Well, here’s one that I wasn’t expecting so soon. Facebook has just cut me off!

Remember a few weeks ago when I posted a cautionary tale about how big important heavily relied upon "services" are quite likely to cut you off in a less than ideal way? That focused mostly on a particular Google example, but I now have a fresh example from Facebook. Just when I was thinking that Facebook couldn’t get any more odious, they have set a new low for me.

I’m well known to disparage this terrible social network but every couple of months I check in and have a look at family members' stuff. Recently, I was getting sick of getting FB email reminders with subjects containing bad unicode glyphs that annoy my text email client. Every day I’m cleaning up my mail queue because Facebook sent me something utterly pointless. (Of course whatever it is they think I’d be so keen to see, they can’t just put in the email which makes their motives clear.) Since the way I handle email is so alien to ordinary humans, here’s a little example of how I see my email so you can get a vague idea of what email is like for me (since 1987).


Don’t feel sorry for me. I’m the one heartbroken at how normal people are brutally abused by their predatory mail user agents. Anyway, if Facebook can send me mail with a MTA (mail transfer agent) called "ZuckMail [version 1.00]", I should be able to use Mutt as my MUA (mail user agent).

Last week I had the idea to log in and unhitch myself from a lot of people I don’t care about who post things I really don’t care about. These are people from as far back as 15 years ago from hobbies I don’t even do anymore. Or colleagues I haven’t heard a peep from in 10 years.

I tried to log in and was confronted with this crazy thing.


Clicking on "Confirm Identity Another Way" takes me to a selection of ways this process can be done. That list has one item, "Collect Confirmation Codes". Hilarious!

One of those people (the one in the kayak I built) is still in contact with me (which you can see evidence of in my inbox) and an actual friend (ironically, I don’t think he’s much of a Facebook user). The other 4 are very long lost — 2 I was going to unfriend! Two live on different continents and I haven’t talked to them in a long time. Two were former colleagues whom I also have completely lost touch with. The chance of me being able to call three of them and ask them to reset my Facebook account is nil. Why couldn’t they pick contacts they know I’m interested in because I only look at their stuff? To pick random distant "friends" is the same as locking me out. Consider also the endless random people I had never heard of in real life which Facebook suggested I connect with.

This just effectively cut me off from that Facebook account after 16 years! Certainly there are worse things that could happen, but this is annoying because the whole point of logging in was to unhook some "friends" and now I’ll have to go make a special rule to have the email address I used for dealings with Facebook go to /dev/null. Seriously, this is why everyone should buy a domain and use custom email addresses for each and every asshat company that forces you to make a log in account. And why no one should use Facebook. And why you should not exclusively trust any company like this with anything important.

And that would be that but today Facebook handed me a bullwhip to beat this dead horse. I got a series of mails reporting that someone suspicious (a Linux user! gasp!) had tried to log into my account last week (spoiler: it was me!) but since nothing untoward had occurred since then, they’ve unlocked it. Yay!


(I don’t know why they had to have "Hi Chris" twice, but if you search the entire message for the letters "php" you will find them.) Anyway, I thought, great, they fixed that problem. I tried to log in. Nope. Same deal. And although I was still locked out as before, just checking prompted this stupid email.


They told me it was unlocked and so I tried to log in. Now they’re warning me that someone tried to log in. Obviously if someone has compromised my email account, well their first message was kind of pointless. Just a mess.

For laughs I looked at the stupid spam trying to clickbait me into irresistible "medieval memes" — so fun! And here’s what I found.


I have been redacting some information to prevent any unfortunate public disclosure and it looks like I blacked out the email’s content, but I swear, that was how it was. It looks incompetent. Normal people shouldn’t have to be experts in multipart content types for email but if you’re one of the biggest tech companies in the world, then ya, you probably need to hire someone who has had a look at RFC1341.


The nonsensical problem (that I see everyday) is that you can send proper email (which is handicap accessible by the way) or dangerous HTML-ized security nightmare email or both at the same time; most companies try to send both in a multipart message but often the plain email part, while present, is blank. It would be like if there was a link on a French website for "English version" which contains nothing. (Don’t get any funny ideas, Quebec!) It’s fine to not have the other format, but don’t say you have it if you do not!

All quite petty, I know. But I have a bit more petty carping. What about this?


Here’s the HTML version of the "email" warning me of the connection attempt. This one had a plain text email just fine but you’ll see I also marked up that it had two independent copies of the message in the HTML part. To be clear, it’s forgiveable if they had the message as a proper email and also repeated it one other time in an HTML message. But twice? Why?

Why care? Well look at that first green box. That was the essential message they were trying to communicate to me. All that other cruft is wasted (and the first green box too really since there was the third copy in the plain text part). Again no big deal if you or I do some stupid email stuff. But this is Facebook. They’re sending untold gazillions of messages which must require some kind of resources.

Maybe it doesn’t matter and roughly optimizing something targeted to billions of humans isn’t an obvious and essential requirement any more. As a curmudgeonly old man (with a degree in industrial engineering) I can’t help but feel this is shoddy work. Facebook’s security arrangements are definitely shoddy work. Let’s just count our blessings that their incompetence has let too few people log in rather than too many. We all need to do what we can to get that number of Facebook logins down to zero!

Back in the Ballmer days I always used to say that the only thing that kept Microsoft, with their absolute control over all human information, from enslaving humanity was their manifest incompetence. With Facebook, that logic is also clearly valid.


UPDATE 2019-05-02

The normal person question I’m likely to get is, "Why don’t you just use your phone?" I’ve already written about this extensively. However, note Facebook’s special evil.


UPDATE 2019-10-10

Well, this is funny. Facebook sent me a notification email of a friend invite and I thought, "Hey idiot Facebook, you locked me out, remember?" But then Facebook sent another email wheedling with "So-and-so sent you a friend request that you haven’t responded to yet." And then another one! OMG. Just to play along with the saga I tried the link. I expected it to not work and derision would ensue. However this time they had an option to receive a security code by email! Finally! I can at last log in and delete the "friends" I don’t have proper contact with and who, it turns out, could only ever lock me out of this wretched account. If you’re one of those people, don’t feel bad; send me a proper email like a civilized human and we’ll be real friends.

UPDATE 2020-01-20

JWZ has another nonsensical story of Facebook’s terribleness. "Apparently I have violated Facebook’s Community Standards" Apparently his account is completely inactive but used only to admin his business' obligatory page. Nonetheless they shut him down.