Hacker News new | past | comments | ask | show | jobs | submit login

Another reason is security. Telling the user explicit reasons for account deactivation could open you up to more sophisticated attacks. Of course this isn't a huge concern in most situations, and it can sometimes be less of a concern for older, active accounts. But this is definitely an issue in banking.



This sounds like a proxy for money. Using a bad heuristic with high false positives rate and not talking about the reasons behind the false positives lets an organization to avoid paying the costs of fixing the heuristic.


I wouldn't say it's the result of bad heuristics. It's coming from not being able to fully trust your user and Goodhart's law. A small minority of your userbase might be extremely motivated to attack you, and giving them explicit reasons for your actions will just make your security policies ineffective faster.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: