg. universities, corporations etc.) rather than only run from Palo Alto Network's data centers.
We also saw slightly different configurations with different browser versions, but with the same pattern of behaviour.
iOS has supported Safari extensions since iOS 15 (late 2021). There are far fewer extensions for Safari than Chrome or Firefox; they've been steadily adding more as Safari gets closer to the same Web Extension standard used by other browsers, but most developers still shun iOS support since the extension has to be wrapped in an iOS app rather than being loaded from the web.
That was on my list of candidates as well! Those usually have a specific user agent making it clear what they are, they appear from a companies netblock (eg. Facebook, Microsoft) and cannot access authed pages (unless the key is in the url).
In this case these appeared to be all MitM'ed pages from a security device since the key wasn't in the url and it contained userids for a specific user.
Exactly! Our library is embedding in these pages and similar to Segment or other analytics tools will get told information about user events from that state. Sometimes that state is stored in the page that is sent over the wire (eg. userid) and as such we get a request saying a particular user is on the other side of the world.
It appears this is to find threats that might have no otherwise triggered or work out is particular sites are dangerous without monitoring a users machine.
It is scary that for people in a corporate environment this could be rendering banking, messaging or any other pages contents.
In a corporate environment, i.e. one with managed laptops/workstations, it's best to assume that your employer can access the content of every page you visit.
Some employers might not actually do that, but that decision is usually neither static nor will a change in it have to be reported to you under most policies.
Explicit feedback to the submitter that a submission title (or URL) is being modified (e.g., URL canonicalisation, denumeralisation, de-howification) might help ameliorate this issue.
It's bad enough trying to proof my own comments what with being navigated away from that comment (I've a few recent typos caught well outside edit windows which nag on me as I type). Changing submitter's content without notice is ... less than optimal.
I'll note that certain edit features (e.g., year edits) do involve a confirmation, which has in fact proved useful.
The strength of a referral, the proximity and seniority of the referrer and role fit all come into play.
A strong referral by a knowledgeable person often skips that person to the front of interview queue. I have hired a number of people based on referrals from team members, VCs and previous coworkers.
Many referral systems have a how good do you think this personal really is field and often an option for "I don't know this person that well I am just referring them to say I did".
If you are asking for a referral, make it as easy as possible for the referer to make you look great. They probably don't remember all your awesome work like you do, so make sure you give them simple impactful points.
We have seen customers where free tier abusers created 80k+ accounts in a day and cost millions of dollars. We have also seen businesses, like Oddsjam add significant revenue by prompting abusers to pay.
The phycology of abuse is also quite interesting, where even what appears to be serious abusers (think fake credit cards, new email accounts etc.) will refuse a discount and pay full price if they feel they 'got caught'
reply