The scale of this work is unfathomable to those who have only been on the consumer side of it.
#1 is doable but would destroy our ability to combat fraud. "Here's how not to get banned next time" is not an email anyone in this space would consider sending.
#2 is simply impossible. Fraudsters consume every available resource you can put into the appeals process. This is their full time job, they can afford to call repeatedly, all day long, until they find an agent they can trick. Regular users won't benefit.
#3 is what small claims court is already for. We should make this easier, I agree.
> The scale of this work is unfathomable to those who have only been on the consumer side of it.
> #1 is doable but would destroy our ability to combat fraud. "Here's how not to get banned next time" is not an email anyone in this space would consider sending.
Just imagine laws would work that way.
> #2 is simply impossible. Fraudsters consume every available resource you can put into the appeals process. This is their full time job, they can afford to call repeatedly, all day long, until they find an agent they can trick. Regular users won't benefit.
That argument doesn't pass the smell test. Apple makes more profits than the scammers whole revenue, so just from a resources standpoint Apple could starve them. You just need to make the process so it can't be easily automated (e.g. require going into an apple store with your ID)
> #3 is what small claims court is already for. We should make this easier, I agree.
So in #2 you say it would overwhelm the process and now your argument is that essentially the public should pay for the process?
If small claims courts can deal with the issues than why can't a trillion dollar company.
> Just imagine laws would work that way.
This is how "tipping off" law often works in practice.
As a support agent you often lack full visibility into the treatment or history of the person on the other end of the phone, especially if they're a bad actor. You can't tell them what is or isn't fraudulent behaviour, or what might be construed as such.
I don't know what you mean by "tipping off" laws mean, but certainly if you get given a penalty in law (e.g. you get judged in court), you will be told what you have done wrong, and shown proof of it.
Still, from your perspective, do you have any opinion on this particular case, other than "you can't make an omelet without breaking some eggs"?
Why not introduce friction on both sides, like: 1/ just face to face, physical meeting? 2/ or a basic (paid, yet reasonable) insurance that account management doesn't happen over the shoulder?
I’ve tried to come up with some strawman explanation but I can’t see it.
Gift cards are the currency of modern confidence scams. Accounts that redeem a lot of high value gift cards are suspect for that reason alone. Buttfield-Addison makes it sound like this is common practice for him, so his account may have been on a shitlist already.
Apple may be so sensitive they'd close a suspect account after one failed redemption. It's also possible that card was first redeemed by an account that was closed soon after for fraud, and Buttfield-Addison's subsequent attempt linked his already-suspect account to the fraudulent one resulting in automated actioning.
Again, this is pure speculation, and is not meant to justify Apple's actions.
I could see doing a lot of card redemptions as a flag, but then I think the next step is "what are they spending the credits on?" I could see a scam where you launder cash by turning it into cards, and then buying shitty and expensive apps. Thus paying apple 30% to clean money for you.
To answer in general, aging of accounts is common as is synthetic credibility-building activity. There are marketplaces where you can buy sets of years old accounts with activity for every major platform. Anything you could come up with would either be so stringent it would exclude most users or be easy enough to become a target for account sellers.
To be honest this is why I got out of the space, it's sisyphean.
Most megacorps do suck - and also it's probably true that the lack of customer support is necessary to offer the products they offer at popular price points. People just don't wrap their heads around the scales involved, generally because the exact numbers are proprietary.
[1] https://www.bitsaboutmoney.com/archive/seeing-like-a-bank/
Small claims won't help you to reinstate the account. You _might_ get money for your phone back.
And a real court? You signed away that right. It's arbitration for you.
One thing I do not understand however is why wouldn't companies offer paid appeal process perhaps with refund in case the termination decision is indeed overturned. I would gladly pay $100 to have my Apple/Google/etc account properly reviewed in order to get it back once it is inevitably flagged by yet another AI. Seems like win-win all around.
These companies are critical to people's livelihood in 2025 and they should be treated at such. Many people rely on them for their life, they store sensitive information and control communication.
I'm of the opinion that if a business can't provide adequate support at scale, then it should either stay small or cease operation.
Dealing with fraud is your issue and part of your business, not citizens.
I'm sorry to inform you they work exactly like this.
https://web.archive.org/web/20231105205756/https://www.nytim...
Could it be that fully automated payment processes are just so fundamentally vulnerable that their very existence needs to be questioned because of how overwhelmed they get with fraud attempts? I'm deliberately being controversial here for the sake of discussion.
I agree there absolutely needs to be a form a habeus corpus here with arbitration to hear from both sides. And what's more, even when an account gets shut down, an export of all data must be provided, and a full refund of the purchase price of any digital licenses/credits still active. So even if a spammer takes over your account and Megacorp isn't convinced it wasn't you yourself that decided to spam, you still don't lose your data or money spent -- it's ultimately just a (very big) inconvenience.
Corporations need to be heavily regulated. They won't just do the right thing for its own sake.
https://www.simonandschuster.com/books/The-Corporation/Joel-...
I just mean that otherwise, usually competition ensures good outcomes for consumers, because the corporations that produce bad outcomes go out of business once consumers catch on.
But there are definitely exceptions, especially around rare events that are difficult to foresee or that can't reasonably be expected to be part of product comparison. The likelihood of your account being shut down without recourse and losing things you've paid for falls into that category perfectly. Predatory surprise fees with things like credit cards and bank accounts, and that change without warning, also fall into that. Also minimum warranties, since consumers can't easily inspect quality on the inside of a product.
Yeah, I mean it's just basic rules of commerce, not very different from laws about false advertising.
As it happens, in the U.S. consumer protection policies always top the lists of policies with the most bipartisan support.
"Yes support tech, please understand my child just died of cancer and my wife in a car accident last week and the only pictures I have of them are on my bitcoin4free@gmail.com account!"
Google probably also bans thousands of accounts a day. And suddenly every single one of them needs a full human appeal review. Because jamming up the system is (short term) beneficial to these shitheads.
The only way this is going to change is if shareholders hold executives accountable. Consumer protection regulation with real "teeth" that impacts the bottom line will bring angry shareholders to the table very quickly.
The problem with having support dealing with problems like this is that fraudsters will figure out how to manipulate it, while honest people will still encounter these problems. The easier you make it for honest people to resolve these disputes, the easier you will make it for fraudsters since it would involve yet another avenue for them to exploit. Plus the whole process will become more expensive, which someone has to pay for.
Scammers would call into Teleco customer service with panic and tears to trick the support person into moving your phone number onto their device, and then they drain your SMS 2FA accounts.
It is already baked into the costs in business models of big companies. And they are pretty good at it, actually; we’re talking about one high-profile case, and it’s not the only one, but it is rare enough that such stories are still newsworthy.
The standard that people want, though, is absolute certainty: zero errors that affect real customers, a 0% false positive rate.
The scale is in fact a challenge. If a small business has a 0.00001% false positive rate, they will affect approximately zero of their customers. For Apple, managing billions of accounts, that same false positive rate would affect hundreds of real customers every day.
https://www.bitsaboutmoney.com/archive/optimal-amount-of-fra...
... which hasn't happened, but maybe once every 3 months I move another service to logging in with an email on my personal domain ...
We're all worried about identity fraud, and such documents are actually used to apply for an id in some countries!
No, the real problem is that we have no reasonable alternatives when companies misbehave. There is no meaningful way to exist in society today without an Apple or Google account, and that's actually insane. It's doubly insane for people who aren't citizens of the United States (although the CCP addressed this by requiring Apple make a separate iCloud for them).
The solution isn't to legislate a right to a bank account, it's to preserve the usefulness of cash so banks don't get too far out of line.
As is the case for many other infrastructure companies, such as your local electricity network operator (or even supplier depending on market liberalization). We also didn't solve that problem by ensuring everyone's right to run a generator in their backyard or heat their city apartment with a coal oven.
If tech companies have become essential to our day to day lives and are not willing to allow for horizontal interoperability, i.e. to split over-the-top services from infrastructure and individual elements of infrastructure from each other – because walled garden lock-in undoubtedly increases profits – why not regulate them as infrastructure entirely?
Well, to be fair, I do create an ephemeral Apple ID every time I get a new phone… But I immediately log out of iCloud after downloading the two or three apps that I use. I have no idea what my Apple ID or password is… I would have to go look them up.
Further, if I lost said Apple ID, I would lose nothing of value.
I believe, as you say, I exist meaningfully in society.
In other words, you do have an in-use apple id at (pretty much) all times.
Further: the three apps I install are not crucial - I could live just fine without them. All I really need is Safari and a working POTS endpoint for my cloud-hosted phone number ...
I assume the Chinese government is quite happy with this, because they have no trouble bringing their large companies to heel, unlike the US. And centralizing payments like this gives them a great deal of information and control.
Apple willingly preserves a backdoor in the e2ee of iMessage for the FBI et al in the form of effectively unencrypted iCloud Backups.
The whole “Apple won’t decrypt stuff for the FBI” narrative is farce.
Post Snowden, all the tech CEOs met in person with Obama to do damage control, as they all had some serious credibility problems once the reality of FAA702 (warrantless one click direct access, aka PRISM, aka the #1 source for the IC) came to light.
You can't keep chasing alternatives when companies misbehave
That's why there's a thick list of contract law precedents and consumer's rights and what not
When the services that a company provides gets to this level, it starts becoming like a public utility. If it's not possible to participate in society without using such a service, then the services should be governed like utilities are.
I wouldn't be opposed to having actual government-provided services for things like e-mail, text message, and discussion forums at a very basic level. Then (in the US anyway) we could apply the government restrictions on privacy and freedom of speech, with laws governing the oversight and implementation. Of course there would be major details to work out to prevent misuse, corruption, etc.; but it could solve the problem of losing your essential on-line identity -- as long as the government has any interest in you at all for something like expecting you to be able to send/receive an e-mail in order to pay your taxes, then they wouldn't ever cancel your account. 3rd-party services would still be possible, but then they could do whatever their business model supports, and caveat emptor. How people can expect businesses services like Facebook to comply with their personal expectation of free speech is beyond me.
* evidence
"Habeas corpus" is not a lofty expression for evidence, although people sometimes use it as such. It's a procedure for challenging one's detention before a court.
It has a REALLY good section about why customer service is very hard to get right
You could do a revenue threshold or something but seems tricky.
That's what countries regulating this tend to do (often user count instead of revenue thresholds, but similar).
It also makes sense, because if the podcast guy bans you, you can pick a different podcast player or just not listen to podcasts. If both Google and Apple ban you, you're also effectively debanked because you can't use their app stores to install the banking authenticator app that is required to use online banking, possibly excluded from using public transit, etc.
I have personal experience here. I was gifted a meaningful chunk of Apple gift cards. I redeemed them to a secondary Apple ID as this ID is rarely used. It got locked when I tried to spend the Apple gift cards.
It took a couple tries over a few weeks, but Apple support were very helpful and able to unlock the account. Where I must've got lucky is the automated system must've allowed the Support to take this action and it sounds like in the case here whatever fraud flag triggered issued to far more severe response.
My case I should add the gift cards were totally valid. It just was rarely used to count. That might explain why it was easier to resolve in any event. They absolutely as human support. The real issue is when human support can't overrule the computer.
Companies should be required to provide access to a service that verifies identity. I know such companies exist, so it is doable. And then, once it is provable that they are dealing with an actual human who can be identified, your rules can be applied.
I guess that's one reason enterprises like them
I see no reason enormous companies should carve out exceptions to the legal system. You exchange money with them, that's commerce, it's a contract. This is exactly what civil court was designed for.
If you try to make carveouts for him, they will still be absurdly restrictive and the carveouts will be abused by the likes of Reddit.
If this happens more than a few times, they will quickly remember why customer support is necessary.
The judge would likely never see the case, because the legal department would make sure it gets escalated to someone who can unfuck the problem before it gets that far.
Suing companies can legitimately be the easiest way to resolve issues, especially where small claims courts exist: It turns the issue into something that they can't "resolve" (for themselves) simply by ignoring and stonewalling you, so it becomes cheaper to actually fix the issue.
So like, if you get caught, red handed, absolutely 100% you, performing gift card fraud, the maximum punishment from Apple should still be getting banned from the gift card system (buying or redeeming). And if they want more consequences for you because they think you’re running a fraud ring, they should have to sue you like a physical store would. But not lock you out of the rest of the ecosystem. Otherwise you get the false positives getting the digital death sentence Apple tried to hand out here
Further, the current court system is already backlogged by months or years for serious crimes and property disputes. You are suggesting we socialize the cost of private customer service disputes. Why should taxpayers fund a judge to decide if a "common sense" decision was made about someone's banned World of Warcraft account?!
I'm sorry but this idea is very obviously not congruent with reality as we know it, as nice as it may sound.
Initially, the user requesting the hearing (this discourages the scammers).
When the appeal is won, the company (this encourages doing a really good job at not banning legit users and enabling lower-friction ways for them to appeal).
> You are suggesting we socialize the cost of private customer service disputes.
No, it can just be a dedicated body, funded as described above. Yes, this might mean that free accounts cease to exist, although I suspect in practice it would just result in a fraction of the profit from free accounts going into better (less user-hostile) abuse management rather than profit.
Won't somebody please think of the shareholders?
If this place attracts violence, the company can afford bulletproof glass and an alarm button that alerts the police, and I'd rather have the unstable 1% remanded to police at the risk and cost of a rich company than to have them stab a rando on the street later.
Employee protection laws that mandate said bulletproof glass in certain situations already exist in civilized countries.
We should impose, by law, the following rules on all companies that offer accounts to their customers.
1. If they block/ban/close/suspend a customer account they must provide habeas corpus. Explain to the customer the policies that were violated that resulted in their account being terminated. Additionally they should be required to show the customer the evidence that led the company to make the decision.
2. They company must provide an accessible live human appeals process. The human they appeal to must have the discretionary power to investigate and make a common sense decision even if it contradicts policy. This process currently only exists for people who are capable of making a lot of noise in public. How many people lose their accounts and suffer harm because they are incapable of getting attention in public? It needs to be available to all customers with a simple phone call or email. It must also be required to make a decision very quickly, 24 or 48 hours at most.
3. In the rare case that the company still makes an unjust decision, there must be a quick and accessible legal remedy. Establish some kind of small claims court where it is cheap and easy to file without a lawyer, and where cases can be heard and decided on short notice.