Anyone saying "Good riddance! Go enjoy your life without Facebook!" is missing the point. Please read this bit from the article:
> Thing is I’m a Mum of two who has just moved to a new area. Facebook groups have offered me support and community, and Mums I’ve met in local playgrounds have added me as a friend so we can use messenger to plan playdates. Without these apps sadly my little social life becomes a lot lonelier, and harder.
This is the pernicious effect of Facebook's dominance among social networks added to their policy of poor support. It's not really an "optional" social network if large swathes of your social circle have started using it for essential life functions, it's more like a utility and should be regulated like one. And no, telling all the mums at the playground about how Facebook's ban policies are bad and we should all use the Fediverse instead is not going to work for the average person. If anything, it's more likely to mark you down as one of those weird parents to avoid.
It wouldn't be good for your power company to have the option of arbitrarily cutting you off as a customer, and never giving you a chance to get back your power. Similarly, we should regulate Facebook to the point where they are exposed to genuine regulatory consequences for disrupting people's lives.
> we should regulate Facebook to the point where they are exposed to
genuine regulatory consequences for disrupting people's lives
No. Regulatory consequences for transgression are ineffective. They
are applied after the fact, when the damage has been done. The abusive
company can still delay and disrupt the user, force them through
lengthy and Byzantine arbitration and act like total cocks because the
fines are fiddling small change.
Instead of punitive measures Facebook and the other social media
companies require technical regulation. We need forced
interoperability. As a licence to operate, commercial social media
sites larger than a few million users will be required to present a
standardised API so that you don't need to be a member of Facebook to
inter-operate with its users if they invite you to.
It is Facebook's ownership and control over it's users that is the
central problem, not any aspect of its quality of service per se. We
need to move this whole "walled garden" problem to a new space, in
which they are not "Facebook's users", but simply social media users
who happen to be able to read/write Facebook assets, amongst many
other alternatives that work together.
In my experience I had a negotiator call me the next day after filing a complaint with the public service commission about a DSL line. Cable isn't regulated by the PSC so your only recourse is through the courts if you cannot get their customer service to help you.
Of course, public service/public utility commissions were set up in a time when the law was often written to be equalizing rather than to simply entrench power.
If there were something like a PSC for larger, systemic social media etc. it could, depending on how it gets set up, be a total positive. I appreciate reasons to be skeptical it would have that effect.
I both agree and disagree. Your proposed solution is a good one (for other reasons too) but regulatory consequences can be effective if those consequences are serious enough and are actually being enforced. After the first couple 100k$ fines per banned user I will bet you good money nobody will ever be banned.
It does heavily depend on what form those regulations take though, I think there are valid reasons to ban users from a platform or prevent them from using it in particular ways (either for safety reasons or making the platform a more pleasant experience for everyone else). I can easily imagine some governments would co-opt this kind of regulation to benefit themselves or punish people and companies who aren't sufficiently supportive
Personally I think the mandated interoperability/public API is a better solution, in the best case it could lead to some actual competition and if that didn't happen atleast people who chose to leave Meta/FB would have options for maintaining the social connections
I like these two posts -- yours and the one above. It makes me think: If gov't is going to add regulation for social media accounts (something that I support), should it be a requirement to identify yourself to the social media network owner? My point: Some kind of national ID tied to your name, but kept private, so the company can absolutely say if you do or do not own the account. I know, I know, there are all kinds of holes. However, consider the alternative: What if it was not required (real ID for your social media accounts)? How could these companies reliably tie the account back to a real person making a claim? Require 2FA via YubiKey? I have learned from HN that a mobile phone + SMS just isn't secure enough in many jurisdictions. It is too easy to use social engineering to takeover a mobile phone.
Edit: I have mentioned before in previous comments (not this post): After Dodd-Frank regulations in the US, global investment banks really changed their behavior when fines became massive. So massive, it was seriously altering quarterly revenues and hurting stock prices. I favour the same type of regulation for social media network companies. It is the only way to make them listen to the law.
Yeah personally I'd rather stick to letting the companies ban who they want and letting me do what I want. If there's any ID related law, I'd rather they be FORBIDDEN from collecting IDs.
You really want social media to have the same type of access to your personal information that banks have? A know your customer type of regulation?
It amazes me that on one hand, every law related to technology that the government passes in the US, HN is almost universally opposed to. But they trust the same lawmakers “this time to get it right”.
You wrote: <<You really want social media to have the same type of access to your personal information that banks have? A know your customer type of regulation?>>
Would you support if the data leak fines were similar? I would. To be clear, I am talking about global investment bank-style "know your customer" (KYC). If retail/commercial banks leak customer PI, the fines are _immense_ in 2022. Most of them now have enormous security teams, or they pay AWS/Azure/G to do they same via consulting / cloud fees.
My financial information is much more important to me than social media.
And they don’t pay cloud providers to ensure security. AWS [1] for instance always stresses the “Shared Responsibility Model”. AWS is responsible for security “of the cloud” the customer is responsible for security “in the cloud”.
There is no way in the world that any cloud provider would ever take responsible for customer workloads. If you make your S3 buckets world readable - which is really easy to do. That’s on you.
[1] I work in consulting at AWS, all opinions are my own.
World readable is not the default. You get scary warnings when you do it and you can set it up on the account and the organization level to block it. There is no “click a button to make it world readable”. You have to know the JSON policy.
However, you do not need to use custom policies - it's checkboxes on the S3 bucket creation page. And the wording on them is obtuse AF, and I know what I'm doing with AWS IAM.
> The abusive company can still delay and disrupt the user, force them through lengthy and Byzantine arbitration and act like total cocks because the fines are fiddling small change.
So the fines should be substantial enough to act as a deterrent.
Then another option is that, for instance, if Facebook gets sued and judge agrees to take the case then Facebook should pay for the claimant's lawyers the same amount Facebook pays their own so they have a fair chance.
E.g. if Facebook budgets $5m for the particular case legal defence team, they should give the claimant $5m to spend on their legal team.
Interoperability would go a long way, but if they're still expected to hold moderation privileges on their platform, they could just as easily block communications from a user who is using a non-Facebook federated system. If Facebook became decentralized, it's inevitable that there would be more spam and automated bots to deal with, so moderation would be key.
This could possibly be mitigated by giving group moderators higher privileges than Facebook moderators. So Facebook could submit a ban request, but the group admins would have to approve it. Facebook could block a public feed but not full functionality.
And how forced interoperability would work would differ in each country, but at least in the US, this could be accomplished imply by tying Title 42 privileges to federated interoperability standards.
Interoperability is great, but I think we need more than that. We need a user's bill of rights that applies to all online accounts. We need legitimate appeals processes where companies can be forced to justify their decisions to block access to accounts.
This goes beyond social media. Consumers are being asked to "buy" content that is associated with a single account that can be banned at will. "Free" email accounts are a critical part of many people's online identity.
We need regulation that protects users from capricious bans and forces companies to be able to justify their decisions to ban and face consequences when they get it wrong. I'd be fine if such regulations also included consequences for users who abuse the appeals process.
There are already reasons that are illegal (i.e. member of a protected group that you can't descriminate against.) for ”Christian Mingles” to use to bad someone.
I am not proposing any further restrictions on what reasons an be provided to ban people.
I do think that plaforms that encourage people to become invested in them (email providers, social networks, online media "sales” patforms, etc) should have a legal obligation to explain the reasons for the ban and provide the banned user the opportunity to correct any incorrect information that led them being banned.
I don't know if a standardized arbitration process, and expansion of the civil court system, or something entirely different is the best way to approach this.
You tone comes off as very combative, like you are looking for a fight and making assumptions about my political stances that are both incorrect and detract from your ability to have a conversation.
I assume that you want more government control. Laws by definition always give the government more power over individuals. The last thing I want is government interfering with private enterprise when all people have to do is go to another website.
> Laws by definition always give the government more power over individuals.
Factually false. Some laws reduce that power. For example, a law that made it illegal for police departments to keep the proceeds of asset forfeiture would reduce the power of government over individuals, not increase it.
In this case, it does indeed create more government control, though it could be designed to limit the amount of additional control that is granted.
> all people have to do is go to another website
How does that help me when the email account I lost access to is already tied to most of my online life?
How does that help me when the music, books, movies or software I paid for is tied to the account that was banned?
How does that help me when the "website" is part of a market duopoly and losing access to it means my company will go out of business and I'll have to fire all my employees?
"go to another website" simply is not an adequate response to any of the above scenarios. Please proffer an alternative other than "it sucks to be you". The only other option I see is to make these companies common carriers and mandate interoperability / account portability. That seems like it gives the government far more power than simply mandating a fair dispute resolution system.
Does that also mean that the company has access to all of your friends data?
Look no further than the 12 chapter 99 section GDPR and the shit ton of cookie banners it brought the web.
Would you let any company have unfettered access to your product via APIs? Should they have rate limits? Should they have to pay for access? How do you prevent a third party API from posting spam? What are the rules around being able to block the API when it behaves maliciously? Who gets to decide what malicious behavior is? How do you protect the data that is siphoned off from the API?
They control the primary forum for local community chat, they control the swap-meet (facebook marketplace); I have no access to any of that anymore, it used to take place on many other forums, but it has centralized on facebook, which I don't use. A fair few local orgs use facebook exclusively for communication. Some of them have public pages, some don't.
I don't really care, aside from missing the odd deal on the marketplace that I can't participate in, but I imagine this could be quite important to other people. There's got to be a better way, but I don't know what it is or how to get there.
Very much so. For the past 10 years, facebook has more or less dominated the market for everything related to rural places and smaller towns.
This could very well be a geographical thing - but where I'm from, Norway, FB is the de facto platform for anything social in communities. I've heard that in other places of the world, people used WhatsApp, Discord, etc. - but where I'm from, it's FB.
Local classifieds, local hobby groups, local community information, local sports, culture events, etc.
Luckily there seems to be a push in moving people elsewhere - but with all the older folks primarily using FB, it's going to be hard. I think it's just fine for things like hobbies, classifieds, and such - but real infrastructure shouldn't use FB as their main platform for sharing information.
Remember that WhatsApp is also Facebook. As for Discord... isn't it a gamer thing?
> I think it's just fine for things like hobbies, classifieds, and such
No, that's the point. If it's used for all of this stuff, then people "have" to be on it. Group interaction media _is_ part of the "infrastructure" of society.
Discord pretty much replaced IRC. I remember, 20 years ago, a lot of people used IRC for chat. I think SoMe and the various chat apps more or less killed off IRC as a popular platform...then discord came along, and filled the niche for gaming chatroom. Now people use it for all kinds of stuff.
Real question: Is it possible to be banned from WhatsApp? I don't use social media networks at all (except LinkedIn for strictly professional topics). If I was banned from WhatsApp, or Line, or any other pervasive chat network, it would really hurt.
> A fair few local orgs use facebook exclusively for communication.
I noticed that when vaccine availability in the US was constrained during the first few months of 2021 and local governments were organizing vaccination clinics, several of the events were announced only on Facebook pages. Several towns/counties didn't seem to have websites, or didn't put the events on the ones they had, instead preferring to announce them on Facebook.
It was scary to think that folks locked out of Facebook for whatever reason did not have access to those notices unless informed by a friend or family member.
> Several towns/counties didn't seem to have websites, or didn't put the events on the ones they had, instead preferring to announce them on Facebook.
Yeah, no government agency should publish anything (however trivial) exclusively over a private platform. As far as I'm concerned it should be illegal and anything they do post on social media should always be a mirror of the same content posted to a public platform and retained according to the laws that agency should follow for their documents.
People should never have to worry about a private company being a barrier between them and their own government, and no private company should have the ability to pick and choose who can view what the government publishes, or to secretly modify that content (perhaps selectively), or to remove content that should stay part of public record.
I don't think that really solves it, though; they just have to have someone in the office go to all the Facebook posts of the notifications, print them out, and snail mail them to you. Possibly time-consuming and therefore expensive, but FOIA-compliant.
Does it makes sense to push for representatives to discuss a law to forbid a city or state announcements to use any commercial platform for announcements?
I think it makes more sense to mandate they post on a govt-funded platform simultaneously with any other media.
More media (Facebook etc) means reaching more people, that's not a bad thing, but it IS a bad thing for everyone else to get the info late if the govt only updates their "official" site once a week or something, but updates twitter every few minutes.
The hilarious thing is that any mention of a public utility supplied social networking site would be met with STATE CONTROL!!!1 GUBBMINT SURVEYLANCE!!1
The sad thing with that, is that a state developed app certainly would have backdoors for police build in by design. And all the ither nice features people in power would like to have.
So I am hoping for/dreaming of an international developed open source solution. But the existing ones I am aware of are unlikely to ever fill that role.
First, I gotta say "GUBBMINT SURVEYLANCE" really made me laugh. I am a bit sad to see it downvoted, but here is not Reddit, so I understand.
That said, reading so many good, thoughtful posts here... and then one more from you(!)... it made me think: Why isn't there a global "goverment/non-profit facebook"? Think: Strictly open source software. Hosted in "the cloud". Gov'ts can do: (1) on-prem, (2) public cloud (AWS/Azure/G), but they control the env, or (3) pay for a hosted solution (Oracle/SAP/Hitachi/whatev). #1 & #2 have infra run using gov't workers, but #3 is run by private company. A bit like hosted/cloud Wordpress vendors.
The idea: Only gov't officials have accounts to post/update public info. There are no regular user accounts -- so no one can get banned. Then, if people want to have posting / chat rooms about a gov't facebook page, they can "reverse link" to a Discord, or something like it.
Funny example: If you live in an area with a terrible dept of motor vehicles, the DMV gov't facebook page would publish the usual info about hours, locations, rules, etc. But then people would run Discords to argue/post about which DMV location has the worst customer service! Assume the Discord server is strictly independent of gov't facebook... so Discord admins can ban whomever they like (if people say offensive stuff). But no matter what silly things people say on a private Discord, they can never be "banned" from the gov't facebook -- it is public, just like Wikipedia, but no regular users accounts.
And I can already think who already has the sales contacts and engineers to get it done: Microsoft. I can already hear the tomatoes being thrown at me... but it is true: They could do it, and it might be a huge money maker. Or SalesForce, because a lot of gov't website now need eforms to do online gov't stuff. Makes sense, I think. Two other orgs who could do it: Mozilla and/or Wikipedia. They don't have the sales contacts, but they are well-trusted by gov'ts around the globe.
This is already the current state of affairs. The state has a DMV site which is controlled by the DMV where they post all the information you probably need to know about the DMV, the online processes to do things on it, etc. If you want to talk about it, you can feel free to share a link to it anywhere you want.
For example, the Texas Department of Motor Vehicles website, available at https://www.txdmv.gov/ . They host the site, well, they pay contractors to manage and run the site. The Texas DMV controls the content on the site; companies like Facebook or Discord can't control what the State of Texas wants to publish on it.
They're making more vanity license plates, and so they have example designs and polls related to the designs on the site here: https://www.txdmv.gov/motorists/license-plates/eview we can share this link with our friends and family through Facebook, Twitter, Discord, WhatsApp, Signal, SMS, iMessage, LINE, your own personal blog, whatever you want.
You wrote: <<This is already the current state of affairs.>>
Except every gov't agency re-writes this software. My point was to create a common standard that can work in 100+ languages and all kinds of useful features for gov't websites. Maybe Wordpress can already do everything...
Any how does Texas DMV host? On-prem, public cloud, or 3rd party hosted?
Looking at the source, its a Drupal site. So yes, at its core it is an open source software stack probably with a lot of state-owned templates, themes, and plugins made and/or managed by their contractors. Its fronted by Cloudfront, I don't know if its then being hosted on AWS, some other cloud provider, a state-run datacenter, or a raspberry pi under a desk at one of the DMV offices.
Either way, each DMV and other state agency or agencies in other states is going to want to craft the site in its own fashion for its own "brand". Whether or not this is a good thing is debatable, there's pros and cons each way IMO. You're going to need to have certain kinds of integrations and plugins into byzantine ancient computer systems that each agency also owns and manages. It'll practically never be some quick one-click deploy to make a DMV site; every DMV between all the states are different. They have different forms, different workflows, different database systems for their old systems, different priorities their state legislatures have given them, etc.
Facebook is not like the power company, or the water district. It is not an essential utility that people will die without. If Facebook suddenly disappeared from the Internet tomorrow, life would go on. This particular person might find it somewhat more difficult to socialize without it, but people have been socializing for decades without Facebook, and people will continue to socialize when it's dead.
Just throwing up our hands and saying "we simply need Facebook" doesn't help anyone, and doesn't help to fight the pernicious effect of Facebook's dominance. I agree though, that some kind of regulation is part of the solution--but not because it's some kind of essential utility, but because of it's ill effects (like smoking).
Despite her initial fears about being so dependent on it, this might actually have been a blessing in disguise--just the encouragement she needed to let go and move on from this harmful platform.
The tone-deaf responses of tech people to normal peoples' plights never ceases to amaze me.
The telephone is not an essential utility that people will die without, either. And yet the phone companies were regulated as utilities. Such regulation ensures that normal people with no monetary/social/political clout wouldn't be denied participation in society or burdened with undue hardships (communication, socializing, transportation, etc). This is a not-insignificant part of government's function in service to its citizens.
Just because you may be rich/powerful enough to not need such services does not mean that they are unneeded.
> The telephone is not an essential utility that people will die without, either.
As someone who has been in situations where calling 911 and getting emergency services to a location ASAP I can 100% argue having telephone service available saves lives. More people would absolutely die if telephone service wasn't as widespread.
Utilities have to conform to the same standard while FB is fully closed and does not interoperate with anybody. Think carefully before elevating it to the level of public good. If you want to force FB to open and interoperate that'd be a different thing though.
If you regulated Facebook in the way that the telephone was regulated, it would essentially become a requirement to use Facebook. I don't have a Facebook account and would very much object to regulating Facebook in a way that our local governments would suddenly be validated to use.
Telephones connected people in a specific way because there weren't really alternatives. Not sure that entirely applies to Facebook.
The regulation might mean that Facebook is forced to interoperate with your social network of choice (this reply [1] goes further into that idea), though. If you're an AT&T user, you can talk to Verizon users just fine even though you might not like Verizon as a company.
This is a great point. I was thinking this week: If my water was turned off, my home would be practically unlivable. Maybe you can survive for a couple of days, after that -- move out! Heh... can you imagine getting "Banned" by the water company? Just go live in the woods, off-grid!
> The tone-deaf responses of tech people to normal peoples' plights never ceases to amaze me.
In this case though it is a response to another tech person. Maybe the general public would get some sympathy here, but this person had a vanity domain that they used for something important then let expire, and should know better.
> The telephone is not an essential utility that people will die without, either.
There are obvious circumstances where this is very much not true, so your call for empath back at you: just because you have never been in a position where phone comms are that important…
>it is a response to another tech person. Maybe the general public would get some sympathy here, but this person had a vanity domain that they used for something important then let expire, and should know better
Fyi... the person in question (Emily Cordes) doesn't appear to be a techie. Her "About" page says: Emily is an Exercise Physiologist
She's a non-techie that happened to get a domain name. She let it expire without realizing the interconnected consequences (email address recovery) which seems realistic for non-techies to overlook.
Even a tech company like Microsoft with dedicated IT department made the news when they accidentally let their domains expire: passport.com, hotmail.co.uk
> There are obvious circumstances where this is very much not true, so your call for empath back at you: just because you have never been in a position where phone comms are that important…
Yes, many farmers in poorly developed nations, now use SMS on ultra-cheap mobile phones to discover prices at the local markets. If they lose mobile phone service, it absolutely harms their income. And, many of these people are barely above substinence farming.
> If Facebook suddenly disappeared from the Internet tomorrow, life would go on.
Yes, if Facebook completely disappears there is a short moment of arranging alternatives and all goes on.
However if they ban single individuals from their platform this can have a notable impact as they are disconnected from social circles, which picked Facebook as their communication channel.
And yes, Facebooks relevance is still different from water, but it compares maybe somewhat to phone operators and other such utilities, which are under some regulation regarding required services and interoperability between networks and it's worthwhile to think how communication in a contemporary era can be ensured. Learning from mistakes made in phone operations, taking into perspective that development isn't "done" yet, ...
A little empathy would go a long way. Surely "life would go on" if your kids' school closed down, or if your best friends relocated, or if your employer laid you off. But it would be a significant inconvenience, wouldn't it?
She articulates well why losing her account is an inconvenience. We can at least acknowledge that her feelings are valid.
It's funny that you compare Facebook to a power company this way. Recently I wanted to contact a power company about a bad experience I had with them. Basically there were three support options. Phone, Facebook or Twitter. Phoning them was possible during office hours, while both Facebook and Twitter were available between 08:00h - 20:00h.
Another example is my local pay sports provider, which doesn't even have a phone or e-mail support option anymore. It's Facebook or Twitter only. So I ask my spouse to contact support, since I don't want to engage in social media that way.
I think Facebook and Twitter are more essential than we may think and should be regulated like a public utility.
Instead of regulating whatever social media platform happens to be trendy at the time, your anecdote suggests we should regulate companies so that they offer direct support through conventional means, rather than exclusively through third parties.
Yes, but that would be rather hard to do. You would end up in a semantic discussion of the term "conventional means"? Is that support through telegraph, mail, phone, e-mail or social media? And what determines a third party? The telephone company or mail provider can also be a third party.
In my opinion when we have a oligopoly of social media providers (Twitter, Facebook, etc.), they should be regulated by local laws and government. Same for providers such as Microsoft, Google and Apple. It must be unacceptable that you have to provide your private details for usage and can get banned from a service without any prior communication. And without the ability to appeal or arbitration.
> You would end up in a semantic discussion of the term "conventional means"?
A definition could be a means which is itself regulated to be available to any customer.
So a phone support line is one because phone service is regulated, available and interoperable. Email counts because it is open, standard and decentralized (an email provider like gmail can block you but you can simply go elsewhere or self-host). A support office staffed by humans is also good because everyone can walk/bike/drive there. (But as a counterexample, a support office inside a military base wouldn't count since most people can't get to it, unless 100% of the customers are in that base.)
A support line controlled by a private entity which arbitrarily blocks people from access, such as FB, clearly doesn't count.
> Facebook is not like the power company, or the water district. It is not an essential utility that people will die without
Imagine walmart is the only large store near your house, and they ban you from that store. Walmart is not an essential utility, since you have a convenience store and a gas station in the same town too, and you can also drive 2 hours to another large store if needed.
If all of your social circle is on facebook, it's very inconvenient to ask them to move somewhere else just for you.
Then the answer is not to regulate private industry. The answer is for the local government to pass laws saying that all communications must be on public websites.
SO if your local mommy group uses facebook... are you going to ask all 50 of them to switch to signal/telegram/vk/whatever? Are they going to do this just for you?
> If Facebook suddenly disappeared from the Internet tomorrow, life would go on.
Yes, if FB disappeared overnight, we'd all wake up to happier world and life would go on.
But that's not the scenario. The scenario is that suddenly your FB account disappears overnight while the rest of the world, all the groups you need to interact with, continue to exist only in FB. That's a terrible dystopia for the victim.
Personally I'm lucky no group I need to deal with uses FB much or at all. But I do know there are groups for whom continued FB access is vital. It shouldn't be so and/or FB should be regulated to force them to allow access to anyone who needs it. Allowing a private company to shut someone out of society is morally incorrect.
> It is not an essential utility that people will die without.
Numerous local governments announced COVID vaccine availability exclusively via Facebook. Citizens relying on their government to inform them of vaccine availability did not receive the information because they were not on Facebook. So far about 15 million people have died from COVID. Are you suggesting that none of these people contracted COVID and died while they were trying to get the vaccine but were unable to because they did not receive the government-provided vaccine information from Facebook?
First, this is a very clear example of how the manner in which Facebook operates has a very disproportionate effect on women. My wife followed me and gave up social media, and found it incredibly difficult, much more so than I. It was also notable that many people told me that I was doing the right thing, etc etc, but the general response my wife got was "how will anyone keep in touch with you?"
>It's not really an "optional" social network if large swathes of your social circle have started using it for essential life functions
Putting aside the trite observation that, for two years, young families being able to socialise was considered absolutely non-essential, Facebook is as essential as you make it. Ever since it took hold in universities, people have asked (with varying degrees of irony), "how do you exist without Facebook?". The answer is - just fine.
>and no, telling all the mums at the playground about how Facebook's ban policies are bad and we should all use the Fediverse instead is not going to work for the average person.
We generally don't mention it, and get on with having a good time with people (which includes arranging for social continuation - ie, meeting up again).
>it's more like a utility and should be regulated like one.
The idea that an online echo chamber is essential to life, is very depressing. Community exists in the incidental and in the repetitive rhythms of life.
Edit: The response to this is very interesting. I am very glad I returned to my native country instead of trying to build a life in the US, as it seems that something invented as a way to keep up with college girls has become deeply ingrained as a social necessity in a very short space of time.
> Putting aside the trite observation that, for two years, young families being able to socialise was considered absolutely non-essential, Facebook is as essential as you make it.
For two years, those young families did a lot more socialization over internet - be it facebook, zoom or whatsapp. If anything more socialization and coordination move there.
Also, this is not so much about young families, this is about primary caregivers. Most of their time is necessary spend alone and if they want to meet with anyone, they have to coordinate online.
> Do young families not have a primary caregiver? The effects we are talking about apply equally well to both, if you insist on making that distinction.
If you go to work, you don't have this issue (regardless of whether both work or only one). The super isolated lonely primary caregiver thing is what happens when you are stay at home. Babies and toddlers are fine being with parents only. Within young family that has that problem, this is a problem of one person. The rest of them dont even have to be aware.
> I very deliberately decided to reject that "new normal". Do you think that it's a good thing?
This is what you wrote: "young families being able to socialise was considered absolutely non-essential, Facebook is as essential as you make it". I am saying that pandemic did not shown any of that. Many young families had 2 adults at home constantly - making loneliness issue much different. Others had one close friends they met with regularly.
And most seen socialization as important and moved it online.
>Within young family that has that problem, this is a problem of one person. The rest of them dont even have to be aware.
I don't get what point you are trying to make. Yes, my family has a primary caregiver (like practically every other family). No, it's not me. However, this means I have an exceptionally good understanding of the very issue that is being discussed. I care deeply about the issues that person has as they raise our kids through their youngest ages, and I do whatever I can that is best for all the members of my family.
>Others had one close friends they met with regularly.
Good for them. Where I live, it was illegal to have other people in your houses until mid-2021. Cafes and other hospitality locations were closed for around the same time. My local playground was literally chained shut. Tell me it's fun meeting other families with babies in the winter in an empty field (it's not). Particularly when those other people spend the whole time dancing around you on tip-toes trying to keep the government-mandated 2m separation.
>And most seen socialization as important and moved it online.
There's the catch - I don't regard online-only interacting as "socialising". Most of what makes mere words into the all-encompassing experience known as "socialising" has been removed.
Decided to make this point first: pandemic lockdown was much less lonely situation then being stay at home. The work from home of other partner is already massive change. Moreover, everyone you know is in the same situation, so you have whole world of zoom calls of understanding people. You are all in the same situation, all your pre-existing friends are in exact same situations. It had other issues, sure, but was less lonely.
> I don't get what point you are trying to make. Yes, my family has a primary caregiver (like practically every other family). No, it's not me. However, this means I have an exceptionally good understanding of the very issue that is being discussed. I care deeply about the issues that person has as they raise our kids through their youngest ages, and I do whatever I can that is best for all the members of my family.
Only stay at home person is actually lonely, others are not. No matter how awesome emphatic the other person is, the other person is not that lonely. And in my experience, dont really understands what is like nor consequences of it, despite the best intentions.
Like I said above, being stay at home is way more isolating then pandemic was. That is something easy to understand if you was at home, but people who were not refuse to hear.
> Tell me it's fun meeting other families with babies in the winter in an empty field (it's not).
With babies, we would walk with strollers, we did it every day in winter too. With babies the emptiness of field does not matter much, cause they don't do much anyway and sleep or look. In general, in here, people don't socialize in cafes with kids lockdown or not. It was going outside.
>being stay at home is way more isolating then pandemic was.
I could not disagree more, and my partner would say the same. What was so absolutely terrible about Covid lockdowns was that the few coping mechanisms available to primary caregivers in those early months and years of their childrens' lives (cafe visits with friends, having other people visit, going to the park and talking to others, etc etc) were completely removed. Covid lockdowns were near 100% isolating (and by design).
>The work from home of other partner is already massive change.
And this made it worse again! Not only does one partner have to try to look after young children literally isolated and not allowed to leave the house, but the other is supposed to sit staring at their computer and concentrate on work while ignoring them?
>It was going outside.
I don't know where you are from, but the Covid restrictions here were not only very strict, but people were incredibly compliant. The parks and such were empty! I was surprised. I had many lonely trips to our local playground with my little boy.
>> being stay at home is way more isolating then pandemic was.
> I could not disagree more, and my partner would say the same. What was so absolutely terrible about Covid lockdowns was that the few coping mechanisms available to primary caregivers in those early months and years of their childrens' lives (cafe visits with friends, having other people visit, going to the park and talking to others, etc etc) were completely removed
now imagine you still have all those problems, but without a parner to help you (can't go out to cafe due to having to watch kids, cant talk to nonexistent partner at home, cant invite friends over because youre banned by facebook from your communities, etc.)
This lady got banned from FB in the past few weeks. There's no comparison between "not being able to participate in group chats", and "I am legally unable to leave my house with my small children to meet people".
>youre banned by facebook from your communities
It's also fascinating to hear the words people use when FB has become so deeply ingrained in a culture's social fabric. My "community" does not exist on Facebook.
I think what you're being told is that your personal dismissal of Facebook as useful for isolated caregivers (like such disingenuously reductive language as calling an entire community around, say, cancer, or sobriety, a "group chat") is more reflective of your own personal preferences, rather than any actual evidence being provided to you by the people being affected.
indeed, it's easy to dismiss a use case that you don't personally have, given a sufficient lack of empathy
>It's also fascinating to hear the words people use when FB has become so deeply ingrained in a culture's social fabric.
yep, fascinating and true. we'll have to come up with a good alternative if we want that to change
We are back to literally my first sentence of my first comment on this topic - women (and primary caregivers), are disproportionally affected by the charms of Facebook.
My wife went through a difficult personal journey around the time of the birth of our second child, when she decided to leave all social media. She decided that the benefits of this, which include a mind not addicted to the endless drip of social media, and also giving our kids a chance to live distraction-free, outweighed the disadvantages. Yes, giving up social media when your personal time is already incredibly disjointed and isolated is difficult - Facebook does provide some (at least in my wife's opinion) superficial and temporary benefits there.
>we'll have to come up with a good alternative if we want that to change
What was wrong with what we had before? That is, cohesive, in-person communities. Finding a FOSS alternative to Facebook, etc, as the solution to society's ills is, IMHO, missing the point.
I don't think there's a way for you to make your case without being dismissive of others use cases, like I've pointed out before, and like you're doing now.
For example, your post contains no meaningful suggestions for the person in the article, you just essentially say their use case isn't important and is really just a social media addiction, so I guess they should just get over it?
> What was wrong with what we had before? That is, cohesive, in-person communities.
If you have some suggestions there which would help the person in the article with their use cases, please share. Like, which specific communities exist where they live, for the same purpose, with the same friends, and without a social media presence?
Note that a lot of those in-person communities organize and communicate over social media, so you'll have to exclude those as alternatives.
That's correct, I am dismissing all use cases for Facebook. I too personally believe that the negatives (the constant drip of distraction fragments your time and ruins your attention span, you and all of the social capital you invest in the platforms are tiny cogs in M. Zuckerburg's machine, and it displaces the richer interactions we should experience) outweigh the positives.
The underlying cases are important, in fact very important. It's literally building your social life. But I personally think FB is a horrible tool to use for that.
I'm not saying it's easy. You might not get to meet the same people, or many at all. I think it's very different over in the US, as it seems your community groups are deeply entrenched in FB. But - if we think that's bad, someone has to make a start, by doing things another way.
You can disagree, and do your life as you see fit. And just hope you don't get banned from the platform that you have built your life on, but have absolutely no control over nor ability to plead your case.
Edit: A useful analogy might be - imagine a group who have changed their diet to consist almost entirely of candy samples from grocery shops. The response to those shops no longer giving away free candy should not be "but how will these people continue to get their nutrition from free candy?".
> This is what you wrote: "young families being able to socialise was considered absolutely non-essential, Facebook is as essential as you make it". I am saying that pandemic did not shown any of that.
in other words, they were correcting your incorrect statement about the inessentialness of socializing during the pandemic
Anyone saying "Good riddance! Go enjoy your life without Facebook! is missing the point
I agree. Another example: Facebook is full of support groups for different causes or issues. There are thousands of groups helping people struggling conditions like cancer or other health issues. However much people might dislike that Facebook hosts these groups, the question remains: where else can people congregate online to discuss their conditions? Self-hosting a discussion forum is not an answer: ironically it excludes thousands (perhaps millions) of non-technical users who won't know how to install a discussion forum. I wish there was an alternative to Facebook, but for now Facebook is the friction-free option.
It should be illegal for a company in the position of Facebook to hide pages behind a login, when an account requires me to submit proof of identification.
Feel free to require whatever you want to participate in the conversation, but I should be able to read my local town's Facebook page without submitting my papers.
This is heartbreaking in so many ways. I'm a trustee of a charity that relies on WhatsApp and Facebook to organise itself and a huge sceptic of Meta and keen for us not to rely on them. However, in local community groups it's hard to advocate for something because "better privacy" when the opposite argument is "everyone uses it".
Meta's tools are somehow simultaneously inclusive and very exclusionary.
> It wouldn't be good for your power company to have the option of arbitrarily cutting you off as a customer, and never giving you a chance to get back your power.
Yes, they're a regulated utility like water, power, natural gas, etc., and can't discriminate services based on political beliefs, unlike regular privately owned companies who are protected by the first amendment (in the US). Why the internet isn't regulated like a "utility" is beyond me. It clearly is as just about everyone and everything relies on it now. Just like it's very hard to live and do business without power or water, it's just as hard/impossible to live normally without the internet.
Pushing social media (mostly FB) got so bad that 10 years National Broadcasting Council of Poland (KRRiT, TV/Radio regulating body) released new set of rules concerning 'surreptitious advertising'. Rough translation:
>They should not refer the recipient to the content posted on the Internet that is necessary for their understanding of the broadcast. The broadcast of the presence of the broadcaster on other portals and on social networking sites should be information devoid of any advertising features or promotion of the portals or services themselves - we read in the KRRiT statement.
>We will react when there are elements of hidden advertising in the broadcasts when referring to social networking sites. It will not be that the sender must make the recipient aware of the fact that he is advertising a different website, but inviting to, for example, Facebook should not be common or too frequent - says Katarzyna Twardowska, spokesman for the National Broadcasting Council.
>In the event that the National Council determines that the message actually contained an advertisement, the sender will face the consequences specified in the act. KRRiT may call for the cessation of broadcasting, and if that does not help, impose a penalty. However, such issues will be considered individually, usually as a result of complaints about specific cases - adds Twardowska. - It is worth noting that the matter concerning the promotion of social networking sites arose precisely from the complaint of the listener
TLDR: If you keep telling viewers to visit FB it will be interpreted as hidden advertising for FB and you will get fined.
I agree. Imagine if all of the phone companies suddenly decided that you were a bad customer and that they were terminating your line and you weren't allowed to get a new one. It would make life far more difficult.
Facebook's properties are replacing the telephone for most people and now one company's algorithms can remove you from your communication tools because it feels like you are not valuable to its owner.
> Anyone saying "Good riddance! Go enjoy your life without Facebook!
I didn't expect anyone on Hacker News to say anything _but_ this. Even your take isn't quite right. You're saying it's all but mandatory in certain circles. Can't a person simply like Facebook for what it is?
I think part of the discussion here is the important distinction between liking something and it having a significant impact on one's life.
I like Star Trek: Strange New Worlds. The impact on my life if I suddenly couldn't watch it would be minimal. I'd have to find some other source of entertainment for an hour a week.
Whether I like Facebook or not, people in my social circles use it for important communication and coordination. Getting cut off from that would be disruptive. I would have to take active steps to insure I continued to hear about upcoming events that are important to me. I would have to convince friends to communicate using something other than Whatsapp or Facebook Messenger (surprisingly hard given it takes under 60 seconds to install and activate Signal).
> It is optional. No amount of whining will change that.
Would you be still saying this if your power, water, phone, and internet lines were permanently cut off because some random person hacked your account(s) for them?
Those are private companies, and there are certainly people who manage to live in the woods without any of the utilities mentioned, so they are technically "optional" as well. We have schooled ourselves to think of social networks as optional, but in 2022 I'd argue that they are just as non-optional as the telephone; and perhaps even more so in certain ways. (e.g. What was the last time your local government called you over the telephone? But they are probably replying to Facebook comments.)
Comparing Facebook access to a utility is pretty wild. It's more like how watching the $sportsball game is "not optional" if you want to hang out with a certain friends group.
People aren't usually banned from sportsball games (either in-person or televised) via an automated system.
If they were, perhaps you'd see more of an uproar.
Facebook is fundamentally new and different precisely because its scale is equivalent to something as large as a utility; but it gets that scale based on automated processes. Once the automated processes begin fucking up people's lives with no recourse, we should start bringing in regulations.
Your comment assumes a false dichotomy. Another option is to simply create a new account. If more people become blase about recycling Facebook accounts, it will paradoxically put pressure on Facebook to stop banning legitimate users.
At a minimum, the author should demand the return of the funds that Facebook colluded with the 3rd party to steal - even after FB was notified. She doesn't need to listen to nonsense FB policies. Those do not override law.
No, it will die the way myspace and others before it have. People are (slowly) moving to Mastodon each time this happens and eventually everyone will understand why things like Facebook don't make sense.
Your point is valid, however the bigger issue that you and likely most everyone else are not getting us precisely “Facebook's dominance” and the absolutely, classical abusive relationship the whole of society has gotten itself into with the dependence Facebook and others have created.
There are frequently discussions here about how to address the particular abusive characteristics of one of the tech companies or sector with what I believe are solutions that are too high level. It is the authoritarian, centralized planning, communist mentality that current tech for some reason devolved into that is the problem, I don’t see how more specific planning is the solution. How many more authoritarian utopias have to end in misery before we stop letting abusive people ruin things and cause misery?
What we need is what the government should only ever be doing s as it relates to this is, ensuring competition, which is done by imposing standards that prevent capture and lock-in. Yes, that is a tall order once the government is as corrupted and captured by the very corporations and sectors that are so abusive, however I believe the only way that can be addressed is precisely by pushing for keystone legislation that requires the whole industry to self organize specifications and standards and protocols that allow the seamless communications and transportation of data between systems and services, and makes all data and content the property of the creator, without extensive and burdensome regulatory requirements to transfer that ownership. We must end digital slavery!
All these issues are actually rather easy to understand once one has been able to remove oneself from the toxic and abusive relationship that effectively the whole tech sector employs with its users. It’s all there, textbook abusive relationships 101.
I would map all the common characteristics of abusive relationships to the behaviors of tech companies (or most companies theses days), but I think I’ll keep it shortish, even though I guess it may be helpful to see, for people who cannot see the abusive relationship of the tech sector because they’re in the abuse.
Just one example that is relevant to your point; controlling access to loved ones … “you’re nothing without Facebook, now obey Facebook and how Facebook wants you to speak, think, act, and even dress. I wouldn’t need to control your speak and hurt you if you would just obey Facebook”. And of course many of the Battered Wife Syndrome sufferers rationalize with all kinds of things like “Facebook only beats me (controls speech and behavior, depersons, shadow bans, etc) because I misbehave and think wrong things, and it knows better what’s good for us all” on the left or “well, it’s a private company and they can do whatever they want to me because if I want to eat (be part of society ) I have to obey because my data and access to communications is a slave that is private property”
I know several communities who happily moved off FB for discussions. They often don't care, and also heard how FB can be bad for your mental health. You just need to show a better way and help them convert.
You need a certain amount of "social capital" to do so which you won't have if you are "a Mum of two who has just moved to a new area".
Furthermore, what else is there to move to that has the same UX as Facebook but none of the drawbacks? Proprietary solutions are paid (and too expensive for casual usage - Slack's lowest plan starts at around 6 bucks/month), free solutions are going to have the same problems as FB, FOSS solutions lack the UX and care more about the tech than the UX and solving the actual problem.
>FOSS solutions lack the UX and care more about the tech than the UX and solving the actual problem.
I read this sentiment all the time here but I am not sure it's true. Element works just fine.
My family has moved from facebook to instant messaging over the years, the great thing about IM vs social media is that all IM is the same so there is no real switching cost platform-to-platform, whether you use whatsapp or matrix or whatever
Element for me occasionally says it can't decrypt my group chat messages. It doesn't exactly hold your hand through the setup, one of my non techie friends had to ask what to do. Logging in on new devices is needlessly complicated. And if you bridge Element to Slack, all element users have the element logo as their profile picture. A good example of the lack of UX polish in open source.
I agree the Matrix UX is a little rough, but I think it's more than just Element being unpolished. Matrix is solving a hard problem: it's federated, E2E encrypted, bridged to other protocols, and designed to allow multiple clients. It's much easier to have a smooth UX in a monolithic system with no security.
I don't want to defend the FOSS solutions here; indeed they could benefit a great deal from more love^Wtime spent on their UX.
It's rather that I find the facebook UI really annoying and frankly uninspired. Still looks like 2000s web design for essentially a database, but constantly trying to nudge me into doing stuff against my own interest. Not a high bar to clear.
In some ways, someone starting afresh has a greater ability to decide exactly how they are going to build their new life, than someone who is already entrenched in their existing one.
For that matter, the vast majority of people don't have much "social capital". That's the very effect that Facebook so ruthlessly capitalises on - individually we don't have much power, and formerly we would have to expend considerable effort to maintain our social position and our local community. Personally, I see it as my moral responsibility to do my very best to be an engaging and interesting person in real life, and not to contribute any of that to the social quagmire of Facebook.
Also - moving to a new area, especially if you don't know anyone, is *hard*. Back in the bad old days before Facebook, leaving your community and anyone you knew was a huge decision that was not undertaken lightly. Is it essential that we have digital tools to make that easier?
> In some ways, someone starting afresh has a greater ability to decide exactly how they are going to build their new life, than someone who is already entrenched in their existing one.
They can rebuild their life alone. They can not rebuild social network alone.
> Also - moving to a new area, especially if you don't know anyone, is hard. Back in the bad old days before Facebook, leaving your community and anyone you knew was a huge decision that was not undertaken lightly. Is it essential that we have digital tools to make that easier?
Back in the day, if you wanted to build social network, you would went to places where existing people go to. You would introduce yourself in way customary for times and place.
It used to be knocking to neighborhoods door uninvited to introduce yourself. Nowadays it would be super odd unwelcome behavior.
I joined Facebook in 2020 - immediately secured, 2FA switched on and all the settings reviewed.
I lost the account in 2021 after I made the world's dullest post about the 12V system in a Nissan Leaf. In a Leaf car group. An automatic system determined my post breached community standards and required me to verify my account to continue using it.
Fiiine, OK, I upload my driving licence. And it won't accept the upload. I try JPEG, PNG, different sizes, different browsers, different computers. Nothing seems to stick and after a certain number of attempts it says I have to wait a week to try again. After as couple of rounds of this the expiry deadline passes and my account is gone.
I created another without hassle (and still treat FB as the contact method of last resort), but was still surprised at how easily they nuked a genuine user doing ordinary things.
You are a fringe case and Facebook(or any big corporation) does not care about you. Yes, what happened was not extremely unusual, and yes your recovery methods should have worked, but for whatever reasons, you're an fringe case. It didn't work, but it's simply not worth their while to improve the system for fringe cases. The profit isn't there.
I sympathize, I have lost Amazon accounts under similar circumstances. I got so angry I stopped doing business with them for a year. But I found them useful enough I opened a new account even though I despise the company. I just don't purchase any digital assets from them anymore.
> I just don't purchase any digital assets from them anymore.
I never "purchase" (aka: rent) digital assets from anyone, unless I'm buying DRM-unencumbered open format media. I argue that any restriction outside of copyright and patent is not a sale. It is a form of a rental masquerading as a sale.
I too have been bitten by shitty hardware remotely crippled, and bad software that was force-converted to cloud crap. Never again.
If that means I stay firmly in the piracy school of though, so be it. I'm not going to be taken advantage of again.
Increasing we automate processes, have programs do the work humans once did.
It's extremely helpful and productive, but it has a darker side. The processes are rigid because machines are rigid, and the designers cater to the 99% cases.
But then the 1% happens, and you're left out in the cold.
In the old world of humans and paper, as wasteful as it was, it was easy for exceptions to be made if the clerk was willing, and if they weren't you'd find another clerk, or a clerks supervisor. The processes tended towards being flexible.
But today, you increasingly don't interact with any humans, or if you do don't be surprised if, in your unusual case, they say "the computer won't let me".
As governments move more and more towards digitization, and embrace machine learning, I expect similar stories might unfold - only it won't be with an opt in social media website.
> As governments move more and more towards digitization, and embrace machine learning
I spent a decade in the public sector digitalisation of Denmark, a country that competes with Estonia about having the most digitalisation in the world.
I fully believe we should legislate against automated processes taking decisive actions.
It’s inefficient, but what I experienced in regards to laws is that they are way more messy than anyone working in digitalisation seem to realise. We build a system that let employees report their business-related driving, in Denmark you get a tax-reduction when you drive in your own car for work purposes, and the laws covering it is basically an A4 page of tax-law that seems sort of clear. You have 3 set of taxation rates that you get to deduct from, they are meant to be used for different types of work related driving. Simple, right?
Well, it turned out that in 9 different municipalities there was 9 different ways to interpret that A4 page of law text, and, more than a 100 different union agreements on how to extend or alter the tax law for certain groups of workers.
As hilarious as it was to sit through meetings with different sets of tax people from different municipalities getting into heated arguments about who was break the law, it was also sort of eye opening for me at the time. Because we made this as an OSS project where we bought the development that we project managed. My role was part of the project management team as a code-reviewer/specifier of sorts, and all our estimates simply went out the window when we realised we really had to build all those different ways of interpreting the law, as well as making room for future alterations. In the end, it didn’t extend the project that much, I think we still delivered it on schedule but it was a very different product with lots and lots of setup required, because the different municipalities needed to be capable of deciding which rules were turned on for which groups of workers, as well as control over how the approval system was handled by everything from tax lawyers going through every submission to secretaries to RPA robots simply clicking accept on everything.
The system wasn’t related to decision making automation that couldn’t be easily undone by humans, because it was still a relatively simple system. But if that sort of complexity is what you get from some of the simplest legislation we have, then imagine what it would look like for laws covering thousands of A4 pages of text.
Dehumanisation of essential civic processes is a step towards
"cybernetic governance", and is a topic I explore in some detail in
Digital Vegan [1]. This is distinct from what most of us still call
"e-governance" in subtle ways. I am concerned that people do not yet
understand the nuances between processes that can be automated to
really improve life and where we cross the line into technofascist
dystopias that will tear societies apart.
I share an attitude with Frank Zappa here. Zappa was rather oddly
against "Love song lyrics". He said they led to poor mental health by
propagating unrealistic expectations of intimate relations.
Similarly, I think that Science Fiction has a lot to answer for. I
personally love most SciFi, but like Orwell the Cyberpunk genre was
misinterpreted as a blueprint instead of a warning, and many people
carry around disported, unrealistic and quite mentally damaged ideas
of what a "good" technological society should look like.
>I fully believe we should legislate against automated processes taking decisive actions.
There are certainly decisions that should not be fully automated. But this has very little to do with the account recovery issue we're talking about.
I believe that account recovery, and more generally proving your identity, can be done automatically with greater accuracy and far more securely than any process involving humans.
We have secure, electronic, government issued identity documents that are perfectly suitable for automation. Let's just use them! If we must legislate then let's introduce a right to prove our identity using our government issued ID.
There are other issues related to oligopoly accounts that are hard to solve. But proof of identity is not one of them.
> We have secure, electronic, government issued identity documents that are perfectly suitable for automation.
And what do you propose as a solution if your government-provided identity gets lost or stolen or hacked?
Or for people who have a hard time getting such a doc? (note: Sweden currently has a crisis because it can take over 1 year to get a passport).
Or for people who live in countries which don't have these systems?
Are you really ok with uploading a video of you holding your passport every time you want to log onto a service (see "id.me" controversy)?
Now, what might be nice is if the government used a highly secure crypotgraphic system to allow identity verification, but drivers licenses and passports aren't that.
>And what do you propose as a solution if your government-provided identity gets lost or stolen or hacked?
Report the old one stolen/compromised, get a new one, use it in the account recovery process.
>Or for people who have a hard time getting such a doc? Or for people who live in countries which don't have these systems?
This is a core responsibility of any government. It works well enough in many countries and we should not wait for the last government on earth to get its act together before using it. It can be gradually introduced country by country.
>Are you really ok with uploading a video of you holding your passport every time you want to log onto a service (see "id.me" controversy)?
Having a right to prove your identity using an official ID is not the same as having an obligation to do so. I would only use it with a few key accounts that I trust (and with financial institutions where ID checks are mandatory).
Also, I wouldn't have to hold up my passport at all, nor would I have to do it every time I log in. The platform would read the passport chip once upon registration or during account recovery and check if the picture on the chip matches my face.
>Now, what might be nice is if the government used a highly secure crypotgraphic system to allow identity verification, but drivers licenses and passports aren't that.
> Having a right to prove your identity using an official ID is not the same as having an obligation to do so.
I'm sceptical as to whether you can avoid it becoming an obligation.
You sign up for $SOCIALNETWORK. Some opaque 'bot detection' process deems your account 'suspicious' and locks it. They offer to unlock your account if you prove your identity using an official ID.
That makes it obligatory in practice, if not in theory.
I share your scepticism, but that's a political decision. Nothing protects us from bad political decisions besides participating in the democratic process.
What's happening right now is that we are sacrificing a lot for the financial benefit of corporations and for politicians' control obsession while we can't use some of the same technologies and capabilities for our own benefit.
We often have an obligation to prove our identity using a government issued ID, but we have no right to do so when we want to.
You can also read this story another way: Non-scaled manual processes have accumulated decades or generations of accidental complexities. I've seen this in the example of a central software my university was ordering to manage the records of all grades, achieved credits, registered exams and so forth. Most of this was already managed by a centralized agency (Zentrales Prüfungsamt) but every faculty had slightly different examination regulations and processes. It's not that most of these differences really provide any benefit to the students or the institution – electrical and mechanical engineering are so close to each other that there is no rational way to explain why they can't have the same length of time the registration window for practical courses is open – except that everybody is used to the way it is now and each faculty makes a stand for their right for the status quo.
And in my opinion the reason for most of the conflicts that arose is a failure of expectation management what the digitization effort can accomplish (in a reasonable budget): Software systems are cost efficient only with mostly homogeneous processes. Their development is such an expensive undertaking that it can only compete with individually trained humans when you can amortize the costs over large amount of use cases (c.f. https://xkcd.com/1319/ ).
Thus the first step should always be to get everybody on-board to give up some of their non-essential individuality. There is no need for car taxation to change from municipality to municipality. (Be aware of the reverse phenomenon as well, though: Individual needs getting thrown under the rug by systems that are too rigid or simplistic in the wrong places. See all the falsehoods programmers believe about {names, time, gender, ...} articles. TFA in my opinion is not an example of that phenomenon btw.: Facebook, like Google, is justifying cost cutting at places which obviously need trained human support, with a fetish for technological solutions.)
Of course this homogenization is not something that my parent poster would be in any position to accomplish, so this is not meant as a critique. Also I agree with EnKopVand that automated processes (or even overly rigid bureaucracies) should not take decisive actions on their own.
You should absolutely read it that way, and, you should go even further and point fingers at the legislation itself. In my decade of public service we had five different ministers of “digitalisation” (they had other titles because IT doesn’t win votes) that all put effort into making our laws better suited for digitalisation. I think we even had a prime minister get into it, and every prime minister throughout my entire life has had an ambition of making laws less complicated.
Well, let’s just say that while you’re completely correct, I don’t think we should wait for our countries to become less Kafkan, which is why I’m a fan of simply banning the automated decision making. Maybe if you hurt the bureaucracy where it matters (cost) we might actually get some officials who deal with the root cause of the issues.
>> In the old world of humans and paper, as wasteful as it was, it was easy for exceptions to be made if the clerk was willing,
One of my first jobs out of college was an account manager at a big corporation. It was an easy job. Half customer service and half sales. The guy in the cube next to me was always chided for being a dinosaur because his desk (in his words) "looked like a tree just puked on his desk" because of all the paper copies he had floating around - but damn if he couldn't find a contract six months old or an email with some promise he had made a client a year earlier.
It was his file system and it worked magically. You'd ask him a question and he'd look around and then dive to a stack of copies of contracts, come up with the right contract and let the customer know the details so quickly. Customer's loved him because he could reference things so quickly and was so sharp with conversations and notes he had taken. No problem if his laptop crashed - he already had a paper copy. He always referenced himself as a go-between the paper world and the digital world that was quickly consuming his talents.
I heard he retired a few years back - but he was the guy you're talking about to a tee. He was around during the transition to email from everything being paper. Dude still made it work, even when he knew his time had come and gone.
> As governments move more and more towards digitization, and embrace machine learning, I expect similar stories might unfold - only it won't be with an opt in social media website.
It's already arrived, in the form of the Australian government's "Robodebt" scheme: 20,000 automated debt notices per week with minimal oversight [1]. The government denies it killed people, but there are claims that it did [2]. After several years a court eventually stopped the scheme and awarded about $2 billion in compensation, but by then a lot of lives had been ruined.
My wife and most of her friends have all lost their Facebook accounts at least once. They all gave up getting them back. Many tears as most of them use it as their only photo backup for kid pictures.
At this point it’s just routine for them to have their account taken over and lost periodically.
> Many tears as most of them use it as their only photo backup for kid pictures.
Painful as that is, those of us who tend more technical should be helping people understand the nature of social media companies, and encouraging backups in whatever form is supported.
... and then helping push them over the edge to find other ways to communicate with friends, share photos, etc. "Do it all on Facebook!" was novel, 10-12 years ago. Now it's just a lack of creativity and a willingness to help add feet to the next yacht.
My girlfriend's mother had this happen to her recently. They got in and changed her password, profile picture and name. Account recovery options didn't work, and also reporting the profile as stolen / whatever option was most appropriate on the form didn't achieve anything.
I found it quite confusing as to the motivation, and seeming gap in the armour of automated bans.
As far as I know, many people get instant banned if they attempt to setup a second profile for their Oculus or similar, I assume the motivation is to get a fake account that has history to avoid this. What surprises me though is that changing password, profile picture and full name in quick succession + attempts to recover / report don't trigger this mechanism/some kind of review process.
It has nothing to do with automation and everything to do with unaccountable centralisation of power.
It does not matter what moderation scheme they use -- automated or beauraucratic, if you gift the town square to a private entity and allow access to it to be determined hy their whims you get this.
Reminds me of the rollout of Obamacare. I went to sign up on the website almost immediately. Ran into a host of errors. Called numerous times and every agent there told me they couldn't help and didn't know what was wrong. The solution: call us back in 3-4 weeks.
Another worrying trend is trolls finding minorities and insulting them using subtle slurs the algorithm is unable to detect.
The targeted people understandingly answer back (not even using slurs or hard insults - just being rude enough to shut down the person attacking them).
Once this is done, the trolls post the direct link to the comment in one of their Facebook groups (usually reserved for that purpose and containing nothing but such links and filled with oblivious fake accounts that use similar patterns i.e. "Aloph Hiller III").
They then brigade the comments and mass report them. The algorithm perceive this high number of seemingly unconnected users reporting as having a lot of value and acts on it.
In certain communities, almost everyone is used by now to have their account locked out for months long periods with some people outright losing access forever. This created huge migrations to other websites or apps.
Facebook does not responds to calls to delete the harassment groups even when people organize to try and report them - due to the fact that the trolls are savvy enough to be invisible to the algorithm.
In my eyes, this is one of the ways Facebook is bleeding users. Especially the younger ones.
One thing that may have prevented this hacking: facebook could have noticed that the primary email for the user was for an expired domain, and proactively notified them to remove it.
When a domain expires, there's a grace period, and just checking daily whether a user's email's domain is expired, and if so texting them or otherwise notifying them to change the email, would have been sufficient.
This wouldn't even require _that_ many checks since the total number of unique domains to check is probably low. 99% of all users will be on gmail/outlook/yahoo/etc, and all users using the same domain only require a single check a day for the domain not having lapsed.
The whois check for a domain literally contains when it will expire. You can do this one time (combined with an MX lookup) while the email is added.
And knowing the ASN of a domain is also quite helpful. If anything changes (e.g. geolocation of ASN or different domain registrar) you can easily force the user to confirm this while they are already logged in.
Source: I am doing this for my tholian.network products.
All I’m saying is if you’re building such a system you should be aware of this and possibly account for it with some low frequency scanning before listed expiry. Or not, if you decide it’s not worthwhile.
Alternatively you could do a whois query of the domain (and verify against cached details) before sending out the recovery email. It's probably best to do that every time the email addresses are changed or updated.
Note that some WHOIS servers (as in port 43) are hostile to automation and might block you if you’re doing it too much, although you could be paying a few cent per custom domain per month to have a service perform the data aggregation for you.
Agree, most ToS of WHOIS servers say they don't want automated queries.
In this case I think it'd be simpler to just do a DNS check, either NS alone or A/MX. Scales better. If NXDOMAIN is returned over a period of days then the domain can be flagged.
How many accounts per year do you think are hacked this way? How many accounts per year do you think are hacked in other ways? Facebook has a finite amount of engineering effort, and the effort they put in to stopping hacks probably goes toward things they expect will prevent a large amount of hacks.
I’m sorry. Meta has a finite amount of engineering? The profit margins are so thin that there is no possibility of improving service for users? That everyone is fully dedicated to new development that support for existing products can’t be spared? That Zuckerberg is so fearful of his board that he is afraid of being forced out if he lets up on the gas for just 1 sec?
>The profit margins are so thin that there is no possibility of improving service for users?
I'm saying that there are many ways of improving service for users. If we prioritize those ways, I doubt doing checks for expiring DNS would be near the top.
Based on experience, it does not seem like they prioritize ANY improvements in customer service. And until there is a credible threat of government action I doubt they ever will
Yes, they don't care. Why would they? That user probably doesn't generate much revenue, and losing them won't cause any major scandal in the press or anything embarrassing to top FB managers. I can't see any motivation for them to care.
It's just an expenditure that won't produce any profit. The technical term for this is "waste."
The only way this would not be waste is if fixing it would do something to reduce the amount of ill will towards facebook which is quite intangible and unlikely to add up to covering the costs. But who knows what calculations are being made, or how they may change in the future.
She's a mom of 2 who recently is living in a new place. Things like this are always overlooked. Let's just cut her some slack. I am a parent too, I know how difficult kids are. On that note, maybe there is a chance if she contacted someone from LinkedIn who works in Meta.
>One thing that may have prevented this hacking: facebook could have noticed that the primary email for the user was for an expired domain, and proactively notified them to remove it.
Almost any website, app or online activity that requires logging uses email based authentication. Do you think all existing web sites and apps should verify the expiration of mail domains? And what about phone numbers? A user can lose his phone number, should they verify that, too?
>Do you think all existing web sites and apps should verify the expiration of mail domains?
No - it probably wouldn't be worth it. But it could absolutely be worth it (weighing bad outcomes against amount of effort needed to prevent those outcomes) for the biggest sites with billions of users.
... especially when they won't otherwise offer recourse/support in case of rare events like this. Rare events become less rare when there are billions of users.
This should be a part of the process of ALL sites that use email/domain ownership as proof of identity. There are a lot of them besides Facebook.
Yeah, it's not currently possible for phone numbers, but that's not a reason for not doing it for domains where it is possible. It's also easy to imagine a privacy-respecting public registry for phone numbers, which only reported when the ownership had changed.
I wonder if there would be a moment when people realize FB as an organization genuinely does not care at all of their users and their little problems. They have a billion users (probably less, actually, but let's assume it for now). If they lose a million accounts, it's 0.1%. If they lose one - yours - it's so infinitesimally tiny for them it's hard to express it. Of course there's no way to handle these - it just doesn't make sense to create such way.
Treat your FB account as throw-away that could disappear anytime for no reason at all and no possibility of recovery.
The logistics of handling support for 2 billion users are kind of insane--it's a very difficult problem. I know people that work on support at Facebook at they do care about the users but it is very challenging to provide support for that many people.
Don't get me wrong, I totally believe if you somehow get somebody from FB support to talk to you, that person would care about your issues, at least to a measure. What I am saying is that for FB as an organization it is a very low priority, so your chance to get to that person would be very low, and the investment made by the organization to make that easy and to empower that person to actually deliver the solution would be minimal. It just wouldn't scale otherwise, especially with the marginal value of each user being so low. If each user's marginal value is $1 per year (I have no idea what it is in fact, just as an example), it makes no sense for FB to spend more than $1 on all support efforts for that user (actually, much less since $1 should also cover everything else for it to be profitable). How much support time and care does $1 buy you?
>>> The trick is you need to know someone who works there.
The people at Meta/FB who are in charge of this stuff have IG models throwing sex at them to get accounts restored. I'd be surprised if those guys take action to fix the account of someone who isn't making it....ahem worth their while, so to speak.
> Something similar happened to me. I had to upload photo id, then it disappeared into the block box.
I abandoned my account awhile back, but I remember them suddenly demanding a photo id for "security reasons" or else they wouldn't let me in. I just closed the tab and decided I was all done with facebook since I wasn't crossing that bridge. A few months later I tried to login again and suddenly they didn't need the id anymore.
> Facebook does have a process for getting things like this fixed very quickly
Maybe that's true for some things, but the community standard violation/restriction code seems like it's always been a mess, every fix breaks something else, every new FB feature makes it fail in new ways, and there's no real motivation to make it good (who cares about violators, right?).
I feel it's so bad because because it's been constantly patched under pressure every time media catches on something on the platform (e.g. after the livestream of the Christchurch shooting, FB started handing out livestreaming restrictions like candy for every minor violation, and to my knowledge it stayed like that until today). I honestly would love to see the code like I love to watch terrible movies.
It's so consistently and innovatively bad, and I have such a hard time thinking nobody violating CS has friends at FB, that the unmaintainable mess is the only explanation I can find.
I have an instagram account that got locked out because I signed in from a new device. The email I used to register the account 12 years ago was deleted, so I'm unable to receive the security code to unlock it. This account is also apparently ineligible to ID verification because it was registered pre-facebook acquisition.
I couldn't find anyone at FB/IG willing to help me with this. There are pictures of my friend who passed away years ago and apparently this is going to stay online forever...
Mine got taken over almost a year ago. They reset the password bypassing secondary email checks and Facebook as other peole have said just doesnt care.
I've contacted a few colleagues that work there and haven't seen anything happen.
My wife messaged the account and said at least take down the photos of our kids, and the person actually responded saying they would, so now most of it is private.
I am a white male, but according to Facebook I'm a young asian female... The background picture is still my house though.
Basically it's a story of a regular account got hacked and used for spamming. This must have happened a lot. But Facebook is so incompetent that it cannot identify this very obvious pattern:
1. A legitimate account has long history of posting organic content.
2. The account email/password gets changed.
3. The account starts doing spamming.
Seriously, how hard is it? How hard is it?
If Facebook really care about the legitimate user behind the account, they can easily get this problem fixed.
If I am wrong, please enlighten me why it is a problem difficult to solve.
I recently learned that someone is seeking to impersonate me on IG. They've created a new IG profile w/ my name, photo, etc., and now have more followers and friends than I do. They've even started to friend people within my network, and have sent DMs acting as if they are me.
Meta / FB / IG have a reporting form for when identity theft is involved, and it requires that you send supporting documents like your driver's license and a picture of you holding the drivers license. I did all of that.
Here is the entirety of their response:
"Hi,
We have fewer people available to review your request due to the coronavirus (COVID-19) outbreak.
We’re only able to review requests for the most urgent cases. This means we can’t review your case right now. Please try again at a later date. Thank you for understanding.
Tried to help out a charity that got their ad account hacked. Thousands of dollars spent. No way to get the money back from FB so they ended up doing a charge back. Can't get any response from Meta at all. Every single support option dead ends into a form that never gets a response, an unhelpful robot, or an unhelpful support page.
I know somebody whose instagram account got somehow taken over and used to post crypto scams. They asked her for a picture of her ID, she provided that, and… it’s still just crypto bullshit. No hearing back for months
Instagram seems to have a big problem with this. I know several people who have been hacked, some of whom never got their account back and just started new accounts
I think this is pretty inaccurate unless you’d be haunted by being unable to delete any profile/timeline data, ie. Education/work info and post data. Ad profiles tend to be useless after a few months, just make sure you’re actually blocking and limiting tracking wherever you can.
Here in CZ, we have a petition and organization to push local lawmakers, to make a new laws to heavily control FB behaviour.
One of their points is not complying with our laws, instead FB enforces US law or US-leftist propaganda on us. (example, perma-banning for photo of Churchill)
One of their point is from your experience, unable to contact ENG or CZ speaking person directly and solve issues.
Not entirely related, but I always like to take a moment to remind everyone to download their Google backup codes as they are the only way to recover your account if anything goes wrong.
Trying to help someone though this now. Her email got hacked and they took over everything and wiped out their trail. She’s got it all back but the Meta products, Instagram in particular. Her face is plastered all over the account and the photo verification process is failing.
Meanwhile the attackers are posting scans to her page with impunity.
The odd thing about this to me is why they have the kafakeseque option to upload your driver's license that doesn't do anything? Is this intended specifically to frustrate and annoy people? It's such an intrusive thing to ask for, why do it if you just ignore it?
Zuckerberg answered this long ago. He had a bunch of people's social security numbers because he asked for them and they gave them to him. Facebook will ask for anything they think a few people might cough up.
We're talking about the company that used 2FA numbers for advertising purposes pretty much immediately after saying they would only use them for security.
A spammer spammed through my account. I complained. Facebook cleaned it up. The next day I texted a friend and they locked my account. It was a fantastic experience. Quitting Facebook was just that easy!!!
This is one shortcoming of having your own domain. If you let it expire, there is nothing preventing someone else from recycling email addresses.
On the other hand, having your own domain gives you many advantages, including not having to fear that you'll lose your email address because a big tech company decides to ban you for no reason (which is tangentially related to what happened to OP).
So, it's a bit of a double edged sword, but can be good as long as you are diligent about renewing your domain.
Thankfully, with cloudflare offering 10 year renewal terms, things are much better these days. You could bet prices fall and go year by year but given inflationary pressures, it almost certainly seems to be a good deal to do a 1
So transfer it to another registrar. I registered one of my primary domains through them way back when they started offering G Suite for free, but after a year I moved it to the registrar that holds my other domains. It's not difficult.
I protect my FB account with a Yubikey. While getting hacked is unlikely, I still protect it, since I cherish my account and all the friends and memories are stored there. It’s a little bit of my ‘digital life’ that if hacked would be devastating for me. Unfortunately I have to participate in FB because my social life would be shit if I didn’t have an account with them. Also I couldn’t have the ambient awareness that comes with the family group chat.
This sucks to hear. Having dealt with Meta properies, they won't be interested in helping you.
I had something similar happen to my Instagram account.
A few weeks ago, I got a popup inside IG to verify my age. Not wanting to give them my real age, I set my age as 0. The popup playfully said that my age can't be 0. So I set it to 20 years and the popup got stuck. After a few taps, my account was marked as underage account and I had to send my photo id to get it back else it will be deleted permanently after 30 days.
I though about all the photos and messages in my account and while it would be sad to let it go, I reckon IG's ban was a blessing as the quicker I let it go, the free'er I would be from Meta's clutches.
In in the end, I didn't verify my account. By now, it would be wiped out by a cronjob.
---
The sooner you realize these companies(and Meta in particular) don't care about you, the better. These are all rented platforms and should be treated as such.
Don't invest too much in these platforms and if you must, invest in a personal blog hosted on your own domain.
I wish they would wipe accounts. Instead it will be kept probably forever and your backup email will be spammed forevermore. I started creating an account more than a decade ago. Maybe entered my birthdate and university and stopped. I get so many facebook emails and cannot stop it and I never used it. I don't have the password to recover and im sure it would be flagged if i tried.
I think it’s even worse than that. I’ve been locked out of my Uber account for years, and that is not an ad based company. It’s just that at a certain scale , it’s not cost effective to handle edge cases.
Instead of assuming they don't care about you, assume scale and sometimes incompetence. Things happen, people are striving to be better, but scale comes with pain sometimes, sadly.
At sufficiently large scale, there'll be people who have bad experience with the platform. The teams are always working on improving it, and security of accounts are obviously important, but sometimes things go wrong for some unforeseen circumstances like in this case.
No, you should definitely assume they don't care. As soon as they can no longer extract profit from you, the economic incentive for them to care simply vanishes. To believe otherwise would be completely foolish.
If you want to put a positive spin on things, you can assume that their intention is to not let spammers overrun the platform, or kick off legitimate users, as a matter of protecting their brand integrity. The costs of being 100% effective at this are prohibitive due to diminishing returns in any such enterprise. Within the organisation there are probably a great many people who would love to help an embattled user, trapped in the Kafkaesque nightmare of having to deal with the corporation. It's just a matter of jumping up and down and screaming loudly enough. You can chose to see that as a positive example of the kindness of humans, even humans who work in gigantic corporations, or you can chose to see it as an example of offloading costs on to the consumer to protect profits. Tomato/tomato.
Scale is an excuse used by corporations to get away with whatever they want. Blaming things on scale is exactly equal to calling your customers a mere statistical data point.
"I'm sorry, we through your meal out the window, but 98% of the current customers dining in got their meals successfully. Here's a website with no contact info to help recover your meal."
If these "scale" corporations like Amazon, Facebook, Google, and the ilk actually cared about their puppet customers, then they'd go read the work by Stafford Beer and other complex systems thinkers and learn how to take care of unhandled variety rather than creating it behind the excuse of scale.
This would mean that automation is built for trust, not for "don't call us anytime".
Everything facebook so far has automated when it comes to customers is actively helping scammers taking over accounts more easily, rather than helping actual real people that are who they say they are.
But, facebook's incentive is ad business, that's why things like this will never get prioritized.
> There are FAR more non-ads people than there are ads people.
Not to be terribly facetious, but ads pay the bills. I'm not aware of any significant money-making ventures Meta is involved in outside of ads. In the end, that makes all employees "ads people". All ventures, projects, features, enhancements, and bug fixes are to serve the ads machine. Unless, of course, there is legitimately a new market opportunity that will create revenue without ads.
Even the Oculus arm of the company is really just a new platform for ads in the end.
alpha_squared: that's a little too much extrapolation. people outside of ads don't really care much about ads, to the point i find kind of annoying (i am in ads).
non ads teams in general have non-ads metrics they care about more. obviously revenue is being kept in mind, but it's more of a guardrail and not the goal (for non ads teams).
> Instead of assuming they don't care about you, assume scale and sometimes incompetence.
I think we do assume scale when we pass harsh judgments on large corporations.
At sufficiently large scale there will be employees that just don't care about their users. It doesn't mean every individual at Facebook is like this, but Facebook as a corporation, and a certain percentage of employees, do not care about the users. That's not to cast judgment on you or your team, I believe there are people who genuinely try to help at all corps :)
Unfortunately, like you said, the reality is that as the scale of a product increases the quality will decrease on both sides of the transaction for some people.
Of course, there will always be someone who won't care about their users, it's inevitable. But knowing how sausage is made, there are different trade offs when it comes to authentication...
I was at google before here, and things there are much much more stricter to the point where even an internal employee cannot do much help for themselves [1] as it happened to me with my own account. That's also not good. Things do get better, but they probably have different trade offs.
I am not sure if "scale of product increases quality will decrease". I remember twitter fail whale, and seeing it constantly, I remember android bugs from google, I somewhat remember fb's own issues (but this part is fuzzy as i have been a very light user - twitter is more my jam vs fb). Also early on internet was cleaner, spam and fraud was less, crypto money scams were nowhere to be seen at the time. So i'd say things actually got much better, maybe "attention to detail" diminished, which i guess i could see.
There seems to be a loose consensus (which I agree with) that takes a bit of a dim view toward patronizing a company (any company) where the scale is such that there’s no effective relationship between the company and non-paying users. I think that’s probably a better way to capture and elucidate the sentiment than “scale goes up, quality goes down.”
There’s something to be said for being able to get support for issues from a human being who is empowered and resourced to solve your issues amicably.
It makes a huge difference. Since I’ve worked hard to rid my personal and professional lives of non-paid services and all social media, I’m just a happier and more consistently productive person.
I think this is fair. Part of the issue is as the number of users increase, the support staff has to increase, which in turn would increase the "attack surface" where a support staff might go rouge etc, and cost also increases probably super-linearly.
Google took the opposite approach and delegated everything to automation, which had other problems.
Being a paid user also probably helps with contractual side of things, but ianal.
Everything here is my personal opinion if it weren't clear.
I think future tech like Kilt protocol would go a long way to helping solving this problem. But I think generally there is a lot of solution options such as KYC processes that could take steps to solve it, some countries would perhaps be easier than others to solve initially. Is there not a team/ think tank working purely to solve these types of problem?
Solving this type issue should matter most above all, its the grass roots of users that's made FB what it is.
Try doing KYC and people will go bonkers(americans in particular).
I personally don't give out my passport info unless i absolutely have to. IRS recently implemented this id.me id verification thing and I only went through it because i had to.
Also people use Fake Ids all the time. Even when you present an ID in person, it would be somewhat fakeable.
Imagine now doing it over laptop camera, with tech like deep fake it will get even easier eventually.
In my IRS case, automated system couldn't get me verified, so i had to wait i forgot how long to get to a person who just said "yup, you are you" and had other limitations and probaly would quickly run into scale problem if it were peak times or peak use cases.
If most people having no recourse to a problem that they face is just a problem of scale to the company, then may be the company doesn't deserve to operate at that scale.
"Assume scale and sometimes incompetence" means basically the same thing to me as "they don't care about you." In either case, it's "we're okay with not making things right for a number of people who have done nothing wrong."
If a company's answer to 100K of its users having insolvable problems is "it's scale, deal with it", maybe that company has no business being so large. And yes, that applies to Google and all the others as well.
I don't know if you can really say that for a social network or a search engine. They naturally grew due to their network effects.
A weird analogy would be saying "US should have no business growing to 300M if it has XM people under poverty level". Sure it should strive to do better, but doesn't mean that number can reach to 0. Sorry i couldn't think of anything else close to a billion users with systemic problems that's not a bigcorp so had to use government.
But I do know people who have designed systems to make it more difficult for those 0.01% of people to contact a human or get anything done about it because that increases their profits.
Okay, maybe you're fine that some amount of people are just collateral and the system is not going to be adjusted to minimize that because there are other priorities (eg. meta's share price).
But when people need to spread their wings and fly off in to a fantasy world in order to pretend that isn't happening, then it's probably not going to end well for them / be conducive to their mental health in the long run.
Shit happens, indeed. The question is what recourse there is when shit happens. Usually, one would contact the company and figure things out with a support rep, if the company is any good. In facebook's case, that's virtually impossible. And that is pretty much by design.
You most likely care (otherwise you would have stayed out of this thread). But when the recourse for many users are getting their issue on HN, it’s difficult not to draw the conclusion that Meta on an organizational level doesn’t care.
Or rather: It’s value-based customer service. If the monetary value of fixing one user’s issue is less than the lifetime monetary value of keeping them as a user, then fixing it is a net loss and so it shouldn’t be fixed. When a user gets their issue on HN, the calculation changes.
"...there'll be people who have bad experience, unfortunately". The bad experience is the frustration of a kafkaesque process that dead ends with an ID submission form without the personnel infrastructure to actually support it. It's there to shrink from saying what you just said. You shouldn't need to come to Hacker News to get the real answer.
If you get more and more users do you say sorry, we are an exclusive club of 2m[1] we won't let you have a chat/group/event with your other friends who were late to the party.
That sounds wrong.
[1] rando number, large enough to brag about probably small enough to have easier support problem
Scale is multi-dimensional. It's not just a question of user base; there's also all the different features they have added over time as well that they have chosen to dedicate resources to. Also, support has cost, and putting service as a key feature of your brand often means sacrificing margins.
I have the opposite problem: there are more and more profiles on Facebook and Instagram that impersonate me in order to scam people. However, Facebook does not delete them even after having the profile reported by multiple times by different friends. This week, scammers even setup a fake Instagram profile to impersonate my mother! It's still online despite having been reported by half my family...
Get in touch with an attorney and see if there's potential to sue for libel or some other law (I assume using one's likeness to advertise scams must break some law).
Big tech scum responds very quickly when it comes to legal issues.
> "Thank you to the 5 lovely people who work at Facebook and reached out using their personal email. My Facebook profile has been unlocked! This post had so many views via Hacker News (thanks to my husband for sharing there) [...]"
Which, in some sense, is an even bigger problem than the profile getting locked in the first place.
To use the analogy from the top comment here: it's like a monopoly power company cuts off electricity for individuals all the time on frivolous cause, but this is ok because very, very occasionally, you might post something at the "Forum for PowerNerds", and on the off-chance it gets high enough visibiliy, the nerds may manage to put some insider pressure and get the odd account reinstated.
No. Screw this. The more people turn to solar in disgust, the better.
I used to work in facebook HQ in 2013/2014, and even had selfies with Zuckerberg as a profiled picture. My account got banned in 2020 without any reason. Because my story didn't reach top at hackernews, nobody was able to help, including my friends who still worked at facebook (although only lvl5-6 engineers). Should I mention that my ads money and Oculus games also lost? All my old pictures which I stupidly didn't backup, all my business contracts as well. But yea, bravo Meta. Happy to share any profs if hn needed.
I simply cannot fathom why “we” can’t pressure Facebook (or Google, or Twitter, et. al.) to add a public-facing department to handle this sort of thing. My wife lost her Gmail account, despite my efforts to get it back, and it’s stupid that there’s no way to contact someone, and intervene in these completely obvious account takeovers. And I hate to say this, but I hope that this person does NOT get any satisfaction in getting their account back. These kinds of posts usually end in someone at the FAANG taking notice and fixing it, and it’s a slap in the face to everyone else that doesn’t have a similar online presence, and can’t raise their personal problem to visibility like this.
Exactly the same attack happened with me about a month ago, also with expired domain name and recovery email associated with it. Fortunately I also had an active phone number assigned, which I believe ruined hacker’s attempt.
Funny facts:
- the domain was registered at the same date as attack happened
- attack happened from Hamburg IP and Android phone. This data was in my reset email from FB. This was true when I stopped using FB 5+ years ago.
- domain registration costs money, hence success rate of such attacks should be rather high
- since I stopped renewing this domain, it was registered by one more entity. According to archive.org with just some ads.
Take care folks, remember about your expired domains.
I mean - the real problem here is that companies want to offer products to a billion+ people without actually offering any kind of support - which is a direct result of trying to offer a free product for the base level user.
They could unlikely profitably offer the level of support that would be needed to engage with users in a reasonable way.
Never forget that the user is not the customer on Facebook, they’re the sucker who is psychologically manipulated in whatever way possible to be addicted to the product and engage in ads.
So sad to hear about an experience like this, for this reason, is very important to secure your accounts with 2FA (two-factor authentication) even if your password or email will get compromised they still won't be able to access your accounts with a specific code. In your case, they used 2FA for preventing you to access your own account, it's ironic that the 2FA system that was created in order to protect users is used to prevent them to access their accounts.
Can this problem be prevented/reduced if sites that use mail addresses for verification somehow checked the SSL certs of those domains?
Rather than just checking that the person can prove that they own the e-mail address, the standard should be that the person controls the e-mail address, and that e-mail address itself is under the control of the same domain owner as it was a the time it was registered.
But certificates expire, same as domains. You could verify S/MIME or GPG keys for email ownership (though they expire too!) but I don't think any normal user is going to bother with that kind of setup.
This situation is really terrible for the author but at the same time I don't think Facebook did anything wrong initially; both can be true at the same time. Of course, Facebook should have a human revise their case (they probably won't do that) but Facebook shouldn't be liable for checking for expired domains. That's a responsibility you take on when you buy a domain and register accounts on it, and checking what accounts are registered where before letting the domain expire is the responsibility of the author.
The issue of who owns the email address is besides the point. The author can send a copy of their ID to Facebook, who can verify the data on the account before the takeover. She can probably even point out the exact date of the takeover by looking at when the domain was te-registered. The problem is that realistically, Facebook won't do any human checks and her account will be deleted by their version of Skynet because it wasn't built to handle honest mistakes like these.
Sorry this happened to you Emily. This is unfortunately a common thing. Facebook is a soulless corporation and always has been. They've never given a fuck about the users who are just cattle to them for their marketing machine. Seen posts from FB banning devs too with no justification and blocking them from their oculus app purchases.
The fact that the only way this issue is even remotely getting looked at is because of an HN post that an FB staffer happens to see is ridiculous and businesses shouldn't _even be allowed to operate_ at the scale FB does without having a process of recourse in place for everyday users
This sucks balls. Sorry.
I had similar things happen in the past with Twitter and Google.
The problem with these giant tech companies is that we are products, not customers. And so because of that, they don't give a shit.
Hope you resolve it.
There's an important meta-lesson here. You should check all your expired domains to make sure any email address using them wasn't involved in a data breach! And review your backup email addresses on everything.
> Let people manage their account keys just like they manage their home or car keys.
The loss rate of those (especially car keys) is pretty high and losing them usually requires an expensive lock replacement. Is that what you were going for?
It happened to me that Sony leaked a large set of data and my account got hacked into. I have lost access to my PSN library and no way to appeal as I 'violated community guidelines'.
> I had forgotten that I’d setup emily@happytreepose.com as a recovery email on my Facebook account. I switched across to a more current address 10 years ago, and didn’t think that it would remain active.
At least FB locked out the account after actual, provable abuse unlike Google that just locks people out randomly without actual cause (as heard about daily on the internet).
Anecdotally in my geopolitical region FB is pretty close to abandonware. The only people i know use it are elderly folk who got into it to keep up with grandkids pictures etc and the odd nutter screaming into the void.
Instagram and WhatsApp are still very popular though. WhatsApp requiring a critical mass to make it endlessly compelling for users. Lots of the techy people i know tried to remove themselves from WhatsApp for signal but they've come back lately as its impractical due to poor adoption.
Would be interesting to know how their monetisation share between IG & FB is split in different regions. As much as I hate adverts in general i even find the IG ads useful from time to time; especially the hyperlocal targeting.
>1 The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
>2 Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
The problem is that it'd require a lot more effort than that. Not only do you need the two people, you need the content teams to make sure users who are hacked can find information about how to contact the right people, you need devs to build tools for the two people to investigate and "unhack" compromised accounts, you need processes to make sure attackers can't compromise an account by falsely claiming its been hacked, and then you need all the usual things around managing those two people like HR, line management, review, hiring, etc.
Adding people to an org, even one as big as Meta, is never a simple process.
I, too, had my Facebook account compromised last week.
My account of 15 years that I'd grown up with: a couple thousand friends I'd connected with travelling the world, 90% of my day-to-day comms, a decade and a half of photos and memories etc.
The part that hurts the most is that I've lost countless photos of and messages from my father who passed away a few years ago. Pretty heartbreaking.
To those who would mock me for being so invested in Facebook, I'd point out that I'm 27: that is to say that I entered my teenage years just as Facebook began to take off. In retrospect, it's obvious that Facebook is evil and doesn't give a shit about their users, but alas, at the time it wasn't so clear to 13 year old me (nor my peers) that we'd risk ending up in a Kafkaesque nightmare.
Interestingly, the only conclusion I can point to as to how my account was compromised is that my session data was somehow compromised, allowing the attackers to enter my account without having my password or access to my email which served as 2fa. Apparently Facebook auth related 0days are quite common due to their incentive to keep you logged in and their lackluster security.
In my case, they didn't change my password as they didn't have it, instead they were simply able to log in and add a secondary 2fa (a hardware key) which effectively locked me out so I couldn't declare something was wrong. Pretty smart.
From there, as I understand from my research, they immediately proceed to get your personal account banned so that you can't recover your Business Manager (advertising) account, which is what they're after. It looks like I was banned within 20 minutes or so of the attackers gaining access.
Worryingly, I've read that the way they get you banned so swiftly is through uploading CSAM/terrorist content, which results in an immediate ban and potentially a notification to law enforcement. I'm guessing this is why accounts are seldom recovered when attacked in this way.
On the support front, I've had a similarly frustrating experience trying to get help from Facebook — from searching here on HN and across various blogs & forums, there seem to be two methods of recourse:
1) The mysterious 'Oops' internal ticketing system at Facebook/Meta[1] for friends and family. This allows your case to be viewed by a real human, and from what I've read leads to it being restored within 24 hours.
2) You buy an Oculus and use the serial number to raise a ticket with Oculus support, which gives you the ability to submit evidence and have your case viewed by a team at Facebook (hopefully).
I own a Rift S, so I was able to go the 2nd route, but it's been close to a week now and I haven't seen any results nor had a response.
So yeah, it's pretty bleak. Despite my account being banned, the attackers are still setting up Facebook Ads. I get multiple emails every day that new ads have been approved for their scam stores. Salt in the wounds.
Note this article[2] I came across of a similar attack a couple of months ago. I reached out to the author on Twitter[3] to see if she'd had any luck with recovery, but alas she had not, despite raising several tickets at Facebook.
So, sadly it looks like we're fucked, although I'd be glad to be wrong.
> In my case, they didn't change my password as they didn't have it, instead they were simply able to log in and add a secondary 2fa (a hardware key) which effectively locked me out so I couldn't declare something was wrong. Pretty smart.
That doesn't really checks out to me because to make any changes to 2fa in FB, you must provide your password first.
> Eat the humble pie, make a new account and start again.
You're assuming it is possible to make a new account. My son got banned from facebook for replacing his profile picture with an animal. He's tried a few times to make a new facebook account using his real name, each time to have the account flagged and banned within 10 minutes.
And there seems to be something about uploading a copy of your ID to verify the account. Since he has done that, the bans are tied to his ID.
I'm not saying my son is a computer wizard, but he has built his own machine and set up crypto mining. So not a total novice.
This problem, namely bazillions of ways to get auth wrong, is solved by Web3.
I really don't get why everyone here hates it.
Edit: Yes, I meant that login is tied to your wallet. This can be a hardware wallet, so it's very difficult to have it attacked, can be backed up, never expires, etc. This auth mechanism removes _tons_ of problems with existing web sites & giant corporations. But I guess most of you work for them, so have fun mocking people who are not like you :)
To the extent that web3 is even well defined, no it absolutely doesn't. The blockchain space right now is rife with scams and people getting stuff stolen from their wallets. At best it makes it harder for the average user to understand how to be secure and at worst it changes this scenario from "I lost my facebook account" to "I lost control of every asset I own and my entire identity".
yeah for auth is a blockchain even required? it's pretty much just asymmetric crypto at that point isn't it?
I think the 'web3' way would make it worse wouldn't it? like metamask relying on centeralized service to query the blockchain
I guess a real benifit I could see would be being able to use a blockchain to revoke your keys somehow but that's not how metamask and web3 stuff seems to work right now
Indeed that is possible, the problem is all the greedy corporations that want to suck all our data, so they can't simply trust the signed messages of Metamask and want instead to implement layers of poor software for their profit
oh i mean, identity/authentication alone doesn't make profit right?
The problem with using PK cryptography is that if you lose your keys, you'd be locked out.
Then we would probably have other key schemes M-of-N etc or social proof to compensate for the problems with single-key PK, which then has other problems.
Metamask relies on whatever RPC you give it, including your own node if you want
The asym crypto is enough for proper authentication, but decentralized apps generally are built to use it, without relying on centralized data. A message signature being verified by a stateless service is all that is required
Could do without web3, but the practice of predatory web giants and smaller startups is to exploit the users so they don't do that
All the web3 or crypto hate if you prefer is a very strong bias in this site. There are no real arguments, just that it is a scam or whatever. Is asymmetric crypto a scam? Is Leslie Lamport an idiot and nobody needs decentralized computing?
You just name dropped web3 as a solution without having any explanation about how and why exactly would it help and now you are complaining I'm not being helpful? You serious?
The problem here is that the user had their own domain and lost it. Obviously the analog here is having their own wallet and losing it, in which case they're probably more screwed rather than less.
Run out of time is a little more accurate, and a failure mode that Cannot Happen with crypto, though. Steps can be made to make your wallet impossible to lose, but not your domain.
Technically true, but if you lose your key and don't have a backup, or forget your password, you're stuck; there's no recovery process (except brute force, which doesn't work on secure passwords), by design.
> Thing is I’m a Mum of two who has just moved to a new area. Facebook groups have offered me support and community, and Mums I’ve met in local playgrounds have added me as a friend so we can use messenger to plan playdates. Without these apps sadly my little social life becomes a lot lonelier, and harder.
This is the pernicious effect of Facebook's dominance among social networks added to their policy of poor support. It's not really an "optional" social network if large swathes of your social circle have started using it for essential life functions, it's more like a utility and should be regulated like one. And no, telling all the mums at the playground about how Facebook's ban policies are bad and we should all use the Fediverse instead is not going to work for the average person. If anything, it's more likely to mark you down as one of those weird parents to avoid.
It wouldn't be good for your power company to have the option of arbitrarily cutting you off as a customer, and never giving you a chance to get back your power. Similarly, we should regulate Facebook to the point where they are exposed to genuine regulatory consequences for disrupting people's lives.