I think this is indicative of the biggest problem we have had with social media: there is no legalism here, just "codes of conduct" that companies and users both willfully ignore.
If your handle gets sold by some facebook employee to a rich kid in LA, what recourse do you have? I don't know what laws this would break (maybe some broad definition of fraud? I Am Not A Lawyer) so it's not like this person has a slam dunk legal case...
We have no external arbiters of online interaction, no well-respected third party we can go to to arbitrate. The last defense is the mob, potentially shaming the companies in question into recanting. I've seen it happen on this very website multiple times. But it is not sustainable, it does not scale, and it allows the companies to keep fucking with people who can't make their injustices known.
I think this goes a bit broader than just social media. It really has to do with the concept of ownership of words/handles/subdomains on third-party systems.
Who owns a twitter handle? Who owns an Instagram account handle? Do people with trademarks have a right to their trademark on a third-party system?
I work at AWS. Some of our services allow you to customize subdomains (AWS SSO, as an example). There have been customers (typically large enterprises) that assert they should have rights to a specific subdomain within AWS. These subdomains typically relate to their business name or various trademarks.
Should these customers have rights to these names? If I'm a small business (or perhaps an individual) and reserve companyxyz.amazonapps.com, should a company have recourse to take that away from me?
It's a question that hasn't really been collectively answered within the digital space. And until this question is answered, there are going to continue to be issues.
There's also the international issue. Different countries can have conflicting trademarks. So if you've got a valid trademark for "ACME, inc" from the US, and someone else has a valid trademark for "ACME, inc" from the UK, who gets the ACME domain/TLD/subdomain/twitter handle/etc? Both can get legal judgements in their respective countries!
Forget about international, within a single country you can have identical trademarks in different areas of business [1]. That's why I think we're stuck with first-come, first-served as the only fair way to allocate shared namespaces. I'm pretty sure there was an Apple Ford on the main street in my hometown -- if they get "@apple" first on the next hot social media service, why should anybody be able to take it away from them?
I'd say if you only own "ACME, Inc" in the US (UK), you only get to register acme.co.us (.co.uk). In this case, when no company owns an international ACME trademark, there should be a body that maintains acme.com as a simple text-only disambiguation page showing you links to each ACME, Inc with a description in the respective country's official language(s). I am nearly certain there is already a discussion buried at the end of some RFC about exactly this problem and proposed solutions, which weren't implemented because the good-enough solution was way cheaper than adding trademark disambiguation to the assigned names system.
If the new owner is imposter trying to be the old owner, it would be identity theft and fraud. If it's just giving the handle to someone else there is nothing. If you don't pay for a account, you don't usually own it unless there is something I'm missing.
If you want to own your identity in the internet, get a website you own and don't rely on shady social-media networks that give you something free.
It's remarkably hard to actually "own" anything on the internet. The act of paying for something or not does not dictate what's your property - ASNs are leased, IPs are leased, domains are leased, connections are leased and you'll need to either pay or use someone else's to host something on the internet. The closest you could come is legacy IPv4 space and not rely on traditional infrastructure such as DNS.
Most registrars have decent trademark policies but again it's the internet. Just because you have a trademark in your country doesn't mean someone else doesn't elsewhere or that the registrar is going to care 5 years from now when the ToS change on renewal.
If you want to be securely verifiable on the internet you're better off being searchable and signing your content. The hard part is finding people that care enough to verify who you are in a decentralized manner for that to matter though.
Interestingly you can "own" an Onion address for a Tor hidden service quite easily. You know the private key and nobody else does, so nobody can take your address away from you.
Yeah .onion addresses fall into the bucket of signing things (which works) and trying to get people to care enough to use it (which usually doesn't outside of extreme niches).
An interesting note on Onion addresses though is the top supercomputer is already at the level to be able to brute force collisions for any onion address in a little over a decade. I expect within about 10 years when this becomes a more imminent problem names will become longer.
That's the same level of ownership that you have over anything physical, which is the level of ownership that the comment I was replying to was saying is hard to achieve on the Internet.
Just because a fee is due annually doesn't mean you don't "own" whatever it is that you "lease".
In the real world, you still have to pay taxes and HOA fees on real estate property that you own; plus, have to put up (or finance) a huge deposit in order to "own" it. Same goes for any other large property like cars.
You're talking about trademarks, but trademarks themselves often require renewal every 10 years, where you have to continue paying a renewal fee in order to continue to "own" it.
The question of ownership comes down to whether you have a right to that renewal. As long as you keep paying the fee, you have a right to continue using that trademark, unless legal action is taken to challenge it.
Can you say that about your Twitter handle? Do you have a legal right to keep using that Twitter account, and if Twitter tries to give the account to someone else, can you get an injunction preventing them from doing so? (Now, same question but for your FB, Instagram, email, domain name, etc etc.)
A DV (domain validation) certificate shows the content came from the person in control of the domain (i.e. can change DNS records or change the server content) not that the person in control of the domain is "who it should be". With that in mind the person who can show current control is able to generate new certificates and issue revocations for old ones.
OV (Organization Validation) and EV (Extended Validation) certificates get into the "is it who they say to be" but Let's Encrypt won't issue those. What all getting validated entails is a bit more in depth for each of these and so is the revocation.
The ultimate protection in cases like domain transfers is limited lifetimes though. Gone are the days where the last guy likely had a 2+ year cert for the domain. Let's Encrypt is 90 days max and it's increasingly hard to get even 1 year from traditional players.
That's really not a bad idea like you own a domain you own your federated account on a Platform, you can self host it or put it into their cloud (costs 1$/mtn)...yes yes i know mastodon or diaspora but facebook and twitter should be forced to go a "federated" way, with that they could rip out most if not all of their problems they actually have, and you have all the rights you want (if you host it).
Interestingly, this is the same issue we're seeing in the Senate: in the void where formal rules of procedure should ecist, we're left with 'traditions' built entirely on the shaky premise that everyone is acting in good faith.
This is most definitely against Facebook's internal policies. Therefore, the employee "exceeded access rights" on a protected computer system, by doing something they clearly were not allowed to do. That is a violation of the CFAA (Computer Fraud and Abuse Act), which is a federal felony. Further, the person that actually has possession of the account is likely guilty of either bribery or "honest services fraud" [1] for inducing an employee to break the law in exchange for money or other enticements.
The biggest problem is that a lot of these companies no longer have support for the average users, so, you simply have no way to escalate the issue, other than Hacker News or the like.
It's this support-through-Hacker-News phenomenon that must be addressed. One CDN is especially notable for doing this -- they may delete your site w/o an explanation, and then if it blows up, their CEO or CTO comes here to say not to worry, that you can always contact him directly here through HN or the special email. What if you don't have or don't know HN? We never get any follow-ups or postmortems for these incidents, either; with the companies brushing the whole incident as a private matter, never respecting the wishes of the user to share the details publicly, never sharing the details with the user itself, either.
P.S. Looks like Danny Hall got the account restored a few hours ago with all the pics; but he didn't seem to have received any explanation, either; probably never will.
You’re assuming the attacker was telling the truth about “knowing someone” at Facebook. More likely they figured out how to bypass 2FA (e.g. sim swap, socially engineered a customer service account recovery workflow, etc.)
Yes, that's the simplest explanation. Not that Instagram is above giving an existing nobody's account to a VIP, but they're not going to do that without wiping its content, and notifying the nobody first.
Hey, I knew you on IRC a long time ago. You hooked me up with some SuperVPN proxies that worked for a few years. I left the scene about the same time because of YUI's arrest- I wanted to say thanks. I've been thinking about HTP and co a lot recently, because of my work. Also want to thank you for pwning r000t.
I don't think the "theft" of the username would break any kind of law, as this was a company decision (since it done by an employee) and the username was never your property anyway. I'm assuming that employee definitely violated some internal policies, but nothing from a legal point of view.
The only recourse I can see from a legal point of view is that they seem to have handed over the entire account (as the followers seem to have been carried over), which contains private data including DMs, stories, archives of deleted pictures, etc. Given that the original owner of the account is based in the UK, GDPR should apply. I wonder if people he talked to via DMs (as well as those with private accounts who granted his account access) would also have a case, since Facebook's actions have disclosed private conversations & contents of private accounts) to an unauthorized person.
I don't have a Twitter account but if someone could suggest this person to complain to their local data protection regulator (the ICO in case of the UK) that would be great.
There are plenty of laws that would give rise to remedies in this situation. Contrary to popular belief, tech companies aren't invincible to lawsuits. Neither is the guy operating the stolen account.
The issue isn't whether or not there are theories under tort or contract that would cover remedies here - they would. The issue is whether or not this is something that's economically feasible to get in front of the courts - it's not.
OP is simply ignorant. There are many laws that would make account take-over an illegal activity - it would depend on what exactly the perpetrator did, but wire fraud and criminal conspiracy most likely apply.
If the OP's point is about consumer protection in case of any dispute with online provider, there's maybe a tiny bit of truth, but that's not a criminal law.
If the OP's point is whether there's sufficient enforcement and investigation for account take-over, that would be correct, but it's not clear if the society would be better off spending large resources on investigating those when there are much more serious crimes not being investigated sufficiently and when companies are generally doing reasonable attempts at providing protection.
There is absolutely a legal theory, and that is fraud. If you claim to be someone you are not, and someone relies on your false claim to their detriment, you are liable.
It's likely that Facebook was defrauded here, or that an employee of Facebook breached his employment contract. In either case Facebook would have standing to go after the fraudster/employee, but the account "owner" might not.
My point was whether Facebook itself committed a crime and whether the account holder had any recourse against Facebook. To me it doesn't look like it - the username remains the property of FB and they are free to do anything they want with it.
It might take an open-minded judge to accept this, but attorneys often fall back to common-law negligence when there are no stronger legal theories to rely on.
All the elements of negligence seem to be here, except probably for duty of care. A judge would have to find that Facebook owes a duty of care to its users to protect the integrity of its identities, and that Facebook breached that duty.
I can foresee Facebook and other information service providers fighting vigorously against such a legal conclusion, but maybe it's just the kind of law we need.
It's not only the user name. It's the photos, chats, etc.
Of course one should backup the photos outside Instagram or any other service but I have no idea if Instagram allows that. For Whatsapp on Android it's as easy as syncing the pictures folder on the phone to my computer. Then I backup them with all my other files.
I wonder if the justice department would go after somebody who overtook Donald Trump or other high profile official. They might make the case based off national security as the legal rational. But, otherwise I do agree with your point.
A) Trust the competence of the government to understand the nuance of technology to not pass a law that takes into account all of the Nintendo’s consequences. During the dog and pony show when the house had the 4 tech CEOs to testify, one representative asked Zuckerburg about Twitter’s policies.
B) The impartialness of judges, prosecutors and regulators? Trump is now trying to get a law passed because he didn’t like Twitter’s policies. Would judges appointed by the current administration be more likely rule in favor of “Planned Parenthood” or”Black Live Matters” if they both made a claim over @blm?
As far as a third party. I would much rather have an independent non profit set up and FB, Twitter guarantee funding for them over 10 years and they do binding arbitration. They woukd be hopefully better informed.
> I think this is indicative of the biggest problem we have had with social media: there is no legalism here, just "codes of conduct" that companies and users both willfully ignore.
This is a good thing! If Congress is given the task of creating "modern" Internet legislation, they're almost certainly going to fuck it up somehow. We got a taste of this when Orange Man threatened to nuke Section 230.
I am an e-resident and I "bought" a company in Estonia from another company in Estonia, owned by a Russian scamster. Both companies do exist and are in "good standing".
Estonian authorities don't care about criminal activities, wire fraud or money laundering. In fact, I wasn't even able to get a case number or in most cases even an answer. So this guy is selling the same company over and over again. Not a bad business for him.
In the end, if you think about it, this may be the whole idea of the eResidency. It has become very difficult for companies held by eResidents to open any bank account in Estonia since banks are smarter and are afraid to be cut off from international money transfers. Most of these companies therefore hold bank accounts in other EU countries. Mostly new online banks.
Regarding the Estonian law enforcement, why should they care? It is hard to explain something to a man if his salary depends on not understanding it. And in the end all these companies bring in revenue.
All leads will point you to cybercrime [AT ] politsei.ee
From dozens of emails I never received any reply. It seems not to be monitored. Funny.
Have you detailed this online someone (eg lengthy blog post) or similar?
If no, please do so and point people at it. There isn't much/any info about this kind of problem with eResidency companies. Getting the info to be widely known will help in getting it addressed. At least for the next people. :/
I’m pretty sure PlugWalkJoe is behind this. Someone here mentioned the “dead” account on IG and I remembered, for some reason, Krebs talking about that in his article about the Twitter crypto attack. Either this was a SIM swap or someone in that group has gotten access to IG internal tools just like they did Twitter. I’ve Tweeted @dannyjhall about this.
An interesting aspect to this story is that although there's no real evidence that a Facebook employee was involved, it still seems like a believable explanation to many readers including many commenters here. If a company's customer support is so bad that no one can tell the difference between being hacked and being abused by a rogue employee, does it actually matter what happened? I guess that it matters to the original poster, and I do hope that they do get their photos / account back, but in either case the message the message I'm taking away from the story same: your Facebook account could disappear tomorrow and you'd have no recourse.
Users here will believe any conspiracy theory so that's not really a high bar. I'm serious. There was that massive 2000 comment thread the other month about some big company doing something evil and then it turned out they didn't do it.
Everyone who was right and informed in the original thread was greyed out by users here.
It's not conspiracy theories, it's any story about a big company doing something bad or evil. Or any story that confirms the worldview of the most active HN commenters.
Any story about Facebook, Instagram, Twitter, Google, Uber, or PayPal doing anything negative tends to bring out the most cynical commenters. HN is usually a skeptical crowd, right until a story arrives that fits their worldview.
The false story about Apple's refund policy that garnered 2000 upvotes before being retracted is a prime example ( https://news.ycombinator.com/item?id=23987584 ). When it was in the #1 spot, several people tried to correct the story in the comments. They were heavily downvoted. For some reason, the majority wanted to believe a random Twitter comment over actual iOS app developers trying to correct the misinformation.
Likewise, stories about psychedelics being miracle cures tend to rocket up the front page despite deeply flawed studies (no control group, usually). Meanwhile any study showing negative effects from psychedelics or cannabis tends to get picked apart for for small sample sizes or the evergreen "correlation is not causation" no matter how good the study was.
The real problem is assuming that HN is somehow immune from the same problems as other social media platforms. HN is very much a social media platform.
> It's not conspiracy theories, it's any story about a big company doing something bad or evil. Or any story that confirms the worldview of the most active HN commenters.
> Any story about Facebook, Instagram, Twitter, Google, Uber, or PayPal doing anything negative tends to bring out the most cynical commenters. HN is usually a skeptical crowd, right until a story arrives that fits their worldview.
It's these companies that are cynical, not my worldview!
Nearly every single allegation about these companies doing something sneaky, evil, greedy, and underhanded has turned out be completely true.
When Uber was doing grey-balling, it turned out to be true. When Uber had made a secret agreement with Apple to have their app take screenshots in the background, that was true. Just off of the top of my head I can think of so many preposterous sounding incidents that turned out to be 100% true.
I would assert that people were completely correct to just assume that Apple was doing something shady with the app store. I think it is kind of naive to give Apple the benefit of the doubt at this point.
Haha all too true. I say this as a user of psychedelics.
In any case, just for posterity, the actual event may well have happened, I'm just commenting on whether "HN believes it" has any impact on the truth of whether it happened or whether that company's reputation is shot.
To be fair in that situation, despite the fact that it turned out that Apple didn't actually do the thing in question, it was explicitly in their developer agreement that they were entitled to.
Something is less of a "conspiracy theory" when there is explicit evidence written down in a contract that supports it.
It's not only a conspiracy theory. If you hear about the bully at school stealing someone's lunch, you would be inclined to believe it's true, even though you were not there at the time.
Plenty of abuse and mismanagement from these companies have affected a lot of people, to different degrees, and that sets a precedent over which we all subjectively evaluate their actions.
Just last month I had a Twitter account for a side gig banned for absolutely no reason and with zero explanation. I am more inclined to believe the "rich kid from LA" story than the "hack"/"sim swapping" whatever nonsense. Why? Because I see it happening all the time, everywhere.
For anyone who missed it, here’s the original thread that made the false claim on Twitter that Apple keeps it 30% cut when a customer requests a refund: https://news.ycombinator.com/item?id=23987584
It seems like most of the high-profile examples lately have either been false or misleading.
Just to check, I looked at all posts with over 1000 points in the past couple of months where a big tech company is accused of doing something "evil" to the little guy. They are:
The OP accused GoDaddy of registering a domain for itself after the OP had added it to their cart. It turns out that many people were searching for the same search terms and someone else just happened to register it via GoDaddy on the same day.
The OP implied that Google was banning all Fediverse apps with no recourse for the developers. But it turned out that Google was asking developers to block logins to a set of unmoderated instances that are known to be full of hate speech. Some developers refused, but it seems like most did not, and are doing just fine.
My anecdata says that HN users are among the least likely on social media to believe conspiracy theories. They actually tend to err on the side of skepticism. It's very common to see someone say, "Yes, this could be malice, but it could also be incompetence."
I think this is partly because so many of us have worked in (or with) the targets of most conspiracy theories: government and large corporations.
I think HN users are convinced in their immunity to various things: propaganda, conspiracy theories, advertising. I also think HN users are very good at coming up with reasons for why this might be the case.
There is some evidence of some kind of takeover though. Searching for site:http://instagram.com/danny in google, the first result is the following:
Danny (@danny) • Instagram photos and videos
www.instagram.com › danny
8690 Followers, 134 Following, 100 Posts - See Instagram
photos and videos from Danny (@danny)
This is still in Google's cache. The current instagram profile is very different.
The victim is a real person with a PhD thesis that anyone can read.
Why would someone jeopardize his reputation by using his real name on some kind of staging of a fake account swap? I kindly disagree with your second sentence.
> It’s actually not even evidence that the account even swapped hands!
Do you honestly believe a jury of average people would agree with this proposition? It seems contrary to common sense.
Keep in mind that there is a significant difference between what meets the relevancy bar in court, and what is logically probative. See, e.g., https://www.law.cornell.edu/rules/fre/rule_401
> That’s...not evidence of a facebook employee being implicated.
The account messaged and said a facebook employee was involved. It isn't proof, it isn't strong evidence, but it is evidence and an implication that a facebook employee was involved.
> It’s actually not even evidence that the account even swapped hands!
Similarly the change in account usage pattern isn't proof but it is evidence.
It's believable though. The culture around "OG" accounts really is that weird.
It's easy enough for a Facebook policy team to confirm this one way or the other by looking at the logs. If this gets enough visibility I assume that will happen.
It can be incredibly difficult to get that traction - I know Patrick Grey of Risky Business has mentioned in passing that he's occasionally helped local-to-him small businesses who have been locked out of their Instagram accounts, because it's basically impossible to get assistance except through well-connected folks.
It's easy, but remember that it is not a policy team who will decide what to say publicly, but PR team, which in Facebook's case has a sociopathic/capitalist culture of putting profits above everything, and so they will decide whether confirming it in either way will generate more negative news about that event than leaving it ambiguous.
Here's a screencap of Philip Kaplan's newsletter from 2017 where he claims a friend at Instagram helped him get @DistroKid, which was registered but inactive:
That's not necessarily evidence of rogue employees being able to steal accounts for their friends. That may just mean that they had a friend at Instagram that helped them trigger the official process to delete an inactive account and give the name to someone who plans to use it.
The difference is that this is a documented GitHub policy [0]. I’ve done the same for a handle that didn’t have any activity in its entire history. AFAIK neither Instagram nor Twitter have similar policies (though I somewhat wish they did).
The author's girlfriend had to re-follow the account, which implies the original followers were replaced with Danny's.
In the new Danny's screenshot, it shows that he's followed by three other "OG" account names: "blood", "murder", and "dead". Furthermore, the screenshot was taken from another account, otherwise it would have shown as "This account is private" (Try viewing your own Instagram profile while logged in and private). Whoever was viewing it was therefore friends with Danny, 'blood', 'dead', and 'murder'. In other words, someone interested in OG accounts, or one of new Danny's alternate accounts.
Finally, it would be truly bizarre if new Danny immediately implicated a friend at Facebook before anyone asked him how he got the account. If this was true, I would suspect new Danny would be going to great lengths to hide the fact, rather than trying to hand the excuse out before anyone even asks. This guy just stole someone's Instagram account. He's hardly a credible source.
I wouldn't rush to conclude that a Facebook employee did this. It sounds like the kind of excuse someone would give to pretend to be coming from a position of internal power rather than appearing to be the result of a hack.
It doesn't surprise me at all, actually. These idiots brag about this to friends constantly and try to make new connections inside the companies to exploit. I have a very short Twitter that people try to take over constantly, and by virtue of being on the platform early, I've accrued a few "OG" accounts for various projects or whatever. When someone stole one of my accounts that I didn't use anymore by having their friend take it over, I had my friend look into it and they reversed it.
The account jacking idiot then messaged me trying to get me to put them in touch with my friend so they could try to help them get other accounts and bragged about how he was just going to take some of my other accounts that he somehow knew belonged to me despite there being no link to one another outside of what would be Twitter-internal data. It was the most brazenly ridiculous thing I've ever encountered, but I'm assuming it's an ignorant kid who doesn't realize the possible consequences or a really dumb adult.
So, I can totally believe the idiot would just blurt out how he got it because that gives him clout amongst his miscreant "OG account" friends.
I assume there is no evidence except an account full of pictures of the guy?
Maybe the employee claim is wrong, who knows, but determining who owns the account should be trivial. And frankly, given what we know about how the Twitter "hack" went down (rate limits? sign offs? resetting 2FA? impersonating accounts?!) it is fully believable.
Well the difference between "hey my dad works at Xbox and will ban you" and this is this is now past tense. So it would be a case of you getting banned on Xbox and someone going "Yea that was my dad".
It's possible that the new owner is notified when an issue is submitted and is able to mark the issue as resolved, or IG notes that someone is using the account and assumes there is no longer a problem.
I don't know, but it sounds like the issue was resolved (correctly or incorrectly) the first time, so the user started filing a ton of issues, which were automatically marked as duplicate. Now he's spamming the white hat security form (https://twitter.com/dannyjhall/status/1310231761444581385), which is not likely to get him a response.
Ah yes sure you don’t pay Google a dime, so don’t you worry if you lose your account tomorrow, it’s not like anything is owed to you. Say bye to verroq@gmail.com
Then we would like an answer from FB about what occurred. The handwaving away about "nothing to see here" up and down this thread isn't a satisfactory resolution to the issue at hand. Someone alleges their IG was stolen and they allege that FB is batting away tickets about the issue. It would be nice to see FB respond to this. The urgency is compounded by the fact that Amazon had it's own little insider's ring of people providing "extra" services to people for a price.
You can 2FA on twitter with the Authenticator app. There is no indication that OP was using SMS 2FA, and you would suspect that they would have mentioned that their phone stopped working if in fact they were sim swapped. I agree there is no proof it was an inside job but it seems plausible.
I have seen this happen firsthand on several occasions at several companies, and it’s a well documented risk vector. You see it for things like username takeovers, and also ad account reactivations.
Typically it is not the people with cushy jobs, but those working for vendor companies (moderation, customer support, etc) who have little investment in the company, are barely making minimum wage, and are more than happy to flip a few switches in the dashboard for a few thousand (or less).
People with positions of power are regularly found to take bribes that wouldn't even be a 1/10th of their normal paycheck. Power tripping is a recognized phenomenon, and greed makes people do irrational things sometimes.
The lower-level jobs aren't as "cushy"; I don't see an engineer doing this but I can definitely see a junior in a lower-level customer service or similar administrative role do this.
You cannot imagine how many times I have caught red handed, people with that mentality "screw the policy, my friend needs a loan/credit card/etc". A a bank can and will drag you to court and rip you a new one. That said, not all banks are scummy to create cards/loans to clients without their knowing. Some actually play by the book.
Anyway, yes some people think that because they are good enough at what they do, they will be given a pass when caught. Unbeknownst to them, if any auditors catch them, then the "jokers" can start updating their CV.
Ethically vacuous doesn't mean stupid though, and I doubt they will jeopardize a lucrative career for a quick buck or bragging rights in front of their friends.
People do this all of the time, and there is nothing about jumping through Facebook interview hoops that prevents people from making immoral decisions for personal gain once they're an employee.
You might even argue that joining Facebook is an example of "making an immoral decision for personal gain", therefore any Facebook employee has track record at that.
I'm like 90% sure there was an article about Shopify employees stealing customer data just recently. Not FAANG, granted, but it's still a traditional way of data leaking or accounts being stolen. Inside jobs aren't exactly a rarity.
This is a very common thing. In fact influencers and FB employees publicly and loudly talk about this method and no one stops them. "Hey I'm visiting fb headquarters anyone want a new @ or a checkmark?" Why do random fb employees even have this capability?
> Why do random fb employees even have this capability?
Assuming that's what happened here, its because to them it is pure coincidence that the market values these database entries at all.
Like sure, at this point they know it means a lot to people and inspires many other people and can effect entire markets that they are unaware of, but from their perspective it isn't "god mode" its "lol ok, wanna hit up sushi for lunch later?"
And this is why I’ll never use Facebook or Instagram again. I can’t even begin to imagine and angst the OP is going through right now. Imagine if it was your business? My sister uses Instagram exclusively to market and promote her beauty salon business. I can only imagine what her reaction would be if something like this happened to her (really my only reference). Letting people have access to data let’s people manipulate that data. Whether this was an insider giving his friend the account or it was hacked and taken over, it doesn’t matter how, things like the OP’s situation should NEVER exist.
Well, thank God for that, because with that kind of authoritative observation we can close the books on this one permanently. Dodged a bullet there, didn’t we? Pitchforks down, everyone, ‘mrits has this one in hand.
This is an extremely well-known phenomenon. This is the third time I’ve heard of it happening to an OG. It’s pretty common knowledge that the right teams inside Instagram look the other way; what’s a user going to do, sue? People are making money.
I’m sure your roommate who works on Tupperware or whatever wouldn’t know a thing about it, but Facebook is also roughly the size of Romania, so perhaps your front row seat to the inner workings of an organization that also legally compels your roommate to not tell you things isn’t as end all as you’d assume.
So are you asking for screenshots from my email of the thread where everyone came together to agree on the terms and execution of the conspiracy, or?
Also, sarcasm isn’t an emotion. I’m English, so perhaps consider that my culture of challenging someone is different from yours before projecting whatever big bad horrible emotional troll hurt your feelings once. Facebook is literally more employees than even populate this dreadful site, but someone says “my roommate’s brother’s uncle by blood works there and I’ve never heard of it so it’s plainly false” and we’re all to just fawn over the precious insight?
I’m sorry, I’ll try again: thanks, ‘mrats. Very brave.
[Rhetorically expresses curiosity at what those terms might have looked like, broadly speaking]
Not the obvious, like "everyone's going to look the other way", but more like... target account upper watermarks, "motivation threshold" (ahem), internal tracking (if any), collective opinion on precedent, etc.
I think this thread firmly establishes the range of such a proportion, but we’ll need the n of ‘mrits social network to arrive at a number. It’s somewhere between “they know a few people” and “their entire waking life is surrounded by Facebook employees” (poor soul) which also bounds our calculations.
This is openly discussed with bemusement on my non-Instagram team is what I can say.
Yes and I work remotely at AWS and I never hear the FC workers talking about working conditions....
All of the Big tech companies are so large and have their hands in so many pots, that working at a company as the equivalent of an L5/L6 that you are out of the loop about most things that go on.
I had this happen to one of my accounts, it got taken over by someone, I don’t know how, but I moved heaven and earth to reach someone at Instagram to no avail. It confirmed in my mind that the employees of Facebook and Instagram could not care less about any of us unless we are making the money.
It's sad and upsetting, but when will people learn that Facebook, Google et al do not care at all about individual users? Their model simply does not factor in the worries of a single user.
(Worse is how they want to propagate the idea that software should be free and of highest quality, thus preventing any communal attempts at creating different models.)
> when will people learn that Facebook, Google et al do not care at all about individual users?
When will people learn, not just Facebook, Google et al, but no large company cares about individual users? Coca-Cola, Delta Air Lines, Ford, Unilever, Visa, Walmart do not care about individual users.
Not because all of them are bad, but simply because they physically cannot deal with every complaint. Even worse, when they become better at handling complaints, people start complaining more. So they focus on some more important complaints, and some users get thrown overboard. This is sad, but this is inevitable.
That said, it would be great to have a paid technical support. You have lost an access to Google account (hacked, lost password, not logged in for two years, whatever), pay $100-1000 (if it's really valuable to you), and a special qualified person will do a proper background check (e. g. call your employer) to verify that you is really someone who you claim to be.
It's a little difference with Facebook and Google, because unlike the other companies you mentioned, users are not the customers of Facebook and Google -- advertisers are. There is very little incentive to make their users happy when their users are not paying for the service.
> It's a little difference with Facebook and Google, because unlike the other companies you mentioned, users are not the customers of Facebook and Google -- advertisers are.
This is so tiring.
Also, I've been paying Google real money for half a decade or so, so I am definitely their customer.
That said I'm well aware that that doesn't seem to mean anything in Google land and I might be thrown out for anything tomorrow with no explanation and no way to get my account back except complaining in social media.
It's still true on an institutional level, though.
Paying customers at Google are pin money, AdSense is bread and butter.
If there's a conflict, AdSense wins, period. There's a firmly entrenched culture where user accounts are a cost center, to be managed "at scale", that carries over to paying accounts. That attitude shouldn't carry over, of course; nonetheless, it does, as you recognize in your last paragraph.
> There is very little incentive to make their users happy when their users are not paying for the service
This is plainly obviously wrong.
When users are not happy, they leave the service, and advertizers stop paying.
Even more, companies are much more afraid to lose users than to lose advertizers. Companies can live years without advertizers (by borrowing money for example or by burning reserves), but if a company lost it's users, the company is finished.
Yes, in some way. But sole complaints are simply not hurting FB. How many of the people complaining would've used Instagram otherwise or even go as far as closing their account? I doubt the can even zoom in their Dashboard far enough to see the impact.
The real problem here is that for a single account, you're far more dependent on Instagram than Instagram is on you.
> you're far more dependent on Instagram than Instagram is on you
Same way, if you have a Ford car, you depend on Ford much more than Ford on you.
> But sole complaints are simply not hurting FB.
Same as complaints on bad Ford service don't really hurt Ford.
Anyway, that has nothing to do with the fact that users of Facebook are not paying Facebook.
> There is very little incentive to make their users happy when their users are not paying for the service
This quote [typo] is very incorrect. I'm not going to argue that Facebook/Google support is good or bad, I'm just pointing out this statement is false.
> Same way, if you have a Ford car, you depend on Ford much more than Ford on you.
But the latter is contractually obligated to help you to some extend due to warranty etc.. Also, Ford has far less lock-in than Instagram.
> > There is very little incentive to make their users happy when their users are not paying for the service
>
> This quite is very incorrect.
I'm not disagreeing with you here; I'm disagreeing with your point that users are (far) more important than advertisers. Single-user complaints or unhappiness tends to be ignored, I doubt the same is true for advertisers. The recent Reddit changes, for example, show this very clearly (to be fair: I don't have an FB-example as I don't follow it in any way).
Something like that does exist for Google account access problems - you can pay a few dollars (which also ties you to a presumably-authenticated credit card, and so helps authenticate you to Google) for an expedited response.
An economic and political system technically literally cannot care about people, same way as temperature, gravity, philosophy or history cannot care about people.
This is an extremely reductive. Temperature or gravity are not composed of people, who have the ability to make change within the system they comprise.
Too high or too low temperature environment can hurt people. People with a soldeing iron can hurt people. People putting other people in the fridge can hurt people. Just temperature is not something which can do anything to anyone.
Capitalist companies, people living in capitalism, governments under capitalism, taxes and so on may be good or bad for people.
But saying "capitalism does not give a shit about people" is just literally nonsense. Of course it doesn't because an economic and political system is not an actor.
I could infer from the original comment that all actors under capitalism "do not give a shit", but that's obviously untrue. For example, wikipedia lives under capitalism and benefits from the capitalist system, and obiously it is good for people.
I could assume that the actor mean very narrow group of actors when they said "capitalism", but I won't because I will likely be wrong about understanding what the author really wanted to say (rich people? all people? large corporations? any corporations? including non-profits? and so on). It would be better if the author added some clarity to their comments. Would be better if the author said what exactly they wanted to say without throwing literally meaningless socialist slogans.
Well, socialism (in its original form, not USSR-style "socialism") for example is an economic system that, by its definition, cares about people and their wellness. Capitalism, in contrast, is an economic system that, by its definition, doesn't care about people or their wellness. Just like democracy is a political system that cares about the people, whereas monarchy is a political system that doesn't.
If you want to be pedantic, you can say that the proper phrasing would be something like "socialism is an economic system whose defined goals are people's wellness", "capitalism is an economic system whose defined goals have nothing to do with people's wellness (they are profit for the owners of capital, and perhaps innovation)". But "caring for" is obvious shorthand for this.
You can, of course, say that individual actors living under any of these systems may or may not care about the people, and that's true. But the system itself may be designed with or without the people in mind, and different systems fall on different sides of this idea - for better or for worse.
It is like saying, railroads don't care about people, railroads are only interested in trains moving fast and reliably.
Or it is like saying, doctors (even under socialism) don't care about people, they only care about getting their salaries.
Smarter people make one step further concluding that fast and reliable trains are beneficial to people, doctors heal sick people, and capitalism generally make people wealthier.
> capitalism is an economic system whose defined goals have nothing to do with people's wellness (they are profit for the owners of capital, and perhaps innovation)"
Adam Smith' first book called "The Wealth of the Nations" not "The Wealth of the Richest People in Power").
I would not go that far to define a "goal" of capitalism. It is just a system of rules and principles, there's no goal in it.
And these rules and principles are profitable for both capital owners (they can grow their capital), and for regular dudes (who can be paid better because market provides them with more opportunities to pick different jobs and higher quality jobs and who can use cheaper good and services).
I'm sorry but this still treats capitalism as some ridgid, immutable force. This is demonstrably untrue. We, today, have capitalism shaped by the will of the people. The degree to which we allow it to be shaped is the actual point of contention, not the malleability itself.
I also find it unfortunate that you'd choose to represent such potential flexibility in the system as "meaningless socialist slogans." That makes it feel like you're not engaging in good faith with the central argument.
I’ve read somewhere that Facebook even embeds tracking pixels in the HTML of the data export, so keep this in mind if you ever actually look at the exported data.
Google produces irrelevant results no matter what I try (searching anything about Facebook tracking pixels brings up tons of marketing-related SEO spam) so I suggest someone with a Facebook account just tries it and reports back. Until then, better safe than sorry, assume the worst (which at this point should be the norm when dealing with the company we're talking about) and proceed accordingly.
Images on public Facebook are indeed marked (a unique ID is embedded in every picture's EXIF data) so I wouldn't be surprised if the exported ones were too (not necessarily for malicious reason even, if the images are being marked at upload time, Facebook may not even have the original unmarked image anymore).
This reminded me of an article I read a while ago about Instagram employees selling verification... one of the sources mentions they also sell accounts, but the story is mostly about selling verification.
The arbitrariness with which these companies rule over our digital lives infuriates me more from month to month. We do our best to fight dictators in the physical world but somehow accept them in the digital realm.
While they do have power over users on their platform, they're voluntary applications that people choose to give control to for convenience and publicity. Unlike credit bureaus who actually ruin peoples' lives with their carelessness and you can't even opt out, social media apps are purely opt-in, and you don't get your wages garnished or bank accounts emptied or lose your ability to drive because of them.
And while I hope danny gets his username back, and it's ridiculous what happened, the value of the user account handle that danny had was created by Instagram's efforts. You don't have property rights to it the same way you own actual property or a domain name registered under your name.
>While they do have power over users on their platform, they're voluntary applications that people choose to give control to for convenience and publicity.
It's true a username isn't property, but there are some instances where merely conferring a certain status has such an enormous impact on people's lives that there are certain legal protections around it. Your job, for example.
One could argue that digital identity codes like domains and social media usernames have become similarly important. Entire businesses, extremely profitable ones sometimes, can be tied to a single username.
I’m with you to a degree, but if most anyone’s email account vanished, or worse was stolen, I’d be pretty confident guessing that they’re screwed.
For more typical social media, losing a decade of pictures is pretty harmful. It’s not about the value of the @danny handle, it’s also about the account being gone. And the privacy issues if the new person got all the DMs and private info.
You're right that these things are devastating when they happen, but pre- social media, they happened all the time. Every year, half the people born in [year-21] lose their university email accounts (including their google drive, etc.) and eventually transfer to another email just fine. Before online identity, people lost their phone numbers and had to inform friends that they switched to a new one. You'd get the previous owner's texts, and have to tell them you just got that number. Or if you moved addresses and you would get the previous owner's mail, and the same would happen to you due to postal errors. People lost their pictures because of disk failure, fires, and other means, and would continue living happy and productive lives.
Post- social media, if people are backing up their data, then the problem is pretty much nil (chances that your social media account and your local storage both go kaput at the same time are pretty small).
Of course email isn’t new and neither are phones. Things like 2FA are new, as are other things assuming you still have the phone and email you signed up with. The problem isn’t the thing, it’s the services that rely on the assumption that you still have the thing.
...in an unfree economic system (patents and IP give monopolies) with a black box money system (money is an enclosed protocol). Cooperative Open Value Networks are the future. [1]
It is a nuisance to the people around you. If they're organizing something and make a FB/VK event for it, someone will have to bother themselves with relaying you all the updates via your preferred communication channels.
In this context he's not wrong. Planning a party (for example) might involve a lot of discussion for time, food etc. It's far more complicated to organize this with everyone and find a common demoninator compared to simply putting people in a group, with everyone giving his input when needed.
Yes. Some of my friends have a VK event for their birthday party that they reuse annually. Much more convenient than chatting with everyone individually or making a group chat (but then everyone needs to be using the same IM service so this problem comes up again).
In the end, if you're not on whichever social media service is popular around you, you're missing out.
Well said. There should be really good laws for these companies. Sadly no same bad PR yet received to google/amazon like facebook. The amound of data both collect is enormous.
I've often pondered this. Might be going out on a limb here but tech workers aren't typically the sorts of people espousing the tenets of Fascism. Why is it that the companies they work for invariably end up leaning that way?
I don't believe this is something inherent in Capitalism either. If I had an issue with any other kind of business the experience would be vastly different.
In most other industries there is actual competition so companies benefit by providing exceptional customer service. Due to the winner takes all network effects of social media platforms they can get away with treating individuals poorly since there are not real alternatives. If Instagram was separated from Facebook then both would have an incentive to improve.
You can just... stop using their services. I deleted my Reddit and Twitter accounts a year or two ago, and have missed out on absolutely nothing of importance. Digital "life" is totally impoverished.
A friend of mine lost access to his Instagram account that was blocked for impersonating others (he shares the name with a known person). He had no recourse for six months as the form to appeal the decision didn’t work... finally got it fixed in 10 minutes this summer when the form magically worked again
Is this hearsay or is there proof? Aside from @danny saying it was from an fb employee, there’s nothing else to indicate it was, and I wouldn’t trust the word of a hacker/recipient of a hacked account.
I think the biggest 'proof' there is that the twitter account states they haven't received any 2FA requests. Assuming we're taking this as truth then:
1.) Somehow MFA got disabled on the account (or avoided altogether)
2.) Could've got SIM swapped. However this seems rather unlikely, as there are no other reported IoCs which point toward SIM swapping (i.e. can't call or text).
> "I wouldn’t trust the word of a hacker/recipient of a hacked account."
I wouldn't discount it. This isn't some APT that ran a Stuxnet operation. It's someone who allegedly exploited a system to get an og account. The whole reason people want og accounts is because they're a status symbol in some circles.
It's quite likely that someone associated with stealing an og is an immature braggart. So they may do things immature braggarts would do... like talk about their TTP.
Skepticism is warranted but, did everyone forget about a month (?) ago when an insider and "OG username" people did the bitcoin scam on twitter? It's not an unreasonable assumption that this can happen elsewhere.
I lost my facebook account last year after someone copyrighted my own profile photos, I get a strike every time I upload a selfy then my account got shut down, this is slightly different from this story but it show that facebook spend zero effort to fix this issue unless the story blow up, I am political activist in Algeria and the dictator regime there were using some 3rd party companies to copyright activists content on facebook and use it to shutdown their pages
If true, this is despicable and deserves a lot of attention and (maybe) some regulatory response. However, is there a more detailed description instead of a few twits.
It seems from the posted pictures that the account was stolen, but why does the author think that a Facebook employee or a Facebook company is behind it? An honest question.
I find it strange that the Facebook employee wouldn't just forcibly change OP's username to something else (e.g. @danny123) then give the desired name to their friend. Actually stealing someone's account seems like an over the top and unlikely way to go about this.
I'd assume there would be bots or just someone trying to sign up with that username by random chance, so they didn't want to leave the username available for a moment.
I'd assume there is a proper, transactional (as in database transactions) way to swap usernames like that but the person who did this most likely didn't have access to it (for good reason) and just did an email change + password reset on the original account.
> and just did an email change + password reset on the original account.
But isn't that why the user had 2FA on? Why can someone change the email + switch off 2FA; you would want only 1 of these would you not? If you tell support you lost your email and 2FA, that would be very unlikely, so why would it be so easy to set that up?
Are there immutable logs with credentials for this kind of action and how easy is it for employees to access / change it; I mean why would many people have the permission to take this action? Especially without some kind of flag that there is something up with the account (like unused, flagged content etc).
Good reminder that all "your" messages, photos, private data etc never belonged to you. It always belonged to Facebook and they can do whatever they want with it. Including deleting everything on a whim if it pleases them.
How do we change that? We go back to personal websites that you fully own. All of those platforms have been proven to be highly unethical (especially Facebook). Trusting them with all your data has always been a bad move. We need to take back ownership of our platform.
I lost my Insta account a year ago. I have explored all possible ways to fix it. Really all. Was working on it for six months. But Facebook didn't provide any real way to restore the access. Even though I had my phone number verified before. If you don't have good connections or can make a social media storm, it is impossible to get the account back.
But it occurred I was authentic enough to remove my account. Not to regain access but to delete it - yes. Which I did.
It is one of many moments during last year's Facebook gave me the cringy feeling I am not a valuable product for them
And yet, that rule is stupid. But your logic instagram could just give @kyliejenner to some random person, and you think she would have no recourse? You think it would be acceptable for someone at instagram to do Kylie Jenner a personal favor and give her `@kylie`, and the person who currently has it should have no recourse? Kylie is just an example person with a larger following; I'm not implying that this happened, is happening, or she is in any way involved in this practice.
People like to make the claim that "a handle or username has no value" which is just insane. If it had no value, people wouldn't try to steal them.
If the first line of a bank ToS was "you can lose your account at any time for any reason", would you think that is acceptable? No, because money _obviously has value_. Usernames have value, and in some cases, usernames have more value than many people's bank accounts.
"you can lose your account at any time for any reason" is just an excuse to avoid any concept of _public_ user support.
Doesn't matter. They can still do it to anyone anyway.
> But your logic instagram could just give @kyliejenner to some random person, and you think she would have no recourse?
Well yes. They (Facebook) own the platform, it's a privately owned company and they can do whatever they like either via the ToS or in general. You don't own your account handle. They reserve the right to terminate your account or disable the handle at any time.
Strong disagree. If Facebook tried this against anyone with a moderate following there would be a Tortious interference and/or fraud lawsuit filed _immediately_.
When Trump's twitter account was deleted by a rogue employee for all of 10 minutes, Twitter most definitely did not just sit back and say "We reserve the right to terminate your account at any time".
> it's a privately owned company
I know this is going to sound pedantic, but this is wrong. Facebook is a publicly-owned company.
>I know this is going to sound pedantic, but this is wrong. Facebook is a publicly-owned company.
No the original statement was correct, your statement is wrong. If you want to really be pedantic then Facebook is a public company that is privately owned.
A publicly owned company [0] is one that is owned by a government. A public company [1] is one whose shares are traded on a public stock exchange.
What is the purpose of this comment? It has the appearance of being a defense of an unjust status quo. Is that your intent? Or do you think a "reminder" of the existence and consequences of unjust power structures serves some other, useful purpose? It doesn't, but I'm interested to know your rationale.
I'm just saying that platform's behavior to top users, doesn't say much about what they can or can't do (or are doing) under their ToS to normal people.
The purpose of the comment seems fairly straightforward and highlights exactly what was originally claimed, that the section of the ToS that claims Instagram can close any account for any reason is only true for people who have no influence or notoriety. It is not true of public and/or influential figures who could have a strong claim against Instagram for arbitrarily deciding to close their account.
That one set of rules apply to people in power and another set of rules apply to the general population is certainly something to take into account.
Do you think that this comment provides new information to literally anybody who is reading it? Given the answer is obviously "no", what do you think the actual effect is? Do you understand that it reads as a defense of the status quo?
It's not my logic. It's in the ToS. They can terminate that account. And what can they do afterwards is unspecified, so presumably they can do anything, except for sharing private data from that account with someone else.
Banks' baseline behavior is ruled by law and national banking regulations, not just some ToS. That's probably why paypal and similar are in no rush to become real banking institutions.
Regardless of the technical aspect if this is possible or not (I like how a random commenter here claiming he’s from Instagram is asking people not to trust a random tweet with a screenshot), I don’t see the problem as some suggested with the lack of regulation in social media. The issue is really in the blind trust people have put in these companies. Losing the username is one thing, but losing access to messages and potential private images on there is the actual pain, maybe not for this guy specifically but fun general. Having your private conversation on these platforms, your entire business or a huge portion of your marketing, or as a main way to “connect” with others is the problem, it’s like leaving your door and windows open for a week and then being surprised that your house got robbed. It might not happen, but it’s a huge risk. The solution is easy: don’t entirely depend on these platforms and don’t store valuable data there.
Social media accounts can be worth real money in the right conditions. It might be time to start having some real regulations around these things. If my bank account was hijacked, the bank wouldn't be able to just ignore my pleas. I remember seeing a youtuber who made a living off her account about a year ago get her account hijacked, and it took months to resovle the issue. Youtube didn't really help her at all until it became quite public.
Any company with large number of users. It is not specific to internet companies. If you complain to McDonald's, you don't really expect to a proper investigation of that wrong burger incident.
> If it was ketchup instead of curry, or if they put 8 nuggets instead of 9, I very much doubt so
Sorry, but I've ordered a specific burger at McD's dozens of times: very occasionally they mess up the order, at this point you take the wrong burger straight back to the counter with your receipt, they (always!) apologise profusely, then immediately make you a new one the way you ordered it.
> If it was ketchup instead of curry, or if they put 8 nuggets instead of 9, I very much doubt so.
According to the people I know who worked at McDonald's, wrong orders that are reported to corporate are taken very seriously. Corporate gives the person who reports the errors coupons for free meals.
Anecdotal, but I used to own the @clonetrooper Twitter handle. One day I woke up and someone else had it.
Tried contacting Twitter, and they wouldn't accept my screenshots as evidence that I owned it. So what do I do? It's been almost a decade now, and I will never get it back.
There's a great episode on ReplyAll podcast[0] about the methods for bypassing 2FA to snag accounts. Was the 2FA endpoint a SMS cell number? In that case, it's probable the thief fraudulently impersonated the victim to the cell service provider and phished the 2FA code. Sadly, the cell providers are the weakest link in that particular chain (probably much weaker than Facebook's security).
I also wouldn't put it past someone to guess a password or have reused a password with another service that has been hacked. Humans are terrible at password hygene.
This is one of the symptoms of possible anticompetitive issues. Facebook has a lot more power now and really no meaningful competitors. The more you learn the more you realize that competition can be a good thing and facebook may be abusing their position.
A bit late - but worth adding anyway, the issue was apparently resolved, and the relevant Instagram account returned. Although no explanation on what occurred.
More than this, instagram doesn't take reports seriously. I have reported many accounts obviously impersonating celebrities to gain followers, and they didn't ban those accounts.
Technically nobody owns anything. An ID is assigned at the discretion of the issuing organization. The ID wasn’t purchased, rights and ownership was never transferred.
On a related note, I would appreciate suggestions on how to regain my Facebook account, shut down without explanation a year ago. Despite its age (15 years) I barely used it, let alone for anything "controversial", but did regularly log into it. I have repeatedly tried to verify my identity by submitting an image of my driver's license, without any response.
I don't want to create a fake new Facebook account. I want my own back.
This has happened to me previously on FB. Had an account, of my first and middle names, that I'd stayed up to get when they released that feature on FB. Both short names like LeoMark. Woke up one morning and they'd changed it to LeoMarkus, and given the old account to someone. Pretty sure something similar also happened on LinkedIn.
Was pissed off at the time but pretty happy with no Facebook account these days.
https://help.instagram.com/519522125107875 based on the data policy, Danny Hall and imposter collected as the same identity. One wonders if the ads will be pitched to the same 2 individuals.
Sounds an awful lot like the Twitter Blue Checkmark Hack a few months ago where a hacker got into a db and just reset all the accounts to his own/his friends email addresses
This isn’t your property. It belongs to Facebook, they are just letting you use it and they have the right to take it away or do whatever they want with it. If you’re a nobody you don’t have a lot of recourse, just got to move on with your life.
Its exactly the same as with government, yes? Roads isn't our property, houses (sometime) isn't our property, country where we all live isn't our property.
So what?
If you are so easier to shock, you will probably die from a heart attack at 30.
But seriously, it is an action of one bad employee at worst, this story (if it is even true) can happen in any company. Facebook gets spotlighted simply because it is large.
No, they get spotlighted because when stuff like this happen, it's impossible to resolve or get in touch with a human. If it was resolved after contacting support it wouldn't have been a story.
> it's impossible to resolve or get in touch with a human
I worked in a couple of large internet companies. The army of support people work long hours trying to deal with endless stream of support requests from people who cannot articulate what they actually need, disappear after a couple message, throw insults at support, and in addition to that a lot of fraud requests, spam and so on. I read some of their conversations with users (when they were related to my work), dealing with them is really hard.
I belive companies technically physically cannot do much better at tech support.
When your car breaks, you simply go to repair service, and pay to get the issue resolved.
Asking to cancel any large internet company for bad tech support is childish.
Adult response would be: I want paid tech support.
Something similar happened to me too - an automated squatter took control of my account when I changed email addresses, started posting TOS violating images and got banned. There’s zero support unless you ask someone to abuse their access to help.
I work at Instagram and there's literally zero chance of this happening. I work on the backend, so I know the kind of tools or logging we do. If in the chance this happens remotely, like 1 in a million chance, the employee will be fired like instantly.
I can't believe a random tweet with a screenshot is on front page of HN with 500+ upvotes.
The account transfer happening may well have occurred, whilst the mechanism is misrepresented (likely by the attacker). Either way, a claimed user is plausibly representing a problem with no viable recourse from IG/FB.
The upshot of unauthorised account transfer would still lie on Instagram/Facebook, and should you in fact be a back-end engineer, filing a ticket and escalation would be strongly encouraged.
> I can't believe a random tweet with a screenshot is on front page of HN with 500+ upvotes.
How does that outcome compare to the believability of your average HN throwaway account?
Green username person says it's like a one in a million chance. Fired instantly? Oh the nos, will The Zuck rain down torment and lightning from the sky like Zeus?
It wouldn't be if Facebook didn't prove in the past it is the most immoral online company. I get that they pay you, but maybe it's time to take another look at your employer with a more objective lens?
Which I'd assume will be filled with alt-right and similar content (banned from other platforms usually for good reason), anime avatars and a liberal dose of poor taste (and potentially illegal in certain jurisdictions) content such as "lolicon".
None of this is something most people want to be anywhere near. While mainstream social media has many flaws, at least I am grateful for the fact that it bans, discourages or significantly dilutes this kind of content so that it isn't visible in most cases.
Not really, actually. Pixelfed (and mastodon, at least the official instances) aren't at all anti-moderation, for better or worse. They're more about moderation at the local instance level. I don't run in to any alt-right content on either pixelfed or mastodon. Not that I'm a huge user of either.
As long as you stay away from sites that are purposely for that audience like Gab, you will be fine.
Most Mastodon users feel the same way we do, and block users and instances that promote toxic content. Join an instance with similarly minded people and you will never see people be shitty in those specific ways because they're blocked from engaging entirely.
Lots of the servers simply block based on tribalism though, irrespective of "toxic content".
My single-user instance, for example, which is entirely free of "toxic content", even with an extremely critical viewpoint, is blocked by an admin of a popular public instance of 17k users, none of whom can follow me (or can I follow), simply because I publicly disagreed with him about the virtue of instance censorship.
These things tend to naturally centralize, and that's always going to enable small groups to have an invisible, unearned, outsized influence over what people can see or read.
I think client-server is the wrong model for p2p networks. Look at the issues with the deliverability cartel and the relative inability of normal people to deliver messages to Gmail users without paying money into it.
Does the new owner of the account have access to his previous messages? I wonder how this would play out with GDPR if the original owner was from the EU.
As someone who used to be following his account, any messages we'd had have now gone from my inbox. I also haven't been able to find any likes on any of my images (there was previously)
Are we seriously just going to presume that this is true based on a hacker saying "my friend works at facebook"? This feels like the Apple refund thread all over again, with the same problematic outcome if it turns out to be false - people not seeing the rebuttal and still thinking it actually happened.
For all the talk about The Social Dilemma and how quickly unconfirmed stories spread and are cemented due to social media I'm disappointed that we are no better. We devour this as facts just because it fits our narrative.
I suppose he has read and agreed to Terms of Service when he signed up, which gives the company ability to do anything with their account. Facebook is not in the wrong here against this guy, just some employee did not follow the Facebook's internal rules.
The number of votes on this post says otherwise. I find HN is good at solving these kind of issues and I find the stories behind these posts interesting.
I never said its a solution to the problem. Its a solution to the symptom - the crappy non-content posts on HN like this one. I'm pretty sure these post are against the guidelines anyway.
There is no reason here to believe the victim is telling the truth.
He could have simply grown tired of the Danny username, because of the constant spam it gets, and decided to cash in on it in exchange for some internet fame.
I assure you no Facebook employee would do something like this, an audit would clearly show what happened and that employee would be terminated quickly and probably face legal repercussions.
I'm worried about the failure of Internet literacy reflected here. As far as I can tell, the author of the Twitter thread is just some guy, not famous or otherwise widely known to be reputable. And he's presented no evidence which can be independently confirmed - he could be misunderstanding the scenario, or the framing could be made up, or the screenshots could be faked, or any of a million other things. But a bunch of us - 201, as of when I'm writing this comment - are signal boosting and discussing his accusation based on no information beyond our preconceptions about what kinds of things Facebook might do.
If your handle gets sold by some facebook employee to a rich kid in LA, what recourse do you have? I don't know what laws this would break (maybe some broad definition of fraud? I Am Not A Lawyer) so it's not like this person has a slam dunk legal case...
We have no external arbiters of online interaction, no well-respected third party we can go to to arbitrate. The last defense is the mob, potentially shaming the companies in question into recanting. I've seen it happen on this very website multiple times. But it is not sustainable, it does not scale, and it allows the companies to keep fucking with people who can't make their injustices known.