The real problem is that companies do not offer any accessible, powerful, and intelligent customer support. Even if they have real humans to talk to, they simply follow a script. Those agents do not have the ability to investigate a situation or the power to use their discretion to take meaningful action.
We should impose, by law, the following rules on all companies that offer accounts to their customers.
1. If they block/ban/close/suspend a customer account they must provide habeas corpus. Explain to the customer the policies that were violated that resulted in their account being terminated. Additionally they should be required to show the customer the evidence that led the company to make the decision.
2. They company must provide an accessible live human appeals process. The human they appeal to must have the discretionary power to investigate and make a common sense decision even if it contradicts policy. This process currently only exists for people who are capable of making a lot of noise in public. How many people lose their accounts and suffer harm because they are incapable of getting attention in public? It needs to be available to all customers with a simple phone call or email. It must also be required to make a decision very quickly, 24 or 48 hours at most.
3. In the rare case that the company still makes an unjust decision, there must be a quick and accessible legal remedy. Establish some kind of small claims court where it is cheap and easy to file without a lawyer, and where cases can be heard and decided on short notice.
I previously worked in fraud/risk at a major ecommerce platform. On my biggest day I closed 60,000 accounts. In one day. I knew other agents who'd done 10x that.
The scale of this work is unfathomable to those who have only been on the consumer side of it.
#1 is doable but would destroy our ability to combat fraud. "Here's how not to get banned next time" is not an email anyone in this space would consider sending.
#2 is simply impossible. Fraudsters consume every available resource you can put into the appeals process. This is their full time job, they can afford to call repeatedly, all day long, until they find an agent they can trick. Regular users won't benefit.
#3 is what small claims court is already for. We should make this easier, I agree.
> I previously worked in fraud/risk at a major ecommerce platform. On my biggest day I closed 60,000 accounts. In one day. I knew other agents who'd done 10x that.
> The scale of this work is unfathomable to those who have only been on the consumer side of it.
> #1 is doable but would destroy our ability to combat fraud. "Here's how not to get banned next time" is not an email anyone in this space would consider sending.
Just imagine laws would work that way.
> #2 is simply impossible. Fraudsters consume every available resource you can put into the appeals process. This is their full time job, they can afford to call repeatedly, all day long, until they find an agent they can trick. Regular users won't benefit.
That argument doesn't pass the smell test. Apple makes more profits than the scammers whole revenue, so just from a resources standpoint Apple could starve them. You just need to make the process so it can't be easily automated (e.g. require going into an apple store with your ID)
> #3 is what small claims court is already for. We should make this easier, I agree.
So in #2 you say it would overwhelm the process and now your argument is that essentially the public should pay for the process?
If small claims courts can deal with the issues than why can't a trillion dollar company.
> > #1 is doable but would destroy our ability to combat fraud. "Here's how not to get banned next time" is not an email anyone in this space would consider sending.
> Just imagine laws would work that way.
This is how "tipping off" law often works in practice.
As a support agent you often lack full visibility into the treatment or history of the person on the other end of the phone, especially if they're a bad actor. You can't tell them what is or isn't fraudulent behaviour, or what might be construed as such.
But the quote "Here's how not to get banned next time" is rather factitious. It's in fact "we will not even tell you why you got banned".
I don't know what you mean by "tipping off" laws mean, but certainly if you get given a penalty in law (e.g. you get judged in court), you will be told what you have done wrong, and shown proof of it.
This is not what small claims court is for. You can go to small claims court and successfully convince a judge that Apple or Google or whoever owes you $500 for shutting down your account. You cannot go to small claims and get a court order that Apple must reinstate your account.
That is something that laws can (and should) change. It doesn't have to be small claims court, it can be "big tech appeals court" or whatever.
It's very interesting and helpful to get your insider's perspective on this. I believe that the issue cannot be understood by people sitting on the outside who have no idea about the nature and scale of the fraud attempts.
Still, from your perspective, do you have any opinion on this particular case, other than "you can't make an omelet without breaking some eggs"?
Saying #1 and #2 are not possible or not likely is not a good take, in a world where our digital accounts take more and more a central place in our daily lives. It may work for autocratic societies, it won't cut it for democratic ones: imagine if our legal systems were that irresponsible to us collectively and individually?
Why not introduce friction on both sides, like: 1/ just face to face, physical meeting? 2/ or a basic (paid, yet reasonable) insurance that account management doesn't happen over the shoulder?
If you don't have the resources to treat your customers like human beings instead of like cattle, you shouldn't be in the business.
Can you provide any insight into the logic of closing an account that tries to activate an already redeemed gift card?
I’ve tried to come up with some strawman explanation but I can’t see it.
Since you asked I will share some wild speculation, but to be clear I don't know how Apple's fraud prevention works.
Gift cards are the currency of modern confidence scams. Accounts that redeem a lot of high value gift cards are suspect for that reason alone. Buttfield-Addison makes it sound like this is common practice for him, so his account may have been on a shitlist already.
Apple may be so sensitive they'd close a suspect account after one failed redemption. It's also possible that card was first redeemed by an account that was closed soon after for fraud, and Buttfield-Addison's subsequent attempt linked his already-suspect account to the fraudulent one resulting in automated actioning.
Again, this is pure speculation, and is not meant to justify Apple's actions.
But it seems like it should be clear that the account that failed to redeem the card is, if anything, the victim. No?
I could see doing a lot of card redemptions as a flag, but then I think the next step is "what are they spending the credits on?" I could see a scam where you launder cash by turning it into cards, and then buying shitty and expensive apps. Thus paying apple 30% to clean money for you.
How many of those 60,000 accounts had made ten of thousands of dollars of purchases over decades?
The comment I responded to offered no such qualifiers.
To answer in general, aging of accounts is common as is synthetic credibility-building activity. There are marketplaces where you can buy sets of years old accounts with activity for every major platform. Anything you could come up with would either be so stringent it would exclude most users or be easy enough to become a target for account sellers.
To be honest this is why I got out of the space, it's sisyphean.
But 'it's hard' is not an excuse. If it is not possible to honor the contract that you create with the user because of fraudsters, then the user should not have to abide by it either.
The situation is pretty dystopian, but as you point out I think most people upset about it are not willing to face the realities of the "80/20" (more like 99/1) split of fraud v.s. legitimate mistakes. Patrick McKenzie has a good article about the tiers of bank support[1] that makes the point that even though the experience of tiered support often sucks, it's essential to making these financial products widely available. Without the dystopian support structure you couldn't have things like widely available credit.
Most megacorps do suck - and also it's probably true that the lack of customer support is necessary to offer the products they offer at popular price points. People just don't wrap their heads around the scales involved, generally because the exact numbers are proprietary.
[1] https://www.bitsaboutmoney.com/archive/seeing-like-a-bank/
> #3 is what small claims court is already for. We should make this easier, I agree.
Small claims won't help you to reinstate the account. You _might_ get money for your phone back.
And a real court? You signed away that right. It's arbitration for you.
Yeah, I managed a major service back in the day and I can confirm all you say is absolutely correct (except maybe #3, but that's legal).
One thing I do not understand however is why wouldn't companies offer paid appeal process perhaps with refund in case the termination decision is indeed overturned. I would gladly pay $100 to have my Apple/Google/etc account properly reviewed in order to get it back once it is inevitably flagged by yet another AI. Seems like win-win all around.
Imagine if banks worked like that.. it's "difficult" to scale is not an argument .
These companies are critical to people's livelihood in 2025 and they should be treated at such. Many people rely on them for their life, they store sensitive information and control communication.
I'm of the opinion that if a business can't provide adequate support at scale, then it should either stay small or cease operation.
Dealing with fraud is your issue and part of your business, not citizens.
> Imagine if banks worked like that..
I'm sorry to inform you they work exactly like this.
https://web.archive.org/web/20231105205756/https://www.nytim...
Your post reads like an admission to me that the system is broken. Real persons need real recourse, especially if an adverse action has major impact on their lives.
Could it be that fully automated payment processes are just so fundamentally vulnerable that their very existence needs to be questioned because of how overwhelmed they get with fraud attempts? I'm deliberately being controversial here for the sake of discussion.
That is an accurate reading of my comment, and I have asked myself the same question.
isn't #2 a legal requirement in the EU?
Usually I'm not a big fan of legislation, but in this case I completely agree. Companies unilaterally taking away anything you've paid for is effectively no different from theft, and ToS shouldn't be able to escape that. Or even if it's a free service but it's something you've built up value in -- a history of photos, messages, emails, etc. -- it's similarly effectively theft.
I agree there absolutely needs to be a form a habeus corpus here with arbitration to hear from both sides. And what's more, even when an account gets shut down, an export of all data must be provided, and a full refund of the purchase price of any digital licenses/credits still active. So even if a spammer takes over your account and Megacorp isn't convinced it wasn't you yourself that decided to spam, you still don't lose your data or money spent -- it's ultimately just a (very big) inconvenience.
> Usually I'm not a big fan of legislation
Corporations need to be heavily regulated. They won't just do the right thing for its own sake.
https://www.simonandschuster.com/books/The-Corporation/Joel-...
I mean obviously that's what things like environmental and safety regulations are for, as well as things like antitrust. You have to set the "rules of the game."
I just mean that otherwise, usually competition ensures good outcomes for consumers, because the corporations that produce bad outcomes go out of business once consumers catch on.
But there are definitely exceptions, especially around rare events that are difficult to foresee or that can't reasonably be expected to be part of product comparison. The likelihood of your account being shut down without recourse and losing things you've paid for falls into that category perfectly. Predatory surprise fees with things like credit cards and bank accounts, and that change without warning, also fall into that. Also minimum warranties, since consumers can't easily inspect quality on the inside of a product.
> Usually I'm not a big fan of legislation, but in this case I completely agree.
Yeah, I mean it's just basic rules of commerce, not very different from laws about false advertising.
As it happens, in the U.S. consumer protection policies always top the lists of policies with the most bipartisan support.
Legislation is how we hold the powerful to account, ideally. It turns out, when people have billions of dollars, sometimes you have to stand up as a society and tell them "no".
The real real problem are shameless shitheads that will abuse anything to any length the run scams or malware distributions.
"Yes support tech, please understand my child just died of cancer and my wife in a car accident last week and the only pictures I have of them are on my bitcoin4free@gmail.com account!"
Google probably also bans thousands of accounts a day. And suddenly every single one of them needs a full human appeal review. Because jamming up the system is (short term) beneficial to these shitheads.
Dealing with fraudsters should be baked into the cost of doing business for these megacorps. A smaller business couldn't get away with this kind of "support". The largest companies should be held to the same standard.
The only way this is going to change is if shareholders hold executives accountable. Consumer protection regulation with real "teeth" that impacts the bottom line will bring angry shareholders to the table very quickly.
Then you better be prepared to pay for it, and still expect cases where things go wrong.
The problem with having support dealing with problems like this is that fraudsters will figure out how to manipulate it, while honest people will still encounter these problems. The easier you make it for honest people to resolve these disputes, the easier you will make it for fraudsters since it would involve yet another avenue for them to exploit. Plus the whole process will become more expensive, which someone has to pay for.
This is exactly how SIM swapping scams worked.
Scammers would call into Teleco customer service with panic and tears to trick the support person into moving your phone number onto their device, and then they drain your SMS 2FA accounts.
> Dealing with fraudsters should be baked into the cost of doing business for these megacorps. A smaller business couldn't get away with this kind of "support". The largest companies should be held to the same standard.
It is already baked into the costs in business models of big companies. And they are pretty good at it, actually; we’re talking about one high-profile case, and it’s not the only one, but it is rare enough that such stories are still newsworthy.
The standard that people want, though, is absolute certainty: zero errors that affect real customers, a 0% false positive rate.
The scale is in fact a challenge. If a small business has a 0.00001% false positive rate, they will affect approximately zero of their customers. For Apple, managing billions of accounts, that same false positive rate would affect hundreds of real customers every day.
IF it happens to a high enough profile person that we can all hear about it, it's certainly happening to far more not high profile people we never hear from. No one wants absolute certainty. We want less corporate fuckery.The scale of the challenge is not an issue for companies worth trillions of dollars except that they don't want to spend a meaningful part of those trillions to deal with the challenge.
Apple is worth trillions of dollars. Just treat it as a business expense.
https://www.bitsaboutmoney.com/archive/optimal-amount-of-fra...
I can't even get into my Google account even though I have the username, password and recovery email, and all the emails are CC'd to the recovery email, because Google turned on 2FA without any notice and it needs a text from a number I no longer own.
I have access to the recovery email for a secondary google account but it didn't have a phone number attached so I lost it when they turned on 2FA.
Normally I resolve these things by buying all the executive phone numbers and working my way through the phonebook, but Google is the one I've had no success on with this so far.
Any tips on how to do this? (Facebook in my case)
I've been using SignalHire the last couple of years since the other providers I was using got bought up. There are better companies though, they are just more expensive.
Thank you
I wasn't using it for much so I just took it as a warning I should get off my ass and de google.
... which hasn't happened, but maybe once every 3 months I move another service to logging in with an email on my personal domain ...
I recently ran into a situation where a service I absolutely must use and has no alternative (think government provided service) would only accept a Gmail domain for registration. Any other domain would fail registration with no useful error message.
This really shouldn't be allowed in this day and age but I'm effectively powerless to change it. DeGoogling is hard.
I had to sign up with a major SMTP provider last year and they wouldn't accept my regular email for login, which is on a very regular normal domain. They asked me to sign up with a major email like gmail. I was luckily in a position to refuse, and complained until they updated their rules.
I wonder if your government also has a declaratively nationalist discourse.
I mean, it's great to be independent, just make your infrastructure rely on the services of an US based company...
"We can't be fair or impartial because scammers lol. Sorry!"
I don't call anyone a shithead for stealing from any of the major tech companies. They are stealing from us all the time.
I know you're just trying to pull something out of thin air that sounds plausible, but...this would be simple to prove with a request for valid death certificates, marriage license, and a birth certificate to prove you were married, the child is yours, and that both are in fact deceased. Oh, and of course, you'll have to prove who you are as well.
Given the (rightful) outcry about handing out your IDs to private corporations in "safety"'s name, are you really suggesting providing documents even more specific about you?
We're all worried about identity fraud, and such documents are actually used to apply for an id in some countries!
To be sure, it would suck trying to do all of this for some web service. I've had to do it for something more substantial like insurance. I wouldn't think this kind of thing should be a scan and upload to a cloud bucket. At this point, we've reached a human, and should be able to deliver physical documents to said human
It may be simple enough to prove, but that is an uncomfortable ask if those circumstances are genuine.
If these were truly the only copies of photos as in the example, then you'd probably be willing though.
> The real problem is that companies do not offer any accessible, powerful, and intelligent customer support.
No, the real problem is that we have no reasonable alternatives when companies misbehave. There is no meaningful way to exist in society today without an Apple or Google account, and that's actually insane. It's doubly insane for people who aren't citizens of the United States (although the CCP addressed this by requiring Apple make a separate iCloud for them).
The solution isn't to legislate a right to a bank account, it's to preserve the usefulness of cash so banks don't get too far out of line.
> There is no meaningful way to exist in society today without an Apple or Google account
As is the case for many other infrastructure companies, such as your local electricity network operator (or even supplier depending on market liberalization). We also didn't solve that problem by ensuring everyone's right to run a generator in their backyard or heat their city apartment with a coal oven.
If tech companies have become essential to our day to day lives and are not willing to allow for horizontal interoperability, i.e. to split over-the-top services from infrastructure and individual elements of infrastructure from each other – because walled garden lock-in undoubtedly increases profits – why not regulate them as infrastructure entirely?
I have neither a Google nor an Apple account.
Well, to be fair, I do create an ephemeral Apple ID every time I get a new phone… But I immediately log out of iCloud after downloading the two or three apps that I use. I have no idea what my Apple ID or password is… I would have to go look them up.
Further, if I lost said Apple ID, I would lose nothing of value.
I believe, as you say, I exist meaningfully in society.
> I do create an ephemeral Apple ID every time I get a new phone
In other words, you do have an in-use apple id at (pretty much) all times.
Sure, but it has no value and nothing negative happens if it is revoked.
Further: the three apps I install are not crucial - I could live just fine without them. All I really need is Safari and a working POTS endpoint for my cloud-hosted phone number ...
It's nice that this works for you, but unfortunately I strongly suspect that you are part of a tiny and shrinking minority.
Not every service provider offers a web app anymore, and if they do, it's often penalized in terms of functionality or fraud screening hoops one has to jump through (since mobile apps offer device attestation and generally have a higher cost per bot action than browsers). Some even outright demand device attestation, which not only excludes non-iOS/Android devices, but even custom ROMs or non-Google-blessed phones, since they lack the necessary keys.
And yes, people could protest that by just not using these services if they're not strictly necessary to survive, but the dynamics here (tragedy of the commons etc.) just don't work in favor of individual people.
Curious: How do you do your banking? Most of my banks de-facto require an Android or iOS app for authentication, unless you want to do all your banking in person and pay hundreds of Euros in fees every month (and even that would exclude you from many services).
I am a US person and the four (three very large and one smaller, regional) banks that I use do not have any such requirements.
Web based online banking (since nothing related to banking requires 3D or VR/AR or camera/mic access or other fancy things that apps do) and 2FA auth. That is all I have ever seen or used.
The big difference is that, historically, there wasn't much you could do in a US bank's online banking other than checking your balance and maybe initiating a wire transfer (which usually costs double-digit USD amounts in fees, so it can be economically secured by manual human fraud investigation for every case).
By contrast, all European bank accounts offer outbound payments, which nowadays clear and settle instantaneously. The fraud risk is just orders of magnitude higher.
The US now has Zelle, which is actually showing just that friction and not going especially well for banks that were kind of blindsided by the sudden requirement to actually authenticate their customer, which is why you see all kinds of strange stopgap solutions mixed with proper security.
In the EU, banks are AFAIK banned from using SMS 2FA, and the 2FA needs to be tied to the specific transactions. Which nowadays de facto means a bank-specific (sometimes country-specific) 2FA app, possibly with the alternative option of purchasing a pricey dedicated 2FA device.
> In the EU, banks are AFAIK banned from using SMS 2FA
That's not the case, but SMS-OTP only counts as one "possession" factor, leaving only "knowledge" or "inherence" for the second one, and both are awkward to ask for in a payments flow. (You don't want to train users to enter their bank's password at a merchant site, and biometry/inherence isn't easily possible from an untrusted device.)
By contrast, doing biometry on a linked device provides two factors (possession of the device and inherence), and is significantly cheaper than SMS too. SMS in Europe can be pricey!
As a tangent, they are in fact banned from using email as a factor, which I find infuriating – my mailbox seems much better protected than my SIM card or phone number, which is one successful attempt at social engineering away from being swapped out or ported away. The SMS industry must be pretty good at lobbying.
For the sake of completeness I will mention that one US bank that I use, Wells Fargo, issues the classic RSA keychain tokens:
https://www.wellsfargo.com/biz/online-banking/securid/
... which is quite simple and cheap ... and can be used in place of SMS 2FA.
The fact that these tokens exist and are so simple to deploy and use really deflates any claim (by banks) that banking and/or auth apps are required. It causes one to consider what the real motivation is behind the bank desperately pushing customers away from the simple and adequate web service towards the apps.
something something anti-fraud something something PM's promo packet something
China is quite a bit worse. Not having an Apple or Google account in the US would be kind of inconvenient. Not having WeChat Pay or AliPay in China means you can't buy stuff most places. They've ensured that their de-facto-mandatory services are domestic, but they're a lot more mandatory.
I assume the Chinese government is quite happy with this, because they have no trouble bringing their large companies to heel, unlike the US. And centralizing payments like this gives them a great deal of information and control.
The US also has no trouble bringing their large companies into line.
Apple willingly preserves a backdoor in the e2ee of iMessage for the FBI et al in the form of effectively unencrypted iCloud Backups.
The whole “Apple won’t decrypt stuff for the FBI” narrative is farce.
Post Snowden, all the tech CEOs met in person with Obama to do damage control, as they all had some serious credibility problems once the reality of FAA702 (warrantless one click direct access, aka PRISM, aka the #1 source for the IC) came to light.
Even if there were viable alternatives, I believe people who chose to use an Apple, Google, or any other account should still have the rights I proposed.
As one data point, I would.
Cash being more useful wouldn't help you regain access to your photos, music, email, etc... when your account has been deactivated..
This is the naive tech bro view
You can't keep chasing alternatives when companies misbehave
That's why there's a thick list of contract law precedents and consumer's rights and what not
> We should impose, by law, the following rules on all companies that offer accounts to their customers.
When the services that a company provides gets to this level, it starts becoming like a public utility. If it's not possible to participate in society without using such a service, then the services should be governed like utilities are.
I wouldn't be opposed to having actual government-provided services for things like e-mail, text message, and discussion forums at a very basic level. Then (in the US anyway) we could apply the government restrictions on privacy and freedom of speech, with laws governing the oversight and implementation. Of course there would be major details to work out to prevent misuse, corruption, etc.; but it could solve the problem of losing your essential on-line identity -- as long as the government has any interest in you at all for something like expecting you to be able to send/receive an e-mail in order to pay your taxes, then they wouldn't ever cancel your account. 3rd-party services would still be possible, but then they could do whatever their business model supports, and caveat emptor. How people can expect businesses services like Facebook to comply with their personal expectation of free speech is beyond me.
> If they block/ban/close/suspend a customer account they must provide habeas corpus.
* evidence
"Habeas corpus" is not a lofty expression for evidence, although people sometimes use it as such. It's a procedure for challenging one's detention before a court.
Agreed with the intent, but it's more narrow than that. Habeas corpus specifically means "there is a body." It's purpose is to set a high bar for homicide convictions i.e. a body must be present before a suspect can be convicted of murder/manslaughter by a court of law.
Habeas corpus is an order to bring a body before a court. The body being a live one, the detainee. Thus proving that the detainee hasn't been exiled/tortured/murdered/whatever and providing an opportunity to challenge the detention.
I stand corrected.
You might enjoy https://www.bitsaboutmoney.com/archive/seeing-like-a-bank/
It has a REALLY good section about why customer service is very hard to get right
This legislation has high costs and while it seems fair to impose them on the Apples and Googles of the world, this gets weirder with smaller services that might have trouble complying. My podcast player, Overcast (overcast.fm), is one guy. Should he be subject to this? It seems like that business might not be able to exist if he was.
You could do a revenue threshold or something but seems tricky.
The business size doesn't matter. Bake it into the business' books and charge what it takes to manage it. If you can't, your business isn't viable. If you can, it doesn't matter if you're 1 person, 100 people, or 1 million people.
I like that one guy can run a useful service to me.
> You could do a revenue threshold or something but seems tricky.
That's what countries regulating this tend to do (often user count instead of revenue thresholds, but similar).
It also makes sense, because if the podcast guy bans you, you can pick a different podcast player or just not listen to podcasts. If both Google and Apple ban you, you're also effectively debanked because you can't use their app stores to install the banking authenticator app that is required to use online banking, possibly excluded from using public transit, etc.
I'm flabbergasted by #3. Where in the world is there no small claims court exactly like you describe? I'm genuinely curious.
If you want a small claims court to certify that Apple owes you $500 because they didn’t honor your gift card, that probably exists everywhere that Apple does business. If you want a court to certify that Apple must reinstate your account because they incorrectly classified your use as fraudulent, small claims court lacks that authority, at least in the US.
My impression (possibly wrong) is that in Germany, there is just "court" and trying to enforce a $500 judgement will be difficult because every lawyer will tell you to just eat the cost rather than taking the case, and the case would cost thousands to litigate (to be reimbursed by the company if you eventually won, 5 years later).
Apple actually does have pretty good support for this sort of case. I went wrong. Here is that the account was in a state where support even high-level Support was not authorized to unlock it.
I have personal experience here. I was gifted a meaningful chunk of Apple gift cards. I redeemed them to a secondary Apple ID as this ID is rarely used. It got locked when I tried to spend the Apple gift cards.
It took a couple tries over a few weeks, but Apple support were very helpful and able to unlock the account. Where I must've got lucky is the automated system must've allowed the Support to take this action and it sounds like in the case here whatever fraud flag triggered issued to far more severe response.
My case I should add the gift cards were totally valid. It just was rarely used to count. That might explain why it was easier to resolve in any event. They absolutely as human support. The real issue is when human support can't overrule the computer.
This does not scale, the amount of abuse is huuuuge. But I think with a prerequisite, it could:
Companies should be required to provide access to a service that verifies identity. I know such companies exist, so it is doable. And then, once it is provable that they are dealing with an actual human who can be identified, your rules can be applied.
Apple made 100 billion profit last year. They can surely afford to make this. Just because it would cost them profit does not mean we shouldn't require it.
For Apple, yes, but in the context of rules that apply across the board we should address the scaling issue. People who've had to deal with the filth of the Internet know how hard the problem is to solve, and not everyone has Apple money.
If you can't charge your customers enough to spend enough on this challenge, you don't really have a viable business, you've got a theft organization. Externalizing your failure to build a solid business by screwing customers is not okay.
I pay Microsoft all of eur 11.20/month for basic office subscription and the 3 times I've clicked contact support I got called by helpful people who resolved my problem.
I guess that's one reason enterprises like them
Rather than crafting a bunch of specific legislation, I say remove the carve out for arbitration. Open the doors to take them to small claims. If they don't show up (maybe because a $500/hr lawyer isn't worth it) you get a default judgement, which you eventually convert to cash. Problem solved, without adding more bloat to existing laws.
I see no reason enormous companies should carve out exceptions to the legal system. You exchange money with them, that's commerce, it's a contract. This is exactly what civil court was designed for.
Some of this sounds appealing to me, but I wonder how wise it is. I've been banned unfairly, and it would be fun to try to stick it to those who have... but then there's almost surely someone here on HN wanting to start some online game or something who would not be able to afford to comply with the law. He's just completely cockblocked by the barrier to entry.
If you try to make carveouts for him, they will still be absurdly restrictive and the carveouts will be abused by the likes of Reddit.
Their customer support is to sue them. Few are willing to dare. But I suspect if you sued Apple over the gift card incident in a European country, the judge would side with you because of stronger consumer protection laws. Also that clause in the ToS that says you won't sue them is legally meaningless.
If this happens more than a few times, they will quickly remember why customer support is necessary.
> the judge would side with you
The judge would likely never see the case, because the legal department would make sure it gets escalated to someone who can unfuck the problem before it gets that far.
Suing companies can legitimately be the easiest way to resolve issues, especially where small claims courts exist: It turns the issue into something that they can't "resolve" (for themselves) simply by ignoring and stonewalling you, so it becomes cheaper to actually fix the issue.
And also it would be good to limit the ban duration with a law. For example manslaughter can be 5 years in prison. So if google decide to ban your account because you send your doctor a photo of your son for medical purposes, they are not allowed to ban you for more than 5 years and then they must restore full access to your account.
I think for these big companies as well, they should have to have a more targeted punishment. Since having access to an Apple or Google device is increasingly mandatory in many countries (often as a result of government legislation!), getting that cut off is more impactful than other services.
So like, if you get caught, red handed, absolutely 100% you, performing gift card fraud, the maximum punishment from Apple should still be getting banned from the gift card system (buying or redeeming). And if they want more consequences for you because they think you’re running a fraud ring, they should have to sue you like a physical store would. But not lock you out of the rest of the ecosystem. Otherwise you get the false positives getting the digital death sentence Apple tried to hand out here
I fear that this would lead to everyone being allowed exactly one account -- why would you need more than one if the one you have can never be fully deactivated? -- and that account would be tied to your human identity forever. Which would go about as well as any other attempt to solve Sybil problems.
How about, if they ban someone, they must give their evidence to the government to prosecute the alleged crime, and if the government refuses (within X time) or loses, then the account is restored.
Otherwise if Google really thinks a child is being abused in that case, why aren't they reporting it to the police instead of turning a blind eye? Does Google want child abuse?
If Google bans 100,000 bot accounts a day, and even 1% of those "users" request a human appeal, you are demanding 1,000 hearings every 24 hours. Who pays for this? Magic? If the cost of providing a "free" email account includes the potential for a $500 human-led legal adjudication, free accounts will simply cease to exist.
Further, the current court system is already backlogged by months or years for serious crimes and property disputes. You are suggesting we socialize the cost of private customer service disputes. Why should taxpayers fund a judge to decide if a "common sense" decision was made about someone's banned World of Warcraft account?!
I'm sorry but this idea is very obviously not congruent with reality as we know it, as nice as it may sound.
> Who pays for this?
Initially, the user requesting the hearing (this discourages the scammers).
When the appeal is won, the company (this encourages doing a really good job at not banning legit users and enabling lower-friction ways for them to appeal).
> You are suggesting we socialize the cost of private customer service disputes.
No, it can just be a dedicated body, funded as described above. Yes, this might mean that free accounts cease to exist, although I suspect in practice it would just result in a fraction of the profit from free accounts going into better (less user-hostile) abuse management rather than profit.
But then how can IP companies like Google leverage zero marginal cost of production to achieve infinite scale? Customer support costs scale linearly with the size of the customer base!
Won't somebody please think of the shareholders?
#2 doesn't scale. If you guarantee access to a human, the system will absolutely be effectively DoS'd by scammers trying to social engineer their way into access to someone's account.
Not if you require physical presence. If you have to turn up in person at a local branch office with identifying documents, then you've greatly limited opportunities for scams. Fraud is still possible but it doesn't scale.
You are suggesting that companies be legally required to staff a "Complaint Bureau" where low-level employees must face, in person, the most disgruntled and potentially unstable 1% of the internet. This can only end well.
That actually sounds good to me.
If this place attracts violence, the company can afford bulletproof glass and an alarm button that alerts the police, and I'd rather have the unstable 1% remanded to police at the risk and cost of a rich company than to have them stab a rando on the street later.
Employee protection laws that mandate said bulletproof glass in certain situations already exist in civilized countries.
...for a Gmail account. Right.
No, for the key to being able to participate in modern society. Without a Google account, you can't use (standard) Android. Without either (standard) Android or iOS, you de facto can't use most banks, some public transit networks, and various other utility-level services.
You can have a Yahoo account, a Hotmail account, a ProtonMail account. You can go to your bank in person or without an app. I would be less surprised to learn that a bank does not have an app than I would be to learn they do not have a website.
The web site often requires an app for authentication. Some (not all) banks offer alternatives, which often come at a cost (either financial or time) that would, once you add all of the costs up, be catastrophic for the majority of people, because it's never one thing that is affected with these major gatekeepers.
They generally use SMS authentication. I have yet to see one that has a hard requirement for an app, let alone one that actually requires a Google account.
Regardless: The fact that a specific tool is the easiest way to do something doesn't grant you a "right" to that specific tool. For example, you have a right to seek transportation; you don't have a right to a specific 2025 Toyota Camry provided by a private company.
That sounds vastly more costly since they'd have to open local branch offices everywhere.
Users can travel themselves.
At least 1 would not be enough. So how many branches are enough? And what about people with less money and time available?
This is why banks have physical locations with live tellers. And also why I'll never open an account with a regulations-dodging "disruptor" banks where everything must be done through the app.
If the companies are too big to provide reasonable levels of support for their users, then the companies are simply too big.
A smaller company is even less able to deal with fraud. You wouldn't have the product at all.
Maybe, but I think that's probably okay.
You can't launch your boutique credit card and refuse to refund fraudulent charges with the excuse that you are too small to do so.