Something very similar happened to me with Amazon. I used a new debit card from an online bank to purchase an expensive item and deliver it to a foreign address (which is admittedly suspicious). The payment bounced, Amazon immediately locked my account and requested to see a card billing statement sent to my home address to reactivate it. Upon login I am presented with a stern request for documentation, a pdf upload field, a tweet-sized text field for comments, and all communication comes from a noreply@amazon.com address. All my kindle/audible/etc media immediately became inaccessible.
I went through every possible channel to explain that the card does not send me a billing statement and I cannot possibly produce one, requesting to be called or at least emailed by a human, to no avail. After spending tens of thousands of dollars on Amazon over the course of fifteen years I couldn't even get a personal call from the case manager, and all my purchased media is gone.
To this day I have found no resolution, and the only next step is to contact them through a lawyer.
Stolen by Amazon. They have no incentive to get it back. Amazon hopes that you purchase it again.
Call the consumer protection services. Big tech companies are not the law, they cannot steal things from you. Even if you committed fraud in one transaction, they cannot take away your property. (Amazon will call it 'service', but accessing your property is not a service)
> Stolen by Amazon. They have no incentive to get it back. Amazon hopes that you purchase it again.
They are not the only company doing this in some ways. ISP's who provide a set top box for watching TV and downloading/streaming service to tv, do the same thing when you change you ISP. Its a form of lock in because whilst you can still get access to the purchased films, you have to jump through more hoops. Its all legal but I question the morality of it, when considering online piracy via torrent streams and then the "hacking" that companies have used to trace and prosecute the worst.
But I've learnt enough to know that everyone has their questionable practices to maximise profits/income, the lucky ones are the one's who would also be the expert witnesses in court or have been able to fly entirely the right side of the law.
There have been so many stories of users and developers losing libraries and livelyhood because they have been spurned from these "walled gardens."
The only real answer is to minimize our footprints in these closed places.
My current phone runs Lineage without a hint of Google. I keep an old Samsung for gmail and other services, but the death of "don't be evil" has meant the death of Google on my phone. They will never be back.
I have seen several people who sold on Amazon lose their accounts. I am not sure what provoked it, but the exchange is certainly not in favor of the smaller party.
And we all know what Ebay did.
I can't really say that any one abusive company's behavior is any worse. They are all tyrants with their "star chambers" and sundry courts of inquiry, and the less authority that you give them over you, the better your position will be.
We left this legal thinking behind long ago, but Apple (among others) has brought it back.
Which ISPs kill your purchased content when you leave?
At Comcast/Xfinity when you cancel all services your account still remains, and you can stream your purchased content the web or through their mobile streaming app when signed in on your account.
UK, so you purchase with a set top box you buy from them to use their additional services and then when you leave, they force you to purchase another device to watch those films like a computer to watch it on. You can no longer use the set top box to watch the purchase films on.
Well I wish that is true. But It isn't actually your property. You are only purchasing a perpetual right to use that item under the terms and condition. It is the sad state of things Silicon Valley decided ownership is no longer a thing and everything should be "service", so they gain the control of all asset management right.
There is some part of me that increasingly hate Silicon Valley.
> You are only purchasing a perpetual right to use that item under the terms and condition
To clarify for others: parent is not talking about subscriptions.
When you "buy" content on these platforms, they are not actually yours to take away for ever like a physical book. The software you consume them on e.g a Kindle or iTunes, is actually capable of remotely deleting "your" content at any time, and they are supposedly within their legal right to do so.
They have essentially hijacked the word "buy", it does not implicitly mean what it used to mean, you cannot really buy a copy of a piece of music or a book or a film from any of these large platforms today without removing the DRM and making a local copy (which is technically illegal).
My wife "purchased" a French movie on Amazon Prime Movies à few years ago (because it was pretty much the only way she could acquire it without piracy)
Recently she tried to watch it and Amazon just had "you can't access this content." Maybe Amazon didn't renew the license with publisher, maybe not, but in any case, Amazon really proved to me that no, we do not own digital content.
So, I pirated it for her. If doing things the "right/legal way" is going to screw us over because of fine print, then why bother?
This reminded me of pirating a Game of Thrones episode when I was a customer of HBO. My wife and I signed up for HBO max to watch the final season as it was airing. The quality turned out to be pathetically poor. During the Battle of Winterfell episode, the pixelation was serious enough to make the action difficult to make out.
I went ahead and torrented the episode the next day to rewatch it in all of its intended glory. Then a few days later, I got a letter from my ISP telling me that HBO was very upset with me and threatening to cut off my service. I felt compelled to send them a reply, explaining the situation and telling them to eat it.
> Amazon really proved to me that no, we do not own digital content.
Amazon does not make laws. If a thieve steals your car that does not prove that you don't own the car. The car ownership is still yours, but it has been stolen.
Would you download a car? advertisement has gone all the way around and now big companies are just stealing our property.
Part of me thinks that was the reason why Steve Jobs hated Music Subscription. He said "no" to Beats many times before his death. And why Apple ( at the time ) worked really hard to get rid of DRM in movies ( but failed ). And iTunes Music is DRM free. May be it is time to remind our self how we got DRM free music on iTunes, with Steve's "Thoughts on Music"
That's why whenever I buy a DRM-ed content like a book on my Kindle, I always download an un-DRM-ed copy from Librusec. If it's unavailable, I un-DRM it myself. This is for non-fiction where I'm likely to go back and read the book (or, more likely, its fragments) again, possibly many times. For fiction, I don't care that much - usually I read a fiction book once in a lifetime so if Amazon steals it from me or not it makes no difference. It's not like I can give it to someone like with a physical book.
Well you are not wrong, but pirating is not the answer but cracking. For example i regularly backup my Audible library and remove the DRM, not to redistribute them, but in the case Amazon closes the Audible-brand, change the Apps i can access my library, delete some of them etc (we all know what can happen and did in the past).
Same with games, if possible i buy them from HumbleBundle or GOG. And i never buy something that is bound to a platform that i really care for.
Look the audible drm is so easy to remove i am ok with it, if they change it and i cannot remove it anymore i will stop.
And yes i hate drm too, but since stallman is a extremist that supports un-free licenses (unlike the BSD and MIT) i will not listen to his wannabe rants, and i will never forgive him to change the GCC license to GPL3 only.
If i care for something i remove the drm, if i cant, i will stop buying it.
Those "unfree licenses" are the reason you're not forced to use Windows on desktops/laptops/phones/servers/toasters/supercomputers (it does none of these things well even now, imagine the world we would have if it didn't have any competition at all).
GPL puts the user's freedom first. Every developer is mostly a user anyway, unless you're writing absolutely everything from scratch like they do in SerenityOS. So I like that stance very much. If you don't, nobody is forcing you to interact with GPLed software in any way.
Exactly. Copyleft is more about "freedom for society" as a whole, ensuring all users (which includes developers) retain this version of freedom. Permissive licenses are more about "freedom" for the individual to do whatever they want, with the potential to take freedoms away from others as a result. I think the stupid anti-gpl sentiment mostly comes from American idealisms of freedom, and developer selfishness, but that's just imo. The GPL still lets you do whatever you want in the privacy of your own computer, but when you put that GPLed software into the public, you need to ensure that you give the same freedoms to everyone else to have within their own computers as well.
I think that's much more noble and kind.
But as long as it's free software, I'll still use it and be happy it is, regardless of the license.
And tbh it'd be nice if the small, loud minority of BSD lovers, GPL despisers would shut up. They give the BSD crowd a terrible look.
>Those "unfree licenses" are the reason you're not forced to use Windows on desktops/laptops/phones/servers/toasters/supercomputers (it does none of these things well even now, imagine the world we would have if it didn't have any competition at all).
BS, i use FreeBSD and no one ever forced me to use Windows, Linux on the Desktop does everything right?
They deserve the promotion, because they created useful software.
> BS, i use FreeBSD and no one ever forced me to use Windows
At some point, Windows was everywhere, you couldn't hide from it. Now, Linux provides a strong competition, forcing even Microsoft to include it into Windows. BSD, instead, served as free labor for Apple, who created a walled garden for users.
What exactly do you want to do with the code that GPL prevents you from?
This is still pirating. The fact that you don't share the cracked media doesn't change the fact that you violated the T&Cs. And I'm pretty sure they could sue you for piracy.
In the US, I don't think they could (but it may depend on the details of how you did it). They could sue you for contract violation, but would they? There's no upside for them to do so.
You have a right for a private copy in Germany too, but you are not allowed to use software who can "delete security mechanisms"...that's why it is such a BS law.
I want big corporations to abide to the law. To pirate is a patch that does not solve the problem. Let's fix that corporations do whatever they want with your digital property.
I want to buy digital movies, games, music, ... without being at the mercy of some algorithm that can automatically steal what is mine.
It's not your digital property. Look eg. at Netflix ToS, you're just buying a temporary membership in some club that will allow you access to some content, on their terms. That's not what ownership looks like.
I suspect it will be similar with all other consumer oriented content distribution services.
And so it should be considered an open-and-shut case of false advertising. The small print may not take away what is given by the large print. If the large print says "Buy Now", then the small print may not replace buying with licensing.
Yeah but if people keep pirating the corporations will groan and lobby for the sensible legislation for us. They will eventually figure out that they have no control and will ask for laws that grant rights to consumers that benefit them as well (people actually trusting them again). I think that's a good patch. We just need to incentivize them to do the right thing.
Or you can buy audiobooks from https://libro.fm/ or similar and support open formats and your local bookstores. Leave audible as a last resort, the more you buy from, the more you are 1) supporting them 2) telling then you don't mind DRMed media.
While I agree with you, it's not as simple as it seems. One of the crucial skills we have to learn in the digital age is to discard information. Historically, we have evolved as hoarders: keeping valuable things usually pays off.[0] With information, it's no longer the case. You don't have scarcity like with physical goods: there is more available than you can absorb during many lifetimes. So we need to develop the crucial skill of discerning between the top stuff you really want and need - and everything else that should be discarded. Based on my limited personal experience, this is not always easy but improves with time.
I don't get it, this is not a house with limited square footage. Discarding is of almost zero importance, in fact, you have it logically backwards because discarding incurs a cost of investing your precious time to make a decision. While retaining only requires you to have an amorphous blob somewhere, a non-event. This is especially true for things tens of megs to a few gigs. Of course not yet true for 4K videos, but we are approaching that point not year by year as cost per TB approaches 0.
By saving stuff, you future proof the high possiblity that it becomes completely unavailable anywhere online and you have the last copy. And you can easily find it by search, I have this happen all the time. In many cases the audio cassettes that accompany an old pedagogic text have been digitized by one person who shares a zip one time and then the link dies forever. Ten years later when I finally free up time to study the material, it will be too late.
The important skill: don't download or even browse crap you certainly won't use within your lifetime. It is a time sink. Develop a strong preference for only looking for things you'll immediately begin studying or have a concrete plan to study in the coming 6mos.
> One of the crucial skills we have to learn in the digital age is to discard information.
For some things yes, for TV shows and movies eh. For roughly the price of a year of netflix you could get a 14TB hard drive, which would hold six continuous months of high quality 1080p video. It's also really easy to keep those things sorted with negligible clutter and wasted time.
Information hording is not only concerned with information availability, also with information presentation, stability, liquidity (non mainstream information may be very hard to find later) etc.
It isn't always like that. If your data is on somebody else's platform (as for the author's data) your data is gone, possibly for good.
And by the way... onljne communities (and websites in general) come and go. The data you're relying upon today might not be there tomorrow (or it could get altered someway).
> With information, it's no longer the case. You don't have scarcity like with physical goods: there is more available than you can absorb during many lifetimes.
As much as this is technically true, anything not currently on your hardware can, and probably will, get snatched away from you, usually without warning, regardless of it you paid for it.
Absolute hogwash. Torrenting is easy as pie if you know the right places and know the bare minimum basics of torrenting like pick a torrent with more seeds in the quality you want. It takes less time to torrent something than find out which of the gajillion streaming sites has the thing I want to watch.
Yeah 10 episodes down a hole of anime season and you find the last ones don’t have English dubs resulting in an impending shit show to deal with because no one bothered to release it or there are no seeds for single episodes. Then there’s the subs written by someone who doesn’t know any languages apparently. Then there’s the shitty transcodes originally. Then the logistics of managing which one of the 5 members of my family wanted it and getting it to the device of their choice.
Then you find something is only available in x265 so you have to transcode it yourself so it’ll play on the kids 5 year old Samsung TV. Oh and that only supports certain very fussy audio streams.
Just no. I’m on the mark. I’ve been doing this shit for a decade and I’m tired and fed up with it. I pay ~£35 a month for all my services and that’s a bargain. It’s literally fuck all money to make the problems go away.
You could just set up a NAS and a Plex server to do the transcoding for you. In all my years I have personally never had any issues. I have had to struggle with x265 once or twice, and even then I just found a different non x265 torrent and went with that. Not that hard, there are often 10 torrents for a single show, each of varying compressions and qualities.
And I bet that you can find anything you could ever want on nyaa. If an anime/manga exists, it almost certainly is on nyaa, unless it is highly obscure in which case it may not even be there on paid streams.
Example: I want to watch the last season of Expanse. Ok, go to iTunes (Apple TV). Nope, not there (Australia). Hmmm, may be Netflix? Nope. I remember it was by Amazon or smth? Oh yeah, it's in Prime.
How much time did I just spend? And I also must pay for all of those?
Torrents:
- go to my favourite tracker
- search, find bunch of options from SD to HD with bunch of audio tracks and subtitles that not a single commercial pos offers
- copy magnet link
- paste in transmission UI
- done, took less than 3 minutes.
Whenever I feel like watching it, open Infuse on iPhone and watch it from my Emby.
When I want to stream something I go to justwatch.com, search, and then see which streaming services carry it either through subscription or for rent or purchase. Then I fire up that app or website on whatever device I like and watch.
Torrenting isn’t hard but these days neither is streaming.
Seriously it is some BS. I even spent like mabye an hour setting up the *arr tools and now anyone in my family can log into 1 site, find the tv/movies and hit download and it manages everything.
maybe you wouldn’t mind me asking: but how’s your setup work exactly?
also, for everyone: i have been looking for an easy way to allow my parents to browse torrents (via an app on their phones or tv or something), then select what they want to watch, and the movies/whatever are then downloaded on a remote pc that also hosts a plex server. they could watch whatever on plex in minutes, ideally. is there something that sreamlines this kind of thing?
Yep so I just run sonarr (for tv shows), radarr (for movies), jackett (a torrent search engine connector that the *arr apps use), deluge (for downloading things), and unpackrr (for extracting torrent rar sets) all on a single box
I have a little dashboard just providing quick links to sonarr/radarr that people can go to.
In radarr/sonarr they can search for movies and tv shows, add it to the application and it auto searches for the best download option through jackett and adds it to deluge
unpackrr will auto unpack it if it needs it
radarr/sonarr will automatically pick up the completed download and move it into the correct media directory
jellyfin/plex/whatever will pick it up and show it
everything is pretty easy to setup, i probably got it all running in 3 or 4 hours tops probably two years ago and honestly haven't touched it since.
I am a Datahoarder with almost 50TiB. I almost never delete things. I kinda view it as a mixed media library, the value is in the content youay want to consume whenever. Plus one never knows if something will be available at a later date and hard or impossible to find.
But you don't buy property anymore. You are licensed to use it under various T&C. The age of property is gone. I wouldn't be surrised to see our fav OS(ios, macos, win etc) stop working once the cloud account is suspended. For your own safety you may not use a different account either. People traded their freedom rights for apparent convenience so I guess we get what we deserve.
Kinda funny how they're driving us right back to piracy.
Digital content is not forever. If I can't purchase it and download it to my local hard drive, I'm not purchasing it.
Reminds me of those old anti piracy PSAs: "you wouldn't download a car." (note: yes, yes I would if I could).
But if the new car-buying process was "pay $20k for this Honda Civic, but just know that we are just allowing you to drive it, we can take it away from you at any time" you can be sure that either no one will ever buy cars again, or they'd just "steal" them.
If compliance is too hard or too inconvenient or just plain stupid or malicious, then people won't comply. Easy as that.
Makes me wonder what would happen with my Steam games if the publisher pulls it from the store, or what if Steam decides it won't support my system anymore (and I don't want to update).
I own a few games that got yanked from the Steam store. I can still download, install and play those games as much as I want to.
Generally this has only happened with games that are no longer developed, but if they got yanked for any other reason I believe Valve wouldn't distribute any new patches to me.
I feel like there were a few cases where this has happened, and Steam actually still had the game stored for people who had purchased to download, it was just that no one else could buy the game. Not sure if those cases were the publisher not wanting to generate bad will among its customers, or if Steam's contract with the publisher states outright that even when the game is pulled from the platform it must remain available for people who have already purchased it. Either way, it would certainly be the case that any future patches wouldn't be pushed to Steam.
On the other hand, many games (by number at least) on Steam do not have any DRM and you can back up the installed files as easily as you can back up a GOG installer. Many more games only need Steamworks which is easily bypassed.
Meanwhile Valve is actively working on making Linux gaming better (which I care about) while GOG/CDPR can't even be bothered to port their own games or their store client.
Alpha Protocol was removed from stores over music licensing issues. I freaked out because I didn’t have it downloaded, but it’s still in my library and I can download it. You just can’t even view it now if you don’t already own it.
I do this too. I don't want to have to resort to this, but I also don't want to risk Amazon taking away all of the books that I've paid for! All I want is to pay for DRM-free content.
I started buying huge stacks of DVDs from Goodwill. They are on my Plex NAS now, along with all of my music. All legally purchased. I was considering starting a donation chain where I give all of my DVDs to someone who wants to do the same, who in turn would give them to someone after they are done. It is a lot of work but my shows and movies are super fast, ad-free, and accessible from anywhere. A pleasant friction-free experience after ingestion.
Download logo’s, see how a statement would look, and create one yourself. Print it, fold it and make a photo. Always works for me when I am asked for a statement from a full digital service.
My energy provider used to perform an immediate change of address which would be visible on your latest downloadable PDF invoice. This allowed even people without the most basic computer skills to validate _any_ address.
Long story short, all those processes eventually depend on “proof” that is really easy to fabricate.
Dutch banks invented the iDin standard, some kind of oAuth with your bank that provides third parties with validated personal information, but it is not widely used and I am not aware of an international standard or initiative for this.
It's no wonder that ID fraud is so rampant in countries like the US and UK in comparison to countries like Norway that have a national ID service (BankID).
There is no way that my Norwegian bank would accept a utility bill as any kind of support of ID. Instead they send a letter to my registered address (national population register) with instructions to take it and my driving license or passport to the post office who will act as a notary and report to the bank that I am the person that the letter is addressed to.
From then on BankID (using a one time pad, SIM card, or code generator) can be used to log in to pretty much all banks and government services.
Norway is a bit unusual in the way it handles ID. In many parts of the world (including the US & U.K.) the idea of central government holding an accessible database of everyone’s identifies, and mandating participation, is cultural and political suicide.
We can argue all day about whether or not this is a good idea. But ultimately, it’s red lines we’ve drawn in the ground, and we’ve decided the trade off (such as identity theft) is worth it. In the U.K. at least, two World Wars have taught us to be wary of central government databases. We’ve seen how they can be abused people in power seeking to persecute part of a population, and even now we’re seeing it again with the U.K.s governments persecution of migrants.
At least in the U.K. there are clear and simple guidelines for undoing the damage caused by identity theft. If a bank account or loan was opened in your name, the bank has to close it and write off any losses, and they should compensate you for the trouble. If the mess you around, there’s a number of Ombudsmen and regulators filled with people waiting to take the financial organisation to task and make them really regret their obstinance (I’ve been on the receiving end of their wrath, it’s not much fun).
All of this creates very strong incentive for banks to prevent identity theft in the U.K. Unfortunately US consumer protection is lacking in comparison.
>In the U.K. at least, two World Wars have taught us to be wary of central government databases.
Speak for yourself. The anti-ID faction is basically hysterically scared of the idea of 'papers, please'. That's it, and that's why there is a specific statutory defence to not carrying your drivers licence while driving (the HORT1 'producer'), which itself has been made irrelevant by the fact that the PNC has access to the DVLA driver file database.
We need, as a society, an ID document. In the UK, we end up making it up through the use of a passport/DL and a combination of various other official letters. Young adults end up carrying their passports just so they can prove their age to go drinking - do you not see that this is a problem?
While I share concerns re biometrics etc, the idea that an ID card is somehow anti-democratic is ridiculous and, frankly, far fetched.
>At least in the U.K. there are clear and simple guidelines for undoing the damage caused by identity theft. If a bank account or loan was opened in your name, the bank has to close it and write off any losses, and they should compensate you for the trouble.
Which is fine for the consumer, if not a considerable amount of hassle, but is also the source of much financial loss. Fraud, in the UK, takes place on an industrial scale.
> the idea that an ID card is somehow anti-democratic is ridiculous
I don't think anyone invoked the spectre of 'democracy'.
A common fear of ID cards is that, once everyone is supposed to own one, some government comes along and decrees that you must carry one at all times. Then the police are given powers to arrest anyone not carrying ID; and finally, to stop and search anyone on the suspicion that they are not carrying ID.
Those fears are not "hysterical".
Also: the novel 1981 was written about a future UK.
>A common fear of ID cards is that, once everyone is supposed to own one, some government comes along and decrees that you must carry one at all times. Then the police are given powers to arrest anyone not carrying ID; and finally, to stop and search anyone on the suspicion that they are not carrying ID.
And can you point towards a European country that isn't in the grip of a totalitarian state where this currently happens?
It's typical British exceptionalism, like unarmed police and Brexit. We'll massively inconvenience ourselves out of principle, while sensible populations look on in bemusement.
>Also: the novel 1981 was written about a future UK.
I'll assume that you mean 1984, which is fiction. Orwell, after all, was English and you would expect him to write political allegories based here.
> It's typical British exceptionalism, like unarmed police and Brexit.
Odd thing to get worked up about. Not sure why you link brining guns into a potential heated situation is gonna make it any better. Most police offers don’t even want to carry a gun, I certainly don’t want police officers carrying a gun.
That got nothing to do with exceptionalism, I just think a police officers primary responsibility is to their community. We should rate them based on their ability to prevent crime through community relationships and diplomacy, not on their ability to rapidly deliver lethal amounts of lead into a situation.
We should stand up for our principles, and try and build a society to thats a fair and equal as possible, regardless of an individual quirks and differences. We shouldn’t be aiming to create a uniform society just because it economically more efficient, and removes the need for the majority to think about the needs of the minority.
Yes, of course, 1984! He was expressing his fears about the future of the UK, because he was British (and of course, because he was projecting a future, it was fiction). You are quite right.
> And can you point towards a European country that isn't in the grip of a totalitarian state where this currently happens?
No, but there are several European countries that are essentially totalitarian at the moment; and there are several European countries that are not currently totalitarian, that have required people to carry ID on pain of arrest during my memory. It's a reasonable fear.
> We need, as a society, an ID document. In the UK, we end up making it up through the use of a passport/DL and a combination of various other official letters.
A voluntary national ID could be useful, something that effectively the same as a driving licence, but available to all U.K. residents without cost. Not sure I agree we _need_ it, existing documents work surprisingly well.
> Young adults end up carrying their passports just so they can prove their age to go drinking - do you not see that this is a problem?
They can get a provisional driving licence instead, it cheaper than a passport. There’s also no requirement to use an in-date passport. Bars and pubs will happy accept an expired passport with it corner snipped, as long as the photo is recognisable.
> idea that an ID card is somehow anti-democratic is ridiculous and, frankly, far fetched.
I never made this claim. Democracies are just as capable of committing atrocities as totalitarian states, they just tend to do less frequently and with better PR. I personally think people should think seriously about who they hand their identity data too, examine what benefits it might provide, but also consider how it could be abused in the future. I like the fact that most databases in the U.K. are difficult to integrate because there’s no clear single identifier for a person, joining data requires a degree of fuzzy matching and creates opportunities to challenge government agencies.
> Fraud, in the UK, takes place on an industrial scale.
I’m well aware of the scale of fraud in the U.K., I’ve spent years developing systems to prevent it, and run full on into the issues caused by a lack of national ID. However I still believe the trade-off is worth it. I’ve seen to many examples private organisations effectively running a shadow judicial system that can prevent and individual from accessing essentials societal services, like banking, with no oversight or appeals process. A national ID would just make it easier to build these systems, and innocent people who get caught up will pay the price (for a fraudster, getting caught is just the cost of business, they go in with their eyes wide open).
The ultimate goal of society is not to produce the most efficient economic system. There are trade-offs to be made, and achieving zero fraud is far more problematic that having some fraud.
> many examples private organisations effectively running a shadow judicial system
This is exactly it. The abscence of a universally accepted identity creates an unregulated shadow system instead.
The European countries with stronger and more developed identity systems also tend to have stronger data protection laws, precisely because universally accepted identity data can be regulated.
Not really. A passport is expensive, a drivers licence isn't supposed to be a photo ID card and someone shouldn't have to pretend to be a driver in order to obtain one.
>They can get a provisional driving licence instead, it cheaper than a passport. There’s also no requirement to use an in-date passport. Bars and pubs will happy accept an expired passport with it corner snipped, as long as the photo is recognisable.
Some bars might. Others may not. In any case, you've still got to a passport in the first place, so that doesn't remove the renewal cost or the initial cost. It's also a multi-page book.
If we're going to run a provisional DL as a de-facto ID card, why not just have an ID card?
>I’ve seen to many examples private organisations effectively running a shadow judicial system that can prevent and individual from accessing essentials societal services, like banking, with no oversight or appeals process. A national ID would just make it easier to build these systems
If you're verifying someone's ID at all then those issues are going to exist. That's not a problem with having an ID card, that's a systems problem - if you use a DL, there's a URN. If you use a passport, there's a URN.
Not having a national ID card is, frankly, Stone Age. If you want to avoid the spectre of Papiere, Bitte then that is a legislative problem and not a technical one.
> Some bars might. Others may not. In any case, you've still got to a passport in the first place, so that doesn't remove the renewal cost or the initial cost. It's also a multi-page book.
Pretty much every bar does. I know this because I have several friends that used expired passports for years without issue. It’s also frequently done be foreign students, because most bar staff don’t recognise any form of foreign ID except a passport. So there’s no need to ever renew the passport.
> It's also a multi-page book.
So what? It no more difficult to carry than a small wallet or purse.
> If we're going to run a provisional DL as a de-facto ID card, why not just have an ID card?
Because the DVLA don’t want it to be an ID because it’s a pain in the arse for them. Which is good, because they go out of their way to make accessing the data difficult for any reason that isn’t driving related. Creates a nice little natural firewall against abuse.
> If you're verifying someone's ID at all then those issues are going to exist. That's not a problem with having an ID card, that's a systems problem - if you use a DL, there's a URN. If you use a passport, there's a URN.
The URNs change on each renewal or replacement, strictly limiting how long they can be used to track an individual. Additionally people can choose which document they use with each entity, and make it harder for different entities to match their IDs.
> Not having a national ID card is, frankly, Stone Age. If you want to avoid the spectre of Papiere, Bitte then that is a legislative problem and not a technical one.
Yes it is, just like paper voting. Thats a good thing, it shouldn’t be easy for future governments or corporations to track individuals without their consent.
With regards to Papiere, Bitte legislation solves nothing. It can easily be changed at a whim, our executive government almost always has a majority in the legislative house, make it trivial for them to amend legislation on whim as it suite them. Surely your not blind? You must have seen the numerous abuses of this powers from Boris’s Tory government over the past year. Just look at anything Priti Patel has worked on.
Throwing away natural defences against abuse for convenience is stupid and short sighted. There are plenty of innovative ways of working within our current ID system, while still offering a high level of convenience, without making it easy to abuse the data. Just look at any recent neo-bank to find half a dozen examples.
I find it strange that folks in the US and UK, given that these are championing modern dragnet surveillance, would recoil at the idea of government issued ID, thus forcing everyone to come up with error-prone workarounds enabling identity fraud. As a German, the idea of a bill proving anything at all is just wild.
> In many parts of the world (including the US & U.K.) the idea of central government holding an accessible database of everyone’s identifies, and mandating participation, is cultural and political suicide.
Is a very true statement. I am British but I live in Switzerland. If I want to do anything here, I send a copy of my residency permit. Bank statements wouldn't count.
The UK actually did experiment with ID cards under the Blair/Brown government. I never had one, they were only issued in a trial area. There was a campaign against it: https://www.no2id.net/ and the Cameron government (2010-brexit) scrapped the ID cards. The law was: https://en.wikipedia.org/wiki/Identity_Cards_Act_2006 .
One of the main objections was to the national identity register, which would contain biometrics and not need the card in order to query.
I'm on the fence about this. On the one hand, I'm not sure I trust the UK government to run any kind of IT scheme - they tend to pick huge consultancies, waste enormous sums of money and the result is late, 6x the price and doesn't actually work. Also the biometrics thing seems excessive. On the other hand, there are plenty of centralised databases already and if you ever want to drive a car, at least one of them prints out an ID-0 sized card with your photo on it. I would also, honestly, prefer an identity card over proving my identity with easily forged bank statements.
> n Switzerland. If I want to do anything here, I send a copy of my residency permit.
Even that would not fly in Norway. You have to close the loop with a trusted intermediary like BankID by providing a notarised copy of your ID then you can log in to other institutions using BankID's log in service.
> the idea of a bill proving anything at all is just wild.
It’s a little more complicated than that. KYC requirements aren’t that lax, but there are multiple ways of proving ID. Proof of address in the form of a bill is just one of many components that are used in tandem to prove identity. Rest assured you can’t open a bank account with just a utility bill.
As a Brit, I think the lack of ID* is fairly silly nowadays, however it's an orthogonal issue to the surveillance one.
Abuses of government power that the average person might experience here tend to come from lower levels like the civil service, police, tax office, immigration or councils. ID card databases could make that easier as they tend to be more accessible (of course, otherwise they'd not be useful). The other thing we don't want is for it to be easy for companies to demand ID for basic things knowing that everyone will have one, or future governments to be able to make carrying an ID card mandatory when in public, and for police - or anyone else - to demand to be able to see it. That situation is often derided as a Nazi Germany "papers please" police state. The idea of needing a permission slip from a state authority to breathe the pure English air is a line the majority of people would absolutely not want to cross at this point in time.
The secret services aren't something that most people think about. We don't typically worry about being mistakenly or maliciously classified as an enemy of the state. Unlike being maliciously classified as an enemy of a local councillor, which is fairly common. Also, you can be pretty sure your secret services are doing exactly the same things as ours, irrespective of what your law or constitution says.
(* Physical ID cards are a bit old fashioned though. We're planning on replacing physical driving licenses, non-citizen residence permits, etc. with digital versions. I suspect we'll end up with a national digital identity system by default without ever having a physical ID card. Some people are worried that will lead to another Windrush situation, however.)
> Norway is a bit unusual in the way it handles ID
No, it is the US and the UK which is a bit unusual in the way it handles government ID.
A functioning democratic government needs to know who is a citizen and who is not, in order to guarantee their citizen's rights. It may be a right to education, owning property and if not anything else then at least the basic right to vote.
All this require identity. You can not show up at the doorstep of the UK and demand a pension or unemployment benefits. You need to identify as a citizen with the right to this. You can not show up at the bank and demand money from an arbitrary account. You need to identify as the legitimate owner.
> We’ve seen how they can be abused people in power seeking to persecute part of a population
That's not it. All this information is available in government databases. It must be, and it is. It's just the identification that's handled differently in a select few countries.
It's not as if these countries have stronger data protection laws, to explain the weaker forms of identification. In fact, you'd be forgiven to think it is the other way around. Somehow it is only society itself which should use weak forms of identification, the same objections are not raised against certificates and two factor authentication by banks.
Having spend some time in one of the mentioned countries a number of years ago, my impression was that it is mostly a matter that this is a symbolic question of having a strong government. Contrary to popular belief, there are influential forces that desires an ineffective government, to bolster political ideas about the economy. Nowhere is this more obvious than in identification and taxation, perhaps the two most important mechanism of a modern Western democracy. This is probably not a coincidence.
The irony being that except for a register of addresses countries like the UK and the US have much more surveillance of their citizens than places like Sweden or Norway. The UK has about 1 surveillance camera per 11 citizens or so, I don't know numbers for Norway or Sweden, but from my own observations there are orders of magnitude less.
So yes the UK government might not have your adress in a register, but they know where you sleep, go to work, with whom you talk etc..
Lets not even talk about the extensive spying by the 5 eyes.
Yeah, that stat is very misleading. Those cameras are all privately owned, mostly by shops.
So unless you think there’s some great grocers government surveillance network (there isn’t, I’ve actually asked), then the government has no idea what your doing. To find out they would need to send a police officer with a warrant to every shop in the country to request the footage. Even then the footage is mostly crap (again I’ve actually seen what the police collect for investigations).
To claim that the mere existence of a camera indicates a surveillance network is just intellectual dishonesty. No one would ever claim that very laptop camera is monitored by the government, but apparently supermarket cameras are?
That is not true, there are a lot of police/government owned CCTVs in public places in the UK. They even had some initiatives, were some of those had speakers attached so the person monitoring the camera calls out "unwanted" behaviour.
I would say ignoring the fact that the US and UK have set up and are running (well the UK is really just tagging along) in the biggest worldwide surveillance operation on the planet is the intellectual dishonesty.
Also I never said that the existence of a camera indicates surveillance, that's a straw man. However, the existence of automatic licence plate tracking is definitely an indication of surveillance. The wikipedia article on UK mass surveillance is quite enlightening.
You should go and talk to some actual police officers trying to investigate actual crimes. I’ve talked to quite a few when working for a company that specialised in dealing with CCTV, and I was trying sell stuff to the police.
I can tell you with some confidence that U.K. CCTV infrastructure, both state run and private, is a complete joke, and almost completely useless. Try giving an officer CCTV footage of a bike being stolen, and you’ll quickly discover how useless it is.
> In many parts of the world (including the US & U.K.) the idea of central government holding an accessible database of everyone’s identifies, and mandating participation, is cultural and political suicide.
You mean like the IRS?
American here. Not having national ID is stupid. The government has an interest in knowing who it's citizens are.
It doesn't have a legitimate interest in knowing where I am at all times, however.
I don’t really have a super strong view either way. Here in the U.K. HMRC only knows about you if have a National Insurance Number (which isn’t mandatory) and get payed with PAYE (Pay As You Earn) where your employer collects your income tax on behalf of HMRC.
You can avoid both by only accept payments in the form of cash and bank transfers without a proper payroll. Legally dubious, but there are people out there who actually do this.
> The government has an interest in knowing who it's citizens are.
The government has an interest in many things. Doesn’t necessarily mean that individuals share that interest and should capitulate. Personally I don’t think mandatory government ID is a requirement for a well run civilisation. Interestingly Norways Bank ID is an example of how you solve the issue of ID without making it mandatory (Norway doesn’t have a compulsory National ID and only got a National ID last year), and banks in the U.K. are experimenting with something similar built on top of Open Banking.
Ultimately it’s down to the individual (in my view) to decide how much info they give to their government. But equally a government can request that info in exchange for government services, assuming that info is needed to provide that service.
> You can avoid both by only accept payments in the form of cash and bank transfers without a proper payroll. Legally dubious, but there are people out there who actually do this.
Well there's the issue, isn't it? The government has to know your identity unless you're committing a crime.
> The government has an interest in many things. Doesn’t necessarily mean that individuals share that interest and should capitulate.
This isn't an argument against the government knowing who its citizens are.
> Ultimately it’s down to the individual (in my view) to decide how much info they give to their government. But equally a government can request that info in exchange for government services, assuming that info is needed to provide that service.
Why should we be providing any service to anybody without having any information about them? So one person can show up and collect the same benefits 10x at the expense of everyone else?
At a BARE MINIMUM the government has to know your identity to determine your eligiblity to vote and to levy taxes. And both of those are so fundamental and important that I don't see how you can possibly argue that "shadow citizenry" is acceptable.
> Well there's the issue, isn't it? The government has to know your identity unless you're committing a crime.
Depends how much you earn. Below a threshold it’s entirely legal to earn income and report nothing to HMRC. Taking the stance that anyone not reporting to HMRC is tax-evading would turn the whole idea of due-process and “innocent until prove that guilty” on its head. The government should be forced to substantiate its accusations with evidence, and a lack of any record is not evidence of a crime.
> > The government has an interest in many things. Doesn’t necessarily mean that individuals share that interest and should capitulate.
> This isn't an argument against the government knowing who its citizens are.
Isn’t it? Governments should exist to serve their citizens, not the opposite (at least in a democracy). If a population don’t want their government to know who they are, that their prerogative. Nothing inherently gives a government a right to know who it’s citizens are, it might be useful and even necessary to provide certain services, but it’s for the people to decide what the trade off is, not government.
> Why should we be providing any service to anybody without having any information about them?
Yeah, that’s like my entire point. The other side of that coin is “why should citizens provide any information to government with they don’t want to use their services?”.
> So one person can show up and collect the same benefits 10x at the expense of everyone else?
Don’t know how you got to this conclusion. It totally reasonable for a government to make access to benefits dependent on providing basic identity information to prevent abuse. But if someone doesn’t want to access benefits, then why should they need hand over identity information? Equally if those benefits can be provided with collecting the information, then why should it be handed over? I should need to hand over my ID so an NHS doctor can fix my broken leg.
> At a BARE MINIMUM the government has to know your identity to determine your eligiblity to vote and to levy taxes. And both of those are so fundamental and important that I don't see how you can possibly argue that "shadow citizenry" is acceptable.
Sure, but if you don’t want to vote, or earn above the tax free allowance, then why should you need to identify yourself? And even if you do identify yourself, why should that process be centralised. Each organ of a government can figure out what they need to perform their function, and only request that data. Just because you want to vote, doesn’t mean the HMRC and the Home Office should automatically know who you are.
The UK and US are actually in the minority when it comes to compulsory national ID, albeit in good company. [0] I don't really have a value judgement on this, but would like to note, that both the UK and US have some of the most advanced surveillance states in the world, something that countries like China can only aspire to. If there is a red line drawn in the sand, you forgot to check your back.
> UK and US have some of the most advanced surveillance states in the world, something that countries like China can only aspire to.
I think that’s a little hyperbolic, the U.K. and US certainly have large surveillance states built in secret out of the public eye and public scrutiny. But China is on a completely different level, if you don’t think that’s true, then research the prevalent use of facial recognition, and the extreme forms of surveillance applied to minority populations like Uighurs. Everything in the U.K. pales in comparison.
Before you bring up the topic of CCTV and facial recognition trials, almost all CCTV in the U.K. is privately owned and inaccessible to the state without a warrant. It certainly isn’t networked into some super surveillance hub. And the facial recognition trials have been a complete farce, more a demonstration of police incompetence, than state surveillance.
China is indeed aspiring to copy western countries surveillance state, and taking it much further, but you are overestimating the infrastructure and data sharing already in place. The often discussed social credit system for example will start national operation soon, but in its absence, there is no national credit system. Ant Group was recently busted by regulators for not sharing credit data with the state [0] Facial recognition is very advanced in Xinjiang and first/second tier cities, but it is usually localized and data sharing between agencies seems very low. Life in China is full of legal grey zones, as is typical in developing countries, with things technically being not legal, but no one is there to enforce it.
I don't think that's quite accurate; I think it's true that the state can't compel access without a warrant, but in general shopkeepers quite like policemen, and will share their footage vountarily.
> the idea of central government holding an accessible database of everyone’s identifies, and mandating participation, is cultural and political suicide.
>In the U.K. at least, two World Wars have taught us to be wary of central government databases.
Well really it is a little more than a sort of Driving License. We might get away with it by calling it EuroClub Express.
> In many parts of the world (including the US & U.K.) the idea of central government holding an accessible database of everyone’s identifies, and mandating participation, is cultural and political suicide.
That's because the US and the UK are mentally ill cultures actually engaged in cultural and political suicide, so any practical, useful ideas like that are considered suspect.
> Unfortunately US consumer protection is lacking in comparison.
That's what happens when a whole country decided to mistrust their elected government and instead put their faith in corporations.
> There is no way that my Norwegian bank would accept a utility bill as any kind of support of ID.
It's not ID, it's proof of address, separate from proving identity afaik. Mtgox wanted to see ID, but because my ID doesn't say my address they also needed some somewhat official letter addressed to me on this address.
BankID with a digitally signed utility bill should be enough for AML/KYC.
I was developing one fintech app recently and I never heard of this requirement.
If I use BankID why would I also need to supply a utility bill? Or are you using the term BankID in some generic sense? BankID is the name of a company that provides a service of the same name: https://www.bankid.no/en/private/
As much as it might seem practically expedient, I'd advise not doing this.
I'm imagining a lawyer for the injured person hearing they resorted to fabricating evidence, lawyer looking sad or irritated, and telling the person there's nothing the lawyer can do for them now. At least not on the original problem, though now the person might have an additional problem.
Oh this is genius! Why aren't others doing it? My guess is that Banks have no incentive to do so? After all Auth and validated personal information is not their business anyway?
Email jeff@amazon.com. It'll hit the exec support team (even though he's no longer CEO.)
It's aggressively monitored. Jeff himself used to forward prickly ones with a ? to relevant parties, but at the very least, better than front-line support.
I hate it when companies use an "open secret" for important things like support. They're telling customers "Screw you if you're not part of the secret club!". That behavior is fine when you're a child, but for a trillion dollar company to do it just sucks.
Knowing that email address exists makes me less likely to shop with Amazon, and any startup that considers copying it should think very seriously about whether they actually care about their customers. No one should have to email the CEO to fix a basic problem.
But it's not a support trick, it's a "the executive team doesn't want to look embarrassed."
Writing the executive team isn't some trick to get real support, it's something that people figured out you could do and that executives would give vague responses to in order to save face; having seen the end result of a "write the CEO", usually the executive response is just a vague "make this go away", and the "how" of that is left to the imagination of the reader.
Please understand that it's highly doubtful that there is any official policy on what to do with support emails received at the executive level; the end result is that the person who wrote the email gets what they want, but it's not because the executive put any thought into the actual situation, it's because they just wanted an annoying person to go away and wanted to avoid bad PR.
That's all this is, a quick cost-benefit analysis of "what does doing nothing cost me here?" for some executive. For each story you read where writing the executive helps, probably there are a dozen (if not far more) met with radio silence. I've seen customers write the CEO when they were flagrantly and intentionally violating our licensing policy in hopes that the CEO would change something. I've seen them write our product VP because the customer felt they were entitled to salary compensation for the duration while an issue they had with our product was investigated.
Writing the CEO isn't a way to get basic problems fixed, it's a gamble that your particular issue and the circumstances around it are a big enough PR problem that the normal channels of raising concerns aren't enough.
> any startup that considers copying it should think very seriously about whether they actually care about their customers.
Presumably if a startup is copying Amazon it's because of their track record of making money, not their track record of showing they love customers, for the same reason companies aren't copying Google to achieve a bespoke customized nature of services and how they feel tailored to the individual.
That's exactly the point I'm making. Copying Amazon because they make a lot of money, without actually being Amazon and offering the price, range, and radical convenience of Amazon's service, is how a startup fails.
Copying any aspect of a much larger company without properly considering the impact of it on your customers when you're running a very different company is usually a terrible idea, but doing that for support and customer success is extra-terrible.
I would go as far as saying that customer service is not core to Amazon, it's purely a means to an end in some of their businesses. To my knowledge AWS isn't known for their amazing support, but it's entirely possible I'm just ignorant of it.
Not true - one can make a lot of money while being a good citizen. Not a hoard of billions, but quite enough to live comfortably on.
Yes - I slipped 'while' in as a substiutute for 'by'. Arguably the CEO of Oxfam is a 'good citizen' as part of his job, from which he earns millions. So he earns that 'by' being a good citizen. I meant that it's perfectly possible to have a well-paid job that doesn't involve exploiting people or the environment, or generally being a dick. FVSO 'well-paid'.
If 'making a lot of money' means becoming a billionaire, well, I don't think cornering the world's wealth is consistent with being a good citizen.
This also annoys me, and how people don't realize how fragile this solution is. But I think it's like moving your ssh daemon to a random high port: it doesn't change the nature of process, it doesn't provide any guarantees, and it's not the only/last thing you need to do, but it's believed to filter out enough problematic actors that it's worth doing, for both senders and receivers.
(But I get now your complaint isn't about that, and this isn't the best analogy. You're saying that this is a slap in the face to people who don't know that address; they shouldn't be likened to "attackers.")
No, they're telling customers: "If you're savvy enough to likely be able to sue us, we'll offer support."
The "open secret" approach is a high enough bar to filter out 99% of unprofitable support request, but a lower-tier than litigation. Most people will spend time with a search engine before shelling out for a lawyer.
You're thinking about this emotionally, rather than in terms of capitalism.
That's not exactly support though is it, it's just that you don't like their business model. Counterfeits are like half of what they sell these days. Hell that's what amazon basics is.
Amazon gets a cut of every sale even if a 3rd party sells counterfeits. Removing 3rd party sellers and their counterfeits means less revenue in the short term.
This has already happened with "Steve's" email address at Apple, which used to be monitored but is now mostly ignored, I suspect because of the sheer volume of traffic.
Sure, you'll get a response after emailing tcook@apple.com. But there's no guarantee that the customer service peep assigned to you will do anything to help.
I tried this approach when a client was having issues enrolling in Apple Enterprise to distribute an app in-house. Didn't work, took four months until we could release our app.
I secretly hope everyday that a competitor comes along who can produce hardware with a matching level of beauty.
Not sure why any existing hardware maker can't do it. Everyone else is producing plastic boxes of crap. That said I'll never have a mac, that whole mindset is so foreign to me.
I feel like this is extremely well known, at least 8 years ago I whined about the kindle case being shit (causing my screen to crack) and they reached out and got me a replacement
How does that work with the emails he actually needs to receive from his own internal staff though? Having a separate email that he actually uses for daily work ("notjeff@amazon.com")? I can't imagine having my customers and my colleagues bombard me at one email account and effectively staying on top of everything.
When he was actively CEO, he had an entire team devoted to sorting through those emails. They would filter the obvious spam and send the genuine customer complaints directly to him. Which usually led to the infamous question mark emails and a lot of people scrambling to resolve the issue and ensure it remained resolved. (The only time I've seen a question mark email have more than just question mark was when Jeff noticed this was a repeat problem from a previous question mark email.)
I think you'll find that quite a few senior execs don't actually handle their own email inbox. Just as they have an executive assistant to jealously guard their calendar and book all their meetings, someone is actively fielding their emails, dealing with the trivialities and junk, and only escalating the important stuf to the exec's attention.
Adrian Newey (cto of Red Bull Racing F1 team) famously has his emails printed off and then he replies in writing. His assistant types it out the following morning.
ceo's at this level have teams of executive assistants that cover all communications 24x7x365, for personal, work, and government liason. You don't think they actually read their own emails do you?
A former CEO of mine was known for keeping all his emails, forever. For this he needed special email storage arrangements from the IT team, including a laptop with a super-large HD.
If you ever turned up to a meeting and contradicted something you once said in an email, he'd be on to you in an instant.
My country of nationality, residence, and issuing bank are all different. On top of that, my name is odd for my place of residence and contains characters outside of A-Z (which makes names not match 100% on cards)
I get hit hard by anti-fraud systems.
If I budget 1-2h for any given online purchase, I have <50% success rate with Paypal and ~75% with Stripe. If I contact the bank and merchant, the issue is always with the payment processor. Trying to resolve through the payment processor goes nowhere. The only thing that can work is try again with another of my 6 legit cards (mix of visa/Mac debit/credit) and if I’m lucky it goes through. Sometimes the next day; I guess some cool down is in place.
This feels like discrimination or xenophobia with extra steps. If you’re international enough and have some bad luck, the systems will perceive you just like a scammer and will deny you service or require hours of intervention because of things like your name, location history, and nationality. (For those who haven’t noticed, sometimes PayPal will arbitrarily require you to create an account in order to complete a single payment. Nationality is required information in this step)
If it’s not something I really want provided only by a single seller, I will nowadays abort at merchants only accepting PayPal, and at the first failure of Stripe. It’s not worth the headache.
This reminds me... what about those who do not have a surname?
> Most Afghans have no surname; it is also common to have no surname in Bhutan, Indonesia, Myanmar, and the south of India.
They cannot handle patronyms, and for many people every local document (except passport and tax card) uses initials, for example. The problem is that the bank account name has initials (in many places for many people) which does not match your name.
My friend had an issue with Wise because they wanted the name to match that is on the passport, which was fine because it did. Then it started demanding that it matches his bank account name, which it cannot, because he has only initials there.
They are dealing with international customers. They need to understand these differences, but they do not.
I knew a guy with a single-character first name. He once bought an airline ticket but then got stuck at TSA who would not let him pass, despite all his ID etc saying the same thing.
A large number of web sites would not let him register at all.
Wow. This reminds me of my experience with Coinbase. I find it interesting that they don't see how troublesome all this is. There's a human on the other end of the technology, and shutting them out without a solid reason, or the ability to reasonable appeal is crazy.
As a dev I love seeing these. Makes me feel better about myself when these companies with seemingly infinite resources suck at engineering as much as I do
Yup, but when the age has been (let's say) 23 for an year and becomes 13, the software should smell a mistake.
Of course I have no idea about the actual UI. It's a bad idea to ask for the age because it doesn't update after the birthday. A birth date is much better but it's also personal data and maybe not necessary. If all a site wants to know is if you're 18, just ask it and store a boolean. If you suddenly declare that you're not >= 18 anymore, especially after using the site for a while, smell a misclick on a checkbox, ask for confirmation and explain what's going to happen.
It’s an engineering cost decision. I imagine they get single figure numbers of people making this change each year. The cost of having a developer design and implement a system to catch it, reject the change but save it in a state where it can be applied later, and automatically open either a support ticket or have an automated resolution system is far too high. Much easer to just lock the account and ask the customer to get in touch.
(Assuming there is a save button on the screen and it’s not an auto save on an input change, in which case yes it needs a confirmation dialog)
The software does smell something is off. Typically the policy in this case is that legal told them to deny then access, because they don't want to deal with the legal hassle of serving someone who just told you themselves that they're not 13 yet. (Lawyers are often unreasonably risk-averse.)
>Yup, but when the age has been (let's say) 23 for an year and becomes 13, the software should smell a mistake.
some years ago the Danish electrical company Dong (wonderful name they've since changed for 'reasons') sent me a message - give us a meter reading for your house or we will send someone around to do it and it will cost you some money, so I figured fine I don't have to do anything they do it for me for money!
next year, the same thing.
third year, the same thing. In Christmas of the third year when I was in Berlin I got an email from Dong, you owe us 15 thousand dollars (approx. translating from dkk in head), then later same day you owe us 18 thousand dollars, and finally next morning you owe us 20 thousand dollars.
So naturally I called them up and said I sure would like to know what you all are thinking (which was a lie, I didn't really want to know but I figured I better find out anyhow)
So they said they had sent someone by to read our meter and we had used more electricity and they wanted their money or they were turning it off. So I said you think I used 20 thousand extra dollars in a year?
No, the meter hasn't been read for three years and this is your fault because when we send you a notice to go read the meter you have a moral obligation to do that.
I asked what about their moral obligation to go read the meter when they said they would (which point they did not understand) but anyway since I was supposed to pay 3 thousand dollars a year (which is somewhat high for a Danish family of 3) and paid that it seemed highly unlikely that I had managed to use over two times more than I was estimated to use per year without an increase in population of the house.
It took a lot of arguing to convince them that somehow there was something fishy in the situation and they might have made a mistake, before they would put it to off closing the electricity and do an investigation.
Some months of investigation later, which involved me going to take pictures of my meter etc., it turned out they had read the wrong meter.
tldr: even obvious discrepancies that systems could easily be set to catch will not be caught and you will have to do the work to fix the problems of the organizations providing you services.
Even if it is policy, they can probably have a better lockout page or make it 'disabled' but still let you login to talk to support, get records, etc to fix things. AFAIK it's a complete lockout.
If you work inside these companies, you quickly realize that the amount of work is far greater than the amount of people to do the work, and triage is always happening. The bigger the company gets, the more there is to do.
Another falsehood programmers believe about dates. ))
When immigrants move across borders, often if there is no record of date of birth the date used is the first of January on a best-guess year, and sometimes even the year is wrong. Later this information could be updated. I know of a case of a man whose birthday (immigrant from China) went from January 1st, 1900 to some date in the late 1890s upon documentation being found, just slightly before his 100th (living) birthday.
There are, of course, also reasons for deliberately falsifying a birth date. Accessing an online service is one, false claim of benefits (e.g. pension) may be another, avoiding or enlisting in armed forces, purchasing age-restricted material, renting a hotel or vehicle, the list goes on. A robust system must account for these possibilities.
While there are relatively few people in this specific situation still alive, my grandmother was born in a country that still used the Julian calendar at the time.
Not at all. Just last week my government approved a plan to bring in thousands (I think 3000 or 9000) of immigrants from Ethiopia, a large portion of whom do not have personal documentation.
Yes, but you are designing a system based on a once in 100,000 edge case. There is no reason why such odd and rare requests can't be handled in a customer support request.
...If your customer service team are sufficiently well staffed, trained and have escalation points. In the article the customer service team couldn't even read a decision made by 'The Back End Team'.
A more realistic case for you: People make far more mistakes than you think. Having done genealogy recently, the number of documents with people messing up their own birthdate or name is staggering. On top of the much larger number of registers where someone else have taken the information down wrong.
You're seriously underestimating gow much this happens with current rates of immigration. 1 in 1000 to 1 in 5000 seems to be the correct rate in my country.
Besides, Even with 1 in 100k, with the US population of 330 million, you've created trouble for 3 300 people based on this edge case alone.
Modern example: my father, who is still living, driving, and traveling internationally.
When he was 15, his parents decided it was time for him to start driving his mother around, who never learned how to drive. They wrote down his birth year to make him appear 16. The Texas Department of Public Safety in the 60s wasn’t quite as strict about proof of identity as it is now.
Fast forward to the late 90s, and digitized driver’s licenses. Fortunately, my mother had an inkling that life for my dad might get a bit complicated with a driver's license that didn’t match his birth certificate, so she pushed him to get it corrected.
I imagine there are at least several thousand US citizens who have never lived elsewhere whose primary ID (driver’s license) shows a different birth year from the one on their birth certificates for similar reasons, and it’s a toss-up on which date they use for various purposes.
My grandmother "altered" her date of birth on her birth certificate so her husband wouldn't know she was older than he was.
That date ended up on their marriage certificate.
And then, after her husband passed away and she was approaching pension age, she realised she would only be eligible for the pension a few years later...
So DOB is not immutable.
(and another common source of DOB errors, mixing up the US MM-DD-YYYY versus the normal DD-MM-YYYY format used almost everywhere else...)
The US legal code doesn't give them a ton of flexibility here.
Coinbase has to push the boundaries of US legal code interpretation in plenty of other places... picking "letting pre-teens manage accounts" would be a dumb hill to die on.
Going into your profile on a trading app and saying "i am 12 and what is this", no matter the reason, seems like a reasonable signal that maybe you're not a customer I'm hugely concerned about retaining.
Quite common. On Discord, there are NSFW channels and before joining them, you have to provide your birth date (only once). If you set it to below 13, your account gets suspended/locked immediately.
Commonly the 1 unhappy customer might tell his story to ten of their friends or thousands+ of readers online. Fixing customer problems (especially drastic ones) carries large incentives, because those single stories will actually be observed, while the 1000 happy customers won‘t be mentioned.
The depressing bit is that they can make a rational decision to weigh that cost against the amount of money it takes to keep people happy (vs doing nothing). Not that I support it, but they might be following the financially superior option. There's a lot of incentive to get that answer "correct", so I suspect it's currently working out in their favour, even though it sucks for those of us caught on the shitty side of that equation.
While true that economies in their various forms can form unsympathetic relationships between producers and consumers, it seems that, broadly speaking, producers who align more strongly with consumer satisfaction tend to ‘win’ and those who broadly speaking don’t tend to ‘lose’ on a long-term basis.
To their credit, Apple seems to get this mostly right.
I was banned from Coinbase 4 years ago, and I am still unable, to this day, to create an account without it being banned within 5 minutes of creation and no one is able to give a reason as to why.
From having been behind the scenes of a web hosting company a while back: They almost certainly have decided that you're a scammer, and that any account you ever try to open is just an attempt to get around being banned for being a scammer.
The complete non-answers from support are almost certainly because they have that as a standard policy with people they've decided are scammers, because the genuine scammers out there are extremely good at manipulating literally any kind of even vaguely permissive support policy into enabling further fraud.
The bigger issue here is that when a company is actually good at this stuff (like that web hosting company I once worked for), there's a department specialized in handling these cases with knowledge of how to properly verify legal identities and filter out the scammers... but quite a few companies today both big and small have decided (possibly correctly, given how they're treated) that it's easier and more profitable to just skip that entirely and instead leave false positives locked out of the system permanently.
If it's in finance then unfortunately this is really just how it works in the US. If a bank has the slightest inkling that you're someone on a sanctions list (or that you have a connection to some "bad" country like Venezuela, Iran or Cuba) they'll drop you like a stone.
So yeah I agree it sucks, but the issue is not that every company which complies with OFAC is an incompetent loser. It's that the USA has declared a few countries as enemies and has some tough laws to enforce this both domestically and within its sphere of influence (foreign transactions with a "US nexus"[0] fall under OFAC). If I recall there's no upper bound on the fines for contravening OFAC and there's no leniency for accidentally breaking it even though you demonstrably tried to identify people, or were tricked. So these companies are incentivized to err on the side of extreme caution.
[0] - this is a fun one, iirc this can mean obvious things like "a company has a subsidiary or office in the USA", or "a transaction was conducted in USD" or even "an American citizen was in the room when the transaction was performed".
Traditional banks will cut you off as well. Move lots of money through your account, bounce it between a few accounts and back into your account. They'll cut you off.
In the UK I can raise this with my bank and if they don't resolve it I can raise it with the regulator, who has real teeth. Getting back on topic, who regulates Apple?
There are bank regulators in the US, it is heavily regulated. Businesses are still free to choose who they want to do business with. Banks will get smacked down by regulators if they helped laundered money so they error on the side of caution. The fact that is heavily regulated is the root cause.
That is correct. Yet it doesn't make it good. Customer focused communication even though some indicator tell you to terminate the account should avoid a "The process" situation. This is 2021, we have many amazing communication tools available.
At least in the UK, there are "tipping off" offences that make it very legally risky to tell people why they're suspended. Banks just tell their employees not to do it to avoid risk
It doesn't matter if they lose one customer by mistake if they screen out multiple fraudulent accounts this way. It's simply more profitable to do this in an automated way than to actually consider the human in the equation.
I'm not mad, I've still got my keys from 2014-ish. I only made a Coinbase account after a finance teacher in high school heard that I dabbled in crypto, and bet that he could build a better-yielding portfolio than I could. I logged onto Coinbase, spun up an account with $20 in it, and invested in Chainlink and Ether. Nowadays it's worth ~350 dollarydoos, which isn't absolutely necessary to retrieve. Honestly, it was worth it just to watch his enthusiasm crumble when his 30% APR high-risk portfolio paled in comparison to some dumbass high-schooler's prediction.
File a complaint with your state’s Attorney General, FINRA, the SEC, and NYDFS. Should help Coinbase along in recovering your account. Should take no more than an hour or two to file with all regulators I mentioned.
I'm surprised OP mentioned New York State Department of Financial Services (NYFDS), but this might be the local regulator if Coinbase's home state is New York.
I would still file with them, they can still escalate on your behalf since they are the regulator, or refer you to the agency you should file a complaint with.
My experience has been just opposite with Amazon at least their Web services. One of my account was hacked and since I don't use AWS any longer the emails and alerts were going to an email I never check. Don't remember how I discovered it but upon opening my AWS account I was stunned to see a $50,000 something bill. Amazon even raised a GST invoice for the same IIRC.
My heart sank and mind filled with questions and uncertainty.. What if AWS sues me, maybe they will settle it for half or 25%. But their customer support was more than kind to me. In every reply they assured me that I need not worry and they are working on my behalf to resolve this.
I cooperated with them in every way possible and After 16 days I finally got a reply that it was all taken care of and I owed them nothing and they didn't even suspend my account. God knows how the things would have turned out with any other hosting. I did leave them a suggestion to hard-cap the billing instead of just email alerts.
> I did leave them a suggestion to hard-cap the billing instead of just email alerts
Why would they do that? Enterprise customers are just going to pay the bill, and for small customers they get a lot of good will when they make a "special exception" and don't ask you to pay for charges that someone else fraudulently racked up.
The actual cost of providing the service to the fraudsters is probably so low that they don't have a lot of incentive to prevent the fraud, as long as there is a non-zero chance that someone pays for the fraudulent charges.
A few years ago, I was vacationing abroad, and ordered a gift from Amazon to be delivered in another country. The payment from Amex bounced for whatever reason, and Amazon permanently banned my account instantly. Difference is it says my login/password are invalid (they're not), there's no other message, no field for contact.
I lost more than 100 paid Android apps. Never took the time to recover that account, if this is even possible at all.
The damage would have been much greater with an Apple or Google account.
For traditional banks and credit unions, a physical branch is a major component in their 'anti fraud' device and systems.
Trained human experts will review documents and establish an identity.
However those systems also have financial hurdles to access. Someone with a very thrifty banking service, or someone with very little money (paycheck to paycheck poor) would have trouble utilizing such a resource.
This is unfair and systemically disenfranchising.
I would really like to see a solution to this issue from another part of 'the system' which must already validate someone's identity. A nominal and small fee should be attached, but it should be paid for by the corporation that wishes to ensure anti-fraud activity.
In such a circumstance the corporation would be compelled to also accept this validation, or optionally offer others that may be faster if a consumer agrees.
An individual under such suspicion would visit a nearby police department. Depending on the level of validation asked for said department might also try to actively contact the individual in other ways to cross-validate. If someone happens to be on vacation at the time this check would necessarily involve two departments (the place the person is at and their home area).
Such a system is costly in time for the consumer, and some money for the company. Ideally solutions that don't result in account suspension would be developed to prevent reaching this state; but a good standard for last resort default is necessary to ensure any other solution that survives is better.
If we’re talking radical changes, I’d really like to move from authentication-by-flesh to authorization-by-cryptography. Basically as opposed to have party A present identifying and (supposedly) hard-to-know information and biometrics until party B is sufficiently confident that they map to the same physical person.. authorization by cryptographic keys. Like using metamask for authenticating.
There will still need to an ecosystem of companies with the kind of services you’re talking about, but there would be a clear distinction between the “vouching” part (attest to a bank that you are who you say) vs “access” part (multi-party key custody and recovery services)
So many hairy problems (online payments fraud for example) stop existing in the same way if we move payments from pull to push and access control to utilizing cryptographic signatures.
I shouldn’t have to expose my entire identity in order for an online merchant to be sure I won’t bounce the payment. And the scenario OP is describing would never happen.
That solves the problem to one extent and makes it worse to another, and definitely doesn't solve fraud to any degree. With crypto, if a scammer cons my parent to hand over their private key, every company that relies on that key can claim that whatever account action occurs is perfectly legitimate and ignore attempts to correct problems -- after all how would you prove the transactions are illegitimate if they're signed? More to the point: how would we prove they're illegitimate better than we can now?
The way I've heard Europe handles banking (debit like) transactions with a monthly settlement list (default approval) comes to mind.
Everyone involved in a transaction would declare the perceived value of the transaction (which should agree within fuzzing to account for currency exchange). Everyone would also declare their risk aversion thresholds in advance, publicly (pushed through their bank). A maximum accepted threshold would also be declared by each party (E.G. must settle before X). An agreement of contract would involve the maximum thresholds being less than the cross-referenced risk level.
E.G.
Seller [ (< 3 days && RANGE_INCLUSIVE 0 USD TO 24.99 USD) || (< 7 days && RANGE_INCLUSIVE 25 USD TO 99.99 USD) || (< 14 days && RANGE_INCLUSIVE 100 USD TO 999.99 USD) || (<33 days && GREATER_THAN 1000 USD) ]
Buyer (happens to use the same default list as above because it's popular)
Purchase: 105 USD (laptop power adapter)
Among both lists that would fall into the 14 day category, so it would go on the books and 'clear' (like a check in the US today, but with a longer time period) in 14 days.
That gives someone 14 days to discover an identity compromise, publish the revocation certificate, and this SUSPENDS all contracts made by their key within the published clearance time windows.
They may re-sign the transactions they approve with the new "key" (accredited by certificate issuing authorities such as a state or federal government).
For any items / services not yet fulfilled suspension of delivery or limited use might be imposed if the contracts are not reauthorized.
All of the others would be part of a fraud case (or cases).
IMPORTANTLY: to change the published duration of a contract expiration to shorter would require waiting out the whole period, while lengthening it would be 'instant' as soon as the lending institution involved witnessed with their signature (and thus also published the new value).
I think that for most people, they would not be directly exposed to key material. They would rely on an enclave in their smartphone, and/or separate tokens a la yubikey. The actual private key used for each company would probably also be different.
The exact same thing happened to me, I added my own (new) card for billing and they immediatly locked my account and requested the docs, I got the same screen you described.
I had just moved countries and none of my new accounts had statements yet, by the time I got them I just get stuck in this repeat loop of upload docs, wait a few days, says invalid.
No way to get back in, all my purchases lost, no human to contact, I just don't use Amazon anymore. Very annoying
> to explain that the card does not send me a billing statement and I cannot possibly produce one
I'm sorry but this does seem extremely suspicious. I've never heard of a bank that does not provide any statements.
Sure, a debit card does not have a billing statement like a credit card, but the bank account that the debit card is linked to should provide a monthly statement where you can see the transactions. At least a downloadable PDF even if they don't send a paper one in the mail.
It's a simple top-up card, not connected to a bank account. I wrote "online bank" to simplify. What they offer is an online dashboard, a screenshot of which Amazon refused.
In any case, I didn't ask them to take me on my word, but to contact me and see if a different set of documents might be used instead.
I run an online store, we use Stripe for payment. 100% of prepaid cards issued outside of the UK (we are UK based) are declined, fortunately we have very very few of them. I have no idea if this is stripe or the issuing bank but I believe prepaid card and overseas transactions is MAJOR indicator of fraud.
Just because it isn't connected to a bank account as you understand bank accounts to be, doesn't mean it isn't connected to a bank account as banks understand them to be, and you're not entitled to request a statement.
Just because one is entitled to a bank statement as you understand this entitlement to exist, does not mean that the card issuer is obliged or interested in providing one within weeks or even months of the request, especially with the exact format that Amazon or another third party has decided to accept.
Ah I see, so you did realize that the bank responsible for your card would send you a statement, but they wouldn't send it in either the correct format, or within the necessary timeframe. Well that just sounds like a crappy situation all-around.
Here in New Zealand most banks no longer provide paper statements. I have a US Etrade account, recently they wanted a paper statement of any sort and I realised that I no longer receive anything that meets that requirement
(I could turn statements back on, I think the bank charges $5/month or some sort for that)
This is more common than one would imagine. Not all banks provide statements narrowed down to debit card usage. A bank statement does not always show the debit card number making it difficult to establish a link between the provided evidence.
That's why I don't have books with DRM in my digital library. It would be unacceptable to me that my books are no longer accessible to me by somebody blocking my Amazon account.
Hey, I'm not sure if you'll see this but I work at Amazon and can at least try to get a human for you. I can't promise magical solutions but I can get you some real person attention. Email me at my HN handle at protonmail dot com and we'll move the discussion to my work address from there.
Did you try to call their customer service? I ran into the exact same situation with Amazon once. I was trying to sign up a free trial on audible.com, and my years old account had been locked immediately. To make it worse, my AWS services is on the same account, and I was locked out from the AWS console to manage my servers. At the same time, ironically, I still got monthly bills from AWS which I can't even pay. I tried several times to provide as much information as I can on that stupid login page but with no reveal (my bank doesn't send billing statements too, it's all on their app). Finally, I found Amazon's customer service phone number on a purposely hard to find webpage, the woman on the phone was nice and said she will try to contact the relevant person for me. After hung up the phone, I made a final attempt by uploaded a photo of my credit card. The next day, my account was unlocked. I don't know which method finally worked, but it worth a try.
> I went through every possible channel to explain that the card does not send me a billing statement and I cannot possibly produce one
Offerers of online banking services take note: even if you don't mail statements to your customers, you should provide an option to generate such a statement that the customer can download as a PDF.
They probably do have a transaction log in the form of an online webpage or dashboard.
But Amazon wants a statement with a billing address and the card number.
That's one reason I only use my credit card on Amazon - it has such a statement available in case I ever need one, while most of my other cards do not.
> All my kindle/audible/etc media immediately became inaccessible.
gen.lib.rus.ec
Also lookup myannonymouse for audio books, have all the latest titles. Getting an account is pretty easy, they literally checks if you can read their account policy.
> card does not send me a billing statement and I cannot possibly produce one
I don't blame Amazon here. This is suspicios. All debit cards are linked to your bank account which always have a statement.
Also, I have found it very helpful to provide not just statement but the photos of the card, your ID and various other documentation in the PDF. It helps the support engineer realize that you are really you.
Amazon should totally be blamed. Their reinstatement process has taken a complete nosedive recently, with their review of documentation consistently inconsistent and devoid of any quality control.
I've sent them the exact documentation they requested (actually well over and above what was required) - all of it rexboxed and annotated, and each time they send it back saying the documentation is illegible or lacking in the details they require.
So what if it's suspicious? People pay hard earned money for content via services such as Amazon's. That these companies think they're justified in locking people out of the content they paid for because of some random suspicion is just insulting.
There'll come a day even the people who defend copyright won't be able to justify supporting this industry due to how badly it mistreats and abuses them. It's simply appalling how it's almost 2022 and paying consumers still get infeiror products and services compared to "pirates".
I constantly amazed how people are happy with or even try to defend practices with online purchases that absolutely no one would accept for real live items.
Just to give a car analogy, imagine your car is at your BMW dealer for repairs. While it is there you buy some new rims and pay with a credit card that is different from the card you used for buying the car. After that they refuse to give you back your car, because they say this is suspicious. Nobody would accept that.
I have an online dashboard, and Amazon won't take anything other than a card statement with my card number (all but the four last digits to be hidden) and the billing address on it.
A lot of people in this thread talking about losing their store credit and app/content purchases. I'd imagine the worst case scenario could be much worse. Apple runs fairly popular cloud storage services that are strongly encouraged to you for your photo storage and files. The photo storage especially has an option to automatically delete your local media because it's already backed up on Apple's servers. Will these all be locked out without warning or recourse for a miscellaneous card whoopsie?
Even standard files on iCloud. Who knows how important the average users' cloud files are to them? (I don't use public cloud storage at all anymore because of this exact fear - what if some arbitrary billing/transaction error locks me out of everything without recourse?).
To be fair I've no idea what the person in question got their account locked for and if there was any shadiness involved but I doubt they'd write about it publicly (or get access restored) if there were, which implies that at any time your account and your data can be taken away for something entirely mundane.
It makes me really concerned in fact how Google would handle something similar to this - given that for Chromebook users everything (literally EVERYTHING you would normally do locally on a computer) is in/via your Google account.
For exactly this reason I never trust online photo storage for anything other that disaster recovery. Google Photos still, after nearly two decades, won't tell you if they're storing an original copy or compressed facsimile of your photos. And after having the Android App randomly and surreptitiously turn on compression for uploads, there is simply no trust left.
So. SyncThing on my phone and laptop, and an a little herd of external drives. It makes me feel like a digital prepper or something. Sigh.
Actually. I think I have just self identified as a digital prepper and I like it. Time to download my Google content.
> Google Photos still, after nearly two decades, won't tell you if they're storing an original copy or compressed facsimile of your photos.
One recent anecdote: When I used my Pixel 2 with its free original quality backup, I used motion photos for a few things. 3 years later, now, on another phone (or even the web viewer) some of these motion photos are not loading. Some of them then load on the web but have video compression artifacts (i.e.: B-frame artifacts).
I'm glad the original photos are intact from what I can tell, but this is extremely off-putting, given I was 100% in the Google ecosystem -- from hardware to account setup -- and still got burned somehow.
> It makes me really concerned in fact how Google would handle something similar
Very poorly, it seems. There are a bunch of stories scattered around HN about Google not only irreversibly deleting personal accounts, but entire paid Google Apps for Business setups. A whole company gone because the admin uploaded one ripped movie to their personal Drive, for example.
Many of these did get mostly resolved after someone carefully exploited the Kevin Bacon rule to get in contact with a Google employee, who then made some noise internally. But many couldn't be even with insider help, as some deletions are (were) apparently instant and irreversible.
There is a famous google support post going around where a woman begs the support to help them get her account back and the support just parrots a canned text reply.
But afaik google only has working support for paid users.
That's not 100% true. One of the best things I ever did was ditch all my clients who used my servers for mail onto corporate gmail accounts. They actually do get someone on the phone when they have a problem. The thing you have to consider is that someone on the client side is getting paid $8/hr to call Google and someone on the Google side is getting paid $8/hr to respond, and as long as it doesn't bubble up to being anyone else's problem this is probably better than having a CEO call a dev lead at 5am and ask why the mail isn't working.
Ask to speak to the data controller; they have to provide you with a copy of all the data they have on you. Once it gets legal things tend to move quicker.
Have three kinds of backups. Physical drives (2) and an online backup that's not through Apple, Amazon, Microsoft or Google.
And don't use any of their built-in services; in fact, firewall yourself from them.
Then it's no fuss. You'll never have to deal with their "customer service".
Every company (Apple, Google, Amazon, etc) is guilty of pulling this non-sense on customers. It is too easy for them to wipe out thousands of dollars of value with no meaningful explanation (read the Terms and Services and go away? seriously Apple?) and no accountability.
IMO, states should enact laws where you can take the company to court in your local county and no contract can override that right. If the termination is found justified, the company must refund all account assets at fair market value and any remaining balance. If it was not justified, the company must reinstate the account, pay all court and legal fees, and a reasonable amount of mandatory punitive damages.
Also, I don't get why Apple et al pull these stunts anyways. They already have a huge "regulate me" post it on their back.
This is something the EU is currently taking on with their Digital Markets Act, and the concept of digital gatekeepers.
I pretty sure (I haven’t been following too closely so it might have changed) the Act requires digital gatekeepers to provide human customer support, and provide clear explanations for moderation activity and account closure. Along with a clear appeals process.
In theory all of this should make it much easier for a normal person to appeal an account closure, and refer a company to a regulator, or sue them in court, if they fail to provide a fair appeal.
That's a tough policy to write fairly. Imagine Tom in Alaska buys a $10 downloadable pdf calendar off of designer David in Florida via Etsy. Tom claims the calendar somehow harmed him and sues David locally in Alaska, but is willing to settle remotely for $500. David knows it's bullshit and could beat it in a millisecond, but there's no way he could take time off to go to Alaska and avoiding a bench warrant is a pretty compelling reason to pay up the $500.
That's not to say the current setup doesn't suck, but the solution isn't super cut-and-dried.
I think they understand that, they’re just saying such a law either needs a regulating body doing the enforcement or needs to be worded very well to avoid frivolous cases.
There are things you can do remotely. This happens all the time.
I once sued a company in New South Wales in small claims court. It was done entirely online from the US, and if there had been a hearing, it would have been by phone. The company paid up within 24 hours of the filing.
That's been true for many (not all) international suits for some time, but you can't generalize that to everywhere. In the US, things like that are set up per-jurisdiction or per-court and they all have vastly different budgets for these things. Jurisdiction is also not entirely straightforward in these instances. It's not that cut-and-dried.
You have to look at it from the company’s point of view. As the accounts can be created for free, every day millions of grifters are pulling shady shit. Using stolen CCs to purchase, trying to scam the support team, refund scams, identity theft… You name it and it happens.
>>You have to look at it from the company’s point of view.
No we actually do not, and should not.
They are offering the product to the market, it is incumbent on them to fix the problem not just toss their hands up and say "Well it is too hard / expensive for us to solve so consumers just have to deal"
This is similar to my complaint over the concept of "Identity theft" no one identity is ever stolen, no companies fail to implement proper fraud controls then shift the liability to the victim to "prove" their "identity was stolen", that is the exact opposite of how the burden should work
Coming back around to the Apple situation, this is a result of allowing unconscionable contracts (aka severely one-sided and unfair) to permeate the digital goods world. The fact that Apple can terminate a contract in full, with one sided review with out having to notify the other party of the exact clause of the contract they alleged the other party violated, no recourse or notice to correct, no appeal or attempts to remedy, etc would not fly in most contract situations, the fact we allow it with "terms of service" is ridiculous
When you create an account, and do nothing shady for years, in fact buying their products and spending money with them, and THEN you get cut off, that’s what we’re talking about here. And that their moderation needs to not be so digital and one sided.
Their business model is literally profiting off of poor customer service (as a service).
Get your credit card from a local credit union with at least one physical presence near you.
Do your own backups or contract to an independent company whose primary occupation is doing backups.
Manage your own email either directly or through an independent email provider. Buy a domain and use that for your email address to increase flexibility to move from one provider to another.
Diversify.
Anything else increases your risk of getting caught in a personal and financial wood chipper.
This sounds like The Trial by Franz Kafka. You get thrown into a bureaucratic machine and you have no idea why. And no way to appeal.
These account suspensions scream for regulation that forces a company to explain the suspension and offer some kind of appeal process. Otherwise I see a very dark future where super large companies kill people's livelihoods and nothing can be done.
It's striking how the guy goes out of his way to not be angry at Apple. Very interesting psychology. Stockholm syndrome or just begging the king for forgiveness?
Now that is a comment that really captures the important thinkers of our times. He is even influencing the UK prime minister. https://m.youtube.com/watch?v=Q4AzGie3JcI
Perhaps he doesn't want to lose whatever good favor he has at Apple or risk his account beind disabled again in retaliation. The alternatives to Apple aren't exactly equivalent or easy switches to make.
> Otherwise I see a very dark future where super large companies kill people's livelihoods and nothing can be done.
What do you mean future? This is already the reality. I recall reading multiple threads here on HN in the last couple of months alone where people lost access to their Google accounts and only got it back because they happened to have a somewhat bigger following on Twitter or elsewhere. I think it's safe to assume that for each of these cases there are many others where the victims don't happen to be influential online personas and their cases just go unnoticed.
> It's striking how the guy goes out of his way to not be angry at Apple. Very interesting psychology. Stockholm syndrome or just begging the king for forgiveness?
I would bet it is some ML model to detect fraud. This model will never be perfect – it will have false positives. My guess is – while picking the precision/recall thresholds for blocking users, someone higher up would have argued it is okay to cause some false positives to prevent a lot of harm.
And they would have justified to themselves saying there's always recourse through customer support. But customer support tools to investigate and un-ban users would be slow and painful and lacks capabilities needed to check if the complaining user even passes the basic smell tests for a fraudster. And nobody can really explain why the model blocked the user in the first place. There's no well-lit path from CS to engineering on a case-by-case basis. Escalation would happen in bulk/batches – when lots of seemingly 'innocent' users complain to CS, CS may escalate to engineering.
Btw, the alternative of having to pick really conservative thresholds (with near-zero false-positives) causes more harm – harm that's more visible.
The slippery slope is this – over time the definition of 'trust and safety' would have been expanded to include interests of more and more stakeholders (including company's own business interests) – it is very easy to lose sight of serving the user (who may not be the paying customer).
> I would bet it is some ML model to detect fraud. This model will never be perfect – it will have false positives. My guess is – while picking the precision/recall thresholds for blocking users, someone higher up would have argued it is okay to cause some false positives to prevent a lot of harm.
> And they would have justified to themselves saying there's always recourse through customer support. But customer support tools to investigate and un-ban users would be slow and painful and lacks capabilities needed to check if the complaining user even passes the basic smell tests for a fraudster. And nobody can really explain why the model blocked the user in the first place. There's no well-lit path from CS to engineering on a case-by-case basis. Escalation would happen in bulk/batches – when lots of seemingly 'innocent' users complain to CS, CS may escalate to engineering.
Can such a model be trained effectively if isolated reports of false positives are rejected without meaningful investigation? In that case, wouldn't the model be trained with bad data?
What if for each reported false positive there are more users affected who didn't report it (because their accounts were less valuable, because their time was more valuable, because they were too upset, because they were too timid, because they died (for unrelated reasons), etc)?
> Can such a model be trained effectively if isolated reports of false positives are rejected without meaningful investigation?
No, and much like YouTube auto terminating accounts with 10 years of content there is absolutely no excuse for certain very obvious cases to be handled without human interaction. There absolutely must be flags that stop terminations without a human.
> it is very easy to lose sight of serving the user
Every public corporation only serves its shareholders. If they annoy enough of the users and the shareholders take notice when it hits the bottom line maybe then something will be done.
Boring take that shows up in every HN thread. I worked for years in Risk/Fraud and what you're saying is just not true.
There are always tradeoffs to be made, we will always mistakes (hopefully rarely), and 99% of the time the people behind the curtain are trying very hard to reduce harm for the good actors.
I think most actors are genuinely acting in good faith. The problem comes when the machine gets so big that people don't understand that their good faith actions lead to overall bad outcomes. It's not so much evil corps as I think it sometimes is clueless corps.
Thanks for that. Evil Corp narrative is strong on HN.
Years working in corporate and I am yet to see people who are “serving shareholders” and “squeezing customers”.
There are strategies that fail, and sometimes there are people who maximize personal gains at all cost. Exact same way as for any other kind of organization.
Big problem is scale. Cost of mistake and collateral damages for big org will always be higher and more impactful due to size. 0.1% of customers for Amazon is 300 people.
As Tim Ferris shows brilliantly in his famous book (four hour workweek) "Firing customers" can be greatly benefitial to all.
Or, to stay in your analogy: striving to make a food that is 100% safe for 100% of the people will result in bland, poor food. It's fine to use gluten in your bread, or peanuts in your sause, even if x% of potential customers will get sick and can die, if they eat it.
Fire those customers. Be clear: this is not for you. It makes the other customers happier. And consequently your stakeholders happier.
These tech companies are ridiculous to the point that some law should be written to curb their attitudes.
These are the richest companies in our country, and print money hand over fist. That they sell online life services like photo, storage, music, etc should require them to provide actual, human support.
I find it really sad they even have to be forced into it. How much could it possibly cost to hire a few hundred 'filterers' that triage out the tech support, and a smaller team of people who look into real issues?
Amazon and Walmart do it, and still both make tons of money. So what's the downside here?
The real problem is that these companies have silently just become foundational infrastructure for a modern society. They aren’t some random private optional service. They were private disruptive innovation at one point, but because of their immense effectiveness, power, and influence, they are really more like public utilities. Our laws don’t recognize that yet and we need to start talking about this more to make it so.
In Australia, the powers of monopolistic or near-monopolistic telcos were effectively checked by the Telecommunications Industry Ombudsman (TIO).
The TIO has teeth and almost always sides with the customer, and they make sure that the fine exceeds any benefit that the telco might be gaining through the bad behaviour that resulted in the complaint. Unofficially, I heard that the fines for any valid customer complaint start at $7500 and go up from there rapidly.
Something similar may be needed. A mega-IT-corp-ombudsman, with powers to fine corporations providing services to the public in proportion to their annual revenues or current market cap.
It’s more like $30 a day for every level 1 complaint open with TIO and cost goes up from there. I seem to remember level 3 is around $250 a day though memory is becoming increasingly unreliable.
Point is, even if TIO sides with the telco (unlikely, they encourage both parties to find a middle ground as they are consumer first oriented) on a case where it takes for example 10 days (again, unlikely) to resolve; the margin[1] on a residential NBN service with a budget provider like TPG has already evaporated and that’s without considering costs of having TIO liaison staff, etc.
It’s a good model because it encourages the telco to resolve the complaint properly and in the customers favour before the problem can make it to TIO as once it gets to them, it always costs the telco money. Provider is better off wearing $100 cost to resolve than have the complaint spend 3 days with TIO level 1, taking up time and resources whilst also becoming a publicised negative statistic (TIO regularly publish report outlining telco performance from a number of complaints perspective).
I think your suggestion is a good one. Just adding this detail because I think it’s important to note that the model is actually about encouraging better complaint handling and customer service than just being about fines and punishment.
[1] assuming 12 month term on approx $65/m service but I am speaking in broad terms
I wonder why the TIO can't help with complaints to Apple, Googles, and Facebook. They provide plenty of telecommunication services. There's really not that much difference between the FANGERS and the telcos who sell the sim cards. It's all just software.
These tech companies are ridiculous to the point that some law should be written to curb their attitudes.
IANAL, but doesn’t contract law already cover this? Apple terminated the contract one sided. They are allowed to do so, but only by acting in good faith and fair dealing. That they were willing to let this person open a new account (new contract) but not willing to reinstate the existing contract and also unwilling to explain how this person could avoid a similar punishment seems to indicate at least a lack of fair dealing.
The ABA has this to say: In general, the duty of good faith and fair dealing means, for example, that parties cannot evade the spirit of the bargain, lack diligence or slack off, perform incorrectly on purpose, abuse their power when specifying the terms of a contract, or interfere with or fail to cooperate in the other party’s performance.
I wonder if this person had took apple to small claims court instead of trying to navigate apple’s kangaroo court system what the outcome would have been.
Should they be able to scan your photos? Should they make judgements on your photos based on ml classification? Should they run your photos against police data for crime matches? Should they be able to sell your photos or use them throughout their product? Can they use your photos in an ad campaign?
A provider shouldn't, because their system should be designed to prevent them from being able to so they aren't someday required to at their own expense nor at the probable violation of their customer's privacy.
As technology evolves it becomes increasingly easy to invade deeper and deeper into once private spaces. Such as someone's rooms. Someone's now electronically light and replica-table collection of externalized documents and memories; maybe within our lifetimes even within their minds.
While I don’t disagree in particular that Apple should offer support for account recovery, and that a resolution shouldn’t require knowing the CEO’s email address and crossed fingers, I don’t necessarily follow the logic that ‘they store my photos’ necessarily means ‘they should be governmentally coerced into having dedicated support staff’.
It’d follow logically that if your photos (or whatever) are valuable to you, you wouldn’t punt sole responsibility of their perpetual storage to third parties. Understand instead that the storage services they offer are voluntary, conditional and subject to loss due to error, negligence or even maliciousness (the latter of which rarely serves business interests).
Apple should obviously do better here — assuming this story is indeed accurate - but introducing legislation here seems like a leap.
They should be regulated. In the same way that other utility providers (eg electricity, water etc) are regulated.
They should be subject to consumer protection law.
Apple was forced in Australia by the ACCC (our consumer protection regulator) to provide proper warranties and repair/replacement/refund protection, as specified by the law.
I see no reason why they shouldn't be "governmentally coerced into having dedicated support staff" to support their compliance with the law.
I agree that they should be subject to whatever consumer protection laws are in place for the regions in which they operate; I disagree however that they should be viewed as utilities for the purpose of legislation. I’m unconvinced that access to those libraries of movies, music or photo storage could be considered along the same lines as electricity or running water.
I’d agree that there’s too tight a coupling between account access and access to purchased media, but it’s unclear that government intervention is needed to mitigate that. At the very least it’d be useful to know the frequency at which this kind of thing happens before making a judgment call on it.
People use their apple account to register with utilities and banks. If Apple decide to randomly shutdown your email because "artificial intelligence" (statistics), then this causes much more major problems than simply wiping your photographic life away.
>At the very least it’d be useful to know the frequency at which this kind of thing happens before making a judgment call on it.
Why is that? Is there a number like 1 in 1000 where is acceptable for Big corporation to screw people and "steal" their accounts? Think about average Joe story that does not appear in news-papers and HN. Laws seem very obvious here, if you want to close a customer account you need to do some minimum stuff:
1 tell the customer what they did wrong, in the same way if you would show to a judge the evidence that this customer did X and X is illegal or against the TOS you show the customer what he did wrong. I understand that this might make your giant corporations anti-spam/anti-fraud job harder but we don't want to optimize for lazy developers and lazy corporations.
2 Offer the customer a simple way to download his account data
3 If the customer bought media and games you have to either refund the customer or find a way to transfer the media to the customer. You would say that this is a hard problem, the answer is again let's not optimize for making things easy for super rich corporation and super hard for regular people. Maybe some innovation would come out of this , like maybe some kind of way where I can buy a book or game and I can sell/donate it like any physical object I buy.
The issue is that now people are excusing that is would be hard for super rich company to do a decent job so is OK if they do a terrible job as long as I, the HN reader don't care about the poor guys affected.
Also from what I noticed from YouTube it seems that simple obvious solutions are not even explored, you treat a 10 years old account with a good reputation the same as a 1 day old account, are all the developers working on ad targeting and polishing the next version of some shit framework? Is there any Google product that you were impressed by their overall quality?
> I don’t necessarily follow the logic that ‘they store my photos’ necessarily means ‘they should be governmentally coerced into having dedicated support staff’.
Understandable. But I'm of the opinion that companies like Google and Apple more or less offer these services and advertise them as one stop shops for you, forever. And in many cases, mine included, I pay for it. That I make an offcolor comment on Youtube or get a chargeback against the Google store shouldn't lead to a complete blackout to said photos, in my opinion.
Agreed on that point. When too many services fall under a single umbrella of “[Company Name] Account”, the loss of access to the account as a whole because of some kind of transgression on one sliver of [Company Name]’s services is just a fundamentally bad approach.
A law that stated companies cannot cut off access to people's purchased digital goods without a findable process for sensibly resolving mistakes on their part seems valid.
They are effectively stealing - by accident obviously. But once that happens and they give you know recourse - there is intent that mistakes on their part won't be fixed.
I was curious if the German Verbraucherzentrale (consumer center?) has info on this sort of thing. At least for the Amazon case, there is a template letter stating that Amazon isn’t legally allowed to deny you access to previously purchased goods. I know this topic has been discussed in other threads. I was just curious about the legal situation here, and apparently there is legal precedent from 2016.
I recently listened to the OG radio version of Hitchhiker's Guide to the Galaxy, with some added commentary about the early 80s. Vogon bureaucracy jokes were of the time in England. Everyone had little adventures & run-ins with comically illogical public services.
These days vogons are banks, SV giants, social media...
The striking antipattern (to me) is where official channels are a brick wall. Everyone insists that no other channels exist. Meanwhile, if you ask friends or read blogs, all actual resolutions seems to come exclusively from inside contacts, personal favours, being famous or such.
> You may not use the Services to: - post a dishonest, abusive, harmful, misleading, or bad-faith rating or review, or a rating or review that is irrelevant to the Content being reviewed
To me it seems like those rules could ban you for just about any reason. I mean, what is even a "bad faith" review? Do you need to assume good faith on the company if you had a bad experience?
“Bad faith” is a common, normal term that has a well-accepted concrete legal meaning [0].
In this context it basically means posting a rating or review which doesn’t match your actual opinion. For example, crowd-sourced vote brigading (where you don’t have an opinion at all but are just voting in the way someone else told you to vote). Similarly, reviews along the lines of “This app only deserves four stars, but currently it has an average five star rating so I’m going to give it a one star review to try to bump the average rating down toward what I think the average should actually be” would be reviewing in bad faith.
This is your periodic reminder that not all problems have a technical solution. There probably is no bot scanning for this. If it’s ever enforced, it must be through manual human action.
Or companies can report reviews and a bot react when lots of such reports triggers?
I think the best solution would just to block the relevant capabilities related to the ban rather than deleting the whole account based on some strange activities. Why doesn't companies do this?
That clause is pretty specific. This is the clause by which they can ban you for any reason:
> Apple further reserves the right to modify, suspend, or discontinue the Services (or any part or Content thereof) at any time with or without notice to you, and Apple will not be liable to you or to any third party should it exercise such rights.
Also, what is a harmful review? Pretty much any 1 star review is harmful however, in many cases, they are deserved. So if I get horrible service and leave a 1 star review, is that grounds for banning me?
A bad faith review would be a review made in bad faith. It seems rather redundant given the four preceding adjectives but serves as a catchall for reviews made with bad intentions (such as selling reviews...etc).
The word I would pickout as the most ambiguous is "harmful"... harmful to whom?
It should be unlawful, maybe criminal, to revoke access to digital goods a customer bought and paid for. How the heck have we normalized *theft* as standard business practice?
In my jurisdiction I swear you could sue them in small claims court. I think it’s pretty easy to do and lawyers aren’t allowed. You’d probably end up with someone from the nearest Apple store representing Apple and they’d have no answers.
Even if you lose, there aren’t any downsides and Apple would have to send an employee to participate. I would absolutely do it if I ended up in the same position.
Theft of something that was purchased in a transaction for perpetual use, a digital analogue of physical property. It's not a private company's place to redefine how civil property rights work, to their one-sided benefit.
Gotcha capitalism and inverted totalitarianism. Submit to the interests of the plutocrats and go into debt buying today's fancy widgets, or be banished.
There are plenty of laws that override terms and conditions. A one example, on many countries landlords can not throw out tenants on a whim. Telephone companies can not cut off service on a whim. There are similar laws for utility companies and banks. Arguably it's about time for similar laws for Apple, Google, and Microsoft who potentially hold the keys to your entire life.
In California at least it's actually tortious to offer certain illegal contracts of adhesion. That right is rarely exercised, but you do in fact have standing to sue simply because you were asked to sign a contract with clauses that oppose California public policy.
It would be nice if Congress would make laws that force large tech companies to offer arbitration when they disable an account that has more than a nominal amount of assets attached.
I hate to advocate for more laws and regulations, but these companies have gotten too big to operate without oversight. Losing your ability to log into Netflix would be a bummer, but losing your ability to access your work files, medical records and everything else you need to live your life (eg: Google Drive, Apple iCloud) is just too big of an impact on a persons life to happen without transparency.
With "free" services like Facebook and Twitter I can understand pulling the rug off from under the feet of some unlucky customer. It will generate bad PR, some social media outcry, but the losses still mostly remain in the intangible domain.
But cases like this where the customer actually pays real money for and has accounted assets in Apple's system this is absolutely inexcusable. No face-to-face business could do this or they would be sued to extinction even in the lesser litigious countries.
But really what do they have? They rented something and now they lost access. If they had physical media on CD, DVD, or even stored locally as a stand-alone file that would be different.
Yes I'd be enraged but people have feared for years subscriptions and no physical media lead to this. Games and music have gone from disks, CDs, DVDs, to subscriptions. Today it's become so bad that even physical devices are now seen as owned by its manufacturer and you're not permitted to repair it or even open it to look, if you can mange to open your device.
Eh, even Facebook is something where the value lost to users will be too great to just have ML model autoban people. They offer email and photo storage. Getting banned from gmail, which is also a free service would be terrible for many reasons.
Laws should force an extreme balance in regards to company-customer relationships. Right now companies get most of the benefits: they can sign up new accounts and charge money very, very easily, by the millions, and yet if anything goes wrong they can basically ignore you or make things very, very, very difficult. That’s just insane.
“Balance” basically means that if you’re going to set up a business that can “easily” take money from millions of people or “easily” create millions of accounts, then you must ensure those people can “easily” reach you, “easily” inquire about status, “easily” cancel things, etc. What we have now is just absurd.
Yes. It should be illegal to lock someone out of their account with no explanation nor recourse. A company is free to lock you out, but you should have a right, even legal, to ask them to have a human review the case and explain in text why and what happened.
We have become so helpless that AI/ML takes decisions for us. We have put those AI in place, yet we behave as it they have taken over the world and once they have deemed you in the wrong, there's nothing you can do.
Why are we tech people not protesting over this? Everybody is quick to take Apple's side in this thread, or Amazon or Google in others. I don't get it.
I believe reason many in tech don’t protest is they are well aware just how easily companies can be brought down by abusive users having seen many of their own favorites die over the years from being forgiving or being too open about their ban mechanisms.
Governments fail at being flexible. What they have in Australia for instance allows consumers to abuse the hell out of business driving up costs for legitimate customers.
It needs something more like a Better Business Bureau who can examine both sides, but without a way to accurately verify a consumer is trustworthy it gets shady. Few people want to be tied to a realID so we are stuck with this mess.
I don't buy it. Apple, Amazon, Google have virtually infinite money and there's a whole spectrum between "malicious actors can abuse the system" and "the decision is final, there is no recourse."
Yet people keep parroting the "malicious users are the problem" party line. Please tell me, which tech companies were brought down because of customer service abuse?
Here's what's going on. Having real humans not even making decisions, but reviewing false positives costs money, and the company justifies it by saying it's to prevent abuse from malicious actors. But it is simply a cost saving decision. So, again, I ask why are we quick to defend the company when they could afford to do better by us. Is the entire tech community suffering from Stockholm Syndrome?
I don’t know of a service that hadn’t been forced to add advertising and captcha just to stay above water due to stolen bandwidth and human hours dealing with abuse. The internet has become a trash dump of toxic users to the point it is legitimately difficult to isolate legitimate cases of failed algorithms.
Apple, Amazon and Google have good margins, but I would hardly say they could afford to do better. Human hours are incredibly expensive and the number of people attempting to get something for nothing often exceeds the number of people with legitimate complaints. I have run across whole farms of people who found some cheap online job reading off scripts trying to rip off large companies and any knowledge they get about bans they change the scripts for all.
It is has become a hostile relationship unfortunately and it is not due to companies not trying. I have seen for Apple at least they sometimes have people show up in person with lots of documentation and identification at stores and you legitimately cannot tell the scammers from the people who think it should just not be their problem.
I am not trying to justify that they fail. They often clearly do. It is just not an easy problem, especially with the amount of anger and frustration involved.
I've got an Apple App store account, a long-disused developer account, and an Apple.com store account. (These are three separate, unconnected accounts; I've been their customer since the 1990s). I'm anti-iOS and only use Android for mobile, but I've used Macs as my primary work machines for 30 years, so I never noticed until I just got my new M1 Max that Apple wants me to reconcile all these accounts somehow from old usernames to actual email addresses, but I can't, since the username for my dev account is the email address for my app store account, and so on. I tried for awhile to download something from the App store on Mac OS - and it was my first and last time. I basically just gave up after four tries to reset the account where it emailed the other account and invalidated the validation the code repeatedly before it could be inserted. So their attempted consolidation of user accounts is very wonky (as it would be if one cost $500/year and another was a consumer account, but they'd allowed both to share an email address for a decade or two). Not that I care. The first thing I do when I buy a new Mac is to remove everything related to iCloud and then block as many Apple IPs as I can while keeping the machine functioning.
Imagine one not-so-fine day, your partner of 10 years sends a message "You messed up - we are over". You cannot contact them and their best friend only says "you should have not broken the trust - thats all I can say". Your partner has keys to some of your valuables and you are very worried. As a last ditch effort, you contact their parent and after three days, they are back with a smile as if nothing happened. Then you continue happily and put in even more of your time/money/whatever in this lovely setup.
If you want to take this thought to the next level, watch the Black Mirror episode White Christmas. One of the stories deals with the having the ability to completely block someone from your life (so they can't hear or even see you).
I don’t see how this is comparable… I don’t think anyone was under the illusion that Apple actually cares for them, it is just a business relationship. I don’t have the same expectations I do with a significant other.
Idk, I have relatives that do trust companies and believe they would never take away access to their calendar, email, phone, notes, contacts, etc. the paid for. Which is worth a hell of a lot to them.
It's emotional investment vs monetary investment (it's not a "business relationship." Ironically, businesses seem much less likely to fuck over another business, probably because the chances of getting sued are much higher.)
The story drives home how dangerous it is putting your trust, maybe your business and maybe your life in the hands of these mega corporations. I've tried to distance myself from Google somewhat but Gmail is still my main email account. I don't want to know how many accounts I may be locked out of if I ever lose access to it.
Absolutely buy your own domain name and use an email service where you can use your own domain as an email address, period. I can't tell you how many horror stories I have heard about people getting permanently locked out of their gmail accounts that served as email address for password recovery and what not. And I have some horror stories of my own.
How do you prevent the registration services from losing (not renewing) your domain and having someone else register it? This happened to me, and there was no recourse.
Select a highly reputable registrar with good business practices. Pick a couple, then buy a super cheap domain and try to screw with it, like doing a transfer with no authorization. A horrifying number of them will let you get away with it.
Confused, how did that happen to you? Doesn't every registrar support renewal? Did they pretend to renew but they actually didn't? Did you get a receipt for it?
Registrar issue, if I remember correctly. It was set to auto renew, but they didn’t do it, and I only noticed when my site was suddenly a placeholder page.
I had that 20 years ago. Credit card expired, registrar didn’t tell me, and I lost a 4 letter .com.
After that I moved to hosted Mail (yahoo, then gmail) as I felt it was more reliable. Now I ensure I have more than one email on file if possible with any account. Same with phone numbers.
I think the suggestion was to get your own domain. You can use gmail as a service and if they kick you off you still own your domain and your email address. If you're smart you might backup the email. That's fairly easy to do.
Yep. Ideally you get some sort of actual paid email account, with someone that only provides email (so you don't have issues elsewhere that lead to loss of email account), and then you get your own domain (with no other services that you're using), and forward your gmail to that domain, and point your personal domain's MX records to the new email address, and start using an email address on your personal domain from here on out, but failing the separate email, at least getting a domain and pointing an email address to your current Gmail account, and starting to use that new address instead, gives you a migration path to reduce your reliance on Gmail.
In the extremely unlikely event that happens (provided you pick a registrar whose only service you're using is DNS), then you transfer it to another one, as mandated by ICANN. You're down a week, but everything is fine after that. Quit being contrarian.
It's a bit like getting struck by lightning, you deal with this when it happens if it happens. This is sufficiently unlikely for most people that it's not worth being too concerned about it when other exceedingly more dangerous and pressing matters could be dealt with using that same energy.
I’ve been using the same Apple ID for a decade or more. I’ve purchased thousands of dollars worth of apps and content, and probably tens of thousands worth of Apple devices in the last twenty years.
The initial chat support experience was the same as OP: (paraphrasing) “No, we can’t tell you what happened. No, you have no recourse.”
Even when I asked to escalate to their management, I was told that they would have no additional tools to assist me.
My initial shock and outrage was palpable. I managed to get in touch with a Senior Rep who is looking into my case and is scheduled to call me back on 12/9.
My only theory for why my account was banned is that on 12/2 (the day before the ban) I made a purchase using a gift card on apple.com. The gift card was a promo from another device purchase I made on 11/26 (Black Friday). I had both devices shipped to my parent’s house (a different address from my billing address), and so maybe some fraud detection kicked in due to the purchases being so close together, using a gift card, and sent to some other address?
I’ll update once the senior rep gets back in touch on Thursday, but in the meantime I’ve already started drafting my letter to Tim Cook.
Updating to close my part of this saga: the senior support representative called me back exactly when she said she would and my account was magically fixed. She could not elaborate on what happened or how they fixed it.
I’m happy to have had my problem resolved, but I’m more convinced than ever I need to have offline access to all my digital life’s contents going forward.
Is there legal recourse for a user who has invested a significant amount of their digital life with a service provider and who gets unilaterally cut off? What happens to any service that you'd have signed up with through "Sign in with Apple" ?
We're still in the early days of such a digital-provider-dependent lifestyle, and it seems the legal system hasn't yet reacted yet. The closest equivalent is how US Phone companies do have a "duty to connect the call,", specifically in legal response to the unilateral power they (used to) have. Unfortunately, that's led to the current (US) problem with spam/scam calls & text, because though they have a duty to deliver, they don't have a duty to authenticate.
The user seems to have run afoul of Apple's fraud detection systems, hence the "cold shoulder" response (you don't want to give fraudsters a clue on how to dodge the ban-hammer next time, and you don't want them to DoS your support lines). After all, we only have the user's (carefully constructed) story to go on. At the scale Apple/etc operate at, fraud is a huge, difficult problem. I expect the companies tune their processes in favor of the fraudsters, because bad press like OP's story probably does them way more damage than a few hundred/thousand fraudsters.
No, I don't have a pithy solution for solving either problem, though I do expect legislation to eventually catch up to give legal recourse for users. I guess the cost of fielding such legal recourse will just be added to "the cost of doing business" by these companies, and that cost will somehow trickle down to users. At the very least expect much harder sign-up procedures once that legislation is enacted, and maybe more regular "are you a real user" annoying checks on the users.
I started to make provisions for this scenario years ago. Paid email from a small but reputable provider, never rely solely on cloud storage for private data, never "buy" media unless it comes without DRM. It's been a tedious process but I think I'm mostly there.
Loosing my Apple account would still be a terrible blow. So many more or less essential services are app only these days. Financial services increasingly rely on phone Apps for authentication. Even some government services require a phone with NFC to use your digital id online. Many daily conveniences like cabs, car and bike rentals and the like are not usable without apps.
I think it's time legislators thought about this problem more thoroughly. Just creating a new account is not an acceptable solution in my opinion.
This sort of thing is becoming a serious consumer protection nightmare. Just about every online service out there will disable your account without appeal or justification, while completely stonewalling you if you try to address the issue. For many of these services you can lose access to hundreds or thousands of pounds in purchases.
This is one of those situations where the power imbalance is so extreme that some sort of regulation is probably appropriate, but heavens knows I have no idea what it looks like.
Why have folks in tech simply acquiesced to being abused by these monolithic companies? Sad how many people suffer from battered persons syndrome at the hands of these faceless organizations and just go back for more. The author makes so many cases for NOT ever using Apple again but- oh me oh my how happy he is he had his "email to Mr Tim Cook" and through their benevolence his account was restored. Keep rewarding bad behavior and you too will be the victim of it.
And before "there aren't any other options" for goodness sake this is HN. Go build your own environment on private silicon and buy a different brand of thing.
Because there is no alternative. Google is much much worse. And not using Google or Apple ecosystems for at least phones and general media/photo backups limits your experience in day to day life sadly.
There is an alternative: https://puri.sm/products/librem-5. It probably limits you in some ways, but the more people support it, the better it will become.
There are also pretty decent in-betweens based on AOSP like CalyxOS or /e/.
I'm pretty happy with the transition to CalyxOS. Everything works as before, but I can now limit internet access to apps, and there is a much more consumer friendly view of permissions. Not tying the whole phone to system-level user with google services feels great. Specifics that need it still gets it, like YouTube.
This is not just a problem with Apple. It is a problem with many large scale platforms. It seems that often the problem is caused by automated systems that disable accounts that fall outside of normal parameters to prevent fraud. I've had it happen to me with Discord and Tinder. In the case of Tinder, I know it happened because I uploaded a picture holding a yellow pepper from my garden, it wasn't sexually suggestive at all, but I'm not surprised that an AI could categorize such a phallic yellow shape as a violation of the terms of service. I wasn't able to get Tinder to manually review or reactivate my account. In the case of Discord, I'm not sure what triggered the system, probably something with my VPN or other privacy measures that I take. I wasn't able to get a manual review or a reason from Discord. I tried to make a request for my data under EU and US laws (I'm a dual citizen), and Discord actually denied my data request a few times. Finally I filed a complaint with the relevant authorities in the US and Europe, and wrote a polite but firmly worded email to their legal team about their legal obligations. Under EU law at least, they are obligated to send you all of the data they have about you, including any data that led to an account being disabled, and it is a violation of the law to refuse a manual review of an account disabled by an automated system. I am not a lawyer, but I think the law stoped short of them being required to explicitly state the reason that the system disabled your account. Anyway, within a couple hours of my email, I got a password reset request, and magically, my account was re-enabled. I made another personal data request and got a packet of obscure, JSON files with invalid syntax, that I was able to fix up and examine. I still wasn't able to determine the exact cause of my account being disbled, but from everything I can see, it seems to have been an automated action related to me joining a new server.
Anyway, there are already some laws about this kind of disabling accounts, but there needs to be a better solution for recourse for people who wrongly have their account disabled. Perhaps mandating manual reviews upon request that must state explicitly how the terms of service were violated would be a good step. And perhaps there is a market for lawyers or legal experts to persue and resolve these cases.
Discord's join new server flow is super broken, not surprised it has these deep flaws.
If it somehow forgets your credentials, it is very unintuitive to login again.
Sounds like a fraud detection system got triggered. Stonewalling the fraudster is usually the safest course of action so that’s what companies do.
Unfortunately those systems aren’t perfect …
My girlfriend once had to replace all of her bank accounts because of something like this. Did a thing while traveling abroad, looked like credit card theft, everything got shut down. oops
Automated systems will never be perfect but there are companies that have policies that are far more respectful of their customers than others.
If you get detected for fraud or did a chargeback on steam, you will be issued a trade ban and a ban on buying games and activating game codes, but valve does NOT take away your ability to download and play the games you already own and legitimately bought in the past. Heck, in the case of chargebacks they can be quite lenient : it can be a temporary restriction on buying that is lifted after a few months (but with a permanent ban on the specific visa card).
If you do something wrong with the community features, your account will become a restricted account and you will not be able to use them anymore, but you will still be able to play your games too.
They also have an actually active online customer support service that help you regain control of your account if there was a fault on their part or something else, like someone hacking your account, and it doesn't require an obscure method like mailing some gabenewell@valve.something to get things done.
What Apple and Google does with their account system should be illegal. It's asinine that society would accept that one could lose thousands of $ of software and media bought because for reason X or Y they banned your account.
Valve can do very granular account restrictions, there's no reason why the wealthiest companies in the world can't.
And this is why I have a humongous library of games on steam and will never spend a single $ on Google Play or the App Store. Concentrating all sorts of digital purchases onto a single point of failure in the hands of companies that treat you like garbage? I think not.
Most people have at least 2 or 3 with any bank they work with (checking, savings, credit)
If my bank left me high and dry in a foreign country I would absolutely cut ties.
I've done enough international travel that I maintain redundant checking accounts for just such a situation, but there are plenty of people out there that keep all of their accounts in a single place...
This is the reality of “the cloud”. We have given up so much computing freedom to them across so many aspects that it’s not even in the comments yet. The fact that Apple even has this one-sided power to completely end your media access, cloud backups, etc should be the horrifying part of this story.
Instead people are trading similar anecdotes, offering ML apologetics, etc. It’s tragic to watch the personal empowerment of personal computing fade away into oblivion like this.
And I think the answer is simply it is not, at least not in Europe. I suspect the companies just do what they can get away with and what's cheapest to implement. When challenged in court they won't have much luck with this, but that puts the burden on the consumer.
There was a recent court case in Germany about YouTube banning a video based on its terms of service, without explaining what exactly was violated. The court ruled YouTube would need to explain what exactly the user did wrong. And that was a case just about publishing a video for free, not blocking an account that's worth hundreds of euro.
It's probably not, but how many people are willing to go to court? Something similar happened to me in Germany in 2020. I consulted a lawyer and gave up. Going to court for someone with my personality is a very harmful process, and there is still no assurance I'd win.
I'm not one to call for new laws, but it seems the TOS and EULAs are way too powerful and obtuse.
I would like the provider to be required to specify in detail what the consumer did and how those actions violated the TOS. No blaming an algorithm or being vague. A specific action and what was wrong with that action. The BS about needing secrecy for security are just attempts not to get sued.
An internet user bill or rights might not be out of line given the power disparity. At least some lawmaker's staff going through the major TOSes and writing a law to ban some of the egregious clauses.
"No company can disable a user account without explaining clearly what they did wrong and allowing them to appeal to an independent review group within the company"
Its not right they can just disable something you paid hundreds or thousands of dollars for.
> YOU AGREE THAT YOU SHALL NOT SUE OR RECOVER ANY DAMAGES FROM APPLE, ITS DIRECTORS, OFFICERS, EMPLOYEES, AFFILIATES, AGENTS, CONTRACTORS, AND LICENSORS AS A RESULT OF ITS DECISION TO REMOVE OR REFUSE TO PROCESS ANY INFORMATION OR CONTENT, TO WARN YOU, TO SUSPEND OR TERMINATE YOUR ACCESS TO THE SERVICES, OR TO TAKE ANY OTHER ACTION DURING THE INVESTIGATION OF A SUSPECTED VIOLATION OR AS A RESULT OF APPLE'S CONCLUSION THAT A VIOLATION OF THIS AGREEMENT HAS OCCURRED.
It seems like that provision wouldn’t hold up in court (at least in a sane legal system, I guess that means it might hold up in the US), rendering it moot.
This just recently happened to me with an old eBay account I've had 20+ years. After reading the story in the document above, you could easily search/replace Apple for eBay and it's identical to my story, aside from emailing the CEO. The reason given in the permanent suspension message to me was a vague reference to the TOC docs and links to support that all lead to dead ends. After, resigning myself to not caring further, because I use eBay these days rarely, the next day my account was just as suddenly and without reason reinstated, as if nothing ever happened.
I'm left scratching my head as to what the reason(s) were for this to have happened and can only think of 3 possibilities.
- An overzealous, newbie type operator that suspended me by mistake
- Some kind of error in automated flagging and error in review
- eBay's radical way of engaging with me to spur me to buy/sell again as the account's last activity was more than 1 year ago
A couple of years ago, I signed up for an eBay account to buy one thing with Buy It Now. After buying it, my account was promptly suspended for no reason. I contacted support and they told me they don’t know why and wouldn’t reinstate it.
+1 for executive customer support care team. Some life hacks for this if the company makes it hard and Googling the company plus "executive customer support/consumer advocacy" doesn't find anything: Searched LinkedIn for employee emails for team members, guess the email format and email them. Email board members, CEOs. Just go straight to Executive customer service after your first failed try. I've had success with Amazon, Ebay, banks, my insurance company, and more using this method. A lot of people get stuck in the system by calling the normal customer service pipeline and can never solve the problem and don't know there's a back door do the executive customer support. Even I fall into that trap sometimes because I guess there's social pressure not to use it - the Amazon address is jeff@amazon so it's a bit nervewracking psychologically to use it, but in most cases the email accounts are just funneled.
Apple support is not really helpful. They give you general advice, for the layman, and not really profound tips for how to resolve an issue. No matter if you have a payment issue or a technical issue.
Just to give an example: I was using my iPad Pro as a second screen (primary screen is a 4k monitor) to see my terminal below the monitor. Apple calls this Sidekick. After an update of my iPad to iPadOS 15.x this technology does not work reliably. The iPad screen freezes and I need to stop sidekick and start it again. This works for a couple of minutes until iPad screen freezes again.
So I called Apple support, waited half an hour to get someone who tries to help me. Finally they suggest I should go to an Apple store. No, I am not going to an Apple store to get a fix for a trivial problem.
There are many users who have experienced this very problem and written about it, even on Apple support forums (which are the worst: written for idiots, no real help). All you get to hear is: Reset your device(s). Or: It must be a problem of third party software, etc.
I used to use an app for this feature called Duet. Whenever I had a problem, I could reach out to the devs, they would give me very specific instructions for how to solve the problem. Now you could say Apple is too large to give this kind of help. But they have a large database of all incoming issues, so they know exactly that 20000 other users are complaining about this issue, and some egineer might have solved it, so why not give specific instructions on the forum, why these super vage tips that are of no help!?
So prey to god you won‘t have real issues where you rely on Apple to solve it.
Edit: Another example: I regularly have issues with iCloud sync. Sometimes I realize that it was stuck because I need to access a document on the go just to realize my Mac could not sync it to iCloud. iCloud-sync issues are so common you can find thousands of entries on the web about this, also on Apple support forums. But neither will you find helpful answers, or any instructions from Apple how to mitigate.
They are horrible. I once called them to ask if "iCare+ Theft Insurance" works if my iPhone get stolen abroad and they just straight said "We don't know."
I'll never understand why people accept this religion-like relationship with Apple.
If you think about it, it really looks like a religion from the outside: the author got some random problem (account lock) then prayed to the god (emailing tim cook) and then the miracle happens (the executive team unlocked the account).
This is not a story of any sort if not an evangelization story about dealing with a fickle god.
I don't think the author is going to be thinking "wow I really dodged a bullet here, better get off this ecosystem as fast as I can" but instead they're probably going to recall the story about that time when they emailed tim cook and the miracle happened.
It makes no sense.
----
And people should also consider that with an account gone all the purchases are gone... Arbitrarily. Music is gone, software is gone, data is gone. Isn't this scary?
Add in a dose of Palantir used by corporate security organizations, and you have push-button operations that can direct global recrimination, up to and including, droning, in certain circumstances.
I read this with great frustration, and felt glad when I saw that the issue was resolved. I can only hope that whenever Tim Cook needs to transfer such emails to someone higher up, there’s also a strict mandate that the root cause be addressed and that the solution is not just a one off adjustment for the person facing the problem.
As we keep discovering (this is the second one I’m reading about Apple just in the last few days), relying on any of these companies to not disable accounts and access to things that have been paid for is a dicey matter.
Only when consumer regulations get a lot stronger, mere civilians may have a better chance.
> Do not get too attached to your Apple account; it belongs to Apple, NOT YOU!
I think consumers should demand that whatever products they buy, there should be absolutely no strings attached to it that lead back to the vendor, if the consumer chooses so.
So if you buy an espresso machine, the "no strings attached" law should prevent the vendor from locking you into buying only their brand of coffee. Same with printers and ink. Same with computers and accounts.
If instead you subscribe to a service, it should be properly advertised as such, and different rules should apply.
Right, if you are unlucky bad things can happen with a single provider.
I split my digital life and purchases between Amazon, Apple, and Google. Book purchases, occasional movie purchases, etc. I have moved on from having a massive personal library of physical books to mostly relying on digital media, eBooks and audio books. Splitting purchases between three vendors makes me feel a bit more secure.
Probably most peoples’ most precious digital asset class is their personal photos and videos. I use a very simple setup: when I am at home on wifi, my phone updates all photos and videos to Apple, Google, and Microsoft OneDrive. If I am, for example, hiking and take a dozen pictures and/or videos, then before getting home to my wifi, I review and delete what I don’t want available during my lifetime. A secondary advantage is that all three companies run automated deep learning based systems that present my own media to me in interesting ways. For most of my digital life I care about and work for privacy, except for my photos and videos where I want maximum enjoyment for myself, family, and friends. I like to create photo albums and share links with specific people - so much better than posting on social media.
EDIT: for book purchases, I also favor buying directly from publishers who provide ePub, Kindle, and PDF formats - all of which I save to all three cloud providers storage and for convenience import into one of Google’s, Apple’s, or, Amazon’s eBook readers.
It’s not his only option; email tim@apple.com the Executive Relations team fixes things like this. They even fixed something as pedestrian as the I bought a refurb Mac Mini online, found it had a broken DIMM slot and I took it to my local Apple Store and the manager refused to help me. They emailed me within hours and told me to please try again. I went back the following day, the store manager was visibly irked but did the swap.
I told him before I left the store he was leaving me no other option but to email Executive Relations. He kinda chuckled at that.
I would seriously have considered taking them to court. In Sweden you can file a small claims case for $90 and the legal fees are capped at $125 if you lose. Well worth a shot.
Yeah this is annoying and frankly terrifying. These companies are too big and we have all been way too reliant on them for many many years now that losing the accounts will be very tough to recover from. Given how important these accounts are these companies should really staff up to have actual people respond to these kind of issues. Even though it’s algorithmically done and it’s just one account out of billions for them, it’s a huge thing for the impacted.
The upside: Interoperability of the products, prestige, false sense of security
The downside: Everything bad about a monopoly
The solution: none. If we,people, were smart monopolies wouldn't happen in the first place. Maybe someday the government decides to split it or to suffocate it, or Apple becomes one with government and its practices become law.
Meanwhile: I don't participate of the Apple ecosystem. I am hurting myself in the prestige field.
This is the reason why you don't want to place all your eggs in one basket, or why you don't place them in one walled garden. They have all the power and can do what they want. Guilty until proven innocent doesn't come into this, you're guilty and you have no recourse.
In my view this is a form of theft and should be treated as such.
This is why the open decentralised web is important.
If this individual was based in the EU, Art. 22 GDPR would protect him against this practice. Basically making a fully-automated high-impact decision is not legal. This applies regardless of the company's location.
My apple ID is applesucks@my.tld and I never give them my card info, never have. I've only been given apple shit, I haxor it and load all the apps I want. I could download any movie or song I want but I don't because I pay a streaming service and wouldn't buy a digital item unless I can download it. I have been in tech a long long time and this was always the way. Somehow people got snowed into thinking they own something on someone else servers ahem serverless which is absolutely not the case. Have you heard possession is 9/10ths of the law and they own your contract, and according to their thousands of lawyers it's Real and ultimately people with guns agree. It's an absolutely retarded position we've put ourselves in, I will enjoy the day apple is forgotten, like Compaq or DEC.
I had this happen to a friend/client and did the same thing with the same result. This was 2 years ago, under similar circumstances. Just like Google's capricious AI-powered suspension-bot, Apple has one too that is just as hair trigger on weird inputs. The "no appeal" is downright creepy.
I had a similar experience with eBay. In my case, they suspended my account for no reason and refused to delete my bank account information. They are literally holding my banking details against my will. I might actually call the police on them because its so shady - and we are in the same county.
I had a similar experience with PayPal. Fortunately, I had created a separate bank account specifically for use with PayPal. After they blocked my account (for the heinous crime of having the word "Hacker" in my company name: Hacker Factor), I went to the bank and closed that account. PayPal ended up keeping the remaining balance of something like $1.
In my case a guy won an auction, bid (but did not pay) 30% over buying it brand new, and all of his reviews said "don't ship to this guy, he's a scammer". So I refused to ship, and they closed my account for it.
I just had the same issue with my Facebook ads account (which I haven't used in years). I couldn't event lodge an appeal because they don't let you do so unless you have 2 factor auth. I'm sorry, but I so don't trust Facebook/Meta with my phone number.
With vendor lock-in being so tight in many cases, how is this not regulated to allow recourse to decisions either an idiot or an idiotic algorithm makes?
Alternatively make sure services do one thing and one thing only so it doesn't break other things, like purchases or access to data.
With how pervasive and ubiquitous these big tech services are in our lives, and how purchases are toed to these accounts without any way to backup or export these purchases, I hope there will be a kind of law to eventually force transparency when a major change is done on an account, and to minimize the impact when an irreversible change is made, as well as having a clear and direct support line to at least settle the issue.
For example, it's not right that you access to the entire Google account and the stored files and emails if you let's say spammed on YouTube and got your account suspended there.
If you shared files illegally too many times on Google Drive, lock the storage in read-only and disable the ability to share (example).
There's a special kind of grumpy old techno-luddite, and I am describing myself here, who says "Ha! You actually fell for all that e-book and digital downloads trickery, buying DIGITAL-ONLY products with no way to be sure that you really truly own them or have them? You TRUSTED THE CLOUD? Then you get what they deserve when they all disappear, I've been bracing for the day that happens ever since the whole thing started."
and since 1998 have only bought actual tangible physical books with pages that turn, video games on physical disc, and movies only on VHS and DVD and BluRay. ((But yeah, I have a STEAM library. Nobody's perfect.))
It makes you wonder if the story of the Google employee who couldn't unlock their own account is actually true or they was just stonewalling to get rid of the customer.
> I eventually had to have a friend at Google contact the Gmail team to get my account lockout sorted out.
Reading this thread on HN, I started to panic thinking about what would happen if I lost my Gmail account, and then I saw this comment! What a reason to be a loyal googler until the end of the world!
When Google does this it is fully expected, IMO there is never an expectation of customer support with Google with any of their products. That is, they have no good reputation to keep or to lose when it comes to customer service (imagine calling Gmail or YouTube as this user did).
If Apple goes down this path it will literally destroy the company, customer service is one of the most important competitive advantages they have.
The executive team that answered this email should be focused primarily on ensuring it never happens again as we speak.
Customers are misled by the common wording that is used in the current digital marketplaces. The wording needs to reflect the fact that we are just getting a revocable nontransferable license to a digital product or service, and that in no shape or form the customer owns such digital assets.
Instead of "Buy" perhaps it should be "Purchase license" or "Acquire license".
Instead of "Purchases", it should say "Licensed products/services".
I sent tim cook an email November 13th about my airpod max repair experience (long story short, 2 pairs of head phones died, one of them came back connected to someone else's icloud account) - by the 1st someone from the apple exec team emailed me and let me know he was reviewing my case and that he would resolve the issue for me (apple only has referb airpod max right now for repair return and I didn't want another refurbished pair). We'll see what happens, but the guy was nice.
> In most cases, we are trying to do the right thing. Allow the customers to appeal and put their case forward
I have a teeny shred of sympathy for Apple here, actually. Creating new identities is trivial (Sybil) and so adversaries would write malware and their accounts get deleted. The more info that apple gives each of the adversaries' deleted accounts, the easier it is for them to probe the logic used to catch them.
Note that no one is complaining about them locking-out "new identities" (which could be easy to create), but about them locking-out "old identities that have paid thousands of dollars to them" (which are not as easy to create), without any reasonable recourse option.
I'm sure your shred of sympathy would quickly disappear if this ever happened to you, but... as the saying goes... "pepper in someone else's eyes is a refreshment to me".
This sort of thing is why I don't purchase anything that I can't keep an offline copy of, and I avoid any ongoing account or service that I might actually come to rely on. I'm very resistant to putting my fate in the hands of others, and especially when those others are for-profit businesses (and especially especially when those businesses are in the tech industry).
Once I used a brand new credit card with a $1000 credit limit at a Walmart in the deep dark of a Sunday morning at 2a.m., to try to buy a PS4 game system and a copy of DEATH STRANDING. The card was declined. I contacted the bank via phone and they asked me to upload copies of my driver's license and/or passport. I never did. Oh well, so much for that credit card!
These stories always bring back that anxiety I got as a teenager when I read Kafka's "The Trial". You're guilty and being punished but we won't tell you why, what you did, and there's no way to appeal. Back then, I found comfort in the thought that this kind of thing wouldn't happen in the modern Western world. Boy was I wrong.
BTW, if you want another example of an organization that imposes arbitrary consequences on users without telling them why, look no further than your URL bar: https://news.ycombinator.com/item?id=29024255
Don't leave anything of significance walled in behind a Google, Apple, Amazon, or really any other account. Only physically accessible copies of your data belong to you. Everything I upload to "a" cloud, I immediately mirror to my backup rig. Do the same, don't trust.
Apple has banned my account twice or thrice in the last ~13 years. And then unbanned after a number of appeals and begging from my side.
Thing is, I am indeed in kind of permanent violation of ToC due to my account being US and me being in Ukraine. No problems for the last half of the decade though.
Several years ago, I had a problem dealing with Verizon at the store level and customer service so I contacted the office of their CEO and was able to get my problem resolved. His secretary sent me a new phone out of their office stock.
> Firstly, 99% of Apple’s customer base will never experience what I went through.
> The very next day, all my Apple devices gave the following prompt when updating apps from the App Store: “Your Account Has Been Disabled in the App Store and iTunes.”
> I called Apple Support and was advised that my account has been permanently disabled, and there is no recourse.
> I then asked what does Apple recommend I do. Apple Support representative said: “Create a new account and start from fresh”. This means I have lost all my app and media purchases and the funds in my Apple account.
> I tend NOT to blame Apple because why would they take such a drastic step.
> I am a mere civilian where we are accustomed to accepting decisions put on us and adjusting accordingly.
> So what do next?
> The only option is to create a new account and move on. Start fresh with Apple.
> Three days went by, and I took delivery of a brand new MacBook Pro that I preordered before Apple disabled my account.
> After five years, I bought a Mac, but the sour taste of betrayal from Apple made it extremely difficult for me to get excited about my new workhorse…
First question would be: Is this here actually Stockholm syndrome? But let's not get into this. More importantly:
By now everybody should know that you don't "buy" things at those companies. You're not even renting them!
They can at anytime, without reason, take away everything you "bought" there. Cause it's not your property. You don't own it.
You own stuff only if you completely control the hardware and the data. That's what all those beardy open-source freaks are telling you since forever… Maybe it's time you consider they're right?
Besides the point that most customers wouldn't find such kind words for the people they scammed them and wouldn't relativize what those scammers did ("99% won't experience that…", "I don't blame Apple…", *eye roll*) the exact same thing can happen with all the other companies who are doing the same. Apple, Microsoft, Google, Amazon, etc. There's no difference. They're all the same. They own "your" devices and "your" data. So they can take it from you.
And most people won't be so lucky to "get things back" through divine intervention… So don't count on that.
I feel sorry but personally I would never "buy" something of that nature that I can not truly own/control. All my media is in format every player would understand and backed up in couple of places.
You likely broke some form of law (depending on the media and your jurisdiction) in the process.
While laws like the DMCA exist I don’t see the point in buying a film and ripping it, as I’m breaking the law just as much as not buying it and downloading it.
I did read it. "Likely broke ... law" and "depending on jurisdiction" assumes / hints to that I am in the jurisdiction and this is totally baseless. I think my answer is proper but whatever.
I don't know whether it was the topic, good writing, my low attention span or all three but this is the first article which I've read in its entirety in a while and has prompted me to check the author's other articles.
The fact Apple, Facebook, Google, Steam, etc. does not have a proper customer support is appaling. All they can do is parrot back canned responses, without the ability to actually do anything. This will have to change.
> A few months ago, the balance on my Apple account was running low (less than $100)
Why do you need that much money in your apple account ? Do you buy new apps everyday ?
Please stop buying digital licences.
Buy an activation code or use an OSS product.
App stores are a like renting music, please don't complain when they turn you off...
This sort of thing is why I go to the trouble to have an Android phone without a Google account or any Google services. It takes about an hour to set up a new phone, though.
I've considered a burner google account, not sure how feasible no google services is. Don't you have trouble finding apps/services? I could imagine finding replacements for meet/maps/photos/drive, but the play store on android feels a bit irreplaceable, I've tried F-Droid and the quality of apps is significantly worse.
That's the thing, the paid apps, music, movies, etc. are actually just licenses. And, although I didn't read the contract myself, I'm pretty sure the Terms and Services all users agreed to during the purchase of said license (or even just during account sign-up) stipulates that the company reserves the right to revoke any license purchased for any reason, etc.
Though I do like your way of thinking. Potentially, if there really is a violation (which there was not in this case, but just an example), then, in theory, the company can implement a system that allows users to still access the content, but remove interactions (e.g. in the case of fraud, remove the ability to transact, etc.). Of course, this requires resources to implement and maintain, so it's unlikely to happen.
it's long past the time that we need a digital bill of rights for "services", content, etc. Esp content that we own like our own photos, docs, etc that are on the cloud. They may be able to take music, books, and games you purchased but not your own content.
Even more nefarious - when I lost access to my account on Friday, I lost the ability to update apps that I have purchased.
One app that I use frequently won’t load unless it is updated (it gives you a dialog that you can’t dismiss when you start it). So now I’ve lost access to another service and my data in that service by proxy.
We absolutely need rights here, especially the right to a full and detailed proof of violation and access to human remediation and review.
What's hilarious about this pathetic, whiny monologue is that the author most likely will continue using Apple products after all of this. Some people just never learn. Honestly, seeing people so dependent on an abusive for-profit corporation just so they don't have to be alone with their thoughts for 2 seconds makes me cringe and weep for future generations.
Not nowadays. Nowadays theft is doing something like copying a file, or using a vpn to watch YouTube. Permanently depriving someone of something they paid for isn’t theft.
He's deeply bought into the Apple ecosystem. He noted his Macbook arrived while he was fighting his account ban. I'm guessing iphone, ipad, thousands in music and movies on itunes, at least hundreds in apps, and an apple account required for all of it.
As a Google user I'm not in tremendously better shape, but my PCs don't require Google to function, and at least I could load a different ROM on my phone if needed. Not that Android is tremendously useful outside the Google ecosystem.
> Macs don't require an Apple account to function either.
i helped someone setup their macbook air M1 a few days ago. the least i can say is that they were asked to create an apple ID and they were asked for a phone number.
those steps were not skippable.
i was disturbed to say the least because i was recommending them to skip those steps and enter that information when they felt comfortable. an OS should only care about the user account. but two accounts and external identification were needed in this case.
Can you get os updates without an apple account? My Mac always bugs me for my apple ID when updating things. I'd be happy to get rid of that, maybe it's for apps.
Pre-Catalina, major OS version updates were distributed as apps on the Mac App Store, and required an Apple ID to download. You're right that this isn't the case today, though.
What if you set up a Mac with an Apple account, Apple permabans you for something, then you forget your password and want to wipe and restore your Mac?
TCP/IP relies on your ISP routing you. They can disown you, taking you offline.
Email is fairly dependent on DNS which is fairly dependent on a domain. Your TLD can deregister your domain, and domain hijacking is still a thing. Similarly, most people do not have an appetite to self host email and are subject to the whims of their provider.
BitTorrent is a decent example, DHT are fairly robust but also not easily searched. The discovery method of BitTorrent is frequently subject to DMCA takedowns. These takedowns have taken down legitimate torrents as well.
TLS and RSS are not platforms, and fall victim to the same thing as email.
The internet is built on many levels of trust, but just because we trust in it doesn't mean it isn't possible to deplatform at very low levels.
> TCP/IP relies on your ISP routing you. They can disown you, taking you offline.
They can cancel your service, obviously, but that prevents you from using Verizon, not from using TCP/IP. You go sign up for AT&T or Comcast or Starlink and you can still communicate with anyone on the internet.
> Email is fairly dependent on DNS which is fairly dependent on a domain.
Which is why I didn't list DNS. But dependencies are something else. In theory anyone can deny you access to anything by putting you in prison, but by then you're really arguing that preventing this is impossible because a military could wrongfully kill you, rather than talking about whether some specific thing is the thing causing it.
Not to mention self hosting your email will likely mean facing an uphill battle against spam filters blocking you. And seriously, fighting that alone could become a full time job unless you don't care to email.
This is abusing semantics to the point you just make yourself look unknowledgeable. And honestly I feel like you know better...
TCP/IP? Protocol.
Email? You mean SMTP the protocol, or email platforms like GMail that people get locked out of all the time, or you mean a tiny platform with a fraction of the users?
BitTorrent... the protocol.
TLS... the protocol. Are you joking callling this a platform?
RSS... same.
Linux the OS? Because Linux sure doesn't have a centralized platform built into it last I checked.
When you forget your Linux password where's the reset link?
-
Like to be clear, my statement is tautological. For any useful definition of "platform with large number of users" you need to have fraud protection.
It's not really an ideological thing, anyone who's run any platform of a meaningful size knows you get attackers, and attackers scale. So you need to defend against attacks, and legitimate users can accidentally trigger any form of attack detection, human or otherwise.
> Email? You mean SMTP the protocol, or email platforms like GMail that people get locked out of all the time, or you mean a tiny platform with a fraction of the users?
Email is a platform. Anyone on any provider can email anyone else on any provider. And then you can choose one you trust not to lock you out, or run your own.
The others are the same. A platform is something you build other things on top of. HTTPS is built on top of TLS. Webmail services are built on top of HTTPS and SMTP.
You want a more traditional platform? Java.
> Linux the OS? Because Linux sure doesn't have a centralized platform built into it last I checked.
Who said anything about centralization? The centralization is the source of the defect.
> When you forget your Linux password where's the reset link?
Boot from live installer and reset the password.
But also, why is "password resets" necessary for something to be a platform?
I'm going to assume you're acting in good faith and just haven't seen this definition of platform.
The one everyone else in this thread is using is "an application or website that serves as a base from which a service is provided" (that's straight from Merriam-Webster)
Examples include (also from M-W):
"music streaming platforms"
"has built a cloud-computing platform for use by others"
"billions of photos scraped from Facebook and other social media platforms"
The only one that really could count in your examples is email, and if you think that doesn't have problems try setting up your own server and sending to gmail, hotmail, and other large providers without getting sent to spam or outright bounced.
That's definition (b) from M-W. Definition (a) is "operating system." Though that's kind of a layman's oversimplification and it's more specifically the operating system's API implementation, which is why Java qualifies by providing the same thing.
But also, how does email not fit under (b)? Or Signal etc.?
Definition (a) goes on to include "also : the computer architecture and equipment using a particular operating system", which I think is largely accurate and I agree something like java would probably fit.
Email and Signal are kinda on the fence for me, because they're split up in a way where it's not really one cohesive platform in the same sense as a social media platform.
Regardless, even if you consider them platforms in this sense, both have the same issue with the detection of spam and other bad actors.
As far as I know Signal doesn't do spam filtering at all and has no means to read your messages. They just separate things sent from people not in your contacts until you add them, which happens entirely at the discretion of the peer and not the service.
How would they have any information about any of this? It's end to end encrypted. I don't think it even has accounts; the service is just a relay and the messages are authenticated on the basis of TOFU, i.e. this peer is the same as it was last time.
Yeah Signal still has as an order of magnitude fewer monthly users as WhatsApp has daily users, so the "we won't do anything, block them or call the cops" approach still works.
Most "monthly" users are also "daily" users, so I don't know what point you're trying to make there. Signal has tens of millions of active users.
This has nothing to do with call blocking or anything like that. I've had Signal for years and the the only spam in my message history is from more than a year ago and was sent via SMS.
It's all just network effect and WhatsApp being the same company as Facebook and therefore having a marketing budget that a non-profit doesn't. The fact that Signal has grown by a factor of nearly a hundred over the past two years despite WhatsApp's network effect implies that people strongly prefer it.
I feel like you must be trolling between the whole spending 4 comments arguing that TCP/IP is a platform thing... and now saying MAUs and DAUs are the same.
MAUs are how many people used Signal in a month. DAUs are how many people used WhatsApp in a day.
The DAU/MAU ratio for an app is never 100%. Ever.
20% is like a "good" rating, and 50% is like a best-in-class rating.
So WhatsApp having literally an order of magnitude more DAUs shows the gap in their usage.
The gap in their usage is not something for you to start making excuses about, it explains why Signal has no way to deal with fraud, child porn, spam, etc besides calling the police.
That flies precisely because Signal is small potatoes compared to the platforms I mentioned.
TCP/IP: Not really a "platform", but if you consider the internet as a platform: Your ISP puts you on a CGNAT with an abuser, or you random into a floating IP that is blacklisted as a bad actor
Email: Try setting up your own email server and sending to $largeESP
BitTorrent: Not a platform, but: This issue exists one layer up at the level of BitTorrent trackers (without which BT is mostly useless)
TLS+RSS: Same as TCP/IP
Linux: Not a platform, but you could probably get banned from package mirrors if you get the same IP as some asshole trying to DOS them and waste bandwidth
> TCP/IP: Not really a "platform", but if you consider the internet as a platform: Your ISP puts you on a CGNAT with an abuser, or you random into a floating IP that is blacklisted as a bad actor
So then you use a VPN. It's also not the same thing because that's being done by endpoints instead of the platform as an intermediary.
> This issue exists one layer up at the level of BitTorrent trackers (without which BT is mostly useless)
Modern BitTorrent uses a DHT for this. Trackers, to the extent that they still exist, are just to make peer discovery faster.
> Linux: Not a platform, but you could probably get banned from package mirrors if you get the same IP as some asshole trying to DOS them and waste bandwidth
There are many independent package mirrors and also you can access them from any IP address (e.g. using a VPN again). Also, this:
> Wait til you find out about what other systems you rely on have imperfect fraud detection.
>
> There isn't a platform any large number of people use that is exempt from this.
Okay, but with the other platforms that I can think off[1], my computer and phone still continue working. I can effectively work without those platforms and do not need to purchase a new computer or phone.
[1] Maybe I'm thinking of the wrong ones (Twitter, FB, AMZ, etc). Which platforms were you referring to?
> how do you feel about getting locked out of all your money for a false-positive fraud detection?
I don't feel bad about it - it happened once or twice in the last 30 years and it was relatively trivial to fix[1]. I also don't mind that they freeze spending if they think my account was hijacked in any way.
[1] Go into a branch with my ID, look at the transactions they think is fraud, declare that they are not, and get my account unfrozen. The whole process took about 60m, from leaving my front door to withdrawing money again.
Except there are humans who can and their strict orders are to never do that.
People don't realize, yes sometimes these companies are just ignoring CS, but when it comes to lockouts they want the humans to stonewall you.
Otherwise what's the point of the automated fraud detection? The human operator will just become the new target, and SMS attacks are a great example of why that doesn't work
Are you saying that permanently locking legitimate people out of their accounts is acceptable collateral damage just to make fraud a bit more difficult?
Are you incapable of making an argument that isn't a garbage-tier leading question?
Like sorry but that pisses me off a bit, have the basic decency to present your point without the theatrics...
-
It's acceptable to make a system that makes it incredibly hard to get your account unlocked in very rare cases just to make fraud a lot more difficult.
You see hundreds of these posts a year and billions of people use these devices a day.
Impossible or incredibly hard? Well impossible right?
Because OP did not get back their account.
Once your account is locked it is impossible to get it back, the bits that make up your account are instantly wiped right? Some L9 at google waves a magic wand and it's gone.
No one who ever got wrongly locked out of a Google account has ever gotten it back, so it's impossible right?
-
And yes, hundreds out of billions is acceptable collateral damage.
In case you didn't know, all systems are subject to similar tradeoffs, even ones of life and death. Planes aren't just designed with safety in mind, trade offs are made knowing they could cost lives because no one could afford to travel on a plane that was twice as safe for 10 times the cost.
The water you drink is treated knowing that X incidences of illness and death occur for Y amount of contaminates because no one can afford water that's significantly more expensive for marginal benefit.
Fraud is the same. You have to accept hundred out of a billion chances of going wrong because no one will pay not just a monetary cost, but a convenience cost. Most people won't be happy if Apple requires ID to make an iCloud account for example...
I was waiting for the realization that he couldn't go on shoving money at these guys, and needed to increase his self-sufficiency by selfhosting to keep his data out of their or anybody else's walled garden.
That is not at all the answer to this. Tech people need to respect their craft a little bit more. If some hospitals screw over a patient no doctor would say people need to learn surgery and self operate on themselves. Self hosting is not something a normal person can just learn overnight and manage.
All this case (and similar others with other companies) demonstrates is that we're lacking in laws and regulation here.
There should be no way that it is legal to just lock a customer like that without paying them all the money invested in virtual "goods". Sure, you want to block me then return all the money I paid for music, apps, etc.
There should be channels in every company where they will precisely tell you what happened and why. If they want to just stop dealing with you - they must pay back.
There's nothing wrong with using a service, what is wrong is that our laws are not up to the task of dealing with those risks.
I'm sure of this because I've made a career of it and I do it professionally for a large corporation. I know how many engineers it takes to have a 24/7/365 follows-the-sun rotation that doesn't lead to burnout. I've personally seen and solved lots of failure modes that result in mysterious degredation. (Hey did you know there's firmware on the SAS breakout board itself?) I've read many more, with solutions I'd never have come up with, by people cleverer than me.
An individual tech person could theoretically manage to do it, but I'd rather have my team helping me while I help them. I'm only human, and can't always see my own shortcomings.
I can. But I know better than to try and self-host something mission critical for myself or (especially) family. I self-host the same way a car mechanic has a classic car in their yard that they'll aspirationally fix one day.
It’s so odd. 15-20 years ago we didn’t have this problem. It just takes time and time is very precious. It comes downs to risk and time. Is the risk of this happening worth your time? Some times I think we embrace technology too quickly as technologists without considering the whole picture. At this point you have to ask if you can trust the people behind a technology to dk the right thing for a decade or more. If the answer is no start figuring out how to ditch it. This ignores the philosophical issues emerging with FAANG type companies. Anyhow, it’s much easier to never embrace a technology or vendor than it is to ditch it later.
That risk includes getting shut down by your ISP, who may be the only ISP in the area.
I once got a nasty call from Comcast's net abuse department because I was gasp running a mail server. It was locked down tight, and only accepting mail from an old email provider.
They didn't care. I was told that if I had SMTP open or they saw SMTP traffic coming in, I'd be permanently banned from being a Comcast customer because I was "running a server."
Internet needs to be declared a utility and internet companies need to concern themselves only with reliably delivery of network packets and to otherwise completely fuck off. My power company, gas company, and water company don't give a fuck what I do with my electricity, gas, or water.
15-20 years ago you could get away with more mistakes without them biting you, but they where none the less mistakes that where bad.
These days the bad actors have automated there exploit attempts to the point that its not even really about asking when you will get hit rather then if you will get hit anymore, its almost instant in most cases.
with so little leeway its just not viable to self host anything that is exposed to the internet, and then if you still have to deal with things like off-site backups if you care at all about your data.
I have thought about this a lot. I think it basically comes down to your domain. It’s okay to let someone else host things for you. To retain control you just have to keep your domain you are using for important things secure.
That's not really true, there are offerings on the market that make it a breeze. Take Synology. You get raid with dozens of terabytes, that is self managed and has got instructions on every aspect of usage. It's got Google Photos rip-off for every mobile platform, it's got LDAP, Email, Caldav and Cardav packages with GUI. It's got DNS server with easy to use GUI, it's got packages for NextCloud and it's got something like Dropbox that is made by Synology as well.
You don't need no port forwarding or fancy security, it can connect to Synology's cloud thingy that will route your traffic back home correctly, DDNS on steroids.
So if you really want to self host everything, it is couple grands out of pocket and couple of evenings of clicking around.
I am not affiliated with Synology, just a happy user (although I only use it as raid storage with SMB, NFS and as Docker server).
It need not mean your own cloud services, although I think the longterm trend is residential routers plus a USB stick will make this more possible.
Eg, he doesn't have to make access to all his music so it is contingent on his one credential, which can be revoked at any time by Apple. He can keep local copies of what he has bought, despite the ecosystem tries to make that difficult. Apple Music will delete any local copies it manages when the credential is invalidated.
> residential routers plus a USB stick will make this more possible.
This smells like "let them eat cake" except in the context of technology. Not everyone is able or even wants to mess with that stuff. There's a vast difference between "Yes, backup my stuff, Apple; Here's my card" and "I know what an IP is"
At $12/year you literally cannot get anything like what Apple offers just in terms of backup — not the equipment, not the man hours required to maintain it. Even if I were able to set it all up, it would cost me a huge amount of money in lost revenue just to maintain it safely.
It feels like "I could build dropbox in 5 minutes" never stopped.
Maybe read it a bit more generously, in the vein of:
* Maybe we can get to a point where running your own services is easy enough and normalized enough that most people do it.
I'm doubtful, but there's at least some small winds in that direction-- disillusionment with FAANG, peaking of the large tech economy, some renewed interest in privacy.
Most people use mobile devices and want the ability to watch content anywhere, anytime at press of a play button. That’s the benchmark. No personal hardware setup will match that convenience and people who are not aware of the security risks shouldn’t be hosting their own content from their personal network online.
> Not everyone is able or even wants to mess with that stuff.
People literally managed books full of CDs or jewel cases, DVD racks, cassette tapes, LP collections, people had an entire rack in their house dedicated to hardware designed explicitly to use these cumbersome things, people torrented and used gnutella and managed software CDs, movie CDs, photo albums, VHS collections and the like just fine for ages. Not everyone is capable of playing MP3s on an PM3 player? Since when?
If these new systems that everyone is using is so much more complicated than that that you have to pay a professional service to do it for you, we have royally fucked up somewhere along the way.
> People literally managed books full of CDs or jewel cases, DVD racks, cassette tapes, LP collections, people had an entire rack in their house dedicated to hardware designed explicitly to use these cumbersome things, people torrented and used gnutella and managed software CDs, movie CDs, photo albums, VHS collections and the like just fine for ages.
Sounds like you’re trying to generalize from a very small set of people. The percentage of the population that had specialized full sized racks for their torrented stuff and what not was very, very small. For the rest of it, I imagine that “large drawer next to the desk” was the #1 solution, followed up by “in the car somewhere” for music CDs.
For the average person, the actual backup procedure from that era was very poor. Frankly, I doubt many did it at all. Even the nerds I knew mostly did a pretty half assed job, all considered. What professional backup software hosted in the cloud today blows even the most thorough technique from any consumer in the 1990s out of the water.
Why are we pretending it's the early 2000s? CDs were used because that was the best option at the time obviously. To compare them to services today hosting infinite amounts of LEGAL content streamed over the internet to millions of people on all manner of devices at the touch of a button is rather odd.
Likewise, it's weird that you need professionals to build such services? Anything that is so complicated that it requires professionals to create it has fucked up? In other words, every industry that ever existed is fucked up because they require more than a passing knowledge... professionals shouldn't exist.
I'm not necessarily comparing them, I'm just pointing out that this line "people can't manage their own shit and so must contract with companies to do it for them" is ridiculous in it's face.
I went through every possible channel to explain that the card does not send me a billing statement and I cannot possibly produce one, requesting to be called or at least emailed by a human, to no avail. After spending tens of thousands of dollars on Amazon over the course of fifteen years I couldn't even get a personal call from the case manager, and all my purchased media is gone.
To this day I have found no resolution, and the only next step is to contact them through a lawyer.