I created an account with Hetzner earlier this year, and confirmed my Credit Card with them, but a few second later, they auto-suspended my account before I could log in.
I emailed support, and they bluntly told me to create a new account and this time use real information... Needless to say, I bought compute elsewhere.
I think this might be a cultural thing. HN, SV, and the market for IaaS/SaaS products is a bit of an American monoculture, where "the customer is always right" and there's a strong desire to make the customer happy. I think this is mostly a good thing and especially a good way to build early stage companies, but in my experience it's less present elsewhere.
In some places companies are happy doing their own thing, don't need every customer, don't need to be everything to every customer, and won't fight for business in the same way. Does that limit them? Maybe? But I suspect not enough to be a problem most of the time.
I'm not advocating for anyone being a nasty person, but there are significant cultural differences again for what it means to be rude. In Japan the cultural expectation is that saying "no" is rude in a customer service situation, which is far beyond the expectations of most of the world. This is particularly tricky when the answer is actually "no".
If you're used to American customer service, you may find European customer service to be blunt or curt, and many people would perceive that as rude even though it is not intended that way. Again, if they aren't trying to win every customer, this isn't really a problem.
>This is particularly tricky when the answer is actually "no".
If the answer is actually "no", then the customer service person will tell you it's "a little difficult". You're supposed to understand that that means "no, we can't do it". Of course, many foreigners don't get this, so then they'll change gears and just say "it's impossible".
>If you're used to American customer service, you may find European customer service to be blunt or curt
I don't see accusing your customer of fraud as simple bluntness or curtness.
>Again, if they aren't trying to win every customer, this isn't really a problem.
If they don't want to expand their business outside of Europe, I guess that approach is OK.
Without reading the actual wording sent, and knowing which culture the sender was from, this is all just speculation. I'm more interested in challenging the assumptions that we have about our own expectations in customer service being universal. From the rest of this thread it sounds like there is a commonly held opinion that Hetzner customer service is blunt, and my point is that that may be fine and maybe customers should not expect to be treated in a particular way all the time.
Since I wasn't there I can't say what happened. Can be a language thing too, I can imagine that the intended meaning would be "Try again, making sure you spell everything exactly as the data on the card" but it came out as "Try again with the real info". In germany the English language is very optional, it's not needed for any media consumtion since everything is being dubbed and/or translated. This leads to less experience using the language.
> It's not a cultural thing to accuse customers of committing fraud their first interaction.
In my experience a lot of German businesses are like that, they'll woosh you away for any slight (perceived or real). So it is definitely a cultural thing. Of course my small sample doesn't mean anything in regards to german culture, but at the very least it proves that this corporate culture is indeed a thing.
If that ticked you off, Hetzner support would tick you off even more. Within ~45 minutes of opening a ticket, you get an actual engineer to look into your case, and they are constantly blunt and semi-irate both because of the German work culture and the nature of network/hardware engineering I guess. They fix your stuff fast, and they keep being short, blunt and concise while doing it. No "I'm sorry to hear..." or "Thank you for contacting us with..." blahblah like in the US. All business, no fluff.
Aside from knowing their sh*t and being available at short notice, you'll get along very well after you learn how to communicate with them. By being concise, precise, and blunt of course...
Hahaha, I promise you it is. Not saying that's a good thing, but.
If this is exactly what they said it was probably either language barrier, like mis translation of "try again, making sure it's all spelt correctly" OR just that you really did use fake information, in which case here, folks will just say that. You can get told off for not saying please when ordering coffee, I like it but can understand how anyone conditioned to american customer service would be horrified.
Really? In France you're treated most of the time as a potential fraudster first, then maybe when planet aligns as customer in some services like train, tramway, post, banks (the state mandates to justify things like moving and using your own money you already paid taxes on) and various administrations.
> where "the customer is always right" and there's a strong desire to make the customer happy
It’s definitely a culture shock for people from these cultures to encounter businesses who reject their business, whether it’s deemed risky or not worthwhile.
It was eye opening to me to spend time working with cultures where I had to convince businesses to deal with me rather than the other way around. Some people get extremely offended when businesses don’t bend over backward for them, but that’s not going to work when you encounter cultures who operate differently.
It's just German bureaucracy. When I wanted to register domains with Hetzner few years back, they asked me to print multiple pages of forms and contract, fill out, sign and... fax it back.
FAANG has exactly the same behavior. When you have billions of users and no customer support, no one cares about the customer being right.
Last month I tried to create an Instagram account, I kept being instabanned on 5 different devices with different IPs. No recourse possible. HN is full of horror stories like this.
I was customer for 10 years, but for business I needed a second account. Banned immediately even after I submitted a passport copy. Worked after contacting their support. Still happy customer (with both accounts). I think they're just very strict and get their (un)fair share of stolen credit card or stolen identity signups.
It's always a balance between how much fraud you allow and how many real customers you reject. They set their threshold at an interesting level, but maybe they're happy with that choice.
You're right. But unfortunately this mindset moves us closer and closer to having algorithms exclude people from society and life. And as the stories already told here show, it can happen to any of us for no apparent reason.
It's like, imagine a magic wand that, if waved, would make life a little better for 99% of society, but much worse for 1%. Would it be moral to wave that wand?
Well you got a human answering the support hotline.
I think that alone kinda nullifies the threat of an algorithm. The entire reason why they're such a massive problem is because Google et al. refuse to operate proper support hotlines to help people and even if they do have a support line (Facebook infamously doesn't have one and wants you to go through the courts to contact them), the support staff aren't actually equipped to help people beyond regurgitating canned support page links. You can't solve a malfunctioning algorithm with another algorithm or by forcing a human to behave like an algorithm.
It's not a big secret that the best way to get yourself in front of actual support if GAFAM screws you over is to complain about it on HN because this is where SREs lurk that can actually punt your requests through to people that can look into it.
Hetzner at least gave a direct answer to explain the reason.
The problem with this mindset (incredibly common in the US; much more so than in the European countries I've lived in, at least) isn't thinking probabilistically, and trying to determine the likelihood of a prospective customer being a fraudster. It's really just that there are only two possible outcomes: Yes and no.
Just by having a third option, most of the downsides of doing the evaluation incorrectly could be mitigated. Of course, that's generally much more expensive (and often uneconomical) than saying no, so it's usually not done.
I've been on the 1% side of things quite a few times due to having new credit and (presumably) various data brokers not knowing every detail about me yet, and the experience really, really sucks.
You're making choices like that every single day. Sometimes with reversed percentages. Even posting this message may be on average a tiny loss for the world. (It's meaningless in the end and burned some energy to give one person a mini dopamine boost)
There’s nothing particularly scary about “algorithms” making these choices since it’s just people at these companies choosing and implementing the algorithms. It wouldn’t get better if those humans weren’t allowed to use algorithms to make these choices since decisions.
What type of fraud exactly? You mean like stolen CCs? It feels very medieval as a financial trust system if every little vendor can’t trust payments, even when you pay up front? Like this is in some ways worse than cold hard cash. And then we pay VISA premium on top of that, for the convenience of being mistrusted..
If they pay up front then dispute, the company will suffer extra charges. With enough of reports, their payment processor fee% goes up and impacts all their payments.
Paying up front doesn't really mean much, because if the credit card info is stolen, the actual owner will report the transaction and it will be reversed.
Right but that sucks. So CC companies/banks are simply shifting risk from one side of the transaction to the other. Sure, as a consumer you don’t have to worry because you’ll get your money back. But if the merchant has to worry and reject customers who are “suspicious” to protect themselves then you’re back to square one, except more kafkaesque. That’s why I said cash is better.
I’d rather have $10 permanently lost for a month of VPS than being banned after 5 days setting it up because I’m traveling and my IP is “suspicious”. Which has happened to me.
Hetzner is actually worse. Current EU directives allow liability shift in online payment when the customer is authenticated via 3D Secure, meaning the risk is extremely low and the onus of proving the fraud is on the card owner. Yet Hetzner will not accept your money if your name doesn’t look correct for the country you are accessing from.
Did you sign up as a private individual or was it a company account? I think they are extremely strict with private accounts, especially outside of EU. Most individuals only get a few resources for a few bucks per month, which probably isn't worth the business at all.
I know a few people who use Hetzner, smaller EU registered companies, zero issues. Also extending limits is just one click and gets approved after a few minutes.
And I totally get why they have to be strict. Blocked IPs are becoming an epidemic, I stopped using Digital Ocean, because I always got bad IPs, that were blocked everywhere. Also Hetzner is suffering from that. People are renting servers for little money and do bad things with the 20 TB traffic they get.
Same with me a few years ago. Their support told me that they didn't want me as a customer. It was my first interaction with them. I swear I'm just a regular nerd with a credit card :D
A credit card? That... makes some sense, then. I'd be wary if anyone trying to pay with one of those as well; they're much too rare, and I've heard it's easy to unilaterally reverse charges.
Hetzner is a German company. Credit cards may be common in the USA, but they're not anywhere else.
They certainly are very common in much of Europe. Buying stuff on credit might be not that common but plenty of people have credit cards themselves (even of they are effectively used the same way as debit cards)
To be fair not sure if you comment is just sarcasm.. but I’ve never had any issues using a credit card on Hetzner or pretty much any other European company
Well yes, you go to court if you can't agree with the merchant on anything. They're the competent authority to settle disputes
When I pay for something, now the other party has the money, that's how money works. If I trust them that little, I should probably be using escrow but this costs extra and so it imo doesn't make sense to pay that fee for every transaction - as one does with this chargeback guarantee thing. Probabilistic societies where you're excluded based on bad odds or credit scores is what you get with that system (I've been on the losing end of that, not because I've ever had any debt (too little money) but precisely because they had no positive data because I never needed a loan, and so you can't pay for stuff in certain countries because they require a credit card)
I guess I assumed that consumer protection laws would mean people could reverse charges more easily than they can here in the US (which we can do easily, albeit as a cardholder benefit, not a matter of law). Interesting.
They're mainly designed to make it so you don't need to. If you buy something, it's going to work; and if it doesn't, the seller is required to make up for that.
I can only speak for Norway, but this doesn't normally mean reversing the charge. It's assumed that, if you bought an X, you wanted an X. So the seller is required to get you an X of good enough quality to actually do the job, and if that isn't what they were trying to sell... well, then they won't be in business for long.
Normally this means repairs or replacement, of course on the seller's bill.
The US seems much more geared to seeing every interaction as... I want to say 'combative'.
And to add to this, if the seller is unable to make the thing work as it's supposed to, either through repairs or replacements, they are of course obliged to give the customer their money back. But yeah, that's not the first resort.
You can still do chargebacks if you pay with a credit card from a German or other European bank (experience of course might vary but you can just switch to one that offers better customer service)
I signed up and immediately got banned because I was accessing through a VPN, which I think is a common problem others have had. I emailed them and their advice was to stop using a VPN and try again.
That seems fair to me though. If that ISP (whatever the WHOIS resolves to for your VPN) gets a high rate of fraudulent customers, how is Hetzner to know if you're the same fraudster again or a new customer? Especially if you share not just the ISP but even your IP address with someone... we also rate limit logins for example based on IP address. If you're coming from the same origin as an attacker, there's no way for me to tell who's who
Perhaps they could implement some way to do a 1-cent bank transfer from an account with a name which isn't on their fraud list, but as a simple step it seems pretty normal to use your regular internet connection (that ties the IP+timestamp combination to a real-world subscriber) and not some anonymity service
Although it would be nice if we could be anonymous on the web, when abuse traffic is involved (more than posting a comment on some forum as an anonymous source or something), I don't know how that'd be possible to reconcile
I get it, but you'll get a lost of false positives as well. My experience is that they also had slow customer service.
I don't want any business critical infra managed by a company willing to be that aggressive in blocking accounts, while also having slow customer service to resolve access issues.
I had a similar problem, followed by getting blocked for using an IP owned by a mobile telecom, followed by being unable to credit the account via a bank transfer. At each step trying to explain my situation to support.
Then it worked, and I've had no problems since. I'm concerned about them failing to charge my virtual debit card some month in the future and losing data, but it hasn't happened yet.
If there was anything else nearly as cheap, or if it wasn't for personal use, I probably would have given up and used another service.
Because they're so cheap they have to worry about spammers and other sorts of abuse. It's more cost effective for them to refuse dodgy-looking accounts.
The big question is, were you using real information or did you put in fake info?
They're still in business because they're cheap and pretty reliable. But being cheap means there are things you can't get with them but can with others. For example, you can't pre-pay for the entire year ahead of time.
You can actually pre-pay them. Under the transactions section in your account, it says:
“If you make advance payments by bank transfer to our bank account, the amount will be posted as a credit on your account. We will automatically deduct this credit on your account when we process future invoices.”
When I ordered a VPS at Netcup (a Hetzner alternative) they called me and asked me for the name of the hotel next to my place to check if I really lived at the address I provided. I guess that if i would have needed to look it up, that is, struggled a bit with the answer, they would have denied me as a customer.
Just today, a remote colleague mentioned staying at whatever hotel near the office. I had never heard of it: as a local, I don't tend to use the hotels here!
Seems like a really weird choice of question. Thinking of germans, a bakery seems more likely something they'd know of; perhaps a supermarket works more internationally (I'm sure there's exceptions to that as well). Maybe the distance in driving, cycling, or public transport minutes to surrounding cities could be a universal question to ask
If they can look it up then so can you! Maybe it filters out lazy scammers, but it doesn't sound like solid KYC to me.
In fact I don't feel like a hosting service should need to do this at all. If you pay your bills and aren't on the Stasi blacklist you should be good to go. I don't want or expect the likes of Hetzner to be responsible for policing.
As someone who runs mail servers, I wish they'd be MORE strict to stop the drive-by spammers. Every so often our servers get blocked because someone starts sending spam from a machine on the same netblock.
It might be good point-of-difference for some hosting service: have brutal KYC so your netblock is well regarded.
I wish these companies were forced to get the nationality of the person or the companies owners and be forced to assign them to IP address blocks which identifies these nationalities.
My home DNS server blocks all requests to .ru and .cn, but I can't do IP-address-block blocking because shady Chinese companies or individuals just need to rent some computing on AWS or DigitalOcean in order to become indistinguishable from American companies. And specially DigitalOcean seems to be the favorite platform for doing scams.
We're OK with having license plates attached to our cars, but not to be forced to expose our nationality to infrastructure providers? There's really no privacy-sensitive stuff which needs to be protected in that case.
Sure, it's not solid, but they knew I was a private customer, so what should they do? Do a request to a private credit bureau like the SCHUFA (like Equifax) to check if my provided details are valid?
It feels like it's a check to get a general feeling if things sound plausible. Like no Russian accent for a German name, some knowledge of the surroundings, a valid phone number.
I had the same thing, but this was a business address while I was working remotely and had no idea about the area. Told them as much on the phone while looking the answer up on Google Maps. They just accepted that and opened the account.
Had exactly the same experience. I even provided my real drivers license -- something I normally would never do. Didn't convince them I am a real human being that matches what's on the ID.
I never understood why people think so highly of Hetzner.
Drivers licence as a personal ID is not really a thing in Europe. It's accepted at some places, but either passport or your state provided ID-card is much preferred.
Very few Americans have personal ID so if they intend to do business in America, they should be prepared to accept drivers licenses.
Maybe they just don't want to sell to Americans, which is always allowed I guess, but setting up an American VPS provider and not accepting the standard American KYC verification methods would be a rather incompetent way of doing business. It'd be no different from doing business in Europe and only accepting drivers licenses and not accepting passports/ID cards for identity verification.
In the US, DL works as an ID for almost anything other than voting in an election. You can fly to almost any US territory with that plastic card. And it is state-provided ID -- nobody questions that.
And we are talking about 300M people here, which is about 4 times the population for Germany.
If they hate US residents they should declare that clearly on their website, not wasting customers' (and their own) time.
But you don't just have one type of drivers license for 300M people, do you? As far as I'm aware each state has their own. So it's not 300M vs. 80M, but 80M vs. 50x 6M people (incredibly simplified and wrong numbers, but you get the gist). Far more effort to verify each document.
That would still exclude non-driving customers, which means allowing at least one additional form of ID per state - suddenly you have to support at least 100 IDs for US customers, while German customers have exactly 1.
Not sure how you arrive at them "hating US residents", that's a weird conclusion to get to.
Contrary to the belief of a lot of Americans, just because it works in the US doesn't mean it works elsewhere. In the rest of the world a driver's license is used for proving your right to drive and we have a thing called passports for proving your identity. Hetzner isn't an American company so why should they accept American drivers licenses?
Were you using your real information when you signed up? Were you using a disposable / privacy-first credit card? Did you try to obscure your name or register from a VPN? You're very upset at them accusing you of abuse or fraud, but you haven't actually made it clear whether any of the signals you provided them when signing up were aligned with what they'd usually see from abusive or fraudulent users.
This was between 2000-2010, but when I ran a linux consulting+hosting business our "provision a VPS with a credit card" was where we experienced the largest amount of fraud, by probably 100x. Certainly well over 10x. Might be why Hetzner was touchy?
You're leaving out a crucial detail: did they just assume your real information was incorrect because the name is unusual or something, or did you actually provide incorrect information?
I'm not sure what was your concern - Hetzner is obliged by law to make sure their signing up a real person or a company and that their servers are not used for malicious intent.
It's pretty obvious what the concern is, no? Hetzner's process seems to be blocking real people with no malicious intent (myself included) from creating accounts, even when we try to provide proof. Obviously this means we end up using a different provider instead. Though in my experience attempting to do business in Germany, this kind of forbidden-by-default perspective is quite common there, so they probably don't see it as a concern, I guess.
A credit card is “low trust” confirmation of identity. Usually for this kind of services, you also have to submit your ID for verification. Perhaps you’re based in a country where this is not possible so they didn’t ask upfront?
Either way, it’s their process so you’re of course welcome to go elsewhere if you want. I don’t see it as a “bad thing” for companies to require some level of trust.
I'm based in the UK where we all have credit cards. I also did give them my ID - which is NOT typical for other hosting providers, actually, but I'm happy to provide it - but that still didn't satisfy them.
Yes, Germany is an extremely low-trust society masquerading as a high-trust society.
Herzner get flack because they are probably the only German entity that the average HN user has dealings with. Anyone who has had exposure to German bureaucracy will recognise the hostility.
The strange thing is that the same thing is happening in the US. A story of someone’s Google, PayPal, Instagram etc account getting banned for no reason gets posted every day. Customer service means posting on social media and hoping it gets enough traction. Hell, I can’t even buy anything at Walmart online because they cancel every order because of suspicious activity, even though I ordered there before with the same payment method and address. I think a lot of people have a strong sense of entitlement and blame things such as this on the foreignness of the entity (in this case Hetzner).
Always felt like they were in the business of blaming and hating their customers. Cloud providers that nitpick and judge every aspect of their customers’ business details and technicalities are a huge operational risk. This archaic practice is the reason generic cloud orchestration was a must, and it’s just not needed anymore.
I don’t care how cheap they are. You get what you pay for.
OTOH there is Azure where a very sophisticated Twillio phishing service was hosted. When reported to abuse Microsoft replied they were a valid customer. A week later it finally came down.
I mean your transaction probably got flagged as fraudulent (like if your postal code didn't match your card), it's not that mysterious.
I think most online operators that have "spend $3 with us" tiers have to be super vigilant about card transactions, and when you fall into the cracks you're a bit SOL.
What led you to assume that GP misrepresented their identity? The way I read the comment - they put their real info but was accused of putting fake info.
I emailed support, and they bluntly told me to create a new account and this time use real information... Needless to say, I bought compute elsewhere.
I don't know how they're still in business.