←back to thread

Stripe records user movements on its customers' websites

(mtlynch.io)
1134 points mtlynch | 1 comments | 21 Apr 20 17:01 UTC | HN request time: 0.202s | source
Show context
pc ◴[21 Apr 20 17:42 UTC] No.22937303[source]
Stripe cofounder here. The question raised ("Is Stripe collecting this data for advertising?") can be readily answered in the negative. This data has never been, would never be, and will never be sold/rented/etc. to advertisers.

Stripe.js collects this data only for fraud prevention -- it helps us detect bots who try to defraud businesses that use Stripe. (CAPTCHAs use similar techniques but result in more UI friction.) Stripe.js is part of the ML stack that helps us stop literally millions of fraudulent payments per day and techniques like this help us block fraud more effectively than almost anything else on the market. Businesses that use Stripe would lose a lot more money if it didn't exist. We see this directly: some businesses don't use Stripe.js and they are often suddenly and unpleasantly surprised when attacked by sophisticated fraud rings.

If you don't want to use Stripe.js, you definitely don't have to (or you can include it only on a minimal checkout page) -- it just depends how much PCI burden and fraud risk you'd like to take on.

We will immediately clarify the ToS language that makes this ambiguous. We'll also put up a clearer page about Stripe.js's fraud prevention.

(Updated to add: further down in this thread, fillskills writes[1]: "As someone who saw this first hand, Stripe’s fraud detection really works. Fraudulent transactions went down from ~2% to under 0.5% on hundreds of thousands of transactions per month. And it very likely saved our business at a very critical phase." This is what we're aiming for (and up against) with Stripe Radar and Stripe.js, and why we work on these technologies.)

[1] https://news.ycombinator.com/item?id=22938141

replies(52): >>22937327 #>>22937331 #>>22937352 #>>22937362 #>>22937385 #>>22937475 #>>22937518 #>>22937526 #>>22937559 #>>22937599 #>>22937775 #>>22937815 #>>22937962 #>>22938015 #>>22938068 #>>22938208 #>>22938310 #>>22938383 #>>22938533 #>>22938646 #>>22938728 #>>22938777 #>>22938855 #>>22938884 #>>22939026 #>>22939035 #>>22939376 #>>22939803 #>>22939814 #>>22939916 #>>22939952 #>>22940051 #>>22940090 #>>22940177 #>>22940282 #>>22940315 #>>22940317 #>>22940352 #>>22940686 #>>22940751 #>>22941252 #>>22942502 #>>22942538 #>>22942710 #>>22942907 #>>22943100 #>>22943453 #>>22944163 #>>22944509 #>>22944652 #>>22945170 #>>22946136 #
beervirus ◴[21 Apr 20 18:23 UTC] No.22937775[source]
How long is this data retained, and what does it actually include?

> This data has never been, would never be, and will never be sold/rented/etc. to advertisers.

Unless Stripe goes bankrupt, in which case it'll be liquidated along with all the other assets.

replies(2): >>22937812 #>>22938882 #
dahart ◴[21 Apr 20 20:15 UTC] No.22938882[source]
> Unless Stripe goes bankrupt

Yep. Also: sale, acquisition, merger, as well as government requests for data, and third party access. Speaking from experience selling a company, it’s difficult to plan for unknown eventualities, and even more difficult to keep any promises about what happens to data you have. The only effective way I know of to guarantee data you have doesn’t get shared is to delete it.

replies(3): >>22938918 #>>22941263 #>>22945687 #
thw0rted ◴[22 Apr 20 14:07 UTC] No.22945687[source]
IANAL and I don't claim to understand any of this well, but I would naively assume that if Company A collected data under a binding legal agreement that they can only use it for X, then they go bankrupt, that shouldn't give Company B the ability to buy the data as a "liquidation asset" then do anything they feel like with it. Shouldn't the binding restrictions "move" with the data?
replies(1): >>22949952 #
1. dahart ◴[22 Apr 20 20:40 UTC] No.22949952[source]
This depends on how the company is liquidated/sold. In the cases I mentioned of sale or acquisition, often the corporate entity remains in existence through the transition, so the effect is that nothing changes wrt the binding legal agreement, but a large group of new people gain access to the data. Also while legal agreements are binding, they can usually be changed, it takes some careful planning to prevent a contract from being changeable by the new owner of the contract. Think about the question of who owns the collected data in the first place. If the company owns it, and the investors own the company, the company might have a tough time getting investors to agree to waive their right to sell what they consider to be a valuable asset in the case of bankruptcy. If the company doesn't ask the investors, or can't get them to agree, then whatever they do has grounds for future legal challenge. It's all around better to delete any such data before anything changes hands.