IANAL, but if the page is used to opt-out of marketing emails, then yes, Visa is in violation the US CAN-SPAM act, which requires promptly processing opt-out requests.
As long as the opt-out page is broken, they should not be sending out marketing emails and could be open to a class-action lawsuit from people they email with no ability to opt-out.
> could be open to a class-action lawsuit from people they email with no ability to opt-out.
CAN-SPAM does not grant standing to individuals. The only recourse individuals have under CAN-SPAM is to report the violation to the FTC and hope the FTC does something about it.
I noticed I was getting billed by AT&T for South Carolina taxes when I'd been living in Oregon for 3 years. Literally hadn't left the state of Oregon since I'd arrived.
I added up the fees in a spreadsheet and it came out to $51. I called AT&T and fought with their customer support who offered me "as a one time courtesy refund $25" and escalating to a manager wouldn't change that.
I submitted a complaint to the FTC, and not long after I got multiple calls and voicemails from AT&T "Executive Customer Service" or something, and when I finally took the call they breathlessly offered me a full refund for the exact amount right up front with no haggling.
It was remarkable.
Can you believe they called ME to fix their fuckup? And then paid me?
Could you imagine if that was the level of customer service you always got?
So out of sheer loyalty I immediately switched to Ting and have saved thousands of dollars since.
I was once having problem with my Bank, and instead of going into the branch _again_, I used a form on the website to log a complaint. OMG, I've never seen such good customer service!
My guess is the number of complaints resolved is tied to somebodies bonus.
A lot of times, when it comes to business like this, in person complaints go into the ether, but the online complaints are recorded and play a part in performance metrics, or hit corp response team rather than branch.
It's complicated, but under certain circumstances you can sue agencies for not doing something. It depends on the specific laws governing the specific agency and how you've been harmed by the inaction. Broadly speaking, the Administrative Procedures Act required agencies to have procedurally fair processes. If you're concretely harmed by an agency's inaction and you can show they didn't follow the correct processes, you can sometimes win.
The general rule of US and English common law is that the sovereign is immune from liability. The reason you can sue the U.S. Government is because Congress passed laws such as the Tucker Act, the Federal Tort Claims Act, the Administrative Procedures Act, and Section 1983 of the Civil Rights Act allowing plaintiffs to do so.
Judicial review doesn't generally let you sue the Government to obtain redress for injuries; it is for enforcing the people's Constitutional rights where the Government is stepping out of bounds. It doesn't let you, say, sue the FTC to get them to do their job.
Yes. My time is highly valuable. As is my ISP pipe and my thought processing. Spam steals that, and you'll find no quarter with most tech folks because this is the societal default.
> Let’s not confuse being paid a lot of money at work with our time being valuable.
Thanks. I haven't. But I'm glad you reminded people that time being valuable is disconnected from hourly rate. Perhaps unintentionally. It wouldn't matter if my job paid minimum wage or I fund my fifth yacht budget from my latest financial trade, my time is valuable. I get one life to enjoy.
Others may value their time differently. My time, however, I value highly.
> You comment quite a bit on a site that’s the content marketing project of a VC firm after all.
I learn quite a bit from the site, as the weekend projects here become the valuable tech five to ten years down the line.
-----
Spam emails are an unmitigated moral bad, and a tu quoque in their defense, however misplaced and invective, is ultimately meaningless.
“My time being valuable” can legitimately be meant in a fully subjective way. In the sense of: I would like to cram a long list of activities (including thinking about certain things) into my remaining lifetime. If that list is a lot longer than my remaining life allows for, the value of my time is arguably pretty high for me - even if it isn’t for others.
I just meant they are pretty much independent dimensions, and I interpreted your comment to mean they are highly correlated. Or did I misunderstand what you were trying to say?
I think it depends on the frame of reference: one reflects how others value you; the other reflects how you value yourself. (And as most of us know, these are not necessarily correlated...)
A single one - barely any. Although you have to be a Superman to be able to entirely process it in 1ms.
At scale, it might take up to a few minutes off your day and under certain circumstances (heavy spam) even start contributing to a mental fatigue. It's a minor nuisance but a nuisance nonetheless.
don't forget that that the presence of spam makes it quite a bit more difficult to manage your own email
regardless, it introduces a non-zero chance that legitimate email might be misclassified
it seems like everyone in the ad industry has this opinion - if you don't like it, just delete it and move on. but there are thousands of them, and somewhere in there is that job offer I really need.
>if the page is used to opt-out of marketing emails
Though I can't access it, I don't think that's what it's for. I believe it's for opting out of having your credit-card purchase history used for marketing purposes (i.e. sold to other companies, not for Visa itself to send you marketing emails).
>U.S. cardholders may opt out of Visa using their card transaction data for VAS, a suite of aggregated data products in the US.
That is the key. Does the web page being down mean that there is no way to opt out? Or is it just more difficult? The page you linked says: "Give a return email address or another easy Internet-based way to allow people to communicate their choice to you." Take note of the "or" in that statement.
So as long as they check replies within 10 days, they seem to be OK. If they fail to do so, maybe there is a problem. FWIW, I'm in agreement that this link being down is not good. But there is not enough info to hazard even guessing whether this is a violation of law.
Seems unlikely every marketing email Visa sent during this outage was sent from an actual, valid email address with an inbox. Isn’t that pretty unusual for marketing emails? They’re usually from something like no-spam@domain.
Agreed. I'm not saying they are in the clear, I'm saying that neither do we have enough information to declare that they definitely broke laws - the law being cited contained both flexibility and ambiguity and it would take some legal research and knowledge to know more.
(And now that I think of it, we aren't even citing the law, we are talking about a summary of the law that is posted online.)
IANAL as well; #6 says that no information other than an e-mail address is required to opt-out, but when I was presented with a login-page for an unsubscribe, my research indicated that it's not cut-and-dry that requiring a login is banned by CAN-SPAM.
CAN-SPAM does not create a private right of action. I have generally no idea what I’m talking about when it comes to legal stuff but I think this means only the government can sue them over it.
This is what is so frustrating about companies harming many people by small amounts. There is no actual recourse for the individuals. If an individual missed a credit card payment by mistake, the bank would assuredly charge them a late fee, report the payment to the credit agencies, etc. But when the company makes a mistake like this, no penalty, no consequences. It really should be the other way around—we should extend grace to the person rather than the company, yet the company basically has more “rights” in a way than the person.
Gah, it's an asymmetric war. I feel like, as programmers, we should be able to leverage automation for individuals to fight back smarter where corpos fight harder.
Might be hard to do without incurring the ire of the state, whose allegiances will probably not lie with the bearded fat man spamming Visa's webforms with the contents of their own emails or whatever.
The computer fraud and abuse act was quickly installed to prevent exactly this kind of levelling of the playing field in America.
Bank of America's website would let you change account numbers in the URL bar after logging in and see someone else's account. The CFAA was on their side.
A description of what you are supposed to be able to opt-out from on Visa cards is here:
"In some countries, Visa enhances card transaction data and uses it to generate anonymised and aggregated consumer spending and marketing reports and other data products that enable companies to improve their marketing efforts. These solutions help companies identify consumers that they can target."
When I tried to get my annual credit report, I find that the credit agencies constantly have trouble validating my identify online even though I have one of the simplest reports. A single same address for decades, no loans, paid off every month.
They randomly will say that I can't be verified, and I need to snail mail them copies of a bunch of identifying documents to get my credit report. I imagine this is a common issue, and somehow still satisfies their requirement to offer the annual credit report online.
I had a similar experience recently: one agency report came through fine, one report came through with mysterious issues, and one just would not ever let me verify without snail mail.
When it came time for my "real" credit report to be run, however, there was no problem at all verifying my identity or getting the accurate information. Weird, huh?
What can we do about it? It feels hard because for any given individual they can say: "the problem is you, not us." We'd need some sort of aggregate data to prove that there's something systematic going on.
Why not just view them online? Sites like CreditKarma have existed for years. And if you don’t trust third parties, Experian let’s you view theirs on their own site. The benefit is being able to see updates more than once a year. CreditKarma updates every week.
Yeah that's what I'm trying to do, to view them online. I've looked up what's going wrong, and quite a few people have this issue that they can't be verified online.
I find that hard to believe because they can verify my identify when I sign up for an online bank, or apply for an apartment, or do anything else with the same information. I'm more inclined to believe it's not a priority, and don't care about making it better because the law doesn't say how good their service has to be, just that it exists. I'll note that when I sign up with the same information to their paid service as a trial, there's never any issue with verifying my identity.
> It's possible that your situation being so simple is exactly what makes it hard for them to be confident that the requestor is you.
You know, in theory this sounds reasonable. However:
- these organizations are grossly incompetent (is there anyone left in the US who has not had their data leaked by a credit bureau?)
- the incentives are very badly misaligned (it is our data, but we are not their customers, other corporations are, and they only provide this service because the law requires it)
I'm going to hazard a guess that it's just really crappy software that's causing this.
MasterCard's MasterPass service's website in Ukraine[1] had it's certificate expired like half a year ago and has only been renewed a few days ago. Meanwhile the customer support assured customers that MasterCard is doing everything possible to fix the issue.
Nah cos big corps just do what they want with no penalties unless they piss off enough people that the politicans feel like they need to make a point.. ...we're well into gangster capitalism now
This might not be Reddit, and the parent's point might be crudely made, but watch the fines companies are awarded, and put it in terms of revenue, and then scale it to /$60k USD, to put it terms of how "big" of a fine it would be, from an average person's pocket; you'll find that many of these fines are in the sub-dollar range, which to me, makes it completely fair to dismiss them as any sort of real penalty.
That's a very interesting point, but make sure to do it with profit, and not revenue. Revenue is meaningless on this context.
(If it's a sub-dollar fine over revenue, it will probably be around $20 on profits, what just moves the needle from the cost of home-made coffee to an airport coffee.)
I disagree that profit is the right metric when scaling a fine to a normal person; $60k is the average American's revenue (not profit — I'm not even sure how I'd calculate profit for a human, in a year), so I use the corresponding amount — revenue — when comparing.
For example, a $10 fine to a company w/ a net loss but $1B in revenue is clearly not a large fine.
> That's a very interesting point, but make sure to do it with profit
No dont do it with profit. You can just reinvest all your actual profits in the business and then on paper have a very small profit or even show a loss.
Hackernews discourse is supposed to at least take some thought when making a comment.
>ah cos big corps just do what they want with no penalties unless they piss off enough people that the politicans feel like they need to make a point.. ...we're well into gangster capitalism now
Quite simply everytime one of these stories comes up big corp breaks the law...is anyone going to do anything about it...The answer is pretty much always no not even fines...
Why do you believe that everything the government does is nefarious? If you really believe your government is after you and everyone else you can try to change it or leave the country. The one option that doesn’t change anything is posting unrelated comments on the web. How is the government informing people bad? Are schools bad? Universities?
> So you'd be okay if on Jan 6, Donald Trump used the emergency broadcast system
The article you linked doesn't seem to say anything about using EBS. Trump used every platform available to spread the notion that the election was rigged, so I'm not following the whatabout here.
I echo the sibling comment on asking for an explanation as to why you feel that this is a bad thing. Are you American? If so, would you rather the government not make their case to influencers?
Yes I would rather the government not use social media influencers to try to change public opinion on matters. They shouldn't be performing PsyOps on their own citizens.
Except that what they were doing is better described as outreach, and was done openly and in apparent good faith. Such outreach is especially important given the prevalence of FSB psyops — actual psyops — throughout the world.
You say gangster capitalism. I also hear late stage capitalism and other such modifiers being thrown around a lot.
When has power ever been limited? Certainly not in any communist society that’s existed so far, nor under feudalism, or even earlier capitalist societies to my knowledge (did the Roman’s not have this problem?).
The question isn't really whether power has been "limited" (it's unclear to me what that would even mean, honestly), but the form in which it is constituted and what institutions it rests with. Like, it's pretty clear that the institutions which control and manage daily life and politics in 21st century America are of a much different character than the ones of the mid-20th century USSR, which are again much different than, say, 16th century Europe or what have you.
> did the Roman’s not have this problem?
I'm relatively confident that Roman society did not have to contend with the accumulation of power by multi-national corporate bodies and the relative weakening of democratic institutions that results, nor the degree to which such corporations are able to leverage 21st century technology to exert control over individuals' lives.
Of course the institutions are different. But is the problem of power any different? If anything, it seems like there are more ways that power is limited in current America than 16th century Europe or the USSR.
Roman was absolutely multinational. I don’t think it had corporations, but rather the entire empire acting as a single business… which is even worse.
> But is the problem of power any different? If anything, it seems like there are more ways that power is limited in current America than 16th century Europe or the USSR.
I certainly think so. I think many of the way in which modern institutions exert power over individuals are of a fundamentally different nature compared to, say, slave economies, or the pre-reformation Catholic church, or the Aztec empire, or whatever. In particular:
> If anything, it seems like there are more ways that power is limited in current America than 16th century Europe or the USSR.
I half-agree here. I don't really think "power" is a one-dimensional scale where you can strictly order societies in terms of the degree to which it exists. Take, for instance, the way in which advertising companies are able to leverage their understanding of psychology and their fine-grained control over media content to directly shape our desires and emotions; these are tools which flat out didn't exist 100 years ago, and represent a mode of control which seems orthogonal to, say, a monarch ordering a summary execution of one of their subjects. These aren't theoretical distinctions, either: recognizing them can help point us in the right direction when trying to imagine what a better world looks like, and is useful for understanding what the available avenues of resistance and change even are.
You're not completely wrong, it is just a way too crude of an assessment.
The way power evolves from ancient times, to middle ages, to modern times and finally contemporary times, how the institutions of capitalism are different in form, but not in essence from the institutions of feudalism and other themes are a central topic of Marxist theory.
You seen to agree with him about the root of the exploitation problem, but GP is also right in that there are differences on how the institutions operate and how advanced they are in comparison to those of the past. These new institutions and techniques and dynamics require different tools for analysis.
There is a long-standing idea in American political thought going back to James Madison that the centralization of capital in too few hands poses a danger for democracy.
In the Gilded Age, Congress passed the Sherman Antitrust Act and later created the FTC.
In 1941, Supreme Court Justice Louis Brandeis wrote: “We can have a democratic society or we can have the concentration of great wealth in the hands of a few. We cannot have both.”
Then in the 1970s the Supreme Court nerfed the Sherman Act, and it's all been downhill from there.
Right? These are just re-treads of the 'rich, powerful, and influential face fewer consequences for misdeeds' that has been a factor of human life since probably forever. Other economic systems have so far not proven themselves immune to this.
I won't go so far as to say that capitalism has more controls to mitigate this effect, since I think there is a fair point to be made that we do need to start checking the power of corporations, and those controls have not so far presented themselves without assuming government intervention.
I think the idea behind a robust capitalist society is that there would be government intervention required, otherwise you have trust issues.
In fact, I'd argue capitalism is generally better tuned for this because it decentralizes power. It's much easier for the government to regulate someone else than to regulate itself.
Now if we could solve campaign finance issues, then corruption would be dramatically lessened.
There is a lot of space to play around with outside of "pure" communism, feudalism, or ancient capitalism. For example, the EU seems to be making a strong attempt to balance consumer protections with corporate-friendliness.
The original answers to "late?", "collapse?, and "what's next?" questions all require recalling that the term originated in Marxist circles.
The "late" meant something like the type of capitalism that emerged out of ww2, characterized primarily by post-colonial global trade networks. That's quite a bit in the past for us, but "late" by the standards of an ideological tradition that started in the 1800s. Even still, of all your questions, this is the one that has changed meanings perhaps the least in the last 80 years or so. That's because a lot of the things that characterized "late stage capitalism" in the mid 20th century are still with us, and perhaps intensified. If it helps, think of "late stage" as "post-colonial + globalization + financialization". In contrast to the much more mixed political economies of Europe in the 1800s. Or, for an even more modern usage, you might read it as "jet-setting billionaires and the MBAs that manage their factories and open offices". That's the vibe it's supposed to give off, I think.
The "collapse?" and "what's next?" questions sort of have standard Marxist answers (or, at least, standard delineated lines of debate within mid-century Marxism, from what I understand). Careful dispassionate reading the Communist Manifesto... like, the way you would read Plato or Hegel or whatever... can give you a general sense for why "collapse" plays an important role in Marxist theories and what Marxists generally suspect is "next". (Namely, alienation of workers and a resulting violent revolution of the working class against folks who own/control capital.)
nb, I'm not really sure that most people using the term now have much -- if any -- background in Marxist economics/philosophy. I think for the average user, these terms function roughly the same way as "critical race theory" does on the social right. If that makes sense.
So, the "late" retains real descriptive meaning relative to 1800s/early 1900s capitalism, but the "collapse" and "what's next?" have sort of drifted from their original answers and probably play a more rhetorical than literal role these days. Like CRT. No one knows what they mean. They are shibboleths for "change is needed and inevitable", with no specifics for what or how.
The vibe is one where you have :searching for something accessible: a hunger games approach where society is driven towards exploitation rather than the sustenance and growth of the majority.
In general however, its dangerous to think "its always been this way". I would argue societally we've been in a continuous struggle between the two and there are many moments in the recent past where the US was building a more egalitarian society than found elsewhere, despite the rampant incessant racism that existed.
Public schools and libraries, the rise of unions and creation of the wknd, stopping child labor, centralized mailing systems, well managed interstates, growth of home ownership, social welfare, and for a moment really great emergency care at hospitals, had moments of real existence and came together in combinations rarely seen outside of the USA.
Assuming things have always been kind of shit and are likely to just get shittier takes us all off the hook far too easily imo.
> Assuming things have always been kind of shit and are likely to just get shittier takes us all off the hook far too easily imo.
I've seen this same mindset that you're pointing out.
However, I don't think that it is usually used to "let people off the hook" - most of the time that I've heard it used (a bunch of times in real life, not just on the internet), the subtext is "...and so we should replace the current government with another [highly authoritarian, non-constitutionally-limited] one that can fix these issues, either through voting for an extreme candidate/party, or straight-up violent revolution".
That might be just my experience, though - I went to a university with a significant anarcho-communist group in the student body.
> "...and so we should replace the current government with another [highly authoritarian, non-constitutionally-limited] one that can fix these issues, either through voting for an extreme candidate/party, or straight-up violent revolution".
The interesting thing to me is that this kind of attitude has become dominant across the spectrum of political ideology, in just the space of a few years. A large number of people, or at least the most vocal ones, now seem to support an authoritarian extra-constitutional goverment, they just differ on who they think should be crushed first.
I suppose myopically I'm not sure thats how I see our 2 party system.
I do see two dying parties unwilling to rejuvenate leadership in the fear that it will lead to additional (and I do mean additional) socialist tenants being infused into our version democracy.
However I'm not sure I see a lot of people on the left looking to dismantle voting rights, the US postal service, the EPA or department of the interior, the supreme court, etc. The last time the supreme court was dragged into an election for example was bush v gore.
Crashing birth rates, crashing home ownership, stagnant wages, billions of dollars in riot damage, skyrocketing sexlessness among young men, highest inflation in a century...
feudalism -> domestic industrialization and the formation of capital markets (1700s) -> imperialist competition in global markets and the height of colonial exploitation (1800s) -> the fully privatized multinational firm, global financialization, fully privatized competitors in global markets (post-ww2 ie late).
The fact that not being able to unsubscribe from marketing emails counts as gangster capitalism for you.. well.. that must mean things are pretty good.
This has been true for "Camel" (cdr R.J Reynolds, cddr British American Tobacco) promotional emails for months. I've been through the unsubscribe workflow several times but still receive emails. I do appreciate the irony - it's as hard to unsubscribe as it is to quit smoking!
The credit card companies make so much money that reimbursing fraudulent transactions is almost a rounding error -- which is why they aren't in a rush to spend the money to implement chip and PIN security. Given this attitude I'm guessing someone already ran the cost/benefit analysis of pivoting engineering teams to fix the opt-out website versus just paying a fine -- and that paying lawyers to contest any fine they might ever get came out on the winning side of the ledger.
You say that as if it would be a CapEx-laden technological hurdle for Visa, MasterCard, etc. to implement chip-and-pin.
But these same companies are already issuing 100% chip-and-pin (plus tap) cards in every market other than the US.
If you want to blame anyone, blame the vendors of US ATMs and POS systems. Without their support, and a willingness to push through a deprecation/replacement of older hardware, chip-and-pin cards are pointless, because nothing reads them. (I would know, as a Canadian with a chip—and-pin card who frequently visits the US.)
This must be regional because I have been using a chip-and-pin card for the last 5 years and I cannot for the life of me remember the last time I had to physically swipe the card. Tap support is definitely still spotty but that is something that is more of a convenience than a security issue
I also can't remember the last time I had to swipe a card where I am in the US. I also prefer using Apple Pay, and tbh, can't remember the last time I had to use my physical card.
It's still relatively common to have to swipe cards at gas stations in the US when you're buying gas. And a fair amount of the parking meters may still be on swipe (NYC meters outside of Manhattan come to mind). The places that haven't upgraded are ones with a lot of POS stations to upgrade.
Yep these two places are very common to be swipe only. I have to go a human teller at <massive and famous hospital> to pay for parking and the cc machine will still only read swipes.
> But these same companies are already issuing 100% chip-and-pin (plus tap) cards in every market other than the US.
Citation please? I haven't seen a non-chip-and-pin card issued here in the US for at least 5 years (probably even longer), and that includes my tiny local bank..
Yep, the rules were, for chip and pin fraud, the liablility was no longer on the retailer, but still was for swipe fraud. So there was a HUGE push from retail customers to get chip-and-pin in place to cut down on the amount of chargebacks, etc.
As recently as three years ago I still had two (ATM/Visa Debit) cards with no chip. They were both issued by credit unions. I know this was after the 10/1/2015 "deadline" (https://www.nbcnews.com/tech/tech-news/what-october-1-chip-a...), but I think debit cards were given a later deadline.
The ones which are widespread are just "chip-and-choice", where you can use the chip and sign a paper receipt. They usually come with a magstripe backup...the chip is just used to read the card number instead of the magstripe. Pretty worthless.
True chip-and-pin cards and terminals will generate a cryptogram that authenticates the individual transaction. You type in the PIN code, and only then will the terminal communicate with the EMV microchip in the card and allow the transaction to complete.
Is there a difference in the user experience? Because everywhere I use my debit card, I can’t take it out unless I enter my pin first. I’d assume that means it’s actually communicating with the chip. And even then it takes a few seconds.
The magstripe is there for old POS systems and the off chance the chip can’t be used (dirty contacts), but the reader has to allow you to use the strip. And that only happens after multiple (about 3) failures.
The credit card companies make so much money that reimbursing fraudulent transactions is almost a rounding error
The credit card companies (i.e. Visa) don't reimburse fraud, they leave that to the issuing banks (i.e. Chase, Capital One, etc.... whoever you got your card from)
American Express handles their own fraud cases. Their cards are generally not issued by banks. I have no association with them other than being a card member since 1982, but their customer service is far better than Visa/MC, and yes, you can get a card from them with no annual fees + perks.
I used to think that (and maybe it was true once), but haven't found that to be the case, I've had far better experience from Chase for my Sapphire card.
My wife recently ran into a problem with a booking through Amex's own travel service, the hotel said they had a reservation, but not payment, but we paid for the room at Amex travel. So we figured no problem, just pay the hotel directly (their rate was even lower than Amex) and call Amex to have them remove their charge.
It took 5 calls over several days to finally talk to someone who could help, and it still took 3 days for the charge to be reversed. And this is for a Platinum card.
IMO AmEx is still better than most banks, but my Chase card has definitely had better service in the past few years. Back in the day Discover had wonderful service, but I stopped carrying one because too many merchants wouldn't accept it.
I've had problems with AmEx for travel issues but never problems for return protection or charge backs (except in one weird case but they fixed it like a year later). I do travel and dining on my Sapphire and everything else on my AmEx
https://www.ftc.gov/business-guidance/resources/can-spam-act...
As long as the opt-out page is broken, they should not be sending out marketing emails and could be open to a class-action lawsuit from people they email with no ability to opt-out.