Hacker News new | ask | show | jobs
by vertis 1598 days ago
Sometimes company legal teams can be the most accessible way to draw attention to something like this, and I don't mean in a combative way. They're very risk conscious, they see a '10+ years of building a heavy metal community, gone like a puff of smoke' in terms of risks, both of bad publicity but also if you were to somehow litigate because of the damage to your business or project. Often they have an email address that is manned because they have to respond to legal requests of various types.

You can potentially request all your data (and data about the hack) and let them know why, maybe reach out asking how you can get law enforcement involved and who you should contact after you've made a police report. It's not a threat, but it get it on somebodies radar. If you express how devastated you are there is potential for them to help. They also have a lot more latitude than any kind of helpdesk (especially at the scale of Facebook, and the users/customers facebook has).

They're also well connected with-in an organization because they have to sign-off on all kinds of projects and risks.

I think `patio11` has amazing advice is a similar vein[1].

[1]: https://twitter.com/patio11/status/1162561822248992768?lang=... (I think he has a longer version/reference, but I can't find it)
4 comments
KerrickStaley 1598 days ago
The patio11 blog post you're looking for is https://www.kalzumeus.com/2017/09/09/identity-theft-credit-r...
link
stronglikedan 1598 days ago
He's too easy on them (depending on jurisdiction, I suppose). That's an awful lot of work they put you through, and you deserve compensation for it. Not just breaking even either. Get a consumer protection lawyer. They'll not only zero the debt, but get you a settlement for the hassle. Of course, this requires playing a bit dim, so they are comfortable enough to think they're getting away with the illegal harassment bits.
link
justin66 1597 days ago
Not terribly important but there are a few paragraphs there that contain a number of factual assertions completely contrary to my experience with the training we all received at a major regional US bank. I wasn't a CS rep (I'm an engineer) but everyone received a lot of training on this stuff (our customer service tenets were treated with the same seriousness as anti-money laundering, know your customer, and all the other stuff every person in the bank received training on, because failures in these areas can all lead to very bad places) regardless of their position.

Mean words cannot hurt a bank. Threats cannot hurt a bank. Paper trails, though, are terrifying to regulated institutions. Your bank’s customer support representatives are taught to evaluate whether someone looks like they’re competent and collecting a paper trail. If they are, the CS rep is supposed to stop touching the case immediately and instead escalate them to a supervisor or to the legal department.

At a first approximation everything in that paragraph is wrong. Banks care a lot about reputational damage (i.e. you can make them look horrible on twitter or in a news article) and will immediately begin taking you more seriously if you mention you might contact a lawyer, are already in touch with a lawyer, etc. It's true that communication is better and things work more smoothly if you have all your ducks in a row, but I think a respectful customer service rep is just going to assume that a paper trail exists or can be produced. They aren't going to try to take advantage of a situation where a person does not have every last document at hand during the call in order to provide worse service.

Perhaps interestingly, "legal department" is a phrase I do not recall anyone using at any bank or credit union where I've worked. I mean, they've got lawyers, and I suppose most of them are organized into one or more departments... nevertheless.

If you're feeling contrary, especially on the topic of reputational damage, you would be right to point out that banks like Wells Fargo continue to exist. I am in awe of the fact that anyone continues to bank with them.

link
toastedwedge 1598 days ago
This is fascinating. It certainly makes sense; in a way, I came to this conclusion on my own without having been formally schooled. I guess it comes from observations.

Wouldn't mind a few extra tips and perspectives though, so definitely going on my reading list for the weekend! Thanks for mentioning it.

link
vertis 1598 days ago
Thank you!
link
Abishek_Muthian 1597 days ago
> You can potentially request all your data (and data about the hack)

It is impossible to backup the existing page using Facebook Download Page tool for a page with large number of users, I've been trying that for months[1] to delete my Facebook account. Perhaps if initiated by their end it might be possible but then again does requesting user data using personal account include page data as well?

There's now a 'How can I reach a human at Facebook' post making to the top of HN every month in vain. I think that Facebook employees in HN don't want to reveal themselves for obvious reasons, But what I would really like to understand is what reasoning a company has to remove all support systems?

Closest I can come up with is "We can control all user actions on our platform to X% accuracy that we don't need any support system for the eyes and just maintain it for the wallets".

[1] https://abishekmuthian.com/meta-is-holding-my-facebook-page-...

link
vertis 1597 days ago
In the OPs case it would be less about getting an actual copy of the data, and more about the asking from the legal team (or some other human). The data I was thinking about was logs to help catch the hacker and a record of all the actions taken on the page (event history), as opposed to the 57k users. Like in the above linked article from patio11 (Dangerous Professional), it's a papertrail.

I agree that it's irritating that a lot of the big companies make it almost impossible to speak to a human, but I understand why. I've been on the other side of support enough times to know that they have to wade through an enormous volume of stupid questions for every one legitimate problem. It just doesn't scale.

There does need to be an escalation path somewhere for items like this, but how do you differentiate between this and the million people that claim their page was hacked when in reality they just forgot the password or accidentally deleted it.

That doesn't make it appropriate, but it does make it easier to understand. Everything is systems at a certain level. Capitalism is one part of that, but also just the sheer scale of it. Facebook has 2.6 billion monthly active users[1].

Lets say that every year 5% will think they need help, it's an arbitary figure, because I just don't know. They may or may not need help but they come across a problem they can't solve and want to reach out for support. Note: It's not necessarily the same 2.6 billion users each month, but let's ignore that.

    mau = 2.6 billion
    needing_help_yearly = mau * 0.05                   // 130,000,000
    needing_help_each_day = needing_help_yearly / 365  // 356,164
The average time to resolve a ticket is hard to know but I found one example that suggests 8.6 minutes[2]. I have no idea how accurate that is, or whether it's applicable to social networks.

    average_time_in_mins = 8.6 minutes
    support_mins_per_day = average_time_in_mins * needing_help_each_day     // 3,063,013 min 42 s
    support_hours_per_day = support_mins_per_day in hours                   // 51,050 h 13 min 42 s
    humans_needed_for_support = support_hours_per_day / 8                   // 6,381
This is a gross simplification, and you could play with a lot of variables to change these numbers, but it gives an idea of the scale.

Compound this with an attitude that they don't NEED a human in the mix, and the complexities and costs of managing a a support team and it starts to make sense why they don't offer support (even if they should).

[1]: https://www.statista.com/statistics/268136/top-15-countries-... [2]: https://www.thinkhdi.com/library/supportworld/2019/metric-of...

link
Abishek_Muthian 1597 days ago
Large number of users is not an excuse as several businesses use Messenger bots to handle common customer queries and handover to humans for escalation.

Heck, I myself have developed Messenger bots with over 100M conversations through them.

So actual `humans_needed_for_support` would be much lesser if Facebook used their own product.

link
vertis 1597 days ago
I agree that there are many tools including bots that can cut that number down. Every time you're prompted with a bunch of articles before you submit a ticket to any help desk, it's part of that (given your bot reference I'm fairly sure you know this).

The numbers are a fantasy scenario anyway, even 10% of that (600 support staff) is not small, and it's not a cost Facebook wants to bear.

They should do support, but then, they should do a lot of things that they don't do.

link
tacostakohashi 1597 days ago
I can't see the legal teem being too concerned about litigation:

https://www.facebook.com/terms.php

Accordingly, our liability shall be limited to the fullest extent permitted by applicable law, and under no circumstances will we be liable to you for any lost profits, revenues, information or data, or consequential, special, indirect, exemplary, punitive or incidental damages arising out of or related to these Terms or the Facebook Products, even if we have been advised of the possibility of such damages. Our aggregate liability arising out of or relating to these Terms or the Facebook Products will not exceed the greater of USD 100 or the amount you have paid us in the past twelve months.

link
anaganisk 1597 days ago
Ah, but when apple ask the follow the rules wrt privacy policy, they’re like ThiNk abOut The smAlL BusIneSS.
link
jsmith99 1598 days ago
Surely involving the legal team would mean the regular support team could no longer be involved?
link
vertis 1598 days ago
The OP indicated he hadn't been able to get any sort of response from Facebook at all. I wouldn't consider this as first line of enquiry, it's more for if you can't get any help through regular channels.

I think it's worth pointing out that I'm not suggesting legal threats, which probably wouldn't work anyway with Facebooks size and terms of use. Just talking to their legal team won't necessarily invoke the "no-one else can now talk to them".

That's why asking questions like how law enforcement could engage to catch the hacker might be useful. It's not combative, it speaks more to anger at the hacker than at Facebook, but at the same time a human becomes aware of the problem.

The corporate lawyers that I've worked with spend a lot of time thinking about how things can go badly for a company. That means they're keen to mitigate risks, and they have latitude to actually do things. They have KPIs/OKRs that align with the current problem.

At the end of the day they potentially get to feel good about sorting this problem out as well.

link
a13n 1598 days ago
What regular support team?
link
whatshisface 1598 days ago
Only if the regular support team was involved to begin with.
link
megablast 1598 days ago
> regular support team

Sorry, what do you mean?? The non existing team??

link