Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Playing devil’s advocate, perhaps the level of risk associated with allowing low-level (or even senior manager-level) support staff to transfer ownership of accounts is too high? The level of sophistication of scammers/hackers/fraudsters is likely well above what Facebook would likely employ as support staff. They likely would need to staff paranoid paralegals to ensure customer support doesn’t become yet another lucrative vector to compromise FB accounts.


I don't think that's an incorrect assessment of the situation Meta has placed themselves in, but it also is entirely their responsibility to solve.


Yes, the only semi-secure way to do account resets is in person and courts are one way to do that.


Probably a very secure way if it requires you to appear in person at court and provide documents proving you are who you say you are.

For requests of account ownership transfer or resets, I would say this is probably the best way to go about it, as it basically prevents people operating in other countries from having a chance at taking over your account remotely by playing customer service reps, and greatly raises the barrier in general for any fraudulent activity happening in the process.


In all my years of litigating I have never once been asked to prove I am who I say I am.

I've also never once seen the court actually check the license of any attorney that gives his name and number, either.


But, conversely, it also means that people in other countries who have genuinely lost access to their account have no recourse.


They should go to court in that country.


It doesn't help them at all unless Meta also goes there.


But in a lot of these cases, ownership of the account isn't in question. I don't see how a request of the form "unban me" could be used to steal accounts.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: