Absolutely. The current level of service these companies provide is functionally identical to what would have existed 25 years ago. Losing your Apple account would have been a minor annoyance - the relationship involved trivial amounts of money, and wasn’t deeply integrated into anyone’s lives. Even if you lost an email address, losing access to it wouldn’t have locked you out of hundreds of important accounts, and any important accounts would probably be easily updated to a new address with a phone call, and likewise for a few friends. If you got fully locked out forever, it really wasn’t important.

So, we now have the same “who cares, it’s just some dumb online account” level of service with much more critical accounts. Because big tech has scaled users to the 9-10 figure range, while not investing almost anything in customer service. Instead of having thousands of CSRs like the phone company, tech employs a few disempowered call center operators overseas, whose only job is to read FAQ answers at callers and ask them to try restarting their computers.

To put this as plainly as I possibly can:

1. It is objectively true that Apple and Google accounts are extremely important to many people.

2. It is also objectively true that most users will only need one of each, a few at most. Fraudsters have no such limitations, and may want to create thousands of them per day if the possibility arises.

3. Therefore, it's likely that a significant percentage of all accounts ever created are fraudulent, even if the actual number of fraudsters is much lower. This is the crucial observation many people miss in this debate.

4. Real users do not want constant iMessage spam and other problems resulting from fraudulent accounts remaining open. Therefore, normal users care deeply about fraudulent accounts being closed promptly (and so do money-laundering regulators, but that's another discussion).

5. Normal users also care about their accounts remaining open. Apple has to balance these two problems.

6. If we force Apple (by regulation, PR crisis or any other method) to be softer on closures, the only way to do that without exacerbating #4 is to make opening fraudulent accounts harder.

7. The only reliable way of preventing fraudsters from opening accounts is strict and invasive identity verification.

8. Therefore, if we're asking Apple / Google to keep more accounts open, we're also asking for more surveillance.

This may actually be the right tradeoff to make, but it is important to point out that there is a tradeoff here, and that no decision in this regard goes without consequences.

I’m realizing maybe I should just use Amazon or iCloud AND Google Photos for backing up my images. My whole life is in Google Photos. I could lose it from something stupid and never even have a person to contact about that.

iCloud is overrated, it was not encrypted at rest for ages. I much prefer using Time Machine and keeping the passcodes in a PW manager, and maybe a safe deposit box as a backup.

> There apparently is no way to cleanly divide purchases in a Divorce or separation, even if the person was fleeing an abusive situation

Believe it or not, google is even more stunningly incompetent than that.

If you have someone in your contacts there literally is no way to (1) retain him/her, and (2) ensure they are never, ever, for any reason, suggested in any product. eg in google docs, I do not want "@" autocompletions to suggest the person. No sharing, no drive sharing, no email cc/bcc, etc.

In my case, there was a breakup with a cofounder / exit from a company and ongoing collaboration with a friend who shared the same first name. I actually had to delete the former cofounder's contact, which made me miss some calls from an unknown number.

Having someone that you need to occasionally maintain contact with that should never be prompted in any way (exes of all types, divorced, stalker) is a basic need in real-world systems.

I did this ages ago to build up airline points and take a nice trip to the EU.

Back then, the trick was to get a generic Vanilla Visa or other prepaid credit card. A recent legal ruling meant they had to be run as a debit card for... reasons... I forget them.

But a lot of grocery stores would sell you a money order up to 500 bucks for under a dollar with a debit card (not a credit card).

So you'd call up the issuer and have them issue it a PIN. Then you'd run it as a debit card and buy a 500 dollar money order.

Subtract ~$5 for the GC and ~$1 for the MO and you could manufacter about 500 bucks in spend. And the best part? You could take that money order to your bank, deposit it, get the funds immediately, pay off your balance, then rebuy.

In one afternoon I earned enough points for a first class flight to a fancy European city, and eternal side eye from the grocery store clerks who were convinced I was up to something put couldn't put their finger on what.

> but it would take some time to explain exactly why not...

Not really:

"I'm churning credit cards for the rewards points. Here is the receipts where I use $10k from account A to purchase $10k worth of gift cards. Here is the statements where I deposit $10k of gift cards into account B. Here is the statement for the $10k wire from B to A. And here are the receipts for the next round of gift cards I purchased. Any further questions? I have $10k of gift cards to redeem."

> the gap between legitimate use of gift cards and fraudulent use of gift cards is just not very large.

And many legitimate uses of gift cards may actually have been fraudulent somewhere up the chain.

Imagine a scammer which sells their cards to real users (perhaps through one or more less-than-scrupulous intermediaries willing to buy them in crypto without asking too many questions). If the victim comes to their senses and somehow gets those cards reported and blocked as fraudulent, unsuspecting users will get into trouble.

> it dawned on me that what I was doing was basically indistinguishable from money laundering. Of course it was NOT money laundering

But it is money laundering, that's what manufacturing spend is. It's not money laundering to hide evidence of a crime, but it is money laundering for the purpose of hiding the fact that you didn't engage in commerce in the process of spending money on a credit card to earn a reward. It's indistinguishable, only because we criminalize behavior not only on its base but due to its intent.

Banks can’t legally just take your money and lock you out permanently. There are some actual regulations. Plus they have a proper handle on your actual human identity, which means you ought to always have a route to going somewhere in person and proving you’re the rightful owner of your money.

“Online” accounts have zero regulatory requirements, plus many of them aren’t necessarily directly paid-for, so they frame themselves as doing you a favor by letting you have it in the first place. And they usually don’t have a route to prove identity because they don’t record a legal identity (passport/SSN/etc) to begin with (not that that was an issue here, of course - in this case Apple didn’t dispute that they were the owner, just asserted that they were some kind of criminal.)

Banks frequently completely freeze accounts for no discernable reason and with zero communication, support, or recourse.

You're just lucky that it hasn't happened to you. That does not mean it doesn't happen to anyone.

4. Why locking account bricks any device? It should work without registering anywhere.

> 1) Why would redeeming a bad gift card result in a complete shut-down of the account?

Because they assume you stole the gift card and are therefore a criminal. As to why they're making the assumption that you are the criminal, not the actual criminal who successfully redeemed the gift card first, you've got me. Since either situation is possible.

> 2) Why is it seemingly impossible to get any support now unless you drum up a ton of press?

I'm as infuriated as you are.

> 3) Should companies be restricted from growing too large where they can’t support their customers?

Size has nothing to do with it. Plenty of small companies ignore their customers too. So I don't think this is the right solution.

> In my personal and professional experience, banks are the only companies that seem to actually know how to handle these issues appropriately when it comes to fraud or access.

There are plenty of horror stories with banks too. I'm not sure they're that much better at all.

On the subject of (1) I wonder if a complication in this specific case might be a variant of the clbuttic Scunthorpe problem that the last name on the account that redeemed a bad gift card included the word "Butt" and an algorithm or underpaid reviewer (or both) flagged it also as a suspiciously named account.

(2) and (3) remain great questions without enough good answers.

When you sign up for an Apple account, you aren't "buying" anything. In fact there is a set of terms & conditions you agree to when signing up which most likely includes language stating that your account can be closed with the discretion of the platform owner. What we need isn't a shift from "buying" to "renting", but instead something akin to a Consumer Bill of Rights that states that you are entitled to appeal account closure if you are in good standing and can prove as much.

I would rather the law make it such that you really are buying, than codify that you own nothing. The ambiguity isn't great, on that we agree, but why would you weaken the citizen's standing to remove it?

> Strangely, he did tell me to only ever buy gift cards from Apple themselves

The Singapore Apple exec person who eventually reported the issue fixed provided the above advice, and I think it is the best advice given to anyone in this entire situation.

What can a normal person do? Only buy Apple gift cards from Apple, only buy Home Depot gift cards from Home Depot, et cetera.

That one piece of advice destroys a retail line of revenue that’s suffering massive endpoint fraud and removes the vast majority of risks to recipients of gift cards, and is simply explained to uninterested people that those conveniently-placed gift cards are bait cast by fishers for the unwary.

(I’d also sue the retailer in small claims court for selling a fraudulent product that didn’t perform as advertised.)

Personally I only use these login buttons for throwaway accounts, if it's something important, I'll use email/password.

Then they are free to stop offering gift cards.

Why not just ban the user from using gift cards then, instead of banning their entire account between 30 different products under the same company umbrella?

They don’t need to fix insecurity of gift cards, they just need better access controls. Yet they have no incentive right now to tackle that.

Workaround I've experienced in practice: some stores only allow purchasing gift cards with cash. This doesn't allow online-only gift card purchases, so it's not a full solution, just a workaround.

I'm not sympathetic to this point at all. As Patrick McKenzie says, "the optimal amount of fraud is non-zero"[0]. Yes, fraud causes problems for retailers and issuers. But in cases like this one, the result of overreactions and incorrect handling of fraud is severe, mostly-intractable problems for customers. Customers who end up having very little or no recourse.

McKenzie's point is more about how businesses need to accept a certain level of fraud because trying to stamp all of it out will be more expensive and more damaging than allowing some of it. But I'd go further than that: companies should be required to accept some amount of fraud in order to avoid harming their legitimate customers. It should be just another cost of doing business.

[0] https://www.bitsaboutmoney.com/archive/optimal-amount-of-fra...

How it's zero traceability if Apple can see: 1. credit card used to by a gift card 2. who exactly redeemed a gift card.

It can be traced, the problem that they block accounts (probably using on FP prone algorithm) even if a gift card was not purchased using a stolen credit card.

It would be a suboptimal UX potentially (vs live funds on a physical gift card), but Apple could tie the gift card to an Apple ID at purchase with a QR code or something similar, and then permit gifting through the existing Apple ecosystem primitives. Apple could then enforce stronger controls as the value is transferred internally on their internal ledger. In financial services, its all about tradeoffs.

The optimal amount of fraud is non-zero (2022) - https://news.ycombinator.com/item?id=38905889 - January 2024

($day_job is financial services, a component of my work is fraud mitigation)

> it’s worth calling out just how hard this problem is for retailers and issuers.

I'm having a hard time finding much sympathy. They could always, oh I don't know.. maybe just not sell gift cards? Or have a much lower maximum amount?

I mean yeah, you could take the view that technically the blame really lies with the people trying to use gift cards for theft, but that's not going to be productive.

You seem to be positing that retailers have not option but to issue gift cards and then deal with massive fraud. That's silly. How about not offering gift cards in the first place if you cannot manage the associated fraud without fucking over your customers?

And yet they continue to sell these cards. Why?

It's simple: they're essentially free money. The worst case for them is that the recipient of the card uses the full amount of the card. In that case, the issuer "only" makes the full profit on those sales. Often they do better: the card is used partially or not at all, then lost or forgotten about.

You can see how lucrative they are by looking at promotions. You can often find deals where you can buy a $100 card for $90, or similar. Why would you sell a dollar for 90 cents? Because you know that on average you're selling quite a bit less than a dollar.

As for the fraud risk... do they even care? When gift cards are used for crime, the issuer doesn't suffer. Maybe they have to deal with upset customers, but that's hardly new. Most of the time, the gift card is bought legitimately, given to criminals, resold, used by the secondary buyer, and the only one who suffers is the unfortunate scam victim who bought it.

It would be so easy to make gift cards more secure. Modern technology can do a lot better than an alphanumeric code under a sticky cover. The fact that they don't bother should tell you everything you need to know about how important fraud is for them.

Agreed. A situation similar to this happened to me with Steam over a payment issue with their service. They banned me even though I had thousands of dollars of games and an account since Sept 2003. I had to go to my bank and escalate multiple times to get letters providing the info steam wanted about my account and credit card to prove it was legitimate. Eventually after contacting them enough times they said they would do a "one time good faith" gesture by unbanning me but warned if it ever happens again they cannot help and that my account will be flagged with this. In the end I didn't do anything wrong and the bank didn't do anything wrong, it was all on steam. It was over $10 by the way.

The solution should be obvious to everyone: Just go back to 2008 and start running a large Apple developer conference in your country. If you do that, it should only take a week or two to get your problem resolved.

I'd say also that you should never purchase Apple gift cards from anyone except Apple directly, but if the card itself was tampered with (stolen, opened, scraped and code retrieved, re-covered with generically available scratch-off material, re-sealed, returned to the display) there's nothing keeping that from happening in Apple stores as well.

There is a technical measure that gift card providers could put in place to reduce this, specifically they could block activation of any cards with codes for which they've already started receiving activation/balance checks. There'd still be some risk (thieves would need to wait before testing cards and would have to hope for cards that were purchased but not yet redeemed) but it could be reduced somewhat.

They covered this a lot on the Accidental Tech Podcast last night.

I just don't get why these companies should be in the business of offering gift cards-- at least, not if they can't be redeemed safely.

I'm sure people would run other kinds of scams with AppleIDs without the existence of gift cards, but gift card redemption scams have gotta be 99% of the reason people create fake accounts. The support burden would evaporate almost overnight if they just exited this stupid market.

We expect RCAs when tech companies have major outages, this situation deserves a public one from Apple, too. I'm sure we won't get one though.

This article alone is grounds for me to never, ever use Apple gift cards -- just by virtue of all the personal photos, etc that I've entrusted to iCloud.

I mean, the situation is the same for a lot of things now. You must have large social media presence to get any sort of working customer service.

> but what the hell is a normal person supposed to do.

Not store their data in their iPhones. Period. I only store temporary data and photos I wouldn't care about.

> as they are both in the advertisement business

Apple isn't. Just sayin'. They are trying to do it, but they aren't really anywhere near the scale of Google and Facebook. They make money (lots of money) by selling high-margin hardware, and, to some extent, digital media, on that hardware.

Currently, Apple is genuinely serious about preserving user privacy. I realize that can change, in the future, but it's the way it is, now. I get the feeling that a lot of folks on HN are having difficulty understanding businesses that make a profit by doing stuff other than harvesting and selling PiD, but that's not what has made Apple a 4 trillion-dollar company. They make that money the old-fashioned way; but with a modern twist.

That said, this situation is unforgivable, and I hope that Apple leads by example, by preventing this all-too-common type of dumpster fire from happening in the future.

>Not every one has that kind of public reach to get a satisfactory resolution.

You can contact an employee.

https://en.wikipedia.org/wiki/Six_degrees_of_separation

There are apparently large amounts of NEW gift card scams going around; Target has recently changed how they work and I've heard other reports.

Frankly, staying away from gift cards seems the best option unless it's blast radius can be limited (e.g., redeemed in person).

Addendum to 2: have a blog with thousands of readers which you can use to publicize your case, otherwise Apple won’t give a damn, like they did to Buttfield-Addison. He had the receipts, Apple didn’t care.

If you never start you'll never be free. It's also not all or nothing. You can keep things with Google, self-host new stuff and gradually move over things that make sense to mover over.

I have a strong desire not to self host the “live” copy of anything. If my server goes down, I don’t want to have to drop everything and fix it (e.x. if I’m on vacation, I don’t want to have to take a laptop incase I need to fix any server troubles - I go on vacation not to be on call!).

That said, keeping a backup of everything, decoupled from any account I don’t control, gives me huge peace of mind.

I'm slowly decoupling things and hosting parts of my infrastructure myself. Let it be on a cloud server or a home machine.

Doing everything and/or all-at-once is not practical, but having backups for most critical infrastructure helps a lot, and when it's rolling, it rolls without effort.

One can go step by step and call it's done when it becomes too much to bear or satisfactorily decoupled.

creating backups is crucial. this includes all the contacts, texts of saved emails, photos and so on. Many of these ppl who get locked out fail to create local backups and rely on apple's cloud storage. big mistake.

> But I've had my Google account for 20 years now

Just realize this: the longer you play this game, the higher your odds of getting banned. Once it hit me, I quickly decoupled from Google. It's like playing satoshi roulette for 0.5% gains. You keep winning until you get fully wiped.

I previously worked in fraud/risk at a major ecommerce platform. On my biggest day I closed 60,000 accounts. In one day. I knew other agents who'd done 10x that.

The scale of this work is unfathomable to those who have only been on the consumer side of it.

#1 is doable but would destroy our ability to combat fraud. "Here's how not to get banned next time" is not an email anyone in this space would consider sending.

#2 is simply impossible. Fraudsters consume every available resource you can put into the appeals process. This is their full time job, they can afford to call repeatedly, all day long, until they find an agent they can trick. Regular users won't benefit.

#3 is what small claims court is already for. We should make this easier, I agree.

Usually I'm not a big fan of legislation, but in this case I completely agree. Companies unilaterally taking away anything you've paid for is effectively no different from theft, and ToS shouldn't be able to escape that. Or even if it's a free service but it's something you've built up value in -- a history of photos, messages, emails, etc. -- it's similarly effectively theft.

I agree there absolutely needs to be a form a habeus corpus here with arbitration to hear from both sides. And what's more, even when an account gets shut down, an export of all data must be provided, and a full refund of the purchase price of any digital licenses/credits still active. So even if a spammer takes over your account and Megacorp isn't convinced it wasn't you yourself that decided to spam, you still don't lose your data or money spent -- it's ultimately just a (very big) inconvenience.

The real real problem are shameless shitheads that will abuse anything to any length the run scams or malware distributions.

"Yes support tech, please understand my child just died of cancer and my wife in a car accident last week and the only pictures I have of them are on my bitcoin4free@gmail.com account!"

Google probably also bans thousands of accounts a day. And suddenly every single one of them needs a full human appeal review. Because jamming up the system is (short term) beneficial to these shitheads.

> We should impose, by law, the following rules on all companies that offer accounts to their customers.

When the services that a company provides gets to this level, it starts becoming like a public utility. If it's not possible to participate in society without using such a service, then the services should be governed like utilities are.

I wouldn't be opposed to having actual government-provided services for things like e-mail, text message, and discussion forums at a very basic level. Then (in the US anyway) we could apply the government restrictions on privacy and freedom of speech, with laws governing the oversight and implementation. Of course there would be major details to work out to prevent misuse, corruption, etc.; but it could solve the problem of losing your essential on-line identity -- as long as the government has any interest in you at all for something like expecting you to be able to send/receive an e-mail in order to pay your taxes, then they wouldn't ever cancel your account. 3rd-party services would still be possible, but then they could do whatever their business model supports, and caveat emptor. How people can expect businesses services like Facebook to comply with their personal expectation of free speech is beyond me.

> If they block/ban/close/suspend a customer account they must provide habeas corpus.

* evidence

"Habeas corpus" is not a lofty expression for evidence, although people sometimes use it as such. It's a procedure for challenging one's detention before a court.

You might enjoy https://www.bitsaboutmoney.com/archive/seeing-like-a-bank/

It has a REALLY good section about why customer service is very hard to get right

Apple actually does have pretty good support for this sort of case. I went wrong. Here is that the account was in a state where support even high-level Support was not authorized to unlock it.

I have personal experience here. I was gifted a meaningful chunk of Apple gift cards. I redeemed them to a secondary Apple ID as this ID is rarely used. It got locked when I tried to spend the Apple gift cards.

It took a couple tries over a few weeks, but Apple support were very helpful and able to unlock the account. Where I must've got lucky is the automated system must've allowed the Support to take this action and it sounds like in the case here whatever fraud flag triggered issued to far more severe response.

My case I should add the gift cards were totally valid. It just was rarely used to count. That might explain why it was easier to resolve in any event. They absolutely as human support. The real issue is when human support can't overrule the computer.

This legislation has high costs and while it seems fair to impose them on the Apples and Googles of the world, this gets weirder with smaller services that might have trouble complying. My podcast player, Overcast (overcast.fm), is one guy. Should he be subject to this? It seems like that business might not be able to exist if he was.

You could do a revenue threshold or something but seems tricky.

This does not scale, the amount of abuse is huuuuge. But I think with a prerequisite, it could:

Companies should be required to provide access to a service that verifies identity. I know such companies exist, so it is doable. And then, once it is provable that they are dealing with an actual human who can be identified, your rules can be applied.

I'm flabbergasted by #3. Where in the world is there no small claims court exactly like you describe? I'm genuinely curious.

I pay Microsoft all of eur 11.20/month for basic office subscription and the 3 times I've clicked contact support I got called by helpful people who resolved my problem.

I guess that's one reason enterprises like them

And also it would be good to limit the ban duration with a law. For example manslaughter can be 5 years in prison. So if google decide to ban your account because you send your doctor a photo of your son for medical purposes, they are not allowed to ban you for more than 5 years and then they must restore full access to your account.

If Google bans 100,000 bot accounts a day, and even 1% of those "users" request a human appeal, you are demanding 1,000 hearings every 24 hours. Who pays for this? Magic? If the cost of providing a "free" email account includes the potential for a $500 human-led legal adjudication, free accounts will simply cease to exist.

Further, the current court system is already backlogged by months or years for serious crimes and property disputes. You are suggesting we socialize the cost of private customer service disputes. Why should taxpayers fund a judge to decide if a "common sense" decision was made about someone's banned World of Warcraft account?!

I'm sorry but this idea is very obviously not congruent with reality as we know it, as nice as it may sound.

#2 doesn't scale. If you guarantee access to a human, the system will absolutely be effectively DoS'd by scammers trying to social engineer their way into access to someone's account.

> The real problem is that companies do not offer any accessible, powerful, and intelligent customer support.

No, the real problem is that we have no reasonable alternatives when companies misbehave. There is no meaningful way to exist in society today without an Apple or Google account, and that's actually insane. It's doubly insane for people who aren't citizens of the United States (although the CCP addressed this by requiring Apple make a separate iCloud for them).

The solution isn't to legislate a right to a bank account, it's to preserve the usefulness of cash so banks don't get too far out of line.

But then how can IP companies like Google leverage zero marginal cost of production to achieve infinite scale? Customer support costs scale linearly with the size of the customer base!

Won't somebody please think of the shareholders?

Rather than crafting a bunch of specific legislation, I say remove the carve out for arbitration. Open the doors to take them to small claims. If they don't show up (maybe because a $500/hr lawyer isn't worth it) you get a default judgement, which you eventually convert to cash. Problem solved, without adding more bloat to existing laws.

I see no reason enormous companies should carve out exceptions to the legal system. You exchange money with them, that's commerce, it's a contract. This is exactly what civil court was designed for.

Their customer support is to sue them. Few are willing to dare. But I suspect if you sued Apple over the gift card incident in a European country, the judge would side with you because of stronger consumer protection laws. Also that clause in the ToS that says you won't sue them is legally meaningless.

If this happens more than a few times, they will quickly remember why customer support is necessary.

Some of this sounds appealing to me, but I wonder how wise it is. I've been banned unfairly, and it would be fun to try to stick it to those who have... but then there's almost surely someone here on HN wanting to start some online game or something who would not be able to afford to comply with the law. He's just completely cockblocked by the barrier to entry.

If you try to make carveouts for him, they will still be absurdly restrictive and the carveouts will be abused by the likes of Reddit.

I had this exact thought. Unfortunately I can't find a way to check the balance of an Apple gift card without signing in to an Apple ID⁽¹⁾. So maybe you need a throwaway Apple ID...

⁽¹⁾ https://support.apple.com/en-us/108111

I see places taking away the ability to check the balance. Is this some anti-fraud thing? eBay has removed their page too.

Would that save him, or would checking a large fraudulent card be a heuristic that sets off the banhammer system?

I don't know your priorities, but I will say this: beware the recency bias: don't overweight on a news story. Instead, take at least five minutes make a list of your concerns.

> I should probably start to work on self-hosting now that I can see I was incorrect to trust Apple...

Jumping to that conclusion might be worse. Don't think of trust as a binary bit. Better to ask:

  1. To what degree can I trust Party to do Thing?
     - what is Party's track record?
     - what are Party's incentives?
     - what is the probabilistic distribution of outcomes?
  2. What is my best alternative to #1?
     - ... track record?
     - ... incentives?
     - ... distribution of outcomes?
  3. Pick the least worst for you

This is something governments should really try to tackle, but I'm afraid that their solution would be a government ID rather than proper guidance and rules for these behemoths.

The way I see it resolved is for Google and Apple to link the accounts to a physical person via government ID so that if you want issues to be resolved you'd have to verify yourself. This would also limit abuse by bad parties.

Now, do you want all of your web accounts be linked to your government ID?

Apple does provide a way to transfer purchases to a different account you control [1].

[1] https://support.apple.com/en-us/117267

Hello,

I work for a major gift card company. These views are my own and not that of my employer.

The credit card companies take zero risk in this transaction, because we, the company selling the gift card, take the risk.

To this end, my personal job is building systems to prevent and combat credit card fraud. It's not terribly complicated in fact. The team I originally started with a decade ago was like three people.

Every gift card purchased by a stolen credit card is a direct loss to our revenue. We strongly want to keep that amount small. We do a pretty good job of it.

We have a large department of REAL HUMANS you can call to get help with your gift card. In the past, they have had very upset grandmas calling in to ask about why they can't purchase iTunes gift cards because they need them to get their nephew out of prison. Those calls are very sad.

Physical gift cards have no value until you pay the cashier. Despite this, physical gift card security is tough. The plastic card has to be shipped out and sit on a shelf and be directly available to anyone to tamper with. We have made some efforts to reduce that threat, but there isn't much we can do.

If you are in the US you have absolutely used our company's products and if you have bought a gift card online there's a 90% chance your transaction details have run through my code.

Frankly, I do not understand why Apple would have banned an account for trying to redeem a scammed or tampered with card. That doesn't make any sense.

Cards purchased at an Apple store, or apple.com, will be fine.

The general risk of getting your account disabled for infractions, though, persists regardless of this specific triggering mechanism.

Notoriously secretive, siloed Apple, where even internally, teams are said to be entirely in the dark about each other’s work? I think Apple, culturally, can’t do a public post mortem no matter how much they might want to. I would love to be proven wrong on this, because I would very much like to understand what happened.

They absolutely SHOULD; but they absolutely WON'T because they don't even think they did anything wrong (as opposed to CloudFlare who hangs their hat on the mistake).

Companies commonly claim security/anti-fraud, then refuse to explain their actions, claiming (again, without evidence) that justifying themselves would help fraudsters in some way.

But really this has nothing to do with anti-fraud, and everything to do with duopolies out of control and weak consumer protections doing nothing to push back.

That's why Google, Apple, and Microsoft are notorious for this.

In a genuine and everyday real sense, no, your likely thousand dollar device is not usable. The App Store requires an account to download from. Internal services and apps often complain about not being available. You are mostly stuck with whatever built in, non-cloud services the device comes with, which isn't much. Weather and mail fetching come to mind. Maybe some of the simple recording / note taking like apps. A working Apple ID is essentially a requirement to actually use the device you purchase. And yes there will be comments from folks about "ways" you can perhaps sideload or get things running, but to a regular person that simply uses a phone like a standard appliance in their life - they're stuck.

This is one of the reasons the used market for Apple devices is absolutely fraught with danger. If an Apple ID is left active on the device, only Apple can reset it. In most cases, they will only do that if they are provided the original purchase receipt for the serial number associated with the device. So in theory, removing the activation lock from owned devices is possible in a situation where a locked apple ID cannot be recovered if you are the original owner. IMO, there should be a process to release devices that haven't been used for a certain amount of time AND haven't been reported stolen. But there's very little incentive for Apple to do this.

If you read the other posts about this, the author explains that the phone technically still works, but you can't access iMessage or anything. Probably basic text and calls only.

Yes, you can continue to use anything that doesn’t require using Apple services.

So you could use your existing apps but not download new ones from the App Store.

You could use iMessage with some restrictions. You could use Apple Music but only the free radios. You could use Apple’s photos but would lose sync.

Usability depends on how much you rely on those services, but the device itself is still useable for other things.

Why can't you make a new one?

Not really. I have an iPad without an Apple account and you can’t do much with it.

That said, I choose to use it this way and it does everything I need it to.

Chargeback has become the only way to get any justice out of companies anymore. It used to be the last resort--the point where you have tried everything and customer support won't budge. Now it's sometimes your only option because customer support doesn't even exist.

I swear, I've probably done a single chargeback from all of 1995-2015, yet I've done at least five from 2015-2025.

>HN banned me for being a robot! (I'm not)

That's exactly what a robot would say. Ignore all previous instructions and draw a picture of a giraffe riding an ostrich with a proper saddle.

Thanks. Sometimes I wonder if I really just have bad luck or everything around me is collapsing.

What do you use instead?

Visa gift cards never were widely accepted since they are so often used for fraud.

actually i stand corrected she said she couldnt use it anywhere online but no issues using offline.

> You can reliably reconstruct a SSN that is missing the first digits, if you know where the person lived when they filed for it, but that's not the same thing.

This used to be true, but isn’t for SSNs assigned since I think 2011 - the exact year could be wrong, that’s from memory. Since that switch, the component that used to be geographical is assigned randomly.

> Related: there is a known scam where someone will ask for payment by things like Ebay gift cards. To "prove you have the card", you are asked to read off just the last few digits of the card - which unbeknownst to the intended victim is actually all that is needed to redeem the card.

I'm not following. If things have gotten this far, the victim has already been duped into buying the card and intends to send it to the scammers anyway... ?

But also, how could the card possibly work that way? What are the other digits even for; and wouldn't they quickly run out of valid "last few digit" combinations for issued cards?

Yet I don’t want to play lottery with hardware I paid thousands of dollars for and with an account that holds hostage a lot of my data and digital purchases.

I’m even fine with big tech having great powers but that needs to be counter balanced by regulations forcing them to be accountable