> They handle taxes in all sorts of countries in different states.
And they handle it so poorly that you have to write them to get a proper invoice in order to recover your VAT.
If your customer buy your application through the app store, they ask "you" an invoice with VAT, and you have to tell them to contact Apple, that's so unprofessional.
For a 30% cut, they could clearly put a download link or include a PDF in the sent email.
All right, in fact, I think the law you explained is even fair and needed to prosecute some "Joint Criminal Enterprise".
But in this specific case, how could it be "incorrectly" argued, "absolutely wrong" and not dismissed by a judge.
I mean, how can you trust the justice if only the poor chap is the one going to jail.
Yeah, I'm naive, I know.
So this guy was jailed because he coded an advertising platform and a video hosting service.
I know Mega was on a thin shady line, but what has he done wrong to be jailed in USA ?
For me, it's all about the details, and I just can't come back to Firefox for silly reasons, even if I appreciate their stance on privacy.
The tabs shape is repulsing me, I know that's a strong feeling and I can't explain it.
The disymetrical back and forward buttons bothers me as well.
I can't find how to whitelist domains accepting cookies in Firefox.
Switching profiles is much easier with chrome.
I'm used to chrome developper tools.
I don't like neither safari neither MS edge.
If it wasn't for the missing onenote extension, maybe I'd be using opera. Again, all about the details.
Great.
You just inspired another european privacy law where website will be forced to ask you to read the terms before processing reading.
What it will achieve is users will be annoyed and install a termblock extension to their browser, I mean kind of defensive software.
> hm, someone should make a simple web app that gathers names and styles of fonts and provides a zip w/ pre-generated CSS
I used http://www.localfont.com to retrieve the Open Sans font I was previously using from google font. Maybe that's the kind of webapp you are looking for.
As far as I understand the issue, I think that's only true as domestic sales are concerned. Like you, UK to UK.
But if you are from another european country, even under your own country thresholds, you have to apply UK sales tax if the UK customer is not VAT registered.
Do you keep track of the 2 non contradictory proofs of the receiving country end ? Article 24d : http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELE...
Do you keep this localisation proofs for the 10 mandated years ? Can you prove this saved data have not been tampered ? Do you have an audit log on this data ? Do you comply with directive 95/46/CE for the protection and treatment of this data ?
Hopefully for you, you are only dealing with VAT registered corporates, so you are on the easy side. Now imagine the nightmare if you are for example selling e-books or saas or traditional software to VAT / non VAT registered corporates and individuals wolrdwide. It's not so easy anymore.
I think, we reached the end of the thread, I can't reply to you. So, sorry for the messed reply.
I'd like to ask more questions.
Are your french customers corporates or individuals ? If corporate, do they have a VAT intra-community number, do you have one ? Are you billing VAT in Germany ?
As I'm french, could you give me this not stating they are without VAT due to specific french laws.
Beware, I don't know if the situation is the same in germany, but in France you have no recourse if your accountant is wrong, the burden is on you.
I'm afraid many people think "they don't even need to think about it", but are actually wrong. (Not I'm saying it's your case, but here even the tax office is not really sure how to deal with it, the only one who seems to know is the one giving fines, and he's not an adviser, just an inspector ...)
If nothing changed at all, you may be doing it wrong.
Which country are you billing from, which european countries are you selling to ?
Are you selling a single product/services, several with each different tax rates ?
How do you know which VAT rates you have to apply, are you vatmoss registered ?
It's a difficult subject, I'm really surprised it seems so easy for you (or anybody else)
My comment was supposed to be an addendum but I failed by nitpicking and questioning your interpretation. I'm sorry.
As a security researcher, may I ask you these questions:
Which channel are you using as a first contact ?
Would it be enough for me as a saas supplier to monitor [email protected] ?
I must admit I'm bit afraid by a cleartext channel for this kind of disclosure. Would you have some recommandations for the receiving part of the vulnerability ?
I don't think that's a relevant comparison. You can be sure that when cars, airplanes and industrial plant have available access through internet, they will be powned as well and there will be accidents.
So I imagine, given their specifications, they had to give each tenant its own full PG database. I understand they have strong business logics but it does not seem very efficient. Salesforce is known to use a single oracle instance for all its tenants and I don't think their business logics is less demanding.
Giving an administrator or elevated role to the tenant connection looks like a really bad idea from the start, especially if the tenant instance is not sandboxed in a container or virtual server.
But this things are hard and a small mistake can have big consequences.
https://http2.github.io/faq/#does-http2-require-encryption