Ask HN: Hacker claimed ownership and then deleted my Facebook Page of 50k users

Absolutely.

As engineers, we don't reduce the world to a choice between two mechanisms, to be battled over with no hope of improvement. We are not divided into mongoites and postgresists, we are interested in new solutions and improvements.

We should think of institutional design in the same way. How do institutions work? What are the options and how do they fit together? How do they affect the affordances and limitations of each?

Politics should be limited to goals, it is a crap way to decide about methods.

I appreciate your comment and I don’t mind putting my cards on the table: I am a Marxist. I believe in democratic institutions by the people and for the people. Capitalist states will never suffice. Social democracy is good, but unsustainable. Soviet Communism was a failure, but a single failure. Capitalism is a necessary step in human progress, but it cannot last. Libertarian solutions, as you propose, are no more idealistic than mine, but I don’t put my faith in them because ultimately we are social beings. We all live in a society, and we must attend to it as such. We need institutions by the people and for the people, and the great leaps in technological developments made by capitalist state funded programs in the past century (private companies did very little in comparison) give us a chance to reimagine a new future, but that can only happen by acknowledging the old one is dying, and already dead for for an increasing proportion of the working class.

My only issue with Mastadon is that regular busy working people with families to raise on depressingly low wages cannot justify the effort to participate. If if can’t work for all of our society, it can’t work for our society. Period. So, if we can figure out how to make it work for everybody, then it sounds like the answer to me. I suggest we start by fighting for a national universal healthcare program to undermine the first of the private interests that control our public goods. It will also incentivize development of democratic institutions of the working class and save millions of lives.

Non profit organisations could fill that gap. If proper financed directly by its users, otherwise they will go down the same path, if they get their money directly or indirectly from advertisement.

I see you haven't been a victim of identity theft yet.

It doesn't take much to hijack a bank account and eventually you will regain access, but it isn't as simple as you might imagine and a fair amount of damage can be done in a short period of time.

I mean... banks are the worst in this case.

Banks are known to irreversibly close accounts if they think you triggered some random algorithm, you have the same name as a terrorist, you have the wrong job, they don't like how you're using your account, or any other completely random reason. The decision is final they'll usually even refuse to tell you why they closed your accounts.

I had a bank (BMO Harris) close an account because the only transactions I had for about a year or so was "received directly deposited paycheck -> transfer entire amount to other bank account." At least they actually told me the reason.

That is until the bank happens to be 100% online.. they can’t verify your identity so they close your account and you can’t access your account nor contact the bank because you don’t have an account so you try to create an account to inquiry about your other account and they tell you you already have an account so they can’t open you an account and now you’re stuck with no way to contact the bank and no funds and noone able to help you. This is an extremely common scenario with banks in Germany.

This only works if you fit that stereotypical definition of what a "normal" person looks like or does. As soon as you deviate even a little from the norm, suddenly you got problems.

I had to do two interviews with a bank to open an account in UK because their automated systems were giving them "errors", apparently, when they're trying to check me. Normal people have to complete an online form (5 minutes) and will receive everything through post.

A year later I had to phone paypal support four times as it wouldn't accept neither of my two cards. On my 4th try I finally managed to get an actual English guy to answer my phone, who finally managed to understand every word I was saying without having me to spell anything letter by letter..

Last week I wanted to buy a plane ticket. I had no problems doing that until now (I had an old laptop with windows 7). Now, since running Linux, I open the website, as soon as I click search to find a flight, suddenly captcha! Every 3-5 minutes a new captcha...

This is a nightmare!

All of these things work well for the rich, but the number of unbanked working Americans is astronomical. They cash their checks for fees. Try visiting the customer service counter at a rural Walmart in the U.S. on a Friday and you will see what I mean. The line snakes back to the rear of the store.

The bank doesn’t do that for you. The bank does that because regulators require them to as a condition of being in the banking business.

I will point out that in Canada, many of our telecoms were run by privately operated, publicly owned organizations (Crown Corporations) that operated at arms length. Until they were sold for pennies on the dollar by governments looking to score a quick win for "fiscal responsibility" and "small government", these organizations operated with a high degree of public scrutiny, and had the goal of offering low cost, reliable services.

By most accounts the quality of service in relation to the price has been awful in most places in Canada, and the few places that still have Crown Corp delivered telecoms are among the happiest customers in that sector.

This same scenario has played out across multiple sectors including oil & gas, electricity and hydroelectric services, and here in BC, transportation services (BC Ferries).

Everyone likes to take a dump on public run services, but practically speaking, they have more oversight and accountability than privately run services.

But I can go to a desk and, talk to someone, and, eventually, possibly after a very long time, someone will act. With canned response AI private corps I don’t have this. Also, at least where I live, if you make more of a stink at the office of the public org in question, you get helped faster and often better.

Exactly. Imagine your DMV experiences but applied to this. Then again, based on stories like this, private seems to be even worse. Even the DMV has human interaction possible after demoralizing wait times unlike shouting into blackholes that is FAANG support

Nothing is secure, so it’s not about that. It’s about accountability .

Public institutions governed by a democratic state not bought by private companies would absolutely do a better job. Realize we don’t have any public institutions in the United States. Our entire government works for multinational corporations, not the people living here.

You have legal recourse at least to file a FOIA request and force them to respond.

The yellow pages were absolutely run by state-owned telecom operators, less than 25 years ago, all over Europe.

Both have regulations written in blood, though. Lives have been lost which is why rules exist in these fields.

Construction and food are great examples of how the government keeps us safe. Building codes and food regulations are wonderful things.

> People don't get spoiled or poisoned products.

I'm quite sure that this still happens only to lesser extents. Compare European food regulations to U.S. food regulations. American food while not explicitly killing people outright still has some ghosts in its past that are present in today's foods. See the Coca-Cola, Sugar companies, and 'fat-free' corporate lobbying of the FDA, as well as the huge advertising for terrible food has affected Americans.

The U.S. has food deserts, where fresh produce and food is either too expensive or impossible to find with substitutes being boxed goods laden with sugar and grains from the whale of corporations like General Mills and Kellogs.

I think it's a 'large bureaucracies in general' problem, there seems to be a critical mass in any kind of organisation beyond which dealing with them in any capacity becomes like pulling teeth. I don't think public services are necessarily flawed because it's the state providing them, I think it's more that the state is also an enormous bureaucratic organisation and subject to the same issues. When the state creates groups that are enpowered to cut through the internal politicking it can be very effective, for example the gov.uk site that's been praised a lot on HN.

Just look at rail in the UK, it was the butt of contemporary comedy when it was nationalised and it's still a dog's breakfast thirty years after privatisation. It's not the ownership that's the problem, it's the nature of the organisations responsible for providing that particular service. I think the public/private dichotomy is a bit of a false one when it comes to quality of service a lot of the time.

Social media is just a basic telecom utility service. Most of societal communication takes place on it. It’s fundamental enough that most individuals, businesses, celebrities, and government officials participate in it. I don’t understand the distinction you’re making - to me it seems fairly fundamental and it also seems like social media depends on network effects, which justifies regulating the biggest ones.

He's too easy on them (depending on jurisdiction, I suppose). That's an awful lot of work they put you through, and you deserve compensation for it. Not just breaking even either. Get a consumer protection lawyer. They'll not only zero the debt, but get you a settlement for the hassle. Of course, this requires playing a bit dim, so they are comfortable enough to think they're getting away with the illegal harassment bits.

Not terribly important but there are a few paragraphs there that contain a number of factual assertions completely contrary to my experience with the training we all received at a major regional US bank. I wasn't a CS rep (I'm an engineer) but everyone received a lot of training on this stuff (our customer service tenets were treated with the same seriousness as anti-money laundering, know your customer, and all the other stuff every person in the bank received training on, because failures in these areas can all lead to very bad places) regardless of their position.

Mean words cannot hurt a bank. Threats cannot hurt a bank. Paper trails, though, are terrifying to regulated institutions. Your bank’s customer support representatives are taught to evaluate whether someone looks like they’re competent and collecting a paper trail. If they are, the CS rep is supposed to stop touching the case immediately and instead escalate them to a supervisor or to the legal department.

At a first approximation everything in that paragraph is wrong. Banks care a lot about reputational damage (i.e. you can make them look horrible on twitter or in a news article) and will immediately begin taking you more seriously if you mention you might contact a lawyer, are already in touch with a lawyer, etc. It's true that communication is better and things work more smoothly if you have all your ducks in a row, but I think a respectful customer service rep is just going to assume that a paper trail exists or can be produced. They aren't going to try to take advantage of a situation where a person does not have every last document at hand during the call in order to provide worse service.

Perhaps interestingly, "legal department" is a phrase I do not recall anyone using at any bank or credit union where I've worked. I mean, they've got lawyers, and I suppose most of them are organized into one or more departments... nevertheless.

If you're feeling contrary, especially on the topic of reputational damage, you would be right to point out that banks like Wells Fargo continue to exist. I am in awe of the fact that anyone continues to bank with them.

This is fascinating. It certainly makes sense; in a way, I came to this conclusion on my own without having been formally schooled. I guess it comes from observations.

Wouldn't mind a few extra tips and perspectives though, so definitely going on my reading list for the weekend! Thanks for mentioning it.

Thank you!

In the OPs case it would be less about getting an actual copy of the data, and more about the asking from the legal team (or some other human). The data I was thinking about was logs to help catch the hacker and a record of all the actions taken on the page (event history), as opposed to the 57k users. Like in the above linked article from patio11 (Dangerous Professional), it's a papertrail.

I agree that it's irritating that a lot of the big companies make it almost impossible to speak to a human, but I understand why. I've been on the other side of support enough times to know that they have to wade through an enormous volume of stupid questions for every one legitimate problem. It just doesn't scale.

There does need to be an escalation path somewhere for items like this, but how do you differentiate between this and the million people that claim their page was hacked when in reality they just forgot the password or accidentally deleted it.

That doesn't make it appropriate, but it does make it easier to understand. Everything is systems at a certain level. Capitalism is one part of that, but also just the sheer scale of it. Facebook has 2.6 billion monthly active users[1].

Lets say that every year 5% will think they need help, it's an arbitary figure, because I just don't know. They may or may not need help but they come across a problem they can't solve and want to reach out for support. Note: It's not necessarily the same 2.6 billion users each month, but let's ignore that.

    mau = 2.6 billion
    needing_help_yearly = mau * 0.05                   // 130,000,000
    needing_help_each_day = needing_help_yearly / 365  // 356,164

The average time to resolve a ticket is hard to know but I found one example that suggests 8.6 minutes[2]. I have no idea how accurate that is, or whether it's applicable to social networks.

    average_time_in_mins = 8.6 minutes
    support_mins_per_day = average_time_in_mins * needing_help_each_day     // 3,063,013 min 42 s
    support_hours_per_day = support_mins_per_day in hours                   // 51,050 h 13 min 42 s
    humans_needed_for_support = support_hours_per_day / 8                   // 6,381

This is a gross simplification, and you could play with a lot of variables to change these numbers, but it gives an idea of the scale.

Compound this with an attitude that they don't NEED a human in the mix, and the complexities and costs of managing a a support team and it starts to make sense why they don't offer support (even if they should).

[1]: https://www.statista.com/statistics/268136/top-15-countries-... [2]: https://www.thinkhdi.com/library/supportworld/2019/metric-of...

Ah, but when apple ask the follow the rules wrt privacy policy, they’re like ThiNk abOut The smAlL BusIneSS.

The OP indicated he hadn't been able to get any sort of response from Facebook at all. I wouldn't consider this as first line of enquiry, it's more for if you can't get any help through regular channels.

I think it's worth pointing out that I'm not suggesting legal threats, which probably wouldn't work anyway with Facebooks size and terms of use. Just talking to their legal team won't necessarily invoke the "no-one else can now talk to them".

That's why asking questions like how law enforcement could engage to catch the hacker might be useful. It's not combative, it speaks more to anger at the hacker than at Facebook, but at the same time a human becomes aware of the problem.

The corporate lawyers that I've worked with spend a lot of time thinking about how things can go badly for a company. That means they're keen to mitigate risks, and they have latitude to actually do things. They have KPIs/OKRs that align with the current problem.

At the end of the day they potentially get to feel good about sorting this problem out as well.

What regular support team?

Only if the regular support team was involved to begin with.

> regular support team

Sorry, what do you mean?? The non existing team??

You might be correct. I do not know the community in question nor the desire of the community leader here nor their background for interest in what i suggested. But i figured, i just provide a proposal, that's all.

And, separately, while the fediverse is vastly dwarfed in participation numbers by convenional social media...at last count there are several millions of users engaged within the fediverse...Now, that number fluctuate wildly depending on sources from single digit millions of users to double digit millions of users, etc...But there are still quite a large number of people nowadays on the fediverse. I happen to know many users (that i ineract with constantly) on the fediverse who are most definitely not tech-geeks. I win nothing if this community leader listens to me or not...again, i was just proposing a suggestion.

> There is no "legacy FB page" to join as a participant. That's the problem. The hackers deleted the page...

Yeah, the lack of the page does hamper things greatly. I'm sorry again that this happened.

> ...To be honest, it's more like the commenter below says. If my Heavy Metal community A disappears overnight, chances are people will simply jump over to Heavy Metal community B rather than start looking for 'fediverse' stuff (I don't even know what that is, to be honest, and I doubt many of my subscribers would either)...

My hope for you is that you and your fellow community members can in fact continue - whether it is on something like Heavy Metal community B, etc. Obviously, your call if you are or not interested in researching other options like the fediverse...Although, you (and other community members) should start thinking of plans for what to do if another hacking incident happens. (I sincerely hope that this kind of thing does not happen to you and your community ever again.)

You're correct that by itself distributed systems - like the fediverse - do not automatically prevent hacks/security events. Although diversity of nodes (and decentralization of nodes too) does help because if one node is struck, then others can still operate; not foolproof but does offer some level of resilience. Also, to clarify, my proposal was more about sovereignty and added control of one's comunity and by extension content/voice. Certainly, if the relevant community lived on the fediverse, perhaps there could have been more that might have been done to continue even after some hack...maybe.

As someone who works in reputation management, it was observed that there's very little incentive/value for the business to follow up on individual complaints with limited exposure - At best, resources will be spent with little return of value, at worst, the business may be dragged into a legal battle.

Does that stand for "Popularity Ratio"?

It's not very empathetic that's right but it's still true. People have to stop building their livelihoods or passion projects on these platforms, if they want to have any control over them at least.

Reach out to bands who know you personally and ask them if they'll help spread the word about the new community. You can coordinate to do so on a particular date.

Reddit has a couple of popular metal subreddits, etc.

If there's a community that's going to hunt you down until they find the info they need in your ultraspecific, obscure, niche blog, it's metalheads.

Open a quick forum and work on it, build SEO articles, ask people to share articles on other pages, and grow your community double the one you had on FB instead of despairing and worrying about stupid upvotes. Best of luck

It's basically required. I've had them shut down two accounts with zero activity on them and refuse to let me back in without a phone number

I requested a refund of my tax money as well because of the pot holes in the road.

Didn't Facebook had an internal employees only support system that was quick to respond a was encouraged to be used on friend and family issues?

I'd assume Facebook has been tracking IP addresses and other computer fingerprint info from the machine(s) you have been using to upload content.

The person who has taken ownership would have different machine fingerprint info.

So Facebook should be able to confirm you have been the main uploader for quite some time.

Hi my metal brother,

I have nothing to gain from a PR stunt. As you can see from my website, it's a small blog, not a mainstream professional website. But it means a lot to me sentimentally, because it's something I have been working on for 11 years, and a small (well, 56k small) community of metalheads was built around it. The last few years the only content was the end of year lists, but this was very popular on Facebook.

I think the main reason it became valued among metalheads is because it's not a "mainstream" list, of the kind promoted by the music industry, every year the same people... I go to great lengths to find out great music. Often enough, a band which I think deserves to be on the top 20 list may be relatively unknown in mainstream media, and both the bands and fans seem to find value in this and thank me for it.

Check out the end-of-year list for 2021. You may find something you like. I particularly recommend the top ranked album on that list, Thy Catafalque!

Probably difficult as FB used to allow a lot more leeway on how FB groups and their posts were shared. The road to xx,xxx group members is a lot harder than it once was.

if it was done through your account id imagine you'd be able to see it in your activity log? the distinction is critical

Perhaps you've got a point where HN was originally started by PG for VC related news, if I'm not mistaken.

Personally I cannot recall a single article that misused and abused the term 'hacker' for 'entrepreneur' in HN postings. But if you can point out even one single title in HN posts that replaced the word 'entrepreneur' with 'hacker' it will be helpful. I probably can show you several misused and abused the term 'hacker' or 'hacking' inside HN post titles for the past week alone. Seriously the misuse and abuse of the term need to stop, period.

scammer PM'ed me, asking if I would sell, asked to get low level access to check audience, I know it was a scam but got really curious, because it was really low role access so I thought "what kind of damage can he do really" to myself.

It was small page so I went with it, granted role (I will not go into specifics for obvious reasons) and waited... as soon as he got the role, he (or maybe someone helping him) claimed my page from another account and confirmed with this newly granted role by me, quickly removed me and merged it into bigger page.

As I was looking at it I actually managed to click "Cancel" button several times when he was sending claims and made it as troublesome as possible but eh.

It is a loophole that Facebook has not closed yet, I tried to inform them but tools are really rare for that.