269 points by modinfo 5 days ago
Even with recent events, I'm still leaning towards technical glitch(es).
We've recently used this exact process (to remove an authenticator), and it was glitchy/problematic even before today, with a ton of people trying to use it at once (and I assume Blizzard staff manually verifying IDs?) I suspect Blizzard's verification system has imploded.
Kind of a similar thing happened when "WoW Classic" launched. The first 24-48 hours the whole ID recovery workflow was doing similar things/broken.
It is still on them to fix it, and people are still entitled to complain, this post is more a remark on intent (purposely down Vs. just having a bad recovery system). Although "It has sucked for a while" isn't a great defense anyway.
Normally I'd agree with you, but when we find out that companies like Moviepass were locking active customer's accounts to save money, I'm not ready to give Blizzard the benefit of the doubt.
Moviepass was spiraling the drain though, so a desperate move like that didn't seem so strange. Blizzards having a bad week, but they're still a healthy company, and a bizzare attempt to block people from leaving would just amplify their PR problems.
So I'd guess technical issues as well.
I'd give old blizzard the benefit of the doubt, but there's obviously been a ton of churn, management and culture changes over the years and its taken its toll.
The old blizzard is dead and gone.
It's the new and improved activision blizzard.
Some people seem to have been able to delete their accounts without sending in an ID. Some haven't. I have two accounts and I can't delete either of them. One even has zero purchases associated with it, so it isn't related to that.
The main thing that comes to mind is that there might be some kind of global deletion throttle to help catch abuse and it's been heavily tripped due to the recent activity. It kinda lines up with the error message.
I agree, I'd strongly lean toward a technical reason rather than conspiracy here - especially since, if a dude is deleting their account, you lost them already... if they can't delete it in a reasonable time frame they'll just walk away.
And it's not like they'd be the size they are and not have metrics on people trying to delete.
I agree, it's probably not intentional, would that even be legal?. Is there even a place to see how many active accounts they have/are losing because of this?
The fact that they fail at basic account management/authentication doesn't say good things for them. I wouldn't be surprised if they drag their feet a little getting it fixed, but I doubt it's going to matter.
Are there maybe some published historical stats of players online in different games or something like that? I was wondering how this terrible PR is impacting them. Given how attention economy works it's not immediately obvious to me how this will impact their sales short and long term.
Yes, I can imagine a scenario where bad actors gradually built up a database of login/password info, and suddenly launched an attack to delete all of them. It would make sense to have some mechanism in place to throttle them. Hopefully the outrage will outlive that process.
Just tried to delete my account. Same experience, needs to verify with a photo ID. Kinda shady. I wonder if it violates any EU rules.
edit: Just to be clear. Like the link said, there were other authentication methods, like SMS. Blizzard disabled the other ones on purpose.
Likely this is to protect against hacked accounts and the hackers deleting the account after trading away WoW items or whatnot. I've had an off/on idle WoW/Blizzard account for 10 or so years now, most folks don't want to delete their accounts when they don't play, they just let their subscription expire, so this seems like the most likely reason this is in place.
Normally I'd agree, but they added this due to the huge impact deletion has vs the cost. This is pretty clearly an anti abuse system they added begrudgingly due to real existing problems. I say this because its a huge burden on them to actually go through this process, so theres no way they chose to do it lightly, or recently.
If you got hacked and didn't want this to happen, would you still feel the same way?
Why even bother with an authenticator if they're not going to recognize it for something like this? Why should I have to send them an ID? I tried deleting my account multiple times and it still hasn't worked.
I don't know how good they are with PII - but asking for a photo ID means you own that data-breach now... if that ID information is leaked it's all on Blizzard.
It’s so our new Chinese overlords have your mug on file. Same government that has face recognition and cameras all over... Next time you step in China passport control, get ready for a grilling.
Just did in the EU, I was sent an SMS.
GDPR requires opt-out as easy as opt-in, so yes
True, GDPR requires it to be as easy to withdraw consent as to give it.
Yeah same, need to send a GDPR request. They're making me even more annoyed
This could be :
1. A technical issue preventing people from deleting accounts.
2. An active decision being taken. The response to this from customers motivated by the recent Hong Kong dustup is going to be sheer outrage. Regardless of reality, it's certainly being interpreted as #2. Not a good look for Blizzard.
Are we crawling toward some broader realization that corporate gaming and liberty are a questionable mix?
There is still one more method: call your bank and have them issue a stop payment on any charges from Blizzard. This is the nuclear option but it is an option.
This is the account deletion flow. Cancelling a WoW subscription* is a separate process, since you can have a Blizzard account without an active WoW subscription.
(* I'm not sure if they have any other games with automatic recurring payments, but if so I assume it works the same way.)
Yeah, canceling was rather easy. I was surprised how quickly I could stop the recurring payments.
Make it easy, and you lose some revenue from customers who want out and could be kept in against their will by making it too painful. However, the customers are happy, and you gain their trust. This will make them much more willing to give you their CC# the next time they're thinking about re-subscribing.
Make it hard, and you may keep a small fraction of these customers, but make all of them hate you, make them hesitant to re-subscribe, and make a significant fraction just go through alternative means (e.g. chargeback, cancelling cards, letting a prepaid credit card run dry) that end up costing more than that.
Taking a break from the game for a while is also just a super normal thing to do. It's a 15-year-old game and the people who have been continuously subscribed for that entire time are going to be an infinitesimally small portion. It's much more common to either just play for a few months when new content comes out, or play continuously for a few years, get burned out on it, then come back years later.
Cancellation still works. I just went through the flow a few minutes ago.
Wow, Blizzard must be winning after this awful fiasco they started.
Last time I had a friend do this he was told any balance on his account was forfeit, I wonder if this is still true?
No way this stay like this in EU
Most people will be too lazy, but hopefully some will start sending custom-written GDPR deletion requests... which will require human processing.
Isn't this a violation of the GDPR?
Technically the minimum required by the GDPR is that you can send them an email and the company must comply within 30 days.
It's one month, not 30 days (important distinction), and can more-or-less arbitrarily be extended to 3 months. Also, it doesn't require that any specific action be taken, just that the subject be informed within that time period.
Most notably, nothing within the GDPR requires removal of an account, only (in some cases) removal of Personal Data.
Hilariously the fact that they ask for a photo ID suddenly raises the amount of PII tied to your account by like 1000% - Blizzard knows very little of who I am, but if I gave them my photo ID then they're suddenly quite knowledgeable.
Only if they retain the information. They can just throw it away after "verification".
They could - or their marketing department could get some C-level pressure put on retaining it so they can try and "reactivate the potential customers" later.
Similar to how Twitter sent out marketing to contact devices registered for account recovery.
With GDPR you have the right to be forgotten. Therefor they need to remove all data about you that is not protected by any other law ( like billing information or something like that ). According to GDPR Art. 17(2)
GDPR isn't global law.
It applies to any user in the EU and since its hard to know if a particular user is or is not in the EU or a citizen of the EU its easier to just do the right thing by everyone.
> It applies to any user in the EU and since its hard to know if a particular user is or is not in the EU or a citizen of the EU its easier to just do the right thing by everyone.
This still assumes you care about being punished by the EU.
A company with no financial contact with the EU doesn't have to care about that, any more than a company with no financial contact with Saudi Arabia has to worry about offending the House of Saud.
Why is plus or minus a few days an important distinction here?
You know who else doesn't allow you to delete your account / post history? HACKER NEWS!
Just send an email to the moderator. It has been discussed many times here before.
They're incredibly helpful and nice in my experience. It's really not an issue.
HN mods - salute to you. Thanks for keeping this place tidy.
Can confirm. Mods responded very quickly, and took care of the issue.
Hats off to them.
Who is the moderator? And how do I find them/their email? There isn't a user search feature, as far as I can tell?
Note the Contact link in the footer: you can email the mods directly. In my experience they're very responsive.
[email protected] ???
and how do they verify that the email requesting an account be deleted, is coming from the actual owner of that account?
Rather than ask random people on the forum, I suggest emailing the mods and asking them directly. They're clearly authoritative in this regard.
If it’s from the email you signed up with, that’d be a good sign.
Username of dang
Why is that an acceptable way to handle it?
Because they're not adding features to this site all the time. It's a simple forum. Maybe they don't have the money or resources. You are using a free service and there are no ads. Just email the dang mods. lol
Your pun is well appreciated.
HN clearly values simplicity over being a full fledge company. That’s worked perfectly fine for a decade.
A simple forum can allow for account deletion, literally every open source forum I'm aware of does, and it doesn't require "being a full fledged company," either. This site is written in a Lisp dialect, so it should be possible to implement a new feature in a single line in a REPL over a cup of coffee, anyway, right? ;)
Anywhere else, having to contact a moderator to ask permission to have one's account deleted would be considered a user hostile dark pattern, nefarious motives assumed by default. But when Hacker News does it, well obviously it's just another sign of the elegance behind its design.
> A simple forum can allow for account deletion, literally every open source forum I'm aware of does, and it doesn't require "being a full fledged company," either. This site is written in a Lisp dialect, so it should be possible to implement a new feature in a single line in a REPL over a cup of coffee, anyway, right? ;)
A simple forum also has reply notifications, that HN has not. It is difficult to accept that HN is different from other forum software, with different priorities?
I don't know what being writing in Lisp implies that HN have to have some specific feature that you think it needs.
> Anywhere else, having to contact a moderator to ask permission to have one's account deleted would be considered a user hostile dark pattern, nefarious motives assumed by default. But when Hacker News does it, well obviously it's just another sign of the elegance behind its design.
It would be considered a dark pattern if the moderators were against deleting accounts, giving excuses or making the process unnecessary difficult. Since it seems that the moderators delete your account without bothering you, I don't think this is a dark pattern at all.
> with different priorities?
The point that started this all off is that HN has different priorities and those priorities disallow you from deleting accounts.
There's nothing to defend here, deleting your account is a 100% reasonable request.
Yeah, it is. However my point is, mods seems to delete your account without any unnecessary complications, so it is fine for me to now have a feature to do this.
Like I said below, it is really reasonable to not have a feature if the number of users asking to delete their accounts is manageable by mods. If it wasn’t, and thanks to this the mods would avoid deleting accounts, giving lame excuses or taking a long time, now I think the lack of this feature is user hostile.
I think the lack of reply notifications is intentional, to prevent quick back and forth snarky replies like on Reddit.
pg may have stated that at some point but I am not sure.
>A simple forum also has reply notifications, that HN has not. It is difficult to accept that HN is different from other forum software, with different priorities?
I don't object to the fact that this forum lacks particular features, I can accept that, although I would disagree that they would add unnecessary complexity or would somehow damage the "signal to noise" ratio of the community. I object to the tendency of people here to assume that any features this forum lacks are a priori without value because it lacks them.
If they don't want to add these particular features, fine, but people need to stop cargo culting the simplicity of this forum. Some of the features here are intentionally, actively user hostile and we should admit that Hacker News gets a pass for no other reason than it's Hacker News.
>I don't know what being writing in Lisp implies that HN have to have some specific feature that you think it needs.
I was snarking on the way people sometimes describe how elegant and powerful Lisp is, almost as if it were magic. Sometimes I forget this place is where humor goes to die. Mea culpa.
I am not cargo culting, however I disagree with you that not having deleting account option is “actively user hostile”. It would be if it happened like Blizzard did, disallowing users to do an account deletion. Mods seems fine to delete your account, so I don’t get why you’re saying that this is hostile to the user.
I mean, if the number of users deleting account is low why bother implementing a feature in first place? If the mods were overwhelmed with requests and would start giving excuses to delete your account thanks to this, now I think the lack of account deletion in HN would be user hostile.
> nefarious motives assumed by default.
HN isn't harvesting your email addresses and associated old comments for money or trying to pump up some user account growth number. Plus technically they could still easily keep your email/comments if you deleted your account in some archive.
I'm not sure what other value they could possibly draw from this where it could be some sort of tactic.
Let's just be happy YC is hosting this stuff for free and doing an excellent job.
What about the post history data set in BigQuery? That is a widespread and complete record of HN activity.