[HN Gopher] Our domain and 700 non-profit sites got blocked by Meta
___________________________________________________________________
Our domain and 700 non-profit sites got blocked by Meta
Author : simonbackx
Score : 390 points
Date : 2022-10-06 12:00 UTC (11 hours ago)
(HTM) web link (www.simonbackx.com)
(TXT) w3m dump (www.simonbackx.com)
| nicgrev103 wrote:
| Similar experience
|
| I used to run a graduation photography company, we did
| professional graduation photos half the price of the 'officail'
| providers (who pay a huge commission to the university, but don't
| get me started on that).
|
| We promoted our service with facebook events and advertised said
| events. One year without warning or explination they Facebook
| just deleted all our events (we would travel from one uni to
| another over the summer). I frantically tried to get a response
| from facebook. I never got one.
|
| I sued in small claims court and they settled the case (not
| before being very threatening through high paid lawyers and
| trying to dodge the case altogether) they never did explain what
| had happend or why.
|
| Ultimately it's partly the reason I shut the company down,
| facebook was our channel, without certainty we could host events
| and promote them it made no business sense to invest in the
| company.
| kragen wrote:
| Did they undelete your events as part of the settlement?
| blahyawnblah wrote:
| I'm not sure small claims would do something like that
| kragen wrote:
| Parties to a lawsuit can propose to do anything they want
| in a settlement.
| nicgrev103 wrote:
| Negative, as with all legal action it took months and by then
| the graduations were long past.
| paintman252 wrote:
| This is why massive companies like Meta and Alphabet needs to be
| nationalised. They simply have too much power over lives of
| billions.
|
| This article is just another reminder of this. At scale that Meta
| operates, this algorithmically decided domain blockings mean
| nothing to them, but everything to hundred's of non-profits.
| There need to be legally mandated protections so things like this
| never happen again.
| onion2k wrote:
| _There need to be legally mandated protections so things like
| this never happen again._
|
| Such protection for websites would be an implicit protection
| for Meta's de facto monopoly on text-based social media. What
| needs to happen is for these sorts of bans to still happen, but
| for the public to understand the impact of those bans and move
| away from a single website for all their social media needs if
| they want to see posts from everyone.
|
| Competition in the space would fix the problem. It'd mean the
| impact of a ban is massively diminished, and that companies are
| incentivized not to issue unwarranted bans because their users
| would go somewhere else.
|
| While both users and advertisers have no real choice where to
| go Meta will hold on to their monopoly.
| smileysteve wrote:
| So the government, for and by the people can have a money drain
| that is used for disinformation and cyber bullying?
|
| Just delete Facebook, it's not worth it.
| laundermaf wrote:
| You're placing way too much trust in the government, the same
| agency held hostage by a private company that forbid them to
| automatically calculate the taxes owed by its citizens.
|
| Plus why what the government do with a social network? They'd
| still need to moderate it -- at atrocious prices at that.
| invalidusernam3 wrote:
| I don't think nationalisation is the answer, imagine the
| additional layer of bureaucracy dealing with a government
| entity. Large companies like Facebook need to be regulated by
| the government, there needs to be laws in place for stuff like
| this.
| WastingMyTime89 wrote:
| The European Union finally did it with the Digital Market
| Act. The law enforces access to market place and
| interoperability between messaging platforms. I'm surprised
| we don't hear much about it here.
|
| My guess is that American companies like to pretend it
| doesn't matter in case it gave idea to US customers and
| silently fight it in courts in Europe.
| TazeTSchnitzel wrote:
| Don't nationalise them, break them up. A state monopoly is
| preferable to a private monopoly, but in this case there's no
| reason we have to have a monopoly. Facebook and Google do too
| many things.
| paintman252 wrote:
| >Facebook and Google do too many things.
|
| Google? Definitely. Meta? Not really. All Meta has is two
| social networks and one messaging service. They haven't
| really experienced huge success in anything else. They MAY
| hit big in VR/AR space, but that's yet to be determined.
| sgc wrote:
| Just social networking services? Modern social interactions
| revolve around them. Social networks are incredibly
| important and should be treated as such.
| bilekas wrote:
| Just did a check to see their subsidiaries and they
| actually have way more than I expected :
|
| https://inspirationfeed.com/what-companies-does-facebook-
| own...
| [deleted]
| xphos wrote:
| They still would definitely met the standard of a monopsony
| if not a monopoly. Its scary that an enormous number of
| people start and stop the information searching at google
| or those two social networks. I think its an
| oversimplification to say that just breaking them will
| solve the issue but they definitely handle a governmental
| level of power in terms of social after effects, which is
| why nation states target them for fake news.
| lotsofpulp wrote:
| Which market are they a monopsony (only one buyer) in?
| eppp wrote:
| On one hand you say they are so important they need to be
| nationalized and on the other you dismiss them as almost a
| couple of trivial apps. Which one is it?
| capableweb wrote:
| Facebook is approaching 100 acquisitions: https://en.wikipe
| dia.org/wiki/List_of_mergers_and_acquisitio...
|
| Feels like a lot and not just three entities.
|
| Additionally, Facebook primarily does acquisitions as a
| form of hiring, according to Mark Zuckerberg himself. They
| buy the company so they can get the employees to come and
| work at Facebook.
| paintman252 wrote:
| Sure, they OWN a bunch of stuff, but (besides
| Facebook/Instagram/Whatsup) none of it is a massive
| success.
|
| It's not like Google which has 1)Search 2)YouTube 3)Maps
| 4)Android 5)Chrome 6)Gmail 7)Analytics just from top of
| my head
| capableweb wrote:
| Oculus VR, Giphy, Mapillary and more are also successful
| in their space.
|
| Just like Google's successes, the "successes" are
| actually built by others (almost all you list were
| acquisitions), but the difference (as mentioned before)
| is that Google sometimes acquire products for the product
| itself, while Facebook generally doesn't.
| WastingMyTime89 wrote:
| > All Meta has is two social networks and one messaging
| service.
|
| And a payment service, an ad platform, a marketplace, a VR
| R&D company, I never used them but I guess they also have a
| line of business services centred on social network
| communication, I'm probably forgetting plenty of things.
| unity1001 wrote:
| > All Meta has is two social networks and one messaging
| service.
|
| They literally dominate the social network landscape along
| with Twitter. They can literally set public agenda. That's
| too much power.
| londons_explore wrote:
| Communications platforms naturally become a monopoly. The
| biggest platform is the most useful one because you can talk
| to most people on it, so people prefer to join the biggest
| platform and it gets bigger.
| ydlr wrote:
| That is easily fixed with legislation. We now have multiple
| phone companies that all interoperate. No reason we can't
| require the same from our many facebooks.
| causi wrote:
| Oh, for the days when you got banned from one website and you
| just went to a different website.
| londons_explore wrote:
| Nationalisation wouldn't fix it.
|
| There are plenty of rules and procedures in every nation which
| screw over random 'little guys'... For example, "oh, you have a
| disability and can't work? Here, have some state support. Oh -
| we just found you helped look after your neighbours children
| once. That counts as work. Therefore you lied to us. Thats
| fraud. All your state support will now be withdrawn."
| warbeforepeace wrote:
| Look how well the US government handled the small business
| loans during covid. It wasn't the small businesses really
| getting them.
| ceejayoz wrote:
| I haven't seen much information on how the GDPR's Article 22
| right not to be subject to a decision based solely on automated
| means is going in these scenarios. I hear a lot about other
| provisions, but Article 22 seems like an important experiment.
| rrwo wrote:
| > This is why massive companies like Meta and Alphabet needs to
| be nationalised.
|
| Nationalised by what country? US? UK? France? Russia? Saudi
| Arabia? India? China?
|
| Would we have country-specific and isolated social media and
| search engines?
|
| Even in nominally free western countries, do you really want
| the government controlling what can be in a search engine or
| posted on social media?
| indymike wrote:
| > This is why massive companies like Meta and Alphabet needs to
| be nationalised.
|
| No. Giving this additional power to the government will not
| have the outcome you want. When something becomes too powerful,
| the solution is _not_ to further concentrate that power into
| less accountable hands.
| jrochkind1 wrote:
| > into less accountable hands.
|
| While I'm not totally behind "nationalize all the things", do
| you really think the government is _less accountable_ than
| Meta? (or Alphabet etc?)
|
| I guess that raises the question "accountable to whom", but
| in general, for all it's problems with accountability (and
| there are many), and acknolwedging that different US
| governments can stack up differently (say local vs federal)
| -- I'd still say that the government is in general definitely
| more accountable to "society", or the population at large,
| than giant corporations are.
|
| If I were king of the world, maybe I'd try having 1/3rd of
| board members appointed by government, 1/3rd elected by
| users, 1/3rd elected by employees. Oh, right, there's
| stockholders too I guess... ok, 1/4th all around. I know this
| is only my utopian fantasy.
| indymike wrote:
| > While I'm not totally behind "nationalize all the
| things", do you really think the government is less
| accountable than Meta? (or Alphabet etc?)
|
| Yes. Absolutely, and without any qualification whatsoever
| and in every jurisdiction at every level.
|
| Government enjoys sovereign immunity, qualified immunity,
| direct statutory immunity (laws that prevent suing the
| government) and operates the forum where they are held to
| account (be it a regulator or a court). It is very
| difficult to sue the government, and even more difficult to
| mount a campaign to change a law in a non-corrupt country.
| This applies to a tiny sanitation district,
|
| Private companies are easily sued, regulated, and if their
| behavior is bad enough, reputation damage alone suffices to
| hold them to account.
| kjkjadksj wrote:
| Your last sentence is not true for facebook and other
| companies that operate at such scale. Good luck mounting
| a successful lawsuit against their legal team. Good luck
| getting their sheep users to jump ship given they haven't
| already after countless events that harmed their
| reputation. Good luck passing pro consumer regulation
| when industry is allowed to lobby, fund political
| advertisements, and donate money to campaigns.
| wpietri wrote:
| If you haven't noticed, we're living in an era of rising
| authoritarianism: https://freedomhouse.org/report/freedom-
| world/2022/global-ex...
|
| Companies are held accountable via market pressure, public
| relations pressure, investor pressure, and
| government/regulatory pressure. Governments, just via
| voters. Given that authoritarians of various stripes are
| working hard to neutralize or delegitimize voting and
| election results, yes, I think that giving Facebook to
| governments that are or may soon become authoritarian is
| absolutely at risk of reducing total accountability.
| bliteben wrote:
| government is via consent which literally includes all
| the other things you mentioned
| jrochkind1 wrote:
| What a world, where we're arguing about which
| unaccountable abusive gigantic entity we'd rather be
| abused by.
|
| I still find it shocking to think that Meta is _more
| accountable_ (to society?) than government. It seems to
| be arguing over how low the bar can be, since Meta has
| very very little accountability. Like, as in the thread
| we are actually on, they can decide to ruin someone else
| 's business with no notice or consequences or even
| acknowledgement there's any reason they ought not to.
| "Market pressure" and "investor pressure" don't seem to
| be doing much good in accountability to society, do they?
|
| And you mention "government pressure" as something making
| them accountable to society right after arguing that
| government is _less_ accountable than Meta is without
| government control, which seems odd.
| wpietri wrote:
| > I still find it shocking to think that Meta is more
| accountable (to society?) than government.
|
| That is not something I said. I'm not even sure it's
| quantifiable enough to say "more" or "less", as the kinds
| and mechanisms of accountability are so different.
|
| > arguing that government is less accountable than Meta
|
| I did not say that either. My point is that an
| authoritarian government nationalizing Facebook is even
| worse in accountability terms that either one on its own.
|
| > "Market pressure" and "investor pressure" don't seem to
| be doing much good in accountability to society, do they?
|
| I think your baseline is off. The social media platforms
| have made huge strides since their early days. Could they
| do more? Yes. Could they be worse? Incredibly so.
| jrochkind1 wrote:
| That was what the original comment I was replying to
| said, "less accountable hands". I replied mainly to
| question that. Then you disagreed with me, I guess I
| misunderstood about what you were disagreeing with me,
| sorry.
| soundnote wrote:
| A lot of modern censorship is a mix of algorithms, and
| government pressuring corporations to take actions the
| government wants to do but legally cannot (eg. due to 1A
| concerns). There are huge swathes of society (mostly
| those who'd also be concerned with eg. "rising
| authoritarianism") who cheer political censorship and
| want more and more of it. See how eg. the press reacted
| to the possibility of Elon buying Twitter and saying he
| wants to decrease freedom of speech? They took it as an
| act of war.
| rmah wrote:
| Why would you risk everything to start a company only to be
| forced to give up most of it to other people? Why would
| others invest (i.e. buy stock) in your company only to give
| up control to non-owners?
| polygamous_bat wrote:
| The founders and the employees are still being paid for
| their hard work building it up; it's not like a hostile
| government takeover where Mark Zuckerberg is woken up in
| his bed one night and asked by some men in uniform to
| hand over the keys to Facebook.
| rmah wrote:
| Actually, that's exactly what it's like.
| jrochkind1 wrote:
| That's a different question than talking about "less
| accountable hands" but yes that would have to be figured
| out in any hypothetical utopian system.
|
| The employees work for a paycheck of course, but I
| suppose there needs to be sufficient incentive to start a
| company. It probably doesn't need to be multi-billion-
| dollar payout possible to incentivize though. And talking
| about an already existing company like facebook, I think
| founders and early investors have already received quite
| enough reward to incentivize, being able to make as much
| money as they've made off meta _up to this point_ is
| plenty of incentive to start a company.
|
| (There are also other incentives than money to start a
| company).
|
| Anyway, I was mostly responding to the suggestion that
| the government is "less accountable hands" than Meta -- I
| really don't think so, if we're talking about
| accountability to society at large. I think it's actually
| a problem that an entity with so much power over society
| isn't accountable to it; the first step is admitting we
| have a problem.
| wpietri wrote:
| Wait, so you're saying most entrepreneurs aren't creating
| new things just to change the world, to make a
| difference, to put a dent in the universe, to fulfill a
| deep vision, and/or because their team or their userbase
| is like a family? I find it hard to believe that VCs,
| would-be billionaires, and their extensive PR teams have
| been lying to us all these years.
| pb7 wrote:
| Your snark lands flat because knowing that you will lose
| control of your company at an arbitrary point affects
| every single of one of those points listed. How will I
| fulfill my vision if the government will take over when
| it finally gains traction? Government isn't known for
| their execution. Well, only one type.
| wpietri wrote:
| You do realize that most VC-funded entrepreneurs "lose
| control" of their companies already, right?
| kyleyeats wrote:
| It might be the only way to make Facebook worse.
| psychoslave wrote:
| Nationalization is not necessary more concentration and less
| many accountable hands.
|
| Well, it depends on the governance obviously. If you talk
| some autocratic regime, where the king proclaimed "I am the
| state", that fits your description for sure.
|
| On the other hand, if you are looking at a direct democracy
| regime, you could hardly make the power more pervasive, and
| every citizen has to carry its part of accountability on
| every social matter.
| indymike wrote:
| > Well, it depends on the governance obviously.
|
| Three reasons why nationalization is a bad idea:
|
| * Power disparity. As it is, Facebook is destroying people
| and business without any accountability. Now we hand that
| to the state who:
|
| * Has all the incentive to destroy anything that competes,
| and the government has the ultimate way to do it: just
| outlaw the competition. If you think the product is bad
| today, imagine how fantastic it will be in 10 years of no
| competition.
|
| * Has all the incentive to make people use it. So, it
| becomes oppressive and horrible and the government decides,
| hey, let's make everyone use this thing for essential
| services like payments and democracy!
|
| All in all, nationalization of a social network is one of
| the worst directions we can take, regardless of politics.
| It's just a bad idea.
| polygamous_bat wrote:
| > the government has the ultimate way to do it: just
| outlaw the competition
|
| > So, it becomes oppressive and horrible and the
| government decides, hey, let's make everyone use this
| thing for essential services like payments and democracy
|
| These things can only fly in a non functioning democracy,
| which, while the US is coming dangerously close to, is
| not there yet.
| indymike wrote:
| > These things can only fly in a non functioning
| democracy, which, while the US is coming dangerously
| close to, is not there yet.
|
| Most functioning democracies outlaw competing with the
| postal service - as the US has for centuries.
| DangitBobby wrote:
| > Has all the incentive to make people use it. So, it
| becomes oppressive and horrible and the government
| decides, hey, let's make everyone use this thing for
| essential services like payments and democracy!
|
| Any examples of this? The USPS doesn't seem to have much
| power and other shipping companiea do alright.
| indymike wrote:
| > The USPS doesn't seem to have much power and other
| shipping companiea do alright.
|
| Last I looked UPS and Fedex are legally barred from
| competing for letter postage and can only ship parcels
| (so the hack is the overnight envelope which packages
| your letter in a parcel.
|
| Bonus: The postal service can arrest you and prosecute
| you. Last I looked, UPS and FedEx cannot.
| orwin wrote:
| It's because our nationalization used to ressemble the
| Soviet model, for various reasons (one that governments
| were far more authoritarian in the 40s, 50s and 60s that
| they are now).
|
| You have other options. One is the following:
|
| - 1/3 government (adapted to the size of the business:
| federal for Facebook, but local for a sawmill)
|
| - 1/3 workers (including the owner if he's working his
| business)
|
| - 1/3 investors (owner or shareholders).
|
| That would makes the owner who also work at the company
| the final decision maker for stuff that doesn't involve
| the government (like investment), but allows more
| balanced power balance.
| holoduke wrote:
| Maybe the service itself will be crap once run by
| governments. But at least things are covered by law. things
| like fair hearings and proper customer support. Now you can
| be banned from those ecosystems just like they do in
| dictorial states.
| djschnei wrote:
| ummmm, have you seen our criminal justice system?
| barbariangrunge wrote:
| Can ordinary citizens without millions of dollars even
| access the basic torte system against somebody bigger
| than themselves? The legal system is effectively
| unavailable to most citizens outside of small claims
| court because of the combination of precedent (ie, the
| need to spend a million dollars researching to know what
| the law is), and the stalling/creating expensive burdens
| tactics etc
| Bud wrote:
| Bud wrote:
| I'm especially entertained by this notion that making a
| company government-owned will magically ensure "proper
| customer support".
|
| That might be the funniest thing I've read in weeks,
| actually.
| holoduke wrote:
| Have you ever dealt with business support from Google? If
| you can get support at all, it's basically bots and auto
| replies. Even the worst state in the US has better
| support than Google or any other big software company out
| there.
| Bud wrote:
| I certainly was not claiming that Google has good
| support. I'm aware of basic reality. ;) But your response
| does not address my point at all.
| piaste wrote:
| > less accountable
|
| Governments are always more accountable than private
| companies, because the only way an ordinary citizen can force
| a private entity to cease its abuse is... through the
| government. (No, "voting with your wallet" isn't a thing,
| especially when the abuse is profitable.)
| unity1001 wrote:
| > No. Giving this additional power to the government will not
| have the outcome you want.
|
| Giving more power to the government on INFRASTRUCTURE at this
| scale always gives the desired outcome everywhere arount the
| world except the US.
|
| I stressed the word infrastructure. Because at this level,
| these companies are literally the gatekeepers of the
| Internet. Who control literally 70%-80% of what we see, hear
| and do among themselves. Especially when doing business as a
| small business, there is no way to avoid them. And they can
| make or break their business within a day with their
| arbitrary decisions.
|
| Imagine that your local road network was owned by a private,
| unaccountable company that was able to change the traffic
| flow within one day at a whim. Literally breaking all the
| logistics of your small shop by causing it to be much more
| expensive. Or your local power company doing the same thing.
|
| To avoid such things, we keep infrastructure in the hands of
| public companies or we VERY tightly regulate them. Allowing a
| society's infrastructure to be controlled by private actors
| is as crazy as it gets.
| is_true wrote:
| Would you be ok with the chinese or argentinian government
| running Alphabet or Meta?
|
| I don't think most government are better than any corporation.
| psychoslave wrote:
| Last time I checked, free access to education, care and
| protection against many abuses where provided by governmental
| organisms.
|
| "government are better than any corporation" (or its reverse)
| means nothing if you don't provide some specific topics and
| possible metrics to evaluate them.
|
| Also, not all government and corporations behaves in the very
| same way.
| is_true wrote:
| Sorry, don't have time to show you that most governments do
| shitty things to people all the time.
| stall84 wrote:
| I'd be in favor of trust-busting them into smaller entities
| before nationalization .. While nationalization might work for
| smaller western European countries, it isn't going to work in a
| political machine the size of the united states
| Xeoncross wrote:
| I know sub-optimal government is the default solution to all
| issues, but man, they are terrible with the monopolies they do
| control like healthcare, public education and infrastructure.
| yamtaddle wrote:
| Nah. Just make providing free services then blatantly fucking
| people over who rely on them a very risky thing to do. Like
| "attractive nuisance" laws that can make you liable if some kid
| you've never seen before drowns in a pool on your property if
| you didn't take reasonable measures to keep a kid from
| wandering into the pool. Or various regulations that make
| certain demands on businesses that open up physical spaces to
| the public (like stores or malls or whatever).
|
| Separately I'd also like to see us outlaw the kind of data
| collection & retention that lets Facebook's business model
| _exist_ , but I do think making it so offering free services
| doesn't absolve you of _all_ responsibility is something we
| should do, too, and is more directly relevant to this.
| bachmeier wrote:
| Paul Romer has offered a proposal:
| https://news.uchicago.edu/story/nobel-laureate-paul-romer-ho...
| mlatu wrote:
| someday we will organize and block back but until then...
| snowwrestler wrote:
| Why not use full domains for a service like this?
|
| Instead of client.your domain.tld, register client-your
| domain.tld. This would prevent one bad actor from nuking your
| whole business.
|
| Yes it has a cost, but it's like $10 a year for a new domain,
| which I bet pales in comparison to other direct costs of running
| a SaaS.
| simonbackx wrote:
| Yes, that is a possibility. But we only charge $59 per year, so
| there is not much room for extra costs.
| seszett wrote:
| They provide webshops for 60EUR/year and a .be or .nl domain
| costs 15EUR/year, so 25% of that. That's a lot.
| sigio wrote:
| A .nl domain name costs < $5... be probably <$10, but still.
| chrisan wrote:
| Here is our 60/year plan with a sub domain. We can't control
| the fact Facebook/Google/whatever might ban you because of a
| bad acting neighbor
|
| Or here is our 75/year plan which includes a domain to ensure
| you don't run into problems with social media
| schroeding wrote:
| Apart from the cost, this would allow bad actors to reregister
| domains, once a shop is expired, though. Subdomains do not.
| snowwrestler wrote:
| This is true. But this risk should probably be weighed
| against the risk of a bad customer getting your entire root
| domain deny-listed.
| bo1024 wrote:
| Or preregistration domains for nonprofits that aren't on your
| service (or not yet).
| jabart wrote:
| So let's look at this situation. It's a shop page,
| shop.{clientdomain}.tld. Now you need SSL for this, using AWS
| you need a TXT record from their ACM. You also need a CNAME to
| your domain (ideally) or to a Cloudfront instance. For your
| customer you now need them to make 2 DNS entries. This is from
| my experience having non-profit like entities setup DNS.
|
| - Well the person who set that up stopped responding, isn't
| there another way to get this going? - I've added all the
| record in what do you mean they don't match? - I don't even
| know what DNS is, why is this necessary? - I added in the
| record but the system didn't take one of them because it
| started with an underscore and they said that was invalid. - We
| just switched websites to WIX, why is our shop page not
| loading, is your system down? - Will this break my email, I
| don't want it to break my email. - Here is my login, just go in
| and change what you need.
|
| So in all, it's not just $10, it's a significant investment in
| time and resources to do this "simple" change that until this
| point did not have any downside. Hindsight is like that every
| time.
| snowwrestler wrote:
| No, you automate all this on behalf of your clients. The
| customer is not registering the domain and managing DNS, you
| are.
|
| The best reason not to do full domains is the risk of bad
| actors re-registering domains you release, as schroeding
| points out in another reply.
| jabart wrote:
| Now the customer has two domains and we have been training
| users to look for signs of phishing attempts using look
| alike domains AND ask them to put in their CC to buy
| things. Hard pass.
| snowwrestler wrote:
| The customer would already have had two domains because
| the subdomain was off the SaaS domain, not the client
| domain.
|
| Client.SaaSdomain.tld
|
| not
|
| Shop.clientdomain.tld
|
| If you're setting up your service as a subdomain off the
| client domain, you won't face the risk that one customer
| will get your entire service domain blocked (since it's
| the customers domain).
| luckylion wrote:
| > Now the customer has two domains and we have been
| training users to look for signs of phishing attempts
| using look alike domains AND ask them to put in their CC
| to buy things
|
| They already have to do that, only currently they have to
| put it into customername.shop-saas.com, not customername-
| shop.com, or even shop.customername.com.
| chris_wot wrote:
| Meta has form. They did this to hundreds of Australian non-
| profits when they were trying to get leverage over the Australian
| government.
| jmull wrote:
| My guess is there's a "sheeps-clothing.stamhoofd.shop". Since the
| users' shops are hosted on a subdomain, one bad acting user can
| cause the whole domain to get blamed. Meta's enforcement bots
| have, of course, zero nuance or understanding of this kind of
| thing. I doubt they would care about trampling small non-profits
| in any case.
| danpalmer wrote:
| Fun story.
|
| At my previous company we had "Sign in with Facebook" - whatever
| your opinions on it are, it was probably the right thing for the
| company at that time.
|
| Facebook decided to "audit" us to make sure we were doing sign in
| right. The tested it incorrectly, told us we were at fault and
| needed to fix it, and gave us 2 weeks to do so. We scrambled to
| figure out what the issue was, only to find after they eventually
| replied to our emails (all they told us up-front was "it doesn't
| work") that they had tried to use a sign-in only button to sign-
| _up_ , similar on many websites, not at all for our flow and not
| something it was possible for us to do. We explained this and
| they dropped the audit.
|
| 2 weeks later, they audited us again, failed us again, and gave
| us a deadline to fix it. We replied pointing to the previous case
| and explaining again why it was working. We never heard back.
|
| 2 weeks later, they audited us again, failed us again, and gave
| us a deadline to fix it. We replied asking what the hell was
| happening (politely). We never heard back.
|
| 1 week later "Sign in with Facebook" stopped working with no
| other warning. We opened a support case, we emailed our ads
| account manager, we emailed our previous ads account manager as
| the first was on holiday, and all we got was "we're looking into
| it, but it looks legit, fix it".
|
| I asked for a call and explained that the current user experience
| for users was that they would click "Sign in with Facebook" and
| see an error saying "Facebook is currently not working, please
| sign in another way", and that the only way we had to resolve
| this was to email all our Facebook auth'd users a password reset
| with an explanation that Facebook sign in no longer worked, and
| to then remove the feature from our site.
|
| "Ah. Ok yeah let me see what I can do". It was working about 2
| hours later, and we weren't audited again in the rest of the time
| I was at the company.
| jherskovic wrote:
| We removed "Sign in with Facebook" from our public learning
| management system (we provide content to the public) instead of
| continuing to jump through their insane requests and demands.
| danpalmer wrote:
| It was a ticket we had for a long time to remove it, in fact
| we had been no longer giving it as an option for account
| creation for a few years. It just was going to be a week of
| work and we wanted to avoid it if we could.
| soundnote wrote:
| OAuth in general feels like an increasingly bad idea. Log
| into everything with Google? Oops, one arbitrary account lock
| from Google and you're beyond fucked.
| jackewiehose wrote:
| I agree. And besides that I also think it's an incredibly
| bad idea to train users, who are technically not very firm,
| to enter their credentials on some random page that asks
| for it.
|
| I'm a pro and even I can't tell how this is supposed to be
| safe. How would you explain the security aspects to someone
| who can't distinguish between google-search and the
| browsers address-bar?!
| NonNefarious wrote:
| It's bad enough that loads upon loads of sites require
| people to use their E-mail address as a user ID. What a
| stupid policy, one that embarrasses many companies that
| should know better (YES, THIS MEANS APPLE).
|
| When you force people to log in with their E-mail
| address, what percentage of the public also thinks they
| need to use their E-mail password? I'm going to guess at
| least half. Now, if that site is compromised by a hack or
| disgruntled employee or whatever, people's E-mail
| accounts are wide open and identity theft galore can
| ensue.
|
| Not to mention that your E-mail address is on thousands
| of spammers' lists. Combine that list with lists of
| common passwords, and you have a shitload of compromised
| E-mail accounts right there.
|
| Nobody should have tolerated this amateur-hour policy,
| but here we are.
| bliteben wrote:
| not if but when
| [deleted]
| simonbackx wrote:
| There are so many stories like this, it is crazy! Thank you for
| sharing this.
| 998244353 wrote:
| One quite perplexing common theme is "thing gets flagged ->
| thing gets resolved by a human as a false positive or
| whatever -> two weeks later, thing gets flagged again with no
| change, presumably by an automated system".
|
| If the flagging is done by a human, is there really no "case
| file" that records the previous flags and why they were false
| positives? If it is done by an automated system, why is it
| allowed to flag things that a human has already cleared with
| no change?
| danpalmer wrote:
| FWIW, the audits were definitely being performed by humans,
| we saw the screenshots and some notes. The triggers for
| audits were likely automated.
| debugnik wrote:
| Not a FB story, but I once had an innocuous profile image
| on a Google side-account get flagged and automatically
| restricted from public view. I requested human review and
| it was manually approved. The next week it got flagged
| again; same process, reapproved. This kept happening every
| week until 5 times total; I kept going just to see how long
| would it take them to stop, as I didn't really care about
| the image or even the account.
|
| Long time after I'd last used that account, I logged-in
| again and, you guessed it, the image was flagged. Requested
| yet another review, approved. Was it really that hard for
| them to trigger human reviews _before_ restricting content
| that had already been reviewed?
| marcosdumay wrote:
| You mean large company screws up, people get in touch and
| they fix it?
|
| I completely disagree, there aren't many stories like this.
| In fact I don't remember reading any on HN.
| KIFulgore wrote:
| At my last company, we had 12 identical Facebook apps working
| as service-to-service messaging integrations. They chose to
| have 12 apps due to data sovereignty reasons, separating
| implementations in different regions. For each permission we
| needed, we'd record screencasts of all 12 apps and explain how
| to verify the system works, then submit for App Review.
|
| Usually about 4 would get approved, and the other 8 would be
| rejected. All for different reasons. Usually it was something
| about Facebook Login - which we didn't use as an S2S
| integration. It was maddening.
|
| We'd make token changes to the rejected reviews, resubmit, then
| keep resubmitting until they were all approved. On occasion an
| App would keep going to the same stubborn reviewer and we'd
| contact our Partner Manager. They're nearly powerless to do
| anything, since the Safety and Review team is firewalled off
| from the rest of Meta to prevent outside influence.
|
| Funny nuance: when in development mode, Apps can't receive
| webhook events for wall posts. Only webhooks for Messenger
| (DMs) are active. We were adding support to reply to wall
| posts, but couldn't test or demonstrate the feature because
| public post webhooks weren't available. "How do we proceed?"
| "Well, you need to use the fetch API to get posts in batch for
| Approval, then you can use webhooks." Thing is, our platform
| wasn't interested in pulling posts in batch. Just routing
| public posts in real-time via webhooks.
|
| So, we built a completely separate App to pull posts in batch
| and got it approved. Then used a proxy to slingshot webhooks
| through that App to our platform, bypassing the under-review
| Apps altogether. And we got them all approved.
|
| It's a joke that Meta tries to enforce policy at the
| application level vs. API for enterprise S2S integrations.
| Workarounds "faking" the experience are always possible.
|
| I advised simplifying things by having a single proxy service
| distributing messages to different cloud regions based on the
| customer. Or maybe 3 proxy Apps - dev, US, and Germany, as
| simple middleware shims. But not 12 Apps. It fell on deaf ears.
| Since I left, I hear with Instagram support and more granular
| permissions on Messenger, they're submitting 60+ App Review
| submissions every quarter. With the resubmissions and petitions
| it's nearly full-time position.
|
| If I ever took another position working with Meta, it would
| have to be "retire in 3 years" kind of money.
| rendaw wrote:
| Who on Facebook's side resolved the problem in the end?
| danpalmer wrote:
| Not certain. Our ads account manager (or maybe the old
| account manager) found the internal ticket and I suspect told
| them that it was looking really bad for Facebook and that
| they were at risk of losing us.
| niuzeta wrote:
| By the time the communication was sent to all the users,
| wouldn't it have been too late? "Lose" the account or not,
| I don't imagine the company ever wanted to deepen the
| relationship with Facebook.
| AtNightWeCode wrote:
| This sounds ok. But what does the META terms say about this
| business setup? There are many platforms you can't do this on
| including the major mobile app stores.
| rvz wrote:
| This is the problem. They are not giving any reasons other than a
| 'TOS' violation and won't tell you why or ignore you if you try
| appealing it. The same happened to someone on Twitter and the
| very same thing happened to those on PayPal.
|
| Before any big tech appeasers and bootlickers reply and attempt
| to defend this rubbish with 'private platform' nonsense or 'you
| knew you violated the TOS', in each of these cases do you know
| specifically why they got blocked as well? [0] [1] [2]
|
| [0] https://twitter.com/llsceptics/status/1567658400573448192
|
| [1] https://www.telegraph.co.uk/news/2022/09/21/paypal-shuts-
| acc...
|
| [2] https://twitter.com/flipper_zero/status/1567194641610465281
| pmontra wrote:
| Did anybody ever sued a FAANG for this sort of things (or the ToS
| that allow them) and got a ruling?
| nullc wrote:
| It doesn't matter what the rules say-- these companies have
| legal departments better funded than those of states. They can
| just tie you up in expensive litigation for the rest of their
| life. They're largely immune to oversight by the courts as a
| result, which is presumably a part of why they behave this way.
| tarranoth wrote:
| I have a suspicion that your domain name (stamhoofd = head of the
| tribe, tribal leader translated from dutch) is likely getting
| flagged due to some natural language processing thing flagging it
| as offensive language. I would not be surprised that it is indeed
| a fully automated process deciding that your site's domain name
| is potentially harmful for their "brand" to support.
| [deleted]
| pilgrimfff wrote:
| Buy a handful of alternative domains that redirect to your
| primary (you could stand up a minimal url shortener on each
| domain).
|
| Even if you get unblocked this time, it could easily happen
| again. Until there's systematic reform to this nonsense, you just
| have to work around it with redundancy.
|
| If they're going to treat you like a scammer, work around it like
| the scammers do.
| jrochkind1 wrote:
| I believe the facebook crawler will crawl redirects, such that
| a URL that results in a redirect to a blocked domain is still
| going to get blocked.
|
| (Even if it were a satisfactory solution to say "message all
| your customers and tell them they have to start using the new
| domain for ticket sales, including for events that are already
| promoted with ongoing ticket sales" which of course it isn't,
| although I follow you that it would be perhaps better than
| nothing).
| base wrote:
| I don't have a specific solution for you, but I also run a domain
| with some thousands of subdomains and is always a fight to not be
| banned from Google, Meta, internet operators etc. Sometimes is
| enough one bad actor under one of your subdomains to have a full
| ban on the whole domain.
|
| What I suggest is for your and your clients to contact Meta
| through the Business Center support. Their support for paying
| clients is much better. I would also recommend you become a Meta
| Business Partner if Facebook/Instagram is important for your
| SaaS.
| theanonymousone wrote:
| Then how come GeoCities, Heroku, Vercel, GH Pages and others
| survived?
| base wrote:
| They workout the issues like everyone else, and at a certain
| size the issue is minimized as you are either in several
| whitelists or human moderators recognise your domain.
|
| Most of those services also let clients setup their own
| domain name, so a ban is a more of a inconvenience to deal,
| than business critical like in OP case.
| NonNefarious wrote:
| I wonder if these assholes (Meta, Google) could be prosecuted
| under a Net Neutrality law for blocking particular sites.
| squarefoot wrote:
| > Their support for paying clients is much better.
|
| One could argue that is the whole point behind making life for
| non paying users harder.
| notacoward wrote:
| > Their support for paying clients is much better.
|
| Perhaps worth it in this situation, but isn't that basically
| paying protection money? "Nice domain you've got there. Shame
| if anything happened to it."
| bluGill wrote:
| If you are using their services for something important you
| should pay for it. I use fastmail not gmail for this reason:
| email is too important for me to risk on an account I don't
| pay for. I don't pay for youtube, because I don't care if
| they go out of business. I probably would pay for facebook if
| possible (but only if they make it FACEbook - not political
| memes, offensive jokes, and cat pictures) as it is a good way
| to keep in touch with distant friends.
| TomSwirly wrote:
| > If you are using their services for something important
|
| But they aren't.
|
| Their URLs are simply blocked by Facebook, who happens to
| be a popular third-party website.
| martin_a wrote:
| > Their support for paying clients is much better.
|
| It would really be a shame if something was to happen to your
| domain in our ecosystem because you're not a paying partner.
|
| They're mobsters.
| dymk wrote:
| You think you should get everything for free or something?
| CelticBard wrote:
| Yes
| another_story wrote:
| You think Facebook isn't getting something out of allowing
| users to sign into other sites through them?
| dymk wrote:
| You think the site isn't getting something out of
| allowing users to click a social media button to sign in?
| yellowapple wrote:
| It's almost as if the button is mutually beneficial and
| that only a greedy moron would threaten to break it
| unless paid yet more money.
| jefftk wrote:
| _> Sometimes is enough one bad actor under one of your
| subdomains to have a full ban on the whole domain._
|
| If you're running independent subdomains where a bad actor on
| one should not affect the reputation of the rest, you probably
| should add your domain to the public suffix list:
| https://publicsuffix.org
| simonbackx wrote:
| Thanks, I didn't know about that list. I'll try that!
| hirsin wrote:
| Note that adding your domain to the PSL changes how
| browsers interact with it, so don't do it lightly. In
| particular, no more cookies for the parent domain.
| Roark66 wrote:
| I'm sorry to hear of the op's troubles with meta, but this "No
| fake-news, crypto-currencies, violence, porn, or illegal
| activities... " is a very strange sentence. Why would the author
| lump "crypto currencies" along with fake-news, violence and porn?
|
| Of course this doesn't take away from the validity of their claim
| and I wish this stupid shadowban is lifted. Also I hope (at least
| in Europe) we can get some laws passed that force large online
| service providers like FB to act responsibly (past record of
| attempts to regulate the Internet by our beaurocrats and its
| results notwithstanding).
| kortilla wrote:
| They all land in moral gray areas for different people.
|
| Some people view porn as far less damaging to society than
| crypto (at least how crypto has been primarily used YTD).
|
| "fake news" is can very easily be abused to mean "news that
| doesn't agree with my world view".
|
| "Violence" is vague but would coverage of what's happening in
| Ukraine be put there?
| MBCook wrote:
| My guess is there is a TON of scamming related to crypto. All
| those comments on Twitter or YouTube (for example) pretending
| to be someone important trying to get people to send a little
| to get a lot as a "bonus for readers" or something like that.
|
| Plus scam coins, etc.
|
| It's probably far easier for them to just say "none of that"
| until it gets easier to tell the good from the bad.
| nullc wrote:
| The irony is that the platforms are still flooded with crypto
| scams, I know on twitter and youtube at least they don't even
| respond to reports on them 99% of the time-- even when it's
| the same obvious scam messaged reposed twenty times in a
| short interval--, but then they'll capriciously ban
| legitimate material because it mentioned bitcoin.
|
| It's not hard to imagine that a lot of these companies are
| now using outsourced 'moderation' where the moderators
| themselves are the scammers, intentionally permitting scams
| and intentionally flagging legit stuff. But sadly the truth
| is probably more boring, indifference instead of intrigue.
| iamleppert wrote:
| If you're going to be running a service like this you absolutely
| need to have multiple TLD's and some automation to detect when
| they have been blocked.
| [deleted]
| [deleted]
| simonbackx wrote:
| Our domain just has been unblocked, thank you everyone for your
| support! I'm soooo happy right now!
| jrmg wrote:
| Did they give you any explanation as to what happened, or why
| they chose to review the block (probably because of this
| attention...)?
|
| I'm not sure how to ask this in an answerable way, but did they
| ask you not to talk about what happened and/or how it got
| resolved?
| jrochkind1 wrote:
| Are there any US grounds for a lawsuit when this happens? I can't
| think of any, but it seems like there _should_ be, right? Not a
| lawyer, but who wants to write a memo on it?
|
| I guess it's actually the same thing as the social media "Free
| speech" wars... meta has the first ammendment right to deny
| service to whomever they want for whatever they want (sans
| discirmination against protected classes), they can legally
| decide to ruin this company's business just cause they don't like
| them, even if it wasn't an accident? Yeah, the problem is
| facebook is too powerful, they aren't just any random business
| choosing not to work with you.
| helsinkiandrew wrote:
| Are any of the sites using FB events/analytics? It depends on
| what the non-profit sites are doing, but the Facebook rules for
| prohibited domains [1] seem to include what a lot of non-profits
| may do:
|
| "Predominantly target or serve an audience likely to have
| suffered from mental, emotional, financial or physical harm, or
| facing severe economic hardship that directly affects housing,
| food security or freedom."
|
| I'm guess if a single one of your non-profit sites does all the
| sites would be blocked. Apart from pleading with FB, using
| domains for each would be a better solution to stop this
| happening the next time rules change or one of your sites does
| something not allowed
|
| [1]
| https://www.facebook.com/business/help/851247612299604?id=18...
| kragen wrote:
| It sounds like what you're saying is that FB prohibits
| community organizers, labor organizers, and charity from using
| FB analytics -- which honestly is maybe not a bad idea, because
| analytics amounts to a serious privacy leak, one which could
| especially negatively impact vulnerable populations.
| Thorrez wrote:
| That page says that if you have such a site, FB will stop
| collecting analytics/tracking data from the site. It doesn't
| say FB will block posts mentioning the site.
| NKosmatos wrote:
| Another day and again another complaint about lack of proper
| (human) support from a big company. When are we all going to
| realize that Facebook, Apple, Google and all the big names use
| automated moderating and they don't want to allocate resources
| for proper moderation? They're not going to put in place a proper
| resolution mechanism and they don't care about the average user
| that got his/her email banned, page deleted or app removed. I'm
| sure they're checking the numbers and the false
| positives/negatives are not that many that would require for
| these big companies to put something in place so as to not lose
| profit. Let's all of us stop complaining and accept the current
| situation or even better find a cheap solution to real human
| moderation :-)
| CharlesW wrote:
| Apple is nothing like Facebook and Google in this respect. One
| of the reasons I gladly pay a premium for Apple products is
| that I can talk with a human, over the phone or at an Apple
| Store.
| UnpossibleJim wrote:
| Doing business as a software developer through the Apple
| store is a different beast. Putting in tickets to see why
| your software failed can be a nightmare if it isn't a glaring
| mistake. They may treat their customers well, but they don't
| always treat their devs with the same respect.
|
| EDIT: I will note, it has been a few years since I've
| submitted to the app store, so I hope things have changed.
| realusername wrote:
| It hasn't changed, I'm basically treating the whole
| platform as legacy now and "best effort".
|
| And I'm only talking about the normal process, good luck if
| you happen to have a buggy developper account which loops
| during the sign-in...
| NonNefarious wrote:
| Apple is a scummy, back-stabbing business "partner."
| Everyone from small-time developers to publicly-traded
| companies gets screwed by Apple burying their apps (or
| simply not showing them at all) in searches that spell the
| publisher's name exactly right. They lie about app
| discovery to developers, lie about it to judges, and lie to
| the users doing the searches.
|
| However, the public hysteria over "big tech" should not be
| dragging Apple into everything, because developers are
| essentially the only aggrieved party. Unlike Google and
| Meta, Apple is not the gatekeeper to the Internet for
| millions of people. And I can almost always get a human
| being on the phone or chat from Apple, which today is truly
| worthy of praise.
| cma wrote:
| People praise AppleTV for not having ads, but the app
| search there has the same promoted ad protection racket
| stuff.
| wpietri wrote:
| It's honestly not clear to me that many of these companies can
| afford proper moderation. Twitter's revenue is about $1.20 per
| user per month. Facebook's is about twice that. Proper
| moderation is expensive, with each incident requiring
| significant time from one or more smart people with native
| fluency and cultural understanding plus deep familiarity with
| the platform rules and all the tricks bad actors will try to
| play to get moderators to do the wrong thing.
| throw10920 wrote:
| These companies explicitly and intentionally cultivated
| profit models built around providing services for free and
| subsidizing them with data collection and advertising. Their
| low revenue-per-user is a direct result of that, and if they
| can't afford to provide proper moderation, that's entirely
| their fault, and does not absolve them of the responsibility
| to provide it anyway.
| wpietri wrote:
| Oh, totally agreed. But I think this is one of those things
| that kinda crept up on us, and so status quo bias may mean
| they can keep getting away with it.
|
| As an example, look at the flu. It kills way more people
| than drunk driving, [1] [2], but society has been pretty
| casual about that. The massive covid-era drops in influenza
| deaths show that it was always possible to do much better;
| we just never cared much because we were used to it.
| Similarly, I think we're used to Facebook and Twitter being
| Facebook and Twitter, so there won't be much outcry for
| change unless they do something especially bad.
|
| [1] https://www.cdc.gov/flu/about/burden/index.html#:~:text
| =Figu...
|
| [2] e.g., https://www.valuepenguin.com/drunk-driving-
| statistics
| hliyan wrote:
| Exactly. If your car company cannot be profitable with
| airbags, then you shouldn't be in the car business (to use
| an analogy).
| cbtacy wrote:
| This is the absolute best analogy I've ever seen for this
| situation. Kudos.
| bks wrote:
| We had a similar issue but not identical which led us to
| deploying all customers on a subdomain or their own domain.
| Rather than theirBusinessName.OurDomain.com people switched to
| shop.theirBusinessName.com and we used DNS cnames to point back
| to our servers.
|
| We issued LetsEncrypt certificates automatically using Caddy and
| it works remarkably well for us. It also led us to become a paid
| LetsEncrypt sponsor and we have been for the past 4 years.
| bombcar wrote:
| This is the way to do it. And if you're charging anything
| reasonable for SaaS service consider just registering a domain
| for your customers if they can't figure out how to delegate a
| subdomain CNAME.
| anderspitman wrote:
| It's worth remembering what the long-term solutions to these
| types of issues are.
|
| For Facebook: decentralized social networks built on open
| protocols.
|
| For the ISP: normalizing the use of VPNs (through a local server)
| for all internet traffic.
|
| Yes there are tradeoffs. I'm personally happy to make them.
| zpthree wrote:
| how exactly can a decentralized network do better at moderation
| than a centralized one?
| anderspitman wrote:
| By giving users the tools to moderate their own content. If
| you're peering with an instance that seems to pass on a lot
| of bad/dangerous content, then block the instance. You can
| use public blocklists on your instance if you want, but it
| should be your choice.
|
| Also, it should be noted that blocklists are not a solution
| for things like phishing. Things like MFA and WebAuthn are
| the solution.
| tremon wrote:
| For society: making de-facto public infrastructure public
| again.
| midislack wrote:
| First thing I always wonder with these, what did your customer(s)
| do wrong?
| [deleted]
| Maxious wrote:
| > ThreatExchange (aka TX or TE) is used by multiple companies
| to share signals on a variety of topics intended to prevent
| real world harm. Some examples of how TX is currently used
| include sharing malware, phishing scams, and terrorism signals
| with the goal of helping all participating organizations tackle
| these problems based on their terms of service.
|
| https://developers.facebook.com/docs/threat-exchange/getting...
| tarranoth wrote:
| I think it is simply the domain name itself, not anything they
| did. The domain name he uses (stamhoofd) translates to "head of
| the tribe/tribal leader". I can imagine that such a word can
| easily have bad connotations and nobody wants their brand to
| support any site with a potentially offensive name that can
| turn into a PR nightmare. Likely it got flagged for this
| reason.
| simonbackx wrote:
| Good question! I would also like to know the answer. I've
| scanned through our sites and couldn't find any malicious
| content... My guess is that the block was automated, and might
| have been caused by a fake spam report. There can be some
| competition between non-profits (e.g. two scouting groups in
| the same local area). Maybe they started to report each other
| as a joke.
| midislack wrote:
| Too bad they won't actually say what the trigger even is.
| Could be one mass email.
| tarranoth wrote:
| Did you consider the fact that your domain name itself could
| have been the cause by itself? It is not extremely far
| fetched that stamhoofd could somehow find its way in being
| found offensive by some automated tool (or a person who takes
| these things very seriously). It would explain the TOS
| violation too, if it considered the word to be problematic.
| bombcar wrote:
| A large percentage of users use the "report spam" button as
| an unsubscribe/delete button in their email client.
| tialaramex wrote:
| Right, from a user's point of view labelling it "Spam" has
| the same effect as when you put letters unread on that pile
| by the door, "I don't want to read this". Should they?
| Doesn't matter. Years back we even had users who were
| _paying us_ to send them specific emails and would mark it
| as spam.
|
| The use of "users marked this as spam" as a signal is a
| cheap but lousy shortcut and it's bad news that we became
| reliant upon it.
| marban wrote:
| On another note, does anyone have experience with getting
| unblocked by Bing? Domain was blocked from the day of
| registration and has 100% legit content, yet I'm getting 'URL
| cannot appear on Bing'.
| hexo wrote:
| Sue the f* out of them.
___________________________________________________________________
(page generated 2022-10-06 23:01 UTC)