Related
Is it possible to make a website with only one account per person?
Any suggestion is good.
Thanks
If you don't want people to go generating 100 accounts a minute, you'll need something like captcha, which is very easy to add on to your website.
You can do other things, like associate each account with an email address, and make the user verify that that email actually exists by sending a link out to that email address so that when they click on it, it verifies the connection.
To associate exactly one account per person, you are going to need to use some sort of official identity, and usually for smaller websites that doesn't make sense. By official identity I mean verify their credit card or government identification (social security?), but then you run into a lot of problems because people won't want to do this, and it is going to cost money to make sure that these identities are real. Also, if you really need something like this, you're going to have to beef up the security of your website.
An alternative is to require a user to put in a verification number which you send to them via SMS, and ensure the phone number they enter is unique, phones/simcards are relatively cheap these days, but most people wouldn't go through the effort of spending $5 on a new simcard to get a duplicate account on your site.
(and if they would, sell accounts for $3 and undercut the cost of a sim ;)
Ask for identifying information for example credit card data that you can verify and allow registrations only with this identifying information. Of course credit card data can be stolen, so you cannot be 100% sure about anything in internet or in world generally.
Whatever you do, people will still try to buck the system. If you use Email, then people can have multiple free emails, if you block free emails, lots of people dont have any other emails so you block them. If you use IP you block anyone with a shared IP such as ISPs who enforce proxy servers for their clients.
Unless you start asking for social security numbers or NI or whatever your country has, and you start alienating people as a rule because they would consider that irrelevant personal information.
You just have to hope people treat your site fairly, and know some wont.
One potential solution these days is to only create user accounts via federation of identity from a much stricter service provider. For example, verify your users via a facebook account using oauth. I believe facebook is pretty good at detecting shills/spammers and you can harness their resources in your service too.
I think you have 2 options, neither of which will solve the whole problem:
Log the IP address and prevent multiple logins from one IP. Not great, as this will probably backfire if college kids use your site and the dorm uses shared IPs.
Log the MAC address and prevent multiple logins from one MAC. Better, but it will prevent multiple people from the same household from using your site, and most houses have more than one computer/mobile device.
You could always combine the two options, but again with multiple mobile devices it's possible to circumnavigate that.
you could make a code that only lets 1 account be made per computer used. you have to be able to get the computers IP address and block it from making more than 1 account.
We have a service where we literally give away free money.
Naturally said service is ripe for abuse. To defend against this we do the following:
log ip address
use unique email addresses (only 1 acct/email addy)
collect more info like st. address, phone number, etc.
use signup captcha
BHOs (I've seen poker rooms use these)
Now, let's get real here -- NONE of this will stop a determined user.
Obviously ip addresses can be changed via a proxy (which could be blacklisted via akismet) but change anyways if the user has a dynamic ip or if more than one user is behind a NAT'd network (can we say almost everyone?)
I can sign up for thousands of unique email addresses each hour -- this is no defense.
I can put in fake information taken from lists for street addresses and phone numbers.
I can buy captchas from captcha solving services (1k for $5).
bhos seem only effective for downloadable software -- this is a website
What are some other ways to prevent multiple users from abusing the service? How do all the PPC people control click fraud?
I know we could actually call the person but I don't think we are trying to do that anytime soon.
Thanks,
It's pretty difficult to generate lots of fake phone numbers that can send and receive SMS messages. SMS verification could go a long way towards cutting down on fraud. Of course, it also limits you to giving away free money to cell phone owners.
I think only way is to bind your users accounts to 'real world' information, like his/her passport number, for instance. Of course, you'll need to make sure that information is securely stored and to find some way to validate it.
Re: signing up for new email accounts...
A user doesn't even need to do that. Please feel free to send your mail to brian_s#mailinator.com, or feydr.asks.a.question#spamherelots.com, or stackoverflow#safetymail.info, or my_arbitrary_username#zippymail.info. I haven't registered any of those email addresses, but all of them will work.
Those domains are owned by ManyBrain, and they (and probably others as well) set the domain to accept any email user. ManyBrain in particular then makes the inboxes for those emails publicly accessible without any registration (stripping everything by text from the email and deleting old mail). Check it out: admin#mailinator.com's email inbox!
Others have mentioned ways to try and keep user identities unique. This is just one more reason to not trust email addresses.
First, I suppose (hope) that you don't literally give away free money but rather give it to use your service or something like that.
That matters as there is a big difference between users trying to just get free money from you they can spend on buying expensive cars vs only spending on your service which would be much more limited.
Obviously many more user will try to fool the system in the former than in the latter case.
Why it matters? Because it is all about the balance between your control vs your user annoyance. I see many answers concentrating on the control part, so let's go through annoyance, shall we?
Log IP address. What if I am the next guy on the computer in say internet shop and the guy before me already used that IP? The other guy left your hot page that I now see but I am screwed because the IP is blocked. Yes, I can go to another computer but it is annoyance and I may have other things to do.
Collecting physical Adresses. For what??? Are you going to visit me? Or start sending me spam letters? Let me guess, more often than not you get addresses with misprints at best and fake ones at worst. In fact, it is much less hassle for me to give you fake address and not dealing with whatever possible spam letters I'll have to recycle in environment-friendly way. :)
Collecting phone numbers. Again, why shall I trust your site? This is the real story. I gave my phone nr to obscure site, then later I started receiving occasional messages full of nonsense like "hit the fly". That I simply deleted. Only later and by accident to discover that I was actually charged 2 euros to receive each of those messages!!! Do I want to get those hassles? Obviously not! So no, buddy, sorry to disappoint but I will not give your site my phone number unless your company is called Facebook or Google. :)
Use signup captcha. I love that :). So what are we trying to achieve here? Will the user who is determined to abuse your service, have problems to type in a couple of captchas? I doubt it. But what about the "good user"? Are you aware how annoying captchas are for many users??? What about users with impaired vision? But even without it, most captchas are so bad that they make you feel like you have impaired vision! The best advice I can give - if you care about user experience, avoid captchas as plague! If you have any doubts, do your online research first!
See here more discussion about control vs annoyance and here some more thoughts about being user-friendly.
You have to bind their information to something that is 'real world', as Rubens says. Of course, you also need to be able to verify this information (I can just make up passport numbers all day if you don't check to make sure they're correct).
How do you deliver the money? Perhaps you can index this off the paypal account, mailing address, or whatever you're sending the money to?
Sometimes the only way to prevent people abusing a system is to not have the system in the first place.
If you're doing what you say you're doing, "giving away money to people", then surprise surprise, there will be tons of people with more time available to try to find ways to game the system than you will have to fix it.
I guess it will never be possible to have an identification system which identifies fake identities that is:
cheap to run (I think it's called "operational cost"?)
cheap to implement (ideally one time cost - how do you call that?)
has no Type-I/Type-II errors
is scalable
But I think you could prevent users from having too many (to say a quite random number: more than 50) accounts.
You might combine the following approaches:
IP address: can be bypassed with VPN
CAPTCHA: can be bypassed with human farms (see this article, for example - although they claim that their test can't be that easily passed to other humans, I doubt this is true)
Ability-based identification: can be faked when you know what is stored and how exactly the identification works by randomly (but with a given distribution) acting (example: brainauth.com)
Real-world interaction: Although this might be the best one, but I guess it is expensive and not many users will accept it. Also, for some users/countries it might not be possible. (example: Postident in Germany, where the Post wants to see your identity card. I guess this can only be faced in massive scale by the government.)
Other sites/resources: This basically transforms the problem for other sites. You can use services, where it is not allowed/uncommon/expensive to have much more than 1 account
Email
Phone number: e.g. by using SMS, see Multi-factor authentication
Bank account: PayPal; transfer not much money or ask them to transfer a random (small) amount to you (which you will send back).
Social based
When you take the social graph (vertices are people, edges are connections), you will expect some distribution. You know that you are a single human and you know some other people. So you have a "network of trust" (in quotes, because I think this might be used in other context as well). Now you might not trust people / networks how interact heavily with your service, but are either isolated (no connection) or who connect a large group with another large group ("articulation points"). You also might not trust fast growing, heavily interacting new, isolated graphs.
When a user provides content that is liked by many other users (who you trust), this might be an indicator that there is a real human creating it.
We had a similar issue recently on our website, it is really a hassle to solve this issue if you are providing a business over one time or monthly recurring free credits system.
We are using a fraud detection solution https://fraudradar.io for a while and that helped us a lot to clean out most of the spam activities. It is pretty customizable with:
IP checks
Email domain validity
Regex rules
Whitelisting options per IP, email domain etc.
Simple API to communicate through
I would suggest to check that out.
A little background: I have the opportunity to present the idea of a public API to the management of a large car sharing company in my country. Currently, the only options to book a car are a very slow web interface and a hard to reach call center. So I'm excited of the possiblity of writing my own search interface, integrating this functionality into other products and applications etc.
The problem: Due to the special nature of this company, I'll first have to get my proposal trough a comission, which is entirely made up of non-technical and rather conservative people. How do I explain the concept of an API to such an audience?
Don't explain technical details like an API. State the business problem and your solution to the business problem - and how it would impact their bottom line.
For years, sales people have based pitches on two things: Features and Benefit. Each feature should have an associated benefit (to somebody, and preferably everybody). In this case, you're apparently planning to break what's basically a monolithic application into (at least) two pieces: a front end and a back end. The obvious benefits are that 1) each works independently, so development of each is easier. 2) different people can develop the different pieces, 3) it's easier to increase capacity by simply buying more hardware.
Though you haven't said it explicitly, I'd guess one intent is to publicly document the API. This allows outside developers to take over (at least some) development of the front-end code (often for free, no less) while you retain control over the parts that are crucial to your business process. You can more easily [allow others to] add new front-end code to address new market segments while retaining security/certainty that the underlying business process won't be disturbed in the process.
HardCode's answer is correct in that you should really should concentrate on the business issues and benefits.
However, if you really feel you need to explain something you could use the medical receptionist analogue.
A medical practice has it's own patient database and appointment scheduling system used by it's admin and medical staff. This might be pretty complex internally.
However when you want to book an appointment as a patient you talk to the receptionist with a simple set of commands - 'I want an appointment', 'I want to see doctor X', 'I feel sick' and they interface to their systems based on your medical history, the symptoms presented and resource availability to give you an appointment - '4:30pm tomorrow' - in simple language.
So, roughly speaking using the receptionist is analogous to an exterior program using an API. It allows you to interact with a complex system to get the information you need without having to deal with the internal complexities.
They'll be able to understand the benefit of having a mobile phone app that can interact with the booking system, and an API is a necessary component of that. The second benefit of the API being public is that you won't necessarily have to write that app, someone else will be able to (whether or not they actually do is another question, of course).
You should explain which use cases will be improved by your project proposal. An what benefits they can expect, like customer satisfaction.
Personally, I've found that when good developers deal with clients, they often get sucked into the after-sales support process and this process has been difficult to reverse, so was just interested to hear the various strategies that developers employ in maintaining a healthy, useful relationship that keeps clients using the right person at the right time.
So do you and, if so, how do you deal with clients?
Just a tip: Write down every single thing a client says to you.
Most of the projects I work on are done on time-and-materials contracts, which means: we give the customer an initial estimate of how long the project will take but bill for actual hours worked, whether over or under the estimate (I don't know why a client would agree to this, but they do). Once the project is "complete" and in production, we set up a service extension to the time-and-materials contract, creating a block of billable hours to cover after-sales support. When a client is aware that they're being billed for all contact with us, they tend to keep that contact to a minimum.
One other point: I've found that it's best to communicate with clients via email where possible. It's a much more efficient way to transfer information (assuming everyone involved can write), and it leaves a permanent record of what the client told you to do.
I'd go the opposite of what have been said.
The client is your number one information source
Avoid intermediaries (human and technical)
Keep tracks (not to use it against the customers, even if it can happen, but because he pays to get what he wants)
Communicate - on your initiative - in a short regular basis but for small amount of times.
Any doubt can be cleared asking the good questions. The guy don't want that ? Get rid of it (even if you like it better). The guy want that ? Why not, add time and money on the contract.
You must train your communication skills
Most of what has been said here before is essentially related to the fact that programmers usually have poor communications skills. So they fall into the typical traps :
customers give them bad info
they waste time
they get stressed
At the end, nobody is happy.
But with trained communication skills you will learn to direct when, how long and about what your chats will be, and so :
Make any deal quick and nice
Give confidence to the client
Understands what the client wants (not what he says he wants)
Ensure is satisfied with the answer (even if it's nonsens for you)
Everybody will be happier : the customer will feel good and let you work in peace while you will have the information to keep working. Eventually, the resulting software will be better.
Think talking to customer is boring ? They think it too. And paperwork is boring as well, but you must do it, so do it well instead of looking for excuses.
This is a pain we feel as well. Once you help out a customer it is too easy for the customer to directly contact the developer later on and request support. And since we usually aim to please, and probably feel sort of responsible when the application we built for them has a problem, we too often give the customer a quick helping hand.
I think that the developers should be separated from the customers, but this requires that the company has a support/concultancy department which can fix the problem instead. They in turn should be free to contact the developer, unless it's a huge company with a mainstream application where there is a less risk that the problem can be traced back to a problem with the sourcecode.
But let me tell you, I understand how difficult this is. I've been working in our consultancy shop for many years, starting from support and now I'm mostly managing the other consultants and developing. There are a lot of customers (like hundreds) who feel they have a personal relationship with me, and assume that they can call me directly even after years and years.
My tip is to make sure you have a good network of concultants and supportworkers who can help the customer for you, and have them contact you instead if they can't figure it out.
I just finished my education and am working at my first job, but here is what we do:
I communicate through a third party from the same company with "higher rank". The third party is someone knowledgeable of the requirements the software should have, but not in software engineering. When I ask about specifications, or send them proposals he distills the essence of their answers send them to me.
I think this way of working with stuff limits the amount of bullying a customer can get away with when it comes to changing specs, expanding specs etc.
For me it's especially useful since I'm only 21 years old, and people might have trouble believing I can get things done.
best practices:
Remember the client is the one who signs the checks.
Users work for the client.
Refer any user requests to the client for approval.
Always deal with the client because they understand that everything you do will cost them money.
If the client wants after the sale support and is willing to pay for it then give it to him cheerfully.
Oh and what MusiGenesis said!
The best way is to never ever ever give your direct line to a customer. Have them go through Tech support (if it exists) first. We employ this method and it works well. The software developers are the last resort - for things that support simply can't do/don't know how to fix -- such as a DBA not knowing that the servers are instanced. But it will cut down on the "it's not connecting to the internets" type of phone calls.
You could also force all support requests to go through email/secretary. At that point, you can discern which ones are critical, and which ones can be solved with a simple 'tutorial' on how to fix the problem.
And as stated above - record EVERYTHING in an exchange with a customer. Doing so prevents the 'well he said she said' deal that customers can fall into.
Then again -- if you're getting a ton of customer support issues, you should be looking at the cause of it - whether it's a training issue, or whether the software is legitimately buggy.
In our company, every developer is also a salesman. If I step over the door of a Customer then I'm in a good position to make more business.
They know me and I have credabillity because I've allready delivered to them.
I have knowledge about their business
I use my knowledge to ask questionas about other parts in their business
I plant hooks to them when I talk to them, in their best interrests of course.
I make clear that we are not a "hit and run"-company, but there to really support their business.
Maybe this is not how all company does, but I think you should use the people you have that allready has a foot inside the customers company to really work with them and make more business and tie the customer tighter to you.
I personally think developers should never interact with clients. This is why you have the Q/A team. They get requirements, hand them to developers, discuss any issues, schedule development progress meetings. If developers have questions, the go to the Q/A personnel responsible for the requirements and documentation. Developers are engineers, not salesmen or negotiators. They should be given environment to develop stable, working code without getting distracted by customer phone calls. This is how many companies deal with customers regardless of company size. In the end, your chances of completing a project on time are higher than when you customer calls up and decides to change requirements or requests a feature. Which would probably mean you have to go back a couple of iterations and change something that may break everything completed past that point.
Lots and lots of communication. Communication can be as simple as checking in with your customers by stopping by at their desks (if you are co-located) or keeping in touch over the phone. The more personal the communication is (in-person beats phone call, phone call beats email, etc.), the stronger your relationship will be.
Another good conflict resolution practice I've used is keeping as much information as possible in a single, shared place. I've used a bug/feature database (JIRA), a wiki, and even a network share drive for this purpose, but the point is that neither party has exclusive lock/write access. Updates can be made together with your customers, and there is a clear, public record of the change history of your system.
I am throwing puzzle of my mind towards community leaders for some answers.
We friends decided to build products which already have some big names in the industry. Our motto is not to beat all those players (As we can't), but to develop basic product which is cost effective for some segment a customers.
What we are trying to achieve in first step is cheaper option, as we all knows product grow over the time period, not at once.
Now our catch-22 part-
Should we start building the product as there are already big names?
Price is a right option for USP (unique sale point).
As we all are dependent on jobs, what would be the best option to move forward.
As we also have some customers through verbal confirmation, should we go ahead?
What all major principles we should keep in mind during product development.
Please brain storm yourself on the definition of Product.
It's not just a CD that get shipped, but support, and trust.
Using this extended definition, if you can still beat existing
products, go for it.
Also, don't forget the amortized development cost of product has
probably been recovered by existing company already, so they can
reduce cost any day.
All said, don't let this analysis paralysis stop you ... go for it.
Big Names on the Market
I'm in the eve of such a startup, sometimes being small is a definitive advantage. If you believe you can use that not only price-wise but being agile, doing the core job maybe even better than the big names. If you up for that, I think you can easily infiltrate the market.
Job Dependency
Depends of what you do? If you are opening a next-digg or YACW2A (yet another cool web 2.0 application) then stay in your day job, because generally you can do both, especially if you got your friends with you. If it's a bigger scope you might want to stick with your day job until you got a almost there product.
Don't forget, also you can find an investor, sometimes it's best way to go. So you can just quit and still have a salary in your own job.
Verbal Confirmation
It's great that you already got couple of potential clients, now you need to look into and make a business plan. Understand your monthly cost including salaries, and see what percentage of it you can get out of these clients. If it's good then get some more certain answers from these clients and go ahead. If possible establish the company beforehand and get them buy the product. (one of your friends can do it, not all of you need to leave your day job straight away)
Product Development
Being the big market means do the core functionality perfect, it should just work, and it should be easier. Price by itself can not justify a buy unless you get the core functionality right. Ignore useless enterprise features, or any useless feature. You need to be aware that you got so much more limited resources than your competitors therefore 20/80 Rule (Pareto Principle) is for you. Do not try to satisfy 20% of the market by including crazy features, stick with 80%'s requirements. Big players can satisfy or can try to satisfy 100% of the market, if you try to do the same thing you gonna fail miserably.
Finally
Read Getting Real, Do not follow religiously but this book will give you good ideas and will explain advantages of being small.
You didn't mention, but I wanted to write. Make a proper agreement between you and your friends, ensure everything is in the paper before doing anything! I've seen so many similar startups fu*ked up before even start because of this.
If you think you can build a better product than the ones already on the market, sell it a fair price, and reach your target audience with a limited marketing budget. Absolutely, Go for it!
Our motto is not to beat all those players (As we can't)
First, change your motto. There isn't a product in existence that is perfect for everyone all of the time. There is always a niche to exploit. How can the current products be improved or simplified?
Second, don't focus on price. Customers expect to pay a fair price for a quality product, but they won't buy poor software at any price.
Well. Me and my fellows from our current company having the similar aims.
Here's few our ideas about it:
We are developing (web-based) product that we will use too. This is important for us and hope will help to improve our own performance in some areas and will give inspiration for new features.
We are going to develop product in stages. Not just sit and code silver bullet for industry. Going to start with core and minimal feature set.
Pricing. We are going to give options: use product on our hosting or purchase own copy and install it on own server. Additional and obivious things are different feature sets (technically -- different plugins integration).
Even more, think we'll make the core (as framework) and some plugins public. It'd be good (even neccesary in our case) to create community.
We already have few customers that would like to have highly customised versions of product. If this will have progress, we're going to focus on such activity and provide community with more and more free basic plugins.
That's just general ideas set. Hope you'll find some of them useful.
If by doing so you can satisfy your own requirements (e.g. for risk+cost-versus-reward)
You might want another USP as well: for example, ease-of-use
Work on this in your spare time, or have a part-time job
?
If you don't finish, or if customers don't want what you offer, then you don't get paid
Write up a proper business plan. Be sure to include critical risks and defensible barriers to entry. If no one on your team knows how to do that, then you can stop now as you don't have the right team in place yet.
The business plan is not just another marketing brochure that targets VC. Tell the truth. After you are done, turn it over to people you trust and ask for money. If they wouldn't invest in it, then why should you?
Have you identified a market for a reduced feature (and hence reduced price) product? It sounds like you have not.
Does your group have a passion for a particular product? It doesn't sound like you do. It might be difficult for everyone in your group to really inspired by just some program. Especially if you haven't done the market research.
I wouldn't count on the 'verbal confirmation' customers. Of course, it depends on the amount of money involved. The larger the price of the product, and the longer it takes you to make it really work, the less chance they will actually buy when you have it ready. Do you have reason to believe that there will be many more people that would be interested and would actually buy your product?
If you have enough market research, and a marketing plan, you may be able to get some venture capital, quit your current jobs, work on this full time, get paid, and hopefully make some big money when it goes big.
Best of luck.