zlacker

[return to "Terraria on Stadia cancelled after developer's Google account gets locked"]
1. AceJoh+YM1[view] [source] 2021-02-08 19:17:25
>>benhur+(OP)
If you've got an automated vetting process with a 99.999% success rate, but are dealing with billions of accounts, that's still tens of thousands of false positives.

At that level, "percentage" is an insufficient measure. You want "permillionage", or maybe more colloquially "DPM" for "Defects Per Million" or even "DPB".

You'll still get false positives though, so you provide an appeal process. But what's to prevent the bad actors from abusing the appeal process while leaving your more clueless legitimate users lost in the dust?

(As the joke goes: "There is considerable overlap between the intelligence of the smartest bears and the dumbest tourists" [1])

Can you build any vetting process, and associated appeal process, that successfully keeps all the bad actors out, and doesn't exclude your good users? What about those on the edge? Or those that switch? Or those who are busy, or wary?

There's a lot of money riding on that.

[1] https://www.schneier.com/blog/archives/2006/08/security_is_a...

◧◩
2. judge2+vP1[view] [source] 2021-02-08 19:29:06
>>AceJoh+YM1
> You can't even trust phone companies to do their job right and ensure the secure verification code is sent to the right phone! You provided some more secure ways for users to authenticate themselves,

For those that don't know, phone companies are easily susceptible to sim-swapping attacks which can make it easy for an attacker to intercept SMS 2fa: https://news.ycombinator.com/item?id=22016212

Edit: looks like OP changed their entire comment while I was replying.

◧◩◪
3. AceJoh+oW1[view] [source] 2021-02-08 20:04:32
>>judge2+vP1
Yeah sorry, I thought the original version was overly flowery, and the same point could be made more succintly.
[go to top]