Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Literally Random Pricing on Thawte Certs Right Now?
19 points by zellunit on April 14, 2009 | hide | past | favorite | 12 comments
Thawte.com for SSL certificates is either going haywire or is split testing prices as we speak. Literally, in the same 30 seconds, I was able to see a multitude if different price-points and claimed 'XXX off' discounts.

See these pics:

http://picpaste.com/high.png http://picpaste.com/lowest-low.png http://picpaste.com/lowest.png

Or check it our for yourself:

https://www.thawte.com/ssl-digital-certificates/buy-ssl-certificates/index.html?click=main-nav-buy

Anyone get an even cheaper rate?



Amazon did that at some point. If done discreetly and the public doesn't know that you are doing it, it is the simplest way to determine the price that maximizes the revenue. You may end up with a higher price and lower sales count, but still the higher revenue.

Pretty damn interesting actually.


And yet they're all still outlandishly expensive. Why even bother shopping at Thawte? They've been an irrelevant division of Verisign (the company with perhaps the worst customer service in the history of bad customer service) for many years.


Their compatilbity is superb. e.g. they work on windows mobile phones (which I cared about at the time) and very few other certs do.

Also they seem to have good customer service - they called to ask if my cert installtion was successful. Didn't try to upsell, so I was impressed with that.


It's cheaper than the certs at Verisign. Where do you buy your SSL certificates?


Everybody is cheaper than Verisign. There are dozens of SSL certificate providers recognized by browsers. GeoTrust and their many resellers, RapidSSL, etc. GoDaddy resells for a couple of different SSL providers, and they offer a chained certificate for practically free. It's what we use, and we've never had anyone hesitate to shop with us (chained certificates have a slightly longer chain of trust, since you've got a third party in the chain...but no big deal...nobody understands how that works, anyway, and the browser doesn't complain about it as long as you configure the server correctly).


GeoTrust because I don't really care about certification of anything other than domain control; you get your certs fast (so long as you have your email address in the whois) and you can get deals depending on which reseller you go through.


RapidSSL


Of course - if the prices were pseudorandom, you could execute a middleman-in-the-middle attack.


Awesome.


I tried with a FF3 on OSX and then in a VM with IE8 - got two different prices.


Probably the User Agent doesn't really matter if they are bucket testing prices (or if it's glitching).


A good A/B test is often "sticky" (usually using cookies); once you're in a certain bucket, you stay in that bucket. So a different browser could conceivably make a difference.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: