Why I Stopped Using Ko-fi — and What I Subsequently Discovered

13 June 2026

Through the years, I have experimented with a variety of different ways to monetize this site, including Google Adsense and various affiliate programs, such as Amazon. The latter was a particularly notable failure. It took me a decade to reach the $10 minimum payment threshold. So, except for 2012, when trending interest in an upcoming British TV adaptation of one of James Herbert’s books enabled me to pay my hosting costs out of my Adsense earnings, the only way to keep the site online was to pay the hosting costs and domain registration fees out of my own pocket. But that’s okay. It’s my site. Nobody asked me to create it, or keep adding content, the site continues to exist thanks to my ongoing passion for horror (pun totally intended).

However, I know from the many emails I have received, from site visitors all over the world, my site has helped a lot of people searching for stories, reviews and information. So when I noticed some of the sites I visit have “Ko-fi,” “Buy Me a Coffee,” or similar donation buttons, I decided to add one to A Passion for Horror. It wasn’t an easy decision because I’m very independent and, to some extent, having a Ko-fi button on my site felt like begging; so I’ve never been entirely comfortable with its presence. Last week, I removed it and closed my Ko-fi account.

Looking through my emails, it seems I joined the Ko-fi platform in July 2024. So it appears I must have had a Ko-fi donation button on the site for almost two years. That surprised me. It doesn’t seem that long. During that time, three people sent tips via the Ko-fi platform. I was, and am, grateful for their support. However, collectively the tips were less than $20, which is slightly more than it costs me to pay the site hosting fees for a month. As I was never comfortable having the Ko-fi button appear on every page of the site, I decided to remove it.

After removing the Ko-fi button, the next step was to close the account. I hadn’t logged in for months, and, when I reached my Ko-fi dashboard, I noticed a small message highlighted in light blue, written in body text, and placed near the top of the page. The message informed me I had to confirm my country of residence to continue receiving donations.

When I read this easy-to-miss message, I checked the alerts section located at the top right-hand side of the dashboard, hoping to find more information. The only alerts were bog-standard platform news. Next, I checked my emails to see if Ko-fi had tried to let me know about this out of the blue need for information. Like the dashboard alerts, the only emails I’d received contained platform news.

This raised an important question: If the platform had been blocking donations, how long had it been doing so?

I also have to ask myself why this information suddenly became an issue. Bearing in mind many Ko-fi creators are digital nomads who travel from country to country—as I have done myself—providing such information may not always be possible. In the past I have lived in up to a dozen countries a year, without spending a single day in the country of my birth. Lots of digital nomads have similar lifestyles.

The important thing to note is, Ko-fi does not directly handle the donations. All payments are made via PayPal or Stripe, both of which have all relevant information about their customers. Ko-fi is only a middle-man. I question its need for anything more than an email address.

More importantly, on a security level, I have to wonder how safe people’s information is likely to be after it is submitted to the Ko-fi platform, especially in the light of a discovery I made while doing some subsequent research.

After I closed the account, I wanted to know if other users have had similar poor experiences with Ko-fi. I quickly discovered I am not alone. I also discovered, I got off easy. The worst that happened to me was (possibly) a few blocked donations. Poor communication on the part of Ko-fi had caused one YouTube creator’s earnings to be diverted to someone else’s PayPal account!

With most platforms, if users want to change their email address, or make any other account changes, the platform sends an email to the address it has on file, to let users know of the request and give them a chance to act if their account has been compromised. Not so in the case of YouTube creator Duchess Celestia. Someone changed her payment information, Ko-fi never let her know, and $781 in donations was funneled into a stranger’s PayPal account instead of hers.

One of the worst things about this story is Ko-fi tried to make out it was her own fault, stating she should have added two-factor authentication (2FA). But she hadn’t logged into the account for a long time, and Ko-fi failed to contact her when it added the option. How could she implement 2FA, when she didn’t know it was available?

If you want to get the full story, in her own words, Celestia shares her experience in the video below:

Based on my own experience and the situation detailed in Celestia’s video, I don’t think Ko-fi cares that much about its creators. I’ll never know how many people may have tried to offer support to my site (if any) only to find Ko-fi wouldn’t let them. It’s a pretty poor show for a platform with the slogan “Make Money doing what you love.” It’s even worse if there is a chance that “doing what you love” may be making money for somebody else instead.

~~~

Cookie	Duration	Description
VISITOR_INFO1_LIVE	6 months	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.

Cookie	Duration	Description
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
_pk_id.*	1 year 1 month	Matomo set this cookie to store a unique user ID.
_pk_ses.*	1 hour	Matomo set this cookie to store a unique session ID for gathering information on how the users use the website.

Cookie	Duration	Description
__Secure-ROLLOUT_TOKEN	6 months	YouTube sets this cookie to manage feature rollout and experimentation. It helps Google control which new features or interface changes are shown to users as part of testing and staged rollouts, ensuring consistent experience for a given user during an experiment.
__Secure-YEC	past	Description is currently not available.
__Secure-YNID	6 months	YouTube cookie used to protect user security and prevent fraud, especially during the login process.

Leave a Reply Cancel reply