How do you pay for data exfiltration ransoms or to purchase stolen data? My take is that if you remove crypto, you will hamper greatly these transactions.
This is what hapenned 10 years ago, when machine translation entered the professional translation business. Post-editing the translation was often slower than human translating sentences from scratch. Now nearly the whole industry is post-editing machine translations, and there is more and more content that is not even post-edited.
When I started working at a time with no mobiles and no remote, calling or being called to the office for personal reasons was seen with disrespect from your coworkers. At work you were supposed to be working, and outside of work you were supposed not to be working. Pretty much as in the Severance series, but without the forgetting. With mobiles and connectivity, everything changed, I'm unsure if for better. Now you can work 24/7 or slack all day as if there were no tomorrow.
Why do you have a 14-day money back guarantee instead of a 30-day free trial?
My perception (although I never tried it) is that it reduces the number of people actually trying it and avoids that you have to still pay for the payment platform fee when there is a refund, plus I presume there is also some dedication needed for handling the refund itself.
I speculate that there might be a sweet spot between the impulse purchase and the price level where you do not bother to ask for a refund, even if the tool does not work for you, but still it is counterintuitive for me why not to reach as many potential users as possible at a nearly zero marginal cost and sort of pray for conversion with a much higher user base.
In other words, at this price range with no recurring income, what is the percentage of users who actually to ask for a refund? Is it very low?
Hey there,
This topic always pops up from time to time.
First, when I started building macOS apps, the extra work of building a trial mechanism was something I wanted to keep for later.
Today, my key management backend already supports that, and when a user personally asks for a trial key, I give it to them.
But from my experience, when someone has a free trial, 2 thing can happen:
1. Download and never use
2. Use a little bit, stop using it, and leave the app without buying it.
When someone pays for the app, they try it most of the time immediately.
He explores the app, finds issues, and, because he paid for it, will be much more involved, which will provide me with much more accurate feedback.
Also, if something is not working well for him, he writes me, and I benefit from these interactions with the users.
A lot of my improvements for my apps are based on "Refund talks"
Overall, the upsides outweigh the downsides.
I don't have many refunds, but when I do, it really helps me improve the app.
I already had users who asked for a refund, and a few versions later, the app improved based on their feedback, and they repurchased it.
I am sure that some users don't buy without trying,
And this is why I am super responsive to refund requests and handle them faster and without "playing games" with this topic.
Maybe,
This has a lot of different opinions,
In SaaS, I can understand why you would give this trial version.
You can improve the onboarding and user progress tracking in the tunnel.
Making rapid updates and improving the onboarding process.
But for Mac apps that nothing is tracked or sent to my server, I have no idea what the user is doing or not doing with the app,
I can't roll out fast updates or even force users to get the newest version
So I won't be able to really improve it.
Maybe in my future Saas I will have some kind of trial.
But for now, I will stay with this model.
Anyway, thank you so much for the feedback,
Super appreciated!
I was speaking from experience selling single-fee end-user Windows apps for about a decade. Trials are basically a must as virtually no one would pre-buy to test.
Perhaps on Macs it's different, or maybe it's due to your price point, but still your approach automatically drives away a large swath of potential, but cautious buyers, or those who don't want to be bothered by the refund process. Your pitch is "here is some good stuff, and here are the hurdles if you want to test it".
I'm not affiliated with them, but I am a customer. They put a lot of effort into finding the right balance of what to unlock upfront in the trial. And their license/unlock process is pretty seamless.
I don't dispute the power of a free trial, but it can be a fair bit of work to get the details right.
I'm not the author, but generally: It could depend on whether those trial users are worth supporting. You could potentially get a free-rider problem. You could get a lot of support emails from people who never convert anyway.
It's only 10€, so it's pretty well in the impulse-buy category.
To the author: I'd suggest localising the currency, if possible. At least for English speaking locales (US, UK, CA, AU, NZ). The EUR pricing made it look to me like you might not be able to buy it if you're not in Europe. (Edit: I'm in Canada and it shows EUR, not CAD.)
I see you use Stripe. They have this Adaptative Pricing feature where you get paid in EUR and customer pays in their own currency. It has some drawbacks (fewer payment methods and higher cost perception for customer due to Stripe’s upfront currency exchange comission), but it can do the trick.
I don't think it will change much, and this will be one more thing to maintain. Without proper handling, I may miss good feedback.
This is a more complex topic than it seems.
Am I the only one using Microsoft Money Sunset Edition? Granted I cannot connect to banks and get live quotes, but I think it is well done and has a lot of features.
I did too with Money Sunset for quite a while, but mostly gave up in the last couple years. Several of the online accounts stopped supporting exporting to QIF/OFX, and it's not worth the effort to type in everything manually or figure out another export/conversion process.
Volkswagen was handed over to be run by a British military officer immediately following the war.
Tesla’s board decided after the war was lost to not only let the nazi sympathizer continue running the company, but to give him an egregiously disproportionate compensation package. The guy who single handedly pushed the biggest failure in the history of the company (cybertruck) is apparently the only one who can save the company.
I expect at some point they’ll be acquired for pennies on the dollar by a Chinese company or if Trump gets his way he’ll insist on a government takeover.
The board and shareholders had their chance to dump Musk a few weeks ago; they could have just turned down his ridiculous pay package and he would have left. They didn't so he'll be dragging them down for at least another decade.
I would dare to say that all business apps start as an Excel sheet (or Google Sheet) and after the usefulness of data collection and data arrangement/presentation is validated (often long after the usefulness is validated) they eventually become a full-fledged business web app.
If we are talking about real time phishing then sending a code to the email is as secure as a 2FA authentication with password and Google Authenticator code.
My password manager will protect me from entering my password into a website on the wrong domain. It won’t protect me in the passwordless case where the code is sent via email.
Can you explain this more, I don't understand Google authenticator completely? Could a bad actor spoof a 2FA as they can with an email, and capture your input?
> convince a user to enter their google 2fa code into a site that isn't obviously google?
if the BAD site itself looks legit, and has convinced a user to do the initial login in the first place, they won't hesitate to lie and say that this 2-factor code is part of their partnership with google etc, and tells you to trust it.
A normal user doesn't understand what is a 2factor code, how it works, and such. They will easily trust the phisher's site, if the phisher first breaks the user and set them up to trust the site in the beginning.
What google does is to send a notification to the user's phone telling them someone tried to access their account if this happened (or any new login to any new device you previously haven't done so on). It's a warning that require some attention, and depending on your state of mind and alertness, you might not suspect that your account is stolen even with this warning. But it is better than nothing, as the location of the login is shown to you, which should be _your own location_ (and not some weird place like cypress!).
What I don't understand is how the site will send the 2FA code request to the bad actors phone, instead of the real users phone? Is this not part of what makes it more secure than a text or email? Wouldn't the bad actor need to be logged into the authenticator as the user your trying to hack?
> how the site will send the 2FA code request to the bad actors phone, instead of the real users phone?
the 2FA code in this case is in the email, not via an app. This email is triggered by BAD on their end, but it is sent by GOOD.
If the 2fa is _only_ via the authenticator app, then the BAD will need to convince the user to type in that 2fa code from the app into the BAD site (which is harder, as nobody else does this, so it should raise suspicions from the user at least).
Not much harder. The state of the art of phishing right now is proxy based setups like evilginx which pass along credentials in real time. Then you just save the session cookie or change/add the 2fa mechanisms so you can get in whenever you want with the stolen credentials.
I believe it is in this interview from 1996 where I saw Bill Gates saying the same thing about Microsoft products, he saw them as subscriptions. It’s a long but interesting interview. https://www.youtube.com/watch?v=VFFlO7yBIBM
Ban crypto and both industries will become way, way smaller.
reply