The same position is true for UK and EU as for USA: a firm handling money can't accept it unless they've done anti-money laundering checks. This includes e.g. identity checking, and checking both sender and sometimes also recipient for criminal associations.

That doesn't seem entirely clear.

For example, Seafile could have said "Files are accessible only to one customer. It is of course possible to share passwords. However, we use geoip to monitor the number of locations used by each customer, and take appropriate action when a customer's set is oddly large. This should effectively block the use of Seafile for piracy." Perhaps Paypal would have said no, but perhaps yes.

I don't agree that Seafile should be under any obligation to do that. If customers want to share files, let them. Storage services shouldn't ever look at what the files contain or their metadata.

edit: looks like paypal openly states it won't process for file sharing services who don't monitor content. I guess most services that don't have a high dispute rate...

Last year I saw a customer (not at Seafile) who accessed our (paid) service from 20 different countries on the same day. Do you think that customer travelled to all those countries on that day? Do you think we were wrong to look for such globetrotting customers? Do you think we were wrong, or Seafile would be wrong, to look for customers who share their account with their hundred best friends?

Yes, you were, of course, it's none of your damn business what your customers use your product for as long as they pay for it and it's not obviously illegal. If you are concerned about resource usage, limit the resources that you sell per account, and then enforce that limit if you like, but don't stick your nose into other people's lives.

And I must say I find it particularly strange that you seem to find it somehow impossible how someone could use an internet service from 20 countries in one day. I mean, it's the internet, right? A computer on every continent is only a few mouse clicks away. And international teams, either of freelancers, or of employees of a company, working together on projects, isn't exactly unusual either.

How can it be "not obviously illegal" if you're not checking. Side note, piracy is illegal in a lot of countries.

If my account was accessed from 20 different countries in a day you can be damn well sure I'd want to be given a heads up too, as it's likely my account has been compromised.

> How can it be "not obviously illegal" if you're not checking. Side note, piracy is illegal in a lot of countries.

How could something be obvious if you have to check? Lots of stuff you can do in an appartment is illegal, too. That's still no reason for a landlord to install cameras to check. It's just none of their damn business.

It's obvious if a potential customer asks whether your service is good for warez hosting, or if a potential tenant ask whether your appartment is well-suited for getting rid of bodies. Anything where you have to violate their privacy in order to find out just is not obvious, and it's not your job to monitor people's private lives for possible illegal activity (and it is highly unethical to do so--it's what totalitarian regimes do, read up on the GDR's Stasi if you want to know what living in such a society is like).

> If my account was accessed from 20 different countries in a day you can be damn well sure I'd want to be given a heads up too, as it's likely my account has been compromised.

If you want to monitor your own account (or want to have someone, like the hoster, monitor it for you), feel free. It's still none of the hoster's business to investigate it any further without your explicit instruction to do so.

A streaming service, actually, and one which doesn't sell to teams. The T&C prohibit giving anyone the password, with an exception for household members, so concurrent use from 20 countries stretches credulity.

It could be a single customer, Tor, proxies, etc exist. Further analysis of usage patterns could rule this out (with very high probability) though.

As for 'were you wrong', no, not if you ruled out the above. That doesn't make it something that you should have to do though.

It depends. If the purpose is to prevent access to customer data not authorized by the customer then it's ok. If you do it to further the interests of anyone other than your customer it's unethical.

Yes, you were wrong. Maybe the user was just lending the files to his/her best friends? Or some other kind of fair use... You can't just generalize that all file-sharing is illegal.

Fair use doesn't even enter the question. How do you know the customer didn't own the copyright on his files, and was well within his rights to share the files with anyone of his choosing?