Arc Forumnew | comments | leaders | submitlogin
Poll: What's the best payment system?
3 points by hjek 2317 days ago | 10 comments
I'm intending to make an ecommerce module in Arc.

Everyone on HN goes on about how wonderful the Stripe API is. But as far as I can tell Stripe requires users to run non-free JavaScript in their web browsers. Paypal doesn't seem to have this issue.

Which payment system do you prefer for online payments? (And do you know if it works without non-free JavaScript?)

Stripe
0 points
PayPal
1 point
Sage
0 points
GNU Taler
1 point
Apple Pay
0 points
Google Wallet
0 points
Amazon Pay
0 points
Worldpay
0 points
other
0 points


3 points by i4cu 2315 days ago | link

Depends somewhat on residency. If you live outside the US PayPal charges terrible currency fees and they also have a reputation for holding your money hostage when your situation/product is non-standard to them. I intend to use stripe, but not with arc. Just thought I'd put my three cents in anyways.

-----

2 points by hjek 2315 days ago | link

On #stripe IRC, someone pointed me to this, http://www.pehjota.net/projects/epirts.js/ , a free software replacement for Stripe.js

I've read about Paypal freezing Wikileaks' account. And, it seems that Paypal have closed off their REST API, and only SDKs for various languages -- not including Racket.

-----

3 points by i4cu 2315 days ago | link

It seems to me that most of the web does not care about a free software option. So why, may I ask, do you?

Personally, I see Stripe as being a trustworthy source and I'd much rather use a non-free version from a trustworthy source than a free version from an untrustworthy source. Yeah you can read the code, but no one is going to do that anyways (besides there's more to it than just looking for something nefarious in the code, you also have to make sure there are no missing parts that lead to vulnerabilities and unless you know what the missing parts are....)

edit: also do a paypal search on HN and you should see their reputation is terrible from a vendor perspective. I think their success is largely due to being the first on the market and establishing a significant base at a time when using cc's on the internet was scary and hard. But stripe, and others, have changed the payment landscape. We can now use cc's for vendor payment with ease. So why Paypal? To cater to people without cc's?

-----

2 points by hjek 2311 days ago | link

You do have a point there, as probably most people on the web run non-free JS.

I'd of course argue that this doesn't mean that most people don't care -- because plenty people I know get real pissed off about video ads, anti-adblockers, pop-up forms, and all that jazz -- but they don't know that this is almost always non-free JS.

So, even if we were to assume that the non-free Stripe JS code is trustable, and ask people to run it, then I'd never recommend anyone to use a browser that runs non-free JS.

Yes, people can use adblockers, but there's plenty more nasty stuff non-free JS code can do, and does[1][2][3][4], so I wouldn't ask anyone to do that.

Yes, there could be free/libre JS malware, but like who'd ever do

   <script> /* Code to log users' keystrokes before they send their message */ </script>
[1] https://stallman.org/archives/2017-sep-dec.html#18_November_...

[2] https://stallman.org/archives/2017-jul-oct.html#18_September...

[3] https://arstechnica.com/information-technology/2013/12/faceb...

[4] https://arstechnica.com/information-technology/2013/10/faceb...

Also, I'm a bit sad that HN was changed to disallow voting w/o JS, but that's mainly because it means you can't vote from Links or Emacs :-)

-----

3 points by i4cu 2310 days ago | link

> this doesn't mean that most people don't care -- because plenty people I know get real pissed off...

Those people you know who get pissed are either A: not representative of 'the web' or B: not caring enough to stop doing what they are doing. So I will stand by "most of the web does not care" (and yes I am inferring you have to care enough).

> I'd never recommend anyone to use a browser that runs non-free JS.

   "most of the web does not care"
Unfortunately this is the world we live in and trust is currently a staple of the internet even as scary as that is to some people.

I have to trust that stripe.js is secure - that's what I'm paying them for and if they get a bad reputation like Paypal has then people, including myself, will stop using them and stop paying them. Frankly for a cc payment type script I think their code should be audited by professionals that can see more than just keystroke loggers and if there are any vulnerabilites then the auditors should have the power to shut them down.

If at all you think I'm not on your side I'll suggest you're wrong as:

    * I deleted my facebook account 10 years ago.
    * I deleted my minimal Linked-in account 2 years ago.
    * I don't use an ad-blocker, but I: 
        * make mental notes not to buy their products because the ad pop'd up.
        * don't revisit websites that have ad pop up.
	* avoid sites that have ads.
		
Using an ad-blocker is admitting defeat and I'm not there yet!

-----

3 points by hjek 2309 days ago | link

First, congrats with getting of Facebook and Linked-In!

Yes, most of the web doesn't care about non-free JS.

However, for me, it's higher priority to do what I think is right, rather than what is popular. If I didn't care about free software, I'd just put stuff on Ebay instead.

That's also why I coded this new event calendar in Arc -- that you can check out in the Anarki repository -- because I'm part of this art collective where everyone have been publishing events exclusively on Facebook, which is super annoying when you don't want to be used by Facebook.

I wanted to make something that was as easy to use but free, because many artists can't be bothered to use FTP to edit plain text files, and all the PHP calendars I looked at were overengineered overcomplex piles of drupal.

Anyway, I might look into Paypals Python SDK, because Hy makes Python acceptable.

-----

3 points by i4cu 2315 days ago | link

Why does this poll say 0 points for stripe when I've voted for it. When I originally visited this post and voted the point counter went up, then I revisited and the points went back to zero.... I smell a bug.

-----

4 points by akkartik 2315 days ago | link

We don't have access to the actual code running live on the site, but looking at policies from back in 2009 or so, it looks like you may have run afoul of the sockpuppet detector: https://github.com/arclanguage/anarki/blob/8e330f1242/lib/ne.... That's too bad; sockpuppet detection is overkill for a site this niche.

Try it now on some other vote (votes on polls seem to be using the same code as votes on stories or comments). If your vote sticks now, that would confirm my hypothesis. (https://github.com/arclanguage/anarki/blob/8e330f1242/lib/ne...)

-----

5 points by i4cu 2314 days ago | link

BTW I'm thaddeus. I check in once in a blue moon, but decided to vote on this and forgot my password so I created another account;).

And it looks as though, because I created the account seconds before voting, I failed at least one test in 'legit-user':

  new-karma-threshold* 2
It's possible I failed new-age-threshold* too, but I wasn't all that interested in investigating further.

I dunno; I understand the reasoning, but it still seems like a bad design choice. I'd much rather, circumstantially, be put through a better legit-user test on account creation than to see a forum introduction like that. Oh well, the odds are low for a new user to vote on a poll as a first action anyway. I just seem to always beat the odds :) haha.

-----

1 point by hjek 2315 days ago | link

Perhaps the vote only got saved in your profile and not in the item.

-----