Something very similar happened to me with Amazon. I used a new debit card from an online bank to purchase an expensive item and deliver it to a foreign address (which is admittedly suspicious). The payment bounced, Amazon immediately locked my account and requested to see a card billing statement sent to my home address to reactivate it. Upon login I am presented with a stern request for documentation, a pdf upload field, a tweet-sized text field for comments, and all communication comes from a email@example.com address. All my kindle/audible/etc media immediately became inaccessible.
I went through every possible channel to explain that the card does not send me a billing statement and I cannot possibly produce one, requesting to be called or at least emailed by a human, to no avail. After spending tens of thousands of dollars on Amazon over the course of fifteen years I couldn't even get a personal call from the case manager, and all my purchased media is gone.
To this day I have found no resolution, and the only next step is to contact them through a lawyer.
> and all my purchased media is gone
Stolen by Amazon. They have no incentive to get it back. Amazon hopes that you purchase it again.
Call the consumer protection services. Big tech companies are not the law, they cannot steal things from you. Even if you committed fraud in one transaction, they cannot take away your property. (Amazon will call it 'service', but accessing your property is not a service)
> Stolen by Amazon. They have no incentive to get it back. Amazon hopes that you purchase it again.
They are not the only company doing this in some ways. ISP's who provide a set top box for watching TV and downloading/streaming service to tv, do the same thing when you change you ISP. Its a form of lock in because whilst you can still get access to the purchased films, you have to jump through more hoops. Its all legal but I question the morality of it, when considering online piracy via torrent streams and then the "hacking" that companies have used to trace and prosecute the worst.
But I've learnt enough to know that everyone has their questionable practices to maximise profits/income, the lucky ones are the one's who would also be the expert witnesses in court or have been able to fly entirely the right side of the law.
There have been so many stories of users and developers losing libraries and livelyhood because they have been spurned from these "walled gardens."
The only real answer is to minimize our footprints in these closed places.
My current phone runs Lineage without a hint of Google. I keep an old Samsung for gmail and other services, but the death of "don't be evil" has meant the death of Google on my phone. They will never be back.
I have seen several people who sold on Amazon lose their accounts. I am not sure what provoked it, but the exchange is certainly not in favor of the smaller party.
And we all know what Ebay did.
I can't really say that any one abusive company's behavior is any worse. They are all tyrants with their "star chambers" and sundry courts of inquiry, and the less authority that you give them over you, the better your position will be.
We left this legal thinking behind long ago, but Apple (among others) has brought it back.
Which ISPs kill your purchased content when you leave?
At Comcast/Xfinity when you cancel all services your account still remains, and you can stream your purchased content the web or through their mobile streaming app when signed in on your account.
Well I wish that is true. But It isn't actually your property. You are only purchasing a perpetual right to use that item under the terms and condition. It is the sad state of things Silicon Valley decided ownership is no longer a thing and everything should be "service", so they gain the control of all asset management right.
There is some part of me that increasingly hate Silicon Valley.
> You are only purchasing a perpetual right to use that item under the terms and condition
To clarify for others: parent is not talking about subscriptions.
When you "buy" content on these platforms, they are not actually yours to take away for ever like a physical book. The software you consume them on e.g a Kindle or iTunes, is actually capable of remotely deleting "your" content at any time, and they are supposedly within their legal right to do so.
They have essentially hijacked the word "buy", it does not implicitly mean what it used to mean, you cannot really buy a copy of a piece of music or a book or a film from any of these large platforms today without removing the DRM and making a local copy (which is technically illegal).
If you pirate content it's gonna be yours forever no matter what.
So if you buy stuff and it's going to get taken away from you for arbitrary reasons... you might as well pirate stuff.
That's why whenever I buy a DRM-ed content like a book on my Kindle, I always download an un-DRM-ed copy from Librusec. If it's unavailable, I un-DRM it myself. This is for non-fiction where I'm likely to go back and read the book (or, more likely, its fragments) again, possibly many times. For fiction, I don't care that much - usually I read a fiction book once in a lifetime so if Amazon steals it from me or not it makes no difference. It's not like I can give it to someone like with a physical book.
Well you are not wrong, but pirating is not the answer but cracking. For example i regularly backup my Audible library and remove the DRM, not to redistribute them, but in the case Amazon closes the Audible-brand, change the Apps i can access my library, delete some of them etc (we all know what can happen and did in the past).
Same with games, if possible i buy them from HumbleBundle or GOG. And i never buy something that is bound to a platform that i really care for.
> you might as well pirate stuff
I want big corporations to abide to the law. To pirate is a patch that does not solve the problem. Let's fix that corporations do whatever they want with your digital property.
I want to buy digital movies, games, music, ... without being at the mercy of some algorithm that can automatically steal what is mine.
Audible books can be bought without a subscription, downloaded in an encrypted format, then decrypted by a FOSS tool (such as Libation).
It's roundabout, but at least for audiobooks there is a way to own what you want to listen to and still support the creators.
That’s why I don’t pirate stuff. I don’t want to hoard it and keep it. I just want to use it once and be done with it.
The only exception is content I create.
With a couple of minor exceptions that works well for me.
Historically i hoarded content and ended up with 2TB of crap I was never going to watch again. So I deleted it and now don’t have to herd hard discs.
But you don't buy property anymore. You are licensed to use it under various T&C. The age of property is gone. I wouldn't be surrised to see our fav OS(ios, macos, win etc) stop working once the cloud account is suspended. For your own safety you may not use a different account either. People traded their freedom rights for apparent convenience so I guess we get what we deserve.
I'm sure they have some small print stating that it's not actually yours.
Small print is not always legal.
This is why I pirate all my kindle books and keep them locally in epubs/mobis. You either have it or you don't.
The state can curb stomp the small print, just keep pointing out where it impacts people like we are doing right now
So might be a good idea if they refund him then.
Download logo’s, see how a statement would look, and create one yourself. Print it, fold it and make a photo. Always works for me when I am asked for a statement from a full digital service.
My energy provider used to perform an immediate change of address which would be visible on your latest downloadable PDF invoice. This allowed even people without the most basic computer skills to validate _any_ address.
Long story short, all those processes eventually depend on “proof” that is really easy to fabricate.
Dutch banks invented the iDin standard, some kind of oAuth with your bank that provides third parties with validated personal information, but it is not widely used and I am not aware of an international standard or initiative for this.
It's no wonder that ID fraud is so rampant in countries like the US and UK in comparison to countries like Norway that have a national ID service (BankID).
There is no way that my Norwegian bank would accept a utility bill as any kind of support of ID. Instead they send a letter to my registered address (national population register) with instructions to take it and my driving license or passport to the post office who will act as a notary and report to the bank that I am the person that the letter is addressed to.
From then on BankID (using a one time pad, SIM card, or code generator) can be used to log in to pretty much all banks and government services.
Norway is a bit unusual in the way it handles ID. In many parts of the world (including the US & U.K.) the idea of central government holding an accessible database of everyone’s identifies, and mandating participation, is cultural and political suicide.
We can argue all day about whether or not this is a good idea. But ultimately, it’s red lines we’ve drawn in the ground, and we’ve decided the trade off (such as identity theft) is worth it. In the U.K. at least, two World Wars have taught us to be wary of central government databases. We’ve seen how they can be abused people in power seeking to persecute part of a population, and even now we’re seeing it again with the U.K.s governments persecution of migrants.
At least in the U.K. there are clear and simple guidelines for undoing the damage caused by identity theft. If a bank account or loan was opened in your name, the bank has to close it and write off any losses, and they should compensate you for the trouble. If the mess you around, there’s a number of Ombudsmen and regulators filled with people waiting to take the financial organisation to task and make them really regret their obstinance (I’ve been on the receiving end of their wrath, it’s not much fun).
All of this creates very strong incentive for banks to prevent identity theft in the U.K. Unfortunately US consumer protection is lacking in comparison.
> There is no way that my Norwegian bank would accept a utility bill as any kind of support of ID.
It's not ID, it's proof of address, separate from proving identity afaik. Mtgox wanted to see ID, but because my ID doesn't say my address they also needed some somewhat official letter addressed to me on this address.
BankID with a digitally signed utility bill should be enough for AML/KYC. I was developing one fintech app recently and I never heard of this requirement.
As much as it might seem practically expedient, I'd advise not doing this.
I'm imagining a lawyer for the injured person hearing they resorted to fabricating evidence, lawyer looking sad or irritated, and telling the person there's nothing the lawyer can do for them now. At least not on the original problem, though now the person might have an additional problem.
>Dutch banks invented the iDin standard,
Oh this is genius! Why aren't others doing it? My guess is that Banks have no incentive to do so? After all Auth and validated personal information is not their business anyway?
Email firstname.lastname@example.org. It'll hit the exec support team (even though he's no longer CEO.)
It's aggressively monitored. Jeff himself used to forward prickly ones with a ? to relevant parties, but at the very least, better than front-line support.
I hate it when companies use an "open secret" for important things like support. They're telling customers "Screw you if you're not part of the secret club!". That behavior is fine when you're a child, but for a trillion dollar company to do it just sucks.
Knowing that email address exists makes me less likely to shop with Amazon, and any startup that considers copying it should think very seriously about whether they actually care about their customers. No one should have to email the CEO to fix a basic problem.
But it's not a support trick, it's a "the executive team doesn't want to look embarrassed."
Writing the executive team isn't some trick to get real support, it's something that people figured out you could do and that executives would give vague responses to in order to save face; having seen the end result of a "write the CEO", usually the executive response is just a vague "make this go away", and the "how" of that is left to the imagination of the reader.
Please understand that it's highly doubtful that there is any official policy on what to do with support emails received at the executive level; the end result is that the person who wrote the email gets what they want, but it's not because the executive put any thought into the actual situation, it's because they just wanted an annoying person to go away and wanted to avoid bad PR.
That's all this is, a quick cost-benefit analysis of "what does doing nothing cost me here?" for some executive. For each story you read where writing the executive helps, probably there are a dozen (if not far more) met with radio silence. I've seen customers write the CEO when they were flagrantly and intentionally violating our licensing policy in hopes that the CEO would change something. I've seen them write our product VP because the customer felt they were entitled to salary compensation for the duration while an issue they had with our product was investigated.
Writing the CEO isn't a way to get basic problems fixed, it's a gamble that your particular issue and the circumstances around it are a big enough PR problem that the normal channels of raising concerns aren't enough.
> any startup that considers copying it should think very seriously about whether they actually care about their customers.
Presumably if a startup is copying Amazon it's because of their track record of making money, not their track record of showing they love customers, for the same reason companies aren't copying Google to achieve a bespoke customized nature of services and how they feel tailored to the individual.
This also annoys me, and how people don't realize how fragile this solution is. But I think it's like moving your ssh daemon to a random high port: it doesn't change the nature of process, it doesn't provide any guarantees, and it's not the only/last thing you need to do, but it's believed to filter out enough problematic actors that it's worth doing, for both senders and receivers.
(But I get now your complaint isn't about that, and this isn't the best analogy. You're saying that this is a slap in the face to people who don't know that address; they shouldn't be likened to "attackers.")
No, they're telling customers: "If you're savvy enough to likely be able to sue us, we'll offer support."
The "open secret" approach is a high enough bar to filter out 99% of unprofitable support request, but a lower-tier than litigation. Most people will spend time with a search engine before shelling out for a lawyer.
You're thinking about this emotionally, rather than in terms of capitalism.
> Email email@example.com. It'll hit the exec support team (even though he's no longer CEO.)
I've emailed this address with problems about scammers and counterfeits on Amazon and never received replies.
That's not exactly support though is it, it's just that you don't like their business model. Counterfeits are like half of what they sell these days. Hell that's what amazon basics is.
as soon as this becomes common parlance, there'd be too high a volume and become yet another noisy channel.
This has already happened with "Steve's" email address at Apple, which used to be monitored but is now mostly ignored, I suspect because of the sheer volume of traffic.
I feel like this is extremely well known, at least 8 years ago I whined about the kindle case being shit (causing my screen to crack) and they reached out and got me a replacement
firstname.lastname@example.org was common knowledge almost a decade ago already.
How does that work with the emails he actually needs to receive from his own internal staff though? Having a separate email that he actually uses for daily work ("email@example.com")? I can't imagine having my customers and my colleagues bombard me at one email account and effectively staying on top of everything.
When he was actively CEO, he had an entire team devoted to sorting through those emails. They would filter the obvious spam and send the genuine customer complaints directly to him. Which usually led to the infamous question mark emails and a lot of people scrambling to resolve the issue and ensure it remained resolved. (The only time I've seen a question mark email have more than just question mark was when Jeff noticed this was a repeat problem from a previous question mark email.)
I think you'll find that quite a few senior execs don't actually handle their own email inbox. Just as they have an executive assistant to jealously guard their calendar and book all their meetings, someone is actively fielding their emails, dealing with the trivialities and junk, and only escalating the important stuf to the exec's attention.
Seems like a very simple email filter would do the job, for internal emails at least
ceo's at this level have teams of executive assistants that cover all communications 24x7x365, for personal, work, and government liason. You don't think they actually read their own emails do you?
I would filter emails by domain before they hit the exec's inbox.
Maybe aggressive filtering based on contacts or domain?
Anyone have one of these for FedEx? I found about 100+ @fedex.com email addresses for people at FedEx by scouring the web but not one of them worked.
Just trying to get my package...
(p.s. tried all the regular support channels)
What would be the same but for Paypal?
My country of nationality, residence, and issuing bank are all different. On top of that, my name is odd for my place of residence and contains characters outside of A-Z (which makes names not match 100% on cards)
I get hit hard by anti-fraud systems.
If I budget 1-2h for any given online purchase, I have <50% success rate with Paypal and ~75% with Stripe. If I contact the bank and merchant, the issue is always with the payment processor. Trying to resolve through the payment processor goes nowhere. The only thing that can work is try again with another of my 6 legit cards (mix of visa/Mac debit/credit) and if I’m lucky it goes through. Sometimes the next day; I guess some cool down is in place.
This feels like discrimination or xenophobia with extra steps. If you’re international enough and have some bad luck, the systems will perceive you just like a scammer and will deny you service or require hours of intervention because of things like your name, location history, and nationality. (For those who haven’t noticed, sometimes PayPal will arbitrarily require you to create an account in order to complete a single payment. Nationality is required information in this step)
If it’s not something I really want provided only by a single seller, I will nowadays abort at merchants only accepting PayPal, and at the first failure of Stripe. It’s not worth the headache.
This reminds me... what about those who do not have a surname?
> Most Afghans have no surname; it is also common to have no surname in Bhutan, Indonesia, Myanmar, and the south of India.
They cannot handle patronyms, and for many people every local document (except passport and tax card) uses initials, for example. The problem is that the bank account name has initials (in many places for many people) which does not match your name.
My friend had an issue with Wise because they wanted the name to match that is on the passport, which was fine because it did. Then it started demanding that it matches his bank account name, which it cannot, because he has only initials there.
They are dealing with international customers. They need to understand these differences, but they do not.
I knew a guy with a single-character first name. He once bought an airline ticket but then got stuck at TSA who would not let him pass, despite all his ID etc saying the same thing.
A large number of web sites would not let him register at all.
>> Most Afghans have no surname; it is also common to have no surname in Bhutan, Indonesia, Myanmar, and the south of India.
Oh this is completely new to me. So they have single name?
I wish there is a documented difference in all of these so that International companies can all pay attention.
Yeah, I can only imagine how bad it would be to have an Arab name and only one of them.
Wow. This reminds me of my experience with Coinbase. I find it interesting that they don't see how troublesome all this is. There's a human on the other end of the technology, and shutting them out without a solid reason, or the ability to reasonable appeal is crazy.
Set your age to below 13 in Coinbase for a fun surprise.
As soon as you click "update", you are insta-locked out of your account.
As a dev I love seeing these. Makes me feel better about myself when these companies with seemingly infinite resources suck at engineering as much as I do
You’d think that’d be prevented when they identity proof you with government identity credentials considering the immutability of your birth date.
The US legal code doesn't give them a ton of flexibility here.
Coinbase has to push the boundaries of US legal code interpretation in plenty of other places... picking "letting pre-teens manage accounts" would be a dumb hill to die on.
Quite common. On Discord, there are NSFW channels and before joining them, you have to provide your birth date (only once). If you set it to below 13, your account gets suspended/locked immediately.
Twitter does this as well.
Tbf, I wouldn't want to deal with someone who can reverse age like that, either.
When there's 1,000 happy customers and 1 unhappy one, what's the incentive to fix anything?
Not being facetious, just pointing out the depressing nature of our reality. :/
Commonly the 1 unhappy customer might tell his story to ten of their friends or thousands+ of readers online. Fixing customer problems (especially drastic ones) carries large incentives, because those single stories will actually be observed, while the 1000 happy customers won‘t be mentioned.
To answer the question in the plainest way: the possible revenue potential from the unhappy customer if turned to a satisfied recurring customer.
This is really just a question of the opportunity cost, which can vary.
Most happy customers never tell many people how happy they are. Most unhappy customers will tell everyone how unhappy they are.
I was banned from Coinbase 4 years ago, and I am still unable, to this day, to create an account without it being banned within 5 minutes of creation and no one is able to give a reason as to why.
From having been behind the scenes of a web hosting company a while back: They almost certainly have decided that you're a scammer, and that any account you ever try to open is just an attempt to get around being banned for being a scammer.
The complete non-answers from support are almost certainly because they have that as a standard policy with people they've decided are scammers, because the genuine scammers out there are extremely good at manipulating literally any kind of even vaguely permissive support policy into enabling further fraud.
The bigger issue here is that when a company is actually good at this stuff (like that web hosting company I once worked for), there's a department specialized in handling these cases with knowledge of how to properly verify legal identities and filter out the scammers... but quite a few companies today both big and small have decided (possibly correctly, given how they're treated) that it's easier and more profitable to just skip that entirely and instead leave false positives locked out of the system permanently.
You may share a name with someone on a US Treasury, FDIC, FINRA or other banned list.
When our bank replacements are run like tech companies everybody loses. I suffered through similar with Binance.
Traditional banks will cut you off as well. Move lots of money through your account, bounce it between a few accounts and back into your account. They'll cut you off.
> I suffered through similar with Binance.
What did Binance do to you?
It doesn't matter if they lose one customer by mistake if they screen out multiple fraudulent accounts this way. It's simply more profitable to do this in an automated way than to actually consider the human in the equation.
I'm also locked out of my Coinbase account :(
Don't know what to do, I'll just assume my investments are lost to time...
There's an old chinese proverb that goes: "Not your keys, not your coins"
File a complaint with your state’s Attorney General, FINRA, the SEC, and NYDFS. Should help Coinbase along in recovering your account. Should take no more than an hour or two to file with all regulators I mentioned.
My experience has been just opposite with Amazon at least their Web services. One of my account was hacked and since I don't use AWS any longer the emails and alerts were going to an email I never check. Don't remember how I discovered it but upon opening my AWS account I was stunned to see a $50,000 something bill. Amazon even raised a GST invoice for the same IIRC.
My heart sank and mind filled with questions and uncertainty.. What if AWS sues me, maybe they will settle it for half or 25%. But their customer support was more than kind to me. In every reply they assured me that I need not worry and they are working on my behalf to resolve this.
I cooperated with them in every way possible and After 16 days I finally got a reply that it was all taken care of and I owed them nothing and they didn't even suspend my account. God knows how the things would have turned out with any other hosting. I did leave them a suggestion to hard-cap the billing instead of just email alerts.
> I did leave them a suggestion to hard-cap the billing instead of just email alerts
Why would they do that? Enterprise customers are just going to pay the bill, and for small customers they get a lot of good will when they make a "special exception" and don't ask you to pay for charges that someone else fraudulently racked up.
The actual cost of providing the service to the fraudsters is probably so low that they don't have a lot of incentive to prevent the fraud, as long as there is a non-zero chance that someone pays for the fraudulent charges.
Web services is a rather different kettle of fish from their consumer items side, so your comment is rather inane.
Wow, same for me!
A few years ago, I was vacationing abroad, and ordered a gift from Amazon to be delivered in another country. The payment from Amex bounced for whatever reason, and Amazon permanently banned my account instantly. Difference is it says my login/password are invalid (they're not), there's no other message, no field for contact.
I lost more than 100 paid Android apps. Never took the time to recover that account, if this is even possible at all.
The damage would have been much greater with an Apple or Google account.
For traditional banks and credit unions, a physical branch is a major component in their 'anti fraud' device and systems.
Trained human experts will review documents and establish an identity.
However those systems also have financial hurdles to access. Someone with a very thrifty banking service, or someone with very little money (paycheck to paycheck poor) would have trouble utilizing such a resource.
This is unfair and systemically disenfranchising.
I would really like to see a solution to this issue from another part of 'the system' which must already validate someone's identity. A nominal and small fee should be attached, but it should be paid for by the corporation that wishes to ensure anti-fraud activity.
In such a circumstance the corporation would be compelled to also accept this validation, or optionally offer others that may be faster if a consumer agrees.
An individual under such suspicion would visit a nearby police department. Depending on the level of validation asked for said department might also try to actively contact the individual in other ways to cross-validate. If someone happens to be on vacation at the time this check would necessarily involve two departments (the place the person is at and their home area).
Such a system is costly in time for the consumer, and some money for the company. Ideally solutions that don't result in account suspension would be developed to prevent reaching this state; but a good standard for last resort default is necessary to ensure any other solution that survives is better.
If we’re talking radical changes, I’d really like to move from authentication-by-flesh to authorization-by-cryptography. Basically as opposed to have party A present identifying and (supposedly) hard-to-know information and biometrics until party B is sufficiently confident that they map to the same physical person.. authorization by cryptographic keys. Like using metamask for authenticating.
There will still need to an ecosystem of companies with the kind of services you’re talking about, but there would be a clear distinction between the “vouching” part (attest to a bank that you are who you say) vs “access” part (multi-party key custody and recovery services)
So many hairy problems (online payments fraud for example) stop existing in the same way if we move payments from pull to push and access control to utilizing cryptographic signatures.
I shouldn’t have to expose my entire identity in order for an online merchant to be sure I won’t bounce the payment. And the scenario OP is describing would never happen.
That solves the problem to one extent and makes it worse to another, and definitely doesn't solve fraud to any degree. With crypto, if a scammer cons my parent to hand over their private key, every company that relies on that key can claim that whatever account action occurs is perfectly legitimate and ignore attempts to correct problems -- after all how would you prove the transactions are illegitimate if they're signed? More to the point: how would we prove they're illegitimate better than we can now?
A lot of people in this thread talking about losing their store credit and app/content purchases. I'd imagine the worst case scenario could be much worse. Apple runs fairly popular cloud storage services that are strongly encouraged to you for your photo storage and files. The photo storage especially has an option to automatically delete your local media because it's already backed up on Apple's servers. Will these all be locked out without warning or recourse for a miscellaneous card whoopsie?
Even standard files on iCloud. Who knows how important the average users' cloud files are to them? (I don't use public cloud storage at all anymore because of this exact fear - what if some arbitrary billing/transaction error locks me out of everything without recourse?).
To be fair I've no idea what the person in question got their account locked for and if there was any shadiness involved but I doubt they'd write about it publicly (or get access restored) if there were, which implies that at any time your account and your data can be taken away for something entirely mundane.
It makes me really concerned in fact how Google would handle something similar to this - given that for Chromebook users everything (literally EVERYTHING you would normally do locally on a computer) is in/via your Google account.
For exactly this reason I never trust online photo storage for anything other that disaster recovery. Google Photos still, after nearly two decades, won't tell you if they're storing an original copy or compressed facsimile of your photos. And after having the Android App randomly and surreptitiously turn on compression for uploads, there is simply no trust left.
So. SyncThing on my phone and laptop, and an a little herd of external drives. It makes me feel like a digital prepper or something. Sigh.
Actually. I think I have just self identified as a digital prepper and I like it. Time to download my Google content.
> Google Photos still, after nearly two decades, won't tell you if they're storing an original copy or compressed facsimile of your photos.
One recent anecdote: When I used my Pixel 2 with its free original quality backup, I used motion photos for a few things. 3 years later, now, on another phone (or even the web viewer) some of these motion photos are not loading. Some of them then load on the web but have video compression artifacts (i.e.: B-frame artifacts).
I'm glad the original photos are intact from what I can tell, but this is extremely off-putting, given I was 100% in the Google ecosystem -- from hardware to account setup -- and still got burned somehow.
I think this is completely OK. We treat our physical valuables with care. Why would we treat our digital valuables otherwise?
> It makes me really concerned in fact how Google would handle something similar
Very poorly, it seems. There are a bunch of stories scattered around HN about Google not only irreversibly deleting personal accounts, but entire paid Google Apps for Business setups. A whole company gone because the admin uploaded one ripped movie to their personal Drive, for example.
Many of these did get mostly resolved after someone carefully exploited the Kevin Bacon rule to get in contact with a Google employee, who then made some noise internally. But many couldn't be even with insider help, as some deletions are (were) apparently instant and irreversible.
There is a famous google support post going around where a woman begs the support to help them get her account back and the support just parrots a canned text reply. But afaik google only has working support for paid users.
Nope, the paying users have a similar level of support i.e. a well-trained parrot
That's not 100% true. One of the best things I ever did was ditch all my clients who used my servers for mail onto corporate gmail accounts. They actually do get someone on the phone when they have a problem. The thing you have to consider is that someone on the client side is getting paid $8/hr to call Google and someone on the Google side is getting paid $8/hr to respond, and as long as it doesn't bubble up to being anyone else's problem this is probably better than having a CEO call a dev lead at 5am and ask why the mail isn't working.
Ask to speak to the data controller; they have to provide you with a copy of all the data they have on you. Once it gets legal things tend to move quicker.
Have three kinds of backups. Physical drives (2) and an online backup that's not through Apple, Amazon, Microsoft or Google. And don't use any of their built-in services; in fact, firewall yourself from them. Then it's no fuss. You'll never have to deal with their "customer service".
Every company (Apple, Google, Amazon, etc) is guilty of pulling this non-sense on customers. It is too easy for them to wipe out thousands of dollars of value with no meaningful explanation (read the Terms and Services and go away? seriously Apple?) and no accountability.
IMO, states should enact laws where you can take the company to court in your local county and no contract can override that right. If the termination is found justified, the company must refund all account assets at fair market value and any remaining balance. If it was not justified, the company must reinstate the account, pay all court and legal fees, and a reasonable amount of mandatory punitive damages.
Also, I don't get why Apple et al pull these stunts anyways. They already have a huge "regulate me" post it on their back.
This is something the EU is currently taking on with their Digital Markets Act, and the concept of digital gatekeepers.
I pretty sure (I haven’t been following too closely so it might have changed) the Act requires digital gatekeepers to provide human customer support, and provide clear explanations for moderation activity and account closure. Along with a clear appeals process.
In theory all of this should make it much easier for a normal person to appeal an account closure, and refer a company to a regulator, or sue them in court, if they fail to provide a fair appeal.
This sounds promising. What's a good article that explains this in more detail?
That's a tough policy to write fairly. Imagine Tom in Alaska buys a $10 downloadable pdf calendar off of designer David in Florida via Etsy. Tom claims the calendar somehow harmed him and sues David locally in Alaska, but is willing to settle remotely for $500. David knows it's bullshit and could beat it in a millisecond, but there's no way he could take time off to go to Alaska and avoiding a bench warrant is a pretty compelling reason to pay up the $500.
That's not to say the current setup doesn't suck, but the solution isn't super cut-and-dried.
But this is happening on accounts with long standing.
The thing that gets me is that Apple knows I’ve spent $10,000s with them over many years.
Even if I somehow fuck up and use a dodgy card, I’ve brought so much money into the business that they should at least assume good faith on my part.
I understand cutting relatively new accounts off permanently for abuse but this no-recourse shit for long standing accounts is bullshit.
I think they understand that, they’re just saying such a law either needs a regulating body doing the enforcement or needs to be worded very well to avoid frivolous cases.
Reanimating of old accounts for fraud is very common from a fraud pov.
Using a “dodgy card” ultimately is the problem.
There are things you can do remotely. This happens all the time.
I once sued a company in New South Wales in small claims court. It was done entirely online from the US, and if there had been a hearing, it would have been by phone. The company paid up within 24 hours of the filing.
That's been true for many (not all) international suits for some time, but you can't generalize that to everywhere. In the US, things like that are set up per-jurisdiction or per-court and they all have vastly different budgets for these things. Jurisdiction is also not entirely straightforward in these instances. It's not that cut-and-dried.
You have to look at it from the company’s point of view. As the accounts can be created for free, every day millions of grifters are pulling shady shit. Using stolen CCs to purchase, trying to scam the support team, refund scams, identity theft… You name it and it happens.
>>You have to look at it from the company’s point of view.
No we actually do not, and should not.
They are offering the product to the market, it is incumbent on them to fix the problem not just toss their hands up and say "Well it is too hard / expensive for us to solve so consumers just have to deal"
This is similar to my complaint over the concept of "Identity theft" no one identity is ever stolen, no companies fail to implement proper fraud controls then shift the liability to the victim to "prove" their "identity was stolen", that is the exact opposite of how the burden should work
Coming back around to the Apple situation, this is a result of allowing unconscionable contracts (aka severely one-sided and unfair) to permeate the digital goods world. The fact that Apple can terminate a contract in full, with one sided review with out having to notify the other party of the exact clause of the contract they alleged the other party violated, no recourse or notice to correct, no appeal or attempts to remedy, etc would not fly in most contract situations, the fact we allow it with "terms of service" is ridiculous
When you create an account, and do nothing shady for years, in fact buying their products and spending money with them, and THEN you get cut off, that’s what we’re talking about here. And that their moderation needs to not be so digital and one sided.
Their business model is literally profiting off of poor customer service (as a service).
Get your credit card from a local credit union with at least one physical presence near you.
Do your own backups or contract to an independent company whose primary occupation is doing backups.
Manage your own email either directly or through an independent email provider. Buy a domain and use that for your email address to increase flexibility to move from one provider to another.
Anything else increases your risk of getting caught in a personal and financial wood chipper.
This sounds like The Trial by Franz Kafka. You get thrown into a bureaucratic machine and you have no idea why. And no way to appeal.
These account suspensions scream for regulation that forces a company to explain the suspension and offer some kind of appeal process. Otherwise I see a very dark future where super large companies kill people's livelihoods and nothing can be done.
It's striking how the guy goes out of his way to not be angry at Apple. Very interesting psychology. Stockholm syndrome or just begging the king for forgiveness?
“I do not know what I did wrong officer, but I promise to never do it again” - Peppa Pig’s dad
Perhaps he doesn't want to lose whatever good favor he has at Apple or risk his account beind disabled again in retaliation. The alternatives to Apple aren't exactly equivalent or easy switches to make.
"Sci-Fi Author: In my book I invented the Torment Nexus as a cautionary tale
Tech Company: At long last, we have created the Torment Nexus from classic sci-fi novel Don't Create The Torment Nexus"
> Otherwise I see a very dark future where super large companies kill people's livelihoods and nothing can be done.
What do you mean future? This is already the reality. I recall reading multiple threads here on HN in the last couple of months alone where people lost access to their Google accounts and only got it back because they happened to have a somewhat bigger following on Twitter or elsewhere. I think it's safe to assume that for each of these cases there are many others where the victims don't happen to be influential online personas and their cases just go unnoticed.
> Otherwise I see a very dark future where super large companies kill people's livelihoods and nothing can be done.
Hmm, this sounds very familiar, like a certain political class was doing this recently.
Is it not possible that the person did not take it personally? What is getting angry, if not taking things personally?
> It's striking how the guy goes out of his way to not be angry at Apple. Very interesting psychology. Stockholm syndrome or just begging the king for forgiveness?
What would getting angry accomplish?
I would bet it is some ML model to detect fraud. This model will never be perfect – it will have false positives. My guess is – while picking the precision/recall thresholds for blocking users, someone higher up would have argued it is okay to cause some false positives to prevent a lot of harm.
And they would have justified to themselves saying there's always recourse through customer support. But customer support tools to investigate and un-ban users would be slow and painful and lacks capabilities needed to check if the complaining user even passes the basic smell tests for a fraudster. And nobody can really explain why the model blocked the user in the first place. There's no well-lit path from CS to engineering on a case-by-case basis. Escalation would happen in bulk/batches – when lots of seemingly 'innocent' users complain to CS, CS may escalate to engineering.
Btw, the alternative of having to pick really conservative thresholds (with near-zero false-positives) causes more harm – harm that's more visible.
The slippery slope is this – over time the definition of 'trust and safety' would have been expanded to include interests of more and more stakeholders (including company's own business interests) – it is very easy to lose sight of serving the user (who may not be the paying customer).
> I would bet it is some ML model to detect fraud. This model will never be perfect – it will have false positives. My guess is – while picking the precision/recall thresholds for blocking users, someone higher up would have argued it is okay to cause some false positives to prevent a lot of harm.
> And they would have justified to themselves saying there's always recourse through customer support. But customer support tools to investigate and un-ban users would be slow and painful and lacks capabilities needed to check if the complaining user even passes the basic smell tests for a fraudster. And nobody can really explain why the model blocked the user in the first place. There's no well-lit path from CS to engineering on a case-by-case basis. Escalation would happen in bulk/batches – when lots of seemingly 'innocent' users complain to CS, CS may escalate to engineering.
Can such a model be trained effectively if isolated reports of false positives are rejected without meaningful investigation? In that case, wouldn't the model be trained with bad data?
What if for each reported false positive there are more users affected who didn't report it (because their accounts were less valuable, because their time was more valuable, because they were too upset, because they were too timid, because they died (for unrelated reasons), etc)?
> Can such a model be trained effectively if isolated reports of false positives are rejected without meaningful investigation?
No, and much like YouTube auto terminating accounts with 10 years of content there is absolutely no excuse for certain very obvious cases to be handled without human interaction. There absolutely must be flags that stop terminations without a human.
> it is very easy to lose sight of serving the user
Every public corporation only serves its shareholders. If they annoy enough of the users and the shareholders take notice when it hits the bottom line maybe then something will be done.
Boring take that shows up in every HN thread. I worked for years in Risk/Fraud and what you're saying is just not true.
There are always tradeoffs to be made, we will always mistakes (hopefully rarely), and 99% of the time the people behind the curtain are trying very hard to reduce harm for the good actors.
I think most actors are genuinely acting in good faith. The problem comes when the machine gets so big that people don't understand that their good faith actions lead to overall bad outcomes. It's not so much evil corps as I think it sometimes is clueless corps.
Thanks for that. Evil Corp narrative is strong on HN.
Years working in corporate and I am yet to see people who are “serving shareholders” and “squeezing customers”.
There are strategies that fail, and sometimes there are people who maximize personal gains at all cost. Exact same way as for any other kind of organization.
Big problem is scale. Cost of mistake and collateral damages for big org will always be higher and more impactful due to size. 0.1% of customers for Amazon is 300 people.
And this is why regulation of private corporations is a necessary evil, to provide an incentive to corporations to treat their customers better...
These tech companies are ridiculous to the point that some law should be written to curb their attitudes.
These are the richest companies in our country, and print money hand over fist. That they sell online life services like photo, storage, music, etc should require them to provide actual, human support.
I find it really sad they even have to be forced into it. How much could it possibly cost to hire a few hundred 'filterers' that triage out the tech support, and a smaller team of people who look into real issues?
Amazon and Walmart do it, and still both make tons of money. So what's the downside here?
The real problem is that these companies have silently just become foundational infrastructure for a modern society. They aren’t some random private optional service. They were private disruptive innovation at one point, but because of their immense effectiveness, power, and influence, they are really more like public utilities. Our laws don’t recognize that yet and we need to start talking about this more to make it so.
In Australia, the powers of monopolistic or near-monopolistic telcos were effectively checked by the Telecommunications Industry Ombudsman (TIO).
The TIO has teeth and almost always sides with the customer, and they make sure that the fine exceeds any benefit that the telco might be gaining through the bad behaviour that resulted in the complaint. Unofficially, I heard that the fines for any valid customer complaint start at $7500 and go up from there rapidly.
Something similar may be needed. A mega-IT-corp-ombudsman, with powers to fine corporations providing services to the public in proportion to their annual revenues or current market cap.
It’s more like $30 a day for every level 1 complaint open with TIO and cost goes up from there. I seem to remember level 3 is around $250 a day though memory is becoming increasingly unreliable.
Point is, even if TIO sides with the telco (unlikely, they encourage both parties to find a middle ground as they are consumer first oriented) on a case where it takes for example 10 days (again, unlikely) to resolve; the margin on a residential NBN service with a budget provider like TPG has already evaporated and that’s without considering costs of having TIO liaison staff, etc.
It’s a good model because it encourages the telco to resolve the complaint properly and in the customers favour before the problem can make it to TIO as once it gets to them, it always costs the telco money. Provider is better off wearing $100 cost to resolve than have the complaint spend 3 days with TIO level 1, taking up time and resources whilst also becoming a publicised negative statistic (TIO regularly publish report outlining telco performance from a number of complaints perspective).
I think your suggestion is a good one. Just adding this detail because I think it’s important to note that the model is actually about encouraging better complaint handling and customer service than just being about fines and punishment.
 assuming 12 month term on approx $65/m service but I am speaking in broad terms
I wonder why the TIO can't help with complaints to Apple, Googles, and Facebook. They provide plenty of telecommunication services. There's really not that much difference between the FANGERS and the telcos who sell the sim cards. It's all just software.
That's a very good question.
These tech companies are ridiculous to the point that some law should be written to curb their attitudes.
IANAL, but doesn’t contract law already cover this? Apple terminated the contract one sided. They are allowed to do so, but only by acting in good faith and fair dealing. That they were willing to let this person open a new account (new contract) but not willing to reinstate the existing contract and also unwilling to explain how this person could avoid a similar punishment seems to indicate at least a lack of fair dealing.
The ABA has this to say: In general, the duty of good faith and fair dealing means, for example, that parties cannot evade the spirit of the bargain, lack diligence or slack off, perform incorrectly on purpose, abuse their power when specifying the terms of a contract, or interfere with or fail to cooperate in the other party’s performance.
I wonder if this person had took apple to small claims court instead of trying to navigate apple’s kangaroo court system what the outcome would have been.
Should they be able to scan your photos? Should they make judgements on your photos based on ml classification? Should they run your photos against police data for crime matches? Should they be able to sell your photos or use them throughout their product? Can they use your photos in an ad campaign?
What would the laws protected against?
A provider shouldn't, because their system should be designed to prevent them from being able to so they aren't someday required to at their own expense nor at the probable violation of their customer's privacy.
As technology evolves it becomes increasingly easy to invade deeper and deeper into once private spaces. Such as someone's rooms. Someone's now electronically light and replica-table collection of externalized documents and memories; maybe within our lifetimes even within their minds.
While I don’t disagree in particular that Apple should offer support for account recovery, and that a resolution shouldn’t require knowing the CEO’s email address and crossed fingers, I don’t necessarily follow the logic that ‘they store my photos’ necessarily means ‘they should be governmentally coerced into having dedicated support staff’.
It’d follow logically that if your photos (or whatever) are valuable to you, you wouldn’t punt sole responsibility of their perpetual storage to third parties. Understand instead that the storage services they offer are voluntary, conditional and subject to loss due to error, negligence or even maliciousness (the latter of which rarely serves business interests).
Apple should obviously do better here — assuming this story is indeed accurate - but introducing legislation here seems like a leap.
They should be regulated. In the same way that other utility providers (eg electricity, water etc) are regulated.
They should be subject to consumer protection law.
Apple was forced in Australia by the ACCC (our consumer protection regulator) to provide proper warranties and repair/replacement/refund protection, as specified by the law.
I see no reason why they shouldn't be "governmentally coerced into having dedicated support staff" to support their compliance with the law.
I agree that they should be subject to whatever consumer protection laws are in place for the regions in which they operate; I disagree however that they should be viewed as utilities for the purpose of legislation. I’m unconvinced that access to those libraries of movies, music or photo storage could be considered along the same lines as electricity or running water.
I’d agree that there’s too tight a coupling between account access and access to purchased media, but it’s unclear that government intervention is needed to mitigate that. At the very least it’d be useful to know the frequency at which this kind of thing happens before making a judgment call on it.
> I don’t necessarily follow the logic that ‘they store my photos’ necessarily means ‘they should be governmentally coerced into having dedicated support staff’.
Understandable. But I'm of the opinion that companies like Google and Apple more or less offer these services and advertise them as one stop shops for you, forever. And in many cases, mine included, I pay for it. That I make an offcolor comment on Youtube or get a chargeback against the Google store shouldn't lead to a complete blackout to said photos, in my opinion.
Agreed on that point. When too many services fall under a single umbrella of “[Company Name] Account”, the loss of access to the account as a whole because of some kind of transgression on one sliver of [Company Name]’s services is just a fundamentally bad approach.
A law that stated companies cannot cut off access to people's purchased digital goods without a findable process for sensibly resolving mistakes on their part seems valid.
They are effectively stealing - by accident obviously. But once that happens and they give you know recourse - there is intent that mistakes on their part won't be fixed.
I was curious if the German Verbraucherzentrale (consumer center?) has info on this sort of thing. At least for the Amazon case, there is a template letter stating that Amazon isn’t legally allowed to deny you access to previously purchased goods. I know this topic has been discussed in other threads. I was just curious about the legal situation here, and apparently there is legal precedent from 2016.
(link in german)
I recently listened to the OG radio version of Hitchhiker's Guide to the Galaxy, with some added commentary about the early 80s. Vogon bureaucracy jokes were of the time in England. Everyone had little adventures & run-ins with comically illogical public services.
These days vogons are banks, SV giants, social media...
The striking antipattern (to me) is where official channels are a brick wall. Everyone insists that no other channels exist. Meanwhile, if you ask friends or read blogs, all actual resolutions seems to come exclusively from inside contacts, personal favours, being famous or such.
Paypal broke up with me circa 2010.
Apple media services terms includes things like:
> You may not use the Services to: - post a dishonest, abusive, harmful, misleading, or bad-faith rating or review, or a rating or review that is irrelevant to the Content being reviewed
To me it seems like those rules could ban you for just about any reason. I mean, what is even a "bad faith" review? Do you need to assume good faith on the company if you had a bad experience?
“Bad faith” is a common, normal term that has a well-accepted concrete legal meaning .
In this context it basically means posting a rating or review which doesn’t match your actual opinion. For example, crowd-sourced vote brigading (where you don’t have an opinion at all but are just voting in the way someone else told you to vote). Similarly, reviews along the lines of “This app only deserves four stars, but currently it has an average five star rating so I’m going to give it a one star review to try to bump the average rating down toward what I think the average should actually be” would be reviewing in bad faith.
How would they detect this though? A bot looking for things like this would easily catch a lot of innocent people. Even a real human would.
This is your periodic reminder that not all problems have a technical solution. There probably is no bot scanning for this. If it’s ever enforced, it must be through manual human action.
That clause is pretty specific. This is the clause by which they can ban you for any reason:
> Apple further reserves the right to modify, suspend, or discontinue the Services (or any part or Content thereof) at any time with or without notice to you, and Apple will not be liable to you or to any third party should it exercise such rights.
Also, what is a harmful review? Pretty much any 1 star review is harmful however, in many cases, they are deserved. So if I get horrible service and leave a 1 star review, is that grounds for banning me?
I wonder if Apple has a system where companies can report your reviews as harmful and if enough such reports comes in maybe Apple auto bans you?
A bad faith review would be a review made in bad faith. It seems rather redundant given the four preceding adjectives but serves as a catchall for reviews made with bad intentions (such as selling reviews...etc).
The word I would pickout as the most ambiguous is "harmful"... harmful to whom?
It should be unlawful, maybe criminal, to revoke access to digital goods a customer bought and paid for. How the heck have we normalized *theft* as standard business practice?
In my jurisdiction I swear you could sue them in small claims court. I think it’s pretty easy to do and lawyers aren’t allowed. You’d probably end up with someone from the nearest Apple store representing Apple and they’d have no answers.
Even if you lose, there aren’t any downsides and Apple would have to send an employee to participate. I would absolutely do it if I ended up in the same position.
Isn't small claims unable to issue injunctive relief though? Or can they do that in your jurisdiction?
I have no idea. The point would be to make them spend more time and money than they’d have to if they simply had better support escalation.
This sounds like an area where the arbitration clause could actually work in your favor.
Theft of what though? You don’t own any of the music you pay to access. It’s all just revokable licenses to consume media.
Theft of something that was purchased in a transaction for perpetual use, a digital analogue of physical property. It's not a private company's place to redefine how civil property rights work, to their one-sided benefit.
Gotcha capitalism and inverted totalitarianism. Submit to the interests of the plutocrats and go into debt buying today's fancy widgets, or be banished.
For better or for worse, we have “agreed” to the teens and conditions …
There are plenty of laws that override terms and conditions. A one example, on many countries landlords can not throw out tenants on a whim. Telephone companies can not cut off service on a whim. There are similar laws for utility companies and banks. Arguably it's about time for similar laws for Apple, Google, and Microsoft who potentially hold the keys to your entire life.
That doesn't matter when it's illegal. Statute overrides contract.
In California at least it's actually tortious to offer certain illegal contracts of adhesion. That right is rarely exercised, but you do in fact have standing to sue simply because you were asked to sign a contract with clauses that oppose California public policy.
It would be nice if Congress would make laws that force large tech companies to offer arbitration when they disable an account that has more than a nominal amount of assets attached.
I hate to advocate for more laws and regulations, but these companies have gotten too big to operate without oversight. Losing your ability to log into Netflix would be a bummer, but losing your ability to access your work files, medical records and everything else you need to live your life (eg: Google Drive, Apple iCloud) is just too big of an impact on a persons life to happen without transparency.
With "free" services like Facebook and Twitter I can understand pulling the rug off from under the feet of some unlucky customer. It will generate bad PR, some social media outcry, but the losses still mostly remain in the intangible domain.
But cases like this where the customer actually pays real money for and has accounted assets in Apple's system this is absolutely inexcusable. No face-to-face business could do this or they would be sued to extinction even in the lesser litigious countries.
>and has accounted assets in Apple's system
But really what do they have? They rented something and now they lost access. If they had physical media on CD, DVD, or even stored locally as a stand-alone file that would be different.
Yes I'd be enraged but people have feared for years subscriptions and no physical media lead to this. Games and music have gone from disks, CDs, DVDs, to subscriptions. Today it's become so bad that even physical devices are now seen as owned by its manufacturer and you're not permitted to repair it or even open it to look, if you can mange to open your device.
Eh, even Facebook is something where the value lost to users will be too great to just have ML model autoban people. They offer email and photo storage. Getting banned from gmail, which is also a free service would be terrible for many reasons.