elevation
today at 5:28 PM
This year, an octogenarian friend got locked out of his android phone permanently. He had never had a PIN on his Samsung phone.
It started when he signed up at a new bank, giving them his phone number. Somehow the bank enrolled his in their online banking system, which notified Samsung, who remotely initiated the "let's give your phone a pin" flow, presumably to protect him during online banking. (This happened without his knowledge -- he had not installed the bank's phone app.)
Later that day, when his phone went into a modal "let's setup a pin" screen, he panicked, assuming an attacker had gained control of his phone, since this was not something he initiated. No button would let him exit the screen, so he powered it down. Now, when he powers it up, it demands a pin, but he doesn't know what pin that would be. The only way to get the phone back would be to factory reset it, meaning he'd be wiping his data. He had the money to replace his phone, but that may not be true of every citizen, especially at his age.
People assume digital auth systems are perfect. But you don't hear from consumers who can't get online to tell you "I've lost access."
I've shared some other similar stories: a widow who got banned for life from facebook within minutes of making an account from an apple device on a consumer ISP with her real cell phone number.
A coworker attempted to sell his son's sporting goods on facebook marketplace and was banned for life with no appeal because AI thought it was "weapons."
Some high school students each made a gmail address from the same laptop one afternoon, only to be banned the next day. Each supplied their own cellphone number, but the accounts got shut down, presumably because multiple accounts were being created from the same device too rapidly.
AI moderation means there are a ton of unwritten rules, and private companies will keep you out of their platforms if you break them. That's fine, but it means governments have no business serving their citizens from these exclusive platforms.
> e signed up at a new bank, giving them his phone number. Somehow
microtonal
today at 7:54 PM
It started when he signed up at a new bank, giving them his phone number. Somehow the bank enrolled his in their online banking system, which notified Samsung, who remotely initiated the "let's give your phone a pin" flow, presumably to protect him during online banking.
Do you have a proof that this actually a thing? I don't see what mechanism exists to do this and I don't see why Samsung would even bother to do this.
SoftTalker
today at 8:06 PM
Perhaps cooincidence and Samsung pushed an update that now required a PIN, but there was an untested failure mode (rebooting the device after the PIN setting process had been initiated but not completed).
SoftTalker
today at 6:45 PM
I've never gotten banned but I've been moderated/throttled (even here with the occasional "you're posting too fast") quite often. The triggers on things happening too fast from the same IP address or session seem quite sensitive and thus when I'm doing anything critical such as online transactions I space them out by many minutes, which is inconvenient.