Love mailcow I moved off exchange to mailcow. I’ve used email for I guess 30 years now and every year it’s less reliable. My kids do not use email at all , they are on the internet with out actually using email. Sure they have a google account for YouTube but their services tend to allow a sign up with out an email. I can see a future where it continues to be less of a thing and turn into something held on by older people.
I’m never liked oatmeal generally prepared in the US. Then I flew to Australia and on quantas they served Muesli which is essentially rolled oats and milk with fruit which was delicious. So it turns out I liked oatmeal just not cooked down into mush. In the states I found bobs red mill which is my standard choice and I get the gluten free one not because I am avoiding gluten it just tastes better than their regular one.
FYI oats are one of those foods that are doused in roundup for efficient desiccation during harvest in the US. No clue if organic oats are dried with equivalent chemical inputs or otherwise concerning processes. After all, leaving oats to slightly mold/mildew isn't exactly great for human health either, but might be the comparable method of choice (for all I know) to shave a few pennies off the per pound harvest costs.
2-3 years ago in a support role I would get requests about domains masked cloudflare pointing to someone’s site. So the other domain would show the content of the other site and be masked by cloudflare. Dumping all the $server variables would pinpoint better where it was coming from and it could be blocked.
Rite aid is filing for bankruptcy and closing stores. Target sold off their in store pharmacies to cvs. Most of the mom and pop pharmacy’s near me are closed or a Walgreens or cvs now and Amazon is starting to get into the game.
All these can be the wrong assumptions for sure. Working in a space with some fraud though I can tell you the majority of users verify fine and there ate only the few percentage that don’t for any number of reasons some what you have given above. For smaller vendors though things to consider are
- a charge back can come up to 6 months later. A loss of that is not only a loss of funds but a charge back fee
- too many charge backs could affect the merchant account with the potential of a loss of being able to run your business and this can extend to PayPal or anything merchants run charges through.
- Fees may go up like interchange fees on running credit cards if an account is deemed higher risk.
- blacklisting from visa or Mastercard or merchant accounts in general is not unheard of. Loosing access to running credit cards would be the end of many businesses.
So mom and pop shops need to be aware of fraud and ensure it is low or taken care of. You can’t just accept every order and hope for the best. Fraud does exists and when only a few percentage of users meet your list of incorrect fraud assumptions it’s easy to see why they are used at least for extra verification.
One good thing for merchants for those who accept crypto like Bitcoin is all the risk moves to the sender not the merchant. There are no charge backs - so merchants who take crypto should be able to be a bit more lenient on payments and verification.
The problem is that it's not acceptable for online providers to converge on making life miserable for "a few percent" of people.
This is a market failure: to save the cost of a few bucks, huge costs are imposed on these individuals. The answer is to have some mechanism whereby people who run into these issues can pay (once) the small cost of being validated in an alternative way (like, actually talking to a human and explaining what's going on, which is how these issues got solved in meatspace originally)
>The answer is to have some mechanism whereby people who run into these issues can pay (once) the small cost of being validated in an alternative way (like, actually talking to a human and explaining what's going on, which is how these issues got solved in meatspace originally)
The answer is to have electronic money accounts and transfer services be operated by the government, and to make it the government's problem to go after criminals rather than have the businesses left holding the bag.
That way the business is not incentivized to discriminate, as long as they get the money through the government money transfer service, they are guaranteed it as if they received cash.
Corollary is that you also need a law that guarantees the right for everyone to have an electronic money account that can send and receive money and that no government can take that ability away from you at any point in time.
And the government has to operate an identity verification API. And again, the onus is on the government to go after criminals committing fraud.
Once you put the onus of fraud or damages on a business, then every business will obviously start discriminating to minimize those costs.
For small and mid sized players, it’s not to save a few bucks. If your fraud prevention isn’t locked down tight then you will draw enough fraud that it threatens your ability to take payments at all. This stuff can kill a business in a bad day or two.
Take it up with the payment providers. They provide fraud prevention but like to leave vendors guessing about how to configure it, and make it a premium add-on, which is kinda fucked up since they’ll boot you off for letting too much fraud through. It’s a protection racket on the vendor side—they’re also being screwed by this state of affairs.
It's not to save the cost of a few bucks. Once people find out your site is easily susceptible to fraud, the majority of your traffic will be fraudulent. It only takes a few minutes to post a repeatable scam you found in a scamming discord for bragging rights, or to write a Python script to repeat the task over and over.
I've worked in fraud prevention professionally for years and adding a human verification layer to the equation would make me vastly less likely to believe a suspicious applicant was legitimate.
The externalization of costs onto customers is something I've noticed hard with the pandemic. Going to get medication at the pharmacy while fewer and fewer people worked and hours were closed, and finding out after the pandemic it's shitty still with multiple pharmacy chains having workers walk out and protest these conditions. As a customer - waiting in line for a refill can be endless. Being on hold in a call center, because you won't pay people enough to work your shit jobs, and handle issues locally, meanwhile, the time-cost is externalized on to us in longer wait times.
Workers/Customers lose, somebody's winning, but it ain't us.
(Again, this is NOT the same issue and not a complaint about the main topic).
Nobody contests that it's convenient. The question is whether it's technically correct. And the point is that it's not. Just because it's easy doesn't mean you found a solution.
Few percent of transactions for a payment processor means a few billion transactions. Visa on its own processes ~200B transactions a year. That's not a great threshold.
It's a trade-off though, right? Presumably it's better for the company to lose out on a small percentage due to false positives than to allow them through and subsequently incur a larger percentage of false negatives. They can aim for obtaining those transactions without incurring extra fraud but it has to be worth the cost and risk of the changes to the system.
Thanks for all the contributions @cperciva. FreeBSD update doesn’t get talked about much but going from having to rebuild FreeBSD for updates from source to binary updates has been incredibly useful.
Yes this would be easy and I would expect on most providers it could be done using a snapshot with out affecting the live system for a basic system install unless the file system was encrypted.
This would be similar to spam and blocklists. I know people have tried to sue blocklists (maps and spamhaus) but from memory they were not successful in the end. That included blocking email , sometimes with larger blocks with ip ranges not directly involved but in a similar range. Malware being flagged on an anti virus would be similar but in those case the user has an option to exclude the block. Google and Firefox block domains for phishing regularly as well.
