On Mar 4, 2024, at 14:28, Scott Wheeler <scott@directededge.com> wrote: > it’s kind of redonkulous that there’s not an auto-recharge option. There are some who consider automatic renewal or recharge to be evil. I am not going to argue either way for any particular service, but I want to point out that this is one of those trade-offs that need to be made, often with no “right” answer. Other design decisions affect trade-offs between data confidentiality and data availability are similar. There is no single perfect balance that will work for all users. There are only “least bad” answers for a particular system. There is also a whole lot of overhead to holding on to payment information. Tarsnap systems seem to be set up so that there is little value to an attacker to try to compromise the servers. That makes defending the servers against attack much easier. In another context about a different service, I called this the “Principle of Cowardice”: Don’t hold on to something an attacker might want. Personally, I feel that Tarsnap has made the better choices. But I also would advise that these sorts of things are occasionally reviewed as the user-base changes. Still, I am extremely sympathetic to focusing on the core service instead of having to build, maintain, and protect systems that store secrets needed for payment. Cheers, -j
Attachment:
smime.p7s
Description: S/MIME cryptographic signature