> E.g. if a spammer can pretend they're 10 million different people, and each of those "people" requests an explanation, the whole system grinds to a halt.
Again, it's not a "request".
If spam detection and account suspension can be automated, then suspension notifications can also be automated.
I'm not sure I understand where the 10 million number is coming from. Are you suggesting that 1 spammer can create 10 million accounts on your system (which appears to be Facebook)?
Regardless, no spammer has the time to get on the phone and personally dispute 10 million account suspensions — disputes which are unlikely to succeed if there is good evidence — so I'm not sure how the system grinds to a halt.
This was specified in my original comment: "At the very least, companies must be legally required to present you in writing with the so-called violation of terms they're accusing you of, evidence of the violation, and a phone # or other immediate contact so that you can dispute the accusations." https://news.ycombinator.com/item?id=26063313
Except for the part where someone has to answer phone calls, it could be automated if the account suspension itself is automated.
I'll also point out my later comment: "I'm not saying that companies shouldn't be able to suspend accounts temporarily. I'm simply saying that there needs to be a way to get your account unsuspended if you're innocent. The way it "works" now is that innocent consumers are without any recourse whatsoever." https://news.ycombinator.com/item?id=26063399
And to forestall any replies that providing information to suspended accounts would help the spammers, I've already responded to that point: https://news.ycombinator.com/item?id=26063660
Temporary account suspensions that you can quickly reverse on appeal are annoying but could be justified to fight abuse, as long as they don't happen too often. On the other hand, indefinite account suspensions that are impossible to reverse, such as the case of Andrew Spinks of Terraria, are simply indefensible, there's no justification whatsoever for that.
> I'm not saying that companies shouldn't be able to suspend accounts temporarily. I'm simply saying that there needs to be a way to get your account unsuspended if you're innocent. The way it "works" now is that innocent consumers are without any recourse whatsoever.
This is absolutely spot on, with the caveat that you do need to disaggregate from accounts to people, which is the hard problem. Having people call a phone number is definitely not going to work as a way of achieving this disaggregation. I'm pretty sure I could create a system to bring that call center to a halt with fairly minimal cost in less than a week of coding.
As an attacker, you can also hire people in call centers to make phone calls at scale for you.
> As an attacker, you can also hire people in call centers to make phone calls at scale for you.
I think we may be talking about different things? I was just talking about a scaling problem of providing legal notifications of account suspensions and providing a means on getting them unsuspended. I wasn't talking about DoS attacks.
Lots of companies have call centers, so I'm not sure what you're envisioning here, or what financial gain there would be for spammers to DoS the call center. After all, their accounts are already getting suspended by the algorithms, regardless of whether innocent consumers have any appeal to this, and DoSing the call center won't help spammers get their accounts unsuspended.
Again, it's not a "request".
If spam detection and account suspension can be automated, then suspension notifications can also be automated.
I'm not sure I understand where the 10 million number is coming from. Are you suggesting that 1 spammer can create 10 million accounts on your system (which appears to be Facebook)?
Regardless, no spammer has the time to get on the phone and personally dispute 10 million account suspensions — disputes which are unlikely to succeed if there is good evidence — so I'm not sure how the system grinds to a halt.