HackerTrans
TopNewTrendsCommentsPastAskShowJobs

caydenm

no profile record

Submissions

Revolut Customers Are Temporary

upollo.ai
1 points·by caydenm·letztes Jahr·0 comments

Ask HN: Benchmarks for models other than LLMs

5 points·by caydenm·vor 2 Jahren·1 comments

B2B Businesses are copying Netflix's tactics and it's paying off

upollo.ai
3 points·by caydenm·vor 2 Jahren·0 comments

[untitled]

1 points·by caydenm·vor 2 Jahren·0 comments

10 Second Teleportation

upollo.ai
117 points·by caydenm·vor 2 Jahren·66 comments

Basics of Measuring Churn In $ – Grr, NRR and NDR

upollo.ai
1 points·by caydenm·vor 3 Jahren·0 comments

Experts Guide to Lead Scoring

upollo.ai
1 points·by caydenm·vor 3 Jahren·0 comments

Making product friends and influencing the roadmap

upollo.ai
3 points·by caydenm·vor 3 Jahren·1 comments

Visualizing Account Sharing

upollo.ai
3 points·by caydenm·vor 3 Jahren·1 comments

How companies like Linear and Miro design for team growth

upollo.ai
2 points·by caydenm·vor 3 Jahren·3 comments

How we discovered and dealt with someone impersonating our company

upollo.ai
5 points·by caydenm·vor 3 Jahren·1 comments

Show HN: Free Segment company data enrichment

upollo.ai
2 points·by caydenm·vor 3 Jahren·1 comments

Ask HN: Why doesn't Stripe allow you to get BIN numbers?

1 points·by caydenm·vor 3 Jahren·3 comments

How Dropbox grew their business tier by finding hidden B2B users

indiehackers.com
1 points·by caydenm·vor 3 Jahren·0 comments

Terraform changes pricing model, updates plans

hashicorp.com
3 points·by caydenm·vor 3 Jahren·1 comments

What we can learn about password sharing from Netflix's earnings

upollo.ai
2 points·by caydenm·vor 3 Jahren·6 comments

What businesses can learn from Netflix’s account sharing plan

smartcompany.com.au
1 points·by caydenm·vor 3 Jahren·0 comments

Falsehoods programmers believe about signup pages

upollo.ai
1 points·by caydenm·vor 4 Jahren·7 comments

Ask HN: What do you wish you knew about your customers/users?

1 points·by caydenm·vor 4 Jahren·0 comments

New car delivery times trending down, still over 150 days

pricemycar.com.au
5 points·by caydenm·vor 4 Jahren·0 comments

comments

caydenm
·letztes Jahr·discuss
I was referring to generated or disposable card numbers rather than stolen. maybe that is the confusion?

An concrete examples of converting a user using these types of cards for free trial abuse is a user who signed up 8 week in a row using different emails, names, IPs and cards. Nudging of these users was enabled and on trying to sign up for their 9th trial they immediately switched back to their original account and converted at full price.
caydenm
·letztes Jahr·discuss
100%! This was easy and now it is frustrating to get to the thing they want, the service, and the easiest route is to pay.
caydenm
·letztes Jahr·discuss
There are obviously people who are doing free trial abuse for commercial gain eg. Signing up 1k accounts to get test credit cards or to resell accounts. They are not going to convert (although sometimes you can successfully convert them into affiliates)

We have seen individuals just trying to get free accounts week after week, who when nudged once pay immediately thousands of dollars even after using fake, stolen or empty cards.

These individuals think they are being cheeky and when they are 'caught' they revert to doing the right thing.
caydenm
·letztes Jahr·discuss
Free tier and free trial abuse is a huge problem, but also a huge opportunity.

We have seen customers where free tier abusers created 80k+ accounts in a day and cost millions of dollars. We have also seen businesses, like Oddsjam add significant revenue by prompting abusers to pay.

The phycology of abuse is also quite interesting, where even what appears to be serious abusers (think fake credit cards, new email accounts etc.) will refuse a discount and pay full price if they feel they 'got caught'
caydenm
·vor 2 Jahren·discuss
OP here, I was trying to say that these pages were behind an authwall and loading with userids from a specific user but without any of their cookies to support that auth.

This led us to believe this page was MitM rather than crawled directly (as they would not be able to impersonate the user)
caydenm
·vor 2 Jahren·discuss
This looks exactly like it!! Nice find!
caydenm
·vor 2 Jahren·discuss
Josh on our team is so happy people discovered and liked his easter egg!
caydenm
·vor 2 Jahren·discuss
Browser extension is what we originally thought for exactly the same reasons you did. We started to see some requests show up from iOS devices which didn't support extensions so that made us think MitM corporate proxies.

The diversity of cloud networks looks to be due to these being deployed by individual institutions (eg. universities, corporations etc.) rather than only run from Palo Alto Network's data centers.

We also saw slightly different configurations with different browser versions, but with the same pattern of behaviour.
caydenm
·vor 2 Jahren·discuss
That was on my list of candidates as well! Those usually have a specific user agent making it clear what they are, they appear from a companies netblock (eg. Facebook, Microsoft) and cannot access authed pages (unless the key is in the url).

In this case these appeared to be all MitM'ed pages from a security device since the key wasn't in the url and it contained userids for a specific user.
caydenm
·vor 2 Jahren·discuss
Exactly! Our library is embedding in these pages and similar to Segment or other analytics tools will get told information about user events from that state. Sometimes that state is stored in the page that is sent over the wire (eg. userid) and as such we get a request saying a particular user is on the other side of the world.
caydenm
·vor 2 Jahren·discuss
It appears this is to find threats that might have no otherwise triggered or work out is particular sites are dangerous without monitoring a users machine.

It is scary that for people in a corporate environment this could be rendering banking, messaging or any other pages contents.
caydenm
·vor 2 Jahren·discuss
I thought I messed it up! I had no idea this was a thing.
caydenm
·vor 3 Jahren·discuss
The strength of a referral, the proximity and seniority of the referrer and role fit all come into play.

A strong referral by a knowledgeable person often skips that person to the front of interview queue. I have hired a number of people based on referrals from team members, VCs and previous coworkers.

Many referral systems have a how good do you think this personal really is field and often an option for "I don't know this person that well I am just referring them to say I did".

If you are asking for a referral, make it as easy as possible for the referer to make you look great. They probably don't remember all your awesome work like you do, so make sure you give them simple impactful points.
caydenm
·vor 3 Jahren·discuss
I have spent most of my career as a product person before becoming a founder and one of the things I saw was a disconnect between sales and product.

The right feedback wasn't getting to product, so the right problems weren't getting solved and sales and customer success teams weren't feeling heard or empowered to get things fixed.

I wrote this as a bit of a guide on how I have solved these problems in the past and hopefully it will help others do so too.

Found something that works well? I would love to hear about it
caydenm
·vor 3 Jahren·discuss
We are excited to share some rare behind the scenes from some of the tooling we use to evaluate account sharing.

Happy to answer any questions
caydenm
·vor 3 Jahren·discuss
https://www.datocms-assets.com/65181/1662686325-iconiq-analy...

Is the correct one. I will fix in the original, Thanks!
caydenm
·vor 3 Jahren·discuss
One thing this article doesn't mention is that if you start with a 'single-player' environment it can be hard to get people to change to 'multi-player'.

Not only because of habits, but also because people have set it up just for them and they feel they need to tidy it or make it good enough to share with others.

Having a very clear delimitation between what is a persons and what is a teams/organization is really important when moving from single -> multi.

I would love to hear what things people have found worked really well too!
caydenm
·vor 3 Jahren·discuss
Yesterday someone tried to impersonate my company, Upollo. They cloned our site, had an upollo.tld domain and had also signed up for services under our business name.

I wanted to share how we dealt with it as apparently this is happening to a lot of companies and there isn't a good guide on how to deal with it.
caydenm
·vor 3 Jahren·discuss
You can also see details on Segment here: https://segment.com/docs/connections/destinations/catalog/ac...
caydenm
·vor 3 Jahren·discuss
Thanks for the quick reply Sam! We use them for purposes outside of fraud. Happy to chat more about our use case if that helps.

I was hoping there was a private API to support access?