Hacker News new | past | comments | ask | show | jobs | submit login
Does saying “Fuck You AWS” constitute offensive content? (josephdeon.me)
100 points by jmdeon on July 2, 2020 | hide | past | favorite | 112 comments

I made fourteen requests over sixteen days to delete my amazon.com account.

I followed up and re-submitted almost every day. Each time I was told to wait 24-48 hrs and someone would contact me to complete the process, and I would follow up 24 hours later to repeat the process over again when nobody contacted me.

When I finally gave up, Something like a week of 1+ hour/day chats, I deleted all of the information I had control over (address, CC’s, etc) to “anonymize” it at the very least. I then had a very juvenile idea to change my preferred first name to “FUCK” and lastname to “AMAZON” and made one last request.

Customer support deleted my account within the hour, no multi-step process, no “customer support specialist will contact you in 24-48hrs”, just an immediate deletion. Finally!!!

I’ve also learned a good lesson — delete any new online account after you create it, before conducting business. if it isn’t easy to do, then don’t use the service. Otherwise, create another. Most sites are just a button, or a chat request, but Amazon was very ridiculous, (equal to airbnb, which required me to send a photograph of myself and my DL, and then replied to say I have to wait another 90 days and do it again?!)

I think what we've learned is that if you start a new support ticket about the same thing, the old one gets ignored.

All content is "objectionable" depending on the audience. We just have to trust our new Amazon overlords.

I like AWS and the general concept of cloud computing, but I'm extremely concerned about how difficult it appears to be to transition from one solution to another. As someone working on an AWS app, I'm worried about the possible day where my employer announces that we're moving everything to Azure or some other platform.

The lack of compatibility between cloud computing platforms makes it difficult to switch when issues like this come up. I suspect in most cases, it's just more economical to stick with the current provider and hope you aren't impacted in the future. Because of that, I doubt providers like Amazon see much immediate impact from things like this.

These are the reasons that I refuse to build any of my projects on some cloud provider's special snowflake solutions.

Haha, no I didn't mean that service in particular. I was using 'special snowflake solution' as a derogatory term for the branded and managed services that cloud providers sell.

Sorry, I should have made it clear I was joking :)

I figured but you never know. Sarcasm doesn't translate well over the internet.

I think they mean custom/managed+locked-in solution.

EG: I can move HA PG to any provider but if I build around RDS specific tooling I'm boxed in and any migrations are OOM harder.

I hear this a lot, but it's a silly argument. Lock-in doesn't come from using the special services. It comes from your data being hard to move.

Before I moved reddit from a datacenter to AWS, I was "locked in" to my datacenter. It took weeks to get all the data out and into AWS.

Working around their special services isn't all that hard. Nothing AWS offers is that hard to replicate outside of AWS if you want to. The hard part is getting your data out.

So if you're going to put all your data into AWS anyway, you might as well use their services and save yourself some time and effort reinventing what they've already done. If you really need to move out later, then make the investment in rebuilding the tools they offer.

There's always https://www.terraform.io/ to guard against vendor lock-in, but then you're still stuck with another vendor if you decide to switch.

Moving a TerraForm managed infrastructure, which has higher complexity than one ec2 instance, to another provider basically means rewriting most TerraForm code. I don't see TF to lower the barrier of vendor lockin really.

Completely agree, Terraform doesn't abstract away the cloud specific bits, it pretty much exposes the raw resources.

Terraform is "multi provider" not "provider agnostic".

Cloud portability? Containerization if your app isn't built with serverless in mind, serverless if it is. Is there anything snowflake-y about the Big Three's offerings for container orchestration and true serverless?

And for not-infrastructure cloud services, aren't they pretty interchangeable? I recently evaluated four different cloud speech-to-text services. Sure the APIs differed, but you know, it's an API call. I see nothing to complain about.

Even if you don’t use the special snowflakes, you’re still in a Linux vs Windows sort of world where your AWS skills won’t apply to Azure if you’re working on the operations and security parts.

Most Azure cloud computing customers use Linux:


That was really not my point, my point is that once you’re a wizard in azure operations those skills won’t transfer to AWS. Similarly to how a windows admin can’t automatically use his/her skills as a Linux sysadmin and vice versa.

Maybe the switch isn’t too bad for small customers, but in enterprise where people spend years specialising and obtaining and renewing certificates you can’t just transfer your staff members between the cloud services without a major retraining investment, in which you’ll likely loose your best staff because there is a reason they chose to spend all those years on your previous service.

I see. Given that Azure offers both Linux and Windows server environments, your analogy was a little unclear to me.

Ideally, this particular challenge can be overcome using something like terraform, which allows you to build infrastructure in a relatively cloud-agnostic way. But even that is a risk, since it's a relatively new project.

There's also this snowflake flying around ->


"If this post gets removed then I know I have not fully achieved my ownership goal and it might be time to just host on a pi."

If the post does not get removed you do NOT know that you have fully achieved ownership. The simple fact that that clause exists means you do not have full ownership.

Hosting on a pi might not make much difference as most ISP's have similar clauses in their EUP's.

The only way to come close to "full ownership" I can think of would be by either owning the entire stack to the reader or maybe some encrypted p2p system. Does anyone have any practical suggestions?

Yes, put it on TOR. Even non TOR users will be able to see it since there are multiple gateways and if those are blocked people can always use tor themselves.

It’s pretty underrated, especially if you don’t have a public IP. Also using TOR helps people in dangerous situations.

Yes, Tor onion sites are indeed an excellent option. And as noted elsewhere, you don't even need a public IP address.

However, using Tor2web proxies is very risky, because proxy operators can see and modify traffic.

Asking as someone only passive interested in it (a friend is a developer), any thoughts about the dat protocol and beaker browser as an alternative or does my understanding of tor and dat require adjustment? Do they address the concern you’ve brought up in a meaningful enough way?

From what I see, there's no IP anonymization. But maybe one can use it via VPNs, Tor, etc.

If it’s something important you might consider signing your content with pgp before posting it.

In my experience, that's harder to do than you might expect. Some years ago, I found some unmaintained software that worked for signing html. But I didn't find anything to verify signed pages. Just an old Firefox extension that no longer works.

Please do share if I've missed useful apps.

Don’t sign the html, sign the content and put it in a <pre> tag.

It doesn’t look nice but it does work.

OK, good idea.

Would the W3C signed exchange spec work for this?

Leaving aside whether the clause itself is objectionable, since when does "full ownership" mean you can do whatever you want? Am I allowed to drive my car on public roads without a license?

My gut reaction response to this is that is a false equivalence as one can have a chilling effect on free speech by a corporation, while the other constitutes a useful safety rule by a government that is supposed to have our consent to govern.

I realize there is some political opinion in there and feel your point warrants a more thoughtful response. Let me think about this...

The original author isn't clear, and I would not have used that phrase, but the focus is on restrictions made and enforced by AWS.

In that context, I read their desire for "full ownership" to mean "I can use these resources for any lawful purpose, unencumbered by additional contractual constraints made at the whim of my provider."

No, but you can drive unlicensed vehicles -- even vehicles that could never be licensed -- on private land.

Sure, but the equivalent would be to host your content on a Raspberry Pi that is not connected to the internet. What would be the point ?

True. But you could host on a Pi via Tor, as an onion site.

I don't understand the premise. Why would one expect to be able to interact with the world without any consequences ? That makes little sense, philosophically, at least to me.

Even hosting via Tor can have consequences, if the government has enough incentive.

However, practically speaking, I think the OP would probably be fine posting on AWS, as others have remarked.

> Why would one expect to be able to interact with the world without any consequences ?

Because you're not free if you can't do that.

> Even hosting via Tor can have consequences, if the government has enough incentive.

Then you can chain Tor with other anonymity networks. Such as nested VPN chains, Orchid, or LokiNet.

Based on what I've seen, people have generally been pwned because they screwed up, and not through fundamental compromises.

Unless you are drunk in California. Then it is illegal to drive even on your own property.

Huh. So you can't drive a four wheeler on your farm while drunk? That seems pretty harsh :(

Yep! Of course, your chances of getting caught are almost nil.

But, I can't do whatever I want with it, and that's the point. "Full ownership" does not mean you can just do whatever without consequences.

Sure, "full ownership" means owning the entire stack.

And it's a limited concept, in any case. I mean, you'd have no problem hosting anything as a Tor onion site, or on Freenet. You don't "own" either platform, but they're designed to guarantee decent anonymity, and takedown resistence. However, it's all too easy to screw up and lose your site, and perhaps your freedom. So you gotta know what you're doing, and practice good OPSEC.

First you say "full ownership" means "owning the entire stack," but then you go on and talk about using things you don't own, such as Tor, or Freenet. You talk about "screw[ing] up, and los[ing] your site or your freedom," as if you might have to hide what you're doing. None of that sounds like "full ownership" to me.

I mean that "full ownership" implies "owning the entire stack". Which in any useful context is arguably impossible. So "full ownership" just isn't a useful way to think about this.

I mentioned Freenet and Tor because they're designed to provide privacy and protect against censorship, even though users don't own the full stack.

Then, "full ownership" is a meaningless concept, not worth the electrons and brain cycles you and I just wasted on it.

That's a good way to put it :)

Unfortunately, I didn't think of that :(

These are rules specifically written for selective enforcement on case by case basis.

Thats it, move on

Doesn't matter:

"The examples described in this Policy are not exhaustive. We may modify this Policy at any time by posting a revised version on the AWS Site. By using the Services or accessing the AWS Site, you agree to the latest version of this Policy."

Everyone uses AWS at the complete discretion of Amazon.

> Everyone uses AWS at the complete discretion of Amazon

Isn't this totally obvious?

What might be more interesting to note, and what the author is testing for, is if/when these cloud providers change the rules of their discretion often or abruptly. But of course we're all at the mercy of these private companies when we run on their hardware.

Which is an argument for "common carrier" type regulation. Railroads once had a similar monopoly position. They could refuse to carry items from one shipper to favor another. In the US they have an obligation to provide "reasonable service for a reasonable rate upon a reasonable request from a shipper".[1] There's long history around this, and it may be time to apply it to some Internet services.

[1] https://www.ams.usda.gov/sites/default/files/media/Railroads...

There is no line that can be tested. There is no common law or due process here. Tech platforms operate by fiat.

I take that back a bit, there is a line, but it is measured in money not principles.

> Isn't this totally obvious?

Without looking at contracts, no.

Well; speaking candidly: I once called one of our internal datacenters "trash" (for not meeting specifications, having no local support, overloaded switches and inconsistent hardware platforms) and I got a written warning for it.

So, yes. I would say it constitutes offensive content.

Isn't this totally unrelated? In your case it was your employer reprimanding you for your performance on the job. In OP's case it's him acting in his own capacity.

You're right of course, but we're treating developers (and developer spaces) as being professional settings.

Gone are the "underground hacker" days, as Antirez put it, so I think it applies.

Wow, did you quit? Id have

I ultimately got booted off twitter for a tweet that said:

"Dear @AmazonUK AI, please kill yourself now".

This clearly wasn't aimed at a human but their Artificial Intelligence.

Attached to the tweet (to provide the tweet with some context) was a screenshot of it recommending a whole bunch of those Hello and Chat type B-list celeb trash gossip mags. Items I swear I have never browsed for on Amazon, let alone a newspaper.

I was reported, possibly by @AmazonUK, or detected by Twitter's own idiot AI for "promoting or encouraging suicide or self-harm". FFS.

Despite my attempts to appeal I gave up. It counted towards my three strikes (one was a Frankie Boyle kinda joke about why no-one had had a pop at trump with a gun, buggered if I can remember the other, I think I may have used the "c" word).

Turns out I need to tailor things I say, that wouldn't be considered offensive in a Scottish pub, to Twitter's puritanical view of the world. But it's their shitshow and @jack can go fuck himself.

Edit: just to be clear, I've never encouraged anyone to kill themselves or "die in a fire". The Trump tweet was clearly a bad joke and in no way could be construed as encouraging anyone to try and assassinate the US President, nor anyone else. The "c" word was not aimed at anyone in particular other than the Scottish Conservative and Unionist party, who're pretty much considered fair game in Scotland.

It might have been less self-harm promoting and more conceptually correct to tell the AI to delete itself, instead.

I was with you every step of the way until you lamented the puritanical rules. Your original example was indeed a dumb misunderstanding on their part. However, if you had addressed a real person that way, the reaction would not be puritanical. The other two cases sound potentially reasonable too.

to be fair, unless you're proletizing coe, there's not much considered offensive in a scottish pub

So you told a support representative from Amazon (you should realize there are humans behind these accounts) to kill themselves, suggested someone should kill the US president, and "possibly used the 'c' word", and you're wondering why a US-based company might be offended by that?

That's basically a list of the three most offensive things you could possibly say in America. Of course you were banned for it.

Unsure if /s or a smiley needs to be appended to your comment ;) I hereby invoke Poe's Law.

No. No Poe's Law, no /s, no smiley. Maybe things are different in Scotland but in the US if you tell someone to kill themselves and say the US president should be killed, that's about as serious an offense as I can imagine. It doesn't even matter how you feel about the US president, you could be the most anti-Trump person in the world but you still shouldn't expect to say someone should kill the US president and expect that you'll have zero repercussions for it.

Then I think you should read my post again. It's pretty clear none of what I said was to be taken literally. If that's the case then you're suggesting that the average US citizen's ability to perform reading comprehension is even worse than I thought and I simply do not cannot believe that.

It doesn't matter how you intended for it to be taken. If you jokingly told someone to kill themselves and they did actually kill themselves, would you hide behind "they should have known I was joking"?

I read your post three times before I first commented to make sure I wasn't misunderstanding. What you claim to have said is horribly offensive and I can't believe you're trying to shrug it off as no big deal. Maybe it's a cultural difference, but hopefully what you're learning is that it may be okay to tell a human being to kill themselves in Scotland but that is not considered acceptable in the US.

> If you jokingly told someone to kill themselves

I jokingly told an inanimate piece of software to kill itself, AI's are not people, they're machines running lines of code. But I see no point continuing to justify my "cultural" differences in the use of speech other than to say that I've known enough US folks to know that your reaction is something of an outlier. If this is truly how you feel, then I'd be curious to know how the US managed to survive having George Carlin or Bill Hicks on their tellies.

The difference is they are comedians who were commissioned to tell jokes to an audience that is expecting to hear jokes. Meanwhile you told an Amazon employee to kill themselves because you didn't like the output of the technology their company offers.

Again... there are humans behind these Twitter accounts.

@teh_klev explicitly addressed his comment to an AI. Perhaps you're not familiar with it, but this is a common acronym for https://en.wikipedia.org/wiki/Artificial_intelligence. Your comments are all saying the same thing and all deliberately or not missing the point that he was explicit in that he wasn't addressing a human. Any human that creates an account called "Amazon AI" can expect to receive content suitable for an AI.

They didn't create an account called "Amazon AI", they created an account called "@AmazonUK" which is what was referenced in the original comment. @AmazonUK has a human behind the account, not an AI.

And the tweet was directed at "@AmazonUK AI". It was clearly a response to something on the website, not anything the human did.

Would "@AmazonUK's AI" be clearer and satisfy you?

I would prefer humans not tell other humans to kill them selves because believe it or not some people actually do and some people really miss those people.

I agree, while noticing that such an event did not happen here.

I told Amazon's AI to go kill itself, not their employee, which part of that do you not comprehend? There's quite a distinction there and you're being quite disingenuous.

Comedians are no different from regular people, they use the same words as the rest of us. It makes no difference whether you're paid or not to say things. If a comedian tells racist jokes they're still a racist and a bigot regardless of their job.

Edit, sorry couldn't help myself:

> Again... there are humans behind these Twitter accounts.

Are you sure ;)

How does an AI kill itself? It doesn't. But humans do.

I have no idea what you think that proves. They told the AI to kill itself, despite not expecting it to happen or be strictly possible.

Disclaimer: I'm not a lawyer.

My understanding is that when interpreting the law and legal documents like a ToS or EULA things within a list are interpreted to be related to one another. So objectionable" doesn't literally mean anything anyone finds objectionable ever in perpetuity throughout the universe, it means "this list is not comprehensive, other things like the things in this list count". If you added 'saying fuck AWS' to the rest of that list would it make sense in context? The answer is pretty clearly 'no', so that would not be covered. And before someone says "well some people probably thing swearing is as bad as the other things in that list", the law also frequently defines things like this in terms of what a "reasonable" person would think. There is wiggle room, but for things where it's easy to get general consensus, not a lot. Again, not a lawyer, grain of salt, all that.

There's certainly no shortage of "fucks" already on S3, so I'm guessing AWS doesn't give any about them.


I vote for pi hosting :)

I was wondering if they'd try something like that for https://www.lastweekinaws.com--it's critical of them, and they've had a few angles over the years to go after it (trademark, suspending the domain, etc).

Years into the experiment I can safely say that their tolerance for criticism extends far beyond what I'm willing to test out, as I am not a human dumpster goblin.

Are there any hosting providers that claim the opposite? Who has a ToS that specifically allows the items in AWS prohibits?

This reminds me of Douglas Crockford's classic story about the JSLint license containing a "The software shall be used for Good, not Evil" clause: https://www.youtube.com/watch?v=-hCimLnIsDA

The author should AB test two pages on different accounts: one insulting AWS and the other Bezos.

Half of the spam I'm receiving comes from Amazom web services.

> I am Mark Ben John Bill. from FBI unit,i have been instructed by the FBI Director Christopher A. Wray, to inform you that out of our thorough investigation lately , we found out that one of the abandoned valid Packages such as ATM Cards And Consignment Boxes by diplomatic agents who complained that the beneficiaries failed to pay for the anti terrorist clearance certificate to guide and show that the fund is no way related to fraud or drug money,with the information we have here , we found out that one of the funds belongs to you and it worth the sum of $10.5 million US Dollars.

So, IMO, Fuck you AWS, I'm rich now!

Why do you say this comes from AWS?

Likely spam originating from AWS IP addresses.

AWS IP addresses are blacklisted by most email providers...

I'm not sure that's true, I've successfully dispatched SMTP mail from their platform without it getting blocked or tagged as spam.

To be fair, the ratio of spam received from EC2 has dropped in the last month, something has definitely changed (or I'm not a target since then).

I'll let you know.

You can send using SES or SNS but if you send from your own EC2 instance you are gonna have a bad time.

You have to request an rDNS record. It should get through Gmail if you do that, DKIM, SPF, and of course don't send actual spam.

I think the author is taking the legalese too seriously and reading too far into the phrase “otherwise objectionable.”

This is just a standard abuse TOS. Yes, “otherwise objectionable” casts a wide net, but I think in the legal understanding of the sentence it’s supposed to refer to “similarly egregious things that a judge would agree were in this same relative severity of abusive content.”

A judge wouldn’t simply allow “otherwise objectionable” to mean “literally anything.”

I would also point out that if you host abusive/illegal content on your own PC your ISP can shut you down just the same.

I think the legalese should be taken seriously!

For instance, we can draw a comparison to recent controversy with social media platforms. Do you think that social media platforms should be able to remove any content on their platform, regardless of legality? I believe that they can! Otherwise objectionable is hopefully that catch all.

I view the OP as a bit of a misguided test. The blog post, in all likelihood, will remain up. The control the authour speaks of will still remain in the cloud provider's hands.

If you're going to take "legalese" seriously, what you need to take seriously is what it means, which is often slightly different from what it appears to say to a non-lawyer.

Not only do I believe that social media websites should be able to remove content arbitrarily, but that they ought to remove as much content as they can arbitrarily as possible.

this, combined with new government regulation such as EARN IT will make it as difficult and frustrating as possible to communicate on the web, and this will help people move from worse, censorship-prone forms of communication to more robust forms of communication on the internet.

> A judge wouldn’t simply allow “otherwise objectionable” to mean “literally anything.”

Only matters to a limited degree when read in the context of:

> The examples described in this Policy are not exhaustive. We may modify this Policy at any time by posting a revised version on the AWS Site. By using the Services or accessing the AWS Site, you agree to the latest version of this Policy.

If Amazon object to it, even if it isn't 'similarly objectionable', they can adjust their AUP to take it down.

Of course it does, it mentions Amazon, and that's quite offensive.

Wear that on a t-shirt at AWS Reinvent and see what happens.

Amazon is pretty lenient. You have to screw up really badly to lose your AWS account . I have noticed this it be the case for almost all cloud-based hosting services except of of course dropbox.

Unless and until we start regulating cloud providers and social media companies as utilities then these issues will continue to present themselves.


> The problem with hosting a site on S3 is there's no way to use TLS.

The standard solution for having TLS on sites hosted on S3 is to use CloudFront.

If you load the site again it should be using tls. I opted to separate concerns and threw Cloudflare(free tier) in front of it. You might be wondering, well okay its encrypted between my browser and Cloudflare but what about the connection between the Cloudflare proxy server and s3? To solve that I used the s3 api endpoint instead of the website endpoint which supports tls. I turned Cloudflare's tls setting to full which uses tls between proxy and origin but allows for a self-signed cert from the origin. So its encrypted from browser to proxy to s3 api. As long as no one poisons the s3 api dns we should be good.

The standard solution for any issue on AWS is to add another service.

Separation of concerns: https://en.wikipedia.org/wiki/Separation_of_concerns

I, for one, greatly appreciate having CDN features cleanly separated from object storage. It makes sense, since they are completely different things.

The standard solution for any issue on Unix is to pipe the output to another service but very few people complain about POSIX.

The UNIX philosophy would call for a service that does one thing well. CloudFront is a CDN among other things and, in this case, a TLS termination proxy. I should be able to stack something onto S3 that just does the latter, because I may not need the costs or the hassle (to invalidate caches) of a CDN. But hey, it's a free county with lots of competition and Netlify and I think Azure lets you do this.

Because they aren't incrementally charged for each one in according to an arcane and opaque costing schedule.

No, they just pay for the entire server whether they're using it to its full potential or not. Amazon's option is almost always cheaper.

Put CloudFront in front?

Is there a reason to say "Fuck You AWS" other than to cause offense? It's certainly devoid of any meaningful criticism.

Well, he'd want to say that after they had nuked his page ;)

No, this will not be removed. Just like "we might kick you for any reason or without reason" is not a clause you can test-violate.

This specifically sounds like the clause you'd use to kick sites like The Daily Stormer out that are just universally despised and put a large amount of political pressure on whoever enables them, no matter if they're just a "neutral transit provider" or not.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact