[HN Gopher] McDonald's app bug let people order for free in France ___________________________________________________________________ McDonald's app bug let people order for free in France Author : rorocoeur Score : 85 points Date : 2020-02-08 18:33 UTC (4 hours ago) (HTM) web link (twitter.com) (TXT) w3m dump (twitter.com) | giarc wrote: | Is there any proof other than the picture of someone with a ton | of McDonalds food and a caption? | humaniania wrote: | Sshhhh, you'll disrupt the marketing campaign. | rorocoeur wrote: | [video] | https://twitter.com/LeRoiLeBg/status/1226133445346316288 | giarc wrote: | I suggest we change the post link to this instead of a simple | photo. | beedyg wrote: | There was one evening in a small town is England where my fellow | students convinced the staff in the local McDonald's that the | student offer of one free hamburger did not require a purchase. | We ate a lot of free hamburgers that night. Guilt aside, dare say | they were the best McDonald's I've ever tasted | keanzu wrote: | Seems like a good way to promote the app specifically and | McDonald's in general. I wonder what the ROI on something like | this is vs a more traditional marketing campaign. | Donald wrote: | Their franchisees bore the entire cost of giving out the free | food. McDonald's corporate paid nothing except for paging | someone in to fix the bug. | mytailorisrich wrote: | Well, the software is provided by corporate so franchisees | likely have a claim for compensation. | | Whether they would dare at the risk of facing any negative | consequences is another issue... | speedgoose wrote: | I don't know if McDonald's food is that expensive. I would | expect that most of the costs are the employees, the | building, and the equipment. | [deleted] | saghm wrote: | Well, their employees had to do all the work to make that | food without the franchise getting revenue for it, but the | employees were presumably still paid | bwilliams18 wrote: | But the people were already there, it only happened over | the course of a single day; it's not like they paid the | people more because they were busier or making more | orders. | progval wrote: | They can only handle so many orders in a given hour. If | too many people took advantage of this, then queues | probably got longer, discouraging potential customers. | swiley wrote: | I don't know about McDonald's but I knew a manager at a | Taco Bell and a lot of this fast food takes very very | little work to make. Many Taco Bells can run on just a | couple people when they're not having to clean or | maintain anything. | [deleted] | cruzah wrote: | Here in Australia, the app has placed several phantom orders | which I have paid for but did not actually order. | | Have tried to contact McDonalds but they did not respond. | | It was only 4 or 5 coffees so I deleted the app. Should've chased | it harder but didn't have the time. | tonmoy wrote: | You may be able to create a dispute with your credit card | company (or other payment processor) | tenryuu wrote: | My father has also had this issue, on his first order too. It's | interesting since the application is used in various countries | around the world too, it's just re-branded and given it's own | unique app. | | I wonder if it's just as garbage everywhere else | adrianmonk wrote: | Through the magic of software, McDonald's has allowed its | customers to live out their fantasy of becoming real-life | Hamburglars. | ghego1 wrote: | Well said sir | macpete wrote: | Even for free I will not eat that processed garbage | frosted-flakes wrote: | I have friends like you. They decry McDonald's food as super | bad for you--and then turn around and eat at the fancy burger | place where a single burger and fries sets you back $20. Even | though it's literally the same food: beef patty, white bun, | ketchup, processed cheese, onions, and lettuce. And they get | the pop and greasy fries too. | | What's bad about McDonald's is not that the food is unhealthy | (it is, but no more than most restaurants), but that the food | is so cheap that so many people regularly eat it instead of | proper home-cooked meals. Also, it's easy to get way too much | food and sugary pop. | | I eat at McDonald's a few times a month, but I don't view it as | an unhealthy habit. My typical meal is two sandwiches, either | McDoubles or Junior Chickens. That's less than 800 calories in | total (I usually drink water). I rarely go for the combo meals | or the big sandwiches. | Deimorz wrote: | It's always interesting to me that so many people seem to | completely lose all compunction about stealing once technology is | involved. | | If they were ordering from a cashier at McDonald's and the | cashier got distracted for a minute and somehow forgot to charge | them before finishing the order, most of the people that abuse a | bug like this would tell them about the mistake. I've been in | similar situations plenty of times, where I easily could have | gotten something without paying because of a staff oversight, but | I always tell them I haven't paid yet. Most people won't suddenly | decide to steal something just because they're handed an easy | opportunity. | | But when the transaction is through an app or a website or | something, people are completely willing to abuse errors, and | will even go through an obscure process deliberately to _cause_ | errors so they can abuse them. When Amazon accidentally sells | expensive camera equipment for 99% off on Prime Day, people | clamor to steal as much as they can, even though it 's a blatant | mistake. None of those people legitimately believe the price is | intentional, they know they're taking advantage of an error. The | ones that get away with it brag about it, and others that missed | the chance are jealous that they didn't manage to steal anything. | | It's really a fascinating piece of psychology to me, that once | there's a "system" in place, abusing holes in it feels like a | reasonable thing to do, even if the end result is effectively | shoplifting. | | Edit: the replies to me are a perfect demonstration. | lidHanteyk wrote: | It's not like McDonald's exists in good faith. Remember that, | to the typical person on the street, McDonald's is a system | that exists adversarially, not as part of a holistic and humane | society. | | Edit: I don't eat at McDonald's. Do you, downvoters? | newfriend wrote: | This sounds like a bunch of commie gobbledygook to me. | acollins1331 wrote: | It's pretty simple at face value. You're interacting with a | person instead of a screen, that's basically like a game where | you try to "win" by getting the best price for all the stuff | you're ordering. Of course you might know it's wrong but you | don't see anyone (and can likely assume) no one directly | involved will take the fall for it. Compared to a cashier that | gives away something for free, they might get yelled at or lose | their job. It's empathy, it's human, and it makes a lot of | sense. | pjc50 wrote: | When there's a "system", everyone's very aware that an error | _against_ them will be treated inhumanly and be very time | consuming to correct. It 's a bit like a prisoner's dilemma | where you expect the other side to defect. | | Also, Amazon have more wealth than like half the population put | together. A few lenses aren't going to put a dent in that. The | only case I can think of that did was the "Hoover free flights" | fiasco, and that wasn't even an error. | mindslight wrote: | > _It 's really a fascinating piece of psychology to me, that | once there's a "system" in place, abusing holes in it feels | like a reasonable thing to do, even if the end result is | effectively shoplifting._ | | This is the same anti-empathetic "what can we get away with" | dynamic as stores engaging in surveillance-based advertising, | deploying menacing robots that bother customers, setting up | mobile device tracking and facial recognition cameras, price | discriminating with coupons and routine sales, etc. Also when | any customer service fleshbot says they "can't" do something | because the computer says no. | | It's only as technologists that we see the details of | technology as ultimately mediating interpersonal actions rather | than just taking its presence as a given. We know better than | to mess around with holes in apps this way, largely because | it's in the category of malicious hacking which generally gets | punished pretty hard (burn the witch!), especially if you are | one of the first to find such tricks. | | But I personally am not going to get too upset over some | individuals getting occasional freebies, especially while | similar abuse by businesses tends to get normalized and then | scaled up. | McDev wrote: | >When Amazon accidentally sells expensive camera equipment for | 99% off on Prime Day | | I've always wondered how much of those are actually mistakes, | and not just media stunts | kick wrote: | Something that harms a cashier (a worker) is harmful to a | worker, which is for most intents and purposes "human." | | "Robots are stealing our Goddamned jobs!" is a popular | sentiment around the globe. Who is using these robots to | replace jobs that should belong to people? Corporations. | Corporations are not people, as much as some sorts seem to | believe they are. | | Taking advantage of a corporation's mistake hurts billionaires | and millionaires (this includes McDonald's franchisees, as the | corporation doesn't allow just anyone to become one, costs are | high), who aren't really people in the conventional sense of | the word. | | These corporations, billionaires, millionaires and so forth are | the ones who are stealing from the people; taking advantage of | their errors for something like this is _good_. McDonald 's | spends millions a year on lobbying to harm the common good; $5 | or $10 or even $1,000,000 from them will mean nothing to them, | but will go a long way for the people taking it. | | Taking advantage of McDonald's Corporation errors is morally no | different than shoplifting from Wal*Mart, which similarly | spends millions lobbying and harming the common good, the only | difference is that the former presents no risk to the person | doing it. | | In an era where "No one should be a billionaire!" is a popular | political viewpoint, and billionaires have effectively stolen | the common person's political agency through lobbying, it seems | reasonable that people won't see any harm in taking stuff from | them, especially small amounts that they won't miss, like this. | | I don't necessarily agree with the sentiment, but it's | definitely reasonable and understandable to see why people | don't care about taking from people who, from their | perspective, didn't earn it in the first place, and won't | notice that it's gone. | criddell wrote: | Is this stealing or just taking advantage of a loophole? | | When tech companies funnel revenue to Ireland or other places | to avoid taxes, is that stealing? | thoughtstheseus wrote: | Stealing would imply deceit. McDonalds decided it would be | best to use software to engage in these transactions. | rmetzler wrote: | I think there is a bias were you learn about digital mistakes | effecting many people and human errors that effect only certain | transactions. A lot of people will not complain when they get | back more than their change. | brmgb wrote: | That's because both situation have absolutely nothing in | common. | | People tell cashiers when they make a mistake not out of a | desire to avoid "stealing" (stealing is taking something | without permission or right by the way so neither case is | actually stealing by the way) but because they empathize with | an actual human being making mistakes like they sometimes do | and want to be helpful. | | Corporations can't at the same time replace people with | machines to optimise their bottom line and expect their | customers to remain empathetic. Once you put in place automatic | system you have to owe them. You can't win on both side. | | If Amazon gives huge reductions by mistake, well, too bad for | Amazon, the reductions are still there. It has absolutely | nothing to do with shoplifting. | Deimorz wrote: | When a grocery store has self-service cashier stations, is it | acceptable to only scan half of your items? | Kinrany wrote: | Your previous analogy has already been questioned, so | replying with another analogy without explaining the | similarity seems in bad faith. | dnautics wrote: | Can you please explain concretely what your definition of | stealing is? | | To most sane people, it is not stealing when a transaction | price is set, and that price is paid. | | If you buy a car and complete the transaction and as you're | driving off the lot the dealership says, sorry, that car is | 200,000 not 20,000; would that be stealing? Why or why not? | mrleinad wrote: | Could it have been obvious the price was 10 times higher than | you paid? If yes, then it's stealing. If no, then no. | pjc50 wrote: | 90% discounts are not unheard of. | petagonoral wrote: | I see this as a negotiation between man and machine. The | machine in this case was bad at negotiating. | astura wrote: | These sorts of "cutesy" arguments don't hold up in a | court of law. | | http://www.nbcnews.com/id/21534526/ns/technology_and_scie | nce... | Kinrany wrote: | That wasn't a glitch in negotiating. The system knew that | the purchase was cancelled but sent the items anyway. It | makes perfect sense that the system can legally ask to | get those items back. | yoz-y wrote: | In France there is, AFAIK, a law that says that if you buy | something when there was a system error setting the price, | the company can legally ask you to give the item back. | | Usually they don't because of the PR problem it could cause | but a system mistake does not mean that the item is suddenly | free for grabs. | | I do understand people taking advantage of it though, it's a | bit like winning a tiny lottery. | Pfhreak wrote: | People love Robin Hood, who was absolutely a thief, but also a | folk hero. | | To understand why people are generally ok with this, ask | yourself: Who benefits, who loses? | | In this case, some random person benefits, and the company | (hopefully not the franchisee) loses. | the8472 wrote: | Consider it people providing incentives for writing secure | software. | | Perhaps the world would be a better place if everyone behaved | honestly all the time, but that is an unstable state because it | takes only a single person to deviate from the norms in such a | world to exploit all the systems that weren't designed with bad | actors in mind. | | The cashier situation is not comparable because it's not | exploitable reliably. Unless you have an easily distracted | cashier that can be cheated all the time. If that were the case | I could see some less scrupulous people starting to do that. | thrower123 wrote: | There was another one I saw where you could order a dollar | burger, then order another ten burgers without the burger, and | because of how the kiosk software calculated the "no burger" | modifier, the total came out to $0. | | https://www.usatoday.com/story/tech/2019/04/08/11-free-burge... | WalterBright wrote: | > There was another one I saw where you could order a dollar | burger, then order another ten burgers without the burger, and | because of how the kiosk software calculated the "no burger" | modifier, the total came out to $0. | | This looks like the software was missing some internal sanity | checks. For example, it was hammered into us at Caltech that | any answers we derive need to be sane. If an energy value | turned out to be negative, we would have to note on the | solution something like "the negative value is clearly wrong | but I don't know where my mistake is" or we'd get not just zero | credit on the solution, but a negative credit. | | Software should have the same sort of checks. It's called | "contract programming", the simplest manifestation of which are | asserts. | orf wrote: | > Software should have the same sort of checks. It's called | "contract programming", the simplest manifestation of which | are asserts. | | A wrong answer is wrong, but the correct response isn't | always to fail. Imagine you added this and that caused 0.01% | of orders to fail for 10 days while you debug the issue. | Perhaps your assert is only stopping a 1 cent deviation from | the correct order total - is it better to prevent 0.01% of | orders in their entirety or have the absolute correct order | total? | | Also a value of $0 is a perfectly valid cost for food - maybe | they are using a voucher, or some loyalty points, or | something else. The Uber eats integration with McDonalds | seems to print an order that costs PS0. | WalterBright wrote: | Detected failures should bounce it to the cashier to ring | it up. All the McD's I've been in with a kiosk also have a | human cashier to help anyone with problems. | | > or something else | | Easy to account for it. | | BTW, the entire reason for the invention of double entry | bookkeeping is to detect errors, not throw up hands and say | it can't be done. | orf wrote: | > Detected failures should bounce it to the cashier to | ring it up | | Assuming a minor deviation from the real order cost that | ends up being more expensive than swallowing the | difference and continuing with the order, and it also | increases the number of abandoned orders at peak times. | | Either way you're paying a dollar to save a cent. | | Because you don't know what the true value should be | (else you have no bug) it's very hard to choose the | correct course of action. I'd argue that attempting to | detect unexpected deviations and adding friction to fast | food orders could backfire massively at McDonalds scale | WalterBright wrote: | Using sanity checks in software is normal practice, | especially in software that calculates critical things. | It works. | | > I'd argue | | I'm sure if you put some effort into thinking about how | to make it work, you'll be successful. | orf wrote: | > Using sanity checks in software is normal practice, | especially in software that calculates critical things. | It works. | | Literally the whole point, that I've repeated to you 3 | times now, is that a single cent is not critical if it | means losing the entire order. | | This isn't a rockets trajectory or a an MRI scanner, it's | a glorified tablet selling high-volume impulse food at a | good markup, so stop pretending as if the context doesn't | matter when discussing things. | WalterBright wrote: | > that I've repeated to you 3 times now | | I explained how to deal with that. | | BTW, crooks have stolen millions of dollars by adjusting | software to shave off a penny here and there. The idea | that McDonalds can afford to be unaware of a missing | penny in a transaction, when they have billions of those | transactions, is wrong. | | In accounting software, it's critical to be accurate to | the penny. Having the POS software be off by a penny | calls into question the entire reliability of the | software. Especially when normal accounting controls are | not followed and the penny error is not detected. | | I once read a story where a prospective engineering hire | was given a plant tour at Ford. He noticed an | inefficiency that was costing Ford 5 cents per car. He | was promptly hired. | | Edit: | | > rockets trajectory or a an MRI scanner | | I've heard the same arguments from people who vigorously | insist that it's correct for rockets and scanners for the | software to ignore bugs and soldier on. I hope the people | who do write that software do not agree with those | arguments. I suggest that re-evaluating this merits an | investment of your time. | rorocoeur wrote: | More details: if you ordered a "Golden Menu" with a "McFirst" | sandwich on the mobile app or on the self-service machine, almost | everything you add would have been for free. The bug was first | reported on Twitter and it took about 7 hours for restaurants to | refuse to give orders. | zozbot234 wrote: | Interesting that they had the exact same issue on both | platforms. It's also the kind of thing where some people might | just guess that the behavior is intentional and take advantage | of it. | Karto wrote: | It might be a stunt, but stuff like that happens. Many years ago | I used to work for a large European company that ran a booking | system for several hundreds of airlines. The system was used as a | back-end by more than one famous online booking site. Currency | rates were updated automatically. Once, on a new year's eve, at | midnight, a glitch slipped into the Canadian dollar conversion | rate, setting 1 CAD to 0 EUR. All of a sudden, all Air Canada | flights were for free for European customers, at what might be | the worst time of the year : "- so, this year's resolution : we | take time to travel. - hey look honey, Canada looks cheap. - deal | done, book right away, and let's open one more bottle of | champagne !" I don't know how many AC flights were booked before | someone realized and an on-call guy fixed the conversion rate. | However, I know that all those free bookings remained valid, and | were offered by my company who payed all of it directly to Air | Canada. | 101404 wrote: | I always wonder why systems like this so rarely do even basic | plausibility checks before data is updated. | technofiend wrote: | It saves so many headaches. I used to support a system with | an automated fallback. If today's feed wasn't in by cutoff | then the previous day's feed was used. | | Unfortunately we'd sometimes get partial or corrupted feeds. | Partial feeds triggered investigation and possibly a manual | rerun and corrupted ones often halted the system. | | Because we only used monthly numbers for reporting, delaying | and rerunning any other day was pointless beyond standard | root cause analysis to prevent recurrence. And this system | had hundreds of feeds so at first there are almost daily | issues. | | So I added a check to throw out any deviations over two sigma | from the median of the last 30 days' good feeds which knocked | out 99% of our data quality issues. I got in a boatload of | trouble for different reasons but that's another story. | ThePowerOfFuet wrote: | >I got in a boatload of trouble for other reasons but | that's another story. | | You cannot just drop that line and walk away. Storytime? | chx wrote: | IKR | | Once my brother wired 10M EUR from Austria instead of 10M | HUF. The exchange rate is above 1:300. Needless to say, he | didn't have 10M EUR on that account. Like, ever. Not even | close. I still have no idea why the bank let him wire more | money than he had especially on this magnitude. They reverted | it but we needed to cover the spread which caused an almost | 10k eur loss. That hurt. | | I have once accidentally copied my one time password into my | ebank for payment (I was trying to copypaste the amount from | somewhere else, it didn't take, that happens often with PDF | and then the clipboard contained the previous copy) and it | would've let me do it if I don't stop it at the confirm | screen. It's mind boggling. | yoz-y wrote: | Amadeus? | | I remember at some point the French computer retailer had an | issue when running a "buy 2 get 1 free" offer on blu-rays. One | could remove the two bought items from the cart and the free | one would remain. Repeat ad-libidum. | | Last year Amazon ran an offer where all photographic gear cost | $94. All of it, even lenses which retailed for over 13k. | https://www.usatoday.com/story/tech/2019/07/19/amazon-prime-... | If there is one regret I have in my life, it was not checking | the prime day that fateful morning. | anamexis wrote: | I won the lottery on a similar issue. I was looking at | monitors on Amazon using a business account, which sometimes | offers volume discounts. Instead of a $10 discount, someone | had set the unit price to $10 if you bought more than one, | for a $1100 monitor. I bought five. I expected the order to | be cancelled, but a week later five monitors showed up. | agumonkey wrote: | Similarly long ago, a french amazon like site offered | (alapage?) a 5e rebate for new customers, one coupon per | person, and a person being identified by its delivery | (fullname, address) pair. Except that they used string | equality as comparison which means every typo combination got | you a new account. | | Suddenly anything <= 4.99 was open hunt. A month or so later, | most item were now 5.01. And possibly uniqueness was now put | on credit card number, people can't get more than a handful. | | I never could find a figure nor an article in the news but | considering how fast this spread around, it was an expensive | mistake. | RaceWon wrote: | IP payment-->> French fries | kenneth wrote: | I still wouldn't want to eat any of that pile of garbage food | even for EUR0. ___________________________________________________________________ (page generated 2020-02-08 23:00 UTC)