The Internet is mostly tax free, but now we must pay the Black Hat Tax, Auren Hoffman:
Most consumer Internet sites today have an inherent tax of about 25% on them due to scamming, phishing, hacking, and government requests. That 25% is based on time and mind-share. And the 25% is only going to get worse. This is troubling.
After surveying most of the dating sites, I have found that one of their top three issues is fraud. A frequent scam is to contact an unsuspecting middle-age man from a profile of a good looking woman saying "my husband is beating me here in Moscow, please send $2000 so I can buy a plane ticket and escape." The unsuspecting chap sends the money only to never hear from the person again. Apparently there are scam factories in the Philippines and other places that have thousands of people, paid on 50% commission, working to scam unsuspecting dupes in this way. And one success a month is $1000/mo which compares well to many countries where the avg salary might only be $200/mo.
And this is in addition to people actually hacking into your site. That is a whole other cat-and-mouse game.
James thinks the Black Hat Tax is 25% for most consumer Internet companies right now (with some approaching 40%). I think that is a fair assessment. That means that 25% of your engineering time and 25% of your management team is about preventing fraud. That is a really onerous tax. And James believes this is even getting worse.
Another strain on time is government requests. I talked to an IT person at a social network that was consumed for three days with a government request for information on someone promoting pedophilia. Not only did this person have to get a bunch of information to the federal authorities, but then he had to ensure that the information was backed-up and cannot be erased for at least three years. not to mention that the work was disgusting as the person had to sift through some horrible pictures.
The nefarious characters are getting more sophisticated too. And while thousands of sites are working feverishly to implement best security practices, the bad guys only need to find one hole.
So while my originally point (that launching a consumer internet company is really easy) is still correct, maintaining that site over time is becoming increasingly difficult. More and more mind-share from the engineering team and the executives are going to thwart the bad guys than to actually improve the offering.
This is a really big problem. Really big. The Black Hat Tax is costing consumer Internet companies Billions and billions of dollars. And it is a much higher percentage tax than off-line brick-and-mortar shops invest in security and anti-fraud matters.
These Black Hat Tax metrics are useful to planning security initiatives and investments. Based on my earlier report of a large bank going from 750k/month in phishing to zero (so far...) through 2 factor authN, numbers are leading the way. Security and risk metrics give a rational way to assess tradeoffs, and is fundamental to risk management.