Quote:
Originally Posted by jeffrey
Even if 20% of my members were in these countries were the accuracy is under 40% all that means is that 20% of my members could share locally a little bit and get away with it, much as people anywhere can share a little bit with SB... right?
|
I can certainly understand your reasoning there, but it's based on a mistaken
understanding of Frog and also a mistaken understanding of Strongbox.
The big problem with the inaccuracy in the geoip database is not that people
will get away with sharing, which may be true, but that paying members will
be wrongly blocked. For IPs that the database thinks are in France, for
example, the location will be wrong 37% of the time, so of those 45 blocked
members who said you have each month, 37% may have been blocked
because Frog THOUGHT they were logging in from different locations
when in fact all logins were from the same location. For example let's
say you have a member from northern France. He logs in with one IP,
which Frog correctly places in northern France. An hour later, he logs in
with another local IP, but Frog THINKs that IP is from southern France
and blocks him. That, to me, is the big problem caused by the inaccuracy
of the database - it causes legitimate users to be blocked. The folks at Frog
pride themselves on stopping passwords quickly, rather than on avoiding
blocking legitimate users and that's cool. Some webmasters who have
sites that are constantly on password sites may prefer that approach.
It's just not the approach that we think is best.
The misunderstanding of Strongbox implied by your question / comment is
that it assumes that Strongbox considers only geo-ip information. _IF_ Strongbox
considered only geo-ip, it would allow people in the same area to share a
little bit. That's not the case, though. Strongbox considers many other factors
such as which ISP they are using, how many times they've logged in recently,
the type of computer they are using, the type of proxy, if any,
whether or not another IP or computer is CURRENTLY logged in using that
user name, etc. The new version even considers basic bio-metric information
about the actual person on the other side of the screen. So while the
geo-ip indicators ALONE aren't as strict as Frog, which uses that information
almost exclusively, Strongbox can combine many different types of factors
and so quickly catch compromised passwords whether they are shared in
a small geographic area or across the globe. One or more of the several
factors will catch them, as many Strongbox webmasters who have tried to
share his their own user names know. (Though admin usernames get a little
extra latititude, a few times per year we have to explain to webmasters that
no, it's not OK for you and your designer in the office next door to use the
same name, that's why you got yourself blocked.)
Quote:
Quote:
Frog is typically set up to
be stricter, so it stops passwords sooner, at the cost of blocking more legitimate
members. Our philosophy, by comparison, is to make sure we do NOT block
legitimate users, even if that means it takes a few minutes or hours longer
to catch all of the compromised ones. So again, if you've read any thread
where I mention Frog you've heard me compliment them and then give an
accurate comparison, one that they would more than likely agree with the
majority of.
|
If a legitimate customer is sharing their password how are they still legitimate?
|
They aren't sharing - they are legitimate. It just LOOKS like they are sharing
because the geo-ip database is wrong so often.
Quote:
|
I would say at least half the passwords automatically recovered are just because they forgot them or lost the email with it because when I look at that user its the same ip from the same location.
|
I agree that a "I forgot my password" button should be a standard feature
on most sites. It's very handy that CCBill provides that functionality to the
user. I'm not sure what this has to do with automatically sending new
passwords to people who give them out. That's a totally unrelated topic as
far as I can tell.
Quote:
|
But thats still 45 passwords I dont have to send out manually. I would think my time is worth more then the 55 dollar a month fee.
|
Probably your time is worth that. Of course, if these are "lost password" cases,
you could just link to the CCBill lost password page and save the $55 / month,
so you're paying for nothing. If these are NOT "lost password" cases, but are
users blocked by Frog, isn't it be better to just not block the paying members in
the first place?
If they weren't shared, Frog blocked 45 people it shouldn't have. If the
member shared it, do you really want to keep giving them new passwords to
share, or do you want to stop them, like Strongbox does? if they were
cracked, wouldn't it be better to encrypt the file so it can't be cracked and
members don't get blocked, the way we do it? I can't think of any scenario
where it's better to block your members and have them request new
passwords than to handle it the way we do. Can you?
Quote:
You say you dont block as fast just to keep from blocking legitimate members. But if you let in lets say 5 "bad" users befor blocking. Now there are 5 people downloading my content without paying, using my BW, and then what if 1 of them shares it on the torrents or news groups?
Some people seem to think shared content is good for business, but I disagree.
I try and minimize content theft. I do this by keeping as many non legit members out of my members area.
|
That's a good question to think about. Rather than five, the difference would
be closer to one. So the question is, would you rather have one person see
your porn for free, or block one paying member? Indeed you are correct that
many people with large sites credit "shared" content that has their URL on it
with a large portion of their sales. Other webmasters think the opposite - some
being frankly paranoid about shared content. After ten years in this business,
I feel that both sides have a point. I've personally seen member databases
with over 10,000 members where most of those members came to see more
of what they found on the P2P networks. At $30 / month, that's $300,000 per
month of income. If shared content earns me $300,000 / month, I want to
see my content shared everywhere! On the other hand, shared content of
course dilutes the value of porn, so overall more shared content is bad for the
industry. Anyway, so that's the decision each webmaster has to make - would
they rather have one person see the content free, or would they rather block
a paying customer who shouldn't be blocked? How strict or lenient do you
want to be? I don't know that there is a right or wrong answer here.
I guess you have to figure out how much it costs you in advertising to
get each paying member and how much a GB of bandwidth for a freeloader
costs you. Either Frog or Strongbox can be adjusted to your taste, but Frog
defaults to being quite strict. Strongbox defaults to being a bit more lenient,
knowing that all of the different factors we consider will catch any compromised
passwords quickly enough.
Quote:
|
I wasn't going to post this because I didnt know if it made any sense, but... sue me.
|
I think this post made a lot of sense. You intelligently discussed some
interesting questions. I was under the possibly false impression that your
earlier post was lacking intellectual honesty, but this post made a lot of sense to me.