[HN Gopher] McDonald's app bug let people order for free in France
___________________________________________________________________
McDonald's app bug let people order for free in France
Author : rorocoeur
Score : 85 points
Date : 2020-02-08 18:33 UTC (4 hours ago)
(HTM) web link (twitter.com)
(TXT) w3m dump (twitter.com)
| giarc wrote:
| Is there any proof other than the picture of someone with a ton
| of McDonalds food and a caption?
| humaniania wrote:
| Sshhhh, you'll disrupt the marketing campaign.
| rorocoeur wrote:
| [video]
| https://twitter.com/LeRoiLeBg/status/1226133445346316288
| giarc wrote:
| I suggest we change the post link to this instead of a simple
| photo.
| beedyg wrote:
| There was one evening in a small town is England where my fellow
| students convinced the staff in the local McDonald's that the
| student offer of one free hamburger did not require a purchase.
| We ate a lot of free hamburgers that night. Guilt aside, dare say
| they were the best McDonald's I've ever tasted
| keanzu wrote:
| Seems like a good way to promote the app specifically and
| McDonald's in general. I wonder what the ROI on something like
| this is vs a more traditional marketing campaign.
| Donald wrote:
| Their franchisees bore the entire cost of giving out the free
| food. McDonald's corporate paid nothing except for paging
| someone in to fix the bug.
| mytailorisrich wrote:
| Well, the software is provided by corporate so franchisees
| likely have a claim for compensation.
|
| Whether they would dare at the risk of facing any negative
| consequences is another issue...
| speedgoose wrote:
| I don't know if McDonald's food is that expensive. I would
| expect that most of the costs are the employees, the
| building, and the equipment.
| [deleted]
| saghm wrote:
| Well, their employees had to do all the work to make that
| food without the franchise getting revenue for it, but the
| employees were presumably still paid
| bwilliams18 wrote:
| But the people were already there, it only happened over
| the course of a single day; it's not like they paid the
| people more because they were busier or making more
| orders.
| progval wrote:
| They can only handle so many orders in a given hour. If
| too many people took advantage of this, then queues
| probably got longer, discouraging potential customers.
| swiley wrote:
| I don't know about McDonald's but I knew a manager at a
| Taco Bell and a lot of this fast food takes very very
| little work to make. Many Taco Bells can run on just a
| couple people when they're not having to clean or
| maintain anything.
| [deleted]
| cruzah wrote:
| Here in Australia, the app has placed several phantom orders
| which I have paid for but did not actually order.
|
| Have tried to contact McDonalds but they did not respond.
|
| It was only 4 or 5 coffees so I deleted the app. Should've chased
| it harder but didn't have the time.
| tonmoy wrote:
| You may be able to create a dispute with your credit card
| company (or other payment processor)
| tenryuu wrote:
| My father has also had this issue, on his first order too. It's
| interesting since the application is used in various countries
| around the world too, it's just re-branded and given it's own
| unique app.
|
| I wonder if it's just as garbage everywhere else
| adrianmonk wrote:
| Through the magic of software, McDonald's has allowed its
| customers to live out their fantasy of becoming real-life
| Hamburglars.
| ghego1 wrote:
| Well said sir
| macpete wrote:
| Even for free I will not eat that processed garbage
| frosted-flakes wrote:
| I have friends like you. They decry McDonald's food as super
| bad for you--and then turn around and eat at the fancy burger
| place where a single burger and fries sets you back $20. Even
| though it's literally the same food: beef patty, white bun,
| ketchup, processed cheese, onions, and lettuce. And they get
| the pop and greasy fries too.
|
| What's bad about McDonald's is not that the food is unhealthy
| (it is, but no more than most restaurants), but that the food
| is so cheap that so many people regularly eat it instead of
| proper home-cooked meals. Also, it's easy to get way too much
| food and sugary pop.
|
| I eat at McDonald's a few times a month, but I don't view it as
| an unhealthy habit. My typical meal is two sandwiches, either
| McDoubles or Junior Chickens. That's less than 800 calories in
| total (I usually drink water). I rarely go for the combo meals
| or the big sandwiches.
| Deimorz wrote:
| It's always interesting to me that so many people seem to
| completely lose all compunction about stealing once technology is
| involved.
|
| If they were ordering from a cashier at McDonald's and the
| cashier got distracted for a minute and somehow forgot to charge
| them before finishing the order, most of the people that abuse a
| bug like this would tell them about the mistake. I've been in
| similar situations plenty of times, where I easily could have
| gotten something without paying because of a staff oversight, but
| I always tell them I haven't paid yet. Most people won't suddenly
| decide to steal something just because they're handed an easy
| opportunity.
|
| But when the transaction is through an app or a website or
| something, people are completely willing to abuse errors, and
| will even go through an obscure process deliberately to _cause_
| errors so they can abuse them. When Amazon accidentally sells
| expensive camera equipment for 99% off on Prime Day, people
| clamor to steal as much as they can, even though it 's a blatant
| mistake. None of those people legitimately believe the price is
| intentional, they know they're taking advantage of an error. The
| ones that get away with it brag about it, and others that missed
| the chance are jealous that they didn't manage to steal anything.
|
| It's really a fascinating piece of psychology to me, that once
| there's a "system" in place, abusing holes in it feels like a
| reasonable thing to do, even if the end result is effectively
| shoplifting.
|
| Edit: the replies to me are a perfect demonstration.
| lidHanteyk wrote:
| It's not like McDonald's exists in good faith. Remember that,
| to the typical person on the street, McDonald's is a system
| that exists adversarially, not as part of a holistic and humane
| society.
|
| Edit: I don't eat at McDonald's. Do you, downvoters?
| newfriend wrote:
| This sounds like a bunch of commie gobbledygook to me.
| acollins1331 wrote:
| It's pretty simple at face value. You're interacting with a
| person instead of a screen, that's basically like a game where
| you try to "win" by getting the best price for all the stuff
| you're ordering. Of course you might know it's wrong but you
| don't see anyone (and can likely assume) no one directly
| involved will take the fall for it. Compared to a cashier that
| gives away something for free, they might get yelled at or lose
| their job. It's empathy, it's human, and it makes a lot of
| sense.
| pjc50 wrote:
| When there's a "system", everyone's very aware that an error
| _against_ them will be treated inhumanly and be very time
| consuming to correct. It 's a bit like a prisoner's dilemma
| where you expect the other side to defect.
|
| Also, Amazon have more wealth than like half the population put
| together. A few lenses aren't going to put a dent in that. The
| only case I can think of that did was the "Hoover free flights"
| fiasco, and that wasn't even an error.
| mindslight wrote:
| > _It 's really a fascinating piece of psychology to me, that
| once there's a "system" in place, abusing holes in it feels
| like a reasonable thing to do, even if the end result is
| effectively shoplifting._
|
| This is the same anti-empathetic "what can we get away with"
| dynamic as stores engaging in surveillance-based advertising,
| deploying menacing robots that bother customers, setting up
| mobile device tracking and facial recognition cameras, price
| discriminating with coupons and routine sales, etc. Also when
| any customer service fleshbot says they "can't" do something
| because the computer says no.
|
| It's only as technologists that we see the details of
| technology as ultimately mediating interpersonal actions rather
| than just taking its presence as a given. We know better than
| to mess around with holes in apps this way, largely because
| it's in the category of malicious hacking which generally gets
| punished pretty hard (burn the witch!), especially if you are
| one of the first to find such tricks.
|
| But I personally am not going to get too upset over some
| individuals getting occasional freebies, especially while
| similar abuse by businesses tends to get normalized and then
| scaled up.
| McDev wrote:
| >When Amazon accidentally sells expensive camera equipment for
| 99% off on Prime Day
|
| I've always wondered how much of those are actually mistakes,
| and not just media stunts
| kick wrote:
| Something that harms a cashier (a worker) is harmful to a
| worker, which is for most intents and purposes "human."
|
| "Robots are stealing our Goddamned jobs!" is a popular
| sentiment around the globe. Who is using these robots to
| replace jobs that should belong to people? Corporations.
| Corporations are not people, as much as some sorts seem to
| believe they are.
|
| Taking advantage of a corporation's mistake hurts billionaires
| and millionaires (this includes McDonald's franchisees, as the
| corporation doesn't allow just anyone to become one, costs are
| high), who aren't really people in the conventional sense of
| the word.
|
| These corporations, billionaires, millionaires and so forth are
| the ones who are stealing from the people; taking advantage of
| their errors for something like this is _good_. McDonald 's
| spends millions a year on lobbying to harm the common good; $5
| or $10 or even $1,000,000 from them will mean nothing to them,
| but will go a long way for the people taking it.
|
| Taking advantage of McDonald's Corporation errors is morally no
| different than shoplifting from Wal*Mart, which similarly
| spends millions lobbying and harming the common good, the only
| difference is that the former presents no risk to the person
| doing it.
|
| In an era where "No one should be a billionaire!" is a popular
| political viewpoint, and billionaires have effectively stolen
| the common person's political agency through lobbying, it seems
| reasonable that people won't see any harm in taking stuff from
| them, especially small amounts that they won't miss, like this.
|
| I don't necessarily agree with the sentiment, but it's
| definitely reasonable and understandable to see why people
| don't care about taking from people who, from their
| perspective, didn't earn it in the first place, and won't
| notice that it's gone.
| criddell wrote:
| Is this stealing or just taking advantage of a loophole?
|
| When tech companies funnel revenue to Ireland or other places
| to avoid taxes, is that stealing?
| thoughtstheseus wrote:
| Stealing would imply deceit. McDonalds decided it would be
| best to use software to engage in these transactions.
| rmetzler wrote:
| I think there is a bias were you learn about digital mistakes
| effecting many people and human errors that effect only certain
| transactions. A lot of people will not complain when they get
| back more than their change.
| brmgb wrote:
| That's because both situation have absolutely nothing in
| common.
|
| People tell cashiers when they make a mistake not out of a
| desire to avoid "stealing" (stealing is taking something
| without permission or right by the way so neither case is
| actually stealing by the way) but because they empathize with
| an actual human being making mistakes like they sometimes do
| and want to be helpful.
|
| Corporations can't at the same time replace people with
| machines to optimise their bottom line and expect their
| customers to remain empathetic. Once you put in place automatic
| system you have to owe them. You can't win on both side.
|
| If Amazon gives huge reductions by mistake, well, too bad for
| Amazon, the reductions are still there. It has absolutely
| nothing to do with shoplifting.
| Deimorz wrote:
| When a grocery store has self-service cashier stations, is it
| acceptable to only scan half of your items?
| Kinrany wrote:
| Your previous analogy has already been questioned, so
| replying with another analogy without explaining the
| similarity seems in bad faith.
| dnautics wrote:
| Can you please explain concretely what your definition of
| stealing is?
|
| To most sane people, it is not stealing when a transaction
| price is set, and that price is paid.
|
| If you buy a car and complete the transaction and as you're
| driving off the lot the dealership says, sorry, that car is
| 200,000 not 20,000; would that be stealing? Why or why not?
| mrleinad wrote:
| Could it have been obvious the price was 10 times higher than
| you paid? If yes, then it's stealing. If no, then no.
| pjc50 wrote:
| 90% discounts are not unheard of.
| petagonoral wrote:
| I see this as a negotiation between man and machine. The
| machine in this case was bad at negotiating.
| astura wrote:
| These sorts of "cutesy" arguments don't hold up in a
| court of law.
|
| http://www.nbcnews.com/id/21534526/ns/technology_and_scie
| nce...
| Kinrany wrote:
| That wasn't a glitch in negotiating. The system knew that
| the purchase was cancelled but sent the items anyway. It
| makes perfect sense that the system can legally ask to
| get those items back.
| yoz-y wrote:
| In France there is, AFAIK, a law that says that if you buy
| something when there was a system error setting the price,
| the company can legally ask you to give the item back.
|
| Usually they don't because of the PR problem it could cause
| but a system mistake does not mean that the item is suddenly
| free for grabs.
|
| I do understand people taking advantage of it though, it's a
| bit like winning a tiny lottery.
| Pfhreak wrote:
| People love Robin Hood, who was absolutely a thief, but also a
| folk hero.
|
| To understand why people are generally ok with this, ask
| yourself: Who benefits, who loses?
|
| In this case, some random person benefits, and the company
| (hopefully not the franchisee) loses.
| the8472 wrote:
| Consider it people providing incentives for writing secure
| software.
|
| Perhaps the world would be a better place if everyone behaved
| honestly all the time, but that is an unstable state because it
| takes only a single person to deviate from the norms in such a
| world to exploit all the systems that weren't designed with bad
| actors in mind.
|
| The cashier situation is not comparable because it's not
| exploitable reliably. Unless you have an easily distracted
| cashier that can be cheated all the time. If that were the case
| I could see some less scrupulous people starting to do that.
| thrower123 wrote:
| There was another one I saw where you could order a dollar
| burger, then order another ten burgers without the burger, and
| because of how the kiosk software calculated the "no burger"
| modifier, the total came out to $0.
|
| https://www.usatoday.com/story/tech/2019/04/08/11-free-burge...
| WalterBright wrote:
| > There was another one I saw where you could order a dollar
| burger, then order another ten burgers without the burger, and
| because of how the kiosk software calculated the "no burger"
| modifier, the total came out to $0.
|
| This looks like the software was missing some internal sanity
| checks. For example, it was hammered into us at Caltech that
| any answers we derive need to be sane. If an energy value
| turned out to be negative, we would have to note on the
| solution something like "the negative value is clearly wrong
| but I don't know where my mistake is" or we'd get not just zero
| credit on the solution, but a negative credit.
|
| Software should have the same sort of checks. It's called
| "contract programming", the simplest manifestation of which are
| asserts.
| orf wrote:
| > Software should have the same sort of checks. It's called
| "contract programming", the simplest manifestation of which
| are asserts.
|
| A wrong answer is wrong, but the correct response isn't
| always to fail. Imagine you added this and that caused 0.01%
| of orders to fail for 10 days while you debug the issue.
| Perhaps your assert is only stopping a 1 cent deviation from
| the correct order total - is it better to prevent 0.01% of
| orders in their entirety or have the absolute correct order
| total?
|
| Also a value of $0 is a perfectly valid cost for food - maybe
| they are using a voucher, or some loyalty points, or
| something else. The Uber eats integration with McDonalds
| seems to print an order that costs PS0.
| WalterBright wrote:
| Detected failures should bounce it to the cashier to ring
| it up. All the McD's I've been in with a kiosk also have a
| human cashier to help anyone with problems.
|
| > or something else
|
| Easy to account for it.
|
| BTW, the entire reason for the invention of double entry
| bookkeeping is to detect errors, not throw up hands and say
| it can't be done.
| orf wrote:
| > Detected failures should bounce it to the cashier to
| ring it up
|
| Assuming a minor deviation from the real order cost that
| ends up being more expensive than swallowing the
| difference and continuing with the order, and it also
| increases the number of abandoned orders at peak times.
|
| Either way you're paying a dollar to save a cent.
|
| Because you don't know what the true value should be
| (else you have no bug) it's very hard to choose the
| correct course of action. I'd argue that attempting to
| detect unexpected deviations and adding friction to fast
| food orders could backfire massively at McDonalds scale
| WalterBright wrote:
| Using sanity checks in software is normal practice,
| especially in software that calculates critical things.
| It works.
|
| > I'd argue
|
| I'm sure if you put some effort into thinking about how
| to make it work, you'll be successful.
| orf wrote:
| > Using sanity checks in software is normal practice,
| especially in software that calculates critical things.
| It works.
|
| Literally the whole point, that I've repeated to you 3
| times now, is that a single cent is not critical if it
| means losing the entire order.
|
| This isn't a rockets trajectory or a an MRI scanner, it's
| a glorified tablet selling high-volume impulse food at a
| good markup, so stop pretending as if the context doesn't
| matter when discussing things.
| WalterBright wrote:
| > that I've repeated to you 3 times now
|
| I explained how to deal with that.
|
| BTW, crooks have stolen millions of dollars by adjusting
| software to shave off a penny here and there. The idea
| that McDonalds can afford to be unaware of a missing
| penny in a transaction, when they have billions of those
| transactions, is wrong.
|
| In accounting software, it's critical to be accurate to
| the penny. Having the POS software be off by a penny
| calls into question the entire reliability of the
| software. Especially when normal accounting controls are
| not followed and the penny error is not detected.
|
| I once read a story where a prospective engineering hire
| was given a plant tour at Ford. He noticed an
| inefficiency that was costing Ford 5 cents per car. He
| was promptly hired.
|
| Edit:
|
| > rockets trajectory or a an MRI scanner
|
| I've heard the same arguments from people who vigorously
| insist that it's correct for rockets and scanners for the
| software to ignore bugs and soldier on. I hope the people
| who do write that software do not agree with those
| arguments. I suggest that re-evaluating this merits an
| investment of your time.
| rorocoeur wrote:
| More details: if you ordered a "Golden Menu" with a "McFirst"
| sandwich on the mobile app or on the self-service machine, almost
| everything you add would have been for free. The bug was first
| reported on Twitter and it took about 7 hours for restaurants to
| refuse to give orders.
| zozbot234 wrote:
| Interesting that they had the exact same issue on both
| platforms. It's also the kind of thing where some people might
| just guess that the behavior is intentional and take advantage
| of it.
| Karto wrote:
| It might be a stunt, but stuff like that happens. Many years ago
| I used to work for a large European company that ran a booking
| system for several hundreds of airlines. The system was used as a
| back-end by more than one famous online booking site. Currency
| rates were updated automatically. Once, on a new year's eve, at
| midnight, a glitch slipped into the Canadian dollar conversion
| rate, setting 1 CAD to 0 EUR. All of a sudden, all Air Canada
| flights were for free for European customers, at what might be
| the worst time of the year : "- so, this year's resolution : we
| take time to travel. - hey look honey, Canada looks cheap. - deal
| done, book right away, and let's open one more bottle of
| champagne !" I don't know how many AC flights were booked before
| someone realized and an on-call guy fixed the conversion rate.
| However, I know that all those free bookings remained valid, and
| were offered by my company who payed all of it directly to Air
| Canada.
| 101404 wrote:
| I always wonder why systems like this so rarely do even basic
| plausibility checks before data is updated.
| technofiend wrote:
| It saves so many headaches. I used to support a system with
| an automated fallback. If today's feed wasn't in by cutoff
| then the previous day's feed was used.
|
| Unfortunately we'd sometimes get partial or corrupted feeds.
| Partial feeds triggered investigation and possibly a manual
| rerun and corrupted ones often halted the system.
|
| Because we only used monthly numbers for reporting, delaying
| and rerunning any other day was pointless beyond standard
| root cause analysis to prevent recurrence. And this system
| had hundreds of feeds so at first there are almost daily
| issues.
|
| So I added a check to throw out any deviations over two sigma
| from the median of the last 30 days' good feeds which knocked
| out 99% of our data quality issues. I got in a boatload of
| trouble for different reasons but that's another story.
| ThePowerOfFuet wrote:
| >I got in a boatload of trouble for other reasons but
| that's another story.
|
| You cannot just drop that line and walk away. Storytime?
| chx wrote:
| IKR
|
| Once my brother wired 10M EUR from Austria instead of 10M
| HUF. The exchange rate is above 1:300. Needless to say, he
| didn't have 10M EUR on that account. Like, ever. Not even
| close. I still have no idea why the bank let him wire more
| money than he had especially on this magnitude. They reverted
| it but we needed to cover the spread which caused an almost
| 10k eur loss. That hurt.
|
| I have once accidentally copied my one time password into my
| ebank for payment (I was trying to copypaste the amount from
| somewhere else, it didn't take, that happens often with PDF
| and then the clipboard contained the previous copy) and it
| would've let me do it if I don't stop it at the confirm
| screen. It's mind boggling.
| yoz-y wrote:
| Amadeus?
|
| I remember at some point the French computer retailer had an
| issue when running a "buy 2 get 1 free" offer on blu-rays. One
| could remove the two bought items from the cart and the free
| one would remain. Repeat ad-libidum.
|
| Last year Amazon ran an offer where all photographic gear cost
| $94. All of it, even lenses which retailed for over 13k.
| https://www.usatoday.com/story/tech/2019/07/19/amazon-prime-...
| If there is one regret I have in my life, it was not checking
| the prime day that fateful morning.
| anamexis wrote:
| I won the lottery on a similar issue. I was looking at
| monitors on Amazon using a business account, which sometimes
| offers volume discounts. Instead of a $10 discount, someone
| had set the unit price to $10 if you bought more than one,
| for a $1100 monitor. I bought five. I expected the order to
| be cancelled, but a week later five monitors showed up.
| agumonkey wrote:
| Similarly long ago, a french amazon like site offered
| (alapage?) a 5e rebate for new customers, one coupon per
| person, and a person being identified by its delivery
| (fullname, address) pair. Except that they used string
| equality as comparison which means every typo combination got
| you a new account.
|
| Suddenly anything <= 4.99 was open hunt. A month or so later,
| most item were now 5.01. And possibly uniqueness was now put
| on credit card number, people can't get more than a handful.
|
| I never could find a figure nor an article in the news but
| considering how fast this spread around, it was an expensive
| mistake.
| RaceWon wrote:
| IP payment-->> French fries
| kenneth wrote:
| I still wouldn't want to eat any of that pile of garbage food
| even for EUR0.
___________________________________________________________________
(page generated 2020-02-08 23:00 UTC)