I have never encountered this personally, but helped a few. There could be variations of what to expect, in response to your question. YMMV:
* If using the Web UI, it will be locked & probably will remain in some catatonic state, until Apple restores or purges its contents. The ID will not be reissued to anyone else, so it is a safe assumption no one will get any email, notes or photos that belonged to you. Apple support page will still be available in many cases (and probably the only thing) when you try logging-in
* On your device, syncing will stop. Local content will remain. Shared albums might disappear or seem broken i.e thumbnails will be visible but suspended account will not be able to fetch data. App purchases will stay but updates will probably be infeasible. iCloud dependent document access will definitely be broken.
It keeps working as usual. The poster said the account is specifically locked only in iTunes/App Store. That's why the complaint is about losing money and not everything I guess.
I don't think many people understand that when you "buy" a movie or book on Amazon lets say, you're just buying a license to that product and it can be taken away at any time.
I sometimes worry what will happen to my library on Steam if I ever get falsely banned. I have a lot more than $100 of content there.
> I don't think many people understand... ...you're just buying a license to that product and it can be taken away at any time.
And if that was a one-off sort of thing than I'd say "caveat emptor" but it's not a one-off, it's something we hear about all the time which makes me say "Holy shit sounds like fraud to me."
If so many people are walking away from a transaction with a complete misconception about what it is that they transacted I question whether or not we can call what went on as a 'meeting of the minds.'
What is the difference between that and having bought a physical copy that only supports 32 bit? Noone has taken away your game library. You have bought a system that doesn't support your old games.
To anyone who is willing to maintain compatible hardware. It's not really any different than asking what you can do with all your old VHS tapes or DVDs.
I have about given up on ever finishing those 32 bit games (watching youtube playthroughs is getting very tempting) but when I upgrade my laptop I started the habit of keeping the old one after a weird contract job I did where BYOD was allowed and what was offered was so bad that my old laptop was a better option.
Last time I upgraded I forgot to sell the old one, so I still have one laptop that supports 32 bit games.
I'm about due for a new laptop, and I'm thinking of selling the newer one and keeping the older one for this reason.
That's really not the same thing in my view. If you buy a game for Game Boy Color and try to put the cartridge into the USB-C receptacle then it won't fit.
Make sales of IP sub-licenses detach from their retailer and become direct licensing relationships between the rootmost IP owner and the buyer, represented in some public-good digital ledger of IP licenses.
If I buy e.g. a game from publisher Foo on Steam, then I should be able to then freely download that game not only from Steam, but from any digital distributor who chooses to carry that game — including distributors that weren't even in business yet at the time I bought the game. Being a distributor of digital good X for your own customers, should legally obligate you to be a distributor for digital good X more generally, for anyone who has an IP license for digital good X.
When I bought the game from publisher Foo on steam, I was really just paying Steam to go acquire for me an indefinite IP license from publisher Foo. Now that I have that license, I should be able to present it to any of these distributors to say "I have a license to consume this, so you have an obligation to deliver me a copy of it just as if I had bought it from you." Steam should not be able to hold that IP license hostage; it's not theirs, any more than a retail product I paid Amazon to ship to me is theirs. The IP license is now mine; I bought it; I own it. I don't own the work itself; but I do own the license itself. If I was a corporation, the license would be an asset on my balance sheet.
(And as well, acquiring this IP license should mean that I can also freely download the game from random websites/torrents. The distributor might not have a right to distribute the work, and so might get in trouble for sending it to me; but I shouldn't get in trouble for requesting or receiving it!)
> (And as well, acquiring this IP license should mean that I can also freely download the game from random websites/torrents. The distributor might not have a right to distribute the work, and so might get in trouble for sending it to me; but I shouldn't get in trouble for requesting or receiving it!)
By forcing lincensors to refund any license that has been invalidated. The idea that an EULA acts as a magic password to take your money and delete your IP at any time is fanciful.
They've already sued MoviePass for the same kind of abusive shenanigans.
While we need better consumer protections forcing full refunds when you try to defraud a company doesn't make sense either.
Sure there is the potential that this poster was innocent but Apple's fraud division certainly isn't missing all of its bans...
BTW you can thank credit card companies for these scorched earth policies. You can't accept credit cards unless you keep your fraud count below a certain threshold.
This was because Visa et al never developed anti fraud techniques in the pre-internet era and realized it was easier to just ban anyone with too much fraud.
> While we need better consumer protections forcing full refunds when you try to defraud a company doesn't make sense either.
Why not? If the license is revoked then it should be refunded. They are not forced to revoke licenses after all - they can very well ban further purchases from allegedly-fraudulent accounts while allowing them to consume whatever they've already successfully paid for (and that hasn't been charged back obviously) and then they wouldn't have to refund anything.
You don't get a refund from Disneyland if they kick you out for stealing.
Additionally typically most of the value of the things people purchased is over when actions are taken. You can argue they are owed something but a complete refund is a stretch.
For instance at minimum any show can't be worth more than the delta between renting it the number of times you watched and what you paid.
CFPB (Consumer Financial Protection Bureau) Complaints are a _powerful_ tool that I highly recommend people take advantage of. If a company is giving you the run around then filing one of these will get someone reaching out to you (no holds, no wait times) and they are highly motivated to solve the issue.
one of my favourite soap boxes.
I'd like some ground-laying legislation about the use of the words "buy" and "sell". As a sanity-check, none of the "buying" and "selling" that happens on platforms like playstore, appstore, steam, prime video etc should be allowed to be called "buying".
Use "pay-once renting" or "lifetime rent" or whatever. "Buying" should be reserved for transactions where the other party cannot (not "must not". cannot!) take back what they sold without involving a third party like the state.
> when you "buy" a movie or book on Amazon lets say, you're just buying a license to that product
I have never seen an ebook product entry containing the word "license" in the name or description. And even if we assume that's fine, that still doesn't warrant taking away access to the product you bought. If you buy a DVD and stream the movie online you won't get raided and have all DVDs, CDs, vinyls and books taken away. Apple, Amazon etc are doing exactly that.
Imho it should at least say "buy license", or ideally: "rent for an unknown amount of time, do you feel lucky?"
> I sometimes worry what will happen to my library on Steam if I ever get falsely banned
Losing game saves is a moderate inconvenience, the games themselves are easy to pirate - I wouldn't feel guilty about doing so for titles I've previously purchased on Steam
Edit: I just realized it will be different for those who play lots of multiplayer games or have accumulated a collection of "digital assets" on Steam
Many people forget that when iTunes came out, you couldn't redownload purchases. If you download your Music, Movies, etc. they work offline and can be played indefinitely (yes, Movies have DRM but that DRM works offline).
It's not that people don't understand, it's they're lied to. The wording the companies use are "buy this movie", "purchase this digital book", etc. You don't see a big green button reading "buy a license valid for undetermined time, that can be revoked in the future at our discretion".
Apple telling someone that their account has been disabled due to fraudulent patterns and then asking them to create a new Apple ID is another level of incompetence from that organization.
* There is some kind of fraud performed by the guy. Telling the guy/fraudster to create a new Apple ID account makes no sense. Are you going to tell the bank robber to try again using another method when the first attempt fail?
* There is no fraud involved. Then the flag on the account should be removed.
They should have recognized this is a serious issue for their customer and done something to address the cause of the issue.
Instead they're saying "don't change the behavior that caused you to lose the account, just open another account and cross your fingers you don't lose that one too."
1. All your emails if you use iCloud for your email, and thus potentially locking you out of any other sites that use email as a 2-factor-auth.
2. All your backups on iCloud.
3. All your data on iCloud.
4. Every single login you have where you used sign-in-with-Apple.
5. Every app on your phone that you have a paid subscription for.
6. The fallback login mechanism on any of your Macs where you used iCloud as the login fallback.
The list goes on. They ask you to tie your life to iCloud. They tell you to make backups on iCloud. According to the reddit thread, this can happen if there was a fraudulent charge made with a credit card associated with the account... Not even done on the account. So then all of your data disappears? Is that enough wrong here?
"this Agreement and the relationship between you and Apple shall be governed by the laws of the State of California, excluding its conflicts of law provisions. You and Apple agree to submit to the personal and exclusive jurisdiction of the courts located within the county of Santa Clara, California, to resolve any dispute or claim arising from this Agreement"
Steam for instance seems to impose arbitration but also has this:
"Disputes that can be resolved in small claims court or relate to the infringement of our intellectual property do not have to be arbitrated. You can opt out of arbitration within 30 days of accepting this EULA.
(d) Exceptions. As limited exceptions to Section 22(b) above, the following Disputes can be resolved in court and need not be resolved through arbitration: (i) any Dispute that can be resolved in small claims court (if it qualifies); and (ii) any Dispute involving the infringement or misappropriation of our intellectual property rights."
Not necessarily it could be in a sane Legal environment ie not USA.
'The EU requires Member States’ courts to presume that the arbitration agreement in consumer contracts is an unfair term, if it was not individually negotiated by the parties after the dispute arose (see Directive 93/13/EEC of 05/03/1993).'
Except Apple is paying the arbitrator, so they are inclined to give them the benefit of any doubt. Not saying you can't win in arb, but it's an uphill battle.
Apple is paying the arbitrator because it's a requirement of arbitration.
Apple is happy to do this because even when the arbitrator decides they're in the wrong it'll 1) be much faster than court 2) be much less than a jury awards. There are pretty much 2 arbitrators in the US and so they can afford to lose a single client.
Its only uphill if you have an actually bad argument such as _just_ the statement "they broke our TOS.".
Wouldn't the company still need to show up and tell the judge that there is an arbitration clause?
Additionally (I am not a lawyer) arbitration does not override any court or have any authority unless authorized by a court. If a party does not cooperate with the arbitration, the other party still has to go to court to convince a judge that the arbitration was good and get the judge to enter a judgement against the noncompliant party.
If as a consumer, you agree to arbitration and it is grossly unfair, you can still go to court and the judge can decide whether or not to use the arbitrators ruling or make their own ruling. The other party would also have to convince a judge that their unfair arbitration was fair.
If the consumer sues in small claims court, then the company would need to petition the court to compel arbitration. Large companies (like Apple) sometimes expend what would seem like irrational amounts of money on lawyers to make a statement. So, I wouldn't assume that they would balk at petitioning to compel arbitration.
In terms of the arbitration itself, it is very hard in the US to get an arbitration award overturned. So, wouldn't bank on that.
Big tech companies have made trillions on positioning themselves as gatekeepers to society.
It's about time governments actually legislated for this. If they want to ban you, then at the very minimum they need to prove it, to provide the evidence, evidence you can challenge. They need to prove their response is proportionate, and they need to be open to an independent person judging their response.
There are consumer protection laws that apply to banks and telecoms already. You are right it might be time to have similar laws for these digital gatekeepers.
One of the commenters on the reddit post suggests that the financial information – credit cards, I assume – were stolen and used for purchases on another Apple account.
This is really scary as my credit cards #s were already stole a few times and it was never an issue larger than 15 minutes on phone with my bank rep. However, if this could lead to me losing my iCloud account (or Google, Amazon, etc.), this is a much bigger deal.
If this is really the reason for losing the account, I can't understand why Apple wouldn't just blacklist the credit card and leave the account owner to deal with their bank. Closing their account seems excessive. Especially after contacting them. I doubt too many CC thieves are calling up Apple to explain themselves.
Backups to some (non google/apple) cloud provider or something like rsync.net / hetzner storage box / backblaze b2 / online.net storage / etc etc. Or trade off-site backups with a friend/family that also self-hosts all their own stuff.
It's all encrypted anyway, so no problem ;)
Summary judgments are way too common in the era of digital services. This is the kind of anti-consumer tactics I expect the EU to take a deeper look into.
As a side note, for all the good PR Apple gets for their customer service, my experience with their digital services and payments support has been subpar.
The Apple Card support is particularly atrocious, with a two-level support hierarchy where Apple cannot do anything but answer basic questions, and pretty much any serious request has to be handed to Goldman-Sachs advisors. Payments are a bit better, but half of the time I had any issues, I ended up sending an email to tcook@apple.com for the lack of responses.
Someone needs to legislate an autosuspension algorithm. Maximum number of consecutive hours an account can be suspended, max number of hours per unit of time (week, fortnight, month). Beyond that a human should be required to adjudicate the claims of the automated system.
What we've done is instead of reducing the staff requirements by 10x or 25x we've reduced it by 500x, which is not okay. We can't afford purely manual fraud detection, but with the stakes this high humans should have the final say. But then that's always been a thing with ergonomic business software versus poorly designed business software - whether a human is allowed to override the system or not.
> We can't afford purely manual fraud detection, but with the stakes this high humans should have the final say.
The human would make the same final judgement that the heuristic did, because the human doesn't have access to any more information than the heuristic does. (If they did, the heuristic's programmers would tap into that info to improve the heuristic as well.)
As you say, the only real solution is to make un-suspension — upon presentation of additional evidence of account authenticity — easy. (Perhaps even automated.)
Forget the movies you lose, if your AppleID is disabled, you also lose:
1. All your emails if you use iCloud for your email, and thus potentially locking you out of any other sites that use email as a 2-factor-auth.
2. All your backups on iCloud.
3. All your data on iCloud.
4. Every single login you have where you used sign-in-with-Apple.
5. Every app on your phone that you have a paid subscription for.
6. The fallback login mechanism on any of your Macs where you used iCloud as the login fallback.
The list goes on. They ask you to tie your life to iCloud. They tell you to make backups on iCloud. According to the reddit thread, this can happen if there was a fraudulent charge made with a credit card associated with the account... Not even done on the account. So then all of your data disappears?
Interesting and terrifying observation. Who exactly would one go about making backups of ones iCloud data. The internet is of no help, it's all about backing up TO iCloud.
Looks like there is a download link accessible via the web interface on icloud.com. But you can also set an auto-syncing folder on OSX/Windows and copy them from there using standard OS commands.
Setting up a Smart Folder in MacOS may work but it’s been a long time since I’ve used them. I use rsync to backup photos to my NAS. It looks like you can use rsync on an iCloud directory.[1] I just ordered a new MacBook Pro and plan to use them method for my NAS and to iCloud.
Sure, but what's the likelihood that both your iCloud and Google accounts get disabled at the same time? Personally I would opt for something safer, like using a true backup solution, but convenience often trumps safety. Using two cloud providers with trigger-happy account termination policies is better than just one.
While true, as observed elsewhere there's no reason to believe Apple restricts these things if you get banned for fraudulent transactions. The linked post doesn't make that allegation.
Do Apple services have an equivalent of Google's Takeout[1]? Local backups of online services that can be severed at anytime is advisable. If you're paranoid about continued access to your email - use a domain you control! Regaining access to your email address will be one mx-record update away.
> All your emails if you use iCloud for your email, and thus potentially locking you out of any other sites that use email as a 2-factor-auth.
...but you can use iCloud Mail through regular POP3/IMAP and thus have a local copy of all your mail. (And, as far as I know, this is what Mail.app itself does, save for some push-notification optimization; am I wrong here?) There's no walled garden here. It's email.
That is why I don't use webmail I rather use Thunderbird.
Second reason I use Thunderbird (or whoever wants whatever else) is that I have 10 or 20 mail boxes like separate for shopping separate for more important stuff separate for stupid stuff.
You don't have to have a single mailbox with a single provider.
Another advantage of Thunderbird is that I already have a downloaded copy of my past emails. If I ever get locked out, I can change my MX records and start over elsewhere with minimal disruption or data loss.
If they disable your account, you're not going to get any new email. So if a website uses your email address for 2-factor-auth, then you are straight out of luck, as I'm sure they also use that email for any sort of account changes. To be clear, "don't use email for 2-factor-auth" isn't a real answer here, there are plenty of services that don't give you an option.
Additionally, you can't send email. That's also a pretty important part of the whole "email" thing. Any ongoing discussions will just be cut off.
Seems pretty walled garden-y to me, considering the entire framing of this is that nothing bad was done with said email. It was because Apple has a unilateral switch that turns everything off if anything bad happens to an associated credit card. That is to say, if your credit card number is stolen, completely outside of your control, this could happen to your email. I'm not aware of any other email service where that is the case.
Technically, you don't need an email account to send email. "telnet example.com 25; HELO there; MAIL FROM: you@example.com; RCPT TO example@example.com; DATA; ...; ." Viewing the reply is, of course, more challenging.
I don't think there exist any Mail Submission Agents well-connected to the graph of what you would think of as "email on the Internet", that allow you to send FROM an arbitrary address without SMTP AUTHing yourself as an account that maps to someone with privileges to send from that address.
You connect to the recipient's server. It's nice that iCloud Mail automates this all for you (and is allowlisted), but you don't need an email provider to send email.
Let me know when you can telnet into gmail to send mail as an unauthenticated user to another gmail user. Let alone DMARC, SPF and other modern protections. The last time I could do what you describe was more than a decade ago.
But that's true of... any email provider, though? You'd lose access to your ISP email account if you switch ISPs, etc.
Federated email just generally sucks, insofar as email addresses are expected to stick around indefinitely, yet are almost-always associated with some service provider you might eventually no longer be a customer of (for whatever reason) and with "owning your own email providing" being nigh-impossible for deliverability reasons.
Also, people's emails to you wouldn't go into a black hole; they'd start bouncing. Which would mean that those people would realize that they should be reaching out to you some other way.
(In fact, properly-coded 2FA systems should recognize an SMTP bounce and use it as a signal to temporarily reduce the level of authentication required to reset 2FA. Things like this are why it's so hard to get 2FA right.)
No, it isn't true of any other provider, that's the whole point. If my HBO Max account detects a fraudulent charge, my completely unrelated email provider doesn't then irreversibly disable my email account and tell me to just set up a new one.
Yes, if my non-Apple email service "locks me out", then the same would happen as here. The point however is that:
1. Usually this would only happen if something weird specifically happens on that account. For example, if I am paying for an email provider and my card is declined. Notice that with the Apple case, a problem in something completely unrelated to email can cause this (including apparently the card being flagged for a fraudulent charge on some unrelated service).
2. Even then, usually the next step is I am told that that happened. Notice that in the Apple case they won't even tell you what the situation is to give you a chance to remedy it.
3. Finally, you then almost always have a way to remedy the problem. For example, by giving them a new credit card. Notice in the Apple case they insist that the account is disabled forever.
Do you see the difference? It's not in the "what happens if your email stops working" part, it's in the "what leads to your email not working anymore" and "how do you fix your email" parts.
> Notice that with the Apple case, a problem in something completely unrelated to email can cause this
Uhm, conjecture? The Reddit poster complained about app/media store lock, if they lost something more important like iCloud with photos and email that'd be a totally different story instead of "I lost some movies".
If you read the rest of the thread, its clear the entire account was locked. That's why they were told to get a new account. The expectation is not that he use one account for email and another for... new movies?
They said the issue manifested when trying to update an app. If the account was disabled, they'd get system errors saying iCloud couldn't be reached/account errors.
Second, they only ever said they asked the rep about their purchase content. Nowhere in the thread do they imply they lost anything else.
Uhm, then the rest of this subthread is conjecture? Typical HN sensationalizing/piling on. Losing bought content is bad but not like having all personal stuff locked. and nowhere the poster complained about the second.
> If my HBO Max account detects a fraudulent charge, my completely unrelated email provider doesn't then irreversibly disable my email account and tell me to just set up a new one.
Do you have any evidence Apple has done that here?
It is a natural consequence of the services being bundled together, and with Apple not telling you what the cause is. The response from the person who says they used to work at Apple is informative: https://old.reddit.com/r/applehelp/comments/15gechw/apple_ju...
Based on the OP, Apple did not provide any reason as to why the account was flagged, just that they exhibited "Fraudulent patterns". What evidence are you expecting them to provide here when the service provider is so tight-lipped?
AFAIK you should be able to request a copy of your data under EU regulations.
But honestly, it freaks me out that Google might someday disable my account. Unlike the Apple stuff, Gmail is a gateway to all my internet stuff since 1st of April, 2004. Lately Apple is also trying to be that middleman and IMHO account blocking should be more like denying anything new but providing a clear path out or a clear path for re-activation.
Another thing that I can't stand is the policy of not disclosing the reason for account blocking or rejection. This should be straight out illegal, it creates real stress and even trauma on people and I don't believe that the justification on making their job easier by hiding their methods to fight bad actors is a reasonable one.
A number too small to show up in the analytics dashboard is someone very upset, maybe crying maybe going through life changing situation due to a glitch or bad design in the system. These things happen all the time and get resolved when gain traction in social media.
The tech companies need to understand that they are dealing with real people and the outcomes of their actions are real and that's why they are paid so much in first place.
Shameless plug; I'm building FaangSupport[0] to try to solve this issue, did a Show HN[1] to try and get some feedback but It didn't get enough traction; Most Important Feedback I needed is whether my idea is even legal. But I believe we have to democratize accesss to customer support for Faang.
> the service is only good if Fanng/Fortune500 employees signup
Make it a paid service. It's the only way it will work. People may be willing to spend a few minutes of their weekend or evening to help when it's a front-page post on HackerNews, but nobody will voluntarily waste their free time helping strangers at an industrial scale on what will end up being 99% stupid issues.
Company policies aren't laws. Employees could be fired over it, but some would definitely take the risk, as they already do with providing mock interview services, moonlighting without receiving formal authorization, having 2 jobs, etc.
not speaking for Amazon or any other FAANG entity, but one fun and important thing to do when thinking of an idea is to imagine the risks and downsides.
For example, let's say someone uses your service to steal money or personal information from unwitting customers who think they're dealing with official 'FAANG support', or the bad actor provides erroneous information that ends up causing harm or death. Where do you think that open-ended liability would be assigned, were the legal system(s) to get involved?
For another, let's assume for a moment that there's an unfilled demand for FAANG support. Most interesting support calls likely require customer identification and also, crucially, internal backend access (e.g. to account systems, server logs, billing systems, and so on). Your site will not have that capability. That limits you to the boring support calls, which might as well be a wiki or stackoverflow, raising the question of whether you were able to address this unfilled demand.
Exactly, I did think of all this, especially about the Security implications of running such a service, another example, what happens when said Faang Employee leaves Faang and does not explicitly say so but keeps representing the former company.
Thanks for your feedback. This is why I thought I should get feedback before coding further.
> But honestly, it freaks me out that Google might someday disable my account.
Then don't wait. There are plenty of alternatives such as Fastmail. You pay a small amount of money but you can talk to a human being if anything goes wrong.
I also don't get why people put all their eggs in one basket. I'm so glad that my email, password manager, YouTube profile etc are not the same account.
I migrated some family email to Zoho the other day. There's a decent free tier and their email service alone is pretty cheap ($1/user/mo). For $1.25 you can get exchange activesync support as well.
It’s much, much easier to change account details when you can still access the old email. Get your own domain for $20/year and you never have to worry about losing access again. You can always redirect your domain to a new email provider if something happens
Ideally, you get your own domain and point that at whatever provider you feel like. Should you ever be locked out by a provider you point the domain to another one. If you follow a semi regular back up schedule for email you could even import your existing emails to some providers.
It's not as bad as you think. Fastmail has a great import process.
Transitioning to a new email address isn't really that bad. I did it about 15 years ago. Whenever you log in to a site and you notice that it's using your old email address, you go into your profile settings and update it. After about a year you'll probably have hit 90% of your meaningful accounts.
I think the point is that you don't abandon gmail right now, you give yourself an alternative, and when you access a service or decide to change something about it or need to recover an email, you change it then (and store the new info in your password manager, maybe mark/rename the old info as OBSOLETE if you have that sort of control), and eventually you've decoupled yourself mostly.
Truly decoupling yourself is hard, and you'll probably be finding old accounts and dealing with them for years, but getting 95% of the stuff moved over the next year or so will likely give you a lot of peace of mind if you're actaully worried about it.
FWIW if you're actually worried about it, you should also make sure your email is through a domain you control (even if just pointed towards a service, or even gmail) and that domain service is not linked administratively to the same account that you use for email (e.g. don't register domain through google and then point at gmail), so worst case you can change the destination service by changing MX records and just swap all your email at once to a new handler (or if you're a masochist or as a last resort point towards your own mail server you admin). Just make sure it never expires (in the end, there's always something to worry about, you need to find the risk you're most comfortable with).
I tired that for 6 months. Fastmails crappy spam assassin bases filtering is a deal breaker. I ended up just pointing it back at my gmail. Just an inundation of spam.
I also found their search (which I rely on heavily) to be a joke compared to gmail.
I transitioned to my own domain plus fastmail years ago, and found I barely get any spam. I made sure to make a unique email per service and barely get any spam, and if I do, I can ban the email address. Helps you detect breaches or spam sales way before it becomes public.
I still have the old gmail account, but almost nothing of value goes through it.
The key is the domain, you don't even need to go away from gmail, but own your domain.
I started my move in November of 2018 according to my Fastmail billing history.
I've _still_ got a few places that insist sending mail to Gmail (mostly sites that don't let me switch email for some weird reason).
I got my own domain, set it up on Fastmail, imported all my old mails from Gmail and set up a permanent forward from Gmail to Fastmail.
Then I set up a filter on Fastmail that shows all mails that were sent to my Gmail address and slowly went through that list and switched from @gmail.com to my own domain.
Now I'm the customer for my email instead of the product and I 100% own my own domain so no single company can take it away.
There isn’t anything really. I drank the koolaid and I lived in my mail for decades. My inbox has 100000s emails and my life is there. Alternatives I tried, for instance outlook, fastmail and others simply die when I turn the hose there. And that’s just new email, not import which I need too, of course. Gmail doesn’t flinch and is always fast.
You still end up beholden to a service. They have human beings now, but they might not in the future. Or they could vanish. Even running everything on your own systems is risky because you still end up being reliant on domain registrars.
> But honestly, it freaks me out that Google might someday disable my account. Unlike the Apple stuff, Gmail is a gateway to all my internet stuff since 1st of April, 2004.
Something being possible is fine however this situation is becoming untenable and needs regulation ASAP. Google, apple et al have too much power and are involved in too many aspects of life. If they are borderline utilities, governments must regulate them so. situations like this have some legal recourse.
Get the US government agencies to enforce the anti trust laws that already exist, and poof! Problem solved.
Alphabet would get broken up into seperate entities: Gmail, Google, YouTube, AdSense, etc, should all be different companies and your single source of life failure disappears
>Alphabet would get broken up into seperate entities
That doesn't necessarily solve the issue of having a sudden death round of Gmail dying would lock you out of a lot of services using 2FA email and/or "Login with Google."
I don't understand the netizens of HN sometimes. Can someone explain to me what is going on in their mind?
On the one hand, they complain constantly about this or that centralized service that they are throughly dependent on, and admit to being terrified of that service doing something "unaligned" with their interests. A few days ago, it was Stripe, before that it was Twitter, Reddit, now it's Apple, Google, etc. They complain and throw their hands up in despair, and Cory Doctorow even recently coined the word "enshittification" showing that this will always happen to for-profit platfoms. And Google Chrome's new client attestation API has everyone freaking out.
On the other hand, a lot of them gang up en masse on any decentralized and open alternative, especially Web3-related, that actually solves the problem technologically. They fight tooth and nail arguing that it isn't popular yet, and never should become. Because only centralized, government-regulated platforms that had years to become entrenched, are good, the rest is bad and should not belong on HN.
So what is the alternative?
Also this same group of people, seemingly, is totally nonchalant about the prospects of AI destroying human civilization, despite its own creators consistently giving that a 10-20% chance. They say that you shouldn't be worried so much. I just don't get this crowd, honestly. It seems like insanity.
PS: It's not all people on HN, just the most activist and vocal ones, and the ones with the silent downvote button trigger finger with massive hyperthrophy from constant use.
> Web3-related, that actually solves the problem technologically
Is this true though? Sure, there are tech demos but people use the tech as a mean to the end(which is some content or interaction) and just because it works on technical level it doesn't mean that it fulfil the needs of the user. For example, if all the best stuff about LK-99 is on Twitter and Reddit, I'm going to be on Twitter and Reddit. Convenience? network effect? Does it matter?
Also it's usually different people complaining about different stuff and as a result it's not a contradiction. We are not coordinated.
HN loves decentralized solutions. Talk about blogs, RSS, the old web, mashups and you get a lot of positive feedback. Also mastodon and matrix got a lot of coverage here, everything in the category of peertube. And encrypted alternatives to potential monopolies as well, Signal vs Whatsapp for example.
But you are simply mistaken if you believe a bunch of obvious scams with not a single usecase bundled to one illegitimate buzzword is a decentralized solution, and of course the crowd here will see right through such bullshit. That web 3.0 scambubble never had a chance here.
Nitpick: WhatsApp uses litetally the same encryption algorithm that Signal does. That said, I trust Signal a lot more, just because it isn't owned by Facebook.
To clarify the point made above: Do you trust Meta not to change your key to one they control without notifying you? Do you think they haven't implemented this functionality already?
I don't. I think we can decompile WhatsApp and look if something suspicious has been implemented (e. g. some backdoor that hides the key change message), but I'm not sure if somebody does this on a regular basis. That's a bit simpler with the open source Signal, although we still need to verify they haven't slipped a backdoor to their official build.
There are lots more authors now. I'm not sure why you're so hung up on this one. (He was literally forced out of town. So don't hold him against us.)
I was also pretty sure that story would be a good one to explain why it does have a chance. Ever heard of Elinor Ostrom? (I'll assume you didn't hear of her, but you might have heard of Garrett Hardin who came up with Tragedy of the Commons, which I learned was one of the most widely cited "wrong arguments" in the history of publishing papers...)
I'm not a scholar in the field, but it was my understanding that retaining the capability for "driving someone especially bad out of town" was literally the thing that made it possible for "tragedy of the commons" to have been found an invalid construct as foregone conclusion or an inevitable outcome of working with communal shared resources.
They did studies of the tight-knit communities in Africa where they had managed to avoid the tragedy of the commons for many generations, and I'm sure I'm drastically over-simplifying the conclusion, someone here can explain it better than I can...
But so, we've got that going for us, as well. We can kick people out without "losing their shit for them" on the way.
It's a weakly motivated opinion I strongly stated :) Urbit back then was strange, it wasn't understandable what it wanted to be, and then there was all the political ramifications from the author's ideology. So in my mind it's still marked as dead, and if things really changed, I'll add "sadly". Because I won't be alone with that.
I had just a very short look at the project now, it does look different than what I saw back then. I'm just not convinced "inventing the stack completely anew" and "needing to pay for identities" can result in something that wins users, but hey, who knows. The thing that was attractive back then and still is, is the part about "one programmer should be capable to understand the whole stack." But that's only attractive for devs.
In the end all the background doesn't matter, only how the layer behaves that users can interact with. On the one hand that's good for Urbit, its history doesn't matter much. One the other it's not as good, since I don't see how Urbit could be a foundation for a service that wins against regular apps or websites. Publishing, reading, shopping, listing to music and watching videos, how can Urbit improve any of that?
Well I mean, you don't actually need to pay for it, you only need to "make them cost something." (You know, like a JPEG? Nobody really pays for these, do they?)
It's just a bit of friction, think of it like I'm giving you an egg. You need to carry the egg around with you and keep it safe, I'm not giving you another one. OK, maybe just one more. (But do try not to break it!)
But there are egg-as-a-service managers so you don't really have to carry the egg, just pay a small fee and someone will handle it for you according to the protocol. They are actually giving the managed accounts away now, if you wanted to remove all that cost and hosting friction and see what "superconducting feels like" J/K
The point about the identities is that they shouldn't be easily forged. If enough people do have them, if they're actually buying them, they won't have bought just one. They'll have them in bulk, they'll hold surplus, and they'll be careful about who they invite. You'll probably get one at no cost. Unless of course it's really becoming popular, and there is real scarcity. If Urbit is still around long enough for there to be any question of real scarcity, that will have been something else!
Just don't expect to purchase another one on any street-corner if you burned yours by sending spam, (then well it's better to have been a productive spam that made you at least back in value as much as the burned ID cost!)
Nobody really pays for this now. It's all million dollar art projects, and I think it's like the old days when you just went on IRC and who knows what you'll find!
I'm really glad to see you're willing to debate this in spite of having a strong opinion front-loaded, and I'm sure you're right about most people that heard of Urbit so far, ...but I think you'll find that many people will have only heard the good news and intentionally shied away from the controversy. We humans don't like conflict. No need to create it fresh from the bones of our ancestors, I say.
Or most people in reality probably haven't heard of Urbit yet at all.
People have lost funds on blockchain technology due to scam / bugs / errors. With no one to complain too, regulations is always the way imho, more anarchy can’t be the answer to anarchy
> On the other hand, a lot of them gang up en masse on any decentralized and open alternative, especially Web3-related, [...] So what is the alternative?
A decentralized and open alternative that's not "Web3-related"? Most of the objection is to the so-called "Web3" part, ranging from ecological concerns to the fact that its money-oriented aspect leads to it being full of grifters. We can have distributed systems without everything being about some kind of monetizable token.
How do you make decentralized identities that are spam-proof? You have to make them cost something, that's how. That's what this argument misses, and why you are all wrong about this IMHO.
> How do you make decentralized identities that are spam-proof? You have to make them cost something, that's how.
Not all costs have to be expressed as money or as a money analogue. For instance, a web-of-trust system could have reputation as the cost: someone who introduces too many spam accounts to the network could be marked as a spammer in turn.
OK, but if it has value (utility) and it has scarcity, then it's going to get a cash price. My favorite internet argument about Web3 was the time that I had two people on Twitter telling me that "scarcity" was a problem with my imagination.
If I could just imagine a world with no scarcity, then it would be so! Shame for this tremendous failure of my imagination. It's clear enough that I'm the problem now.
Well friend, I'm here to tell you that it isn't so. There will always be some kind of resource scarcity, and as long as there is money, people will be putting dollar amounts on our million dollar art projects. Whether or not we think they are worth the money, is not at issue. Whether someone will pay the money, is not at issue.
If there isn't a "finitely deep supply" for long-term holders to protect somehow, and the "cost to create more supply isn't negligible" then what cost is there to burn your pseudonymous identity? Just mint another one. It has to have some cost, or spammers will just push this button continuously and ruin it for all us good people. It only takes a few bad apples, (but there is really nothing worse than infinitely many procedurally generated bad apples!)
It requires someone (it can be a shared job) to take ownership of these barrels, and occasionally remove some dangerous bad apples. There can be enough barrels for everyone (even the bad apples! they can get a barrel to themselves...) even if a few are spoiled, but there cannot be infinitely many barrels with infinitely many apples and still make a good community platform. It has to have boundaries. This is just IMHO.
These are the table stakes for a successful distributed community platform to grow without limits. (It has to have limits!)
Decentralized is fine, especially Matrix and ActivityPub. In fact it's critical these open protocols get enough support to provide some antidote to Google, Facebook and the rest going full corporate capitalist utopia on internet services.
The Crypto crowd LARPing as Bernie Madoff or being wall street hedge funds are not. I notice you didn't event mention Crypto or blockchain, "Web3" won't fool anyone here though.
Actually, enough people were fooled to conflate FTX and Celsius with Blockchain and Smart Contracts, exactly because they were all lumped into one thing by the word “crypto”. I wouldn’t be surprised if many people are now against end-to-end cryptography also because the word “crypto” was co-opted:
So why would I want to use it? It just confuses the issue. And by the way FTX and Celsius and their ilk are exactly the sort of black box funds-custodying middlemen that Bitcoin and crypto was designed as an alternative to! They are closer to Stripe than blockchain. So when you try to equate smart contracts on a blockchain with FTX, who is the one being disingenuous?
> And Google Chrome's new client attestation API has everyone freaking out.
I know quite a few people (many of them technically-minded and/or software developers) who don't like Google and don't like ads, and know that Chrome is just Google's way to get people to see more ads, and gain more control over the web itself.
And yet, when I suggest they switch to Firefox (or something else), they just start making excuses.
> But honestly, it freaks me out that Google might someday disable my account.
I moved my email to Fastmail over a year ago. I was able to do this easily because I used GSuite with a custom domain, so it was just a matter of updating MX records and moving my old mail.
But it doesn't have to be a huge chore even if you have an @gmail.com email address. You can register a domain, and sign up with Fastmail (or some other mail provider where you are actually the customer and not the product), and move things slowly. Set up forwarding from your GMail account to your Fastmail account. Start using the new email address for new accounts. Slowly start changing the email addresses on old accounts. You don't need to do it all at once; just maybe set aside 15 minutes a day, or maybe an hour on a weekend, and gradually change things. Focus on the important things first, like financial accounts. Eventually you'll stop getting email that you care about through the GMail address.
I'm now worried about my other Google-held data, like photos and documents. Some of them are backed up, but I still haven't made sure everything is.
> it freaks me out that Google might someday disable my account.
Any time you are utterly dependent on any provider, you are at risk. This is something I was taught about being in business, but it holds just as true for personal things.
That you are nervous about this is entirely reasonable, and you should channel that nervousness into finding a way to reduce your exposure.
I'm so worried now, I think there's a bigger problem to be solved here. Sounds like I need to use the Apple Credit Card only with my Apple ID, remove all other payment instruments and make sure my Apple Credit card isn't used anywhere else.
I've had fraudulent charges on my Apple card multiple times. They were almost always detected by Goldman Sachs. I was issued new cards (and virtual cards) immediately, and nothing happened to my Apple ID. I think there's far more to this post on Reddit than we're seeing.
> Forget the movies you lose, if your AppleID is disabled
How does Movies Anywhere fit in here? If I buy a movie at one of {Apple, Amazon, Google, Xfinity, Microsoft, Vudu, DirecTV, Verizon} that is from a studio that participates in Movies Anywhere and then lose or close my account at the place I bought the movie, does it remain on Movies Anywhere for me?
Honestly, that's the sort of terror that keeps me still using GMail, but at the same time at least my email is on a domain I control, and worst case I'd just need to hard migrate to another provider while keeping the address.
I'm pretty tied to Apple for lots of things, and I generally trust them (or I wouldn't be tied this way), but even I won't put myself in a position where a single vendor can utterly cripple me.
My email isn't at iCloud. It's at Fastmail.
My iCloud data -- contacts, calendars, etc -- is backed up locally.
My login to my Mac isn't run by Apple.
Regardless of how much you trust a vendor, you should never create a single point of failure, right?
> I ask to talk to a manager. Apple support manager calls me and confirms everything that the rep said. She keeps on saying that she "understands my frustration". Gee thanks. She says that it's frustrating for her too as this is something that happens frequently. That's when I start laughing. I ask her "This happens frequently and you haven't come up with a solution yet!?!?" She just keeps on apologizing and tells me that maybe I can post on the customer support forum and maybe if enough people do so, a change will be made.
From this account the manager sounds like a nice person who is essentially powerless to do anything. Seems like an incredibly frustrating position to be in.
That's basically the support Google provides for consumer service subscribers. "24/7 support" isn't really useful when all they can do is refer you to their help portal and come up with titles when you ask to talk to a supervisor, manager, etc, in addition to swapping around the communication medium, so from live chat with 2 minute response times to emailing with two day response times, and eventually flat out ghosting (no "your ticket has been resolved") because the support "manager" understands that the conversation is going nowhere.
My sense isn’t that they don’t have a solution, it’s that the people you talk to, including “managers” are just fancy drones who have not been granted any nontrivial decisionmaking power by the Company. They just follow decision trees and act as a car bumper for small collisions.
It's pretty common that the front line don't and can't know the underlying details, especially in situations that might have overlaps with law enforcement / crime.
Apple gift cards are a massive vehicle for fraud, both in extracting value from stolen credit cards, and in scams ("the IRS has frozen your SS number...send iTunes cards or get arrested!"). There are places that sell Apple cards 80%+ off face value, the use of which is a very good way to get your account locked. Stolen/scammed Apple cards should have a market value of nothing.
I know nothing about this particular case or whether such gift cards played a part. And ultimately getting completely locked out of a digital identity without recourse is ridiculous and demands legislative remedy. However I'm pretty cynical about these sorts of stories at this point. Perhaps it's years of playing in first person shooter games where it's normal to see cheaters/hackers wail about their innocence when banned, to eventually changing their story and just going radio silent when they're proven cheats. Apple has absolutely no benefit to arbitrarily banning random people for fun. Not that it couldn't happen, and errors absolutely happen, however it usually isn't random.
My issue with this is that the CS rep reframed what is essentially theft--assuming it's a straight up error on Apple's part--to the tune of hundreds of dollars as "frustrating," and then suggesting that oh yeah, "it's frustrating to me too".
This is handling on the part of the rep, and it's not "frustrating," it's infuriating.
To take the example to the extreme, imagine if you get a call from a cop who tells you that your child has been killed, and they say "I know it's terrible, but it's terrible for me too, I had to call you about your dead kid."
Even if it's broadly accurate that it is "frustrating", the CS rep will go home that night not short a few hundred dollars because a giant multinational corporation just... took it.
I think I'd rather be locked out of my Apple account and lose access to some stuff than be stuck in a job where I have to powerlessly tell people that this has happened to them every day.
I get where you're coming from. But in the end we're all powerless "cogs in the machine" with much of our autonomy stripped by, ehm, who even? Apple Management? Some Apple engineer who wrote this? The Algorithm (which may or may not be comprehensible and may or may not be able to explain its decisions)? Someone/thing else? I feel we need think about this on a higher level than just "customer X was kicked in the teeth" and even "customers regularly get kicked in the teeth".
I just "love" how the apple fans go right to the victim blaming. From the thread:
> I'm not sure if OP doesn't use the right communication.
How much clearer could it be? They clearly understood the situation, and they're clearly unwilling (not unable!) to do anything about it. "They" being apple the corporation, not any individual who may well be unable to do what's right with the tools/permissions they're given.
That is simply because the "situation" is only a "problem" for the customer. For apple, it's just that, a situation. Not bad enough to warrant a solution.
My favorite was "the apple rep told you more than they were meant to. they're not allowed to tell you things, but if they were, you'd totally understand why they did it and even thank them".
To which someone at least calls out the laughability of this: "Uh, I'm not thanking any company that just deletes my account and loses me data, apps and money, with no recourse".
It has now been [0] days since the last [cloud service cancels my account and won't tell me why] article. We should all be working to minimize/eliminate our dependence on cloud service accounts that can simply disappear due to bad automation or at the whim of the service provider. How many articles like this need to be posted before we are all convinced?
An unlimited amount because your advise does not scale.
Society has rapidly digitized. We now have billions of people using big tech account systems to access things. And the things are no longer toys, they represent things of real value.
We need legislation. It should be illegal to randomly deny service, to not disclose a reason, to not have a sane appeal process.
If the reddit poster is in the US this is perfect for a small claims court claim. No lawyer, just file and show up and most likely win even if Apple sends someone to contest it.
Then if they don't pay judgement you can literally go to the Apple store with a sheriff and take things off the shelf up to the value of your claim. Or take one of the display tables.
THAT would get Apple's attention.
One of my favorite events from the (horrible) Great Financial Crisis was a case of this: the winner of a claim against one of the big banks (I think it was a bogus foreclosure, or some fees or something) couldn't get the bank to cough up, so they walked into a branch with the sheriff and just started removing furniture. Got a lot of attention in the press and then in the Florida Legislature.
Don't take anything with a computer chip in it, Apple can iCloud lock it.
As for if they would blatantly reject the sovereignty of their host country by locking legally stolen property, who knows. We've been sleepwalking into anarcho-capitalism for decades.
> One of my favorite events from the (horrible) Great Financial Crisis was a case of this: the winner of a claim against one of the big banks (I think it was a bogus foreclosure, or some fees or something) couldn't get the bank to cough up, so they walked into a branch with the sheriff and just started removing furniture.
Yup, he walked out with a check that same day too.
> The Florida incident arose when the bank foreclosed on Warren and Maureen Nyerges of Golden Gate Estates in Naples. This surprised the Nyerges, since they had no mortgage--not with BofA or with anybody else. They had paid cash for their home in 2009.
> Finally he hired an attorney. Two months later, the foreclosure had been dismissed.
> Nyerges then sought to recover his attorney's fees, and got a judgment against the bank. Five more months passed: more phone calls, more letters; no payment. Nyerges went back to court and got a writ of execution, which gave him permission to seize bank assets in payment for his judgment.
> On June 3, Nyerges, two sheriff's deputies and a moving truck showed up at the local BofA branch. The deputies informed the manager that he could either pay the Nyerges' legal fees— $2,500—or the movers would start taking away the bank's furniture and cash. The manager, after conferring with his superiors, gave the deputies a check.
> Bank of America later apologized to the Nyerges in writing--but managed to misspell their name.
The TOS you agree to when you create an iCloud account say they can close your account and that you are not entitled to refunds for purchases you've made when they do this. What does going to court accomplish?
TOS do not negate your rights. They often contain unenforceable (i.e., incorrect, illegal) provisions. Part of their purpose is to muddy the waters for the consumer, convincing them that they do not have the rights they do.
Illegal ToS are literally scary stories to scare people, but if any part of that ToS goes against laws/ your rights, then that part is null and void.
Courts often have cases where a ToS section or section of a contract is not legally enforceable, and the court simply sets that aside as if it never existed.
My developer account is not connected in any way with my personal apple ID.
The dev appleid is so old it is not an email address -- in fact it has a space in it. That occasionally breaks things but I figure that might help in a case like that too :-)
Assuming the case where your credit card (that is linked to your iCloud account) is stolen (I.e. just the credit card details) and then used fraudulently by someone else, and that this causes Apple to lock your account, would it be better to use an entirely separate card for iCloud and for iCloud only?
> (I.e. just the credit card details) and then used fraudulently by someone else [...] would it be better to use an entirely separate card for iCloud and for iCloud only?
I've already once had a card used fraudulently as a credit card, but it had never been used for anything other than being initially unlocked at the bank's ATM (it was the card for the secondary owner of that bank account), and its credit card function hadn't even been enabled (which meant that the attempted misuse was immediately rejected). So I wouldn't expect that using a card for iCloud and iCloud only would be enough to prevent it from being used fraudulently somehow.
For my non-MoviesAnywhere direct movie purchases and code redeems, I’m starting to use Vudu a lot more than iTunes, as the having your account disabled or suspended for some vague reason is pretty much not a thing with Vudu. All Vudu does is movies and TV, nothing else, and they want to keep you as that customer.
My father got hacked and lost access to his Apple account. The hacker proceeded to delete the account and tried to take control of his devices.
At no moment Apple sent an email to my father to confirm anything. Once the account was deleted, there was nothing Apple could or would do. Everything was lost.
Taking control of the devices back was quite the odyssey as Apple required invoices and whatnot.
You can’t take control of devices after deleting the account, and notifications are send out per email for every little thing from logging in from a new device to changing trusted devices and phone numbers to changing the address on file.
I was as surprised as you are but AFAIK he didn't receive any email from Apple and he certainly didn't agree to having his account deleted.
I guess one possibility is the hacker might have accessed my father's email but it seems improbable. AFAIK my father didn't store passwords on the keychain and didn't sync it with iCloud.
With Facebook it took 6 months to get fixed. Then it happened again in 2020 and I was only recently able to get the flag removed a few months ago.
With Google I took it much more serious. Took about 6 days of non stop calls and emails. Probably put in 4-6 hours a day just trying over and over again.
The trick is to just keep trying. Again and again. Don’t waste time talking to people who can’t help. You start to get a feel for it. Eventually you can find your way to “Risk Management“ and a human will review your account. Same response from both Facebook (multiple times) and Google, which is some derivation of, “Sorry. Our algorithm was overly zealous and accidentally flagged your account. The flag has been removed and your access restored.”
Of course no one uses a real name or last name and everyone uses an ephemeral email address so it’s impossible to ever reach back out.
241 comments
[ 2.2 ms ] story [ 462 ms ] thread* If using the Web UI, it will be locked & probably will remain in some catatonic state, until Apple restores or purges its contents. The ID will not be reissued to anyone else, so it is a safe assumption no one will get any email, notes or photos that belonged to you. Apple support page will still be available in many cases (and probably the only thing) when you try logging-in
* On your device, syncing will stop. Local content will remain. Shared albums might disappear or seem broken i.e thumbnails will be visible but suspended account will not be able to fetch data. App purchases will stay but updates will probably be infeasible. iCloud dependent document access will definitely be broken.
I sometimes worry what will happen to my library on Steam if I ever get falsely banned. I have a lot more than $100 of content there.
And if that was a one-off sort of thing than I'd say "caveat emptor" but it's not a one-off, it's something we hear about all the time which makes me say "Holy shit sounds like fraud to me."
If so many people are walking away from a transaction with a complete misconception about what it is that they transacted I question whether or not we can call what went on as a 'meeting of the minds.'
Last time I upgraded I forgot to sell the old one, so I still have one laptop that supports 32 bit games.
I'm about due for a new laptop, and I'm thinking of selling the newer one and keeping the older one for this reason.
..or transferred. Which should reasonably be available (and is absolutely technically feasible) in the redditor's scenario.
Consumer protections in the US are a joke.
The moment consumers understand it's not a real sale, they will pay more for the media they like.
If I buy e.g. a game from publisher Foo on Steam, then I should be able to then freely download that game not only from Steam, but from any digital distributor who chooses to carry that game — including distributors that weren't even in business yet at the time I bought the game. Being a distributor of digital good X for your own customers, should legally obligate you to be a distributor for digital good X more generally, for anyone who has an IP license for digital good X.
When I bought the game from publisher Foo on steam, I was really just paying Steam to go acquire for me an indefinite IP license from publisher Foo. Now that I have that license, I should be able to present it to any of these distributors to say "I have a license to consume this, so you have an obligation to deliver me a copy of it just as if I had bought it from you." Steam should not be able to hold that IP license hostage; it's not theirs, any more than a retail product I paid Amazon to ship to me is theirs. The IP license is now mine; I bought it; I own it. I don't own the work itself; but I do own the license itself. If I was a corporation, the license would be an asset on my balance sheet.
(And as well, acquiring this IP license should mean that I can also freely download the game from random websites/torrents. The distributor might not have a right to distribute the work, and so might get in trouble for sending it to me; but I shouldn't get in trouble for requesting or receiving it!)
You're into something. I like this.
They've already sued MoviePass for the same kind of abusive shenanigans.
https://buckleyfirm.com/blog/2021-06-09/ftc-alleges-subscrip...
Sure there is the potential that this poster was innocent but Apple's fraud division certainly isn't missing all of its bans...
BTW you can thank credit card companies for these scorched earth policies. You can't accept credit cards unless you keep your fraud count below a certain threshold.
This was because Visa et al never developed anti fraud techniques in the pre-internet era and realized it was easier to just ban anyone with too much fraud.
Why not? If the license is revoked then it should be refunded. They are not forced to revoke licenses after all - they can very well ban further purchases from allegedly-fraudulent accounts while allowing them to consume whatever they've already successfully paid for (and that hasn't been charged back obviously) and then they wouldn't have to refund anything.
Additionally typically most of the value of the things people purchased is over when actions are taken. You can argue they are owed something but a complete refund is a stretch.
For instance at minimum any show can't be worth more than the delta between renting it the number of times you watched and what you paid.
You said it
Use "pay-once renting" or "lifetime rent" or whatever. "Buying" should be reserved for transactions where the other party cannot (not "must not". cannot!) take back what they sold without involving a third party like the state.
I have never seen an ebook product entry containing the word "license" in the name or description. And even if we assume that's fine, that still doesn't warrant taking away access to the product you bought. If you buy a DVD and stream the movie online you won't get raided and have all DVDs, CDs, vinyls and books taken away. Apple, Amazon etc are doing exactly that.
Imho it should at least say "buy license", or ideally: "rent for an unknown amount of time, do you feel lucky?"
Losing game saves is a moderate inconvenience, the games themselves are easy to pirate - I wouldn't feel guilty about doing so for titles I've previously purchased on Steam
Edit: I just realized it will be different for those who play lots of multiplayer games or have accumulated a collection of "digital assets" on Steam
> I sometimes worry what will happen to my library on Steam
Well are you going to go to Colossal Order and demand refunds?
The people who did this for Star Citizen occasionally prevailed. It's complicated.
* There is some kind of fraud performed by the guy. Telling the guy/fraudster to create a new Apple ID account makes no sense. Are you going to tell the bank robber to try again using another method when the first attempt fail?
* There is no fraud involved. Then the flag on the account should be removed.
Instead they're saying "don't change the behavior that caused you to lose the account, just open another account and cross your fingers you don't lose that one too."
1. All your emails if you use iCloud for your email, and thus potentially locking you out of any other sites that use email as a 2-factor-auth.
2. All your backups on iCloud.
3. All your data on iCloud.
4. Every single login you have where you used sign-in-with-Apple.
5. Every app on your phone that you have a paid subscription for.
6. The fallback login mechanism on any of your Macs where you used iCloud as the login fallback.
The list goes on. They ask you to tie your life to iCloud. They tell you to make backups on iCloud. According to the reddit thread, this can happen if there was a fraudulent charge made with a credit card associated with the account... Not even done on the account. So then all of your data disappears? Is that enough wrong here?
It works, because big cos almost universally settle. Attorneys cost many times more than your acc.
And another moment, small claims court judges are rarely some ideological cranks.
And if the SCC judge will say arbitrate, then, why not for something so trivial, and clear cut?
"this Agreement and the relationship between you and Apple shall be governed by the laws of the State of California, excluding its conflicts of law provisions. You and Apple agree to submit to the personal and exclusive jurisdiction of the courts located within the county of Santa Clara, California, to resolve any dispute or claim arising from this Agreement"
Steam for instance seems to impose arbitration but also has this:
"Disputes that can be resolved in small claims court or relate to the infringement of our intellectual property do not have to be arbitrated. You can opt out of arbitration within 30 days of accepting this EULA.
(d) Exceptions. As limited exceptions to Section 22(b) above, the following Disputes can be resolved in court and need not be resolved through arbitration: (i) any Dispute that can be resolved in small claims court (if it qualifies); and (ii) any Dispute involving the infringement or misappropriation of our intellectual property rights."
I wonder if you agreed to an updated terms and conditions, if that is a new agreement.
'The EU requires Member States’ courts to presume that the arbitration agreement in consumer contracts is an unfair term, if it was not individually negotiated by the parties after the dispute arose (see Directive 93/13/EEC of 05/03/1993).'
Literally smalls claims / arbitration works.
Apple is happy to do this because even when the arbitrator decides they're in the wrong it'll 1) be much faster than court 2) be much less than a jury awards. There are pretty much 2 arbitrators in the US and so they can afford to lose a single client.
Its only uphill if you have an actually bad argument such as _just_ the statement "they broke our TOS.".
Additionally (I am not a lawyer) arbitration does not override any court or have any authority unless authorized by a court. If a party does not cooperate with the arbitration, the other party still has to go to court to convince a judge that the arbitration was good and get the judge to enter a judgement against the noncompliant party.
If as a consumer, you agree to arbitration and it is grossly unfair, you can still go to court and the judge can decide whether or not to use the arbitrators ruling or make their own ruling. The other party would also have to convince a judge that their unfair arbitration was fair.
In terms of the arbitration itself, it is very hard in the US to get an arbitration award overturned. So, wouldn't bank on that.
It's about time governments actually legislated for this. If they want to ban you, then at the very minimum they need to prove it, to provide the evidence, evidence you can challenge. They need to prove their response is proportionate, and they need to be open to an independent person judging their response.
This is really scary as my credit cards #s were already stole a few times and it was never an issue larger than 15 minutes on phone with my bank rep. However, if this could lead to me losing my iCloud account (or Google, Amazon, etc.), this is a much bigger deal.
if house burns down, I restore from an offsite backup that syncs on a nightly basis
no worries. fuck "the cloud"
As a side note, for all the good PR Apple gets for their customer service, my experience with their digital services and payments support has been subpar.
The Apple Card support is particularly atrocious, with a two-level support hierarchy where Apple cannot do anything but answer basic questions, and pretty much any serious request has to be handed to Goldman-Sachs advisors. Payments are a bit better, but half of the time I had any issues, I ended up sending an email to tcook@apple.com for the lack of responses.
What we've done is instead of reducing the staff requirements by 10x or 25x we've reduced it by 500x, which is not okay. We can't afford purely manual fraud detection, but with the stakes this high humans should have the final say. But then that's always been a thing with ergonomic business software versus poorly designed business software - whether a human is allowed to override the system or not.
The human would make the same final judgement that the heuristic did, because the human doesn't have access to any more information than the heuristic does. (If they did, the heuristic's programmers would tap into that info to improve the heuristic as well.)
As you say, the only real solution is to make un-suspension — upon presentation of additional evidence of account authenticity — easy. (Perhaps even automated.)
1. All your emails if you use iCloud for your email, and thus potentially locking you out of any other sites that use email as a 2-factor-auth.
2. All your backups on iCloud.
3. All your data on iCloud.
4. Every single login you have where you used sign-in-with-Apple.
5. Every app on your phone that you have a paid subscription for.
6. The fallback login mechanism on any of your Macs where you used iCloud as the login fallback.
The list goes on. They ask you to tie your life to iCloud. They tell you to make backups on iCloud. According to the reddit thread, this can happen if there was a fraudulent charge made with a credit card associated with the account... Not even done on the account. So then all of your data disappears?
Looks like there is a download link accessible via the web interface on icloud.com. But you can also set an auto-syncing folder on OSX/Windows and copy them from there using standard OS commands.
[0] https://support.apple.com/en-us/HT204055
[1] https://www.jessesquires.com/blog/2019/09/27/icloud-backup-u...
Plus a data export feature for the other data. That can take up to 7 days. Not exactly a backup in the traditional sense however.
The same exact thing can happen, and has happened, if Google disables your account.
Have a great day/evening/whatever it is where you are. Genuinely.
1. https://takeout.google.com/
https://privacy.apple.com
Yes, it's one of the services at privacy.apple.com.
...but you can use iCloud Mail through regular POP3/IMAP and thus have a local copy of all your mail. (And, as far as I know, this is what Mail.app itself does, save for some push-notification optimization; am I wrong here?) There's no walled garden here. It's email.
Second reason I use Thunderbird (or whoever wants whatever else) is that I have 10 or 20 mail boxes like separate for shopping separate for more important stuff separate for stupid stuff.
You don't have to have a single mailbox with a single provider.
Additionally, you can't send email. That's also a pretty important part of the whole "email" thing. Any ongoing discussions will just be cut off.
Seems pretty walled garden-y to me, considering the entire framing of this is that nothing bad was done with said email. It was because Apple has a unilateral switch that turns everything off if anything bad happens to an associated credit card. That is to say, if your credit card number is stolen, completely outside of your control, this could happen to your email. I'm not aware of any other email service where that is the case.
Federated email just generally sucks, insofar as email addresses are expected to stick around indefinitely, yet are almost-always associated with some service provider you might eventually no longer be a customer of (for whatever reason) and with "owning your own email providing" being nigh-impossible for deliverability reasons.
Also, people's emails to you wouldn't go into a black hole; they'd start bouncing. Which would mean that those people would realize that they should be reaching out to you some other way.
(In fact, properly-coded 2FA systems should recognize an SMTP bounce and use it as a signal to temporarily reduce the level of authentication required to reset 2FA. Things like this are why it's so hard to get 2FA right.)
Yes, if my non-Apple email service "locks me out", then the same would happen as here. The point however is that:
1. Usually this would only happen if something weird specifically happens on that account. For example, if I am paying for an email provider and my card is declined. Notice that with the Apple case, a problem in something completely unrelated to email can cause this (including apparently the card being flagged for a fraudulent charge on some unrelated service).
2. Even then, usually the next step is I am told that that happened. Notice that in the Apple case they won't even tell you what the situation is to give you a chance to remedy it.
3. Finally, you then almost always have a way to remedy the problem. For example, by giving them a new credit card. Notice in the Apple case they insist that the account is disabled forever.
Do you see the difference? It's not in the "what happens if your email stops working" part, it's in the "what leads to your email not working anymore" and "how do you fix your email" parts.
Uhm, conjecture? The Reddit poster complained about app/media store lock, if they lost something more important like iCloud with photos and email that'd be a totally different story instead of "I lost some movies".
Second, they only ever said they asked the rep about their purchase content. Nowhere in the thread do they imply they lost anything else.
Do you have any evidence Apple has done that here?
But honestly, it freaks me out that Google might someday disable my account. Unlike the Apple stuff, Gmail is a gateway to all my internet stuff since 1st of April, 2004. Lately Apple is also trying to be that middleman and IMHO account blocking should be more like denying anything new but providing a clear path out or a clear path for re-activation.
Another thing that I can't stand is the policy of not disclosing the reason for account blocking or rejection. This should be straight out illegal, it creates real stress and even trauma on people and I don't believe that the justification on making their job easier by hiding their methods to fight bad actors is a reasonable one.
A number too small to show up in the analytics dashboard is someone very upset, maybe crying maybe going through life changing situation due to a glitch or bad design in the system. These things happen all the time and get resolved when gain traction in social media.
The tech companies need to understand that they are dealing with real people and the outcomes of their actions are real and that's why they are paid so much in first place.
[0] https://faangsupport.com
[1] https://news.ycombinator.com/item?id=36899787
Obviously might be a challenge to find enough volunteers and this is unfortunately really only a bandaid on the actual problem.
Curious to know why you included a login with Google account though. Feels like they're particularly well known for disabling accounts.
And true, the service is only good if Fanng/Fortune500 employees signup. I agree, its only a bandaid because Faang needs to step-up to solve this.
I think the only reason I added Login with google is that it's frictionless, just to enable users quickly setup accounts.
Make it a paid service. It's the only way it will work. People may be willing to spend a few minutes of their weekend or evening to help when it's a front-page post on HackerNews, but nobody will voluntarily waste their free time helping strangers at an industrial scale on what will end up being 99% stupid issues.
For example, let's say someone uses your service to steal money or personal information from unwitting customers who think they're dealing with official 'FAANG support', or the bad actor provides erroneous information that ends up causing harm or death. Where do you think that open-ended liability would be assigned, were the legal system(s) to get involved?
For another, let's assume for a moment that there's an unfilled demand for FAANG support. Most interesting support calls likely require customer identification and also, crucially, internal backend access (e.g. to account systems, server logs, billing systems, and so on). Your site will not have that capability. That limits you to the boring support calls, which might as well be a wiki or stackoverflow, raising the question of whether you were able to address this unfilled demand.
Thanks for your feedback. This is why I thought I should get feedback before coding further.
Then don't wait. There are plenty of alternatives such as Fastmail. You pay a small amount of money but you can talk to a human being if anything goes wrong.
I also don't get why people put all their eggs in one basket. I'm so glad that my email, password manager, YouTube profile etc are not the same account.
I keep seeing fastmail here. Is that the best alternative right now?
Don't you still have to worry about losing the domain?
Transitioning to a new email address isn't really that bad. I did it about 15 years ago. Whenever you log in to a site and you notice that it's using your old email address, you go into your profile settings and update it. After about a year you'll probably have hit 90% of your meaningful accounts.
Truly decoupling yourself is hard, and you'll probably be finding old accounts and dealing with them for years, but getting 95% of the stuff moved over the next year or so will likely give you a lot of peace of mind if you're actaully worried about it.
FWIW if you're actually worried about it, you should also make sure your email is through a domain you control (even if just pointed towards a service, or even gmail) and that domain service is not linked administratively to the same account that you use for email (e.g. don't register domain through google and then point at gmail), so worst case you can change the destination service by changing MX records and just swap all your email at once to a new handler (or if you're a masochist or as a last resort point towards your own mail server you admin). Just make sure it never expires (in the end, there's always something to worry about, you need to find the risk you're most comfortable with).
2) Buy mail services from fastmail
3) Set up forwarding in Gmail
4) Every Saturday you go through your inbox and change the email address on accounts important to you, and unsubscribe from the rest.
And you should still log in to Gmail of course, to avoid account shutdown. Also, Gmail doesn't forward what it considers spam.
I also found their search (which I rely on heavily) to be a joke compared to gmail.
I still have the old gmail account, but almost nothing of value goes through it.
The key is the domain, you don't even need to go away from gmail, but own your domain.
There's your problem fishbulb.
I've _still_ got a few places that insist sending mail to Gmail (mostly sites that don't let me switch email for some weird reason).
I got my own domain, set it up on Fastmail, imported all my old mails from Gmail and set up a permanent forward from Gmail to Fastmail.
Then I set up a filter on Fastmail that shows all mails that were sent to my Gmail address and slowly went through that list and switched from @gmail.com to my own domain.
Now I'm the customer for my email instead of the product and I 100% own my own domain so no single company can take it away.
But much less risky because if you have a problem with your registrar, you can move to another registrar without having to change anything else.
Then don't use gmail? It is very much possible.
Alphabet would get broken up into seperate entities: Gmail, Google, YouTube, AdSense, etc, should all be different companies and your single source of life failure disappears
That doesn't necessarily solve the issue of having a sudden death round of Gmail dying would lock you out of a lot of services using 2FA email and/or "Login with Google."
On the one hand, they complain constantly about this or that centralized service that they are throughly dependent on, and admit to being terrified of that service doing something "unaligned" with their interests. A few days ago, it was Stripe, before that it was Twitter, Reddit, now it's Apple, Google, etc. They complain and throw their hands up in despair, and Cory Doctorow even recently coined the word "enshittification" showing that this will always happen to for-profit platfoms. And Google Chrome's new client attestation API has everyone freaking out.
On the other hand, a lot of them gang up en masse on any decentralized and open alternative, especially Web3-related, that actually solves the problem technologically. They fight tooth and nail arguing that it isn't popular yet, and never should become. Because only centralized, government-regulated platforms that had years to become entrenched, are good, the rest is bad and should not belong on HN.
So what is the alternative?
Also this same group of people, seemingly, is totally nonchalant about the prospects of AI destroying human civilization, despite its own creators consistently giving that a 10-20% chance. They say that you shouldn't be worried so much. I just don't get this crowd, honestly. It seems like insanity.
PS: It's not all people on HN, just the most activist and vocal ones, and the ones with the silent downvote button trigger finger with massive hyperthrophy from constant use.
Is this true though? Sure, there are tech demos but people use the tech as a mean to the end(which is some content or interaction) and just because it works on technical level it doesn't mean that it fulfil the needs of the user. For example, if all the best stuff about LK-99 is on Twitter and Reddit, I'm going to be on Twitter and Reddit. Convenience? network effect? Does it matter?
Also it's usually different people complaining about different stuff and as a result it's not a contradiction. We are not coordinated.
But you are simply mistaken if you believe a bunch of obvious scams with not a single usecase bundled to one illegitimate buzzword is a decentralized solution, and of course the crowd here will see right through such bullshit. That web 3.0 scambubble never had a chance here.
And this backdoor might not be needed though, as UX for key change is (was?) atrocious in both Signal and WhatsApp: https://keybase.io/blog/chat-apps-softer-than-tofu (2019)
There are lots more authors now. I'm not sure why you're so hung up on this one. (He was literally forced out of town. So don't hold him against us.)
I was also pretty sure that story would be a good one to explain why it does have a chance. Ever heard of Elinor Ostrom? (I'll assume you didn't hear of her, but you might have heard of Garrett Hardin who came up with Tragedy of the Commons, which I learned was one of the most widely cited "wrong arguments" in the history of publishing papers...)
I'm not a scholar in the field, but it was my understanding that retaining the capability for "driving someone especially bad out of town" was literally the thing that made it possible for "tragedy of the commons" to have been found an invalid construct as foregone conclusion or an inevitable outcome of working with communal shared resources.
They did studies of the tight-knit communities in Africa where they had managed to avoid the tragedy of the commons for many generations, and I'm sure I'm drastically over-simplifying the conclusion, someone here can explain it better than I can...
But so, we've got that going for us, as well. We can kick people out without "losing their shit for them" on the way.
I had just a very short look at the project now, it does look different than what I saw back then. I'm just not convinced "inventing the stack completely anew" and "needing to pay for identities" can result in something that wins users, but hey, who knows. The thing that was attractive back then and still is, is the part about "one programmer should be capable to understand the whole stack." But that's only attractive for devs.
In the end all the background doesn't matter, only how the layer behaves that users can interact with. On the one hand that's good for Urbit, its history doesn't matter much. One the other it's not as good, since I don't see how Urbit could be a foundation for a service that wins against regular apps or websites. Publishing, reading, shopping, listing to music and watching videos, how can Urbit improve any of that?
It's just a bit of friction, think of it like I'm giving you an egg. You need to carry the egg around with you and keep it safe, I'm not giving you another one. OK, maybe just one more. (But do try not to break it!)
But there are egg-as-a-service managers so you don't really have to carry the egg, just pay a small fee and someone will handle it for you according to the protocol. They are actually giving the managed accounts away now, if you wanted to remove all that cost and hosting friction and see what "superconducting feels like" J/K
The point about the identities is that they shouldn't be easily forged. If enough people do have them, if they're actually buying them, they won't have bought just one. They'll have them in bulk, they'll hold surplus, and they'll be careful about who they invite. You'll probably get one at no cost. Unless of course it's really becoming popular, and there is real scarcity. If Urbit is still around long enough for there to be any question of real scarcity, that will have been something else!
Just don't expect to purchase another one on any street-corner if you burned yours by sending spam, (then well it's better to have been a productive spam that made you at least back in value as much as the burned ID cost!)
Nobody really pays for this now. It's all million dollar art projects, and I think it's like the old days when you just went on IRC and who knows what you'll find!
I'm really glad to see you're willing to debate this in spite of having a strong opinion front-loaded, and I'm sure you're right about most people that heard of Urbit so far, ...but I think you'll find that many people will have only heard the good news and intentionally shied away from the controversy. We humans don't like conflict. No need to create it fresh from the bones of our ancestors, I say.
Or most people in reality probably haven't heard of Urbit yet at all.
A decentralized and open alternative that's not "Web3-related"? Most of the objection is to the so-called "Web3" part, ranging from ecological concerns to the fact that its money-oriented aspect leads to it being full of grifters. We can have distributed systems without everything being about some kind of monetizable token.
Not all costs have to be expressed as money or as a money analogue. For instance, a web-of-trust system could have reputation as the cost: someone who introduces too many spam accounts to the network could be marked as a spammer in turn.
If I could just imagine a world with no scarcity, then it would be so! Shame for this tremendous failure of my imagination. It's clear enough that I'm the problem now.
Well friend, I'm here to tell you that it isn't so. There will always be some kind of resource scarcity, and as long as there is money, people will be putting dollar amounts on our million dollar art projects. Whether or not we think they are worth the money, is not at issue. Whether someone will pay the money, is not at issue.
If there isn't a "finitely deep supply" for long-term holders to protect somehow, and the "cost to create more supply isn't negligible" then what cost is there to burn your pseudonymous identity? Just mint another one. It has to have some cost, or spammers will just push this button continuously and ruin it for all us good people. It only takes a few bad apples, (but there is really nothing worse than infinitely many procedurally generated bad apples!)
It requires someone (it can be a shared job) to take ownership of these barrels, and occasionally remove some dangerous bad apples. There can be enough barrels for everyone (even the bad apples! they can get a barrel to themselves...) even if a few are spoiled, but there cannot be infinitely many barrels with infinitely many apples and still make a good community platform. It has to have boundaries. This is just IMHO.
These are the table stakes for a successful distributed community platform to grow without limits. (It has to have limits!)
The Crypto crowd LARPing as Bernie Madoff or being wall street hedge funds are not. I notice you didn't event mention Crypto or blockchain, "Web3" won't fool anyone here though.
https://amp.theguardian.com/technology/2021/nov/18/crypto-cr...
So why would I want to use it? It just confuses the issue. And by the way FTX and Celsius and their ilk are exactly the sort of black box funds-custodying middlemen that Bitcoin and crypto was designed as an alternative to! They are closer to Stripe than blockchain. So when you try to equate smart contracts on a blockchain with FTX, who is the one being disingenuous?
I know quite a few people (many of them technically-minded and/or software developers) who don't like Google and don't like ads, and know that Chrome is just Google's way to get people to see more ads, and gain more control over the web itself.
And yet, when I suggest they switch to Firefox (or something else), they just start making excuses.
I moved my email to Fastmail over a year ago. I was able to do this easily because I used GSuite with a custom domain, so it was just a matter of updating MX records and moving my old mail.
But it doesn't have to be a huge chore even if you have an @gmail.com email address. You can register a domain, and sign up with Fastmail (or some other mail provider where you are actually the customer and not the product), and move things slowly. Set up forwarding from your GMail account to your Fastmail account. Start using the new email address for new accounts. Slowly start changing the email addresses on old accounts. You don't need to do it all at once; just maybe set aside 15 minutes a day, or maybe an hour on a weekend, and gradually change things. Focus on the important things first, like financial accounts. Eventually you'll stop getting email that you care about through the GMail address.
I'm now worried about my other Google-held data, like photos and documents. Some of them are backed up, but I still haven't made sure everything is.
Any time you are utterly dependent on any provider, you are at risk. This is something I was taught about being in business, but it holds just as true for personal things.
That you are nervous about this is entirely reasonable, and you should channel that nervousness into finding a way to reduce your exposure.
https://support.google.com/accounts/answer/3024190?sjid=1769...
It might take a long time, but do it. Hey, I'm going to do it right now and I don't even use google that much!
"They can't tell you, but trust me, if they were allowed to tell you why, you'd understand and even thank them."
Wuh?!?
How does Movies Anywhere fit in here? If I buy a movie at one of {Apple, Amazon, Google, Xfinity, Microsoft, Vudu, DirecTV, Verizon} that is from a studio that participates in Movies Anywhere and then lose or close my account at the place I bought the movie, does it remain on Movies Anywhere for me?
My email isn't at iCloud. It's at Fastmail.
My iCloud data -- contacts, calendars, etc -- is backed up locally.
My login to my Mac isn't run by Apple.
Regardless of how much you trust a vendor, you should never create a single point of failure, right?
From this account the manager sounds like a nice person who is essentially powerless to do anything. Seems like an incredibly frustrating position to be in.
My comment from a few days ago fits pretty well here: https://news.ycombinator.com/item?id=36933489
Whenever people say that "AI will replace all the jobs": remember these stories.
Apple gift cards are a massive vehicle for fraud, both in extracting value from stolen credit cards, and in scams ("the IRS has frozen your SS number...send iTunes cards or get arrested!"). There are places that sell Apple cards 80%+ off face value, the use of which is a very good way to get your account locked. Stolen/scammed Apple cards should have a market value of nothing.
I know nothing about this particular case or whether such gift cards played a part. And ultimately getting completely locked out of a digital identity without recourse is ridiculous and demands legislative remedy. However I'm pretty cynical about these sorts of stories at this point. Perhaps it's years of playing in first person shooter games where it's normal to see cheaters/hackers wail about their innocence when banned, to eventually changing their story and just going radio silent when they're proven cheats. Apple has absolutely no benefit to arbitrarily banning random people for fun. Not that it couldn't happen, and errors absolutely happen, however it usually isn't random.
This is handling on the part of the rep, and it's not "frustrating," it's infuriating.
To take the example to the extreme, imagine if you get a call from a cop who tells you that your child has been killed, and they say "I know it's terrible, but it's terrible for me too, I had to call you about your dead kid."
Even if it's broadly accurate that it is "frustrating", the CS rep will go home that night not short a few hundred dollars because a giant multinational corporation just... took it.
I get where you're coming from. But in the end we're all powerless "cogs in the machine" with much of our autonomy stripped by, ehm, who even? Apple Management? Some Apple engineer who wrote this? The Algorithm (which may or may not be comprehensible and may or may not be able to explain its decisions)? Someone/thing else? I feel we need think about this on a higher level than just "customer X was kicked in the teeth" and even "customers regularly get kicked in the teeth".
> I'm not sure if OP doesn't use the right communication.
How much clearer could it be? They clearly understood the situation, and they're clearly unwilling (not unable!) to do anything about it. "They" being apple the corporation, not any individual who may well be unable to do what's right with the tools/permissions they're given.
That is simply because the "situation" is only a "problem" for the customer. For apple, it's just that, a situation. Not bad enough to warrant a solution.
To which someone at least calls out the laughability of this: "Uh, I'm not thanking any company that just deletes my account and loses me data, apps and money, with no recourse".
And individuals doing their own automation couldn’t make a mistake?
That being said, the only thing I really care about are my photos and videos and they are synced to
- iCloud
- Google Photos
- Microsoft OneDrive
- Amazon Photos (photos only not videos)
Society has rapidly digitized. We now have billions of people using big tech account systems to access things. And the things are no longer toys, they represent things of real value.
We need legislation. It should be illegal to randomly deny service, to not disclose a reason, to not have a sane appeal process.
Then if they don't pay judgement you can literally go to the Apple store with a sheriff and take things off the shelf up to the value of your claim. Or take one of the display tables.
THAT would get Apple's attention.
One of my favorite events from the (horrible) Great Financial Crisis was a case of this: the winner of a claim against one of the big banks (I think it was a bogus foreclosure, or some fees or something) couldn't get the bank to cough up, so they walked into a branch with the sheriff and just started removing furniture. Got a lot of attention in the press and then in the Florida Legislature.
As for if they would blatantly reject the sovereignty of their host country by locking legally stolen property, who knows. We've been sleepwalking into anarcho-capitalism for decades.
if they did that, could you take them to small claims court?
Yup, he walked out with a check that same day too.
https://abcnews.go.com/Business/bank-america-florida-foreclo...
Highlights:
> The Florida incident arose when the bank foreclosed on Warren and Maureen Nyerges of Golden Gate Estates in Naples. This surprised the Nyerges, since they had no mortgage--not with BofA or with anybody else. They had paid cash for their home in 2009.
> Finally he hired an attorney. Two months later, the foreclosure had been dismissed.
> Nyerges then sought to recover his attorney's fees, and got a judgment against the bank. Five more months passed: more phone calls, more letters; no payment. Nyerges went back to court and got a writ of execution, which gave him permission to seize bank assets in payment for his judgment.
> On June 3, Nyerges, two sheriff's deputies and a moving truck showed up at the local BofA branch. The deputies informed the manager that he could either pay the Nyerges' legal fees— $2,500—or the movers would start taking away the bank's furniture and cash. The manager, after conferring with his superiors, gave the deputies a check.
> Bank of America later apologized to the Nyerges in writing--but managed to misspell their name.
Repeat after me: You cannot:
... contract away... / ... agree away... / ... accept ToS away...
... your legal protections & ... any law
Illegal ToS are literally scary stories to scare people, but if any part of that ToS goes against laws/ your rights, then that part is null and void.
Courts often have cases where a ToS section or section of a contract is not legally enforceable, and the court simply sets that aside as if it never existed.
This revenge fantasy is not in any way real; Apple can for sure do what they did here.
The dev appleid is so old it is not an email address -- in fact it has a space in it. That occasionally breaks things but I figure that might help in a case like that too :-)
I've already once had a card used fraudulently as a credit card, but it had never been used for anything other than being initially unlocked at the bank's ATM (it was the card for the secondary owner of that bank account), and its credit card function hadn't even been enabled (which meant that the attempted misuse was immediately rejected). So I wouldn't expect that using a card for iCloud and iCloud only would be enough to prevent it from being used fraudulently somehow.
I fought back but realized they had all the power. The power to ruin me and my employer's business.
FTC
Nothing says "please pay attention to me" like having a sheriff's deputy put a padlock on a nearby Apple store.
At no moment Apple sent an email to my father to confirm anything. Once the account was deleted, there was nothing Apple could or would do. Everything was lost.
Taking control of the devices back was quite the odyssey as Apple required invoices and whatnot.
https://twitter.com/pierbover/status/1574875206220488705
Let me know if you want more details
You can’t take control of devices after deleting the account, and notifications are send out per email for every little thing from logging in from a new device to changing trusted devices and phone numbers to changing the address on file.
I guess one possibility is the hacker might have accessed my father's email but it seems improbable. AFAIK my father didn't store passwords on the keychain and didn't sync it with iCloud.
With Facebook it took 6 months to get fixed. Then it happened again in 2020 and I was only recently able to get the flag removed a few months ago.
With Google I took it much more serious. Took about 6 days of non stop calls and emails. Probably put in 4-6 hours a day just trying over and over again.
The trick is to just keep trying. Again and again. Don’t waste time talking to people who can’t help. You start to get a feel for it. Eventually you can find your way to “Risk Management“ and a human will review your account. Same response from both Facebook (multiple times) and Google, which is some derivation of, “Sorry. Our algorithm was overly zealous and accidentally flagged your account. The flag has been removed and your access restored.”
Of course no one uses a real name or last name and everyone uses an ephemeral email address so it’s impossible to ever reach back out.