cohost support

I'm making this suggestion in good faith, and I hope other commenters will follow suit.

I am not trying to put you on the spot, but encouraging you to talk to us about difficult topics we know you've discussed in private.

There are two specific questions I'd really appreciate to see @staff talk about in depth:

Stripe as a single point of failure & the aggressive anti-kink stance of Mastercard

Cohost's only current revenue stream hinges on Stripe's capriciousness. Stripe—and all payment processors—are notorious for being a faceless bureaucracy that will cut you off without warning, and won't even let you talk to a human after its algorithm kills your company.

Cohost currently allows most kinds of adult material, including all sorts of weird hard kinks that will make the normies freak out, but are victimless practices when they entail consenting adults. 

Mastercard is notorious for having a censorious stance about adult content, one less informed by morals than statistics about chargebacks. It casts a broad net that unfairly treats many sexual practices as unacceptable, without concern whether they are framed as fantasies about consenting adults.

--

A tour of Cohost's infosec practices

One thing I miss from Twitter is its locked alt account culture. Cohost supports private pages, but how can I trust they won't leak?

On Twitter locked alts, you see uncharitable petty venting, reclaimed slurs, personal photos with adult content — stuff you don't want to leak. Being discerning whom you allow to follow your priv greatly mitigates the risk of a leak. As much as Twitter has been a clown operation until the takeover, in general, an adversarial party had no way to read your priv.

I'd love to have a locked alt on Cohost, but how can I trust there won't be a data breach? Cohost is a young company, without much of a track record about security. Unfortunately, such a track record must be earned over years, by reacting properly to security incidents, or not having them in the first place.

Can Cohost hasten gaining our trust by showing us more of their security infrastructure?

I'm particularly interested in if there's any mitigations towards if Stripe or Mastercard decide to be, well, Stripe or Mastercard.

As far as security goes, that's a tougher one. I think a dose of transparency would be helpful to establishing that effort is made towards security (but nothing that would actually jeopardize that security, of course), but I don't think there's a shortcut to earning that track record - I think it's just gonna have to be earned and then kept through constant effort.

I guess in my mind, it doesn't help that I've heard companies make a big name for themselves on how secure they are, and then whoops, turns out they're not all that secure after all, hope you didn't use them, hahah... *cough lastpass cough*

yeah, as an adult artist who wants to make a living with that in the future, staff's stance on future possible problems with payment systems is very much to my interest. patreon is an exception to these companies because of their popularity, so porn mostly flies under the radar there, but places like pillowfort were dropped for this; there isn't many places for adult artists to reside.  

i love cohost and i want to place my bets on it, but i can't say i'm super reassured about my future on the site right now.

Integrating a single payment processing API like Stripe's is convenient for getting up and running, but eventually, multiple forms of payment are going to need to be integrated. For example, substar's adult side only allows certain kinds of payment methods because their more liberal stance toward kink content precludes them from using certain payment options. They're probably registered as merchants directly with the credit card companies rather than using a 3rd party API like Stripe, PayPal, etc., but IDK the internals there.

I would like to say, though, that I'd likely stop using the site if any form of cryptocurrency were to be implemented as a bespoke accepted payment method. I doubt the staff would do that though, their manifesto is pretty great.