Just think about the army of "Facebook content moderators" who were a popular topic on HN recently due to the concerns over their mental health.
(I am offering no solutions here, for I know none)
It's not a request, it's a requirement. If your account is suspended, you deserve an explanation. You should get one without having to request it.
I'm not saying that companies shouldn't be able to suspend accounts temporarily. I'm simply saying that there needs to be a way to get your account unsuspended if you're innocent. The way it "works" now is that innocent consumers are without any recourse whatsoever.
Obviously this will also help the spammers who will use this information to get around the filters.
Maybe allowing single service providers to capture several billions of users is the problem here.
Maybe they really just need to offer a paid account option with real support, since that has much better incentives
We've heard this excuse countless times, but it's simply not acceptable. The foundation of our legal system is that it's better to let a criminal go than to punish an innocent person. How many innocents have to get caught in the crossfire before we start protecting them?
https://workspace.google.com/pricing.html
It includes support, but I'm not sure if that helps in cases where google thinks you have abused the service. I just use it because I like having my own domain, and so that I don't lose access to my email if google locks me out. The idea is that I can update my domain's MTX records and use another email service.
If we can extend that courtesy to people accused of child abuse, surely we should extend it to people accused of internet spam?
Are we really going to believe that Google, one of the highest grossing companies in the world, doesn't have the money to provide even basic level customer service? If it were really a matter of not being able to afford it, certainly they could offer it for a fee. No, they're stubbornly refusing to address the issues, relying on this lie, and using their market dominance to avoid having to answer for it.
Google has the right to suspend, remove your account without prior notice
I'm sure there should be a clause like that in their TOS
E.g. if a spammer can pretend they're 10 million different people, and each of those "people" requests an explanation, the whole system grinds to a halt.
This is the reason behind a push for more KYC-like verification on these platforms (e.g. asking for IDs). But this comes at a huge privacy cost for legitimate users. So one way or another people who are real, legitimate and with good intentions somehow pay the cost of the harm that is being done on the internet. This is a hard problem.
Source: am thinking/working on this sort of stuff; not representing my employer, my opinions are my own etc. etc.
Although obviously if they banned me, I wouldn't have access to my direct support line anymore.
Is 1000 innocents ok to punish as long as 1 spam message is stopped?
No one would care if Google banning a developer meant they could list their app through a non-Play app store with decent exposure, or a non-App Store at all.
But that's not the reality we live in.
So it's more like if Walmart moved into my podunk town, put all the local shops out of business, and then banned me.
After a lot of trials with various approaches, we settled on letting some criminals go free over convicting someone on weak evidence. Second we decided that trials should be open and evidence viewable by default.
Finally you generally have the option to give some security to stay out of jail during trial.
Closing a google account is a punishment worse than many criminal convictions. And will only get more important as we progress to an all digital existence.
Which they will do literally on a whim. Who are you going to call then?
My first guess would be third-party attestation of identity, with stored credential disposal on a short schedule? Essentially normal-user-verification-as-a-service?
We had a paid Google App account. One of our workers would only login from their computer. It died, and she tried to login from the new computer. It gave a unrecognized machine error, and we had to hire someone to resuscitate the old computer for her.
I know of a company that had the entire companies' accounts suspended without warning because one user did something that violated their terms, but they could not figure out what. The company lost three months of revenue from it and I am not sure if it caused bankruptcy. No help at all from G.
Maybe Google kicked this guy out for the same reason they fired off their own Stadia devs.
Not yet, but that's my whole point, it needs to be: It's painfully clear at this point that we need a consumer "bill of rights" to protect us from these giant tech companies.
You can't really compare getting kicked out of a bar with losing access to your gmail. There are no "algorithms" automatically kicking innocent people out of bars. Getting kicked out of a bar is a direct human interaction, which is exactly what I'm demanding.
Well they can, just not for the sole reason of being black...
>>This isnt criminal law.
No it is Civil Tort law, but that does not mean your rights are completely removed, nor that principle does not apply
>>This is the right a private property owner (say the owner of a bar) has to kick you out. There are some limits on that
Absolutely, and those limits are normally set either by over riding civil / businessl law passed the government, or a contract entered into by 2 parties
The problem with Google and many other online platforms is their ToS (their contract) is sooooooo one side that IMO it should be considered an unconscionable contract thus void and unenforeable.
Also we have things like Truth in Advertising laws, many times these platforms Public messaging, and advertisement in no way match their terms of service
I am fully in support of the right of a private business to choose who they want to do business with. I am not however in favor of allowing business to use marketing manipulation, false advertisement, and unconscionable contracts in the form of ClickWrapped Terms of Service to abuse the public
the "mah private business" defense is a weak one, very weak, and it is telling that people defending the large companies with this defense often times do not support it in other contexts.
Google has every right to choose who it does business with, but it need to make those choices in transparent, and public manner.
"You've been banned because our black box ML algorithm says your usage patterns share similar traits to those of known spammers."
* Except in China, in which case it's only true for their domestic Android market
A way to square this circle is to have rights engage at the point of payment.
A truly pseudonymous account with no monetization (going either way) has little intrinsic value, and less need for KYC-like identification.
On the other hand, an account with some sort of payment history (either giving money in the case of purchases or receiving money in the case of developers/website hosts placing advertising) faces a higher standard. There's a reasonable probability of real economic harm if the account is nuked arbitrarily, and at the same time any money flow is open to theft or money laundering concerns, triggering moral if not legal KYC obligations.
The latter should also help prevent the proliferation of straw bad actors, since providing payment imposes a direct cost, while the KYC rules open up the possibility of more direct action for flagrant breaches of contract / use of the platform for other abuses.
The "spammer" can only pretend to be 10 million different people because e-mail is free. Paying a tenth of a penny per e-mail has been one of those long-standing impossible anti-spam measures, but walled gardens can implement something like this at their whim.
Not exactly?
It's certainly not criminal law. Proof beyond reasonable doubt has no place here.
But it's also not exactly the relationship between a host and guest, where the guest has no rights save what the host grants. Website terms of service purport to be contracts, so there is a contractual rather than ex gratia basis for the relationship.
So, begin interpreting website terms of service as contracts of adhesion, and read in a duty for website operators to enforce those terms fairly, with a reasonable basis (on the balance of probabilities) for harmful decisions.
This isn't the current law, of course, but it's not hard to imagine the law reaching that place from here.
Most were payments of about 2€ in the same store next to work.
Whatever I dont use it anymore
Maybe. A few problems here:
1. payments come with privacy concerns, unless maybe you're talking about zero-knowledge-based blockchains, but we're a LONG way from such functionality being widespread
2. $0.001/email is actually very reasonable for an attacker; they'd probably gladly pay even up to $1 or more, depending on their exact needs, especially if that comes with an elevated privileges account
3. all of this is easily defeated by fanouts. E.g. if they sign up with bob@gmail.com and then are able to use bob+1@gmail.com, bob+2@gmail.com etc. to sign up for a different service, this defeats the purpose
Pick two.
Different companies do different trade-offs. The optimal solution depends on how the internet community weighs each individual axis
Again, it's not a "request".
If spam detection and account suspension can be automated, then suspension notifications can also be automated.
I'm not sure I understand where the 10 million number is coming from. Are you suggesting that 1 spammer can create 10 million accounts on your system (which appears to be Facebook)?
Regardless, no spammer has the time to get on the phone and personally dispute 10 million account suspensions — disputes which are unlikely to succeed if there is good evidence — so I'm not sure how the system grinds to a halt.
Hire them directly instead of via labor farms, pay them an actual living wage, give them full health benefits, and hire enough of them to prevent overload.
> Again, it's not a "request" [..] suspension notifications can also be automated.
Can you clarify what you mean by "protecting" them? I'm not sure suspension notifications qualify as meaningful protection
Except for the part where someone has to answer phone calls, it could be automated if the account suspension itself is automated.
I'll also point out my later comment: "I'm not saying that companies shouldn't be able to suspend accounts temporarily. I'm simply saying that there needs to be a way to get your account unsuspended if you're innocent. The way it "works" now is that innocent consumers are without any recourse whatsoever." https://news.ycombinator.com/item?id=26063399
And to forestall any replies that providing information to suspended accounts would help the spammers, I've already responded to that point: https://news.ycombinator.com/item?id=26063660
Temporary account suspensions that you can quickly reverse on appeal are annoying but could be justified to fight abuse, as long as they don't happen too often. On the other hand, indefinite account suspensions that are impossible to reverse, such as the case of Andrew Spinks of Terraria, are simply indefensible, there's no justification whatsoever for that.
This is absolutely spot on, with the caveat that you do need to disaggregate from accounts to people, which is the hard problem. Having people call a phone number is definitely not going to work as a way of achieving this disaggregation. I'm pretty sure I could create a system to bring that call center to a halt with fairly minimal cost in less than a week of coding.
As an attacker, you can also hire people in call centers to make phone calls at scale for you.
I think we may be talking about different things? I was just talking about a scaling problem of providing legal notifications of account suspensions and providing a means on getting them unsuspended. I wasn't talking about DoS attacks.
Lots of companies have call centers, so I'm not sure what you're envisioning here, or what financial gain there would be for spammers to DoS the call center. After all, their accounts are already getting suspended by the algorithms, regardless of whether innocent consumers have any appeal to this, and DoSing the call center won't help spammers get their accounts unsuspended.
For example, if an automated system thinks an account is sending spam, enforcing a (very low) outgoing email rate limit would be a much more reasonable first step.
Let every abuser requests those explanations, if the decision doesn't change, the money is still kept, which funds that service.