Bringing Micropayments To the phpnuke Community 22
aelfakih writes "Centipaid.com made available a phpnuke add-on making it possible for anyone with a phpnuke site to collect micro fees for accessing specific sections of the site.
The module is released under GPL and it is still beta, but seems to be stable.
There is a demo of the micropayment system for phpnuke on http://phpnuke.centipaid.com. There is also a GPL Apache module that does the same thing, but it is intended for system admin with access to the apache server config files, or .htaccess.
Links to the phpnuke info is on http://www.centipaid.com/download.html as well as the phpnuke.org site.
Links to the apache::centipaid module is on http://www.centipaid.com/download.html and on freshmeat.net
"
Wow (Score:3, Interesting)
Now whether or not Centipaid is more trustworthy than Microsoft's Passport system, only time will tell. But I'm very optimistic. Great job guys!
--
Money is the root of all evil (Send $30 for more info)
Horror story (Score:5, Insightful)
A patent pending technology for electronic commerce that [uses a] "variable length key that is encrypted using blowfish algorithm then merged with the image of the stamp using another variable length password" with no peer review of the securtiy of the system? Users can "exhange stamps online and many users can use one internet stamp until it runs out of funds"? A sales site (interstamps.net) with no indication of parent company, physical address, telephone number? A completely anonomous system with a tracking serial number?
This sounds like the worst of horror stories that can be devices by Open Source and Privacy advocates combined, but we're singing its praises because it released some code under the GPL?
So apart from the many pointers that indicate that no self respecting online purchaser should hand over ANY details to this site, what about security and anonomity?
Sites you purchase from clearly can't track your identity across transactions (assuming you use a different stamp). Or can they?
Well, Centipaid or Internetstamps can certainly track all purchases you make, by virtue of the stamp's serial number. While they promise nicely in their Privacy Notice not to "materially change" their privacy policy, they reserve the right to. They also say they won't divulge "account contact or payment information", but that's easy to sidestep in a number of ways (is what your purchased and where you bought it "payment information"?).
Since Centipaid has close ties with the sellers (producer and consumers of the technology, right?), can we be sure that our purchasing trends aren't being syndicated to ALL of the sellers? Or maybe to Doubleclick or a similar organisation. All you're really doing in this system is trusting a third party to behave responsibly ... one that doesn't even provide a physical address or indication of incorporation on their website. Ouch.
As for security, well, they're rather scant on details. A quick look over the PHP source code available from the site seems to indicate that you get redirected to a gateway under Centipaid's control - a standard mechanism for payments through Trusted Third Parties. But it would also seem (although I could be mistaken) that the communication between the merchant and Centipaid is not encrypted or authenticated (signed).
Without going into detail, any third party payment system that does not use a PKI and does not have secure communication between pair of parties can be attacked. In this case it is most likely that the merchant could be attacked. Nice for the purchaser, not so nice for the seller.
Besides this is the original claim that users can "exhange stamps online and many users can use one internet stamp until it runs out of funds". So this is really a debit facility (prepaid account) with a gimmick (a pretty picture ... oooh, aaah!). Your stamp is no more or less secure than a credit card -- you just have a better ability to limit your losses.
No, I wouldn't trust the security of this system...
It may be interesting to take a read over this Internet draft [ietf.org], written by the guy who appears to own/run Centipaid. The paragraph entitled "Electronic postage support" is especially interesting, as is this notice: "Adonis El Fakih has a patent pending that may relate to AMDP internet draft specifically to the work derived from draft-amdp-00.txt", after which some reference is made to non-discriminatory terms.
I'll let you draw your own conclusions...
Re:Horror story (Score:3, Insightful)
internetstamps an centipaid are the owned by the same companym adn are, they just present two different brands.
Getting to answer your questions.
1. Security and anonymity... It is secure there is no way for anyone to predict what an internet stamp is, the internetstamp itself is compsed of at least 7 different keys that need to coincide before it can be used for payment.
2. Anoymous.. yes although "right now" internetstamps.net knows who you are, that can be easily changed onces you can purchase internet stamps by methods that are not tracked i.e. cash, or other means. When it comes to the merchants, they never know who is making payment. Why? becuase they are not handed the stamps serial number at all, not even in ther monthly staments. they only get a receipt number for the transaction.
3. Are you sure that trends will be synsdicated, and my answer will yes be sure that they are not. I am as fed as anyone with being tracked when I make purchases, and the business model of centipaid is to make money from teh transactions and NOT from where people go. Most likely when the business matures there will be reports that say X% bought from thie merchant, but there will NEVER be report that says who bought what... I mean that is the whole point of the anonymous system..
4. the communication between the merchant and centipaid is dfeintly not encrypted becuase it does not need to.. The user never hands the internet stamp to the merchant, they pay centipaid using our gateway, and then the merhcnat receives a receipt number, which they autheticate with our servers to make sure a payment is made. Now if someone intercepts the receipt number,it is fine, since it does not indicate anything. Merchants who are are too paranoid wanting to encrypt their receipt numbers, can do that in future versions :)
5. Yes the internetstamp in a way is a debit facility. How can you make payments if you did not?? and yes it is designed to limit your losses. you got it that is the whole point. If you mess up and give your stamp to someone your losses are limited. Also each internet stamp comes with a proof of pruchase. It is never used in a pruchase, but in the event that you stamp has been compromised by an outsider, or you want to move funds, etc.. then this is the ultimate proof of you owning the stamp, since at the end the model allows for complete anonymity, not even centipaid willknow who you are if you purchase the stamp with cash.
6. Thanks for seeing the proposed document to ietf, and yes when I was working on the new mail application design, i realized that a reliable micropayment system will be requiered, and the design of the internet stamp technology came into to play, and internet stamps are designed to be used in scenarios where anonymity is key.
Now I am not sure what you mean with draw your conclusions. I have drawn one that you did not read much on the centipaid site, since many of these points are explained in detail.
I agrees withyou that interent stamps shoould have more information, and we will work on that..
In all cases I do appretiate your honesty and your feedback, and hope that I have answered some of your questions.
Best regards, Adonis
Who is Adonis El Fakih? (Score:5, Insightful)
The bottom of the Centipaid.com home page [centipaid.com] says, "2002 c Copyright Centipaid.com, Adonis El Fakih." Is this person "Adonis the faker"? Is this an elaborate joke?
The Centipaid.com Contact Us [centipaid.com] page does not list a telephone number, only an address, email addresses, and fax numbers. Would you trust your business to someone who won't give you a telephone number?
Centipaid.com depends entirely on another company, InternetStamps.net [internetstamps.net].
The InternetStamps.net web site doesn't seem finished. At present, the Shipping & Returns [internetstamps.net] page says, "Put here your Shipping & Returns information."
The bottom of the InternetStamps.net page says, "1580 requests since Wednesday 27 November, 2002". These people are not good at marketing. If they were, they would explain their service better.
The bottom of the InternetStamps.net page also says, "Copyright c 2002 osCommerce Powered by osCommerce". What is osCommerce? Yes, I can guess, but I would like to be told definitively.
Whoever Adonis El Fakih is, English does not seem to be his first language. The Services [centipaid.com] page says, "For example you can decide to charge 1 cent to grant access for one day to one section of your site, and , while another area will be 10 cents for a week."
What is "and
Why the very long page load times?
Re:Who is Adonis El Fakih? (Score:3, Insightful)
Hmm, the osCommerce is an Anchor tag, with a URI. Clicking on it leads to what appears to be the osCommerce website. [oscommerce.com] There's a forum section with (apparently) a few thousand posts.
Anything's possible in the world wide web, but I note that three of the nine "people" stamps are Lebanese celebrities, and the U.S. celebrity stamp is J.F.Kennedy, one of our less obnoxious presidents. My Arabic is skimpy, but Google has 1,500 hits for the surname "el Fakih."
Mr. El Fakih's sloppiness is self-destructive. (Score:2)
See my comment #5216889 [slashdot.org] below.
Mr. El Fakih's sloppiness is self-destructive. My comment has nothing to do with whether he is a nice guy. His success will depend on whether he is excellent at communicating his message.
Re:Who is Adonis El Fakih? (Score:1)
Re:Who is Adonis El Fakih? (Score:2, Informative)
Fortuanatly I have been in many places, and thanks to google I can be easily tracked.
A little about me??
I founded ayna.com the first arabic internet guide (still kicking), developed the algorithms for the search, and just did everythig in it.
I also worked in genral dynamics, and oracle corporation as senior principal consultant in the advnaced technology solutions division.
What got me down this road was the unrelenting spam that I had to deal with on ayna.com. I get over 250,000 messages a day, 90% of it is spam. We spend most of time and money just fending off spam attacks in all of theur variations. So I sat down early 2002 and designed a complete mail system from the ground up that is not prone to spam attacks, and that lead to the internet stamps, which prompted me to adapt for online payments when I found out that it will be impossible for me to keep ayna.com alive forever if it does not generate revenues, and at the same time no one will be willing to pay 10 or 30/month to simply access an internet directory, but they are willing to pay .005 for few days, and that is how eveything started :))) And now with over 1 million using ayna, I can actually reposition that portal to stand on its feet generating its own revenue.
And here we are chatting about who am I? :)
Again thanks to all for th wonderfull opportunity yo discuss these issues...
Adonis
Philately (Score:2, Interesting)
Re:Who is Adonis El Fakih? (Score:1)
No it is not a joke, it is just left over text that I inserted when developing the site.
centipaid and intenrtstamps are the same company but different brands, since each one deals with different part of the payment system.
You are right the internetstamps site needs more info, but our focus is on putting a copmrehesive set of information on centipaid.
And you are also right, my first language is not english we are not all blessed to speak/write three languages :)
I am not being mean, but when you pick on little things like this it hurts :(
But no hard feelings I get that a lot :)
Adonis
Ignore those pretending to be superior... (Score:2)
Adonis,
Everything I said still stands. Ignore those pretending to be superior by sympathizing. Do you see that I am helping you by showing you the reaction you will get from visitors?
Your sites are sloppy. Everyone makes mistakes of this sort. However, you didn't hire an editor to find them.
Marketing is trying to create a connection between your companies and the outside world. You aren't doing that successfully.
You said, "when you pick on little things like this it hurts". That is an unprofessional reaction. Do you want to be successful or do you want to have realistic criticism?
By being sloppy, you are destroying your own chances.
Everyone wants some scheme like this to succeed. We need micropayments. You seem technically competent, but ignorant about how to become an important public figure, as you will be if your companies succeed.
Re:Solution to eliminating spam? (Score:2, Informative)
The model assumes that each domain name has a public mail policy. the mail policy will set the postage for the domain based on the mail category. If anyone wants to mail that domain then they need to pay, or the message is denied.
I submited a proposal to ietf, but since it is in draft mode, it can not be used for reference, and if people are interested in this please let me know. I can give you access to the source code of the demo implementation that make this possible based on the designed model.
Thanks, Adonis
Dead on Arrival (Score:1, Insightful)
Re:Dead on Arrival (Score:2, Informative)
I beg to differ. As a website owner, I do not generate enough funds to keep my sites kicking. We all pay to get online, but once we are online we want everything free, which is a good thing, but at the end good websites without major funding will have to close if they do not generate some kind of revenue.
I mean look at slashdot. they are managed by a big company and still charge you for accessing their site. the trick is to charge users "reasonable" fees that are not too high that makes no sense paying them.
For example, how much would you pay to access slashdot??? If you are able to put a price, then we do not have a DOA... instead you see my point, everything has a price, but it may not be 30 dollars a month, maybe it is 50 cents per week? or 1 cent a day... everything has a price.
If it continues to be DOA i will need to bring my first aid kit next time around :)
Best regards, adonis
Re:Dead on Arrival (Score:2)
Likewise, the creator of digitalblasphemy has also managed to live off of subscriptions to the web site with his art.
The idea is by no means DOA; there are many who will pay for content of extraordinary quality. (Slashdot, no).
Re:Dead on Arrival (Score:1)