What is your experience with Fly.io, and do you think it's okay for them to require your credit card information to use the free tier?

I’m looking for a service to host a (couple of) small Elixir application, and Fly.io looks interesting. However, they want your credit card information before you can use the free tier. I understand their reasoning, but it doesn’t sit right with me to supply them with that info since I’m not even a customer yet.

What are your preferred alternatives to Fly.io for free small VMs?

1 Like

This is a anti-spam method used by a lot of services nowadays, their scope is to avoid creation of fake accounts and abusing the free tier.


Agreed. It’s a necessity IMO. Waaaay too much free tier abuse happens on these platforms.


In limited interaction I found them to be responsive and pleasant even for my simple free tier instance.

1 Like

Agreed with the above. I’d also add that, even on their free tier, you are their customer. They almost certainly see it that way. The transaction isn’t monetary, but there’s still an exchange. What you receive is obvious, but what they receive is more difficult to quantify and an argument could be made that it’s a form of marketing. Just as you should be able to pick and choose which services you use, Fly should be able to perform basic checks before giving out services for free.

1 Like

I see your point, but this is a common approach. Also, to reverse the question, why should they trust a random guy to be able to signup and host whatever illegal stuff they want on their servers?

Some check is definitely needed, but in this case some is a keyword. Storing sensitive data that could leak is extremely bad in my opinion. They secure themself without providing anything in exchange. Some may say that that free tier is what they give, but this is only true in general. :thinking:

Since this is anti-spam method they protect not from creating a single account, but from creating multiple accounts. If we scale the problem down to 1 account it’s not a case anymore. Why scale down you may ask - that’s simple. When creating an account, the customer does not think about other ones, about hungry children in Africa and so on … :see_no_evil:

However when data would leak then all affected accounts would cause a huge problems. So to protect 1 company x number of customers needs to “pay” for that and this part is unfair. On the other side if credit card would not be a sensitive data, so it would not give an attacker anything after leak, the deal would be right. :+1:

That’s just a tip of the iceberg. The world would be much better if we would limit to above cases. Unfortunately unfair people have much more wider range of possibilities that normal customers at least do not use, if not known them at all. So let’s see an extreme edge case by example … :ice_cube:

When hearing about scam companies in news we hear often a scenario in which somebody pays small amount of money to homeless and they in exchange do some illegal things. If homeless can have a company (with some good, possible fake, profits at start) then they also need to have an bank account and later maybe they could have a credit. What stops the attackers from simple doing same for credit cards? :supervillain:

So here we do not have an anti-spam method, but spam-limiting method. How much it limits attackers? Depends if attacker is single or if attacker is a member of the bigger group. People living in extreme poverty, that “could die for a few cents”, is in the huge millions. Now what? Block credit cards from India because they have slums? :no_entry_sign:

So the deal is that services storing credit card numbers (talking in general, no bad feeling for Fly.io) protects itself from let’s call them … “teen scammers” and we take the risk in case those data would leak, giving another (possibly easier) area for attackers. So in practice every single customer in most cases simply takes all the risk on themself. :-1:

I’m not saying this solution is only bad, but it’s like adding a huge amount of antibiotics to the animal feed. In short term it’s a good thing protecting people from lots of diseases. However in long term it leads to creating the super bacteria that is resistant to all antibiotics. :microbe:

I am part of that power which eternally wills good and eternally works evil. :sweat_smile:

So I don’t want to force people to use this method or not, but to say that both sides are wrong and we should focus on creating an alternative rather than wasting time on biased criticism. If you worry about security you do not need to use it. If you want to help give an alternative that is worth for all sides. :handshake:

Hope it helps, cheers! :heart:

1 Like

Not sure we really need a thread on this tbh… the practice is fairly common on similar platforms now and so I guess you have to vote with your wallet/support on details like this, or if you feel really strongly about it contact their support team to let them know how you feel.

Be glad you’re not taking out a dedicated server, most of those companies require a copy of your passport :lol:

Feel free to start a dedicated thread for that topic… or check our some of our older threads: