It’s not the $1, it’s the identity linked to the charge. So now they can be blocked as well as traced back to the funding account.
I once was in a charity sponsored therapy group and they had a $10 fee. I was annoyed as this was a pretty wealthy organization and the fee seemed discriminatory, or at least a hassle. I learned that it was just there to validate each participant.
So I think this is just a filter to help reduce bot spam.
If X or Twitter or whatever accept payments via Apple Pay or Google Pay then there is absolutely no way to track anything. It's those services simply dont provide any information back to ex-Twitter.
Also there is number of services like privacy.com that allow to hide real card details. And even if person is using real card then payment process have absolutely no way of knowing anything except those few last numbers of the card.
Bypassing credit card checks for botting as easy as any other protections.
When performing this kind of verification, you can easily (and usually do) block cards from services like privacy.com by looking at BIN codes. I also don’t think spammers can get large numbers of unique DPANs from Apple and Google Pay since that involves a cryptographic exchange between your device and Apple/Google with involvement from your issuing bank.
Also most payment processors provide some sort of key that lets you identify if two users entered the same credit card number, for example Stripe[1]. So you’re not limited to last four digits for checking if two cards are the same.
Yes you can block everything, but with every specific service blocked you limit your ability to accept new users. There also legitimate banks that let you have 5-10 virtual cards or generate unique card each time you pay.
Spammers do have large number of unique phones in their farms as well as budget to have undetectible rooting and hardware ID faking. And Google Pay / Apple Pay as well as majority of banks actually do nothing to prevent you from adding your cards to 10 different phones.
Of course it's all makes lives harder for everyone who want to get a new account, but nothing including literal ID / passport and face verification make is impossible to bypass.
> payment process have absolutely no way of knowing anything except those few last numbers of the card
This is just plain wrong.
1. Payment processors know everything because they process the payment
2. Application developers don't know anything besides the last 4 is closer to reality because they're probably not PCI compliant to access the remaining information. BUT some processors such as Adyen will try to provide a unique identifier for each card (that has no further information except linking multiple purchases across vendors and channels).
Now with this unique identifier X still wouldn't know WHO you are but they could provide that information to advertisers that might know or at least use it to track you online and in person
> 1. Payment processors know everything because they process the payment
They know all the information you given, but in practice they can't even verify "name on the card" that you entered in most of countries. In some countries they can check your billing address ZIP code, but that's all about it.
And there absolutely no way for them to find out if you are unique user with one card or you just have 10 cards for the same credit account or created 10 supplimentary cards for all your family and the dog.
Apple and Google and Stripe do not allow the same card on multiple accounts.
Also, having a fraudulent Apple Pay account is pretty rare and requires an entire apple account. That can be shut down if shenanigans.
My original point is that having a credit card greatly reduces the anonymity of accounts and allows for greater ability to trace back to the user. Both for uniqueness (ie, does prepend front 500 twitter accounts?) and for legal reasons (eg, prepend just did a crime, let’s find out who prepend is).
This doesn’t mean people can’t get around it. It means most people can get around it.
I think for the therapy group there’s also an aspect of wanting people to have some skin in the game. If you give something away for free, plenty of people will take it. But as soon as you put a mild obstacle in the way, even if it’s a small payment, you’ll weed out the people who don’t really want to be there.
> It’s not the $1, it’s the identity linked to the charge. So now they can be blocked as well as traced back to the funding account.
Do people on HN actually think this will work? I'm genuinely curious. Knowing everything we know about the underground economy of sockpuppets, bots and carders - combined the (un)willingness of real people (especially in relatively poorer countries) to pop out their credit card during signup for a social media site - do folks really think this will produce a high-quality stream of new signups?
It just will not solve the problem he's trying to solve. It will reduce low-effort and out-of-box tooling, but it'll also increase the value of successful networks, which will encourage better tooling and cover the mule costs.
Stolen credit cards generally cost enough per number that getting one Twitter bot out of each is not going to be economically viable. Not to mention the fact that if the $1 is charged back, Twitter will know about it.
The backlash is funny. USPS does the same thing for mail forwarding to verify identity and legitimacy. It’s not like this is some crazy money-making idea from Elon.
> It’s not like this is some crazy money-making idea from Elon.
It's going to give him real name, street address, and zip/postal code for these users; for a company that makes most of its money off ads, that's absolutely money-making.
I remember having to send a euro for a service (can't remember which, only that I was building my rack at the time, but it might have been for a car pooling service), but it was immediately reimbursed upon reception from the service provider.
People need their mail, because they can't things like social security checks without it. It's not clear that anyone really needs Twitter, except for influencers and bot-shops.
There’s a 0% chance that musk has any private interest in reducing bots. Bots was his excuse to try to get out of an obviously shitty deal that he made. That’s it.
Given the current policy around blue tick (which is full of crypto bot and onlyfan sex workers, without any reaction from Musk whatsoever) I doubt it will have any effect.
Also, World of Warcraft servers are full of bots, despite needing to pay to create and keep an account, so again it doesn't bode well.
And payment processors can also identify these. And most of them you have to purchase with a minimum amount on ($10 or $20 afaik).
Virtual debit cards however are interesting. My bank lets me set up as many of those as I like and I don't even have to use my real name or billing address with them.
And yeah, there's also the stolen credit card / debit card market. I really can't see this adding that much pain for these bot handlers. It might make it a bit easier to identify the patterns at least.
I think this will just end up moving the problem further down the line and end up with twitter accounts being bought / sold.
Can you automate that though? Having to buy an individual card per bot could be a pretty annoying secondary cost for a thing whose lifetime value is likely measured in the single digits of dollars.
You don't buy card numbers individually. You buy lists of them, of varying quantity, quality and price and you just cycle the numbers until you find ones that work.
Costs per card about $5 bucks, and will get cycled into a multi-merchant hit to extract the most value from each card. A $1 Twitter charge, $50 bucks in digital gift cards, a "maybe it will work" hit for hundreds in electronics, or clothes, etc.
If nothing else, Twitter just made itself a GREAT place to test stolen numbers, since a $1 charge isn't likely to raise any flags and get the card shut down.
Bot farm owners are the only ones who dont care about either $1 a year or $5 a month because they are the only ones on platform who know their ROI very well.
I once was in a charity sponsored therapy group and they had a $10 fee. I was annoyed as this was a pretty wealthy organization and the fee seemed discriminatory, or at least a hassle. I learned that it was just there to validate each participant.
So I think this is just a filter to help reduce bot spam.