Each time someone signs up on Prav, the app asks for a phone number and sends a verification code (OTP) as SMS. The user has to type the code into the app to complete the registration.
The Prav signup API recently faced an attack from bots. Bots would come and request an SMS OTP to sign up to Prav, but never complete the registration. These requests were coming from numbers registered in Myamar, Ukraine and Namibia. SMS costs vary by provider and region. The cost for sending OTPs to India via Twilio is around $0.08 (₹8), whereas each OTP to the aforementioned countries cost us something in the range of 0.12 to 0.41 dollars (₹11 to ₹39.5 rupees). Combined with the spate of requests, this drove our bill up by ₹10,000 within a single week!
Being able to sign up with just an SMS OTP is a crucial aspect of Prav and Quicksy that makes joining XMPP a familiar and simple experience to a lot of people. However, this feature costs money. We spend an average of 20 USD (2000 rupees) every month to send SMS OTPs via Twilio. The actual amount depends on the actual number of SMSes we send every month: one for every time a user signs up to Prav or signs in again from a new device.
Though we hope to be able to pay for this from user subscriptions after we declare our service as stable, we currently rely on donations from people like you. SMS costs are about 70 rupees a day or about 500 per week on average, which is about the price of a medium pizza.
Would you be able to sponsor our SMS costs for a day or a week?
Prav CEO Ravi has been footing the bills for SMS fees from his own pocket, with the expectation that we will be able to reimburse him once we raise funds. To reimburse Ravi for the nine months of invoices he already paid, we have to raise at least ₹18,000 (that’s a lot of pizzas!).
We also need to have funds to pay for future SMS costs to avoid interruptions and not put unreasonable financial pressure on any single community member. You can donate specifically to our Hosting and SMS fund. RazorPay would be a good option if you are from India and Open Collective if you are from outside India.
Even if you are unable to contribute financially we hope you will share this widely so other people can see and contribute financially. Prav don’t have huge corporate backing or funds, so it can sustain itself only if the community feels a sense of ownership and takes responsibility. Community ownership is going to be legally enforceable once we complete the registration as a Multi State Cooperative Society. We already have finalized our bye-laws and are currently in hte process of collecting the required ID copies from 100 members who showed interest to be an official member of the cooperative. If you know of other people who would be interested in signing up to be a cooperative member, please direct them to our membership page.
Some privacy conscious people may dislike the phone number requirement to sign up to Prav and wonder whether why we shouldn’t drop the SMS requirement altogether. However, if we are to reach out to a large number of people outside tech circles who are not yet on XMPP, then this is an essential compromise. Since Prav is fully interoperable with other XMPP services, people who don’t want to share their phone numbers always have the option to choose some other XMPP provider without losing contact with Prav users.
Regarding our high bills caused by bot signups, we have requested Twilio to refund this amount if possible, but we don’t know if they can do it or not. We have also increased our fraud protection level in our SMS provider Twilio to avoid such huge bills in the future: several requests from Myanmar and other places have already been blocked, according to the Twilio dashboard. We don’t want to lock out legitimate users from those countries, so if you are a human but are unable to receive the signup OTP, please contact us so we can let you in. If you are not sure if you are a human or not, one easy way to find out is to check if you are able to eat pizza.
