Log in

No account? Create an account
Previous Entry Share Next Entry
Micropayments: time to try again?
[Warning: technical musings ahead.]

Towards the end of yesterday's discussion about Ars Technica, advertisements, subscriptions and so on, I wound up in my usual position of wishing there was a decent micropayment system available for sites like this. Mind, I don't mean "micropayment" in the BS PayPal sense of, "less than ten dollars" -- I mean two cents a pageview, or somewhere around there. Basically, a good way for me to directly pay per-page about what they are making from the scummy spyware advertisers. And I found myself wondering, why aren't these things already out there? I mean, I remember all the rush of enthusiasm for such things in the heady, early days of the Web, which all seems to have gone *poof*.

This proves to be an interesting rathole of a discussion, and the conclusions from a quick surf are, on the surface, depressing: a lot of people have tried and failed. A few of the particularly interesting articles I came across:The heart of Shirky's point, which I think is a good one, is that you can't ask people to *think* about micro-payments. The heart of the micropayment idea is that the payment for an individual pageview is so cheap that it is effectively free. But if you force people to *decide* to pay two cents to view a page, you've already lost: making that decision costs enough attention that people aren't going to go for it. It looks like this argument is probably correct.

That said, I honestly don't think that it's the main reason micropayments haven't succeeded yet. IMO, it's pretty clear what a micropayment vendor would need to do in order to get the main pieces right -- the first article above gets most of these, although not quite all:
  • It would need to be trusted by both users and vendors. Clear business plan, clear privacy policy, no spyware or snooping. Ideally, no tracking of user movement, even internally; certainly no exposure of such movement. Ideally, open source so that people have faith in the security of the system.

  • That being the case, it would need to take a consistent small cut of every transaction, in order to make its money.

  • It would need to provide aggregation on both sides, to achieve reasonable cost scale. That is, the user isn't actually making a hundred two-cent purchases on his credit card; rather, he gets billed monthly for his usage across all sites. (This is somewhat in tension with making it available for minors -- might need a pre-paid variant to work for them, but most adults would probably prefer post-paid.) Similarly, businesses would receive rolled-up payments on a regular basis. (Probably with minimum amounts before payments cut in, and rolling over to the next period otherwise.)

  • It has to be designed to scale, with very small cost of running an individual transaction. If it costs more than a hundredth of a cent per transaction, the business plan won't work. (Fortunately, this is an increasingly minor issue, but you have to pay careful attention to billing costs.)

  • It has to be almost ridiculously easy to use. Signup needs to be as quick as is practical (no harder than PayPal at the absolute worst), and there should be no decision required to view a typical page in this system. That, in turn, implies to me that the system needs built-in whitelisting, so that the user can say, "Don't bother me about one-cent pageviews" or "I will pay up to a dollar a page for foo.com". This is a tricky UI problem to get right, but seems doable.
So given all that, why has micropayment not caught on? I see two fairly basic reasons:

First, the Cult of Free has undercut it. Plain and simply, it's hard to compete with Free. One cent might not sound like too much for a pageview, but it's a lot more than Free. Of course, the reality is that most of those pages are *not* free -- in fact, most of them are costing you hassle (in the form of ads) and/or privacy (in the form of web beacons attached to those ads).

I'm not sure whether this problem is going to eat away at itself or not. It *is* pretty clear that genuinely free doesn't usually cut it: in practice, many large sites are having trouble making their nut that way, and are increasingly resorting to paywalls, spyware and other approaches to cope. If paywalls do come into common use, then I'd say that micropayment-based viewing will prove an idea whose time has come.

Second, though, the competition is just plain killing itself. The problem isn't the lack of micropayment plans, the problem is that there are too damned *many* of them, and they don't work together properly. I don't mind setting up one account for micropayments, but I'm sure as heck not setting up forty of them. Basically, for micropayments to work, they absolutely depend on network effects: the more sites that accept a particular micropayment scheme, the more users who will sign up for that scheme; the more users who are in a network, the more sites will be attracted to it. But kicking off a network-effects play is notoriously fraught, and generally requires both skill and luck. Far as I can tell, none of the existing systems have managed it.

That said, though, it seems to me like a more-sophisticated standard might have a shot at success. In particular, the problem is the common notion that there has to be a single intermediary between the site and the customer. Agreeing on that intermediary is the heart of the network-effects problem: unless the sites and users agree, there isn't enough critical mass for a micropayment vendor to take off.

So what do you do? We probably need a standard that recognizes a more complex ecosystem -- that allows each user and site to sign up for the micropayment vendor of their choice, and negotiates between them. This isn't trivial by any means, and I'm not certain that a single co-ordinating site can be avoided. (In particular, there needs to be some mechanism whereby a user's browser identifies his micropayment vendor to the site, so the transaction can happen.)

But all of it feels very analogous to the distributed-identity problems that have, finally, been seriously tackled in recent years through standards like OpenID and OAuth. In fact, the micropayments problem may be nothing more than a specialized use case for OAuth -- after all, the heart of the issue is authorizing a transfer of money. The UIs for OpenID and OAuth are still tending to be too clunky, but that's been improving rapidly.

I'll go out on a limb and say that I think it's getting to be steam engine time for micropayments. The business realities are showing that Free has been overdone, and major sites are drifting slowly towards paywalls. A properly-managed micropayment system would be much, much *easier* for users than having to manage lots of little subscriptions to individual sites, which is the way most paywalls work today. Clay Shirky's point about not requiring users to think too much is valid, but IMO whitelisting and spending caps will address it well enough. The maturity of Web technology should bring the transaction costs down low enough to make it viable, and the Open Stack looks like it is a good ways towards solving the key interchange problems.

So -- anybody see any good candidates out there? I'm curious whether the movement already exists and I haven't noticed it yet...

  • 1
The other problems are:

The spammers who send you an email which turns into ten thousand requests for 1 cent webpages.

The malware which gets a list of fresh sites through a fast-flux DNS network to make requests on your behalf.

The micropayment system which has to deal with more than 90% of the transactions being repudiated by the users at the end of each month.

The idiots who ask for chargebacks every month claiming that their kids or their cats or their lousy ex-spouses or the malware did it, not them. (The idiots who are right about this, too...)

The people who live in India, in Africa, in Lithuania, in Detroit, to whom $3/month represents a sizeable fraction of what they were already spending on internet access in the first place.

The complete loss of anonymity when you use a micropayment system.

The requirement for a bank account. Middle class people have bank accounts. Poor people sometimes have bank accounts. If you can find a storefront that advertises "Pay Bills Here!", you live near people who don't have bank accounts.

All more or less true, but I'm not sure any are fatal, so I'm going to bat back this particular bit of blocking.

The spammers and malware are a good reason to put some good rate-limiting and pattern-detection software into the customer-side vendor, and implement good caps and reporting. Yes, that's the malware arms race, but it's also not rocket science, and those arms races are life on the Web. I'm under no illusions that any of this is *easy*, but there's reasonable precedent that it's probably survivable.

The repudiation problem is more serious, although there are similar current problems such as click fraud, that cause a fair amount of suffering and tsurrus but haven't yet brought down the Web. Again, I suspect it's manageable, although that remains to be proven.

The $3/month issue is definitely real -- but so is the danger of sites going away due to lack of funding, or funding themselves with spyware, or erecting paywalls (as some are already starting to do) that are considerably *more* expensive. The micropayment approach at least has the virtue of being fine-grained -- if I'm watching my money carefully, I'd probably prefer 2 cents a page than $50 a year.

And do keep in mind, I'm not necessarily advocating this as the be-all and end-all of the Web. Rather, my observation is that *all* models suck in practice, and I'd rather have an ecology that provides me with more choices about which suckage I prefer. I find it likely that intrusive advertising and behavioural profiling are with you forever if you don't want to or can't pay -- I just want a good general way of avoiding that myself, that doesn't require me to set up a separate account on each of dozens of sites. (Which, note, has its own terrible privacy and security implications.)

The loss of anonymity is probably real, although also easy to overstate: the advantage of double intermediation is that the site does *not* necessarily know anything about who you are, as they do in conventional paywalls. And a really *clever* user-account vendor could probably make it so that your identity is truly protected, by using one-time tokens of some sort. (I think you're not thinking about the effects of the dual-vendor ecology I'm describing, which does change some equations WRT privacy. With a standard vendor/vendor protocol, you could potentially have user-account vendors whose main selling point is user privacy.)

But in reality, I think it likely that few vendors would implement good anonymity controls, because the vast majority of users don't give a damn. The result would be -- well, basically about the same level of anonymity as most people have today, which is little against a determined data miner.

Tangent: the entire business model of Zingdom was built on the assumption that people cared about anonymity, and would favor a service that gave them strong assurances of anonymity in their interactions. What we discovered was that, in reality, very few people *actually* care enough to make this a selection point for a system, so we were comprehensively beaten by vendors that were simpler and didn't care about identity leakage. This has made me cynical about anonymity: I believe that, outside of a relatively small number of determined geeks, it is mainly a weak box feature as far as most people are concerned.

*That* is actually the strongest counter-argument to my point: that most people will content themselves with the current pseudo-free state of affairs, comprehensively trading their privacy in exchange for it. If that's true, it might simply prove to be enough of an entrenched system to prevent the necessary critical mass to ever arise for micro-payments...

I think that the only reason we can stand the email spamming problem that exists now is that end-users do not see a direct financial impact. This is a system which will cause direct financial impact; I don't think it can survive.

The repudiation problem can either be dealt with automatically or with customer service. Customer service is expensive, so expensive that any complaint will chew up all the profit from that customer for the year. The automation can be gamed, unless it is deny-all-requests -- which won't encourage anyone to use it.

Consider the database problem, too. You will need infrastructure that can get authorization/payment information once per web-page -- that means a massively distributed system, on the order of DNS, but worse because there is less ability to cache. Then you need to be able to generate a report in near real-time for each customer who demands it -- who will use a billing system that only lets you see how much you spent 24 hours later? Or even 2 hours, unless you can guarantee an individual's preference on billing rate limitations, which seems to increase the authorization problem. Not just "is this a valid account?" but "is this a valid account which has not exceeded the allowed billing rate right now?"

I'm sorry to be so negative, but I really do think this cannot get off the ground because of the disastrous consequences of imperfection. The macropayment systems can get along because the processing cost, including customer service and fraud, is manageable compared to the profit margin. I can't see that happening without a cryptographically sound e-cash system, and governments hate e-cash systems.

(Anonymous e-cash can solve some micropayment problems, I think. Load up your browser wallet with $5, authorize automatic payments under 0.1 cent per page to sites that you have previously visited and accepted, have the browser display a running balance... those things can work. But the government objection is severe.)

There are two main kinds of anonymity to be had on the internet: Hiding your identity from corporations, search engines, and governments, and hiding your identity from your friends and loved ones. I'm curious whether your opinions about the geekcentricity of anonymity extend to the second type. I imagine 21st century teenagers and philanderers opening themselves up to scammers trying to find ways to make micropayments without their family seeing what sites they're visiting.

In practice, I've rarely seen the latter case managed as anonymity -- rather, it almost always seems that pseudonymity is what people are looking for. (I try to use the two terms precisely, because anonymity and pseudonymity are both very important and quite different.)

I do think that people care about pseudonymity that is shielded from friends and family -- often they care about it quite a lot. But remarkably few people care about it to the degree of seeking out tools that guarantee it to a reasonable degree. Instead, most folks are content with pretty weak pseudonymity. And I suspect that's a reasonable decision: unless you think your family is *looking* for a pseudonymous identity of yours, odds are decent that weak pseudonymity is good enough, so it doesn't really make a major selling point for products. It's a plus, all other things being equal -- but all other things are rarely equal.

So yes -- I still think that caring about *strong* identity-shielding is a geek thing. It's very common to care about it a little, to the extent of doing a bit of working around it within tools that you otherwise like, and it's important that a tool not *totally* blow that. But so long as they can get rough-and-ready weak pseudonymity, I genuinely believe that's all that most people care about.

(That said, yes -- there are undoubtedly scam opportunities in it. There are *always* scam opportunities, in any line of business. The fraudsters are clever and creative, and good at social engineering...)

I'm referring to clearing browser histories, deleting cookies, etc, which you can do to hide what sites you visit - but only if they don't show up in an itemized list in 30 days.

Oh, sure. But in the architecture I'm describing, that's really just a question for the user-account vendor and how you interact with them. I can imagine that some vendors would offer a product that's not too blatant -- indeed, that might actually be a nice differentiation point for some people...

You didn't mention Twitpay, so I thought I would: https://twitpay.me/

This is PayPal-based? Odds are that I don't consider it to actually be micropayments -- PayPal is, by and large, too expensive to do really small transactions with. (Remember, I'm focused on 1-cent transactions.) But I'd be happy to be proven wrong...

  • 1