The trope you’ll often hear in circles like ours is that big 4 consultants exist to provide cover for unpopular decisions. That’s sometimes true. However…
Big corporations and governments aren’t startups in which everyone is encouraged to do as they please in service of the mission. Corporations and governments hire people for very specific roles with very specific responsibilities. Stepping outside of your responsibilities is discouraged. Employees inside big organizations have to think, “how fucked am I if I make this decision and it goes wrong?”. A startup can write off big losses without a second thought, a big corporate or government has to investigate.
If you need to make a big decision, you don’t let an intern take a shot at it, even if they are convinced they have the perfect idea, because if it goes wrong, it’s on your head — which idiot let an intern fuck it up?
You bring in consultants who are (ostensibly) experts so that your responsibility ends at having done the right thing and if anything goes wrong, it’s not on your head.
> The trope you’ll often hear in circles like ours is that big 4 consultants exist to provide cover for unpopular decisions. That’s sometimes true. However…
And then in the rest of your comment you outline exactly that "consultants exist to provide cover for unpopular decisions".
The trope is that an unpopular decision is made within the organization and then consultants are brought in to execute that unpopular decision and absorb the fallout as if it were the consultants decision.
The reality is that people within a large bureaucratic organization often need a decision to be made that has impacts which extend beyond their narrowly defined responsibilities. Consultants are brought in to make the decision instead, to put space between the employees and the decision. The decision might be unpopular or popular, that’s besides the point.
If you’re an employee with a role doing x, putting your head above the parapet and volunteering to do y, it’s a huge risk, for little reward. Best case, the big corporate you work for gives you a pat on the back and a gift card. Worst case, you’re the sacrificial lamb at the altar of accountability. Much easier to offload everything onto consultants to dodge any risk of being held accountable for a bad outcome.
So, yes, consultants protect employees, but not in the cynical way the trope suggests.
I disagree that your take can not be considered cynical. Consultants are used as accountability sinks either way which I have always taken to be the main point of why it's considered immoral to use them.
You just gave an explanation why it happens not that it is not immoral to do so.
There are various tools to mass unsubscribe. Gmail also recently added the option to surface your subscriptions and unsubscribe. Gmail added the various email categories too.
You can get back to the world you dream of. Every email I receive into my inbox is an email I want to receive :)
The problem with using clinical phrases to describe normal behavior is demonstrated in this post. "Social anxiety" has a specific clinical meaning that is not covered by this post. The post is actually discussing a very natural and rational nervousness that normal people have in social situations. The post is providing a way of thinking about that nervousness that can help reduce it, for the nervous person's benefit, and it's great if that works, but it's not addressing social anxiety.
Social anxiety is a condition that cannot be thought away, you cannot rationalize social anxiety nor can it be represented as a cost/benefit analysis of risk of being disliked vs. reward of being liked. You can feel socially anxious without having social anxiety. You can be depressed without having depression. You will be depressed after your beloved pet dies. You will be socially anxious walking into a room full of people you haven't met before.
I agree with you as a general rule. But this is actually pretty close to how Social Anxiety is defined. It's about the fear of being negatively evaluated or embarrassed.
I think what this blog post is getting at is describing for people the difference between fear of negative evaluation and positive desire to be liked.
One thing the post misses is that sometimes these are learned behaviors that come from a lifetime of experience being disliked for no obvious reason. For example, sometimes outgoing autistic children develop social anxiety after their peers reject them repeatedly.
> It's about the fear of being negatively evaluated or embarrassed.
It's not just a fear, it's "persistent and intense fear". and like most psychological disorders, a key part of the definition includes "a negative impact on the person's functioning in daily life".
Like OP said, fear of being embarrassed is entirely normal and healthy response. It's not social anxiety nor a psychiatric disoder.
It's not different than OCD, phobias, etc. They can all be entirely normal responses. What makes them a disorder is the level of intensity and the impact on the person's life.
> sometimes outgoing autistic children develop social anxiety after their peers reject them repeatedly.
As a middle-aged woman who can't figure out what the benefits would be that would outweigh the costs of pursuing formal diagnosis at this stage, I related a lot harder to that line than I wanted to.
I've always been extraverted. I always do fine in new interactions, because I'm chronically interested in anything I don't already know well, especially if someone else is passionate about it. Most of my first meetings with people quickly become conversations where I'm listening attentively and asking interested questions about some niche thing they love and their friends and family members are sick of hearing about. I get stellar reviews on initial conversations at unstructured social events.
And yet I spend the vast majority of my time at home by myself because after about the fourth interaction, something about me registers as "off" to other people and they start to distance themselves from me. I have never understood why.
I'm not socially anxious, at least not in the typical "can't get out and meet new people" way. I just can't take the never-ending hope-rejection loop anymore.
> after about the fourth interaction, something about me registers as "off" to other people and they start to distance themselves from me. I have never understood why
I’m not sure it would be helpful, but have you tried asking anyone?
Speaking strictly for myself, it's because I did eye contact wrong.
As a teenager, with standard-issue high-function ASD eye-contact aversion: fake it, by looking only at the bridges of people's noses.
After learning, from doing theatre, that vulnerability is amazing, actually, and eye-contact is powerful: try for it, by looking fixidly at one of their eyes.
After being told by a kind friend, in my early twenties, that I had a "staring problem": shift focus between both of their eyes.
Soon after: figure out that you're supposed to look away from their eyes sometimes.
Since: try to pick up and match their gaze-rhythm. I still have difficulty doing this with some people: there are folks who don't seem to have a rhythm. I don't get them!
My wife told me a few weeks ago that when we first got together (over a decade ago) that the times I forgot to mask - during sex, specifically - sufficiently weirded her out that it's why she broke up with me (for about twenty minutes, lol; she reconsidered on her own). Now, bless her, she says she likes it when I "stare", because she says she knows it means I'm comfortable with her and feeling relaxed.
I've got other peculiarities - and some I haven't noticed yet, I'm sure! - but that's a big one, and how I've dealt with it. I hope that helps someone.
I second this suggestion. This might sound obvious but during my therapy my psychologist asked me to do this, but in a non-personal/non-threatening way for the relation. Just by telling them that I'm working through my issues and I'd like to get an honest (best would be written/no-interaction type) feedback - what makes them uncomfortable etc.
This helped me a lot - to see how different the transmission was on the receiving end from my intentions.
It's about a specific type of debilitating fear. The DSM has a rule for criteria that, to be considered as having a condition, it must seriously affect your ability to live a normal life.
Most social anxiety is not debilitating, and would not meet the diagnosis. This is why therapists receive so much training - you must encounter enough people with a truly debilitating fear that you know when to diagnose it.
It's not just embarrassed, it's about avoiding being used as a punching bag by the local bullies the school will do nothing about.
And, yes, when the typical outcome is exclusion without any reason, or without a reason that you have any control over (such as that bully, people don't want to be around the targets because it might spill onto them) what else would you expect?
> You will be depressed after your beloved pet dies.
You'll experience *grief* after a pet dies. We've pathologizing grief to a point that it makes it harder for those experiencing both grief and depression, two separate (but sometimes linked) human conditions.
I completely agree and I don’t like when non-medical professionals take these terms too seriously.
Psychiatrists are way better equipped to diagnose these things not because they can read diagnostic manuals (anyone can) but because their training exposes them to real cases.
There’s a world of difference between feeling awkward and quiet at a social event vs having heart palpitations and panic attacks that prevent you from even going outside.
You can feel socially anxious without having social anxiety.
That is not true in plain English, just because a particular profession decides to use words one way, does not mean the definitions change for the rest of us.
> just because a particular profession decides to use words one way, does not mean the definitions change for the rest of us
This is a particular pain in physics, which has taken very commonly used words and given them a very narrowly defined meaning, within a strict framework - like the words Energy or Work
Exactly right. And you might waste years of your life trying to "fix" social anxiety by attempting to change your mindset or trying to adopt new social practices. (Speaking from experience.)
Except it’s not. It can be thought away, under enough pressure people can do extraordinary things. There is just no such pressure in society now. I’ve suffered immensely in my life, and if you describe your condition as “anxiety” you simply aren’t suffering enough for treatment to have any real impact.
If you think you’re suffering rises to the medical treatable level please develop a more serious condition before getting on a waitlist. All doctors are taken up on your non-physical problems and you don’t immediately need care like I do.
Exactly this. The article conflates normal social nervousness with an actual disorder, then provides a reframe that may help with nervousness (?) but completely misunderstands the clinical condition.
I didn't get the sense that this article was trying to help people rationalize away social anxiety. Rather, it seemed much more that it was trying to get the socially anxious to accurately assess the nature (and effects) of their reactionary behavior.
IMO it's a useful first step, as a major facet of treating anxiety disorders with CBT involves challenging negative thoughts and beliefs and replacing them with positive alternatives.
Properly understanding that your anxious lizard brain is (successfully) trying to protect you from the threat of being disliked helps reframe that behavior in a positive light.
> Social anxiety is a condition that cannot be thought away
I hope not, I don't want to be hooked on some prescription meds eg. what about exposure therapy
I do wonder if being nervous to talk to a hot girl is the same as social anxiety I mean I'm not the jock/main attention guy either but I can talk to strangers (guys or not attractive women)
> I can't, however, provide any 2FA codes or backup codes because they are printed on paper that has, I assume, been destroyed.
The situation you are in is very unfortunate and I am sympathetic but in GitHub's defence, this is exactly what I hope would happen when I enable 2FA. I would be very perturbed to find out that GitHub would grant access to my account given identity documents. There are some creative solutions (e.g: a countdown to the reset with progressively more aggressive email notifications to ensure the account holder is aware) but even they are problematic. So, this sucks, but it's the price we pay for security.
That's the same stance I have and why I'm torn. The little quirk here—where it makes slightly more sense—is that they received a legal notice at one point (from the US Government) about my account, there are plenty of online articles to corroborate me as me, and I have a fancy prison release ID that can help me identify me. Unfortunately this context is probably lost on the individuals who work their Zendesk.
The policies are rather draconian as others have mentioned. Anyone could be the victim of theft; mine just has an awkward paper trail attached to it.
I think the disconnect between you and GitHub support is that you're positioning this as a problem of proving your identity whereas for GitHub support it is a policy. The GitHub policy is: you lose your 2FA, you lose your account. Verifying your identity is not relevant. GitHub provides extensive tooling to protect your account (multiple methods of 2FA, recovery codes etc.) and so from their perspective, while this is deeply unfortunate, the policy is very clear and allowing you access to the account would be a major security issue (not for your account specifically, but for GitHub as an organization).
These (for good reason) draconian policies are the reason I am still hesitant to embrace 2FA. I understand the significant improvement in your security posture, and I would not want someone not-me to be able to reset my credentials. But the failure mode is just too catastrophic. You lose one thing and you are shit out of luck.
We need something better. I don't know what it would be.
> We need something better. I don't know what it would be.
Choosing a long, very secure password for your account works really, really well. GitHub hates this, however, and nudges toward less secure practices that are more likely to result in the sorts of compromises described in this thread.
I for one would appreciate the option to put an ID on file ahead of time, at least for important stuff like this. I like digital-only accounts for play, but for work stuff with real-world consequence, I’d like to link it to a real-world identity system…
Not unlike the signature cards banks used long ago, I guess.
Sure, maybe somebody motivated could defraud the government into issuing them a replacement ID in my name. But that’s big boy crime, not a casual “bribe a retail employee to SIM swap” kind of undertaking.
Sure, there are issues of access to government ID systems, and I know anything touching government names / “show me your papers” raises hackers’ hackles—I’m not saying require it, just that I’d choose it if it were a MFA option of last resort.
That's how you turn 2fa into single factor authentication ( The ID ).
GitHub is such a large attack vector for the whole planet, that I understand their stance.
GitHub support a "recovery code" more secure than government ID. Print it out, store on USB, store on QR, etc, and stick it in at least one secure safe.
The issue is less about having an ID on file, and more about verifying ID. In a world of excellent real-time deepfakes, how would GitHub verify ID at scale?
A fake ID is pretty easy to create, along with a fake face for a video chat where you can hold up your fake ID.
I think that part is made easier by the fact that I uploaded the ID in the first place under fully trusted conditions.
If I have the same physical piece of ID—as I imagine OP might have, upon release from prison—then they can directly compare it to the copy that I supplied previously. Scuff marks and specific document numbers included. I think that probably even scales.
If I lose access to my main identity document, one advantage of government ID is that I’ll urgently have it reissued. In most of the places I’ve lived, that’s the kind of thing you can validate against either the underlying authority or a sleazy-but-reasonably-accurate data broker. But in either case it’s out-of-band from my relationship with the tech company, in a way they can validate by semi- or fully-automated means, and with reference to an independent authority.
If somebody wants to physically mug me to steal my ID for access to my GitHub, I figure I’m pretty much out of luck—to paraphrase James Mickens [0], Mossad’s gonna Mossad.
You don't have to do things "at scale". Github could require a substantial financial transaction to cover all the costs associated with ID verification and account re-instatement, as well as keep backups before that point so if it's proven after the fact that it was fraud, they could restore to the original state.
Like my data center (not US based) has a process where if you lose all of the documentation proving that a server is yours, you can go on site physically with ID, and the police and/or national identity service will verify on the spot that your finger prints match what is on file for the ID. It costs something like $300 and you risk being arrested if you're a criminal.
An idea might be to require a financially meaningful deposit to pursue an account recovery like this. The deposit would be forfeit if the identity verification failed.
Though now that I write this, it creates a perverse incentive for a company to collect deposits and deny account recovery.
> I for one would appreciate the option to put an ID on file ahead of time, at least for important stuff like this.
I'm at that point of agreement. I don't want to say "national SSO ID" because that can get really Orwellian obviously. Being able to put an ID on file is a reasonable ask.
a passport is orwellian? i don't really get this fear of government issued IDs. if your government is so bad that it will abuse IDs for surveillance, then your government is the problem, and not having a national ID is not going to protect you.
Someone explained this to me the other day in a way that helped me understand the concern better.
Not already having a ton of easy and effective choke points on the whole citizenry (which such a card would eventually grow into due to its usefulness) is a safeguard against wannabe tyrants being confident they can crush dissent easily and thus to them seizing power in the first place. Just like I wouldn’t steal a car with a manual transmission because I know I wouldn’t be able to drive it successfully, and certainly not well enough to outrun the consequences.
If I were a fascist I’d be a lot more brazen if I knew that I could switch off every dissenter’s ability to travel, work, or even buy food, in an instant.
What if you were a fascist who exercised influence over Experian and TransUnion, the airlines, and of course the TSA? The horse has left the barn already.
Part of the problem here is that there is no prior association of an identity with an account. So proving who you are is somewhat irrelevant since even if the account has your name, email, and photo, that's no guarantee that the account was created by you. If identity verification were required ahead of time, then perhaps verifying identity after loss of access could be reasonable recovery method. But of course there are many reasons why requiring such verification is problematic.
They are so in love with their policies, how about a policy for something better than 2FA for this possibility? Like pay $10,000, go to their headquarters in person with a lawyer and all your documents and have a "hearing" of some kind. This is even better than 2FA, call it 20FA if it makes them feel good about it!
Someone in this unique situation needs a unique way to solve the issue.
If I lost all of my documents in a fire, I could still get my life back together and be able to fly on airplanes again. So, there is a way to do this, even if it is extreme, if people would care and stop hiding behind paperwork and bureaucracy. Yeah, maybe they would lose some of their time they spend talking or surfing the web at their desk, but it would greatly help someone with a legitimate need that can be proven.
Someone high enough in the food chain at GitHub can override that policy at their whim. I have personally had my day saved by that very "loophole" in another "lost access to an online service" situation in the past.
I'd assume that there is simply no "ok, this individual got released from prison and can proof everything" policy in place, and that might be the real issue here. Big organizations begin to tumble once you request something where there are no policies in place.
I find this infuriating. I get absolutely no sense that this is AI, and this bizarre attitude towards em dashes is nonsense. Loads of people use them, especially in less formal writing. Get over it.
I’m not sure that blaming tech support for not understanding context is the best approach here. The other sides of that context, which are understandable from their point of view, is that you were charged with some serious crimes. There’s a large delta between the charges and the conviction, but you’ve got some scary words written about you online. Secondarily, GitHub has policy so whereas you’re coming at it from a position of being correct, they’re in a position where they have to break policy. That’s a big risk.
Your best bet would likely be legal. US Federal law imposes some strict rules on lawyers for identity verification to combat money laundering so attorneys have a legally recognized toolkit to verify identity. Having a third party who works for you in the mix could help. Though again, it would involve breaking their policy so this would be a decision made several layers above Zendesk access.
Otherwise, I think this is doing precisely what 2FA is meant to do. It’s not okay for you and you’ve clearly lost a lot because of this, but with the current threat environment, GitHub has to be very careful especially with 2FA. From their point of view, there likely isn’t that big of a gap between your interactions and interactions with people who are trying to take over accounts. A lawyer may not work, but it sure changes that equation.
If you set up 2FA and then lose your 2FA, then that’s just life. Happens sometimes and you move on. GitHub absolutely doesn’t need to provide an in-person recovery service.
I agree that simply emailing in copies of identity documents after the fact shouldn't be sufficient. However, there should be a verification process that includes verification of identity documents through legal means, including perhaps a processing fee. The fee would preclude many attackers from even trying to break this process.
Maybe this would only work for new accounts as you'd probably need to provide identity information on before losing access.
As a matter of policy, sure. But at the same time, I bet there are some GitHub employees reading this that would be in a position to pull some strings and make an exception. For OP's sake, I hope I'm right!
> UK libel law routinely covers up all sorts of things which the public would benefit from having revealed, simply by the threat of an expensive lawsuit. It makes investigative journalism really uneconomic.
No. The deference people have to the law as some sort of all knowing all powerful magic spell that can be cast to force silence at any time is to blame. Libel is publishing something you know to be untrue. The truth cannot be libel.
If you want to speak the truth, if you want to act in service of the greater good, you must take the risk that you will attract attention from people who do not want you to speak the truth. And those people may use whatever power they have to suppress you, whether that's judicial or extrajudicial. That's not caused by any specific legal system, it's how people behave.
Investigative journalism is uneconomic the world over. The U.K. has some of the best investigative journalism in the world. The U.K. legal system is far from perfect, but it is wrong to say that in this case, the U.K.'s libel laws (for all their flaws) kept this information secret.
The irony is that the greatest suppressor of the truth is comments like yours which scare people into silence about the truth.
> The costs in this case were significant, with Vardy being ordered to pay a substantial proportion of Rooney’s legal fees. Initially, the court ordered Vardy to pay £1.5 million in costs, earlier this month, it was revealed that Vardy had been ordered to pay an additional £100,000, bringing the total to £1.6 million.
> In August, after a six week trial, the High Court upheld the Guardian’s defences of truth and public interest speech.
> The trial judge, Steyn J, has now ordered Mr Clarke to pay £3m on account within 28 days, in respect of a likely eventual costs liability of over £6m.
Those are cases where the defence won. But in those cases, (a) they have to front the legal fees themselves for a period of several years during the action and (b) there is a real risk that the person who filed the libel action may not be able to pay it.
It very risky for an individual to defend a libel action, so almost everyone folds instantly on receiving a letter, or settles.
> Lots of people are celebrating but I’m not. It's a sad, lonely sort of anticlimax. It’s really crap and I feel really bad it’s all ended up like this. I thought she'd just say sorry
Wow.
> In May 2018, Hopkins won an IPSO case against the Daily Mirror for claiming that she had been detained in South Africa in February 2018 for taking ketamine. The Mirror updated the headline to say that she had been detained for spreading racial hatred, and included a correction in the article.
You are (wilfully?) misrepresenting these cases. The defence in each of these cases chose to employ very expensive legal teams, the cost in these cases is a reflection of choices made by the defendant, not the cost of defending against a claim of libel. As an individual defendant in a libel case, there would be no obligation to incur such costs.
Noel Clarke's legal team were working on a no-win no-fee basis (before they saw the writing on the wall and dropped him as a client, leading him to represent himself). The Guardian had no obligation to spend over £6 million on their defence, it was a choice they made. Indeed, one could argue that The Guardian chose to spend so much to send a message to those that consider baseless libel legal action in future, that The Guardian is willing to spend any amount of money to defend itself.
If you are an individual who posts the truth online, and you are sued for libel, you can spend very little on mounting a defence (you may even choose to represent yourself for free). Whether the litigant spends thousands, millions or billions on their action against you is immaterial as it is their cost, not yours.
As for Jack Monroe vs. Hopkins, Jack Monroe is a fraud. Justice did not prevail, although Hopkins losing her house was a nice treat.
Yes, I once made a bug report based to a client's supplier (overly permissive API endpoint was leading user data) and became the subject of the a spurious defamation letter. It was obviously unwinnable on the supplier's part, never went past solicitor's letters, and still cost high four figures to defend.
Nothing like some of the real horror stories, but still a significant chilling effect.
You do not need to "defend" against a "spurious defamation letter". The (very profitable) business of sending legal letters is based on the misunderstanding of the law that is perpetuated online. Legal letters are to law firms what bandwidth is to cloud hosting providers: free money.
In the UK, under the UK Civil Procedure Rules, you are expected to engage in the Pre-Action Protocol and provide a substantive response within 14 days, and failure to do so can effect you credibility and standing in court. So you do not have to respond, but not doing so risks sanction from the court for non-engagement.
A response to a "spurious defamation letter" does not cost "high four figures". Substantive does not refer to the cost of the response. Substantive means that it addresses the substance of the complaint.
The "high four figures" you spent for a lawyer to respond (I disagree with the word "defend") to a legal threat was unnecessary. You paid a bunch of money for some low-paid legal assistants to fill out a template, and then a high-paid solicitor to sign off on it.
As an individual, you can respond substantively to a legal threat for free. And even if you choose not to respond, courts are not punitive, the standard that courts hold individuals to are different to the standards they hold law firms to. A court will not rule in a claimant's favour in a libel case because an individual didn't follow procedure correctly.
If you, as an individual, make a truthful statement about A Big Corporation and A Big Corporation spends £100,000 on a team of lawyers to write an angry letter to you demanding you retract, a simple single-sentence self-composed response of "The statement is true, I will not retract." is substantive.
Despite what catastrophisers like yourself (catastrophisers who are encouraged by participants in the legal system who profit from this misapprehension) might suggest, civil courts are interested in adjudicating fairness, not trapping individuals in an endless legal quagmire.
Can you share examples of individuals who have been sanctioned by the U.K. courts for anything that comes close to not engaging in the Pre-Action Protocol?
No, the Pre-Action Protocol is quite a bit more in depth than that and required a significant response including document review and research.
"The statement is true, I will not retract" is not substantive and is effectively calling the bluff. If they take it beyond a letter, those costs will balloon further.
The "Defendant’s Response to Letter of Claim" section is very clear that it is actually that simple. The burden is almost entirely on the claimant, the defendant has very little to do. Can you provide any evidence that any individual has ever been sanctioned by a U.K. court for either not filing a response, or not filing a substantive response?
You are saying that "costs will balloon further" but you haven't yet established there are any costs. How can costs that do not exist balloon? Any individual could satisfy the "Pre-action Protocol for Media and Communications Claims" with ease, no expense necessary.
The point I am making in this thread is that there are no mandatory costs, that receiving an angry letter from the lawyers of a deep-pocketed litigant is financially inconsequential. The choice to hire legal representation and pay them "high four figures" to write a response is a choice. Hiring legal representation for court is a choice, too.
The courts are very kind to people who choose to represent themselves, especially when the litigants are obviously abusing the system to try and silence individuals. The point you're making seems to be that you must spend money to defend against spurious defamation claims so I have asked you to provide any evidence of a case where an individual is accused of libel and has suffered because they chose not to spend money.
I am not trolling. I disagree with the suggestion that the U.K. libel laws create an environment where people are scared to speak truth because there is a real threat of an expensive lawsuit. My position is that the fear people have of expensive lawsuits comes from other people fear mongering, in comments like yours, either based on a misunderstanding of a case they've seen publicised or because of information they've been given by legal professionals in a different context.
Okay, so you are trolling or you are at peak levels at HN arrogance.
No, the chilling effect of UK defamation laws is not an artefact of scaremongering. No, you have not discovered the secret truth hidden by the legal profession. Yes, defamation cases are a real threat and expensive to defend as the burden of proof lies on the defendant, not the allegedly defamed.
Very easy to pop shit when you aren't risking your life and your family's future to protect the honor of JP Morgan. If everything goes perfectly, you've just lost your job and can't get hired because people don't want to hire a snitch; and if everything goes badly, it could go really badly. You might end up killed in a botched robbery, or thinking suicide will be the only way to save your family.
I'm pretty sure the truth wasn't even a defense in UK libel law before 2013. It was entirely about whether you had the intent to harm someone. If you want to disrupt a thief's business, that's intent to harm someone, as a lot of people who wrote about quack doctors found out.
You’ve been repeatedly asked to provide your website but you have not. There is almost certainly a problem with your website, whether it’s a banned domain or robots.txt misconfiguration or something more obscure. You need to either share your website so people here can investigate for you, or hire someone privately to investigate. There’s no other advice anyone can give.
Blur the people who didn’t give consent. The problem is cultural, not technical. Even YouTube has the native ability to blur out faces at the click of a button.
Except this is a hot button issue. Everyone has an opinion on brands ruining their iconic logos. Nobody cares about cracker barrel specifically, they care about what the change represents. Real people love dumb low stakes drama, that has been true before social media and will be true long after it. Real people spent weeks all consumed by a cheating CEO.
Almost all supposed outrage marketing is just marketing teams making terrible decisions because they’re people and people make terrible decisions.
People don't care about single specific change. But they notice and are annoyed when it becomes a trend and half of the market is turning to generic boring sameness. So they latch on to the current culprit.
I think people in general value identity of the brands more than many brands themselves do. And the change is in some ways attack to them, not to the brand.
Big corporations and governments aren’t startups in which everyone is encouraged to do as they please in service of the mission. Corporations and governments hire people for very specific roles with very specific responsibilities. Stepping outside of your responsibilities is discouraged. Employees inside big organizations have to think, “how fucked am I if I make this decision and it goes wrong?”. A startup can write off big losses without a second thought, a big corporate or government has to investigate.
If you need to make a big decision, you don’t let an intern take a shot at it, even if they are convinced they have the perfect idea, because if it goes wrong, it’s on your head — which idiot let an intern fuck it up?
You bring in consultants who are (ostensibly) experts so that your responsibility ends at having done the right thing and if anything goes wrong, it’s not on your head.