cross-posted from: https://lemmy.world/post/27031457
CrowdSec “Community”
CrowdSec “Community” offering only gets worse and worse!
First, they had raised a paywall around querying details on IP addresses that triggered Alerts. Only 30 queries per week for the “Community”.
Now, they have extended that paywall to cover the whole Alerts feature! Only 500 alerts per month for the “Community”!
Enshitification meets cybersecurity!
Copied crowdsec reply from the mastodon thread:
tldr: OP misunderstood a bug/usererror as a new limiting policy
Hey Laurence from CrowdSec Support here.
We don’t store logs, so I assume you’re referring to alerts. Based on the screenshot you provided, the most likely reason you’re not seeing any alerts is that they may fall outside the currently selected date range. You can try clicking the magnifying glass icon next to the date picker to remove the filter, which should display all available alerts.
That said, there is a known issue we’re actively fixing—clicking on the date picker may trigger an error. If removing the filter doesn’t work, let me know, and once the fix is live, I’ll be happy to ping you so we can investigate further.
Regarding alert retention, the community tier has always had a limit—either 500 alerts or seven days, whichever comes first. With the new system, we now retain alerts for both the current and previous month, up to 500 per month, effectively doubling the total alert capacity to 1,000. If you’re primarily interested in real-time alerts, keep in mind that the CrowdSec console is designed for alert retention and ease of use, with additional features. Alternatively, for those who prefer a fully customized setup, we provide extensive documentation on integrating CrowdSec with Prometheus and Grafana for self-hosted monitoring.
I understand the frustration, and I appreciate the feedback. However, it’s important to consider that CrowdSec is built and maintained by a dedicated team of around 30 people. While open-source, over 95% of contributions come directly from our team, whether for the hub or various CrowdSec components. Ensuring the long-term sustainability of the project requires balancing free community access with the resources needed to maintain and improve the platform.
Happy to discuss more via email or on this thread, as we truly value feedback and want to ensure every voice is heard across various platforms.
Is this dude complaining that an offering he pays absolutely nothing for is reducing how much free stuff they give out? Seems quite entitled… like the people demanding opensource devs implement something and never contributing back.
At the same time crowdsec heavily benefits of the big free userbase since they ‘crowdsource’ their thread detection.
Personally, I don’t feel that analogy is a fair comparison.
Begging a dev for new features for free would definitely be entitlement, because it’s demanding more, but what OP is upset about is reduction in the service they already had.
I don’t think any free tier user of any service could have any right to be upset if new features were added only for paying customers, but changing the free tier level is different.
In my opinion, even if you aren’t paying for it, the free tier is a service level like any other. People make decisions about whether or not to use a service based on if the free tier covers their needs or not. Companies will absolutely try to upsell you to a higher tier and that’s cool, that’s business after all, but they shouldn’t mess around with what they already offered you.
When companies offer a really great free tier but then suddenly reduce what is on it, then in my opinion that’s a baiting strategy. They used a compelling offering to intentionally draw in a huge userbase (from which they benefit) and build up the popularity and market share of the service, and then chopped it to force users - who at this point may be embedded and find it difficult to switch - to pay.
So yeah, it doesn’t matter in my opinion that the tier is free. It’s still a change in what you were promised after the fact, and that’s not cool regardless of whether there is money involved or not.
Free tier is a baiting strategy. Period.
As an example: a company starts a free tier offering with no promises. It can sustain that because there are enough free users that convert into paying users - enough to sustain the free tier. But times change and the cost of free tier users surpasses that of paying users. Should the company continue providing the same level of service for free tier users?
Also, what other term than entitlement would you use for somebody gets something for free, is not promised that it will stay free forever, the free offering is cancelled or limited, and the user starts complaining?
To me there’s a major difference depending on the cost of the provided service. I don’t know what features crowdsec provides, but if it’s mostly providing lists and all the blocking etc happens locally, I don’t see how they lose much money on this free service. Gathering the lists is something they’d have to do anyway to service their paying customers.
If Cloudflare stopped making Cloudflare Tunnels free to use, I’d be more understanding since bandwidth costs them relevant amounts of money.
If it’s free - you’re the product
(not applicable to opensource or similar ofc)