Q&A highlight
Posted22 days ago
Key Takeaways
In addition, it just re-emphasizes how tied we all are to these "digital lives". I used to do it without a blink, but now think twice before clicking "Login with Google/Apple".
The tendrils can run deep.
Just realize this: the longer you play this game, the higher your odds of getting banned. Once it hit me, I quickly decoupled from Google. It's like playing satoshi roulette for 0.5% gains. You keep winning until you get fully wiped.
Doing everything and/or all-at-once is not practical, but having backups for most critical infrastructure helps a lot, and when it's rolling, it rolls without effort.
One can go step by step and call it's done when it becomes too much to bear or satisfactorily decoupled.
That said, keeping a backup of everything, decoupled from any account I don’t control, gives me huge peace of mind.
You can reliably reconstruct a SSN that is missing the first digits, if you know where the person lived when they filed for it, but that's not the same thing.
Why Ebay built this idiotic weakness into their cards is beyond me.
This used to be true, but isn’t for SSNs assigned since I think 2011 - the exact year could be wrong, that’s from memory. Since that switch, the component that used to be geographical is assigned randomly.
I'm not following. If things have gotten this far, the victim has already been duped into buying the card and intends to send it to the scammers anyway... ?
But also, how could the card possibly work that way? What are the other digits even for; and wouldn't they quickly run out of valid "last few digit" combinations for issued cards?
Yes, the mark has essentially fallen for the scam, but not yet arrived for the goods... which don't actually exist.
> But also, how could the card possibly work that way? What are the other digits even for; and wouldn't they quickly run out of valid "last few digit" combinations for issued cards?
Exactly why I hate that Ebay uses their insipid coding schema. I'm not explaining why they do it, because I can't.
Apple, Google, and the big players are not a trustworthy place to entrust precious data. Increasingly, Apple and Google aren't very much different as they are both in the advertisement business: the great misaligner of incentives.
This was the reason why free trade was removed from RuneScape back in the day and it wasn't even a Jagex issue. People would go to 3rd party gold selling websites and then pay for gold with stolen credit cards. They could easily keep the money because the trade cannot be reversed without a moderator and what they were doing was against the rules so everyone would just get banned. The payment processors saw a bunch of fraud related to a game called RuneScape and told Jagex if they dont fix this then they will be blacklisted.
I disagree. The issue is these huge platforms can arbitrarily ban people and consumers have no recourse.
This sort of thing wasn't really possible before the internet age. We need new laws to deal with it.
Banks are nothing to do with this. You could have your Steam/Google/Apple/etc. account summarily executed for any reason; it doesn't have to be money-related.
Yes, it was and it always has been[1]
>I disagree. The issue is these huge platforms can arbitrarily ban people and consumers have no recourse
This is par for course with every single EULA ever. I will say in the case of Steam it's hard pressed to find your account completely disabled and unable to play the games you rightfully purchased. I think the worst-case scenario is that you will be banned from engaging with the steam online community which restricts your ability to play with other users on steam
Both GOG and Steam allow you to use local copies of games, and both would deny you access to your account to download more games once banned. Steam allows you to install games without DRM from their platform.
GOG also specifically advertises games that don't have DRM, e.g. [0]. Steam versions of the same game (e.g. Skyrim) often require Steam to be running and enforce mandatory updates that aren't always desirable with no rollback ability.
[0] https://www.gog.com/en/game/the_elder_scrolls_v_skyrim_anniv...
Yeah, but that's a developer choice. Steam doesn't force anyone to use their API for things like that. If that's a concern for someone as a gamer, they should probably support the companies that don't do it no matter the platform, not blame Steam for it.
Buying on GOG seems like a perfectly reasonable thing to do even if a company has DRM on Steam; it provides an economic signal that there's some segment of customers that requires no DRM. Since marginal cost of game sales is 0, it would be dumb not to cater to them and take your free money.
Do you just assume that's the reason someone uses GOG vs Steam? People could be using GOG for other reasons, and the lack of DRM is just bonus. So how does that signal really get interpreted correctly?
If you don't want lose access to every game you fully paid for on Steam you'd better pirate a copy of everything you bought because on a whim they can take it all from you at any time.
I've taken to getting a cracked copy of every steam game in my library so that steam can't screw me over again in the future.
you can trivially crack any steam DRM game yourself within minutes.
With GOG, there is at least an unofficial, supported way to get an offline installer for each of your games. With Steam, there's no officially supported way to do this, so it's likely to be a bigger PITA to archive all your games ahead of time.
In reality, though, almost nobody is thinking ahead so that they have all their games archived, and, given the size of games and collections, it's a difficult thing to do on the cheap.
My understanding is that your account is effectively made read-only (blocked from purchasing, community, etc) and not removed entirely. Steam's help article on restricted accounts[1] seems to agree with this, given the text description of account suspension implying that it's temporary or for legal reasons (because the account has been used for illegal activity, or to prevent the account's use until it can be restored to its owner in cases where a lock might not suffice)
Admittedly, I have no personal experience with this, nor do I even know anyone who does, but I've never heard of anyone complaining about being unable to play their existing library when banned; complaints about steam tend to be about accounts being stolen and VAC/community bans, with the occasional complaint from someone I know that lost access to an account when they lost their email address and forgot the password (this was before steam had account limitations and steamguard, and they had never bought anything).
[1]: https://help.steampowered.com/en/faqs/view/4F62-35F9-F395-5C...
I take this to mean to sail the seas but I have apprehension over running modified binaries from random people. Is there anything that can be done to alleviate this worry?
So yeah, TLDR, vote with your wallet and give up the entertainment this time.
It make a lot of sense to discount all these reviews to avoid abuse.
Other than selling keys they can also be used for marketing. If you for instance have a game with multiplayer, lots of DLCs or IAP then giving away keys for base game make a lot of sense: even if only 1% of people who grab the key gonna play it they can still eventually buy other copy for a friend, etc.
If you buy a Humble Bundle, you get a set of Steam keys for the games in the bundle. If Intel/AMD/Nvidia are doing a promotion for a free game with a purchase of their product, they give you Steam keys. Etc.
Not store their data in their iPhones. Period. I only store temporary data and photos I wouldn't care about.
The big marketing point of cloud storage was that you would not need to worry about owning and maintaining local storage, but they conveniently downplayed the fact that they could lock you out of your own files at their whim.
His Apple cloud account was locked until the account representative unlocked it.
The physical device was not locked, bricked, or wiped. The situation was bad, but let’s stick to the facts
Paris uses the term "bricked" in the original post: https://hey.paris/posts/appleid/
Apple isn't. Just sayin'. They are trying to do it, but they aren't really anywhere near the scale of Google and Facebook. They make money (lots on money) by selling high-margin hardware.
Currently, Apple is genuinely serious about preserving user privacy. I realize that can change, in the future, but it's the way it is, now. I get the feeling that a lot of folks on HN are having difficulty understanding businesses that make a profit by doing stuff other than harvesting and selling PiD, but that's not what has made Apple a 4 trillion-dollar company. They make that money the old-fashioned way; but with a modern twist.
I wasn't defending Apple. I was merely pointing out that one of these, is not like the other.
Like I said, it seems that we have a hard time understanding business models other than "Harvest and sell data." Posts like the GP, seem to reinforce this appearance.
Upton Sinclair is known for a quote, referencing this kind of thing.
Hating on Apple is quite popular amongst tecchies. I understand. I've probably been more pissed off at Apple, than many folks, here.
But It does bother me, that people don't seem to understand the classic business model of making things, selling things, and supporting things. That's thousands of years old, and still very much relevant.
But they are nowhere near the scale of other companies.
I feel as if Silicon Valley has really forgotten its hardware roots, though, and that's sad.
Making things is really difficult, and extremely risky. Playing with data is really easy, and quite profitable.
I’m not sure who is right, Apple or these analysts, but either way: 2.5% or 7%, that revenue source isn’t large enough to be a corrupting incentive on Apple’s behavior.
Maximizing digital service revenue at the cost of user trust which drives their high margin hardware sales would be killing the golden goose.
> genuinely serious about preserving user privacy
Nope, not anymore. That ship has sailed and more revenue is to be made by harvesting user data
That does seem to call for supporting evidence. I write Apple apps, and they make it very difficult to access user data. I would need to know how they get it, and how they make money from it.
We started off talking about Apple isn't in the advertising business, and now we're at standard telemetry.
Upton Sinclair really knew what he was talking about.
(You need it for music to fulfill your contracts with the artists though.)
I don’t know if Apple has client-side ad scripts like those, but in decades of building websites I’ve never been asked to implement one.
They make, sell, and support physical devices.
That's what's called "classic manufacturing."
I spent most of my career in the hardware business. It's really odd to see so many folks unable to understand business models that make money, besides "sell data."
It really seems as if folks can't grok that companies that make money, can do so without necessarily selling data.
https://www.cnbc.com/2023/11/14/google-pays-apple-36percent-...
Just because they're not Google's size doesn't mean they don't have people making product decisions that will eventually sacrifice privacy for profits.
[0] https://digiday.com/marketing/when-it-comes-to-ads-apple-isn...
The reality distortion field is strong, even with some HNers.
Making and selling hardware is difficult. Really difficult, but some companies have been doing it successfully, throughout recorded history.
It's really strange to see it being dismissed as "impossible," nowadays.
Apple makes tons (read: billions of dollars) from ads. Hence, Apple is in the business of ads, have sales people working with advertisers to make targeting, personalization work.
I take no side in "ads are bad" argument, but you have to accept that Apple is in the ads business, whether you like ads or not.
Whether the advertising is ultimately successful does not matter to those people, what matters is if they can convince the person paying them (the manager paying their salary, the ad agency, etc) that they are effective.
I just don't get why these companies should be in the business of offering gift cards-- at least, not if they can't be redeemed safely.
I'm sure people would run other kinds of scams with AppleIDs without the existence of gift cards, but gift card redemption scams have gotta be 99% of the reason people create fake accounts. The support burden would evaporate almost overnight if they just exited this stupid market.
If they're anything like Starbucks then they get the benefit of utilizing the unredeemed balances as temporary capital for investments. It's an interest free loan at their scale. Plus they get to keep the balance that people forget to redeem.
I'm not an expert here, but this is not generally true. See "giftcard escheatment laws". I think these vary by state, but see e.g. https://legalclarity.org/when-do-gift-cards-become-subject-t... The value of abandoned cards goes to the state.
I am terrible at spending gift cards. I have some that are from 2007, 18 years old. Two years ago I decided I should check them all and actually spend them. Of the dozen or so cards (several of them for Apple), only 2 of them had an issue, all the others were still active with the original balance.
One of the issues was easily solved, it was a Visa gift card that had an expiration date... I reached out to the company and they issued a new card with an extended date. The other seemed to be so old that the underlying company was sold and pivoted, and changed systems (I assume multiple times) along the way. What was a card for a local restaurant chain now seemed dedicated to Dick's Sporting Goods... at least that's where the phone number went. I haven't yet tried going to the actual restaurant to see what happens.
This reminded me I did an awful job of actually spending them. I guess I need to try again.
I think gift card or not isn't really relevant, fraudulent activity can happen in a lot of ways like iCloud being paid by a stolen credit card, or TV shows being rented with hacked PayPal account.
The real issue is simply that there's no proper support avenue for serious issues that at this point affect your whole life, a family or a whole company. There's also no real avenue for a user to get the authorities to do anything to help with their case.
You can contact an employee.
Off topic pretty much: In 2013 I was one of the 8,000 people in the U.S. selected by Google to be able to buy Google Glass ($1,500 [$2,000 in today's money]) in its first release to the public. One thing I will never get over is the customer service offered to us Glassholes: not a toll-free number, no automated voice mail tree: I'd call for any reason AT ANY TIME NIGHT OR DAY OR WEEKEND OR HOLIDAY and a Glass specialist would answer within a couple rings and spend as much time on the phone with me as I needed to resolve my issue.
Everything in the cloud is at risk of being taken from you. Companies like Apple are not your friend. They explicitly make no promises and insist that they are not accountable/liable. Stop trusting them.
I'd say also that you should never purchase Apple gift cards from anyone except Apple directly, but if the card itself was tampered with (stolen, opened, scraped and code retrieved, re-covered with generically available scratch-off material, re-sealed, returned to the display) there's nothing keeping that from happening in Apple stores as well.
There is a technical measure that gift card providers could put in place to reduce this, specifically they could block activation of any cards with codes for which they've already started receiving activation/balance checks. There'd still be some risk (thieves would need to wait before testing cards and would have to hope for cards that were purchased but not yet redeemed) but it could be reduced somewhat.
This would be a good measure assuming we’ve fully discovered all the reasons Apple might ban you for, and only reason happens to be gift cards.
Since we don’t know what other seemingly trivial actions may provoke Apple to wipe an account, I think starting a developer conference is the only way to be safe.
It's against apple's ToS to avoid bans as such.
So you could use your existing apps but not download new ones from the App Store.
You could use iMessage with some restrictions. You could use Apple Music but only the free radios. You could use Apple’s photos but would lose sync.
Usability depends on how much you rely on those services, but the device itself is still useable for other things.
First, with so much importance placed on an Apple/iCloud account in our current era it's not good that they can be shutdown so trivially. Someone can be shut out from using Messages, Apple Wallet, Digital Identification (depending on where they live) and all their subscriptions and media purchases without any recourse, in an instant. It's not hard to imagine someone being put into a pretty bad situation as a result of this with just a little bad luck and bad timing. It's easy to point out that you shouldn't be overly reliant on these technologies but I think it's more important that there be ways to safe guard people from this scenario. Apple should do more to handle these scenarios given the importance of an account now.
Second, there are other recent events that point out the failure modes and gaps that Apple (and Google?) need to address. There apparently is no way to cleanly divide purchases in a Divorce or separation, even if the person was fleeing an abusive situation. There's also no way to leave a "family" account even as an adult or how to assign children to multiple families. Again we can trot out the easy "Just don't use these things, use FOSS, Nextcloud, etc..." but I think Apple should do more to address these types of scenarios regardless of what people choose to use.
They have their issues, but they are actively working on it.
So, we now have the same “who cares, it’s just some dumb online account” level of service with much more critical accounts. Because big tech has scaled users to the 9-10 figure range, while not investing almost anything in customer service. Instead of having thousands of CSRs like the phone company, tech employs a few disempowered call center operators overseas, whose only job is to read FAQ answers at callers and ask them to try restarting their computers.
I shudder to think how vulnerable the current system would be to intentional denial of identity via other parties tripping fraud systems on an account.
Say, while the target was traveling?
Believe it or not, google is even more stunningly incompetent than that.
If you have someone in your contacts there literally is no way to (1) retain him/her, and (2) ensure they are never, ever, for any reason, suggested in any product. eg in google docs, I do not want "@" autocompletions to suggest the person. No sharing, no drive sharing, no email cc/bcc, etc.
In my case, there was a breakup with a cofounder / exit from a company and ongoing collaboration with a friend who shared the same first name. I actually had to delete the former cofounder's contact, which made me miss some calls from an unknown number.
Having someone that you need to occasionally maintain contact with that should never be prompted in any way (exes of all types, divorced, stalker) is a basic need in real-world systems.
Apple has locked my Apple ID, and I have no recourse. A plea for help.
1730 points, 1045 comments https://news.ycombinator.com/item?id=46252114
302 more comments available on Hacker News
Not affiliated with Hacker News or Y Combinator. We simply enrich the public API with analytics.