If your handle gets sold by some facebook employee to a rich kid in LA, what recourse do you have? I don't know what laws this would break (maybe some broad definition of fraud? I Am Not A Lawyer) so it's not like this person has a slam dunk legal case...
We have no external arbiters of online interaction, no well-respected third party we can go to to arbitrate. The last defense is the mob, potentially shaming the companies in question into recanting. I've seen it happen on this very website multiple times. But it is not sustainable, it does not scale, and it allows the companies to keep fucking with people who can't make their injustices known.
Who owns a twitter handle? Who owns an Instagram account handle? Do people with trademarks have a right to their trademark on a third-party system?
I work at AWS. Some of our services allow you to customize subdomains (AWS SSO, as an example). There have been customers (typically large enterprises) that assert they should have rights to a specific subdomain within AWS. These subdomains typically relate to their business name or various trademarks.
Should these customers have rights to these names? If I'm a small business (or perhaps an individual) and reserve companyxyz.amazonapps.com, should a company have recourse to take that away from me?
It's a question that hasn't really been collectively answered within the digital space. And until this question is answered, there are going to continue to be issues.
The US (and seemingly other countries) trademark system is woefully underspecified for the modern world. Among other issues:
- Enforcement, given an exponential explosion of user-created public content with increasingly sophisticated tools
- 1:1 design & physical matter copying
- Likeness-intended / indistinguishable deepfakes
Trademark skated by on "Would it confuse potential customers?" for decades, but we're at a place where that's no longer sufficiently precise.
If you want to own your identity in the internet, get a website you own and don't rely on shady social-media networks that give you something free.
Most registrars have decent trademark policies but again it's the internet. Just because you have a trademark in your country doesn't mean someone else doesn't elsewhere or that the registrar is going to care 5 years from now when the ToS change on renewal.
If you want to be securely verifiable on the internet you're better off being searchable and signing your content. The hard part is finding people that care enough to verify who you are in a decentralized manner for that to matter though.
An interesting note on Onion addresses though is the top supercomputer is already at the level to be able to brute force collisions for any onion address in a little over a decade. I expect within about 10 years when this becomes a more imminent problem names will become longer.
That's the same level of ownership that you have over anything physical, which is the level of ownership that the comment I was replying to was saying is hard to achieve on the Internet.
In the real world, you still have to pay taxes and HOA fees on real estate property that you own; plus, have to put up (or finance) a huge deposit in order to "own" it. Same goes for any other large property like cars.
You're talking about trademarks, but trademarks themselves often require renewal every 10 years, where you have to continue paying a renewal fee in order to continue to "own" it.
Can you say that about your Twitter handle? Do you have a legal right to keep using that Twitter account, and if Twitter tries to give the account to someone else, can you get an injunction preventing them from doing so? (Now, same question but for your FB, Instagram, email, domain name, etc etc.)
OV (Organization Validation) and EV (Extended Validation) certificates get into the "is it who they say to be" but Let's Encrypt won't issue those. What all getting validated entails is a bit more in depth for each of these and so is the revocation.
The ultimate protection in cases like domain transfers is limited lifetimes though. Gone are the days where the last guy likely had a 2+ year cert for the domain. Let's Encrypt is 90 days max and it's increasingly hard to get even 1 year from traditional players.
It's this support-through-Hacker-News phenomenon that must be addressed. One CDN is especially notable for doing this -- they may delete your site w/o an explanation, and then if it blows up, their CEO or CTO comes here to say not to worry, that you can always contact him directly here through HN or the special email. What if you don't have or don't know HN? We never get any follow-ups or postmortems for these incidents, either; with the companies brushing the whole incident as a private matter, never respecting the wishes of the user to share the details publicly, never sharing the details with the user itself, either.
P.S. Looks like Danny Hall got the account restored a few hours ago with all the pics; but he didn't seem to have received any explanation, either; probably never will.
They certainly never do this. SOP is just to swap the existing account to a different name.
The only recourse I can see from a legal point of view is that they seem to have handed over the entire account (as the followers seem to have been carried over), which contains private data including DMs, stories, archives of deleted pictures, etc. Given that the original owner of the account is based in the UK, GDPR should apply. I wonder if people he talked to via DMs (as well as those with private accounts who granted his account access) would also have a case, since Facebook's actions have disclosed private conversations & contents of private accounts) to an unauthorized person.
I don't have a Twitter account but if someone could suggest this person to complain to their local data protection regulator (the ICO in case of the UK) that would be great.
The issue isn't whether or not there are theories under tort or contract that would cover remedies here - they would. The issue is whether or not this is something that's economically feasible to get in front of the courts - it's not.
If the OP's point is about consumer protection in case of any dispute with online provider, there's maybe a tiny bit of truth, but that's not a criminal law.
If the OP's point is whether there's sufficient enforcement and investigation for account take-over, that would be correct, but it's not clear if the society would be better off spending large resources on investigating those when there are much more serious crimes not being investigated sufficiently and when companies are generally doing reasonable attempts at providing protection.
All the elements of negligence seem to be here, except probably for duty of care. A judge would have to find that Facebook owes a duty of care to its users to protect the integrity of its identities, and that Facebook breached that duty.
I can foresee Facebook and other information service providers fighting vigorously against such a legal conclusion, but maybe it's just the kind of law we need.
It doesn’t strike me as litigation you’d be likely to win.
That would be an example -- but certainly not the only imaginable one -- of reliance and detriment, both of which are necessary elements of fraud.
Usernames can be associated to content and brands that have been made on other platforms. I wouldn't be so sure about this.
Of course one should backup the photos outside Instagram or any other service but I have no idea if Instagram allows that. For Whatsapp on Android it's as easy as syncing the pictures folder on the phone to my computer. Then I backup them with all my other files.
But no money changed hands, so not sure about that.
A) Trust the competence of the government to understand the nuance of technology to not pass a law that takes into account all of the Nintendo’s consequences. During the dog and pony show when the house had the 4 tech CEOs to testify, one representative asked Zuckerburg about Twitter’s policies.
B) The impartialness of judges, prosecutors and regulators? Trump is now trying to get a law passed because he didn’t like Twitter’s policies. Would judges appointed by the current administration be more likely rule in favor of “Planned Parenthood” or”Black Live Matters” if they both made a claim over @blm?
As far as a third party. I would much rather have an independent non profit set up and FB, Twitter guarantee funding for them over 10 years and they do binding arbitration. They woukd be hopefully better informed.
This is a good thing! If Congress is given the task of creating "modern" Internet legislation, they're almost certainly going to fuck it up somehow. We got a taste of this when Orange Man threatened to nuke Section 230.
"I think this is indicative of the biggest problem we have had with social media: there is no legalism here"
I think the concept of law does not go very far in Estonia.
Estonian authorities don't care about criminal activities, wire fraud or money laundering. In fact, I wasn't even able to get a case number or in most cases even an answer. So this guy is selling the same company over and over again. Not a bad business for him.
In the end, if you think about it, this may be the whole idea of the eResidency. It has become very difficult for companies held by eResidents to open any bank account in Estonia since banks are smarter and are afraid to be cut off from international money transfers. Most of these companies therefore hold bank accounts in other EU countries. Mostly new online banks.
Regarding the Estonian law enforcement, why should they care? It is hard to explain something to a man if his salary depends on not understanding it. And in the end all these companies bring in revenue.
All leads will point you to cybercrime [AT ] politsei.ee
From dozens of emails I never received any reply. It seems not to be monitored. Funny.
If no, please do so and point people at it. There isn't much/any info about this kind of problem with eResidency companies. Getting the info to be widely known will help in getting it addressed. At least for the next people. :/
PlugWalkJoe owns “dead” on IG:
Danny’s new account follows “dead” and two other “OG” accounts: https://news.ycombinator.com/item?id=24608990
Everyone who was right and informed in the original thread was greyed out by users here.
Any story about Facebook, Instagram, Twitter, Google, Uber, or PayPal doing anything negative tends to bring out the most cynical commenters. HN is usually a skeptical crowd, right until a story arrives that fits their worldview.
The false story about Apple's refund policy that garnered 2000 upvotes before being retracted is a prime example ( https://news.ycombinator.com/item?id=23987584 ). When it was in the #1 spot, several people tried to correct the story in the comments. They were heavily downvoted. For some reason, the majority wanted to believe a random Twitter comment over actual iOS app developers trying to correct the misinformation.
Likewise, stories about psychedelics being miracle cures tend to rocket up the front page despite deeply flawed studies (no control group, usually). Meanwhile any study showing negative effects from psychedelics or cannabis tends to get picked apart for for small sample sizes or the evergreen "correlation is not causation" no matter how good the study was.
The real problem is assuming that HN is somehow immune from the same problems as other social media platforms. HN is very much a social media platform.
> Any story about Facebook, Instagram, Twitter, Google, Uber, or PayPal doing anything negative tends to bring out the most cynical commenters. HN is usually a skeptical crowd, right until a story arrives that fits their worldview.
It's these companies that are cynical, not my worldview!
Nearly every single allegation about these companies doing something sneaky, evil, greedy, and underhanded has turned out be completely true.
When Uber was doing grey-balling, it turned out to be true. When Uber had made a secret agreement with Apple to have their app take screenshots in the background, that was true. Just off of the top of my head I can think of so many preposterous sounding incidents that turned out to be 100% true.
I would assert that people were completely correct to just assume that Apple was doing something shady with the app store. I think it is kind of naive to give Apple the benefit of the doubt at this point.
In any case, just for posterity, the actual event may well have happened, I'm just commenting on whether "HN believes it" has any impact on the truth of whether it happened or whether that company's reputation is shot.
Something is less of a "conspiracy theory" when there is explicit evidence written down in a contract that supports it.
Plenty of abuse and mismanagement from these companies have affected a lot of people, to different degrees, and that sets a precedent over which we all subjectively evaluate their actions.
Just last month I had a Twitter account for a side gig banned for absolutely no reason and with zero explanation. I am more inclined to believe the "rich kid from LA" story than the "hack"/"sim swapping" whatever nonsense. Why? Because I see it happening all the time, everywhere.
Here’s the follow up retraction: https://news.ycombinator.com/item?id=23995750
I’d be interested in knowing what thread that was though.
Just to check, I looked at all posts with over 1000 points in the past couple of months where a big tech company is accused of doing something "evil" to the little guy. They are:
1. Tell HN: Never search for domains on Godaddy.com (1656 points) - https://news.ycombinator.com/item?id=24506303
The OP accused GoDaddy of registering a domain for itself after the OP had added it to their cart. It turns out that many people were searching for the same search terms and someone else just happened to register it via GoDaddy on the same day.
2. Google is apparently taking down all/most Fediverse apps from the Play Store (1313 points) - https://news.ycombinator.com/item?id=24304275
The OP implied that Google was banning all Fediverse apps with no recourse for the developers. But it turned out that Google was asking developers to block logins to a set of unmoderated instances that are known to be full of hate speech. Some developers refused, but it seems like most did not, and are doing just fine.
3. When a customer refunds your paid app, Apple refunds its 30% cut [edited] (1243 points) - https://news.ycombinator.com/item?id=23987584
The original title and tweet said that Apple keeps the 30% cut. The author turned out to be misinformed.
Can you link to this? Not trying to be meta, I just don't believe random claims on the internet without any evidence.
I think this is partly because so many of us have worked in (or with) the targets of most conspiracy theories: government and large corporations.
Danny (@danny) • Instagram photos and videos
www.instagram.com › danny
8690 Followers, 134 Following, 100 Posts - See Instagram
photos and videos from Danny (@danny)
Why would someone jeopardize his reputation by using his real name on some kind of staging of a fake account swap? I kindly disagree with your second sentence.
Do you honestly believe a jury of average people would agree with this proposition? It seems contrary to common sense.
Keep in mind that there is a significant difference between what meets the relevancy bar in court, and what is logically probative. See, e.g., https://www.law.cornell.edu/rules/fre/rule_401
The account messaged and said a facebook employee was involved. It isn't proof, it isn't strong evidence, but it is evidence and an implication that a facebook employee was involved.
> It’s actually not even evidence that the account even swapped hands!
Similarly the change in account usage pattern isn't proof but it is evidence.
It's easy enough for a Facebook policy team to confirm this one way or the other by looking at the logs. If this gets enough visibility I assume that will happen.
If Instagram account takeover favors can occur, how much do they cost?
In the new Danny's screenshot, it shows that he's followed by three other "OG" account names: "blood", "murder", and "dead". Furthermore, the screenshot was taken from another account, otherwise it would have shown as "This account is private" (Try viewing your own Instagram profile while logged in and private). Whoever was viewing it was therefore friends with Danny, 'blood', 'dead', and 'murder'. In other words, someone interested in OG accounts, or one of new Danny's alternate accounts.
Finally, it would be truly bizarre if new Danny immediately implicated a friend at Facebook before anyone asked him how he got the account. If this was true, I would suspect new Danny would be going to great lengths to hide the fact, rather than trying to hand the excuse out before anyone even asks. This guy just stole someone's Instagram account. He's hardly a credible source.
I wouldn't rush to conclude that a Facebook employee did this. It sounds like the kind of excuse someone would give to pretend to be coming from a position of internal power rather than appearing to be the result of a hack.
The account jacking idiot then messaged me trying to get me to put them in touch with my friend so they could try to help them get other accounts and bragged about how he was just going to take some of my other accounts that he somehow knew belonged to me despite there being no link to one another outside of what would be Twitter-internal data. It was the most brazenly ridiculous thing I've ever encountered, but I'm assuming it's an ignorant kid who doesn't realize the possible consequences or a really dumb adult.
So, I can totally believe the idiot would just blurt out how he got it because that gives him clout amongst his miscreant "OG account" friends.
Maybe the employee claim is wrong, who knows, but determining who owns the account should be trivial. And frankly, given what we know about how the Twitter "hack" went down (rate limits? sign offs? resetting 2FA? impersonating accounts?!) it is fully believable.
That's how it works on Facebook.
So if you have full control, you will pass these tests.
I don't understand how he is 'spamming'.
There’s really no evidence of anything at all.
Typically it is not the people with cushy jobs, but those working for vendor companies (moderation, customer support, etc) who have little investment in the company, are barely making minimum wage, and are more than happy to flip a few switches in the dashboard for a few thousand (or less).
Anyway, yes some people think that because they are good enough at what they do, they will be given a pass when caught. Unbeknownst to them, if any auditors catch them, then the "jokers" can start updating their CV.
Given the kind of ethically vacuous tech-bro who might join FB in 2020? Not _that_ far-fetched.
Isn't that how actual crime works?
Yup, here it is, just five days ago.
Instagram is basically the school playground, but sadly unlike in real life, people can make a career from being "playground" popular.
Colloquialism: 100% understood.
Reality: 0% possible...unless this 'air bag' is full of 'empty'.
In other news, always be careful breaking the neck of a CRT...you'll let the vacuum out!
Assuming that's what happened here, its because to them it is pure coincidence that the market values these database entries at all.
Like sure, at this point they know it means a lot to people and inspires many other people and can effect entire markets that they are unaware of, but from their perspective it isn't "god mode" its "lol ok, wanna hit up sushi for lunch later?"
Usually if Instagram wants your account they add underscores to the original handle like they did with @sussexroyal.
This is an extremely well-known phenomenon. This is the third time I’ve heard of it happening to an OG. It’s pretty common knowledge that the right teams inside Instagram look the other way; what’s a user going to do, sue? People are making money.
I’m sure your roommate who works on Tupperware or whatever wouldn’t know a thing about it, but Facebook is also roughly the size of Romania, so perhaps your front row seat to the inner workings of an organization that also legally compels your roommate to not tell you things isn’t as end all as you’d assume.
Hint: I work at Facebook.
So: Citation needed.
Also, sarcasm isn’t an emotion. I’m English, so perhaps consider that my culture of challenging someone is different from yours before projecting whatever big bad horrible emotional troll hurt your feelings once. Facebook is literally more employees than even populate this dreadful site, but someone says “my roommate’s brother’s uncle by blood works there and I’ve never heard of it so it’s plainly false” and we’re all to just fawn over the precious insight?
I’m sorry, I’ll try again: thanks, ‘mrats. Very brave.
Not the obvious, like "everyone's going to look the other way", but more like... target account upper watermarks, "motivation threshold" (ahem), internal tracking (if any), collective opinion on precedent, etc.
Oh, and scale.
This is openly discussed with bemusement on my non-Instagram team is what I can say.
All of the Big tech companies are so large and have their hands in so many pots, that working at a company as the equivalent of an L5/L6 that you are out of the loop about most things that go on.
As far as I’ve seen - companies only care about the whales because any other mentality is a money losing one.
(Worse is how they want to propagate the idea that software should be free and of highest quality, thus preventing any communal attempts at creating different models.)
I advice everyone who has an account to at least download their data to keep a copy of it: https://www.facebook.com/help/1701730696756992
When will people learn, not just Facebook, Google et al, but no large company cares about individual users? Coca-Cola, Delta Air Lines, Ford, Unilever, Visa, Walmart do not care about individual users.
Not because all of them are bad, but simply because they physically cannot deal with every complaint. Even worse, when they become better at handling complaints, people start complaining more. So they focus on some more important complaints, and some users get thrown overboard. This is sad, but this is inevitable.
That said, it would be great to have a paid technical support. You have lost an access to Google account (hacked, lost password, not logged in for two years, whatever), pay $100-1000 (if it's really valuable to you), and a special qualified person will do a proper background check (e. g. call your employer) to verify that you is really someone who you claim to be.
This is so tiring.
Also, I've been paying Google real money for half a decade or so, so I am definitely their customer.
That said I'm well aware that that doesn't seem to mean anything in Google land and I might be thrown out for anything tomorrow with no explanation and no way to get my account back except complaining in social media.
Paying customers at Google are pin money, AdSense is bread and butter.
If there's a conflict, AdSense wins, period. There's a firmly entrenched culture where user accounts are a cost center, to be managed "at scale", that carries over to paying accounts. That attitude shouldn't carry over, of course; nonetheless, it does, as you recognize in your last paragraph.
This is plainly obviously wrong.
When users are not happy, they leave the service, and advertizers stop paying.
Even more, companies are much more afraid to lose users than to lose advertizers. Companies can live years without advertizers (by borrowing money for example or by burning reserves), but if a company lost it's users, the company is finished.
The real problem here is that for a single account, you're far more dependent on Instagram than Instagram is on you.
Same way, if you have a Ford car, you depend on Ford much more than Ford on you.
> But sole complaints are simply not hurting FB.
Same as complaints on bad Ford service don't really hurt Ford.
Anyway, that has nothing to do with the fact that users of Facebook are not paying Facebook.
> There is very little incentive to make their users happy when their users are not paying for the service
This quote [typo] is very incorrect. I'm not going to argue that Facebook/Google support is good or bad, I'm just pointing out this statement is false.
But the latter is contractually obligated to help you to some extend due to warranty etc.. Also, Ford has far less lock-in than Instagram.
> > There is very little incentive to make their users happy when their users are not paying for the service
> This quite is very incorrect.
I'm not disagreeing with you here; I'm disagreeing with your point that users are (far) more important than advertisers. Single-user complaints or unhappiness tends to be ignored, I doubt the same is true for advertisers. The recent Reddit changes, for example, show this very clearly (to be fair: I don't have an FB-example as I don't follow it in any way).
An economic and political system technically literally cannot care about people, same way as temperature, gravity, philosophy or history cannot care about people.
Too high or too low temperature environment can hurt people. People with a soldeing iron can hurt people. People putting other people in the fridge can hurt people. Just temperature is not something which can do anything to anyone.
Capitalist companies, people living in capitalism, governments under capitalism, taxes and so on may be good or bad for people.
But saying "capitalism does not give a shit about people" is just literally nonsense. Of course it doesn't because an economic and political system is not an actor.
I could infer from the original comment that all actors under capitalism "do not give a shit", but that's obviously untrue. For example, wikipedia lives under capitalism and benefits from the capitalist system, and obiously it is good for people.
I could assume that the actor mean very narrow group of actors when they said "capitalism", but I won't because I will likely be wrong about understanding what the author really wanted to say (rich people? all people? large corporations? any corporations? including non-profits? and so on). It would be better if the author added some clarity to their comments. Would be better if the author said what exactly they wanted to say without throwing literally meaningless socialist slogans.
If you want to be pedantic, you can say that the proper phrasing would be something like "socialism is an economic system whose defined goals are people's wellness", "capitalism is an economic system whose defined goals have nothing to do with people's wellness (they are profit for the owners of capital, and perhaps innovation)". But "caring for" is obvious shorthand for this.
You can, of course, say that individual actors living under any of these systems may or may not care about the people, and that's true. But the system itself may be designed with or without the people in mind, and different systems fall on different sides of this idea - for better or for worse.
It is like saying, railroads don't care about people, railroads are only interested in trains moving fast and reliably.
Or it is like saying, doctors (even under socialism) don't care about people, they only care about getting their salaries.
Smarter people make one step further concluding that fast and reliable trains are beneficial to people, doctors heal sick people, and capitalism generally make people wealthier.
> capitalism is an economic system whose defined goals have nothing to do with people's wellness (they are profit for the owners of capital, and perhaps innovation)"
Adam Smith' first book called "The Wealth of the Nations" not "The Wealth of the Richest People in Power").
I would not go that far to define a "goal" of capitalism. It is just a system of rules and principles, there's no goal in it.
And these rules and principles are profitable for both capital owners (they can grow their capital), and for regular dudes (who can be paid better because market provides them with more opportunities to pick different jobs and higher quality jobs and who can use cheaper good and services).
I also find it unfortunate that you'd choose to represent such potential flexibility in the system as "meaningless socialist slogans." That makes it feel like you're not engaging in good faith with the central argument.
There was no argument besides that socialist slogan.
I could get arguments like:
Large companies are inefficient under capitalism, they provide less value than they take from the society.
Capitalism is a very inefficient system of distribution of goods and services.
But there were none.
If that's your definition of socialism, well, I'd argue that you do not actually know what socialism is.
You may be thinking of PhotoDNA which is used for different purposes
Previously discussed here:
And while I hope danny gets his username back, and it's ridiculous what happened, the value of the user account handle that danny had was created by Instagram's efforts. You don't have property rights to it the same way you own actual property or a domain name registered under your name.
It's true a username isn't property, but there are some instances where merely conferring a certain status has such an enormous impact on people's lives that there are certain legal protections around it. Your job, for example.
One could argue that digital identity codes like domains and social media usernames have become similarly important. Entire businesses, extremely profitable ones sometimes, can be tied to a single username.
For more typical social media, losing a decade of pictures is pretty harmful. It’s not about the value of the @danny handle, it’s also about the account being gone. And the privacy issues if the new person got all the DMs and private info.
Post- social media, if people are backing up their data, then the problem is pretty much nil (chances that your social media account and your local storage both go kaput at the same time are pretty small).
... Until you say something verboten, that is.
...in an unfree economic system (patents and IP give monopolies) with a black box money system (money is an enclosed protocol). Cooperative Open Value Networks are the future. 
We need working federated social media asap.
In the end, if you're not on whichever social media service is popular around you, you're missing out.
— Crom, Tron, 1982
I don't believe this is something inherent in Capitalism either. If I had an issue with any other kind of business the experience would be vastly different.
This needs to stop
1.) Somehow MFA got disabled on the account (or avoided altogether)
2.) Could've got SIM swapped. However this seems rather unlikely, as there are no other reported IoCs which point toward SIM swapping (i.e. can't call or text).
> "I wouldn’t trust the word of a hacker/recipient of a hacked account."
I wouldn't discount it. This isn't some APT that ran a Stuxnet operation. It's someone who allegedly exploited a system to get an og account. The whole reason people want og accounts is because they're a status symbol in some circles.
It's quite likely that someone associated with stealing an og is an immature braggart. So they may do things immature braggarts would do... like talk about their TTP.
It seems from the posted pictures that the account was stolen, but why does the author think that a Facebook employee or a Facebook company is behind it? An honest question.
Which... I mean, reliable sources, right?
I'd assume there is a proper, transactional (as in database transactions) way to swap usernames like that but the person who did this most likely didn't have access to it (for good reason) and just did an email change + password reset on the original account.
But isn't that why the user had 2FA on? Why can someone change the email + switch off 2FA; you would want only 1 of these would you not? If you tell support you lost your email and 2FA, that would be very unlikely, so why would it be so easy to set that up?
Are there immutable logs with credentials for this kind of action and how easy is it for employees to access / change it; I mean why would many people have the permission to take this action? Especially without some kind of flag that there is something up with the account (like unused, flagged content etc).
How do we change that? We go back to personal websites that you fully own. All of those platforms have been proven to be highly unethical (especially Facebook). Trusting them with all your data has always been a bad move. We need to take back ownership of our platform.
But it occurred I was authentic enough to remove my account. Not to regain access but to delete it - yes. Which I did.
It is one of many moments during last year's Facebook gave me the cringy feeling I am not a valuable product for them
People like to make the claim that "a handle or username has no value" which is just insane. If it had no value, people wouldn't try to steal them.
If the first line of a bank ToS was "you can lose your account at any time for any reason", would you think that is acceptable? No, because money _obviously has value_. Usernames have value, and in some cases, usernames have more value than many people's bank accounts.
"you can lose your account at any time for any reason" is just an excuse to avoid any concept of _public_ user support.
Doesn't matter. They can still do it to anyone anyway.
> But your logic instagram could just give @kyliejenner to some random person, and you think she would have no recourse?
Well yes. They (Facebook) own the platform, it's a privately owned company and they can do whatever they like either via the ToS or in general. You don't own your account handle. They reserve the right to terminate your account or disable the handle at any time.
Strong disagree. If Facebook tried this against anyone with a moderate following there would be a Tortious interference and/or fraud lawsuit filed _immediately_.
When Trump's twitter account was deleted by a rogue employee for all of 10 minutes, Twitter most definitely did not just sit back and say "We reserve the right to terminate your account at any time".
> it's a privately owned company
I know this is going to sound pedantic, but this is wrong. Facebook is a publicly-owned company.
No the original statement was correct, your statement is wrong. If you want to really be pedantic then Facebook is a public company that is privately owned.
A publicly owned company  is one that is owned by a government. A public company  is one whose shares are traded on a public stock exchange.
That one set of rules apply to people in power and another set of rules apply to the general population is certainly something to take into account.
Banks' baseline behavior is ruled by law and national banking regulations, not just some ToS. That's probably why paypal and similar are in no rush to become real banking institutions.
And it's an old ToS. Looks like they softened it up since then. But it was quite unequivocal back then. ;)
Because OF COURSE people set 2fa without getting the recovery codes or using sms (why is that even an option I don't get it)
Edit: some ideas here from a phishing expert https://twitter.com/RachelTobac/status/1310264189861019649
Poor dude was like a WAU for years and Instagram just went 'nah' and gave it to royals.
Your account isn't yours, it's Instagram's. They don't care about you or your photos or your likes or friends or connections either.
Unfortunately, via the hard way.
Any company with large number of users. It is not specific to internet companies. If you complain to McDonald's, you don't really expect to a proper investigation of that wrong burger incident.
Apparently McDonald's franchisees take complaints from corporate very seriously, much to the dismay of their often teenaged employees.
If it was ketchup instead of curry, or if they put 8 nuggets instead of 9, I very much doubt so.
Sorry, but I've ordered a specific burger at McD's dozens of times: very occasionally they mess up the order, at this point you take the wrong burger straight back to the counter with your receipt, they (always!) apologise profusely, then immediately make you a new one the way you ordered it.
Or try to complain about their phone app not working.
You'll get the same amount of care as internet companies.
There's a phone number you can call and report wrong orders to, and they'll send you coupons for free meals for your effort.
According to the people I know who worked at McDonald's, wrong orders that are reported to corporate are taken very seriously. Corporate gives the person who reports the errors coupons for free meals.