Comment by notepad0x90
2 months ago
unlike others, i like the site and the initial prompt.
Lost me at "verify email" though. Why get so creative, yet limit yourself to archaic "email". Why do *YOU* the provider need me to have an email or a phone?
Look, mullvad can provide vpn services without email or all that nonsense. If you want people who will use ssh to order things, these are the same people that would get your service because you're not asking for dumb things like email. It's the first thing you ask of potential users, and it's an obstacle preventing them from giving you their money!
You can issue users a recovery/access key and/or let them user their ssh public key and trust they know how to manage that on their own. If you have messages for them, display that when they login. This sort of stuff differentiates your service, ssh does too, but it's cosmetic and gimmicky. I would prefer a rest-api over ssh anyways, but ssh is cool too.
You can’t host compute for anonymous users. I mean you can, but you won’t for long due to the abuse that will inevitably come with it. That you are responsible for. And anyway, it’s not always going to be free.
What are the abuse risks of compute versus vpn? Mullvad is doing it already. Their payment information doesn't need to be "anonymous". I have hosted websites while paying for the domain, vps hosting and all that it entails entirely with BTC, not once using payment information associated with me. But you know what was required of me even then? A damn email address!!
Compute opens vast surface area for abuse that VPN does not. You could use it control bot networks, host CSAM, host phishing sites and more.
1 reply →
Getting a usable e-mail and phone is a few cents spent on one of the many shady SMS-reception services.
Yes, that is why they always require a credit card as well. I'm sure exe.dev will be no different soon but they are trying this in alpha to get feedback and traction; just hoping they won't attract the notice of the barbarian hordes right away.
I run https://pico.sh where we don’t ask for email. Even on our website we instruct users to generate a token so if they do lose their key they can use it to recover their account.
People regularly lose their ssh keypair and also don’t generate a token. I think using email as a form of recovery is totally fine and regardless when you have to pay for the service you’re going to give up your email (and other personal info) via payment processor
I would eventually want even payment processors to stop asking for email. They have my address and government id, for any liability related reasons. ideally, we would use federated auth, where auth providers aren't using email at all. I'd imagine the complexity of your backend is simpler too as a result.
And kudos on your service, I'll keep it mind next time I'm picking a provider.
It isn't a free service -- only during the alpha you get access to an "Individual" account which would normally run $20/mo once the test period is over.
https://exe.dev/docs/pricing
Yes, it should be paid of course. Matter of fact, please charge me more for the privilege of not being asked email,phone, credit cards. Just take my money, and feel free to take whatever steps you think are needed to make sure abuse isn't taking places. I champion requiring a "deposit" where if abuse took place the user would forfeit it.
But, my original comment is strictly about email. Even if you asked for a government-id and credit-card payment, I won't object. Just please, no email!
I think that leaves: how would you prefer to recover your account if you lost access?
4 replies →