Managing fraud and abuse of free products is a challenge that nearly every SaaS company contends with, but too often the perceived solution is to simply end free accounts. We’ve seen this happen time and again across the open-source ecosystem, most recently from Heroku, and we fear this comes at the detriment of the community.
We believe we’ve found a better way to solve this problem and are therefore committed to maintaining free PythonAnywhere accounts for the foreseeable future. Yes, this does cost us money and we do need to handle fraud and abuse, but over the 10 years we’ve been running we’ve found that the benefits to the community and to the service itself outweigh the costs.
How PythonAnywhere Free Accounts Work¶
Lots of people create free Python websites on PythonAnywhere, which is really cool. Some of these websites are active ones where people are hosting personal projects, completing academic tasks, etc., and people want to keep them running. This is awesome; we want people to do this and we’re happy to host this work for free indefinitely.
In terms of other use cases, some people may set up websites to try out new web frameworks. In these cases, they may not intend to keep the sites running forever. We’re glad to help people learn, and if they want to create throwaway accounts to do so, that’s fine too!
Each free account is able to host a web application (Flask, Django, or any other WSGI-based app), open two interactive consoles, and run a daily scheduled task on the base of a persistent file system. CPU usage is tracked and limited, largely to stop us from being overrun by crypto miners. On top of the free accounts, we provide free Python consoles on the front page of python.org, and an interface to directly execute GitHub gists. This does use resources, but is carefully balanced and sustainable.
How We Manage Fraudulent and Inactive Accounts¶
Sometimes bad actors set up fraudulent and abusive accounts – for example, phishing sites. Though it might be fair to say larger companies have probably experienced this problem at a greater level than we’ve seen it, we’ve found that the costs for identifying and taking down this kind of thing have been manageable, at least so far. The fact that we limit outbound Internet access for free accounts means that the opportunities for abuse are drastically limited. We’d love to offer unrestricted Internet access, but when we did so back in the early days, hackers had a field day – the internet access limitations for free accounts were the only way we could find to fix that.
Abandoned accounts – like the throwaway “I want to try out Flask” accounts we mentioned above – are a bit trickier, as we need to distinguish them from the free active accounts that people want and need. Back in 2016 we worked out what we think is an elegant solution. If you set up a free website, it will run for three months – but if you want to run it for longer, you just need to log in to our site and click a button to keep it running for another three months. There’s no need to pay – it’s still a free site – you just need to let us know that you haven’t abandoned it.
So websites that people actually want last forever, or at least until they are permanently abandoned. If you want to keep something up and running for free, you just need to click a button four times a year, which we think is a pretty low “price.” :-)
On top of that, if someone creates an account but doesn’t use it at all for a year, then we’ll email them (if they have a valid confirmed email address) to ask them to log in to keep it active. If they don’t, then a month later it gets deleted. This means that we don’t keep using up storage for accounts that people no longer want – and has the extra benefit of data sanitation. No one really wants their data hanging around in a system that they stopped using years ago – and it makes us a less tempting target for hackers, too.
Why We Believe Providing a Free Offering Is Valuable¶
When we started PythonAnywhere, we knew we wanted to offer a free tier. We wanted to give something back to our friends and family in the open-source community. PythonAnywhere exists today because of the innovations that came before us, made by open-source developers and engineers. Having the ability to provide today’s technology pioneers and enthusiasts with resources for experimenting with and exploring the next game-changing innovation inspires our team to keep going further and doing more.
And there are real business benefits, too. The feedback from our users – both those with free accounts and paid accounts – is what has driven the growth of our product from day one. Without it, PythonAnywhere would just be a Python console in a browser: technically interesting, but not very useful. Not to mention the fact that so many cool sites are out there with “.pythonanywhere.com” in the URL, which is advertising of the very best kind :-)
So, unless something changes drastically, we’re going to keep offering free accounts. All we need to know is that people want them.
Oh, and as our second-to-last blog post was about our having been recently acquired by Anaconda, Inc., we just wanted to finish off by saying that this blog post was a collaborative effort with our new colleagues. With the additional resources that the acquisition has brought us, we should be well-equipped to manage unforeseen challenges and security risks created by a greater number of fraudsters or bad actors.
Hopefully this is all reassuring! Do let us know in the comments below if you’ve got any questions.