- Legally, we need to be able to verify identities. We want to do this frictionlessly and in real-time rather than with some paperwork sheaf that gets mailed to you a week later. The solution looks different in almost every country.
- Visa, MasterCard, and co. have rules that effectively prevent you from using the same backends in different areas. (E.g., you can't use the same backend in Europe and the US.) So we have to rebuild a lot of our stack in each country.
- The infrastructure for doing daily deposits into bank accounts also differs by country. Often, the basic operation is relatively easy, but figuring out all of the edge-cases is hard.
- The laws in every country differ. Sometimes, we need to obtain licenses or something like that.
- Etc...
We could have hacked around this by partnering with existing payments companies in each area. That's what people usually do -- it's much cheaper and way faster. The downside is that you end up with a much worse product than what you have in the US. For obvious reasons, we didn't want to do that.
So we now have an office in London that's working full-time on bringing Stripe to other markets and we're processing production transactions in four countries.
I'm sorry that it's slow :(. I guess the tl;dr is that a substantial fraction of the work required to build Stripe in the US has to be repeated in each new country -- the work and complexity scales O(n). We're still just 55 people, and it takes time.
(Still, if you'd like to help speed it up, we're hiring!)
I don't suppose you have a rough estimate for UK roll out do you? We're planning on adding a payment gateway to our system over the next 4-6 months or so.
We'd really love to use Stripe after looking at the APIs for every other payment gateway service :)
> Visa, MasterCard, and co. have rules that effectively prevent you from using the same backends in different areas.
What's the reasoning behind that restriction? Could you just re-use your backend stack, but use a different data center / machines, that's isolated from the backend of other countries?
It's because the banks that issue credit cards have most of the negotiating leverage, and they don't want giant US banks competing on their territory on the payment acceptance side. As a result, you need to use a European bank to accept payments in Europe, a Latin American bank in Latin America, and so on. The payments industry is full of these non-obvious (and unfortunate...) power dynamics.
What about SEPA [1]? Didn't it simplify things enough? E.g. I can make bank transfers between EUR accounts from France to Poland (which is not in eurozone BTW) within a few hours (during the week) with a total cost ~€1 which is quite acceptable (of course not for €5 transfers, but the cost is fixed, so it's good enough for bigger transfers).
A Finnish banking startup, Holvi, uses online banks to verify the user's ID. And that is all they require on top of phone verification. If I recall right, they state that 'online bank authentication is the only way to verify user ID online'.
Why others don't do that, but instead ask me to file all these documents by printing and scanning them?
If you don't want to be "bullied" with extradition requests and espionage charges, then you should avoid working in intelligence, then selling or giving away information that required clearance to get.
Incidentally, this rule also holds if you plan to work in Russian or Chinese intelligence agencies.
> This is, I think, the only way for these tech giants to come out of this scandal better off than they went in -- to take a stand, and take the fight to the feds, hard.
This is a PR-stunt, nothing more. Google could have "challenged" any and all gag-orders even before PRISM was leaked.
Was giving NSA wholesale access to user data bad in 2009? -Why not challenge that shit in 2009? Gag-orders getting in the way? -Well why not challenge those in 2009 then?
I'm not as emotionally invested as you seem to be in whether Google is good or bad. It's a corporation, so I assume they will do whatever they can to make money, and will be generally okay with fucking people over if needed, especially if not many people will know about it. Just like Yahoo, Apple, Microsoft, and everybody else on that scale.
So why didn't they challenge it in 2009? Probably because there wasn't that much in it for Google, since wasn't a big national shitstorm blowing that way. But now there is. That is the point I am making.
So, now, Google could serve their own corporate interests by fighting hard against the rise of the secret police. Would that make Google an awesome person? No, it would still be a selfish corporate entity trying to get money, just like it always has been
But, it would (rightly) be perceived as a force for good, on the right side of this particular battle with tyranny. That would help you, me, America, and the world... but it would also help Google, it would seem.
And some of these other "fucking scumbags" (which I assume is your term for "corporations acting normally"), like Apple, Yahoo, etc., might be encouraged to do likewise.
In other words, it takes public outrage to create the shitstorm (which you will have noticed is in the mainstream media, not just nerd forums like this one), but once the outrage is in place, that helps align the interests of corporate behemoths like Google with what you and I would probably agree is Good (i.e., not having fucking secret police using secret laws to evade the control by the citizens of the nation).
I'm well aware that they're all just huge corporations going after their own interests. That's beside the point. You seemed to be commending Google on "taking the fight to the feds, hard", and I just wanted to point out that there's no reason to commend them.
> So why didn't they challenge it in 2009? Probably because there wasn't that much in it for Google, since wasn't a big national shitstorm blowing that way. But now there is. That is the point I am making.
Yes. I'm also well aware that corporations engage in damage control only when it's necessary. But again, there's no reason to commend them for doing precisely that, especially when that's all this is about.
>>> So, now, Google could serve their own corporate interests by fighting hard against the rise of the secret police. Would that make Google an awesome person? No, it would still be a selfish corporate entity trying to get money, just like it always has been
>>> But, it would (rightly) be perceived as a force for good, on the right side of this particular battle with tyranny. That would help you, me, America, and the world... but it would also help Google, it would seem.
Even in 2009, all those huge corporations were well aware of the "rise of the secret police", because all of them were either already participating in PRISM, or in the process of being strong-armed into doing so. Had they perceived fighting this kind of evil to be in their own self-interest, they would have done it right from the start. They could even have joined their forces in opposing the government, but they chose to remain silent. Not a word about the systematic raping of people's privacy all over the world.
PRISM was just as evil in 2009 as it is now, and taking a stand against evil was the right thing to do in 2009, just like it is now. Parading around as some kind of paragon of corporate virtue while secretly shitting all over your users' privacy, on the other hand, was something that only Google did. Also, if a highly intelligent bunch of people running a powerful corporation is interested in fighting the rise of the secret police, it'll be aware that's something that should be done right away instead of after waiting around for several years for the situation to get even worse.
Google can't be rightly seen as a "force for good", no matter how eagerly you swallowed their disingenuous PR-bullshit about the joys of being Open back in 2009.
>>> but once the outrage is in place, that helps align the interests of corporate behemoths like Google with what you and I would probably agree is Good (i.e., not having fucking secret police using secret laws to evade the control by the citizens of the nation).
It's important to realize that they've already proven they simply don't give a fuck. As long as they're making pleasantly massive piles of money and their armies of lawyers are keeping their taxes low, they're quite happy with the Status Quo. Don't think Google gives a fuck or even thinks it can change anything. Don't think it even wants to change anything.
I'm not commending them, I'm simply pointing out that in the new circumstances, these corporations might benefit from fighting the creeping police state, and thereby doing The Right Thing™.
Back in 2009, they wouldn't benefit from it, so none of them did it.
I don't believe Google is inherently "open" or "not evil" any more than I believe Big Macs are "nutritious" or "delicious".
What I am saying is that massive public outcry about secret police circumventing democracy may not affect the government or their secret police very much -- not until it gets a lot more massive anyway -- but it could have the effect of making the interests of multinationals like Google more aligned with our interests.
Which would be a force multiplier, since one Google has the firepower of two or three million average citizens.
Did they benefit from fighting the creeping police state in 2009? -Apparently not, because they didn't.
Do they benefit from fighting the creeping police state in 2013? -Apparently not, because they didn't - at least until there was that massive shitstorm blowing their way.
Again, if they considered fighting the police state to be in their interests, all of those companies would have done it long ago. Since they haven't, we can conclude that they don't, and therefore, if a massive shitstorm prompts them into doing damage control and pretending they give a fuck, that still doesn't amount to Doing The Right Thing. It only amounts to bullshitting us some more.
You're asserting without evidence that FedGov had or has "wholesale access" to user data. This is a false assertion.
Google's legal brief filed yesterday cites the "PRISM" flap, and false allegations like yours, as justification for being able to lift the gag order. They didn't have as strong an argument two weeks ago.
You are asserting that my assertion is false. It's just as convincing for me to then assert that your assertion that my assertion is false is false.
> Google's legal brief filed yesterday cites the "PRISM" flap, and false allegations like yours, as justification for being able to lift the gag order. They didn't have as strong an argument two weeks ago.
Oh? How about fighting against gag orders because they're unconstitutional and immoral to begin with? How's that for a "justification" for lifting one? Worse than "PRISM flap" and "allegations"?
> I often drop $39 on random Ruby, JavaScript, or web design ebooks.
I'm sure you do, but unlike me, you're rich. I practically never buy any books, but I'm interested in buying your guides.
When I first saw the $50, I was a bit disappointed and felt like it was expensive, especially for an independently published PDF.
Then I realized that I do want one reasonably bad, and that each book is potentially highly valuable, so I guess the $50 price can be considered justified. It's just that I'd like to buy several, but I'm not sure I'm comfortable doing so at that price point.
> Your comments have repeatedly attacked the credibility of whistleblowers, derided their claims as factually and technically impossible, and asserted that NSA statements about NSA capabilities are wrong.
I'm glad I'm not the only one who's noticed tptacek's tendency to defend "The Establishment" at every turn, whatever naughtiness comes up. There he goes again. I wouldn't be surprised if he had some ties to the government.
Not sure what you mean here by the establishment. I see him defending google, and rightfully so. I think google is one of the few companies who have been fighting for the privacy rights of users. It would be a shame if other companies saw the effort google puts into this, only to be tar and feathered for something they might not be guilty of.. Those other companies might decide its not worth sticking their neck out for users..
> So, you'd feel more comfortable if the company threw in some rhetoric about morals and freedom that are, as assertions, impossible to verify, but would make people feel more warm and fuzzy?
But when their impossible-to-verify assertion is that they've done nothing wrong, you'll accept that just fine?
No. I'm not saying that Page's assertion is true, but I am saying that it is a concrete assertion.
There's a difference between these two things:
1. Issuing a vague non-denial so that when the truth is revealed, you can claim that you didn't technically lie ("Hey, I never said I didn't molested him, I just said I never slept with him")
2. Issuing a denial that is proven later to be false.
I'm not arguing with the GP that Page is telling the truth, but that, as much as we can tell, Page has issued a statement that can satisfiably be shown to be true or false.
Is it because of bullshit regulations everywhere? Why has it taken you forever to set up shop in a couple of places in Europe? Why not the rest too?
Seriously. What is it?