
Dear Dash Users – A message to all Dash users from the Kapeli Blog - flyingyeti
https://blog.kapeli.com/dear-dash-users
======
matt4077
This guy has shown quite a talent for self-sabotage. Apple was willing to
reinstate him if he'd undo some of the PR damage he'd created by spelling out
that he shared the credit card with someone, and that maybe that's not the
best idea.

Instead, he was enjoying the spotlight so much, he used the opportunity to
escalate further, even publishing his phone call with Apple (illegal on one
side of that conversation at least).

And that narrative includes a healthy dose of goodwill, considering how close
to "the dog ate it" that story about the family friend is. A friend who
apparently also didn't own any Apple hardware, so they shared that as well.

But open sourcing the useless iOS app is apparently a bad idea because his
customers don't know how to work XCode, which strikes me as counterintuitive,
considering every single one of his customers bought programmer-centric
software for Mac.

~~~
erikrothoff
From my perspective, most of the PR damage is because a lot of other smaller
developers have come out of the woodwork to voice their grievances with Apple.
These kind of things happen all the time, and a lot of us feel stood on by the
giant Apple. Even though this event sounds like a special case, it still
highlights the draconian behavior we deal with. (That's what I would call
Apple trying to get him to post a blog post with a "statement" about how wrong
he was...) I have never felt so small as when dealing with Apple and the app
store.

~~~
vlozko
But have they, though? I've read about this topic extensively and I've
actually yet to run into a single comment or blog post about someone with a
very similar experience and was entirely innocent. All I hear is the same
banter that Apple does this to the little guy and everyone in solitary
agreement with this notion. Very few people are willing to actually willing to
put their pitchforks down and humbly admit that maybe Apple was accurate in
its assessments of this developer and did more than they probably should have
to rectify things.

------
cocktailpeanuts
I was rooting for him really, because I myself am also at times very
frustrated with how Apple treats developers.

But I've lost trust in this guy after reading his blog posts and especially
the phone call he published.

The only reason I can think of why the phone call took over 7 minutes is
because he wanted to record it and publish it. Really. If you summarize the
phone call. It's basically Apple asking him to publish that his account was
indeed linked with the fraud account (not even that he's the one who committed
the fraud) and he's working with Apple to resolve it, and rest is this dash
guy complaining on and on which is completely unnecessary since Apple already
knows that and is saying they understand and want to work with him to "make
this right" (The Apple guy literally said "make this right").

Also it is very hard to believe at this point that a "relative" did all this.
If I--or any normal person--was in the same situation (I am paying for a
relative's developer account with my own credit card with my device and turns
out that the relative is committing a fraud), my first reaction would NOT be
telling Apple "This has nothing to do with me", but "I had no idea, I am still
pissed that you guys didn't notify me, but I also understand your position and
will talk to my relative to make sure this doesn't happen. After all, _I_ am
the one funding this fraud regardless of whether I was aware or not aware.")

~~~
forgottenpass
_If I--or any normal person--was in the same situation_

If you define "normal" as "milquetoast and with an Americentric perspective,"
then maybe.

Americans are much more submissive when bureaucratic process presents a
roadblock. Especially a roadblock that seems on the face more reasonable with
an American view of sharing bank accounts and old hardware.

Americans' desire for justice and fairness are paraded around. But their sense
of justice is beaten out of them until they have Dwight Schrute-esque
compliance "That is the law, according to the rules."

~~~
eridius
Saying "I understand why you linked these accounts and that my relative
committed fraud" is not the same thing as being submissive and rolling over,
and your portrayal of Americans is rather offensive.

~~~
forgottenpass
It's an unreasonable level of deference to a business process that we now
understand can err. And that even if it didn't err in this case, we now know
it to be designed to err. It unconditionally resolves an ambiguity into the
direction that makes their other work easier, regardless of if the data is
less correct. And that even if their contracts of adhesion makes the err
legally (or at least bureaucratically) robust, doesn't make it just.

 _your portrayal of Americans is rather offensive._

You have a good point. Voicing my disappointment in my fellow countrymen might
go over better at HN I were doing something minor, like accusing ~40% of them
of racism for not sharing the opinion that the Democrats' policy positions are
the lesser of two evils.

~~~
eridius
> _It unconditionally resolves an ambiguity into the direction that makes
> their other work easier, regardless of if the data is less correct._

What the hell are you talking about?

Apple spent at least _two years_ investigating this issue, and was in repeated
contact with the developer committing fraud. It's clear that this process is
designed to be as conservative as possible, because if it wasn't, it wouldn't
take two years to finally hit the point of closing the account.

------
bnycum
There feels like no right side in this story.

* Apple terminated both accounts because of fraudulent activity, but only one account was contacted to let them know of this activity.

* Kapeli shared financial information and test devices with this other account, whether it was a relative or not.

* Apple said "Hey, write a post telling the whole story and all will be cleared. Just don't say we were at fault."

* Kapeli agreed he would draft and send. Kapeli apparently did but never heard back.

* Apple had a spokesperson come out that painted a different a picture that basically seem to throw Kapeli under the bus.

~~~
gshulegaard
Generally, I don't get this:

* Kapeli shared financial information and test devices with this other account, whether it was a relative or not.

The assumption here is that for some reason a credit card number and device
identifiers (unclear where they come from...but maybe mac address?) are enough
for Apple to "link" accounts. I contest this for the same reason I think
someone knowing my birthday and social security number is _not_ enough for
them to be confirmed as "me".

While I don't think Apple is wrong to use this as a psuedo-identifier, I do
think it is wrong for them to insist that, "we did nothing wrong" and fail to
reinstate the pseudo-linked account immediately after being contacted.

I don't know if Kapeli is telling the truth about the situation...and his
reputation is tarnished my eyes, but I definitely don't think Apple should
insist that the accounts _must_ (with 100% certainty) be linked based off of
the circumstantial credit card and test devices registered to them.

At this point Apple should either reinstate the account or come out with all
the information they have to justify their actions. But having "closed door"
conversations and throwing allegations at one another without proof and
documentation is ridiculous.

~~~
mikeash
Seems to me that everything up to (and including) the initial ban was
relatively sensible. You don't need absolute proof that the two accounts
really are linked, it's reasonable enough to see something that indicates they
likely are and then take action based on that.

Where it fell apart was failing to account for the possibility that they got
it wrong. They should have notified _both_ accounts and explained why both
were being banned for the actions of one, then allowed a way to demonstrate
than the two weren't really linked in order to reinstate the other account.

Unfortunately, this is pretty typical for how Apple operates the App Store.
"We're never wrong, get lost" seems to be their motto. For example, for a long
time you couldn't even appeal when your app was rejected. If it was rejected
incorrectly, then all you could do is try to submit again and hope you got a
different reviewer that time.

The App Store is a direct descendant of the iTunes Music Store, which
originally existed to serve a handful of big music publishers. In many ways,
it hasn't adapted well to serving a million small developers.

~~~
gshulegaard
This hits the nail on the head for what I am trying to communicate. Thanks!

Basically, CC + registered devices are fine pseudo-identifiers. But they
aren't guaranteed unique and therefore edge cases _do_ exist.

So if an edge case manifests, it seems that recourse is limited and at this
point Apple basically is leveraging reinstating Kapeli's account to extort
some sort of PR gain.

Again, I personally don't think Kapeli is without fault here...but it's
possible what he is saying is _true_, so given that he _might_ have limited
connection to the fraudulent behavior and has gone out of his way to try and
reinstate Dash, why continue to deny reinstatement?

Apple might have more information, but until I see it its still a question.

------
protomyth
Ok, so you get a call from Apple that tells you to write a blog post and they
will restore your account. You submit the draft blog post. Then, a respected
Apple SVP comes out and calls you a criminal and Apple doesn't reply to the
draft. What do you do?

------
edko
This whole thing has taught me a lesson. I initially sided with the weaker
side because I own a copy of Dash, and it is great software, and because one
tends to side with the underdog.

After listening to the recording of the conversation, my feeling is that Apple
is handling this in a very fair and professional way, and that I was too quick
to take sides. I think it is not unreasonable to assume that: same credit card
+ same hardware = same developer.

~~~
gshulegaard
I generally agree with you but wanted to point out that:

> same credit card + same hardware = same developer

is fine as a pseudo-identifier for fraud detection...but I don't think is
actually an identifier. It's kind of like someone knowing my social security
number and birthday but not actually being me.

IMO, Apple should have immediately reinstated the account once contacted about
a potential edge case rather than insist that, "they did nothing wrong"
because the implication of that is that the above two pieces of information is
legally acceptable as personal identification and that the developer _did_ do
something wrong.

I may not believe Kapeli 100% and his reputation is tarnished some in my eyes,
but I don't agree with Apple standing on the notion that CC + device
identifiers together are sufficient PII. Fine for fraud detection in a
"pseudo-" context...sure...but not enough to deny immediate reinstatement.

~~~
CodeWriter23
You probably use less information to uniquely identify users in apps that you
write. Assuming you write apps in the first place.

~~~
gshulegaard
Generally, I uniquely identify users by PK sequences on a table with UNIQUE
constraints on various pieces of User data.

So if Apple had made credit cards and/or test devices UNIQUE to a given
account then sure...but that's not what they did here did they?

~~~
CodeWriter23
So yes, you use a single token. Apple used a token and a credit card number.
That's two pieces of identifying information.

------
synecdoche
I find it quite discouraging to see so many harsh sentiments towards the
developer. Everything that he did and the publicly stated reasons behind them
are plausible. In my view the data so far indicate that he played by the
rules. In particular he did a charitable thing to pay somebody else’s
Developer Program Membership and donate a device, which there is no rule
against.

Apple on its side have followed its script which also seems to be entirely
plausible and in good faith. However, their course of action does apparently
not cover the corner case of contacting all account owners to linked accounts
before shutting them down. The agreement allows for third party account
payment albeit with some slight inconveniences. In addition, the rules for
account linking, and it’s very existence is hidden from the developer party,
so (s)he has no responsibility to relate to it, or whatever else is outside of
the agreement.

People may not like the style the developer has done his part. Nevertheless
his story is plausible and consistent, however improbable. Recording phone
calls without consent of the other party may be legal in his country; I know
it is in mine.

Apple has been caught with its pants down but because of the immense power
imbalance, the developer, trough no fault of his own, is set to suffer with no
recourse, unless there are stings attached. I find it infuriating that he has
to do anything at all to set straight a problem he did not cause.

From this point whatever bad publicity Apple has incurred they have only them
selves to blame. They should at least reverse the account lock, and for
reestablishing whatever lost public confidence at a minimum produce an apology
for the inconvenience.

This is how I understand it from what I have read so far. If any new
indications appear to make me change my mind I may do so.

~~~
nicolas_t
I've done exactly that for my brother in law. I donated a device and paid for
his program membership with my credit card, so I can completely understand why
it might have happened. Now, I'm a bit worried about this issue with Apple
linking accounts.

------
choicewords
I feel bad for this developer. He's clearly quite driven, and that might have
inspired his family to reach for the same success. And wanting to help, he
gave his card, and now his program has been terminated.

I'll keep using Dash, but I hope the dev will clear himself out from someone
that is not helping.

------
0xmohit
This is hilarious:

    
    
      My preferred solution would be for a fellow developer to get it
      back on the App Store, as a free app.
    

Especially because:

    
    
      Open sourcing doesn’t look like a good solution at this time,
      as most of my users are not iOS developers and are not familiar
      with compiling an app for their devices.
    

I may be missing something but the author cannot open source the app, but
expects a _fellow developer_ to get it on the App Store as a free app. Can the
_fellow developer_ pick up the existing app (binary?) and upload it on the app
store?

~~~
mikeash
It would be tough to take the existing app and reupload it, but this guy could
certainly provide another developer with a built binary which they would then
submit.

You'd have to be mad to actually do that, though. We see quite clearly how
Apple can react when they think they've been wronged, and who knows what that
binary actually contains.

Seems like the best approach would be to open source it _and_ convince
somebody (perhaps several somebodies) to build it from source and put it on
the store for free. Obviously, the source release would need to be under a
license that was compatible with an App Store release (i.e. no GPL).

~~~
eridius
The other developer could be given the source. He doesn't need to open source
the app in order to give one other developer access to the source.

------
Arnt
I14n is fun — to watch for the audience.

Apple behaves as if everyone has a credit card and the mapping from credit
card to (legal) person is unique. That isn't so in Romania and Apple's
heuristics go boom.

The same assumption shows up again a little later in the imbroglio: Apple
asked him to admit some sort of wrongdoing, however gently, because credit
card maps to person to the person they spoke to carries some responsibility,
etc. Bogdan rejected, because credit card doesn't map to person and giving
someone $25 isn't wrong.

~~~
st3v3r
If you're going to put your credit card in, then you are responsible for the
account. If fraud happens on one account you are responsible for, it's not a
stretch to believe that fraud could happen on other accounts you are
responsible for.

~~~
Arnt
You're equating "paying for" and "responsible for".

~~~
eridius
Which is reasonable. If you pay for something, you generally are at least
slightly responsible for it. Just because you don't want to be responsible for
it doesn't mean you aren't.

For example, if I buy a car, hand the keys to a friend, and they go out and
commit a crime with the car, I'm going to bet that I'm legally culpable in
some fashion.

~~~
Arnt
I've bought a gift to someone almost every month for the past 40 years, and,
eh, I'm responsible for that?

~~~
st3v3r
Not the same situation. You transferred ownership,and after giving the gift,
your involvement was done.

~~~
Arnt
Are you saying that Bogdan did anything other than pay for the account? (Which
seems a mite expensive, but I've given relatives more expensive things every
year as far back as I can remember, so I'm not going to call that
implausible.)

------
ksec
Apple has known this fraud reviews for a long while, we are talking about
1000s and a time line of two years. I am wondering Apple would normally have
terminated the account long ago if DASH wasn't a popular app.

I read a lot of the previous HN thread saying Apple blackmailing him. This
point would be correct if you consider Apple was wrong, and this Guy borrowing
his credit card AND account to this "relative" ( Which we still dont know if
he/she exist ) committing Fraud bare ZERO responsibility for himself.

This is like iFixit tearing up the new AppleTV before NDA and being cocky
about it.

I mean seriously, what the hell is wrong with these people?

------
fizzbatter
Weird that i find out about this here - wonder if he's able to send an email
to Mac Store purchasers like myself. Regardless, i migrated my license, and
all seems to be working now.

Glad the issue didn't impact me too negatively, and i hope this is true for
most of his customers.

~~~
mikeash
Apple tries to keep developers and their users as separate as possible.
Developers only get aggregate stats from Apple, they get no personal
information on the individuals, and there's no way to send a message through
Apple either. The only way to communicate something to your whole user base is
to put it in an update's release notes and hope everybody reads it. And of
course that doesn't work if you've been banned from the store!

------
dav-
A lot of people here are switching over to Apple's side, but I wouldn't be so
quick to throw Kapeli under the bus.

Imagine this scenario:

You buy your cousin a fancy sword for his birthday one year, which he later
uses as a murder weapon against his girlfriend. The police look up the serial
number and see that although it's registered under your cousin's name, your
credit card was used to purchase it.

They arrest your cousin, give him a fair trial, convict him of murder, and
place him on death row. You're not in touch with your cousin, so you are
completely oblivious to everything which has happened. At this point, SWAT
officers storm your home and arrest you, refusing to tell you why. You're
thrown in a cell and told you have been placed you on death row, and that
their decision is final and can’t be appealed.

Your only saving grace is the fact that you happen to be mildly influential in
a small community with ties to the government, and you're able to get your
side of the story out.

Articles are written about you. People are outraged at the government. Others
come forward to tell of their dead relatives who had been wrongly executed as
well.

The Attorney General reads one of these articles and scrambles to do PR damage
control.

Se has her aid call you and demand that you make a public statement saying
that The Government did nothing wrong, that you were the one who purchased the
weapon so they were justified in their actions, and that they are so
graciously working with you to clear your name. Of course, they completely
ignore the part about their negligence and what would have happened if you
were just some no-name.

\---

I believe Apple desperately needs to change their policies. These statements
like "We can't provide you with any more information.", "This decision is
final.", and lack of communication are wrong. Sure, they are a private company
and have the legal right to remove anything from their platform at any time
for any reason without any notice or explanation, but that doesn't mean that
their actions should be supported and endorsed by the communities of users and
developers.

Their actions should have consequences in the form of diminished trust, which
may be the straw the breaks the camel's back in many developer's and user's
choices to continue developing for and using their platform.

I will say that it was not smart of Kapeli to publish the phone call; at least
not yet. He should have waited a bit longer, and only published it if Apple
didn't follow through on their word. However, I still believe Apple is in the
wrong here, and Kapeli's only real crime is that of naivety.

------
ubertaco
I've only just run across this. It looks like the story here is:

1\. Guy publishes paid app to iTunes

2\. App is really good, gets a ton of good reviews

3\. Apple decides those reviews must be fraudulent, and pulls his app from the
store and tells the guy he has to publicly admit that he committed review
fraud to get his app reinstated.

4\. People who have bought the app can't download it, guy can't do anything to
make his own app available anymore without making a false confession and
harming his own reputation.

This sort of heavy-handed-but-uncareful approach to "curation" is consistent
with my experience publishing to the iOS app store.

~~~
joeberon
What actually happened:

1\. Guy publishes good paid app and gets a tonne of good reviews

2\. He helps out a relative by buying an apple developer account for them,
giving them a machine to test with

3\. Relative also uses same "com.kapeli.*" bundle ID

4\. Relative decides to buy 1000 fraudulent reviews

5\. Apple tells the relative to stop posting fraud reviews, who refuses

6\. Apple terminates both developers accounts since they are all the same
information (they look like the same person, same credit card, bank account,
test machine, and bundle ID)

[https://www.reddit.com/r/apple/comments/56uque/apple_dash_de...](https://www.reddit.com/r/apple/comments/56uque/apple_dash_developer_had_two_accounts_25_apps_and/?st=iu5jzhpf&sh=fa17ecd2)

~~~
funkydata
The accounts were linked (same devices, same credit card number):
[https://london.kapeli.com/downloads/Apple_Call.m4a](https://london.kapeli.com/downloads/Apple_Call.m4a)
(edit: direct link to the phone call with the Apple representative)

As much as they tend to piss me off for other things. I don't see any
wrongdoing from them. It's like accusing them of cutting off the payments to a
bakery that operates from the same bank account to that of a drug dealer.

Also that kind of blackmail: "You're sure you want that statement to become
public?" is plain stupid.

~~~
joeberon
Why is the developer being so dense? Just being difficult for no reason
because he has a stick up his ass.

"You're sure you want that statement to become public" it literally makes no
sense...

All he's done is posting that Apple call has burnt every bridge he had with
them, and made Apple look great. Literally they sound very professional on
that call and very willing to help him, and instead he is just being
unnecessarily difficult.

~~~
spacehunt
Actually I wouldn't be so sure as to who burnt the bridge first. He posted the
recording _after_ Apple went public with their side of the story.

What happened to the supposed blog post? Why did Apple go to the press without
getting back to him on the draft?

~~~
cocktailpeanuts
No one knows what happened between the phone call and Apple's press release.
So we can't make judgment on that.

That said, I was amazed how that guy from Apple was being so patient with this
guy being so immature. The Apple guy was trying his best to sort this out, but
for every word he said, this Dash guy would keep complaining. This phone call
could have ended in 30 seconds but took over 7 minutes because all this guy
did was complain (which I think he did for the purpose of making this
recording), and I don't even know what you would get from complaining that way
when the other person was trying to help you. I would have been pissed if I
was that Apple guy.

