Comment by LiamPowell
1 year ago
I don't see why people are surprised by this or why people are calling it a scam. Netlify and others are extremely transparent about the fact that there are no limits. I completely understand not liking it and can see why the lack of limits would make it a bad option for plenty of people, but I don't see how it can possibly be called a scam.
Because it's unbounded liability.
Not to mention the strong conflict of interest for netlify, who stands to gain from their customers being attacked. Netlify is getting paid for something criminal in nature having occurred.
It's like who is responsible for credit card fraud? If customers are responsible for credit card fraud, and it's their responsibility not to get scammed, then who implements fraud prevention measures and what effect would that have on the volume of fraud?
Companies like these give out ridiculously huge free tiers in the hopes that very few users end up using the high free bandwidth limits. In most cases, they do. However, they do need to make their money back somehow.
I don't really get why people put their tiny static sites on hosts designed to never fall over no matter the traffic generated, no matter the situation. You're running a blog, not a government service. You don't need AWS or Netlify.
The ability to withstand almost any DDoS attack for a high price is a valuable service. It's not a scam. The people who get these huge bills just picked a hosting service that doesn't fit their requirements. I can promise you that the $3 shared hosting providers won't charge you $5k, five minutes after the DDoS starts your site just goes down.
Regardless, at the end of the day, budgets still need to be followed whether you're an individual or a business. It's simply insane in the first place that someone on the free tier would want absolutely no downtime regardless of how high the traffic is. For that, it would make sense for such an individual to be already on an Enterprise plan if they do expect it to likely happen and for which many do not.
1 reply →
> they do need to make their money back somehow
You're assuming Netlify is paying for bandwidth in $/GB, when in reality they're probably paying $/gbps and thus have no costs to cover when a customer temporarily bursts their bandwidth.
2 replies →
Any suggestions for hosts that will just make your site offline once it reaches its tier limit? Cloudflare and Netlify get suggested a lot and I was considering one of them before this.
1 reply →
> Not to mention the strong conflict of interest for netlify, who stands to gain from their customers being attacked. Netlify is getting paid for something criminal in nature having occurred.
I think you could argue that Netlify is guilty of racketeering in OP's case.
1. They admit illegal activity happened (a DDoS attack).
2. They demand money to be reimbursed for the illegal activity. However, the reimbursement they ask is several hundred times higher than the actual damages incurred.
My previous understanding was that service would be stopped once you hit past the free tier.
Upon review, it does not look like this is the case. I have several very low traffic projects on which would have never been anywhere close to the free limit. However, if I get involved in a random spam attack, it seems I could be on the hook for several thousand dollars.
This is incredibly dangerous. Netlify is often used as a beginner friendly free tier for static hosting. Not as something that is cheap, but as something that is free. This is just an overall dangerous position to put people in.
It does say it's pay-as-you-go on their pricing page. However they probably should have a giant warning page for new users who don't know that this is how this kind of service works if they want to target the beginner web-dev market. As far as I know, no other similar service has this though.
I looked up the definition of scam and the goal is to make money out of the naivety of the victim. It involves a crisis, the illusion of shared exposure to a risk.
The price of cdn bandwidth is about 0.01/gb on low volume (cloudflare, aws, azure…) so op should be billed around $500 with 40TB. Netlify probably buys this for way less. He was presented a bill at $104k, « generously » reduced to $5k, still a x10 margin. Vercel and Netlify are outrageously expensive for what they do.
>Netlify and others are extremely transparent about the fact that there are no limits
Are they also transparent about the fact that they
1. Won't do anything about a DDoS, and
2. In case there's a DDoS (or some other unusual traffic spike), you'll only get notified waaaaay after the fact when you get the $100K bill, instead of getting a timely alert that would allow you to shut your site down to prevent getting extreme charges?
No and no.
It's a scam.
The primary purpose of these services is to be able to scale up and continue working under heavy load, shutting the site down when this occurs would defeat the entire purpose of the service. I would say that they are transparent about both of the things you have listed by virtue of being one of those scaling serverless hosting services.
How about letting the user decide whether they want to scale beyond a certain point or incur huge charges?
Not too mention: if the primary purpose of these services is to allow a DDoS and then charge the user for it — then, yup, you're guessing it right: it's a scam.
When their business model makes DDoS attacks profitable for them... They're not in the hosting business, they're in DDoS/extortion business.
there is a middle ground between “I missed the spotlight because the service went down” and “this bill has ruined my life”.
they could ask the user for their budget when they are setting up their account as a basic guardrail, or they could give you a call
The primary service of these starter accounts for single users is way different.
I understand the lack of limits but I haven't accounted for DDoS attacks on Netlify infrastructure to impact me. I was assuming this only included real, "organic" traffic.
What I think Netlify needs on their Plans page is to include "DDoS attacks is included in your traffic" as well as their 20%/5% charge system.
> and can see why the lack of limits would make it a bad option for plenty of people
Just out of curiosity, can you see any scenario where it WOULD be a decent option to use a free tier where you may be hit by a $20,000 or $5,000 bill out of the blue and outside of your control? You say "plenty" so I assume you consider this a reasonable system to some?
It smells like a scam, because they can suddenly bill any user they want for a scary number like $100,000, then when the user complains they "generously" reduce that to only 5%, or $5,000, hoping the user will just pay the massively reduced cost. This kind of thing - showing a huge number upfront then reducing it to a "small" number - is a classic scam.
Who controls the DDOS bots? Are they truly a separate entity? There is no direct evidence to link them together, but you would think that an honest company would be more proactive in preventing problems like this for their customers.
According to the linked reddit story, this is a known issue with Netlify and their response to past incidents is basically to pound sand. It all adds up to them purposefully trying to find ways to generate a high bill for their customers and hoping a small amount will pay for it.
> extremely transparent
> they probably should have a giant warning page for new users who don't know that this is how this kind of service works
Pick one