[prepend]

It’s not the $1, it’s the identity linked to the charge. So now they can be blocked as well as traced back to the funding account.

I once was in a charity sponsored therapy group and they had a $10 fee. I was annoyed as this was a pretty wealthy organization and the fee seemed discriminatory, or at least a hassle. I learned that it was just there to validate each participant.

So I think this is just a filter to help reduce bot spam.

[SXX]

If X or Twitter or whatever accept payments via Apple Pay or Google Pay then there is absolutely no way to track anything. It's those services simply dont provide any information back to ex-Twitter.

Also there is number of services like privacy.com that allow to hide real card details. And even if person is using real card then payment process have absolutely no way of knowing anything except those few last numbers of the card.

Bypassing credit card checks for botting as easy as any other protections.

[johncolanduoni]

When performing this kind of verification, you can easily (and usually do) block cards from services like privacy.com by looking at BIN codes. I also don’t think spammers can get large numbers of unique DPANs from Apple and Google Pay since that involves a cryptographic exchange between your device and Apple/Google with involvement from your issuing bank.

Also most payment processors provide some sort of key that lets you identify if two users entered the same credit card number, for example Stripe[1]. So you’re not limited to last four digits for checking if two cards are the same.

[1]: https://stripe.com/docs/api/cards/object#card_object-fingerp...

[SXX]

Yes you can block everything, but with every specific service blocked you limit your ability to accept new users. There also legitimate banks that let you have 5-10 virtual cards or generate unique card each time you pay.

Spammers do have large number of unique phones in their farms as well as budget to have undetectible rooting and hardware ID faking. And Google Pay / Apple Pay as well as majority of banks actually do nothing to prevent you from adding your cards to 10 different phones.

Of course it's all makes lives harder for everyone who want to get a new account, but nothing including literal ID / passport and face verification make is impossible to bypass.

[freeone3000]

You can get a ton of DPANS from Google Pay simply by logging in with a different Google account.

[axelthegerman]

> payment process have absolutely no way of knowing anything except those few last numbers of the card

This is just plain wrong.

1. Payment processors know everything because they process the payment

2. Application developers don't know anything besides the last 4 is closer to reality because they're probably not PCI compliant to access the remaining information. BUT some processors such as Adyen will try to provide a unique identifier for each card (that has no further information except linking multiple purchases across vendors and channels).

Now with this unique identifier X still wouldn't know WHO you are but they could provide that information to advertisers that might know or at least use it to track you online and in person

[SXX]

> 1. Payment processors know everything because they process the payment

They know all the information you given, but in practice they can't even verify "name on the card" that you entered in most of countries. In some countries they can check your billing address ZIP code, but that's all about it.

And there absolutely no way for them to find out if you are unique user with one card or you just have 10 cards for the same credit account or created 10 supplimentary cards for all your family and the dog.

[prepend]

Apple and Google and Stripe do not allow the same card on multiple accounts.

Also, having a fraudulent Apple Pay account is pretty rare and requires an entire apple account. That can be shut down if shenanigans.

My original point is that having a credit card greatly reduces the anonymity of accounts and allows for greater ability to trace back to the user. Both for uniqueness (ie, does prepend front 500 twitter accounts?) and for legal reasons (eg, prepend just did a crime, let’s find out who prepend is).

This doesn’t mean people can’t get around it. It means most people can get around it.

[prepend]

Apple and Google absolutely have fraud capability and will cooperate with merchants and law enforcement.

[chadash]

I think for the therapy group there’s also an aspect of wanting people to have some skin in the game. If you give something away for free, plenty of people will take it. But as soon as you put a mild obstacle in the way, even if it’s a small payment, you’ll weed out the people who don’t really want to be there.

[matthewdgreen]

> It’s not the $1, it’s the identity linked to the charge. So now they can be blocked as well as traced back to the funding account.

Do people on HN actually think this will work? I'm genuinely curious. Knowing everything we know about the underground economy of sockpuppets, bots and carders - combined the (un)willingness of real people (especially in relatively poorer countries) to pop out their credit card during signup for a social media site - do folks really think this will produce a high-quality stream of new signups?

[etchalon]

It's not even about the quality of signups.

It just will not solve the problem he's trying to solve. It will reduce low-effort and out-of-box tooling, but it'll also increase the value of successful networks, which will encourage better tooling and cover the mule costs.

[sumeno]

Hope the bots don't discover stolen credit cards

[johncolanduoni]

Stolen credit cards generally cost enough per number that getting one Twitter bot out of each is not going to be economically viable. Not to mention the fact that if the $1 is charged back, Twitter will know about it.

[thathndude]

The backlash is funny. USPS does the same thing for mail forwarding to verify identity and legitimacy. It’s not like this is some crazy money-making idea from Elon.

[ceejayoz]

> It’s not like this is some crazy money-making idea from Elon.

It's going to give him real name, street address, and zip/postal code for these users; for a company that makes most of its money off ads, that's absolutely money-making.

[orwin]

I remember having to send a euro for a service (can't remember which, only that I was building my rack at the time, but it might have been for a car pooling service), but it was immediately reimbursed upon reception from the service provider.

[matthewdgreen]

People need their mail, because they can't things like social security checks without it. It's not clear that anyone really needs Twitter, except for influencers and bot-shops.

[wredue]

There’s a 0% chance that musk has any private interest in reducing bots. Bots was his excuse to try to get out of an obviously shitty deal that he made. That’s it.

[littlestymaar]

It only works if you ban them in the first place!

Given the current policy around blue tick (which is full of crypto bot and onlyfan sex workers, without any reaction from Musk whatsoever) I doubt it will have any effect.

Also, World of Warcraft servers are full of bots, despite needing to pay to create and keep an account, so again it doesn't bode well.

[raverbashing]

Plenty of bots are paying the 5$ verified account

It's a non-issue

And of course a lot of them have the same X logo or Elon's picture, because His Xcellence probably fired the thinking heads dealing with spam

[nisegami]

You need to follow up the payment barrier with identifying bots and the info (cc+contact) they used to verify their identity.

[devnullbrain]

Oh, just identify the bots.

[godzillabrennus]

I’m surprised he hasn’t asked his fanboys to volunteer to moderate. Reddit has volunteer moderation.

[inversetelecine]

And Reddit just got done crapping all over them, and they're still there working for free. I think X will be ok.

[input_sh]

What do you mean he hasn't, I'd definitely classify community notes as a volunteer-based moderation.