At my previous company we had "Sign in with Facebook" – whatever your opinions on it are, it was probably the right thing for the company at that time.
Facebook decided to "audit" us to make sure we were doing sign in right. The tested it incorrectly, told us we were at fault and needed to fix it, and gave us 2 weeks to do so. We scrambled to figure out what the issue was, only to find after they eventually replied to our emails (all they told us up-front was "it doesn't work") that they had tried to use a sign-in only button to sign-up, similar on many websites, not at all for our flow and not something it was possible for us to do. We explained this and they dropped the audit.
2 weeks later, they audited us again, failed us again, and gave us a deadline to fix it. We replied pointing to the previous case and explaining again why it was working. We never heard back.
2 weeks later, they audited us again, failed us again, and gave us a deadline to fix it. We replied asking what the hell was happening (politely). We never heard back.
1 week later "Sign in with Facebook" stopped working with no other warning. We opened a support case, we emailed our ads account manager, we emailed our previous ads account manager as the first was on holiday, and all we got was "we're looking into it, but it looks legit, fix it".
I asked for a call and explained that the current user experience for users was that they would click "Sign in with Facebook" and see an error saying "Facebook is currently not working, please sign in another way", and that the only way we had to resolve this was to email all our Facebook auth'd users a password reset with an explanation that Facebook sign in no longer worked, and to then remove the feature from our site.
"Ah. Ok yeah let me see what I can do". It was working about 2 hours later, and we weren't audited again in the rest of the time I was at the company.
At my last company, we had 12 identical Facebook apps working as service-to-service messaging integrations. They chose to have 12 apps due to data sovereignty reasons, separating implementations in different regions. For each permission we needed, we'd record screencasts of all 12 apps and explain how to verify the system works, then submit for App Review.
Usually about 4 would get approved, and the other 8 would be rejected. All for different reasons. Usually it was something about Facebook Login - which we didn't use as an S2S integration. It was maddening.
We'd make token changes to the rejected reviews, resubmit, then keep resubmitting until they were all approved. On occasion an App would keep going to the same stubborn reviewer and we'd contact our Partner Manager. They're nearly powerless to do anything, since the Safety and Review team is firewalled off from the rest of Meta to prevent outside influence.
Funny nuance: when in development mode, Apps can't receive webhook events for wall posts. Only webhooks for Messenger (DMs) are active. We were adding support to reply to wall posts, but couldn't test or demonstrate the feature because public post webhooks weren't available. "How do we proceed?" "Well, you need to use the fetch API to get posts in batch for Approval, then you can use webhooks." Thing is, our platform wasn't interested in pulling posts in batch. Just routing public posts in real-time via webhooks.
So, we built a completely separate App to pull posts in batch and got it approved. Then used a proxy to slingshot webhooks through that App to our platform, bypassing the under-review Apps altogether. And we got them all approved.
It's a joke that Meta tries to enforce policy at the application level vs. API for enterprise S2S integrations. Workarounds "faking" the experience are always possible.
I advised simplifying things by having a single proxy service distributing messages to different cloud regions based on the customer. Or maybe 3 proxy Apps - dev, US, and Germany, as simple middleware shims. But not 12 Apps. It fell on deaf ears. Since I left, I hear with Instagram support and more granular permissions on Messenger, they're submitting 60+ App Review submissions every quarter. With the resubmissions and petitions it's nearly full-time position.
If I ever took another position working with Meta, it would have to be "retire in 3 years" kind of money.
We removed "Sign in with Facebook" from our public learning management system (we provide content to the public) instead of continuing to jump through their insane requests and demands.
OAuth in general feels like an increasingly bad idea. Log into everything with Google? Oops, one arbitrary account lock from Google and you're beyond fucked.
I agree. And besides that I also think it's an incredibly bad idea to
train users, who are technically not very firm, to enter their
credentials on some random page that asks for it.
I'm a pro and even I can't tell how this is supposed to be safe. How
would you explain the security aspects to someone who can't distinguish
between google-search and the browsers address-bar?!
It's bad enough that loads upon loads of sites require people to use their E-mail address as a user ID. What a stupid policy, one that embarrasses many companies that should know better (YES, THIS MEANS APPLE).
When you force people to log in with their E-mail address, what percentage of the public also thinks they need to use their E-mail password? I'm going to guess at least half. Now, if that site is compromised by a hack or disgruntled employee or whatever, people's E-mail accounts are wide open and identity theft galore can ensue.
Not to mention that your E-mail address is on thousands of spammers' lists. Combine that list with lists of common passwords, and you have a shitload of compromised E-mail accounts right there.
Nobody should have tolerated this amateur-hour policy, but here we are.
This is why you have to have a backup plan for your data and your business when you depend on cloud services. One day there is a very high probability some automated bot of theirs is going to flag you and take you down mercilessly, despite your best efforts. You have to be ready.
I agree with the fact that storing your identity on a service like Google isn't necessarily the best idea, but as a developer I DON'T want to be dealing with passwords and account lock outs. OAuth is great in that regard.
So very much this. The reason we're using OAuth in the first place is that we're leaving authentication to the big companies that know how to do it well.
The sheer amount of support work that resetting passwords and fixing access issues (and dealing with hostile actions) generates for a small team is staggering.
It was a ticket we had for a long time to remove it, in fact we had been no longer giving it as an option for account creation for a few years. It just was going to be a week of work and we wanted to avoid it if we could.
One quite perplexing common theme is "thing gets flagged -> thing gets resolved by a human as a false positive or whatever -> two weeks later, thing gets flagged again with no change, presumably by an automated system".
If the flagging is done by a human, is there really no "case file" that records the previous flags and why they were false positives? If it is done by an automated system, why is it allowed to flag things that a human has already cleared with no change?
Not a FB story, but I once had an innocuous profile image on a Google side-account get flagged and automatically restricted from public view. I requested human review and it was manually approved. The next week it got flagged again; same process, reapproved. This kept happening every week until 5 times total; I kept going just to see how long would it take them to stop, as I didn't really care about the image or even the account.
Long time after I'd last used that account, I logged-in again and, you guessed it, the image was flagged. Requested yet another review, approved. Was it really that hard for them to trigger human reviews before restricting content that had already been reviewed?
Not certain. Our ads account manager (or maybe the old account manager) found the internal ticket and I suspect told them that it was looking really bad for Facebook and that they were at risk of losing us.
By the time the communication was sent to all the users, wouldn't it have been too late? "Lose" the account or not, I don't imagine the company ever wanted to deepen the relationship with Facebook.
I used to run a graduation photography company, we did professional graduation photos half the price of the 'officail' providers (who pay a huge commission to the university, but don't get me started on that).
We promoted our service with facebook events and advertised said events. One year without warning or explination they Facebook just deleted all our events (we would travel from one uni to another over the summer). I frantically tried to get a response from facebook. I never got one.
I sued in small claims court and they settled the case (not before being very threatening through high paid lawyers and trying to dodge the case altogether) they never did explain what had happend or why.
Ultimately it's partly the reason I shut the company down, facebook was our channel, without certainty we could host events and promote them it made no business sense to invest in the company.
I don't have a specific solution for you, but I also run a domain with some thousands of subdomains and is always a fight to not be banned from Google, Meta, internet operators etc. Sometimes is enough one bad actor under one of your subdomains to have a full ban on the whole domain.
What I suggest is for your and your clients to contact Meta through the Business Center support. Their support for paying clients is much better. I would also recommend you become a Meta Business Partner if Facebook/Instagram is important for your SaaS.
> Sometimes is enough one bad actor under one of your subdomains to have a full ban on the whole domain.
If you're running independent subdomains where a bad actor on one should not affect the reputation of the rest, you probably should add your domain to the public suffix list: https://publicsuffix.org
Note that adding your domain to the PSL changes how browsers interact with it, so don't do it lightly. In particular, no more cookies for the parent domain.
> Their support for paying clients is much better.
Perhaps worth it in this situation, but isn't that basically paying protection money? "Nice domain you've got there. Shame if anything happened to it."
If you are using their services for something important you should pay for it. I use fastmail not gmail for this reason: email is too important for me to risk on an account I don't pay for. I don't pay for youtube, because I don't care if they go out of business. I probably would pay for facebook if possible (but only if they make it FACEbook - not political memes, offensive jokes, and cat pictures) as it is a good way to keep in touch with distant friends.
They workout the issues like everyone else, and at a certain size the issue is minimized as you are either in several whitelists or human moderators recognise your domain.
Most of those services also let clients setup their own domain name, so a ban is a more of a inconvenience to deal, than business critical like in OP case.
Another day and again another complaint about lack of proper (human) support from a big company.
When are we all going to realize that Facebook, Apple, Google and all the big names use automated moderating and they don't want to allocate resources for proper moderation?
They're not going to put in place a proper resolution mechanism and they don't care about the average user that got his/her email banned, page deleted or app removed.
I'm sure they're checking the numbers and the false positives/negatives are not that many that would require for these big companies to put something in place so as to not lose profit.
Let's all of us stop complaining and accept the current situation or even better find a cheap solution to real human moderation :-)
It's honestly not clear to me that many of these companies can afford proper moderation. Twitter's revenue is about $1.20 per user per month. Facebook's is about twice that. Proper moderation is expensive, with each incident requiring significant time from one or more smart people with native fluency and cultural understanding plus deep familiarity with the platform rules and all the tricks bad actors will try to play to get moderators to do the wrong thing.
These companies explicitly and intentionally cultivated profit models built around providing services for free and subsidizing them with data collection and advertising. Their low revenue-per-user is a direct result of that, and if they can't afford to provide proper moderation, that's entirely their fault, and does not absolve them of the responsibility to provide it anyway.
Oh, totally agreed. But I think this is one of those things that kinda crept up on us, and so status quo bias may mean they can keep getting away with it.
As an example, look at the flu. It kills way more people than drunk driving, [1] [2], but society has been pretty casual about that. The massive covid-era drops in influenza deaths show that it was always possible to do much better; we just never cared much because we were used to it. Similarly, I think we're used to Facebook and Twitter being Facebook and Twitter, so there won't be much outcry for change unless they do something especially bad.
Apple is nothing like Facebook and Google in this respect. One of the reasons I gladly pay a premium for Apple products is that I can talk with a human, over the phone or at an Apple Store.
Doing business as a software developer through the Apple store is a different beast. Putting in tickets to see why your software failed can be a nightmare if it isn't a glaring mistake. They may treat their customers well, but they don't always treat their devs with the same respect.
EDIT: I will note, it has been a few years since I've submitted to the app store, so I hope things have changed.
Apple is a scummy, back-stabbing business "partner." Everyone from small-time developers to publicly-traded companies gets screwed by Apple burying their apps (or simply not showing them at all) in searches that spell the publisher's name exactly right. They lie about app discovery to developers, lie about it to judges, and lie to the users doing the searches.
However, the public hysteria over "big tech" should not be dragging Apple into everything, because developers are essentially the only aggrieved party. Unlike Google and Meta, Apple is not the gatekeeper to the Internet for millions of people. And I can almost always get a human being on the phone or chat from Apple, which today is truly worthy of praise.
Are any of the sites using FB events/analytics? It depends on what the non-profit sites are doing, but the Facebook rules for prohibited domains [1] seem to include what a lot of non-profits may do:
"Predominantly target or serve an audience likely to have suffered from mental, emotional, financial or physical harm, or facing severe economic hardship that directly affects housing, food security or freedom."
I'm guess if a single one of your non-profit sites does all the sites would be blocked. Apart from pleading with FB, using domains for each would be a better solution to stop this happening the next time rules change or one of your sites does something not allowed
That page says that if you have such a site, FB will stop collecting analytics/tracking data from the site. It doesn't say FB will block posts mentioning the site.
It sounds like what you're saying is that FB prohibits community organizers, labor organizers, and charity from using FB analytics — which honestly is maybe not a bad idea, because analytics amounts to a serious privacy leak, one which could especially negatively impact vulnerable populations.
This is why massive companies like Meta and Alphabet needs to be nationalised. They simply have too much power over lives of billions.
This article is just another reminder of this. At scale that Meta operates, this algorithmically decided domain blockings mean nothing to them, but everything to hundred's of non-profits. There need to be legally mandated protections so things like this never happen again.
> This is why massive companies like Meta and Alphabet needs to be nationalised.
No. Giving this additional power to the government will not have the outcome you want. When something becomes too powerful, the solution is not to further concentrate that power into less accountable hands.
While I'm not totally behind "nationalize all the things", do you really think the government is less accountable than Meta? (or Alphabet etc?)
I guess that raises the question "accountable to whom", but in general, for all it's problems with accountability (and there are many), and acknolwedging that different US governments can stack up differently (say local vs federal) -- I'd still say that the government is in general definitely more accountable to "society", or the population at large, than giant corporations are.
If I were king of the world, maybe I'd try having 1/3rd of board members appointed by government, 1/3rd elected by users, 1/3rd elected by employees. Oh, right, there's stockholders too I guess... ok, 1/4th all around. I know this is only my utopian fantasy.
Companies are held accountable via market pressure, public relations pressure, investor pressure, and government/regulatory pressure. Governments, just via voters. Given that authoritarians of various stripes are working hard to neutralize or delegitimize voting and election results, yes, I think that giving Facebook to governments that are or may soon become authoritarian is absolutely at risk of reducing total accountability.
What a world, where we're arguing about which unaccountable abusive gigantic entity we'd rather be abused by.
I still find it shocking to think that Meta is more accountable (to society?) than government. It seems to be arguing over how low the bar can be, since Meta has very very little accountability. Like, as in the thread we are actually on, they can decide to ruin someone else's business with no notice or consequences or even acknowledgement there's any reason they ought not to. "Market pressure" and "investor pressure" don't seem to be doing much good in accountability to society, do they?
And you mention "government pressure" as something making them accountable to society right after arguing that government is less accountable than Meta is without government control, which seems odd.
> I still find it shocking to think that Meta is more accountable (to society?) than government.
That is not something I said. I'm not even sure it's quantifiable enough to say "more" or "less", as the kinds and mechanisms of accountability are so different.
> arguing that government is less accountable than Meta
I did not say that either. My point is that an authoritarian government nationalizing Facebook is even worse in accountability terms that either one on its own.
> "Market pressure" and "investor pressure" don't seem to be doing much good in accountability to society, do they?
I think your baseline is off. The social media platforms have made huge strides since their early days. Could they do more? Yes. Could they be worse? Incredibly so.
That was what the original comment I was replying to said, "less accountable hands". I replied mainly to question that. Then you disagreed with me, I guess I misunderstood about what you were disagreeing with me, sorry.
A lot of modern censorship is a mix of algorithms, and government pressuring corporations to take actions the government wants to do but legally cannot (eg. due to 1A concerns). There are huge swathes of society (mostly those who'd also be concerned with eg. "rising authoritarianism") who cheer political censorship and want more and more of it. See how eg. the press reacted to the possibility of Elon buying Twitter and saying he wants to decrease freedom of speech? They took it as an act of war.
> While I'm not totally behind "nationalize all the things", do you really think the government is less accountable than Meta? (or Alphabet etc?)
Yes. Absolutely, and without any qualification whatsoever and in every jurisdiction at every level.
Government enjoys sovereign immunity, qualified immunity, direct statutory immunity (laws that prevent suing the government) and operates the forum where they are held to account (be it a regulator or a court). It is very difficult to sue the government, and even more difficult to mount a campaign to change a law in a non-corrupt country. This applies to a tiny sanitation district,
Private companies are easily sued, regulated, and if their behavior is bad enough, reputation damage alone suffices to hold them to account.
Your last sentence is not true for facebook and other companies that operate at such scale. Good luck mounting a successful lawsuit against their legal team. Good luck getting their sheep users to jump ship given they haven't already after countless events that harmed their reputation. Good luck passing pro consumer regulation when industry is allowed to lobby, fund political advertisements, and donate money to campaigns.
> Your last sentence is not true for facebook and other companies that operate at such scale.
You are doing a good job of calling them out here. Last I looked, Meta's stock has taken a beating this year, to the point that their largest shareholder has lost roughly half of his wealth. Facebook's loss of users is having a huge effect.
> Good luck passing pro consumer regulation when industry is allowed to lobby, fund political advertisements, and donate money to campaigns.
Yes, getting the government to do anything is very hard, especially when they own a company or a service. You'd have to do all of the same things you have to do to regulate a private business, but with limited rights for redress. Government can incarcerate, take your property or kill you if they want to silence you. Meta can only shut off your account.
Why would you risk everything to start a company only to be forced to give up most of it to other people? Why would others invest (i.e. buy stock) in your company only to give up control to non-owners?
That's a different question than talking about "less accountable hands" but yes that would have to be figured out in any hypothetical utopian system.
The employees work for a paycheck of course, but I suppose there needs to be sufficient incentive to start a company. It probably doesn't need to be multi-billion-dollar payout possible to incentivize though. And talking about an already existing company like facebook, I think founders and early investors have already received quite enough reward to incentivize, being able to make as much money as they've made off meta up to this point is plenty of incentive to start a company.
(There are also other incentives than money to start a company).
Anyway, I was mostly responding to the suggestion that the government is "less accountable hands" than Meta -- I really don't think so, if we're talking about accountability to society at large. I think it's actually a problem that an entity with so much power over society isn't accountable to it; the first step is admitting we have a problem.
The founders and the employees are still being paid for their hard work building it up; it's not like a hostile government takeover where Mark Zuckerberg is woken up in his bed one night and asked by some men in uniform to hand over the keys to Facebook.
Wait, so you're saying most entrepreneurs aren't creating new things just to change the world, to make a difference, to put a dent in the universe, to fulfill a deep vision, and/or because their team or their userbase is like a family? I find it hard to believe that VCs, would-be billionaires, and their extensive PR teams have been lying to us all these years.
Your snark lands flat because knowing that you will lose control of your company at an arbitrary point affects every single of one of those points listed. How will I fulfill my vision if the government will take over when it finally gains traction? Government isn't known for their execution. Well, only one type.
My hypothetical company can always not go for a billion dollars of revenue, which makes those issues irrelevant even if we assume the worst possible handling.
> No. Giving this additional power to the government will not have the outcome you want.
Giving more power to the government on INFRASTRUCTURE at this scale always gives the desired outcome everywhere arount the world except the US.
I stressed the word infrastructure. Because at this level, these companies are literally the gatekeepers of the Internet. Who control literally 70%-80% of what we see, hear and do among themselves. Especially when doing business as a small business, there is no way to avoid them. And they can make or break their business within a day with their arbitrary decisions.
Imagine that your local road network was owned by a private, unaccountable company that was able to change the traffic flow within one day at a whim. Literally breaking all the logistics of your small shop by causing it to be much more expensive. Or your local power company doing the same thing.
To avoid such things, we keep infrastructure in the hands of public companies or we VERY tightly regulate them. Allowing a society's infrastructure to be controlled by private actors is as crazy as it gets.
Governments are always more accountable than private companies, because the only way an ordinary citizen can force a private entity to cease its abuse is... through the government. (No, "voting with your wallet" isn't a thing, especially when the abuse is profitable.)
Maybe the service itself will be crap once run by governments. But at least things are covered by law. things like fair hearings and proper customer support. Now you can be banned from those ecosystems just like they do in dictorial states.
Can ordinary citizens without millions of dollars even access the basic torte system against somebody bigger than themselves? The legal system is effectively unavailable to most citizens outside of small claims court because of the combination of precedent (ie, the need to spend a million dollars researching to know what the law is), and the stalling/creating expensive burdens tactics etc
Have you ever dealt with business support from Google? If you can get support at all, it's basically bots and auto replies. Even the worst state in the US has better support than Google or any other big software company out there.
Nationalization is not necessary more concentration and less many accountable hands.
Well, it depends on the governance obviously. If you talk some autocratic regime, where the king proclaimed "I am the state", that fits your description for sure.
On the other hand, if you are looking at a direct democracy regime, you could hardly make the power more pervasive, and every citizen has to carry its part of accountability on every social matter.
* Power disparity. As it is, Facebook is destroying people and business without any accountability. Now we hand that to the state who:
* Has all the incentive to destroy anything that competes, and the government has the ultimate way to do it: just outlaw the competition. If you think the product is bad today, imagine how fantastic it will be in 10 years of no competition.
* Has all the incentive to make people use it. So, it becomes oppressive and horrible and the government decides, hey, let's make everyone use this thing for essential services like payments and democracy!
All in all, nationalization of a social network is one of the worst directions we can take, regardless of politics. It's just a bad idea.
> the government has the ultimate way to do it: just outlaw the competition
> So, it becomes oppressive and horrible and the government decides, hey, let's make everyone use this thing for essential services like payments and democracy
These things can only fly in a non functioning democracy, which, while the US is coming dangerously close to, is not there yet.
> Has all the incentive to make people use it. So, it becomes oppressive and horrible and the government decides, hey, let's make everyone use this thing for essential services like payments and democracy!
Any examples of this? The USPS doesn't seem to have much power and other shipping companiea do alright.
> The USPS doesn't seem to have much power and other shipping companiea do alright.
Last I looked UPS and Fedex are legally barred from competing for letter postage and can only ship parcels (so the hack is the overnight envelope which packages your letter in a parcel.
Bonus: The postal service can arrest you and prosecute you. Last I looked, UPS and FedEx cannot.
Last I checked, UPS and FedEx literally (ab)use USPS as cheap last-mile delivery service which it is obligated to fulfill (at a loss). And they _certainly_ can and do deliver letters. They just don't often (and not to mailboxes, which are reserved for USPS), because people aren't willing to pay for it under normal circumstances. Despite these things... UPS and FedEx seem to do pretty good business, don't they? Remind me of the problem?
And uh... I can count on 0 hands the number of times I've heard of the USPS arresting anyone. Bet you can too.
The USPS is a bit of an anomaly in that its responsibilities are carved out in the constitution! Still interested to hear of other real world examples.
It's because our nationalization used to ressemble the Soviet model, for various reasons (one that governments were far more authoritarian in the 40s, 50s and 60s that they are now).
You have other options. One is the following:
- 1/3 government (adapted to the size of the business: federal for Facebook, but local for a sawmill)
- 1/3 workers (including the owner if he's working his business)
- 1/3 investors (owner or shareholders).
That would makes the owner who also work at the company the final decision maker for stuff that doesn't involve the government (like investment), but allows more balanced power balance.
Don't nationalise them, break them up. A state monopoly is preferable to a private monopoly, but in this case there's no reason we have to have a monopoly. Facebook and Google do too many things.
Google? Definitely. Meta? Not really. All Meta has is two social networks and one messaging service. They haven't really experienced huge success in anything else. They MAY hit big in VR/AR space, but that's yet to be determined.
> All Meta has is two social networks and one messaging service.
And a payment service, an ad platform, a marketplace, a VR R&D company, I never used them but I guess they also have a line of business services centred on social network communication, I’m probably forgetting plenty of things.
Additionally, Facebook primarily does acquisitions as a form of hiring, according to Mark Zuckerberg himself. They buy the company so they can get the employees to come and work at Facebook.
Oculus VR, Giphy, Mapillary and more are also successful in their space.
Just like Google's successes, the "successes" are actually built by others (almost all you list were acquisitions), but the difference (as mentioned before) is that Google sometimes acquire products for the product itself, while Facebook generally doesn't.
They still would definitely met the standard of a monopsony if not a monopoly. Its scary that an enormous number of people start and stop the information searching at google or those two social networks. I think its an oversimplification to say that just breaking them will solve the issue but they definitely handle a governmental level of power in terms of social after effects, which is why nation states target them for fake news.
On one hand you say they are so important they need to be nationalized and on the other you dismiss them as almost a couple of trivial apps. Which one is it?
Just social networking services? Modern social interactions revolve around them. Social networks are incredibly important and should be treated as such.
Communications platforms naturally become a monopoly. The biggest platform is the most useful one because you can talk to most people on it, so people prefer to join the biggest platform and it gets bigger.
That is easily fixed with legislation. We now have multiple phone companies that all interoperate. No reason we can't require the same from our many facebooks.
There are plenty of rules and procedures in every nation which screw over random 'little guys'... For example, "oh, you have a disability and can't work? Here, have some state support. Oh - we just found you helped look after your neighbours children once. That counts as work. Therefore you lied to us. Thats fraud. All your state support will now be withdrawn."
I know sub-optimal government is the default solution to all issues, but man, they are terrible with the monopolies they do control like healthcare, public education and infrastructure.
I don't think nationalisation is the answer, imagine the additional layer of bureaucracy dealing with a government entity. Large companies like Facebook need to be regulated by the government, there needs to be laws in place for stuff like this.
The European Union finally did it with the Digital Market Act. The law enforces access to market place and interoperability between messaging platforms. I’m surprised we don’t hear much about it here.
My guess is that American companies like to pretend it doesn’t matter in case it gave idea to US customers and silently fight it in courts in Europe.
Last time I checked, free access to education, care and protection against many abuses where provided by governmental organisms.
"government are better than any corporation" (or its reverse) means nothing if you don’t provide some specific topics and possible metrics to evaluate them.
Also, not all government and corporations behaves in the very same way.
Nah. Just make providing free services then blatantly fucking people over who rely on them a very risky thing to do. Like "attractive nuisance" laws that can make you liable if some kid you've never seen before drowns in a pool on your property if you didn't take reasonable measures to keep a kid from wandering into the pool. Or various regulations that make certain demands on businesses that open up physical spaces to the public (like stores or malls or whatever).
Separately I'd also like to see us outlaw the kind of data collection & retention that lets Facebook's business model exist, but I do think making it so offering free services doesn't absolve you of all responsibility is something we should do, too, and is more directly relevant to this.
There need to be legally mandated protections so things like this never happen again.
Such protection for websites would be an implicit protection for Meta's de facto monopoly on text-based social media. What needs to happen is for these sorts of bans to still happen, but for the public to understand the impact of those bans and move away from a single website for all their social media needs if they want to see posts from everyone.
Competition in the space would fix the problem. It'd mean the impact of a ban is massively diminished, and that companies are incentivized not to issue unwarranted bans because their users would go somewhere else.
While both users and advertisers have no real choice where to go Meta will hold on to their monopoly.
You’re placing way too much trust in the government, the same agency held hostage by a private company that forbid them to automatically calculate the taxes owed by its citizens.
Plus why what the government do with a social network? They’d still need to moderate it — at atrocious prices at that.
I'd be in favor of trust-busting them into smaller entities before nationalization .. While nationalization might work for smaller western European countries, it isn't going to work in a political machine the size of the united states
I haven't seen much information on how the GDPR's Article 22 right not to be subject to a decision based solely on automated means is going in these scenarios. I hear a lot about other provisions, but Article 22 seems like an important experiment.
We had a similar issue but not identical which led us to deploying all customers on a subdomain or their own domain. Rather than theirBusinessName.OurDomain.com people switched to shop.theirBusinessName.com and we used DNS cnames to point back to our servers.
We issued LetsEncrypt certificates automatically using Caddy and it works remarkably well for us. It also led us to become a paid LetsEncrypt sponsor and we have been for the past 4 years.
This is the way to do it. And if you're charging anything reasonable for SaaS service consider just registering a domain for your customers if they can't figure out how to delegate a subdomain CNAME.
This is the problem. They are not giving any reasons other than a 'TOS' violation and won't tell you why or ignore you if you try appealing it. The same happened to someone on Twitter and the very same thing happened to those on PayPal.
Before any big tech appeasers and bootlickers reply and attempt to defend this rubbish with 'private platform' nonsense or 'you knew you violated the TOS', in each of these cases do you know specifically why they got blocked as well? [0] [1] [2]
So let's look at this situation. It's a shop page, shop.{clientdomain}.tld. Now you need SSL for this, using AWS you need a TXT record from their ACM. You also need a CNAME to your domain (ideally) or to a Cloudfront instance. For your customer you now need them to make 2 DNS entries. This is from my experience having non-profit like entities setup DNS.
- Well the person who set that up stopped responding, isn't there another way to get this going?
- I've added all the record in what do you mean they don't match?
- I don't even know what DNS is, why is this necessary?
- I added in the record but the system didn't take one of them because it started with an underscore and they said that was invalid.
- We just switched websites to WIX, why is our shop page not loading, is your system down?
- Will this break my email, I don't want it to break my email.
- Here is my login, just go in and change what you need.
So in all, it's not just $10, it's a significant investment in time and resources to do this "simple" change that until this point did not have any downside. Hindsight is like that every time.
Now the customer has two domains and we have been training users to look for signs of phishing attempts using look alike domains AND ask them to put in their CC to buy things. Hard pass.
> Now the customer has two domains and we have been training users to look for signs of phishing attempts using look alike domains AND ask them to put in their CC to buy things
They already have to do that, only currently they have to put it into customername.shop-saas.com, not customername-shop.com, or even shop.customername.com.
The customer would already have had two domains because the subdomain was off the SaaS domain, not the client domain.
Client.SaaSdomain.tld
not
Shop.clientdomain.tld
If you’re setting up your service as a subdomain off the client domain, you won’t face the risk that one customer will get your entire service domain blocked (since it’s the customers domain).
By giving users the tools to moderate their own content. If you're peering with an instance that seems to pass on a lot of bad/dangerous content, then block the instance. You can use public blocklists on your instance if you want, but it should be your choice.
Also, it should be noted that blocklists are not a solution for things like phishing. Things like MFA and WebAuthn are the solution.
Are there any US grounds for a lawsuit when this happens? I can't think of any, but it seems like there should be, right? Not a lawyer, but who wants to write a memo on it?
I guess it's actually the same thing as the social media "Free speech" wars... meta has the first ammendment right to deny service to whomever they want for whatever they want (sans discirmination against protected classes), they can legally decide to ruin this company's business just cause they don't like them, even if it wasn't an accident? Yeah, the problem is facebook is too powerful, they aren't just any random business choosing not to work with you.
Buy a handful of alternative domains that redirect to your primary (you could stand up a minimal url shortener on each domain).
Even if you get unblocked this time, it could easily happen again. Until there’s systematic reform to this nonsense, you just have to work around it with redundancy.
If they’re going to treat you like a scammer, work around it like the scammers do.
I believe the facebook crawler will crawl redirects, such that a URL that results in a redirect to a blocked domain is still going to get blocked.
(Even if it were a satisfactory solution to say "message all your customers and tell them they have to start using the new domain for ticket sales, including for events that are already promoted with ongoing ticket sales" which of course it isn't, although I follow you that it would be perhaps better than nothing).
My guess is there’s a “sheeps-clothing.stamhoofd.shop”. Since the users’ shops are hosted on a subdomain, one bad acting user can cause the whole domain to get blamed. Meta’s enforcement bots have, of course, zero nuance or understanding of this kind of thing. I doubt they would care about trampling small non-profits in any case.
On another note, does anyone have experience with getting unblocked by Bing? Domain was blocked from the day of registration and has 100% legit content, yet I'm getting 'URL cannot appear on Bing'.
> ThreatExchange (aka TX or TE) is used by multiple companies to share signals on a variety of topics intended to prevent real world harm. Some examples of how TX is currently used include sharing malware, phishing scams, and terrorism signals with the goal of helping all participating organizations tackle these problems based on their terms of service.
I think it is simply the domain name itself, not anything they did. The domain name he uses (stamhoofd) translates to "head of the tribe/tribal leader". I can imagine that such a word can easily have bad connotations and nobody wants their brand to support any site with a potentially offensive name that can turn into a PR nightmare. Likely it got flagged for this reason.
Good question! I would also like to know the answer. I've scanned through our sites and couldn't find any malicious content... My guess is that the block was automated, and might have been caused by a fake spam report. There can be some competition between non-profits (e.g. two scouting groups in the same local area). Maybe they started to report each other as a joke.
Did you consider the fact that your domain name itself could have been the cause by itself? It is not extremely far fetched that stamhoofd could somehow find its way in being found offensive by some automated tool (or a person who takes these things very seriously). It would explain the TOS violation too, if it considered the word to be problematic.
Right, from a user's point of view labelling it "Spam" has the same effect as when you put letters unread on that pile by the door, "I don't want to read this". Should they? Doesn't matter. Years back we even had users who were paying us to send them specific emails and would mark it as spam.
The use of "users marked this as spam" as a signal is a cheap but lousy shortcut and it's bad news that we became reliant upon it.
I have a suspicion that your domain name (stamhoofd = head of the tribe, tribal leader translated from dutch) is likely getting flagged due to some natural language processing thing flagging it as offensive language. I would not be surprised that it is indeed a fully automated process deciding that your site's domain name is potentially harmful for their "brand" to support.
This sounds ok. But what does the META terms say about this business setup? There are many platforms you can't do this on including the major mobile app stores.
It doesn't matter what the rules say-- these companies have legal departments better funded than those of states. They can just tie you up in expensive litigation for the rest of their life. They're largely immune to oversight by the courts as a result, which is presumably a part of why they behave this way.
If you’re going to be running a service like this you absolutely need to have multiple TLD’s and some automation to detect when they have been blocked.
I'm sorry to hear of the op's troubles with meta, but this "No fake-news, crypto-currencies, violence, porn, or illegal activities... " is a very strange sentence. Why would the author lump "crypto currencies" along with fake-news, violence and porn?
Of course this doesn't take away from the validity of their claim and I wish this stupid shadowban is lifted. Also I hope (at least in Europe) we can get some laws passed that force large online service providers like FB to act responsibly (past record of attempts to regulate the Internet by our beaurocrats and its results notwithstanding).
My guess is there is a TON of scamming related to crypto. All those comments on Twitter or YouTube (for example) pretending to be someone important trying to get people to send a little to get a lot as a “bonus for readers” or something like that.
Plus scam coins, etc.
It’s probably far easier for them to just say “none of that” until it gets easier to tell the good from the bad.
The irony is that the platforms are still flooded with crypto scams, I know on twitter and youtube at least they don't even respond to reports on them 99% of the time-- even when it's the same obvious scam messaged reposed twenty times in a short interval--, but then they'll capriciously ban legitimate material because it mentioned bitcoin.
It's not hard to imagine that a lot of these companies are now using outsourced 'moderation' where the moderators themselves are the scammers, intentionally permitting scams and intentionally flagging legit stuff. But sadly the truth is probably more boring, indifference instead of intrigue.
Fun story.
At my previous company we had "Sign in with Facebook" – whatever your opinions on it are, it was probably the right thing for the company at that time.
Facebook decided to "audit" us to make sure we were doing sign in right. The tested it incorrectly, told us we were at fault and needed to fix it, and gave us 2 weeks to do so. We scrambled to figure out what the issue was, only to find after they eventually replied to our emails (all they told us up-front was "it doesn't work") that they had tried to use a sign-in only button to sign-up, similar on many websites, not at all for our flow and not something it was possible for us to do. We explained this and they dropped the audit.
2 weeks later, they audited us again, failed us again, and gave us a deadline to fix it. We replied pointing to the previous case and explaining again why it was working. We never heard back.
2 weeks later, they audited us again, failed us again, and gave us a deadline to fix it. We replied asking what the hell was happening (politely). We never heard back.
1 week later "Sign in with Facebook" stopped working with no other warning. We opened a support case, we emailed our ads account manager, we emailed our previous ads account manager as the first was on holiday, and all we got was "we're looking into it, but it looks legit, fix it".
I asked for a call and explained that the current user experience for users was that they would click "Sign in with Facebook" and see an error saying "Facebook is currently not working, please sign in another way", and that the only way we had to resolve this was to email all our Facebook auth'd users a password reset with an explanation that Facebook sign in no longer worked, and to then remove the feature from our site.
"Ah. Ok yeah let me see what I can do". It was working about 2 hours later, and we weren't audited again in the rest of the time I was at the company.
At my last company, we had 12 identical Facebook apps working as service-to-service messaging integrations. They chose to have 12 apps due to data sovereignty reasons, separating implementations in different regions. For each permission we needed, we'd record screencasts of all 12 apps and explain how to verify the system works, then submit for App Review.
Usually about 4 would get approved, and the other 8 would be rejected. All for different reasons. Usually it was something about Facebook Login - which we didn't use as an S2S integration. It was maddening.
We'd make token changes to the rejected reviews, resubmit, then keep resubmitting until they were all approved. On occasion an App would keep going to the same stubborn reviewer and we'd contact our Partner Manager. They're nearly powerless to do anything, since the Safety and Review team is firewalled off from the rest of Meta to prevent outside influence.
Funny nuance: when in development mode, Apps can't receive webhook events for wall posts. Only webhooks for Messenger (DMs) are active. We were adding support to reply to wall posts, but couldn't test or demonstrate the feature because public post webhooks weren't available. "How do we proceed?" "Well, you need to use the fetch API to get posts in batch for Approval, then you can use webhooks." Thing is, our platform wasn't interested in pulling posts in batch. Just routing public posts in real-time via webhooks.
So, we built a completely separate App to pull posts in batch and got it approved. Then used a proxy to slingshot webhooks through that App to our platform, bypassing the under-review Apps altogether. And we got them all approved.
It's a joke that Meta tries to enforce policy at the application level vs. API for enterprise S2S integrations. Workarounds "faking" the experience are always possible.
I advised simplifying things by having a single proxy service distributing messages to different cloud regions based on the customer. Or maybe 3 proxy Apps - dev, US, and Germany, as simple middleware shims. But not 12 Apps. It fell on deaf ears. Since I left, I hear with Instagram support and more granular permissions on Messenger, they're submitting 60+ App Review submissions every quarter. With the resubmissions and petitions it's nearly full-time position.
If I ever took another position working with Meta, it would have to be "retire in 3 years" kind of money.
We removed "Sign in with Facebook" from our public learning management system (we provide content to the public) instead of continuing to jump through their insane requests and demands.
OAuth in general feels like an increasingly bad idea. Log into everything with Google? Oops, one arbitrary account lock from Google and you're beyond fucked.
I agree. And besides that I also think it's an incredibly bad idea to train users, who are technically not very firm, to enter their credentials on some random page that asks for it.
I'm a pro and even I can't tell how this is supposed to be safe. How would you explain the security aspects to someone who can't distinguish between google-search and the browsers address-bar?!
It's bad enough that loads upon loads of sites require people to use their E-mail address as a user ID. What a stupid policy, one that embarrasses many companies that should know better (YES, THIS MEANS APPLE).
When you force people to log in with their E-mail address, what percentage of the public also thinks they need to use their E-mail password? I'm going to guess at least half. Now, if that site is compromised by a hack or disgruntled employee or whatever, people's E-mail accounts are wide open and identity theft galore can ensue.
Not to mention that your E-mail address is on thousands of spammers' lists. Combine that list with lists of common passwords, and you have a shitload of compromised E-mail accounts right there.
Nobody should have tolerated this amateur-hour policy, but here we are.
This is why you have to have a backup plan for your data and your business when you depend on cloud services. One day there is a very high probability some automated bot of theirs is going to flag you and take you down mercilessly, despite your best efforts. You have to be ready.
I agree with the fact that storing your identity on a service like Google isn't necessarily the best idea, but as a developer I DON'T want to be dealing with passwords and account lock outs. OAuth is great in that regard.
So very much this. The reason we're using OAuth in the first place is that we're leaving authentication to the big companies that know how to do it well.
The sheer amount of support work that resetting passwords and fixing access issues (and dealing with hostile actions) generates for a small team is staggering.
not if but when
It was a ticket we had for a long time to remove it, in fact we had been no longer giving it as an option for account creation for a few years. It just was going to be a week of work and we wanted to avoid it if we could.
There are so many stories like this, it is crazy! Thank you for sharing this.
One quite perplexing common theme is "thing gets flagged -> thing gets resolved by a human as a false positive or whatever -> two weeks later, thing gets flagged again with no change, presumably by an automated system".
If the flagging is done by a human, is there really no "case file" that records the previous flags and why they were false positives? If it is done by an automated system, why is it allowed to flag things that a human has already cleared with no change?
Not a FB story, but I once had an innocuous profile image on a Google side-account get flagged and automatically restricted from public view. I requested human review and it was manually approved. The next week it got flagged again; same process, reapproved. This kept happening every week until 5 times total; I kept going just to see how long would it take them to stop, as I didn't really care about the image or even the account.
Long time after I'd last used that account, I logged-in again and, you guessed it, the image was flagged. Requested yet another review, approved. Was it really that hard for them to trigger human reviews before restricting content that had already been reviewed?
Hard? No.
Beyond their interest in doing, or their (low, low) budget to do at scale? Yes.
FWIW, the audits were definitely being performed by humans, we saw the screenshots and some notes. The triggers for audits were likely automated.
You mean large company screws up, people get in touch and they fix it?
I completely disagree, there aren't many stories like this. In fact I don't remember reading any on HN.
Who on Facebook's side resolved the problem in the end?
Not certain. Our ads account manager (or maybe the old account manager) found the internal ticket and I suspect told them that it was looking really bad for Facebook and that they were at risk of losing us.
By the time the communication was sent to all the users, wouldn't it have been too late? "Lose" the account or not, I don't imagine the company ever wanted to deepen the relationship with Facebook.
Similar experience
I used to run a graduation photography company, we did professional graduation photos half the price of the 'officail' providers (who pay a huge commission to the university, but don't get me started on that).
We promoted our service with facebook events and advertised said events. One year without warning or explination they Facebook just deleted all our events (we would travel from one uni to another over the summer). I frantically tried to get a response from facebook. I never got one.
I sued in small claims court and they settled the case (not before being very threatening through high paid lawyers and trying to dodge the case altogether) they never did explain what had happend or why.
Ultimately it's partly the reason I shut the company down, facebook was our channel, without certainty we could host events and promote them it made no business sense to invest in the company.
Did they undelete your events as part of the settlement?
Negative, as with all legal action it took months and by then the graduations were long past.
I'm not sure small claims would do something like that
Parties to a lawsuit can propose to do anything they want in a settlement.
I don't have a specific solution for you, but I also run a domain with some thousands of subdomains and is always a fight to not be banned from Google, Meta, internet operators etc. Sometimes is enough one bad actor under one of your subdomains to have a full ban on the whole domain.
What I suggest is for your and your clients to contact Meta through the Business Center support. Their support for paying clients is much better. I would also recommend you become a Meta Business Partner if Facebook/Instagram is important for your SaaS.
> Sometimes is enough one bad actor under one of your subdomains to have a full ban on the whole domain.
If you're running independent subdomains where a bad actor on one should not affect the reputation of the rest, you probably should add your domain to the public suffix list: https://publicsuffix.org
Thanks, I didn't know about that list. I'll try that!
Note that adding your domain to the PSL changes how browsers interact with it, so don't do it lightly. In particular, no more cookies for the parent domain.
> Their support for paying clients is much better.
It would really be a shame if something was to happen to your domain in our ecosystem because you're not a paying partner.
They're mobsters.
You think you should get everything for free or something?
You think Facebook isn't getting something out of allowing users to sign into other sites through them?
You think the site isn't getting something out of allowing users to click a social media button to sign in?
It's almost as if the button is mutually beneficial and that only a greedy moron would threaten to break it unless paid yet more money.
Yes
> Their support for paying clients is much better.
Perhaps worth it in this situation, but isn't that basically paying protection money? "Nice domain you've got there. Shame if anything happened to it."
If you are using their services for something important you should pay for it. I use fastmail not gmail for this reason: email is too important for me to risk on an account I don't pay for. I don't pay for youtube, because I don't care if they go out of business. I probably would pay for facebook if possible (but only if they make it FACEbook - not political memes, offensive jokes, and cat pictures) as it is a good way to keep in touch with distant friends.
> If you are using their services for something important
But they aren't.
Their URLs are simply blocked by Facebook, who happens to be a popular third-party website.
> Their support for paying clients is much better.
One could argue that is the whole point behind making life for non paying users harder.
Then how come GeoCities, Heroku, Vercel, GH Pages and others survived?
They workout the issues like everyone else, and at a certain size the issue is minimized as you are either in several whitelists or human moderators recognise your domain.
Most of those services also let clients setup their own domain name, so a ban is a more of a inconvenience to deal, than business critical like in OP case.
I wonder if these assholes (Meta, Google) could be prosecuted under a Net Neutrality law for blocking particular sites.
Another day and again another complaint about lack of proper (human) support from a big company. When are we all going to realize that Facebook, Apple, Google and all the big names use automated moderating and they don't want to allocate resources for proper moderation? They're not going to put in place a proper resolution mechanism and they don't care about the average user that got his/her email banned, page deleted or app removed. I'm sure they're checking the numbers and the false positives/negatives are not that many that would require for these big companies to put something in place so as to not lose profit. Let's all of us stop complaining and accept the current situation or even better find a cheap solution to real human moderation :-)
It's honestly not clear to me that many of these companies can afford proper moderation. Twitter's revenue is about $1.20 per user per month. Facebook's is about twice that. Proper moderation is expensive, with each incident requiring significant time from one or more smart people with native fluency and cultural understanding plus deep familiarity with the platform rules and all the tricks bad actors will try to play to get moderators to do the wrong thing.
These companies explicitly and intentionally cultivated profit models built around providing services for free and subsidizing them with data collection and advertising. Their low revenue-per-user is a direct result of that, and if they can't afford to provide proper moderation, that's entirely their fault, and does not absolve them of the responsibility to provide it anyway.
Exactly. If your car company cannot be profitable with airbags, then you shouldn't be in the car business (to use an analogy).
This is the absolute best analogy I've ever seen for this situation. Kudos.
Oh, totally agreed. But I think this is one of those things that kinda crept up on us, and so status quo bias may mean they can keep getting away with it.
As an example, look at the flu. It kills way more people than drunk driving, [1] [2], but society has been pretty casual about that. The massive covid-era drops in influenza deaths show that it was always possible to do much better; we just never cared much because we were used to it. Similarly, I think we're used to Facebook and Twitter being Facebook and Twitter, so there won't be much outcry for change unless they do something especially bad.
[1] https://www.cdc.gov/flu/about/burden/index.html#:~:text=Figu...
[2] e.g., https://www.valuepenguin.com/drunk-driving-statistics
Apple is nothing like Facebook and Google in this respect. One of the reasons I gladly pay a premium for Apple products is that I can talk with a human, over the phone or at an Apple Store.
Doing business as a software developer through the Apple store is a different beast. Putting in tickets to see why your software failed can be a nightmare if it isn't a glaring mistake. They may treat their customers well, but they don't always treat their devs with the same respect.
EDIT: I will note, it has been a few years since I've submitted to the app store, so I hope things have changed.
It hasn't changed, I'm basically treating the whole platform as legacy now and "best effort".
And I'm only talking about the normal process, good luck if you happen to have a buggy developper account which loops during the sign-in...
Apple is a scummy, back-stabbing business "partner." Everyone from small-time developers to publicly-traded companies gets screwed by Apple burying their apps (or simply not showing them at all) in searches that spell the publisher's name exactly right. They lie about app discovery to developers, lie about it to judges, and lie to the users doing the searches.
However, the public hysteria over "big tech" should not be dragging Apple into everything, because developers are essentially the only aggrieved party. Unlike Google and Meta, Apple is not the gatekeeper to the Internet for millions of people. And I can almost always get a human being on the phone or chat from Apple, which today is truly worthy of praise.
People praise AppleTV for not having ads, but the app search there has the same promoted ad protection racket stuff.
Are any of the sites using FB events/analytics? It depends on what the non-profit sites are doing, but the Facebook rules for prohibited domains [1] seem to include what a lot of non-profits may do:
"Predominantly target or serve an audience likely to have suffered from mental, emotional, financial or physical harm, or facing severe economic hardship that directly affects housing, food security or freedom."
I'm guess if a single one of your non-profit sites does all the sites would be blocked. Apart from pleading with FB, using domains for each would be a better solution to stop this happening the next time rules change or one of your sites does something not allowed
[1] https://www.facebook.com/business/help/851247612299604?id=18...
That page says that if you have such a site, FB will stop collecting analytics/tracking data from the site. It doesn't say FB will block posts mentioning the site.
It sounds like what you're saying is that FB prohibits community organizers, labor organizers, and charity from using FB analytics — which honestly is maybe not a bad idea, because analytics amounts to a serious privacy leak, one which could especially negatively impact vulnerable populations.
This is why massive companies like Meta and Alphabet needs to be nationalised. They simply have too much power over lives of billions.
This article is just another reminder of this. At scale that Meta operates, this algorithmically decided domain blockings mean nothing to them, but everything to hundred's of non-profits. There need to be legally mandated protections so things like this never happen again.
> This is why massive companies like Meta and Alphabet needs to be nationalised.
No. Giving this additional power to the government will not have the outcome you want. When something becomes too powerful, the solution is not to further concentrate that power into less accountable hands.
> into less accountable hands.
While I'm not totally behind "nationalize all the things", do you really think the government is less accountable than Meta? (or Alphabet etc?)
I guess that raises the question "accountable to whom", but in general, for all it's problems with accountability (and there are many), and acknolwedging that different US governments can stack up differently (say local vs federal) -- I'd still say that the government is in general definitely more accountable to "society", or the population at large, than giant corporations are.
If I were king of the world, maybe I'd try having 1/3rd of board members appointed by government, 1/3rd elected by users, 1/3rd elected by employees. Oh, right, there's stockholders too I guess... ok, 1/4th all around. I know this is only my utopian fantasy.
If you haven't noticed, we're living in an era of rising authoritarianism: https://freedomhouse.org/report/freedom-world/2022/global-ex...
Companies are held accountable via market pressure, public relations pressure, investor pressure, and government/regulatory pressure. Governments, just via voters. Given that authoritarians of various stripes are working hard to neutralize or delegitimize voting and election results, yes, I think that giving Facebook to governments that are or may soon become authoritarian is absolutely at risk of reducing total accountability.
What a world, where we're arguing about which unaccountable abusive gigantic entity we'd rather be abused by.
I still find it shocking to think that Meta is more accountable (to society?) than government. It seems to be arguing over how low the bar can be, since Meta has very very little accountability. Like, as in the thread we are actually on, they can decide to ruin someone else's business with no notice or consequences or even acknowledgement there's any reason they ought not to. "Market pressure" and "investor pressure" don't seem to be doing much good in accountability to society, do they?
And you mention "government pressure" as something making them accountable to society right after arguing that government is less accountable than Meta is without government control, which seems odd.
> I still find it shocking to think that Meta is more accountable (to society?) than government.
That is not something I said. I'm not even sure it's quantifiable enough to say "more" or "less", as the kinds and mechanisms of accountability are so different.
> arguing that government is less accountable than Meta
I did not say that either. My point is that an authoritarian government nationalizing Facebook is even worse in accountability terms that either one on its own.
> "Market pressure" and "investor pressure" don't seem to be doing much good in accountability to society, do they?
I think your baseline is off. The social media platforms have made huge strides since their early days. Could they do more? Yes. Could they be worse? Incredibly so.
That was what the original comment I was replying to said, "less accountable hands". I replied mainly to question that. Then you disagreed with me, I guess I misunderstood about what you were disagreeing with me, sorry.
A lot of modern censorship is a mix of algorithms, and government pressuring corporations to take actions the government wants to do but legally cannot (eg. due to 1A concerns). There are huge swathes of society (mostly those who'd also be concerned with eg. "rising authoritarianism") who cheer political censorship and want more and more of it. See how eg. the press reacted to the possibility of Elon buying Twitter and saying he wants to decrease freedom of speech? They took it as an act of war.
government is via consent which literally includes all the other things you mentioned
> While I'm not totally behind "nationalize all the things", do you really think the government is less accountable than Meta? (or Alphabet etc?)
Yes. Absolutely, and without any qualification whatsoever and in every jurisdiction at every level.
Government enjoys sovereign immunity, qualified immunity, direct statutory immunity (laws that prevent suing the government) and operates the forum where they are held to account (be it a regulator or a court). It is very difficult to sue the government, and even more difficult to mount a campaign to change a law in a non-corrupt country. This applies to a tiny sanitation district,
Private companies are easily sued, regulated, and if their behavior is bad enough, reputation damage alone suffices to hold them to account.
Your last sentence is not true for facebook and other companies that operate at such scale. Good luck mounting a successful lawsuit against their legal team. Good luck getting their sheep users to jump ship given they haven't already after countless events that harmed their reputation. Good luck passing pro consumer regulation when industry is allowed to lobby, fund political advertisements, and donate money to campaigns.
> Your last sentence is not true for facebook and other companies that operate at such scale.
You are doing a good job of calling them out here. Last I looked, Meta's stock has taken a beating this year, to the point that their largest shareholder has lost roughly half of his wealth. Facebook's loss of users is having a huge effect.
> Good luck passing pro consumer regulation when industry is allowed to lobby, fund political advertisements, and donate money to campaigns.
Yes, getting the government to do anything is very hard, especially when they own a company or a service. You'd have to do all of the same things you have to do to regulate a private business, but with limited rights for redress. Government can incarcerate, take your property or kill you if they want to silence you. Meta can only shut off your account.
Why would you risk everything to start a company only to be forced to give up most of it to other people? Why would others invest (i.e. buy stock) in your company only to give up control to non-owners?
That's a different question than talking about "less accountable hands" but yes that would have to be figured out in any hypothetical utopian system.
The employees work for a paycheck of course, but I suppose there needs to be sufficient incentive to start a company. It probably doesn't need to be multi-billion-dollar payout possible to incentivize though. And talking about an already existing company like facebook, I think founders and early investors have already received quite enough reward to incentivize, being able to make as much money as they've made off meta up to this point is plenty of incentive to start a company.
(There are also other incentives than money to start a company).
Anyway, I was mostly responding to the suggestion that the government is "less accountable hands" than Meta -- I really don't think so, if we're talking about accountability to society at large. I think it's actually a problem that an entity with so much power over society isn't accountable to it; the first step is admitting we have a problem.
The founders and the employees are still being paid for their hard work building it up; it's not like a hostile government takeover where Mark Zuckerberg is woken up in his bed one night and asked by some men in uniform to hand over the keys to Facebook.
Actually, that's exactly what it's like.
Wait, so you're saying most entrepreneurs aren't creating new things just to change the world, to make a difference, to put a dent in the universe, to fulfill a deep vision, and/or because their team or their userbase is like a family? I find it hard to believe that VCs, would-be billionaires, and their extensive PR teams have been lying to us all these years.
Your snark lands flat because knowing that you will lose control of your company at an arbitrary point affects every single of one of those points listed. How will I fulfill my vision if the government will take over when it finally gains traction? Government isn't known for their execution. Well, only one type.
You do realize that most VC-funded entrepreneurs "lose control" of their companies already, right?
My hypothetical company can always not go for a billion dollars of revenue, which makes those issues irrelevant even if we assume the worst possible handling.
> No. Giving this additional power to the government will not have the outcome you want.
Giving more power to the government on INFRASTRUCTURE at this scale always gives the desired outcome everywhere arount the world except the US.
I stressed the word infrastructure. Because at this level, these companies are literally the gatekeepers of the Internet. Who control literally 70%-80% of what we see, hear and do among themselves. Especially when doing business as a small business, there is no way to avoid them. And they can make or break their business within a day with their arbitrary decisions.
Imagine that your local road network was owned by a private, unaccountable company that was able to change the traffic flow within one day at a whim. Literally breaking all the logistics of your small shop by causing it to be much more expensive. Or your local power company doing the same thing.
To avoid such things, we keep infrastructure in the hands of public companies or we VERY tightly regulate them. Allowing a society's infrastructure to be controlled by private actors is as crazy as it gets.
> less accountable
Governments are always more accountable than private companies, because the only way an ordinary citizen can force a private entity to cease its abuse is... through the government. (No, "voting with your wallet" isn't a thing, especially when the abuse is profitable.)
Maybe the service itself will be crap once run by governments. But at least things are covered by law. things like fair hearings and proper customer support. Now you can be banned from those ecosystems just like they do in dictorial states.
ummmm, have you seen our criminal justice system?
Can ordinary citizens without millions of dollars even access the basic torte system against somebody bigger than themselves? The legal system is effectively unavailable to most citizens outside of small claims court because of the combination of precedent (ie, the need to spend a million dollars researching to know what the law is), and the stalling/creating expensive burdens tactics etc
I'm especially entertained by this notion that making a company government-owned will magically ensure "proper customer support".
That might be the funniest thing I've read in weeks, actually.
Have you ever dealt with business support from Google? If you can get support at all, it's basically bots and auto replies. Even the worst state in the US has better support than Google or any other big software company out there.
I certainly was not claiming that Google has good support. I'm aware of basic reality. ;) But your response does not address my point at all.
It might be the only way to make Facebook worse.
Nationalization is not necessary more concentration and less many accountable hands.
Well, it depends on the governance obviously. If you talk some autocratic regime, where the king proclaimed "I am the state", that fits your description for sure.
On the other hand, if you are looking at a direct democracy regime, you could hardly make the power more pervasive, and every citizen has to carry its part of accountability on every social matter.
> Well, it depends on the governance obviously.
Three reasons why nationalization is a bad idea:
* Power disparity. As it is, Facebook is destroying people and business without any accountability. Now we hand that to the state who:
* Has all the incentive to destroy anything that competes, and the government has the ultimate way to do it: just outlaw the competition. If you think the product is bad today, imagine how fantastic it will be in 10 years of no competition.
* Has all the incentive to make people use it. So, it becomes oppressive and horrible and the government decides, hey, let's make everyone use this thing for essential services like payments and democracy!
All in all, nationalization of a social network is one of the worst directions we can take, regardless of politics. It's just a bad idea.
> the government has the ultimate way to do it: just outlaw the competition
> So, it becomes oppressive and horrible and the government decides, hey, let's make everyone use this thing for essential services like payments and democracy
These things can only fly in a non functioning democracy, which, while the US is coming dangerously close to, is not there yet.
> These things can only fly in a non functioning democracy, which, while the US is coming dangerously close to, is not there yet.
Most functioning democracies outlaw competing with the postal service - as the US has for centuries.
> Has all the incentive to make people use it. So, it becomes oppressive and horrible and the government decides, hey, let's make everyone use this thing for essential services like payments and democracy!
Any examples of this? The USPS doesn't seem to have much power and other shipping companiea do alright.
> The USPS doesn't seem to have much power and other shipping companiea do alright.
Last I looked UPS and Fedex are legally barred from competing for letter postage and can only ship parcels (so the hack is the overnight envelope which packages your letter in a parcel.
Bonus: The postal service can arrest you and prosecute you. Last I looked, UPS and FedEx cannot.
Last I checked, UPS and FedEx literally (ab)use USPS as cheap last-mile delivery service which it is obligated to fulfill (at a loss). And they _certainly_ can and do deliver letters. They just don't often (and not to mailboxes, which are reserved for USPS), because people aren't willing to pay for it under normal circumstances. Despite these things... UPS and FedEx seem to do pretty good business, don't they? Remind me of the problem?
And uh... I can count on 0 hands the number of times I've heard of the USPS arresting anyone. Bet you can too.
The USPS is a bit of an anomaly in that its responsibilities are carved out in the constitution! Still interested to hear of other real world examples.
It's because our nationalization used to ressemble the Soviet model, for various reasons (one that governments were far more authoritarian in the 40s, 50s and 60s that they are now).
You have other options. One is the following:
- 1/3 government (adapted to the size of the business: federal for Facebook, but local for a sawmill)
- 1/3 workers (including the owner if he's working his business)
- 1/3 investors (owner or shareholders).
That would makes the owner who also work at the company the final decision maker for stuff that doesn't involve the government (like investment), but allows more balanced power balance.
Don't nationalise them, break them up. A state monopoly is preferable to a private monopoly, but in this case there's no reason we have to have a monopoly. Facebook and Google do too many things.
>Facebook and Google do too many things.
Google? Definitely. Meta? Not really. All Meta has is two social networks and one messaging service. They haven't really experienced huge success in anything else. They MAY hit big in VR/AR space, but that's yet to be determined.
> All Meta has is two social networks and one messaging service.
And a payment service, an ad platform, a marketplace, a VR R&D company, I never used them but I guess they also have a line of business services centred on social network communication, I’m probably forgetting plenty of things.
Facebook is approaching 100 acquisitions: https://en.wikipedia.org/wiki/List_of_mergers_and_acquisitio...
Feels like a lot and not just three entities.
Additionally, Facebook primarily does acquisitions as a form of hiring, according to Mark Zuckerberg himself. They buy the company so they can get the employees to come and work at Facebook.
Sure, they OWN a bunch of stuff, but (besides Facebook/Instagram/Whatsup) none of it is a massive success.
It's not like Google which has 1)Search 2)YouTube 3)Maps 4)Android 5)Chrome 6)Gmail 7)Analytics just from top of my head
Oculus VR, Giphy, Mapillary and more are also successful in their space.
Just like Google's successes, the "successes" are actually built by others (almost all you list were acquisitions), but the difference (as mentioned before) is that Google sometimes acquire products for the product itself, while Facebook generally doesn't.
They still would definitely met the standard of a monopsony if not a monopoly. Its scary that an enormous number of people start and stop the information searching at google or those two social networks. I think its an oversimplification to say that just breaking them will solve the issue but they definitely handle a governmental level of power in terms of social after effects, which is why nation states target them for fake news.
Which market are they a monopsony (only one buyer) in?
On one hand you say they are so important they need to be nationalized and on the other you dismiss them as almost a couple of trivial apps. Which one is it?
Just social networking services? Modern social interactions revolve around them. Social networks are incredibly important and should be treated as such.
Just did a check to see their subsidiaries and they actually have way more than I expected :
https://inspirationfeed.com/what-companies-does-facebook-own...
> All Meta has is two social networks and one messaging service.
They literally dominate the social network landscape along with Twitter. They can literally set public agenda. That's too much power.
Communications platforms naturally become a monopoly. The biggest platform is the most useful one because you can talk to most people on it, so people prefer to join the biggest platform and it gets bigger.
That is easily fixed with legislation. We now have multiple phone companies that all interoperate. No reason we can't require the same from our many facebooks.
Oh, for the days when you got banned from one website and you just went to a different website.
Nationalisation wouldn't fix it.
There are plenty of rules and procedures in every nation which screw over random 'little guys'... For example, "oh, you have a disability and can't work? Here, have some state support. Oh - we just found you helped look after your neighbours children once. That counts as work. Therefore you lied to us. Thats fraud. All your state support will now be withdrawn."
Look how well the US government handled the small business loans during covid. It wasn't the small businesses really getting them.
I know sub-optimal government is the default solution to all issues, but man, they are terrible with the monopolies they do control like healthcare, public education and infrastructure.
I don't think nationalisation is the answer, imagine the additional layer of bureaucracy dealing with a government entity. Large companies like Facebook need to be regulated by the government, there needs to be laws in place for stuff like this.
The European Union finally did it with the Digital Market Act. The law enforces access to market place and interoperability between messaging platforms. I’m surprised we don’t hear much about it here.
My guess is that American companies like to pretend it doesn’t matter in case it gave idea to US customers and silently fight it in courts in Europe.
> This is why massive companies like Meta and Alphabet needs to be nationalised.
Nationalised by what country? US? UK? France? Russia? Saudi Arabia? India? China?
Would we have country-specific and isolated social media and search engines?
Even in nominally free western countries, do you really want the government controlling what can be in a search engine or posted on social media?
Would you be ok with the chinese or argentinian government running Alphabet or Meta?
I don't think most government are better than any corporation.
Last time I checked, free access to education, care and protection against many abuses where provided by governmental organisms.
"government are better than any corporation" (or its reverse) means nothing if you don’t provide some specific topics and possible metrics to evaluate them.
Also, not all government and corporations behaves in the very same way.
Sorry, don't have time to show you that most governments do shitty things to people all the time.
Nah. Just make providing free services then blatantly fucking people over who rely on them a very risky thing to do. Like "attractive nuisance" laws that can make you liable if some kid you've never seen before drowns in a pool on your property if you didn't take reasonable measures to keep a kid from wandering into the pool. Or various regulations that make certain demands on businesses that open up physical spaces to the public (like stores or malls or whatever).
Separately I'd also like to see us outlaw the kind of data collection & retention that lets Facebook's business model exist, but I do think making it so offering free services doesn't absolve you of all responsibility is something we should do, too, and is more directly relevant to this.
There need to be legally mandated protections so things like this never happen again.
Such protection for websites would be an implicit protection for Meta's de facto monopoly on text-based social media. What needs to happen is for these sorts of bans to still happen, but for the public to understand the impact of those bans and move away from a single website for all their social media needs if they want to see posts from everyone.
Competition in the space would fix the problem. It'd mean the impact of a ban is massively diminished, and that companies are incentivized not to issue unwarranted bans because their users would go somewhere else.
While both users and advertisers have no real choice where to go Meta will hold on to their monopoly.
Paul Romer has offered a proposal: https://news.uchicago.edu/story/nobel-laureate-paul-romer-ho...
You’re placing way too much trust in the government, the same agency held hostage by a private company that forbid them to automatically calculate the taxes owed by its citizens.
Plus why what the government do with a social network? They’d still need to moderate it — at atrocious prices at that.
I'd be in favor of trust-busting them into smaller entities before nationalization .. While nationalization might work for smaller western European countries, it isn't going to work in a political machine the size of the united states
I haven't seen much information on how the GDPR's Article 22 right not to be subject to a decision based solely on automated means is going in these scenarios. I hear a lot about other provisions, but Article 22 seems like an important experiment.
So the government, for and by the people can have a money drain that is used for disinformation and cyber bullying?
Just delete Facebook, it's not worth it.
We had a similar issue but not identical which led us to deploying all customers on a subdomain or their own domain. Rather than theirBusinessName.OurDomain.com people switched to shop.theirBusinessName.com and we used DNS cnames to point back to our servers.
We issued LetsEncrypt certificates automatically using Caddy and it works remarkably well for us. It also led us to become a paid LetsEncrypt sponsor and we have been for the past 4 years.
This is the way to do it. And if you're charging anything reasonable for SaaS service consider just registering a domain for your customers if they can't figure out how to delegate a subdomain CNAME.
Our domain just has been unblocked, thank you everyone for your support! I'm soooo happy right now!
Did they give you any explanation as to what happened, or why they chose to review the block (probably because of this attention…)?
I’m not sure how to ask this in an answerable way, but did they ask you not to talk about what happened and/or how it got resolved?
This is the problem. They are not giving any reasons other than a 'TOS' violation and won't tell you why or ignore you if you try appealing it. The same happened to someone on Twitter and the very same thing happened to those on PayPal.
Before any big tech appeasers and bootlickers reply and attempt to defend this rubbish with 'private platform' nonsense or 'you knew you violated the TOS', in each of these cases do you know specifically why they got blocked as well? [0] [1] [2]
[0] https://twitter.com/llsceptics/status/1567658400573448192
[1] https://www.telegraph.co.uk/news/2022/09/21/paypal-shuts-acc...
[2] https://twitter.com/flipper_zero/status/1567194641610465281
Why not use full domains for a service like this?
Instead of client.your domain.tld, register client-your domain.tld. This would prevent one bad actor from nuking your whole business.
Yes it has a cost, but it’s like $10 a year for a new domain, which I bet pales in comparison to other direct costs of running a SaaS.
So let's look at this situation. It's a shop page, shop.{clientdomain}.tld. Now you need SSL for this, using AWS you need a TXT record from their ACM. You also need a CNAME to your domain (ideally) or to a Cloudfront instance. For your customer you now need them to make 2 DNS entries. This is from my experience having non-profit like entities setup DNS.
- Well the person who set that up stopped responding, isn't there another way to get this going? - I've added all the record in what do you mean they don't match? - I don't even know what DNS is, why is this necessary? - I added in the record but the system didn't take one of them because it started with an underscore and they said that was invalid. - We just switched websites to WIX, why is our shop page not loading, is your system down? - Will this break my email, I don't want it to break my email. - Here is my login, just go in and change what you need.
So in all, it's not just $10, it's a significant investment in time and resources to do this "simple" change that until this point did not have any downside. Hindsight is like that every time.
No, you automate all this on behalf of your clients. The customer is not registering the domain and managing DNS, you are.
The best reason not to do full domains is the risk of bad actors re-registering domains you release, as schroeding points out in another reply.
Now the customer has two domains and we have been training users to look for signs of phishing attempts using look alike domains AND ask them to put in their CC to buy things. Hard pass.
> Now the customer has two domains and we have been training users to look for signs of phishing attempts using look alike domains AND ask them to put in their CC to buy things
They already have to do that, only currently they have to put it into customername.shop-saas.com, not customername-shop.com, or even shop.customername.com.
The customer would already have had two domains because the subdomain was off the SaaS domain, not the client domain.
Client.SaaSdomain.tld
not
Shop.clientdomain.tld
If you’re setting up your service as a subdomain off the client domain, you won’t face the risk that one customer will get your entire service domain blocked (since it’s the customers domain).
They provide webshops for 60€/year and a .be or .nl domain costs 15€/year, so 25% of that. That's a lot.
A .nl domain name costs < $5... be probably <$10, but still.
Here is our 60/year plan with a sub domain. We can't control the fact Facebook/Google/whatever might ban you because of a bad acting neighbor
Or here is our 75/year plan which includes a domain to ensure you don't run into problems with social media
Apart from the cost, this would allow bad actors to reregister domains, once a shop is expired, though. Subdomains do not.
This is true. But this risk should probably be weighed against the risk of a bad customer getting your entire root domain deny-listed.
Or preregistration domains for nonprofits that aren’t on your service (or not yet).
Yes, that is a possibility. But we only charge $59 per year, so there is not much room for extra costs.
It's worth remembering what the long-term solutions to these types of issues are.
For Facebook: decentralized social networks built on open protocols.
For the ISP: normalizing the use of VPNs (through a local server) for all internet traffic.
Yes there are tradeoffs. I'm personally happy to make them.
For society: making de-facto public infrastructure public again.
how exactly can a decentralized network do better at moderation than a centralized one?
By giving users the tools to moderate their own content. If you're peering with an instance that seems to pass on a lot of bad/dangerous content, then block the instance. You can use public blocklists on your instance if you want, but it should be your choice.
Also, it should be noted that blocklists are not a solution for things like phishing. Things like MFA and WebAuthn are the solution.
Are there any US grounds for a lawsuit when this happens? I can't think of any, but it seems like there should be, right? Not a lawyer, but who wants to write a memo on it?
I guess it's actually the same thing as the social media "Free speech" wars... meta has the first ammendment right to deny service to whomever they want for whatever they want (sans discirmination against protected classes), they can legally decide to ruin this company's business just cause they don't like them, even if it wasn't an accident? Yeah, the problem is facebook is too powerful, they aren't just any random business choosing not to work with you.
Buy a handful of alternative domains that redirect to your primary (you could stand up a minimal url shortener on each domain).
Even if you get unblocked this time, it could easily happen again. Until there’s systematic reform to this nonsense, you just have to work around it with redundancy.
If they’re going to treat you like a scammer, work around it like the scammers do.
I believe the facebook crawler will crawl redirects, such that a URL that results in a redirect to a blocked domain is still going to get blocked.
(Even if it were a satisfactory solution to say "message all your customers and tell them they have to start using the new domain for ticket sales, including for events that are already promoted with ongoing ticket sales" which of course it isn't, although I follow you that it would be perhaps better than nothing).
My guess is there’s a “sheeps-clothing.stamhoofd.shop”. Since the users’ shops are hosted on a subdomain, one bad acting user can cause the whole domain to get blamed. Meta’s enforcement bots have, of course, zero nuance or understanding of this kind of thing. I doubt they would care about trampling small non-profits in any case.
On another note, does anyone have experience with getting unblocked by Bing? Domain was blocked from the day of registration and has 100% legit content, yet I'm getting 'URL cannot appear on Bing'.
First thing I always wonder with these, what did your customer(s) do wrong?
> ThreatExchange (aka TX or TE) is used by multiple companies to share signals on a variety of topics intended to prevent real world harm. Some examples of how TX is currently used include sharing malware, phishing scams, and terrorism signals with the goal of helping all participating organizations tackle these problems based on their terms of service.
https://developers.facebook.com/docs/threat-exchange/getting...
I think it is simply the domain name itself, not anything they did. The domain name he uses (stamhoofd) translates to "head of the tribe/tribal leader". I can imagine that such a word can easily have bad connotations and nobody wants their brand to support any site with a potentially offensive name that can turn into a PR nightmare. Likely it got flagged for this reason.
Good question! I would also like to know the answer. I've scanned through our sites and couldn't find any malicious content... My guess is that the block was automated, and might have been caused by a fake spam report. There can be some competition between non-profits (e.g. two scouting groups in the same local area). Maybe they started to report each other as a joke.
Did you consider the fact that your domain name itself could have been the cause by itself? It is not extremely far fetched that stamhoofd could somehow find its way in being found offensive by some automated tool (or a person who takes these things very seriously). It would explain the TOS violation too, if it considered the word to be problematic.
A large percentage of users use the "report spam" button as an unsubscribe/delete button in their email client.
Right, from a user's point of view labelling it "Spam" has the same effect as when you put letters unread on that pile by the door, "I don't want to read this". Should they? Doesn't matter. Years back we even had users who were paying us to send them specific emails and would mark it as spam.
The use of "users marked this as spam" as a signal is a cheap but lousy shortcut and it's bad news that we became reliant upon it.
Too bad they won't actually say what the trigger even is. Could be one mass email.
I have a suspicion that your domain name (stamhoofd = head of the tribe, tribal leader translated from dutch) is likely getting flagged due to some natural language processing thing flagging it as offensive language. I would not be surprised that it is indeed a fully automated process deciding that your site's domain name is potentially harmful for their "brand" to support.
This sounds ok. But what does the META terms say about this business setup? There are many platforms you can't do this on including the major mobile app stores.
Meta has form. They did this to hundreds of Australian non-profits when they were trying to get leverage over the Australian government.
Did anybody ever sued a FAANG for this sort of things (or the ToS that allow them) and got a ruling?
It doesn't matter what the rules say-- these companies have legal departments better funded than those of states. They can just tie you up in expensive litigation for the rest of their life. They're largely immune to oversight by the courts as a result, which is presumably a part of why they behave this way.
someday we will organize and block back but until then...
If you’re going to be running a service like this you absolutely need to have multiple TLD’s and some automation to detect when they have been blocked.
Sue the f* out of them.
I'm sorry to hear of the op's troubles with meta, but this "No fake-news, crypto-currencies, violence, porn, or illegal activities... " is a very strange sentence. Why would the author lump "crypto currencies" along with fake-news, violence and porn?
Of course this doesn't take away from the validity of their claim and I wish this stupid shadowban is lifted. Also I hope (at least in Europe) we can get some laws passed that force large online service providers like FB to act responsibly (past record of attempts to regulate the Internet by our beaurocrats and its results notwithstanding).
My guess is there is a TON of scamming related to crypto. All those comments on Twitter or YouTube (for example) pretending to be someone important trying to get people to send a little to get a lot as a “bonus for readers” or something like that.
Plus scam coins, etc.
It’s probably far easier for them to just say “none of that” until it gets easier to tell the good from the bad.
The irony is that the platforms are still flooded with crypto scams, I know on twitter and youtube at least they don't even respond to reports on them 99% of the time-- even when it's the same obvious scam messaged reposed twenty times in a short interval--, but then they'll capriciously ban legitimate material because it mentioned bitcoin.
It's not hard to imagine that a lot of these companies are now using outsourced 'moderation' where the moderators themselves are the scammers, intentionally permitting scams and intentionally flagging legit stuff. But sadly the truth is probably more boring, indifference instead of intrigue.
They all land in moral gray areas for different people.
Some people view porn as far less damaging to society than crypto (at least how crypto has been primarily used YTD).
“fake news” is can very easily be abused to mean “news that doesn’t agree with my world view”.
“Violence” is vague but would coverage of what’s happening in Ukraine be put there?