return to table of content

Unbricking my MacBook took an email to Tim Cook

jtriangle
139 replies
15h49m

I'm glad the machine was restored to usable condition, I've had a laptop stolen from me in the past, it was returned in an evidence bag, in about 1000 pieces, which was very frustrating to get an excited call a year after it'd happened telling me the police had recovered it, only to be greeted with, well, an unusable husk.

That said, yours is a completely artificial problem imposed upon you by the company you made a purchase from. You don't have the private keys to your own device, which means ultimately, your usage of that device is conditional on being in the good graces of a group of very wealthy, indifferent, strangers.

That, in, and of itself, is the issue at hand here, and while you've found yourself a favorable outcome, you're likely an exception to the rule.

judge2020
126 replies
15h11m

What is the better solution that retains the anti-theft capabilities of the device? The value of stolen (activation-locked) iPhones and Macs is largely only on in overseas markets where they can strip the device down to usable parts - or, if you're lucky, you'll get threatening text messages telling you to remove the device from your icloud[0, 1] so they can sell it as a fully working phone.

The inability for a thief to just flash the device with fresh firmware and use it as if it were new is a key selling point of the device and might justify the higher price tag to some buyers.

0: https://old.reddit.com/r/applehelp/comments/13yn1o0/phone_st...

1: https://old.reddit.com/r/applehelp/comments/16fcd4c/recently...

twodave
51 replies
15h0m

This line of argument just _irks_ me. I don't care enough about thieves for this to even matter to me. And I think this is zero-sum for the consumer. Maybe more devices get stolen (probably not, if I'm a thief I'm still snatching it and throwing it in a river or something). What this really does is suffocate the secondary parts market, so it costs more to repair the things or they just require a replacement.

Many, many users of these devices have rarely, if ever, had anything stolen from them. And as one such person, I don't want to hear a company tell me I can't even have the _option_ of an open device because "it's for my own good". I can damned well decide that on my own.

hnfong
30 replies
14h52m

Many, many users of these devices have rarely, if ever, had anything stolen from them.

You don't want the thief to steal a locked device. You want the devices to have a reputation for not worthing as much on the black market if stolen. That creates a deterrent effect, and is arguably one of the reasons why the average person's phone is stolen less.

As to whether this effect is worth suffocating the secondary parts market, it really depends on whether you're actually a potential participant in it. One can argue that the vast majority of iPhone/Mac users never thought of buying parts or using non-official channels for repairing the device.

estebank
17 replies
14h47m

The laptop could come with a USB-C "master key" on the box, tied to that specific laptop. Keep that key at home, and all the anti-theft benefits continue to apply, while keeping the owner in control of their hardware.

c0pium
4 replies
12h8m

Everyone who doesn’t throw that useless weird dongle out with the box will lose it immediately. This is not a technical problem and you cannot fix it with a technical solution.

saghm
3 replies
11h56m

Everyone who doesn’t throw that useless weird dongle out with the box will lose it immediately

So they'd be no worse off than they are the way things currently work, except with the ability for the few who do care about this sort of thing having a better workaround than "try to email the CEO and pray that he somehow notices"

This is not a technical problem and you cannot fix it with a technical solution

Funny, that's exactly how I see bricking a laptop to try to curtail thieves, only it actually does solve the problem, but only by creating a worse one

ffgjgf1
1 replies
7h22m

Is this the case though? From what I understood in the article:

- Find My Device wasn’t enabled on the mac and it was stolen.

- somebody reset it and tied it tot their account

- then the same person passed it to another party and bricked it by reporting it stolen.

- somehow the original owner managed to recover it

Would the original owner been able to avoid all this has they actually enabled this security feature in the first place?

JoBrad
0 replies
5h55m

Yes, if they had enabled Find My.

thaumasiotes
0 replies
6h22m

> This is not a technical problem and you cannot fix it with a technical solution

Funny, that's exactly how I see bricking a laptop to try to curtail thieves

People love to repeat slogans, regardless of whether those slogans actually apply to whatever it is they're talking about.

LoganDark
4 replies
14h38m

I believe some ASUS laptops come with a built-in security key called the "keystone" that slots into the chassis. It's visually similar to those security devices built into treadmills that will stop the machine if it gets yanked out (by someone falling or etc). It could probably be used like a master key.

chrismorgan
3 replies
13h38m

The Kensington lock slot on the chassis is extremely common. My Surface Book didn’t have one, but every other laptop I’ve had has had one.

https://en.wikipedia.org/wiki/Kensington_Security_Slot

LoganDark
2 replies
6h57m

It's a security key, as in a Hardware Security Module, it's not just a lock slot. Look up "asus keystone" and you can find images of it.

https://www.mensxp.com/technology/games/55824-asus-rog-keyst...

The first-party software supports using the key to unlock a hidden encrypted volume, as well as instantly locking the computer when the key is removed. I'm not 100% sure if it can be used to secure bootup.

c0pium
1 replies
3h29m

lol, no it’s not, it’s an NFC chip with an account ID on it. That allegedly encrypted hd is just a vhd stored in programdata that anyone can mount and read. It’s not a Kensington lock but it provides the same amount of data security as one.

c:\programdata\asus\virtualdrive

LoganDark
0 replies
35m

it’s an NFC chip with an account ID on it.

wait, they made something that looks like an HSM and is marketed like an HSM, but actually it's just a glorified ID card? That's stupid

selcuka
3 replies
13h57m

The laptop could come with a USB-C "master key" on the box

Or simply with a unique private key, printed inside a tamper proof envelope? You can at least backup the private key to somewhere safe, if you want.

Many people will lose the key (that's ok, not worse than the current situation), but at least those who care won't.

ffgjgf1
2 replies
7h28m

So both you and Apple would have access to that private key and you would be able to recover it from Apple if you lose it? Directly or the way it’s handled now. Cause otherwise it wouldn’t really work

selcuka
1 replies
4h42m

Apple can have their own, separate private key for convenience (so that you can reset your device using an iCloud account). Your private key is for when you forget your iCloud password (or the device is bricked, as in the article) and Tim Cook can't be bothered to step in.

hunter2_
0 replies
1h12m

But if Apple believes that original proof of purchase (the receipt that the author presented to Apple in hopes that it would convince them to unlock the laptop) is insufficient (and let's assume the lack of cryptographic signing of said receipt isn't the problem; Apple can verify the receipt another way) because the original owner could've sold the laptop to a second owner and then stolen it back, then why would Apple think it's ok to accept "your private key" as proof that you're still the owner? You could've sold the laptop and stolen it back -- the exact hypothetical situation that prevents them from considering the original bill of sale -- and then used the key that you had possession (or knowledge) of the whole time! A secondhand buyer should demand the key if it's physical, but if it can be duplicated this breaks down.

pjerem
2 replies
8h12m

In fact, it could even just be a plastic "owner's card" like the one you get when you buy a new lock, that, presumably, you must have to order new keys.

With some QR code and the device's camera, you don't need any new hardware.

ffgjgf1
1 replies
7h27m

What happens when you lose it?

JoBrad
0 replies
5h54m

If it’s a fail safe, then losing it will impact very few people.

twodave
6 replies
14h27m

The point I was attempting to make is I don't care what the thief does. I want the option to disable it if I've determined (on my own, with no help from anyone else!) that I'm not at a high risk of theft in the first place.

hnfong
3 replies
14h2m

Fair point.

I must point out that in the original article, the author lost their MacBook and then complained it was locked after it was returned. (It would be analogous to getting it stolen then having the thief reactivate the lock.)

cwillu
2 replies
13h47m

“must”? The lockout is only the reason that an event consisting of a misplaced device that was returned, instead turned into the constructive loss of the device in question.

ffgjgf1
1 replies
7h18m

Well yes?

As I understand it the owner chose to not enable the security feature. The thief however did.

How else would you suggest this choice be implemented? Apple selling different models with or without the feature? Because then nobody would just buy the less “secure” option and Apple would rightfully soon discontinue it

cwillu
0 replies
1h38m

A security feature that causes a security vulnerability that wouldn't exist without the feature, is not a good security feature. The existence of the security feature makes it less secure, for some people. Why wouldn't they buy the version without it?

stouset
0 replies
13h2m

Okay, and you can.

But then the person who steals your laptop (as in this story) can turn it back on and you’re shit out of luck.

alistairSH
0 replies
6h57m

Isn’t that what happened here? Owner didn’t enable security feature (Find my…). Then some series of events led the thief to reset device, enable Find My, and lock themselves out.

tadfisher
2 replies
14h15m

This also deters one from buying a used Mac or iDevice, because apparently it's on the seller to remove the device from their account, and they can lock/deactivate it remotely at will. Any proof that the device was actually removed from the seller's account is subject to forgery.

bomewish
1 replies
11h9m

Yikes wait so is there no way to guarantee against this? Like if I buy a 4K MacBook Pro second hand on eBay surely I am able to guarantee they’re not gonna brick it on me in six months?!

wtallis
0 replies
10h1m

surely I am able to guarantee they’re not gonna brick it on me in six months?!

Yeah, just set up the machine using your own iCloud account, before it's too late to return for a refund.

marcosdumay
0 replies
3h29m

For context I live in Brazil.

Laptop theft was never a pressing enough matter for me to do anything except encrypting its disk. I never met anybody around here that claims to have done anything about protecting from it (except for physically protecting it). And nobody that I know has a locked-down device that would be worthless if stolen.

RecycledEle
0 replies
2h55m

the vast majority of iPhone/Mac users never thought of buying parts or using non-official channels for repairing the device.

Seriously?

People like that exist?

Now I am tempted to shun anyone carrying a fruit phone.

heinternets
5 replies
14h53m

You can decide this by not owning an Apple device

ryandrake
1 replies
14h15m

I mean, this is the obvious end state for a lot of us. I've been an Apple fanboy and Mac owner for over 10 years, and Apple is slowly but surely losing me as a customer due to all these ideas that nerf their computers "for my own sake". I don't need protection from my computer and applications, and my computer does not need protection from me. The user should be the final authority on what gets run on the computer, and Apple has been steadily drifting from this principle.

My next computer will sadly probably not be a Mac. Who knows what I won't be allowed to do with it by the time it comes to refresh mine.

phs318u
0 replies
13h14m

That's the decision I came to a couple of years ago after 18 years as an Apple hardware user. Having said that, I still use an iPhone because the use and risk profiles are so different. The phone is literally the "keys to my kingdom".

twodave
0 replies
14h26m

Obviously.

orangesite
0 replies
11h52m

This is not a great argument given that Apple is in the business of selling Apple devices.

My original incentive for spending the last 15 years and thousands of dollars in the Apple ecosystem is that their products would "just work" for my family.

Nowadays I'm spending hours on the phone with our daughter who's in tears because Apple keeps locking her out of her iPad or laptop.

I'm also not going to get into my mom having a lifetime's worth of photographs locked up in her iMac that we're literally only going to be able to get hold of if I take an overseas trip to England to do it myself. (btw, if anyone can recommend an Apple shop in the south of England who actually know what they're doing…)

So guess where Dad is shopping these holidays?

Yup, not Apple!

jkestner
0 replies
13h42m

This line gets repeated a lot. Sometimes people need both A and B, but they have to choose A xor B.

There's so little competition in this space that voting with your wallet barely moves the needle. Giving a company public feedback doesn't hurt.

droopyEyelids
5 replies
13h23m

These anti-theft systems are one of the big reasons that so few users have their phones & laptops stolen from them.

I don't know how old you were in the 2000's, but even in restricted access college libraries, laptops were stolen constantly. In the first few years after iPhones came around, phone theft started becoming super common, and was eventually a constant source of news.

Back then the thieves weren't limited to professionals who had access to a fence who has contacts with shady factories overseas. Every single hard up person could benefit from grabbing a device, and doing a DFU reset or wiping the hard drive. The market and opportunity for thievery was soooo much bigger.

saghm
4 replies
11h49m

I'm not sure I buy this logic. The timeline you give could be just as easily explained as people taking time to learn to account for carrying around something valuable in a form factor they're not used to (e.g. accidentally leaving it on a table and using the bathroom only to find it gone when they returned). It's also not like Apple devices make up the majority of the phone or laptop market, and at least for laptops I'm pretty sure there's no standard equivalent for whatever remote lockout thing happened to the macbook in the article. I think you'd need a lot more evidence to argue convincingly that this policy made a huge difference.

michael1999
0 replies
16m

No. It was a policy problem large enough that legislators required it as a condition of selling phones.

It was a real problem that kids walking around high-school, or people walking in the street, were carrying something easily stolen and fenced for several hundred dollars. Ride-by theft by bike was a notorious mode. The equivalent would be people walking around with a stack of $50s flapping in their hands. A target like that is called an "attractive nuisance", and the law has a long tradition of discouraging them.

https://news.sophos.com/en-us/2015/07/02/smartphone-anti-the...

jonatanheyman
0 replies
8h16m

In many western countries, e.g. the US, iPhones do make up the majority of the phone market.

ffgjgf1
0 replies
7h11m

I'm pretty sure there's no standard equivalent

Don’t most other phones have an equivalent feature? Samsung certainly does and they together with Apple control the overwhelming majority of the market almost everywhere

I think you'd need a lot more evidence to argue convincingly that this policy made a huge difference.

I disagree. It’s perfectly obvious that it made a very big difference. The market price of stolen phones is now much, much lower that it used be which significantly alter the cost/benefit ratio from the perspective of would be thieves.

Shadowmist
0 replies
8h34m

My local shopping mall had visible from the food court these ATM looking machines that spit out cash if you put cell phones in, and I would watch kids standing there with bags of phones exchanging one phone after another.

ffgjgf1
1 replies
7h29m

Maybe more devices get stolen (probably not

I’m 95% sure you’re very wrong on this. Anecdotally it seems to me that phone theft is massively down from where it was 10-20 years ago.

This line of argument just _irks_ me

That’s fine you just have different preferences and/or priorities than other people. Nothing unique about that.

What this really does is suffocate the secondary parts market,

Certainly true. IMHO forcing Apple to sell parts for a reasonable prices would be a massively better solution

I can damned well decide that on my own.

Isn’t it optional? On Macs anyway? (I’m not really sure)

alistairSH
0 replies
6h55m

Yes, Find My is optional, which is why this whole chain of events could occur.

bomewish
1 replies
11h11m

The solution is simply to give the consumer the choice. Some will want theft protection and some won’t. Problem solved!!

xenadu02
0 replies
10h50m

That choice already exists! If you don't enable Find My on your device then anyone can DFU it to a blank slate without issue. You must opt-in to this feature.

networkchad
0 replies
14h47m

Ok no one literally cares what you think. Apple is solving a problem and you’re just an annoying nerd.

microtherion
0 replies
5h43m

But you DO have the option of setting up your Mac as an "open device", that is exactly what the article is about.

And OP is complaining that Apple gave them that option in the first place…

f1shy
0 replies
6h39m

In many countries people get killed for a Phone (or much less) Just that you know the world is not the sq foot where you live now.

Thorrez
0 replies
4h13m

What this really does is suffocate the secondary parts market,

How? The person you replied to says

The value of stolen (activation-locked) iPhones and Macs is largely only on in overseas markets where they can strip the device down to usable parts

If the only doable thing with a stolen Mac is to use it for parts, I think that would increase the availability of parts, not decrease it.

torstenvl
19 replies
15h7m

I fail to see how Apple's corporate policy robbing you of your device is somehow an anti-theft capability.

If you are permanently deprived of your rightful property, you are a victim of theft. Whether it's via EULA and private keys, or via street thug with a wrench, I'm not sure it makes any realistic difference.

heinternets
18 replies
14h57m

How would you provide this type of locking system without giving users access to their own private keys, then having a much worse problem where dozens of users lose their private keys and forever brick their device?

beeboobaa
7 replies
14h28m

I wouldn't. It's unethical and frankly evil. Physical access should always trump any remotely installed policies, otherwise you can never truly own something.

This, and remote attestation, are tools to enforce DRM. The anti theft stuff is just a marketing strategy you fell for.

KerrAvon
2 replies
14h18m

Frankly, it’s ethical and it saves the lives of millions of small children. I don’t want my phone stolen, and if it is stolen, I don’t want thieves to have access to my data or any of my digital assets. If you’re OK with your phone and digital identities being stolen in the name of freedom, by all means use Android.

matheusmoreira
0 replies
14h10m

Millions of children are gonna die if iPhones don't have DRM? No.

beeboobaa
0 replies
14h14m

What are you even talking about? That's just a bunch of exaggerated nonsense lol

fsckboy
1 replies
14h11m

Physical access should always trump any remotely installed policies

so if you steal something and therefore have physical access to it, that should trump the original owner who no longer has it because you stole it even if they have the receipt with the serial number on it?

beeboobaa
0 replies
5h30m

Yeah. Techbros aren't the new police.

ffgjgf1
1 replies
7h5m

It's unethical and frankly evil. Physical access should always trump any remotely installed policies,

Isn’t that what happened here? The thief and not the owner reported it as “stolen” and thus bricked. The thief could’ve as well just thrown an actual brick on it with similar effects

The anti theft stuff is just a marketing strategy you fell for.

Also it works. Both for deincentivizing theft and allows you to recover the device had you actually enabled the feature (so not this case)

angoragoats
0 replies
4h13m

Isn’t that what happened here? The thief and not the owner reported it as “stolen” and thus bricked. The thief could’ve as well just thrown an actual brick on it with similar effects

I see your point, but if it were me in OP’s shoes, I’d be annoyed by the fact that even though I chose not to enable the anti-theft stuff, Apple presumes that the laptop is “unowned” and can still be enrolled into the anti-theft service. I would much rather have the laptop ship with a physical copy of the private key that will unlock the device (paper with a QR code on it would be sufficient), that way I retain ownership of the device regardless of what the thief does. Everything else could stay the same.

Edit: also, reporting as stolen is not the same as a thief smashing the laptop with a brick — the crucial difference is that by reporting as stolen, the thief retains access to the device while locking out anyone else. The post even speculates that the shop involved used this technique to extort the person who brought the laptop to them.

ShadowBanThis01
3 replies
11h43m

That doesn't make sense. First of all, "this type of locking system" is clearly a failure because it allowed an unauthorized random person to report a computer as "lost" when he didn't own it. So the answer to your first question is: You wouldn't.

Second, what does this even mean: "without giving users access to their own private keys, then having a much worse problem where dozens of users lose their private keys and forever brick their device?" What scenario exactly does that refer to?

ffgjgf1
2 replies
7h1m

because it allowed an unauthorized random person to report a computer as "lost"

Because (if I under the article correctly?) the owner hadn’t actually enabled “find my mac”?

ShadowBanThis01
1 replies
6h28m

The (admittedly vague article) said it was "wiped," though. By whom?

ffgjgf1
0 replies
6h22m

By the thief/shop who linked it to their account? IIRC you can still wipe macs without having the password as long as all the theft protection stuff isn’t enabled.

teraflop
2 replies
14h49m

A system where users can recover their devices if they successfully hold onto their private keys is much better than a system where they can't recover their devices at all without Apple's reluctant help.

ffgjgf1
0 replies
7h6m

Isn’t the issue in this case that the use didn’t enable “find my mac” in the first place, the thief was able to tie the device to their account and then brick it?

I assume he would’ve been able to recover it if he had “held on to his private key” (having the device be linked to his account being the current equivalent)?

chongli
0 replies
10h56m

Maybe for power users, sure. But for regular people (Apple’s biggest market) it’s not an issue: they just register their devices and don’t have to worry about it.

torstenvl
0 replies
14h48m

Keep the private key with Apple. But also...

Sell an HSM (free when you buy a Mac > $2000? discounted in conjunction with AppleCare?) that will remove activation lock on the Mac it's purchased with.

cycomanic
0 replies
12h44m

You seriously can't think of other ways? I can easily think of at least 10 other ways just of the top of my head.

Volundr
0 replies
13h45m

without giving users access to their own private keys

I wouldn't. If someone has a device that is unusable without keys they don't have, they don't actually own that device. Far be it from me to quote the crypto crowd but "not your keys...."

jtriangle
13 replies
15h1m

Depends on the person/application.

I, alone, have the keys to my laptop's drive. The device itself is cheap, and insured in most cases, so, if it gets stolen, no worries really.

For a macbook and a not-tech-savvy user, well, we exchange cars all the time, and cars have keys, usually some flavor of RFID included. Cars are less than perfect of course, but, most can add/remove keys given a set of conditions are met. I don't think it'd be outrageous to just have an iphone app that handles the key exchange upon sale. Mix that with a little user education, a little UX, and you're good to go. More or less that'd involve a user resetting the machine and part of that process would include de-enrolling their 2nd factor from the machine to prep it for sale.

That maintains all of the same functionality and then some.

dylan604
12 replies
13h41m

A car !== A computer

State secrets, corporate secrets, personal secrets can all be on a computer. Financial data can be on a computer. There are all sort of things that need much more protection than a car.

The attempt at comparing the two in thinking their security levels can even be compared is just not even sensible

xxs
5 replies
8h37m

!==

Why so many characters for inequality.

Am4TIfIsER0ppos
3 replies
7h17m

They must be a user of a language that needs === meaning "real equal not imaginary equal"

Also I wish you could still buy cars that were not computers.

thaumasiotes
1 replies
5h53m

They must be a user of a language that needs === meaning "real equal not imaginary equal"

This is something that, weirdly enough, perl did really well and then everyone else ignored the good solution in favor of much worse alternatives.

In perl, 0 and "0" will compare equal, which can lead to trouble.

But perl prevented virtually all of that trouble by making the operators on strings different than the operators on numbers. So

    "1" + 2
is 3, whereas

    "1" . 2
is 12.

dylan604
0 replies
3h32m

. vs + for string concat is still one that causes many basic syntax errors for me as I switch back and forth between PHP and JS. I know immediately what I've done as soon as the corresponding syntax error is thrown, but still not immediate enough for when I'm actually typing it.

xxs
0 replies
5h47m

Also I wish you could still buy cars that were not computers.

That was the joke

dylan604
0 replies
4h10m
saghm
1 replies
11h37m

It's also a lot harder to steal someone's car without already having the ability to get in and turn it on; you can't just pick it up and walk away.

I also think that car security is maybe not a good standard to try to emulate, given how often they have what in my opinion might be the worst security message of all time: the car alarm. I've never once heard a car alarm and thought "aha, someone must be trying to steal that car". As far as I can tell, false positives are both much more common than true positives and literally indistinguishable to bystanders, so any time someone hears a car alarm the person causing it could just claim it's their car and they activated it by mistake and no one would question it. They're also so annoyingly loud that they disturb basically everyone on the block, and they can happen at literally any time. After around 10 seconds of a car alarm waking me up from deep sleep I would probably root for a thief to get away with taking the car just to make the sound go away.

pbhjpbhj
0 replies
9h32m

You can pick up a car and take it without the owners consent, it needs heavy equipment (though there are also under-wheel robots that can move a car).

cycomanic
1 replies
13h24m

For the vast majority of people there will not be state secrets on the computer, many not even financial data. And I sincerely hope that if you carry around state secrets, it's not apple who holds the keys.

The reality is for most people the most valuable thing on their laptop are some photos. The car on the other hand holds significantly more monetary value for many, so the financial impact of loosing a car is typically much higher

dylan604
0 replies
12h59m

That's why they have insurance.

For most people, the most valuable thing they have is the browser with all of their cookies saving their accounts and stored password managers. If readers on this forum can't think of why a laptop or other personal computing device like phone might be more valuable and how to access that data, then I'd suggest creative thinking is just not being applied very well.

the state secret thing was in jest.

HeWhoLurksLate
1 replies
13h13m

Why not?

State secrets can also be in one of those mailer boxes in your car, or you might have a body in the trunk you don't want people to find. Or I might be inside the car, and I want as much protection as possible (but without adding too much weight)

You can also buy "hardened" cars that make intrusion significantly harder, there's also a vocal minority that wants to understand everything going on the car and doesn't trust the government (coreboot/ pre-emissions controls) and there's people who use vehicles that are the road equivalent of a Chromebook and also people that have really tricked-out systems that have more power on demand than will ever conceivably be used anywhere other than synthetic workloads (dynamometers) or high-end professional stuff (racing.)

saghm
0 replies
11h33m

State secrets can also be in one of those mailer boxes in your car, or you might have a body in the trunk you don't want people to find. Or I might be inside the car, and I want as much protection as possible (but without adding too much weight)

Sure, but nobody is clamoring for literally every car on the market to have a remote lockout only possible to disable by the OEM or if the original owner chooses explicitly to pass on the privilege. It would be ludicrous for the solution to potentially accidentally leaving some documents in the glove compartment to be allowing the original owner of a used car to retain the privilege to brick the car after someone else buys it.

akira2501
12 replies
14h10m

What is the better solution that retains the anti-theft capabilities of the device?

One that doesn't literally make the device unusable in the case of a mistake. We protect far more valuable property with far less fancy mechanisms. If you're genuinely worried about theft, then you need layers of simple security, not a one shot nuclear bomb embedded into your device.

The inability for a thief to just flash the device with fresh firmware and use it as if it were new is a key selling point of the device and might justify the higher price tag to some buyers.

Is that why people care about theft?

lotsofpulp
8 replies
13h35m

We protect far more valuable property with far less fancy mechanisms.

I cannot name a single thing I own that is more valuable than the information contained in my electronic devices.

You could steal the contents of my house and the building materials and it still would not be more valuable.

akira2501
7 replies
13h21m

This seems to imply that your device contains the only copy of this information in existence and that cloud backups and PIN keys are inadequate for your security requirements.

Are people actually trying to steal your information or just the chunk of valuable plastic that's currently a portal for accessing some of it?

Meanwhile.. all the animals and sometimes children at my house are more valuable than any of my information, at least, to me. And of course, the most valuable and abstract of them all, my own health.

jameshart
5 replies
12h8m

It's not losing the information that the computer holds that's the risk. For most people, their computer contains the keys to be able to steal all their money and major assets, commit crimes in their name, defraud their family and friends, and endanger their employment. Those keys are embodied in the trusted ability to access their primary email and social media accounts, and possibly their work accounts too.

akira2501
2 replies
8h43m

Yes, and I can do all that now without your device, and I was able to do it before digital devices became prevalent. Yet, it does not happen, because no one has any motive to do this to you even if the means to do it has now been reduced to simply taking your phone. If someone has that motive then access to your phone will /not/ be the deciding factor.

The opportunity costs don't bear out either, as just because someone has an expensive piece of tech, does not mean they have the kind of assets you can drain into Bermuda. The reward ratio is not significant to plan for this eventuality in any meaningful way.

Which is why most people when faced with the prospect of insane security will just choose to layer two simpler methods together instead, such as basic old 2FA via SMS or FIDO. These technically reduce security barrier of entry but allow the portions of the implementation to live further apart from each other, which for most people, is enough.

Also, if your work didn't issue you a secure PC and trusted 2FA hardware, then allows you to have privileged information like email on your home laptop, that's entirely bad policy on their part.

lotsofpulp
1 replies
3h53m

If someone has that motive then access to your phone will /not/ be the deciding factor.

Ease of committing a crime is surely a factor in probability of that crime occurring.

Far more people are willing to look over a shoulder for someone’s phone PIN or slip them a roofie to get access to bank account apps and transfer money than they are to confront them while conscious and threaten them to give them their money.

(Hence the advice to keep access information to only nominal amounts of wealth in phones).

throwaway290
0 replies
3h25m

Ease of committing a crime is surely a factor in probability of that crime occurring.

The other factor is turning a profit. You have a brick, you can sell it for parts through China and get a few cents. You have a fully functioning phone/laptop, you can sell it for a lot. If everyone had Find My on then stealing Apple hardware would be pointless. It's the orthodoxy geeks who turn it off to feel like they "own" their hardware that make it a chance play & worth a shot for the criminals & hurt normies.

confront them while conscious and threaten them to give them their money

This is called robbery, theft means no confrontation.

akho
1 replies
10h56m

If possession of a laptop allowed that sort of access, the thief could just unlink the device from apple id.

Passwords and drive encryption protect data. Remote bricking supposedly decreases the resale value of the laptop hardware, which supposedly makes people steal them less.

throwaway290
0 replies
9h21m

which supposedly makes people steal them less.

Which achieves the goal (not have laptop with this important info stolen).

lotsofpulp
0 replies
4h1m

Meanwhile.. all the animals and sometimes children at my house are more valuable than any of my information, at least, to me.

I expected loved ones to be excluded from the definition of property in this context, being a discussion about theft and not more violent things like kidnapping.

Are people actually trying to steal your information

I do not know everyone’s intentions, I just know what my loss potential is. I do not keep many paper records, so getting into my digital files will give up all of my information as well as TOTP and SMS 2FA codes that serve as proof of my identity.

Once someone can prove they are me, then it is an uphill battle for me to prove someone else was being me, and even doing that does not always help.

xenadu02
1 replies
10h48m

You need only look at cellular carriers and the rampant social engineering going on that gets people's cell numbers (and thus SMS messages) diverted to understand that you can't give people an inch here or the entire system falls apart. The system must be designed around human factors like customer service agents being yelled at by a scammer pretending to be the legitimate owner.

By definition making a system even somewhat secure against social engineering and the like means it is less forgiving of mistakes.

And once again I must keep reminding people that "Find My" is an opt-in feature that you are not required to use.

Aeolun
0 replies
5h43m

And once again I must keep reminding people that "Find My" is an opt-in feature that you are not required to use.

Isn’t that the bad part about this story? That someone with your laptop can reset it if you’ve not used ‘find my’?

PeterisP
0 replies
4h19m

Having a phone stolen is a massive inconvenience, and it used to happen on large scale.

The main way to reduce the risk of that (which actually works) is by targeting the motivation of the thieves by making the stolen device nearly worthless for resale or reuse - i.e. literally making both the device and its parts unusable even for a semi-skilled operator of a pawn shop buying large quantities of stolen phones.

It's not that my specific information is so worth protecting, but that there is a social benefit as if everyone's phones are nearly worthless to steal, then the thefts go way down.

015a
4 replies
13h58m

There are two kinds of people in the world; people who believe "anti-theft" is a reasonable justification for this, and people who believe that this is just another tired "trade freedom for security" argument.

You'll rarely convince either side to change their mind on this. Its an issue that pokes at a really deep element of personal philosophy.

Here's my argument from the opposite side to try, however: Asking about how you can retain the anti-theft capability isn't relevant to the discussion, because sacrificing freedom for that, especially to the degree Apple does, is not worth any trade-off. This is the same right to repair issue that HackerNews, generally, derides John Deere for; the main difference, beyond Apple's psy-op level marketing, is that Apple hasn't pushed exploitation of this control as hard. But: They absolutely, undeniably do exploit many of the people within their system of control, not just indirectly ("the control is exploitation" is kind of a dumb argument), but very directly, between extremely high upfront costs, high repair fees, cryptographically refusing to allow third party parts, etc. Additionally: their self-control in pushing further exploitation is almost definitely a product of market success, because in the mega-capitalist system Apple lives in benevolence may be the result of culture or leadership, but it is allowed by market success, and denied during market failure.

A lot of that boils down to the original thesis; very fundamental personal philosophy. I don't believe, personally, that it is ethical for individuals or companies to do something unethical (non-negotiably asserting significant control over physical goods they sell) because it enables something ethical (reducing incidents of theft).

That might be controversial, which is fine. I think a point of that which is likely even more controversial is the argument that even asserting control over devices in isolation is unethical. I hope it isn't controversial, but I feel like it might be simply given the way the world is turning. That's a different topic of discussion; but in short, I think there's a strong argument that restricting freedom to independently modify and repair physical goods you purchase is a form of classism. Additionally, to turn the dial to 11 on this, that this assertion of central control has a very real, negative impact on national security.

userbinator
2 replies
13h17m

It's only controversial because it goes against their narrative of wanting to do away with private ownership completely (and wanting you to be happy about it.) I've seen it called "digital feudalism" here.

015a
1 replies
12h37m

I think the "getting rid of private ownership" thing is a red herring. I don't think its accurate to say that most people hold it as some kind of deep personal philosophy; not to the "renting is sometimes convenient and good" degree, but the "ownership is bad and should be discouraged" degree. Obviously there exists people with communist ideology, which while I disagree with feels at least defensible; but we're not talking about Land and Inventions, we're talking about, you know, bricks of Smart Metal in our bags.

That differentiation is important, because it reveals the main reason why Apple is successful, and why they don't get market pushback: Most people just don't care. There's a good chunk of radicalization on the side of Freedom, there's very little radicalization on the other side, mostly just people who haven't thought about it enough, and then there's the vast majority in the middle who just don't care.

I take comfort in that reality, because it indicates to me that this will probably change. We're seeing right to repair gain steam in US legislature. It takes time to develop shared language and understanding on why this is important, and why it matters, with those people in the center, many in positions of power.

pixelfarmer
0 replies
6h21m

Most people don't care for a simple reason: As long as these things are not in their way, they certainly don't care. That changes as soon as such stuff presents obstacles, which can start simply by such tech causing issues for the legal owners of such products.

This is why this whole issue causes more trouble with John Deere: It is in the way of what people do.

A dictatorship can work out nicely as long as it doesn't stand in the way of the people.

microtherion
0 replies
5h22m

If you don't care about the "anti-theft" capabilities, simply don't turn on activation lock.

This story is about somebody who did exactly that, and then discovered they suddenly cared about theft when their device was stolen.

Pick a lane.

ShadowBanThis01
3 replies
11h48m

There apparently ARE no "anti-theft" capabilities. Look at this:

"They explained to me that the MacBook was wiped in the middle of August (after I had lost it) and then reported lost by a newly created iCloud account"

How can an unauthorized user suddenly claim ownership of a wiped computer and then "report it lost?" Why does Apple accept a loss report from someone who is not the owner of the computer? If this is actually what happened, there's no excuse for that glaring stupidity.

chongli
2 replies
10h48m

Because the person in the article left their laptop unregistered and unlocked on purpose. When it was stolen, the thief was able to register it as though it were brand new (which it basically was).

ShadowBanThis01
1 replies
6h24m

Nope. From the article: "While the person didn’t reset it themselves, they did take it to a shop, and asked them to unlock it. The shop didn’t unlock it, however, they did reset it."

So it WAS "locked." I don't know what you mean by "unregistered," either.

microtherion
0 replies
5h17m

Presumably the computer had a password set. This makes it non-trivial for an unsophisticated thief to unlock it, but there is a documented procedure to do so if you know how to look it up: https://support.apple.com/en-us/102673

prmoustache
2 replies
8h48m

What is the better solution that retains the anti-theft capabilities of the device?

A private key that is given to you upon purchase and that you can store in your password manager.

microtherion
1 replies
5h29m

As opposed to your AppleID password, that you pick yourself, and that you can store in your password manager?

prmoustache
0 replies
3h1m

You shouldn't have to need an appleid in the first place, as an account can be terminated/revoked any time by the company holding it.

m463
2 replies
12h18m

you could have a hardware dongle that you initialize when you activate your phone/laptop. It can be stored at home or in a safe. Then that dongle can unlock the device completely at any time.

Instead, the keys are stored by apple and never returned to you.

calamari4065
1 replies
12h9m

Ship the keys with the device on a sheet of paper. Generate them on first boot, display them and strongly encourage users to print and save them. Provide keys to the user on request after a reasonable identity verification. Have the user provide an emergency fallback password on device registration. Hire a skywriter to draw random characters and give the user a particular time to start and stop recording. Mail a hardcopy of the keys to the user. Encode the keys as a subliminal message that your device plays to you in Steve Jobs' voice while you sleep.

Really, literally any other option than "never give the user keys".

microtherion
0 replies
5h25m

FileVault ALREADY gives you the option of creating a backup code to print out and save.

AppleID ALREADY gives you numerous methods of recovering lost passwords, if you remember to set them up in advance.

trevyn
1 replies
7h38m

What is the better solution that retains the anti-theft capabilities of the device?

I have a private key, not on the device, that matches a public key on the device. The device will not perform certain significant operations without a signature from my private key.

C'mon people, this is not rocket science.

microtherion
0 replies
5h15m

[Puts on my best suit and "Elder Microtherion" badge]

Howdy stranger! Have you heard the good news about "FileVault Recovery Keys" ?

https://support.apple.com/guide/mac-help/protect-data-on-you...

xxs
0 replies
8h40m

solution that retains the anti-theft capabilities of the device

First, this is a self-imposed problem; spread crime (theft) won't be solved by reducing the access.

Next, I could have an encrypted drive and a key stored in a key stored in a bank, or an USB storage, or print, or whatever. As a matter of fact, I do have such laptop.

And last - car thievery is still a thing in the EU, even though registering a stolen car is exceeding hard - they are either sold for parts... or exported to Russian (not so much recently for obvious reasons). Of course, Apple comes and tells that only they can repair the laptops/phones/etc. b/c of thievery and serialized parts.

varispeed
0 replies
7h37m

If Apple didn't actively block supply of spare parts, this wouldn't be as attractive as it would have been much cheaper to buy parts from the manufacturer than steal phones, ship them overseas and get (most likely) forced labourers to strip them for parts and ship back.

It Apple's corporate greed that fuels that and government corruption that allows it.

trinsic2
0 replies
4h11m

I equate this to owning a car, but giving the master keys to a third-party that doesn't have your best interest at heart, with the ability to lock the owner out of the car simply because his keys were taken.

Any anti-theft method needs to give complete and full control to the owner of the device so this kind of bullshit doesn't happen.

The fact that Apple doesn't provide a mechanism for the owner to gain full and complete control of his device at any given moment has more to do with Apple wanting to control their technology for ulterior motives.

We live in an age where corporations want to take away ownership, and we're letting it happen because we're stupid enough to think that they have our back.

spookie
0 replies
14h29m

You could encrypt your boot partition as well as the others. ahem... A "friend" of mine does this and he sure looks silly decrypting the laptop 2 times upon turning it on!

Of course, this approach only solves the biggest problem when your device is stolen (your data won't be easily accessible, if at all really). But I wager this friend of mine recognises that as the only thing that has any actual value in there. There are ton of devices out there.

simion314
0 replies
11h2m

What is the better solution that retains the anti-theft capabilities of the device?

Apple can afford to pay smart people to think for days for a solution. The solutions we will give here after 1 minute of thinking will not be optimum.

matheusmoreira
0 replies
14h16m

The better solution is to not have "anti-theft" nonsense to begin with. They invariably involve giving up the keys to the machine to the trillion dollar corporation. It's not our computers anymore, it's the corporation's and they're merely allowing us to use them. This "anti-theft" stuff is really just DRM disguised as a feature.

SenAnder
0 replies
14h23m

What is the better solution that retains the anti-theft capabilities of the device?

Include the unlock key in the box the device was sold in, and in Apple's database. Tech-savvy users can, possessing the key, change it. Tech-unsavvy users can behave the same as they have now, even if they lost the key, as long as they didn't change it. So long as they don't carry the key with the device, all the anti-theft remains.

The freedom-respecting solution is literally trivial. The only reason it is not implemented is because Apple likes owning your devices.

Log_out_
0 replies
10h49m

Allow the owner to neuter anti theft if he wants? Make it trapdoor opt out?

CivBase
0 replies
13h49m

I see this argument made all the time. Is there literally any other product for which this is seen as an acceptable "anti-theft" feature? Imagine if we did that to cars.

Brian_K_White
0 replies
2h5m

a: Trivial. User controls the keys, the service only controls the service.

b: Irrelevant. There is a value to the consumer, but it is not worth the cost. There are countless possible conveniences that could be made possible if you were just willing to let someone else have essentially power of attorney over your life.

c: Even if you want to say that there is a technical limitation making a: impossible, and you have a different opinion on b:, the laptop WAS ultimately unbricked, which means all arguments and excuses that were given up to that point to justify not unbricking were proven demostrably false.

I don't just mean they always had the physical ability, I mean the fact that they were ever eventually willing, proves that all along the necessary information existed to allow them to. If there are supposedly two facts: "We can't know it's really you." plus "For integrity and principle reasons, we can't do it if we can't know it's really you.", then even Tim Cook should not have done it no matter the publicity pressure. Tim Cook should have made it a big promotional selling point plastered on those big Apple billboards in NYC how they refused to do the wrong thing even in the face of massive public pressure. Instead, they did it, which means they could have done it in the first place, not just physically but logically.

It proves that they chose not to for reasons which are valuable to Apple and NOT to the user. Another aspect of b: value not worth the cost. Cost being being at someone else's mercy who you have no leverage over.

hackerfooze
3 replies
13h15m

One of many issues solved by blockchain technologies. You can completely cut out the middleman and get access to your data.

davely
1 replies
12h19m

How does blockchain solve this problem?

You still have to rely on a middleman (the blockchain), which I believe isn’t infallible either (human input error, adversarial attacks, phishing, social engineering, network availability, etc)

angoragoats
0 replies
4h20m

Looking at the grandparent’s post history, I’m pretty sure they’re either a parody account or a troll.

microtherion
0 replies
5h12m

Yes, of course! Blockchain COMPLETELY solves the problem of losing your keys or having them stolen

https://www.cbsnews.com/news/hard-drive-lost-bitcoin-landfil...

khazhoux
1 replies
8h43m

your usage of that device is conditional on being in the good graces of a group of very wealthy, indifferent, strangers.

Was it necessary to say “wealthy”? That doesn’t seem relevant, but rather incidental.

karamanolev
0 replies
8h6m

Their wealth is a core reason for their indifference, so I'd argue yes, it was necessary.

Zambyte
1 replies
15h16m

You don't have the private keys to your own device

This here is the misunderstanding. It's simply not possible for you to own Apple's computers.

wkat4242
0 replies
13h14m

Yeah laptops are going the same way as content "No you're not buying a book/movie, just a license to use it". It's a bit depressing.

tinus_hn
0 replies
8h58m

The person is praising Activation Lock and criticizing the fact you can skip setting it up. Yet you want to turn it into a claim Activation Lock is a bad thing.

Nothing more than the typical ‘hurr durr Apple bad’ commenting common on this site. Dull, pointless, not interesting.

thefz
0 replies
8h51m

That said, yours is a completely artificial problem imposed upon you by the company you made a purchase from.

Nobody owns even their hardware anymore.

smashed
0 replies
14h31m

This.

Any other reply is going to be apologetic rambling.

caeril
0 replies
3h33m

problem imposed upon you by the company

No, this is an entirely self-inflicted problem by the user.

It's 2023. Everybody knows about the telemetry, the unserviceable hardware, the "fuck you" style bug reporting and customer service, and of course the fact that you no longer own your own machine.

Anybody buying Apple (and to a large extend Microsoft) at this point, knowing they have no intention of letting you have access to your own device, also knowing that there are superior open-source options, deserves precisely what they get.

qingcharles
41 replies
15h40m

Whenever I have an issue with a product that support can't/won't resolve I go to one of those sites where you can buy contact info and purchase the CEO's email addresses and phone numbers then go at them. I just had to do it for the recent Google class action payout (got me my check overnighted).

I did it with Cash App though and it backfired ("Your account has been terminated for contacting employees outside of the support system")

Now, how much is Sundar Pichai's cellphone number going to cost me? I just want to get into my Google account that I have the username, password and recovery email for, but not the old phone number.

arcastroe
12 replies
15h24m

If you're willing to share, I'd love to hear the Cash App story. Seems like a slap in the face for them to terminate your account for trying to resolve an issue with their service.

qingcharles
11 replies
15h14m

In very quick summary: I bought a product online using my Cash App debit card. Turns out with more research company was a total scam. After 6 weeks of not shipping anything I asked for refund. They shipped "something" to me, but FedEx failed to deliver the box (said I was out but never even came down my street) and the package was returned to the sender. Sender closed their corporation and opened under another name and continued scam.

I asked Cash App to do a chargeback. They told me their system doesn't allow chargebacks where the goods were "delivered." I told them they were never delivered. They argued that they were delivered back to the sender, therefore they were "delivered." I got all their execs cellphones and started politely calling them. One escalated it to their "Executive Support" who gave me the same answer, then my account was terminated. They did issue me a refund as part of the termination, but I can no longer use Cash App which is very frustrating for someone at the bottom of the food chain like me who interacts regularly with people who only use Cash App as their banking.

    In the interest of resolving your dispute, we are providing, as a one-time courtesy, a reimbursement of $93.75 for your transaction with Wibargin, LLC.  Additionally, we are electing to terminate your Cash App account (as allowed in our Terms of Service, section XIII.8).  As a result of the termination of your Cash App account, you will no longer be able to use Cash App and its services going forward.

    You will be able to access your account in order to cash out your remaining funds, however all other features, including the Cash Card, will be permanently disabled.

ryandrake
3 replies
14h6m

This is great. We need more people doing this kind of work. The degree to which company employees and leadership insulate themselves from their customers should be unacceptable.

You shouldn't be frustrated by your account being terminated. Why would you want to continue to do business with such a shitty company. I'd take that as an opportunity to explain to other people "who only use Cash App" for whatever reason, what a shitty company they are.

joshmanders
2 replies
12h28m

I'd take that as an opportunity to explain to other people "who only use Cash App" for whatever reason, what a shitty company they are.

Not only that but the more people they run into who don't use Cash App the more likely they'll start using alternatives to also be paid by those people, giving less of a societal reliance on a corporation who will terminate your account because you used outside channels to resolve an issue regular support wouldn't help with.

hunter2_
1 replies
57m

What people only use Cash App? I've never come across a member of this group. I'm an American who uses (in declining order of frequency) credit cards, Venmo, cash, PayPal, ACH, debit cards, checks. I don't recall anyone even offering to deal in Cash App, let alone exclusively.

joshmanders
0 replies
41m

What people only use Cash App? I've never come across a member of this group.

According to https://www.businessofapps.com/data/cash-app-statistics/

51 million monthly active users in 2022 and 13 million people had the Cash Card in 2021.

intunderflow
3 replies
14h54m

I hope the absolute contempt CashApp seem to treat their users with backfires on them in the future when they inevitably see actual competition.

Terminating a users account while simultaneously admitting fault by providing reimbursement just screams to me that the leadership team are completely out of touch and don't want to hear a thing from their own customers.

s3p
2 replies
14h29m

Venmo did this to me in 2019 :)

They thought I was under 18, so they asked for my drivers license. I sent a picture and they responded with:

"Thank you for sending us your ID." "Your account has been permanently deactivated and we regret to inform you that we can no longer offer you the Venmo service."

Absolutely mind boggling.

fullspectrumdev
1 replies
8h42m

PayPal recently did this to a friend - asked them to verify their account, then terminated it.

zarzavat
0 replies
6h35m

Maybe asking for the ID is a ruse. They already intended to close the account, they just want your ID so you can’t open another one.

shrikant
0 replies
9h3m

On a bit of a tangent, something very similar happened to me recently -- splashed out ~£300 for a product and after about 4 weeks of no further contact from the company, turns out it was a scam, and the sender shut down the corporation, website, wiped it from the various archive sites etc.

Fortunately I'd paid using my Amex, and American Express support were incredibly helpful in making me whole pretty much right away. I recall the payment gateway being a Stripe thing, so I really hope the scammer got hit hard somehow.

lloydatkinson
0 replies
7h29m

It's absurd to me America needs some stupid third party app to send money to other bank accounts. In the UK, we can simply login to our bank accounts or the bank phone app, type their sort code and account number, or IBAN for international, and it arrives within minutes but usually seconds.

joering2
0 replies
6h28m

Thank you for this story - I was this close to get aboard and ask all my 42 employees to get one, now we will move forward to researching different solution.

aardvarkr
6 replies
15h12m

Where in the world can you buy information like that? Seems incredible that something like that exists

qingcharles
5 replies
14h56m

SignalHire was the one I used recently, and Jigsaw was the one before.

Basically whenever a friend of yours installs some shitty free app on their phone and it demands to exfiltrate all their contacts your email address and phone numbers get scooped up and sold to the highest bidder. You can guarantee Tim Cook has a bunch of friends, grandmas, etc that have no idea how to use their phones and have 400 apps installed all syphoning off Tim's contact details.

FirmwareBurner
3 replies
12h45m

> You can guarantee Tim Cook has a bunch of friends, grandmas, etc that have no idea how to use their phones and have 400 apps installed all syphoning off Tim's contact details

But how do those apps know it's THE Tim Cook and not one of dozens of other guys named Tim Cook? Also, what if, and this is usually the case, most people don't have you as "Tim Cook" in their phonebooks, but as "Big Baws", "Honey Bunny" or "Timmeh 12 inches uncut"?

soundarana
1 replies
10h2m

You can do network analysis.

He should appear in the contact list of relevant people (Apple employees, press, ...)

FirmwareBurner
0 replies
6h25m

Good point.

joshmanders
0 replies
12h24m

But how do those apps know it's THE Tim Cook and not one of dozens of other guys named Tim Cook? Also, what if, and this is usually the case, most people don't have you as "Tim Cook" in their phonebooks, but as "Big Baws", "Honey Bunny" or "Timmeh 12 inches uncut"?

If a lot of people have that same phone number in their contacts but only a handful have it as "Big Baws", "Honey Bunny" or "Timmeh 12 inches uncut" but do have as Tim Cook, or even have his job description, email address and other stuff attached to it too, it's safe to say it's a dead ringer to be Tim Cook, CEO of Apple, Inc.

qup
0 replies
13h28m

This comment caused me to run a thought experiment about how many grandmas a person can have. I decided the answer is exactly as you described: a bunch.

throwup238
5 replies
15h27m

> I did it with Cash App though and it backfired ("Your account has been terminated for contacting employees outside of the support system")

Write the Consumer Financial Protection Bureau. They'll get you sorted right quick.

qingcharles
2 replies
15h18m

First thing I did. Didn't help at all :(

throwup238
1 replies
15h12m

That sucks. Are they not under the CFPB's jurisdiction?

What about your Congresscritter? I usually CC them on any complaints and they pick it up if there's a problem.

qingcharles
0 replies
14h58m

OK, I just looked up the CFPB's response. They just acted as middle-man. The response from Cash App was that I should file a chargeback with FedEx and claim that the package was never received (literally lie to FedEx even though their own system shows the package was returned). After that response I was allowed to respond and the CFPB then closed the complaint.

Here's my final response:

https://imgur.com/a/xS7k84X

lolinder
1 replies
15h0m

Is this illegal somehow? I totally understand why a company would take a hard stance against customers contacting employees through weird side channels, and I have a hard time imagining what law they would be violating by enforcing that rule.

throwup238
0 replies
2h58m

I am not a lawyer and I have no idea. That’s why when I’ve been wronged by an institution with dozens of lawyers, I contact the CFPB. That’s what consumer protection is supposed to be.

Unfortunately based on the OP’s experience it looks like the CFPB had been severely handicapped since the last time I had to complain to them. Now they only have authority over banks with more than $10 billion in assets.

sureglymop
3 replies
11h29m

We just had a thing like this in my company. A customer asked a technical question to our assistant who forwarded the question to the dev team. Within an hour (before she could reply) they wrote an angry email to the CEO "exposing" her and overall acting petty. The CEO then forwarded that email to her supervisor who then just forwarded it to her again. It was quite unpleasant for every party involved. It's just a hit and miss and if one does this, it definitely shouldn't be an petty/angry rant.

toyg
2 replies
9h45m

So your dev team humiliated a random female employee for trying to provide good customer support...?

Sounds like a fun place to work for. /s

t0mas88
0 replies
6h27m

Or "they" refers to the customer?

lolinder
0 replies
3h43m

The pronouns are super confusing in that comment, but I'm pretty sure that "they" is the customer and "she" is the assistant.

The "before she could reply" implies that whoever wrote the angry email was being impatient and didn't wait for a reply to an email that they had sent. The only replies being awaited are devs->assistant or assistant->customer, and since the devs were only identified as a group it makes more sense to interpret the assistant as the (singular female) victim of the impatience and the customer as the one who got impatient waiting for a reply.

soundarana
3 replies
10h8m

Buying a private phone number and contacting it for support could be considered harassment.

verisimi
2 replies
6h17m

What about when your device is bricked, and you can't use it any more and the company does not engage with you?

What the legal system says, the words they use, are not that interesting...

lolinder
1 replies
3h53m

Yes, it's still harassment. You have other means of expressing your frustration at the company, but contacting individuals directly (who may or may not even be in charge of that aspect of the company!) is not a valid way of doing so.

euroderf
0 replies
3h18m

... unless it is the only way. Work with dogs, wake up with fleas.

thejosh
2 replies
15h12m

Here in Australia we have the ACCC (Australian Competition and Consumer Commission) which is designed to help consumers, we also have pretty good consumer laws - this has stopped various companies from expanding here due to not wanting to deal with our Government, however given Australians spend $$, they need to dance to their tune.

nuker
1 replies
14h42m

In my case (below) ACCC said they dont engage for individuals, its an industry level org. Quote: "The ACCC is not a complaints handling body, so we are unable to help you resolve your dispute"

https://news.ycombinator.com/item?id=38691458

suprjami
0 replies
14h3m

I always thought Fair Trading was the version for individuals

Scoundreller
2 replies
15h30m

Another option is contacting shareholder relations.

Helps if you're a stockholder, but you don't have to be (you can decide on the ethics of going through non-standard methods when standard methods don't work). Those inboxes are usually monitored by competent people and they'll at least forward your email to the right people so they can close out the case that gets created on every email on their side.

Patio11 goes into this here: https://www.kalzumeus.com/2017/09/09/identity-theft-credit-r... in the section: "Where exactly should I address letters?". Also goes into contacting their legal department. If you can't find an address, can always send a letter to headquarters "ATTN LEGAL DEPARTMENT", those get opened by expensive people.

I've emailed shareholder relations for a company I owned, a smaller company, like $2b, about some question I had about one of their annual reports. Didn't get a response after a followup. Sold half my stock because of their non-response and was very happy I did (unsure if my question was a sensitive topic for them, but c'mon, at least give me a fuck off reply)

trinsic2
0 replies
2h58m

Thanks for the info. I accidentally downvoted you while copying the text, sorry about that.

qingcharles
0 replies
14h54m

Thank you. I was thinking of following up with Cash App's legal dept just to see if they have anyone worth a crap working there who might see sense and reverse the decision.

mathrawka
0 replies
14h13m

Curious to which Google class action payout you are talking about.

I'm still waiting for the check from https://googleplaydevelopersettlement.com/, was it this one?

toomuchtodo
31 replies
15h52m

It is delightful that OP was able to get Tim’s exec team to fix this for them. Broadly speaking, this indicates that there needs to be a mechanism to bind your IRL identity to your digital identity and your device(s). Instead of showing proof of purchase, you provide a government credential you bound to the account and or the device, and assuming trust in the identity proofing process, you receive access to your device or account because you are known to be who tied the device to your IRL identity.

Emailing Tim doesn’t scale.

(I have filed comments with the FTC on this account recovery matter regulatory gap; identity is a component of my work in infosec, primarily in financial services)

jtriangle
18 replies
15h47m

Tying your real identity to a machine is a piss poor solution to this problem, and it is as such because you're not understanding the problem itself.

The issue at hand is that devices are being sold where you do not take ownership of the private keys used to configure it. Not your keys, not your device.

judge2020
11 replies
15h43m

Being able to "take ownership of the private keys" will benefit us on HN and not many beyond that. Apple sells Macbooks to anyone who can afford one, and I would bet money we'd see 100x the number of complaints of inaccessible laptops (via selling them or otherwise) if you needed to store keys from initial setup until the end of its usage or from people forgetting to transfer the keys to the new owner(s) of said laptop.

jtriangle
8 replies
15h33m

You're assuming such a system would be someone emailing you privatekey.txt

That is, of course, a system that exists, but, be creative, lots of ways to skin that cat. In apple's case, well, they could certainly sell a device to handle that job, basically a key fob like you probably use in your car (sometimes built into the physical key without your knowledge).

You could also use the remarkable amount of compute that most people carry around in their pockets to do this job with no additional device required (use your phone).

Not really a hard nut to crack overall.

ryukoposting
3 replies
15h2m

Aren't you describing a use case for a yubikey?

RulerOf
2 replies
14h16m

I keep thinking that the right solution to this problem is to add an HSM that functions as a bearer title for the device, layered above the existing Apple root of trust, that comes in the box.

It could sign an activation lock removal and give it to the device through the usb port.

If the HSM is lost or fails, revert to the status quo.

kristjansson
1 replies
2h26m

That is a cool idea. The machine comes with a horcrux :)

RulerOf
0 replies
1h10m

I like the idea of course, but I can see it so easily ending up in some forgotten corner of a stolen laptop bag.

The common theme that keeps coming up with activation lock that Apple's customers do not understand this feature until it bites them in the wallet. Any solution would require education that these same people won't get until they're in an irrevocable situation anyway.

kristjansson
2 replies
14h44m

Or they could sell a service to manage the device keys. The could even bundle it for free. They might even give it a terrible, anti-descriptive name like “find my”

rbetts
1 replies
14h28m

Thank you! This comments section is so weird - most of the comments are the exact opposite of my understanding.

Find My Feature from apple.com:

Activation Lock is designed to prevent anyone else from using or selling your device. When you enable Find My on your device, Activation Lock is turned on automatically.

Your Apple ID and password will then be required in order to erase or reactivate it. And if someone is able to erase your device, the Hello screen will show that it’s locked, locatable, and still belongs to you.
kristjansson
0 replies
2h30m

Yeah, the issue is the author didn’t avail himself of Apple’s device key feature, then had his laptop stolen. In the interim, whomever had the machine enabled the device key feature, so the author couldn’t use the machine when it was eventually recovered.

c0pium
0 replies
12h10m

Normal people are not going to do any of those things. If you force them to, they’ll lose the phone or wipe it or sell it. They will lose the physical key immediately, or break it somehow, or sell it.

This is not a technical problem, and you cannot solve it with a technical solution.

ksjskskskkk
0 replies
15h39m

sell a better solution and get rich.

btw what we have today is the worse of both worlds. apple et al can tie you to a identity which you cannot use to recover your data but they can sell to advertisers or act on police requests from that profile metadata.

Dylan16807
0 replies
10h28m

if you needed to store keys

Is that a plan anyone is suggesting?

toomuchtodo
2 replies
15h45m

Right, this idea that your keys are your ownership interest is not grounded in legal reality and why legal matters end up in court or with regulators: they are the arbiters of the law, not some crypto primitive (which while arguably useful and convenient for security and access control, is not what defines ownership). It’s some tech bro idea of what the law should be, not what it is. The device is yours regardless of the state of private keys on the device, what Apple’s PKI web and FindMy asset status indicates, etc. Observing a judge or regulator issue an order to resolve such an issue, along with penalties for not, makes this clear.

You continue to own what you own as long as you can prove who you are (assuming you haven’t transferred the asset or belonging to someone else legitimately; save your bill of sale!). Tech doesn’t write property law, it is a servant to it and operates within the legal framework (for obvious reasons). Code and keys are not the law; the law is law.

shinryuu
1 replies
13h26m

In this case you continue to own what amounts to a paperweight, if your laptop gets activation locked.

trinsic2
0 replies
2h35m

If I am not in control of the method to determine ownership and someone else is. its not ownership. At the very least, determining ownership should be in the hands of a system that independent of the product purchased and has a certification that it operates without bias.

jimt1234
1 replies
14h57m

First time I've heard "Not your keys, not your device." I love it. Thanks.

ryandrake
0 replies
14h2m

I think it comes from the world of cryptocurrency: "Not your keys, not your coins". Really, it can be extended to a lot of troublesome issues in computing. Like cloud computing: "Not your metal, not your machine" and storage: "Not your drive, not your data". Or E-mail hosting: "Not your domain, not your... well I can't figure out a clever phrase there but you get the point." We delegate so much important stuff to faceless, opaque corporations, and then act all "Shocked Pikachu" when we realize our stuff really isn't ours.

Obscurity4340
0 replies
15h43m

* nacho

qingcharles
3 replies
15h21m

What about those of us who are unable to obtain government ID?

toomuchtodo
2 replies
15h14m

You’re default fucked anyway current state based on this anecdote. Broadly speaking, government should make it as straightforward as possible to obtain a legitimate government credential from an equity perspective for a variety of lifetime identity needs (and about 1% of the US population has no government ID). Out of 200 countries, 170 have a national ID system.

https://www.theatlantic.com/politics/archive/2021/08/voting-...

qingcharles
1 replies
15h5m

I'm the 1% in the USA, due to immigration issues.

toomuchtodo
0 replies
14h49m

No gov creds from home country on hand from across the pond? Should be able to walk into an embassy or consulate and have them provided if you haven’t yet. Purposely being vague to attempt to answer your inquiry without divulging your personal info.

piuantiderp
2 replies
15h40m

This sounds so annoying, why does it have to be gov-issued?

toomuchtodo
1 replies
15h38m

Because those are credentials of last resort trusted at scale. Losing who you are is much more challenging than a secure hardware token or a soft crypto primitive. If you lose a gov credential, the government itself does the hard part of identity proofing to reissue a credential for consumption by those who require identity assurance to complete a transaction or action. A business or other party can then trust that credential, reducing the risk of loss through identity fraud.

Optional of course. For those who want to ride the lightning, they should be able to opt out and eat the loss if they so choose (assuming loss of authentication mechanisms, whether that be passwords, passkeys, private key(s), hardware tokens, totp seeds, etc). For the rest of us, “here is my driver’s license, state ID, or passport, please unlock my property or I’m engaging state and federal regulators and the legal system.” To do otherwise is in violation of consumer and citizen property rights.

lokar
0 replies
13h59m

Sort of, in some places. In the USA identity theft, including getting gov documents is pretty common.

wkat4242
0 replies
13h9m

I absolutely don't want my identity tied to my hardware. Because once it's there the industry will start campaigning to link it to online accounts as well.

I definitely don't trust the government and industry that much.

primax
0 replies
11h37m

I've long wanted something like this for addresses or contact details.

You register your address somewhere, and give access to it to companies by signing their certificate. When you update your contact details, you do so in one place and it sends a notification to each organisation to update their details.

It'd be better as well if you could revoke your permission with that company so they can't contact you.

josu
0 replies
13h49m

here needs to be a mechanism to bind your IRL identity to your digital identity and your device(s)

No, this creates more problems than it solves.

crooked-v
0 replies
15h31m

Estonia has a system a little like that: https://e-estonia.com/solutions/e-identity/id-card/

ahepp
0 replies
12h36m

Broadly speaking, this indicates that there needs to be a mechanism to bind your IRL identity to your digital identity and your device(s)

The link between digital identity and device ownership would have been sufficient to prevent this situation without involving IRL identity. The author had a chance to establish that link, but chose not to.

I enjoy Apple's services, but I can understand why someone wouldn't want their computer phoning home to a big tech company all the time. It's pretty difficult to understand why someone who doesn't want their device phoning home to Apple, would be OK with their device phoning home to the government?

silcoon
19 replies
14h48m

Why I don't buy MacBook for personal use anymore:

- in 2019 spent more than €3K to buy the best macbook 15' available (> 2 months of average salary in my Europe country)

- 2 weeks before the warranty (1y) the spacebar broke, the SPACEBAR!!!. It was a design issue and it got replaced in a few days by the local service under warranty.

- 1 year later, the battery starts dying out. Go to the authorized repairer and it was going to cost me ~€750 to replace the battery since I had to replace the entire keyboard and trackpad to do that.

- I found a PC repair shop that said he can do it for a couple hundred €, and it worked fine

- 3 months later the laptop shut down unexpectedly. The apple refused to fix it (even paying) because I used a battery not official. The Mac is now a brick

So 2.5y of personal use (not professional) cost me €3.5K. More expensive than a cheap car.

edit: the battery replacement with all top case cost me ~€750. Confirmed looking back at the emails

astrea
7 replies
14h21m

Meanwhile Andy could’ve gotten Apple Care for 3 years for $140 USD (~ €128).

suprjami
4 replies
13h57m

I've worked in laptop repair for various brands before (Acer, Dell, Compaq). Whenever people ask my advice I always recommend they buy a laptop extended warranty, and I buy it myself. It usually pays for itself on the first service call.

That said, a thousand Euros to replace a battery is ludicrous. No consumer should be charged that, warranty or no.

For reference, I recently got a second hand recent ThinkPad with a dud battery and bought the genuine replacement battery for AU$200 (€123) and could replace it myself as it's an FRU.

Apple should not be charging literally an entire order of magnitude more for the same part, regardless of the service cost.

windowsrookie
3 replies
13h25m

They don't charge that much. As per the Apple website, they charge $249 to replace the battery in a 2019 16" MacBook Pro.

https://support.apple.com/mac/repair

toyg
1 replies
9h43m

Apple does things cheaper in the US. The imperial periphery gets value-extracted much harder.

BillinghamJ
0 replies
5h54m

https://support.apple.com/en-ie/mac/repair

289 EUR for all 15"/16" MBPs

The only reason they'd require a full top case replacement would be if there was additional damage making them unable to guarantee safety of the new battery

suprjami
0 replies
13h3m

Top poster to this thread has confirmed the cost was €750

zakki
1 replies
13h36m

It doesn't solve the problem when it happens 3y+1d.

windowsrookie
0 replies
13h27m

AppleCare is perpetually extendable now. I still have AppleCare on my 2018 MacBook Pro.

paulpauper
5 replies
14h19m

damn. cheap $400 Toshiba laptop from 2013 still going strong. and another one from 2015.

martinsnow
4 replies
7h29m

You're not getting the same performance out of that laptop, as you're getting from a new macbook pro. Don't be obtuse.

paxys
2 replies
6h57m

You are right, the Toshiba is giving more performance than the MacBook when summed up over its useful life.

trinsic2
0 replies
2h51m

LOL

martinsnow
0 replies
2h57m

I'll say good luck with getting any meaningful work out of it.

skeaker
0 replies
1m

The comparison is not to a new macbook pro, it's to a 2019 one. The 2019 macbook pro is currently giving 0 performance as it is a brick. 2013 Toshiba wins

musicale
4 replies
14h5m

1 year later, the battery starts dying out. Go to the authorized repairer and it was going to cost me > €1K to replace the battery since I had to replace the entire keyboard and trackpad to do that.

So what you seem to be saying is that Apple laptop batteries cannot be replaced for less than €1K if the laptop is out of warranty?

Absolutely incredible. If that's the case, it should really be reported as front page news so that nobody else makes the mistake of buying an Apple laptop ever again.

Jtsummers
3 replies
13h55m

https://support.apple.com/mac/repair

It costs $249 for a 2019 15" MBP battery (not 15', not sure they ever made them that big, GP's laptop may be special). GP's issue is that Apple, per their story, wanted to replace the keyboard and trackpad as well and wanted to charge more on top of the battery replacement.

silcoon
2 replies
13h26m

I got the cost confirmed by two different repair shops. They don't officially replace the battery only, but the whole top case assembly replaced with a cost of something ~€750 in 2021. I checked the emails we exchanged.

dijit
0 replies
6h6m

Batteries are a replaceable component, apple doesn't make it easy but it's not particularly harder than any other device. It's not soldered in and doesn't touch the top-case.

Now: if the battery expanded and caused internal damage (bending the top case and damaging the keyboard) then what you said makes sense, but that's a pretty glaring omission if so.

ThePowerOfFuet
0 replies
12h41m

The part is the same, but the price changes depending on the cause code entered into GSX; if it's sold as a battery replacement, the cost of the replacement topcase is much less than if you spilt a drink on the keyboard.

The AASP was screwing you over, either deliberately or by ignorance.

alwayslikethis
19 replies
15h56m

Mostly unrelated, but I think activation lock and similar schemes should have an expiry date, like 2-3 years. It will drastically reduce the amount of senseless e-waste that are perfectly working computers someone just didn't bother to log out of.

the_black_hand
7 replies
15h5m

ewaste is problem but bricking them is the only strong security deterent. Many criminals would be happy to steal a brand new iphone and resell it after 3 years.

Eisenstein
3 replies
14h47m

I don't think you have thought this through. Organized crime gets phones from thieves that go around in (for instance) concerts and pick pocket and then sell the phones which then get sent to a location where they are reset/parted out and resold. Would they be willing to pay money to the thieves just to sit on a hoard of phones for 3 years and then sell them at suitably discounted prices? I'd wager that is doubtful.

Non-organized crime is generally opportunistic. Would the opportunistic criminal know of this reset date, and if they did would they be willing to wait 3 years to fence the phone? I'd wager that is doubtful.

chongli
2 replies
10h36m

then sell the phones which then get sent to a location where they are reset/parted out and resold

You can’t do that with an activation locked iPhone. The user can remotely brick the device using Find My. The parts can’t be removed and reused either because they all have IDs in them which are locked to the device. A stolen iPhone is nothing more than scrap metal and glass.

Eisenstein
1 replies
9h56m

Quick search for recent news popped this up:

"The officers advised Chistancho that his bag violated the event rules and proceeded to remove it from his possession. Upon inspecting the bag, officers found a smaller black bag inside, which, when opened, revealed a metallic inner lining consistent with a Faraday bag – a device commonly used to block phone signals.

To their surprise, the Faraday bag contained a total of 12 stolen iPhones of various models. One of the victims of the thefts was able to positively identify one of the recovered phones as stolen from him."

* https://wsvn.com/news/local/miami-dade/two-phone-thieves-nab...

If they can't use them for anything, what would they want with 12 iPhones?

The user can remotely brick the device using Find My.

I guess that's what the faraday bag is for.

chongli
0 replies
1h29m

The faraday bag will only prevent the device from being bricked while it’s inside. As soon as it goes online, it’ll phone home and brick itself. Thieves may be able to move the phones inside these bags but they’re effectively useless, so their fence value is very low. They basically need to scam people into buying these things, knowing they’ll fail as soon as they’re used.

Unless you have a link to show evidence that they know how to modify the devices to prevent them from ever phoning home again? Because even if you somehow manage to reset and wipe the device offline, it’ll still phone home and brick itself as soon as it gets a connection because the ID is in hardware.

paganel
2 replies
14h25m

Had the iPhones still remained somehow reasonably priced then we wouldn't have had the thieves problem, or not as big, that's for sure. But when a new iPhone can already cost you ~1300 euros then things change, iPhone users now have a target on their back.

gorbypark
1 replies
7h14m

Anecdotally, in my area it's been the exact opposite. iPhones (back when they were cheaper!) used to be much less locked down, and thieves would target people specifically to steal their iPhone. Now, as the phones are locked down, and even using them for parts is much harder with the serialization of parts, it seems that the targeted theft of iPhones is much, much lower.

paganel
0 replies
4h3m

Yeah, that makes sense and it's partly covered by what I was saying, i.e. because the iPhones have become more expensive and hence, by definition, more valuable to both those owning them and to potential thieves, Apple has had to implement these locking policies which have caused the problem the author of the article had.

I can understand how come fewer iPhones would get stolen now compared to previous times, but I do think that that the level of "implicit" targeting by thieves has indeed increased which has made Apple also increase the level of locking.

In a way this situation is similar to thieves stealing from poor people house's compared to stealing from wealthy people's houses. Meaning that, even going by percentages, I'm sure that poor people's houses are broken in by thieves a lot more compared to wealthy people houses, and that is, mostly, because wealthy people's houses are a lot more better protected (because there's much more valuable stuff to steal from there compared to poor people's houses).

But that extra protection comes with its one intrinsic/hidden costs for those enjoying said protection, for example one cannot freely "choose" where to own a wealthy house, you're restricted by the "good" and "safe" areas, in effect limiting your freedom of choice (which is a cost in itself). There's also the "inner" phycological cost of realising that your own protection depends on a system outside of your control, a house's security system in the case I mentioned or a big US corporation in the case of the author here, that's also a hidden cost. And there are many other such costs.

All this is part of the many paradoxes related to security and defence, really interesting topic by itself.

qingcharles
4 replies
15h19m

Last year someone who owned a bar gave me a whole box of iPhones, lots of very new ones that had been left behind and never collected. Out of about two dozen phones only one was recoverable (iPhone 7), all the others were ewaste.

talldatethrow
3 replies
15h13m

Can't they be sold for parts on eBay?

qingcharles
2 replies
15h6m

As I understand it only some of the parts can be reused (the case?) as the parts now have ID in them that has to match the rest of the device. You can't replace the screen in an iPhone without a call to Apple to update the ID numbers.

talldatethrow
1 replies
14h59m

Jesus. Are even the batteries like that? Ive replaced the battery on my pixel 4xl with a $19 Amazon new from China copy.

chongli
0 replies
10h40m

This is all part of the program to fight theft. If the parts were freely usable then people would be stealing devices and fencing them to chop shops.

c0pium
4 replies
15h34m

If it’s a corporate MacBook that’s not a concern.

WWLink
2 replies
15h20m

It should be. Corporations are probably the biggest producers of ewaste there is.

c0pium
1 replies
12h15m

It’s not a concern because corporate linked MacBooks can be easily unlocked by the corporation regardless of if the assigned user is available or logged in.

chongli
0 replies
10h39m

Sure, but lots of corporations will have all their old devices shredded rather than unlock and sell them.

FireBeyond
0 replies
13h20m

On one level it’s not because if you hand me a DEP/MDM MacBook, even T2/ Apple Silicon, it can be completely bypassed in under three minutes with no issues.

talldatethrow
0 replies
15h13m

I worked at car dealerships before, and the number of iPads thrown away eventually because no one can log into them after a while is atleast 10+ that I've personally seen. Basically about 33% of them after a year.

the_black_hand
10 replies
15h17m

why would anyone in their right mind not set up "find my" ?

iJohnDoe
4 replies
15h10m

The location data could be subpoenaed later. Account could be compromised later and used to get location of person. Apple could get hacked tomorrow or 6 months from now and all location data leaked.

Journalists. Human Rights Activists. Etc.

the_black_hand
1 replies
14h56m

The vast majority of people do not have to deal with these concerns. The odds of you losing your device are way higher than Apple getting hacked by orders of magnitude. If you are someone who falls into these professions then you probably should know what you're doing and disable it, or buy a different phone, or have some kind of backup security in place.

hnfong
0 replies
14h48m

The vast majority of people

You said "anyone". GP gave examples.

gruez
0 replies
14h30m

At least on macs you can enable find my with location services disabled, which mitigates your concern.

fh9302
0 replies
13h34m

Find My network uses E2EE so the location can't be subpoenaed.

trynumber9
3 replies
14h36m

I don't set it up. Crime is not really an issue in my house.

crazygringo
2 replies
14h17m

I mean... it's not until you get robbed/burgled.

AlfeG
1 replies
8h30m

But this may not help owner. Yes bugler will sell laptop much cheaper for spare parts, but he will not return it to the owner.

crazygringo
0 replies
4h44m

Or it may help the owner, if they robbed a ton of valuable stuff and didn't realize the laptop was transmitting their location.

If it works some of the time, that's valuable.

grishka
0 replies
13h25m

I didn't do it because while I do use a Mac, I don't need or want any of the Apple's online ecosystem.

hliyan
8 replies
15h17m

Every business should be able to service their customers in human-to-human interactions. "We're too big to have humans speak to our human customers" is becoming normalised and that's a trend we need to reverse. Growing revenue streams without investing in the support those revenue streams need, is a bad business practice.

edude03
2 replies
15h9m

It's a poor moral practice perhaps but arguably a good business practice to spend as little as possible on "cost centres"

tadfisher
0 replies
14h13m

Agreed. f Apple did this they'd quickly go from a $1 trillion dollar company to a $999 billion company.

balderdash
0 replies
14h8m

It’s short term thinking - if you want don’t want repeat business burn your customers.

I got given a Patagonia bag (not my thing), the wheel broke off (thanks AA), took it to a store, and the customer service was so good I’m a convert. Conversely, I recently stopped using a service I spent >$20k a year on because their customer service was so bad. Can you boost profitability short term? Definitely, but I suspect in the long term you trading long term customer NPV for short term profits

woutr_be
1 replies
11h22m

I recently had a human at my local banks' branch (after 30 minutes of waiting) tell me I should call their phone hotline to get my issue resolved. They couldn't (or refused) to do it in person.

j16sdiz
0 replies
9h5m

In many bank, the teller just don't have access to the system that can resolve your issue. They can call the hotline on your behalf, help you fill out forms and verify your identity.

lotsofpulp
0 replies
15h15m

You can get a phone call from an Apple representative very quickly in my experience.

https://support.apple.com/contact

eviks
0 replies
10h28m

Have you had no experience of a useless human wasting more time than a chat bot?

dijit
0 replies
6h4m

Ironically part of why I use Apple products at all is the human support staff available to me when I lived in London.

Problem with Dell, HP, Lenovo -> ship it back and pray

Problem with Apple -> walk into covent garden and ask.

My experiences with Apple support has been nothing except glowing. (Apart from one work incident where our IT supplier ordered Applecare (3 years service warranty) instead of Applecare+ (2 year accidental damage) - and my employee dropped his laptop).

crazydoggers
8 replies
15h22m

I’m sorry, but I honestly feel like this is the OPs fault entirely. It’s clear they had disabled account security on the laptop, in order for the other user who swapped laptops to add their account to that laptop. It’s not even that they didn’t enable “Find My” (which it does during initial setup, all you need to do is add an iCloud account)… he disable the password required setting to open the Mac. (Yes you can disable the requirements for logging in, but it’s definitely not the default setting) If you jump through such hoops in the first place to weaken your computer’s security, your can’t claim it’s not your fault when someone encrypts your computer on you.

I buy Mac’s specifically because for me this is a feature. I have backups. And if someone steals my laptop or I lose it, I’d much rather be out the money and the hardware and have it 100% bricked unusable and inaccessible, than have any possibility of my data getting accessed. (Not to mention making it worthless to the average petty thief).

Creating a work around, no matter how many N levels of authentication means there’s a hole for social engineering, and I’m definitely not a fan of that.

So it’s a trade off. If you don’t care about such level of security, then there are other laptop options, but please don’t ask Apple to start making their security weaker because there are those of us who want it this way.

And if you’re traveling with your laptop, put a password on it at least, and better yet encrypt it.

the_black_hand
3 replies
15h12m

Agree. OP messed up. How would anyone not bother to set a password or "find my" on a $1200 Macbook? That's just negligence and complaining to Apple about it is a bit silly. I haven't set up a Macbook in a while, but I bet you have to go out of your way to disable those security features.

crazydoggers
1 replies
15h5m

It’s a little like buying a Lamborghini, and then speeding and totaling it, and then complaining they need to make it not as fast so you can’t do that.

crazydoggers
0 replies
12h7m

To be a little less facetious though, at what point do we expect a company to dig us out of our own mistakes.

Let’s say you didn’t know you had to take your new car in for an oil change? You ignore the warning lights and requests to service the vehicle. When the vehicle breaks down, I think it’s obvious that the car manufacturer can’t be responsible for fixing it for you.

To me, this is the same. The computer is functioning exactly like it should, locking him out is a feature for the vast majority of users, requiring some very basic knowledge to prevent/fix (as mentioned in my other comment, it’s hard to have what happened to him happen without circumventing security on the mac)

s3p
0 replies
15h0m

How funny. I had my mac repaired by apple a few months ago because of a strange display issue. Repair was free and took ~2 days. Just checked Settings and it turns out Find My has been off this entire time.

Just goes to show that some of us genuinely forget! Not all of us remember to re enable this stuff 0.2 seconds after we turned it off.

Edit: I'm sure HN already knows this but just adding in here: Apple doesn't accept devices for repair until Find My is turned off and that's why mine was disabled

lokar
3 replies
13h44m

You can reset a Mac without a login if it does not have “find my” activated.

crazydoggers
2 replies
13h12m

That’s not true with new Macs. If you go into recovery mode it first asks you for the machine password. If you say you forgot; then it will try Apple ID.

OP specifically states this was a new M2, so it’s not possible unless he left it unlocked.

It might be possible if he never associated it with an Apple ID at all (literally the first thing the setup asks you to do, I’ve never tried not). Without an Apple ID though, you can’t update/upgrade the OS, download App Store software, use iCloud backup, iMessage, FaceTime, apple care, contact warranty support etc etc. And Mac is pretty good about bugging you to do this. So if he did this, saying just “I didn’t enable Find My” is a bit disingenuous.

So to be clear, you cannot reset a Mac without a login just because it does not have “find my” activated.

BTW, then he also admits “maybe I setup an iCloud account I don’t remember.” But his other linked article about this states “They presumably can see that my Apple ID is associated with it.” Ummm. If that’s the case, why doesn’t he recover the Apple ID first? So on closer inspection a lot of things don’t add up, other than the fault was almost certainly his.

yakkityyak
1 replies
7h52m

What about a DFU restore?

crazydoggers
0 replies
30m

My understanding is that someone still needs your Apple ID login to get DFU mode to work.

ahepp
7 replies
13h29m

The story is 2500+ words in two different articles, to summarize:

* The author's MacBook was lost/stolen

* Because the author hadn't set up Find My, someone else was able to reset the laptop

* When the author recovered the laptop, someone else had set up Find My and reported the laptop lost

* Because someone else had set up Find My, the author was unable to reset the laptop

* Apple refused to reset the laptop for the author, despite the author having a receipt for the laptop's original purchase

It's interesting to me, because it's actually an inversion of the whole "we don't own our devices anymore" trope. The author successfully begged Apple to backdoor an otherwise effective security and ownership protection.

Apple gave the author the tools to recover their laptop in the event it was lost or stolen, and the author consciously chose not to use those tools. Possession is 9/10ths of the law, and if you don't have Find My enabled it's 10/10ths of the law.

That means if someone else gains possession of your device, and you chose not to use Find My, there is nothing Apple can or should do to save you. How would they know who the legitimate owner is beyond possession or Find My? People sell used MacBooks all the time.

Just because the author was the original purchaser, doesn't mean they are the rightful owner. In this case I believe the author probably is the rightful owner, but I would rather Apple not be the judge of that.

This is literally only a problem for people too stubborn to set up Find My, who also care deeply about recovering their laptop if it gets lost. Think about how paradoxical that is!

rbut
2 replies
13h12m

This is literally only a problem for people too stubborn to set up Find My

I disagree with this. I have never enabled Find My because for privacy reasons I don't want my location being transmitted to Apple.

What would be better is some means of opting out of Find My being able to ever be enabled on my device.

If I ever sold my device I'd have to communicate that to the buyer, and I may lose some resale value, but that's a compromise I'd be willing to make.

chongli
0 replies
10h32m

You can turn on Find My and disable location services for the device. That prevents it from being tracked but still enables you to lock and remote wipe.

What would be better is some means of opting out of Find My being able to ever be enabled on my device.

How would that work? A fuse inside the device? Seems like it would make the device vulnerable to an electrical hack.

Why would Apple develop such a feature anyway? I bet fewer than 1% of users would use it.

ahepp
0 replies
12h59m

That's an interesting idea. Some kind of e-fuse that can permanently disable Find My. As you say, there are some concerns for resale, but let's assume those can be worked out.

I am not sure I see the feature being very useful. If you have lost your laptop without Find My enabled, and someone else gained possession of the laptop and wanted to activate Find My but couldn't because of this feature, you would still almost certainly not be able to recover the laptop. So what does the feature do?

Take this story, for example. If the laptop hadn't been bricked, it seems unlikely that it would have found its way back to OP.

asdgaijion
1 replies
13h17m

It's interesting to me, because it's actually an inversion of the whole "we don't own our devices anymore" trope.

No it isn't. "Find My" is controlled by Apple, not entirely by the user. The fact that it is possible for Apple to undo the lock proves that the device isn't controlled by the owner.

ahepp
0 replies
13h11m

The fact that it is possible for Apple to undo the lock proves that the device isn't controlled by the owner.

I agree

I think it's an inversion of the trope because this is presented as a good thing, and something that Apple should do more of.

jrmg
0 replies
12h26m

It’s also interesting how almost all the negative responses here are comparing the situation to what would’ve happened with a laptop that has no feature like ‘find my’, and somehow concluding that the original owner would’ve been in a better situation if ‘find my’ did not exist.

But the reason the laptop was bricked was that someone other than the owner _deliberately bricked it_ (by turning on ‘find my’ and locking the laptop to a new iCloud account). It’s always been the case that a thief could break your laptop (and not return it!).

Additionally, the only reason they got their (non-functioning) laptop _back_ was that the thief realized they couldn’t unlock it and thought it was tied to the original owner’s iCloud account! If it had been working, I don’t think they’d have got it back.

Lockal
0 replies
7h23m

In the summary you skipped few points:

1) First article mentions: "I have a couple of theories though. I set up Find My with an Apple ID that I don’t remember"

2) Second article mentions, that he attempted to report this as a vulnerability bug bounty program and disappointed that it wasn't considered a vulnerability.

3) The whole premise of "an email to Tim Cook" looks like a clickbait. By the point when he sent this email, his previous blog post already reached the top of Hacker News. There is no indication that Tim Cook was involved. The email was processed by staff in Japan.

The combination of these 3 facts make the whole story look very fishy. Given that author does not remember if he configured "Find My" at all, consequent "we don't own our devices anymore" sounds like populism and appeal to sentiment rather than a logically valid inference.

Kon-Peki
6 replies
14h2m

This policy is to prevent people from selling their laptop to someone (who sets up an account with Find My Mac) and then stealing it back and requesting Apple to make it theirs again.

jojobas
3 replies
11h38m

Selling and stealing back can't possibly happen often enough to warrant that, can it?

thih9
2 replies
9h45m

With an attack vector this significant, frequency matters less. Would you want to rely on a laptop if some third party (original owner) could reassign it to themselves?

jojobas
1 replies
9h24m

This warrants signing some paperwork when purchasing, not including a hardware rootkit at the factory.

thih9
0 replies
6h59m

The hardware rootkit is there for a different reason, I was only saying why they don’t allow original owners to circumvent that.

BlackFly
0 replies
6h0m

No policy they put in place will actually coincide with the legal definition of ownership though. In many jurisdictions, there are conditions where you can lawfully purchase stolen property, there are some caveat emptor issues, but assuming the lock occurs after purchase, Apple could in theory be compelled to unlock the laptop for the new owner. There are all kinds of other less dubious ownership transfers as well. Apple just isn't in a position to arbitrate them all while the law recognizes a second hand market.

Asooka
0 replies
6h33m

That sounds only slightly less plausible than using it to hack and blow up a nuclear power plant. A scenario against which the MacBook has zero protections in place.

neom
3 replies
15h38m

I got a pair of Airpod max back from Apple (they'd evidently replaced them with a refurb pair.) Didn't use them for a couple of days till I heard them making a sound. I pulled them out and got a notice on my phone that the AirPod Max I had was associated with an iCloud account. I wasn't super stoked about getting a pair of trackable headphones given to me by Apple so I emailed Tim and explained the situation. Got a call back the next day from someone in the Apple exec service team asking for the details, I explained and mentioned I wanted 2 things resolved. Non-refurbished pair of headphones and an understanding if they could have indeed been tracked or not. The next day got an answer back on both of them: no, can't have a non-refurbished pair. And, yes, could have been tracked via the find my the headphones were attached to, sorry about that!

Washuu
2 replies
12h33m

The fact that they are replacing them with a refurbished product is ridiculous in the first place.

angulardragon03
1 replies
8h8m

Refurbished Apple products are generally in almost indistinguishable condition from new, and are thus likely in better condition than a device you bring for repair months or years into using it. Using refurbished devices to replace used devices is a surefire way to "reduce, reuse, recycle" (especially considering that refurbishing also re-uses any returns Apple receives).

microtherion
0 replies
5h4m

These are all good arguments, but that does not absolve Apple from the responsibility of checking that their refurbished products are not registered to a different ID. That device never should have been accepted for a return, let alone shipped to a different customer.

CSMastermind
3 replies
15h53m

When first activating a MacBook, Apple makes it easy to skip setting up FindMy. But given the severe consequences for not doing so, I think either need to revise the setup workflow to make this downside abundantly clear, or revisit their unlock policy altogether.

Seems like a reasonable suggestion, hopefully someone at Apple sees it and adds in a warning about the consequences of skipping that step.

iJohnDoe
0 replies
15h15m

Is this because if you do not add the device to your FindMy account, then someone else can add it to their account and lock the device?

If that’s the case, then that should be the warning.

“If you skip this step, then someone could add this device to their FindMy account and lock you out of your device. Apple will not help you under any circumstance if this occurs. We recommend adding this device to your FindMy account to maintain access to this expensive thing you just bought.”

c0pium
0 replies
15h35m

And then they will immediately get publicly roasted for scaring users into creating that account. There’s no stance they can take here which makes everyone happy.

Terretta
0 replies
8h1m

I'm firmware locked out of an OS-update bricked Macbook 2019. I wouldn't care if the OS booted, I don't need the firmware password to use it, only to wipe it. I don't really want to wipe it, I want it to boot.

I bought it with cash in Grand Central. I have my welcome to your New Mac email from the week they launched and it's in Find My still today. But I didn't keep the cash receipt and I password protected the firmware before an International trip, and don't remember that.

Apple will not unlock it, though it's in Find My, and has only been mine for its entire history. (They also won't unlock it, fix the bricked OS update, and lock it again, which would be fair enough. But as I see it, they broke my machine, and they prevent me from unbreaking it.)

So FindMy won't save you from yourself. :-/

bitwize
2 replies
15h15m

Reminds me of the time my dad bought a TRS-80 and the screw holes were filled with Glyptal to prevent end-user repair or modification. He drilled through the Glyptal, then contacted the literal president of Tandy to complain. Tandy never sealed the screw holes to its computers again (though they did still do the "warranty void if this sticker is broken" trick on some of their equipment). I doubt Apple will fix their practices though. They may be in the right: as soon as that MacBook got stolen it should have been considered compromised and completely forfeit. Cryptographically tying your hardware to your digital identity, as Apple does, provides, among other things, a means to recover your hardware without having to consider it untrustworthy.

Hell, Tandy may have been in the right. TRS-80 hardware was bodgy as all get-out and sometimes downright dangerous to open: the cathode on the CRT was dangerously close to the mainboard and likely to fry the computer, if not the user, if the user wasn't skilled enough to open the machine very carefully.

ryandrake
0 replies
13h53m

It's never OK to prevent a purchaser from doing something with the item he purchased. If I buy something from a company, I should be able to take it apart, learn about it, fix it, resell it, or throw it in the trash, all without begging the manufacturer for permission. We should not normalize this practice of manufacturers having these "tethers" into the products they sell.

musicale
0 replies
14h0m

Tandy never sealed the screw holes to its computers again

Good that they actually fixed it when he complained!

They also apparently sold a terrific "technical reference manual" that explained the hardware design and operation in detail and also included a parts list and schematics:

https://www.trs-80.com/wordpress/publications/manuals-servic...

I believe Apple used to provide schematics for its early machines as well.

RagnarD
2 replies
15h5m

That such an email led to a positive resolution for him should be a giant red flag to Apple. I doubt this is just a corner case, so it means that Apple's systems are badly flawed and need to be corrected.

shinryuu
1 replies
13h21m

Any system is flawed in different ways. The fact that apple has a course corrective measure through cooks email is a positive.

eviks
0 replies
10h21m

Any system has some course corrective action, so then it's not a positive

pfannkuchen
1 replies
14h43m

I’m entertained that Apple has an informal customer support service built under Tim’s email. He doesn’t actually personally read these does he? I’ve heard of a few other examples where this worked, including for other companies. How does this work internally?

wkat4242
0 replies
13h6m

It's a practice started by Steve Jobs who (very rarely) read customer emails and followed up. Not always positively. The iPhone 4 "you're holding it wrong" thing came from there too.

Knowing cook's process driven nature he probably just put a team on it.

kazinator
1 replies
13h59m

A user being denied access to a resource they own is a security issue. It has a name: denial of service (attack).

jojobas
0 replies
11h35m

Any Apple device connected to the interwebs is at Apple's sole discretion.

They literally can lock you out at any time. Think different.

user_of_the_wek
0 replies
2h40m

I'm sure this is true for a lot of companies, many have a support department that takes care of the "difficult cases". On of the quickest ways to get in touch with them is through sending emails or letters to the CEO. Bonus points if strongly worded, although the people working there will hate you while trying to help you out. They might be better connected and have options to handle things that a normal support person doesn't have.

Source: I'm married to someone working in one of those departments.

turquoisevar
0 replies
12h0m

I’m happy for OP, but this is for the most part working as intended.

Ownership is hard to establish in a world where selling 2nd hand and gifting items exists. Last thing you want is to facilitate a boomerang scam or give an abusive partner control over someone’s device.

As far as I know Find My is opt-out nowadays and while Apple could see if they could tweak the onboarding language a bit to warn people of potential bad outcomes, you want to keep onboarding clean in general and including all ifs and buts for every feature would make that impossible.

I think there’s also something to be said for the lack of curiosity amongst users these days. Apple publishes manuals for all their devices which go into great detail and get updated with every major OS update.

Devices also offer up a tour (macOS) and tips (iOS) that go over useful features. And there’s of course the option to look into features yourself.

politelemon
0 replies
9h26m

A simple lesson I feel many including the author are missing after that ordeal. It's not your MacBook.

oneplane
0 replies
15h17m

This has happened with various anti-theft systems for a really long time, most of those cases not having a happy ending (some sort of class-action payout of a few pennies at best).

I wouldn't be surprised that there is no real 'have your cake and eat it too' version of this where you can make something secure (both integrity and confidentiality) while also not risking losing access or ownership yourself. At least not yet.

It has the same issue trying to make a 'regulatory backdoor' in a crypto system, it just weakens the system and as a result just means such backdoors get abused by everyone making the crypto system worthless.

nuker
0 replies
14h53m

I believe my letter to Tim Cook worked too!

MacOS Big Sur broke support for high refresh rate external displays for Intel Macs. It was the DSC feature of HDMI/DP protocols, 4 years ago. Everyone that had it working at 4k@144Hz in MacOS Catalina, got only 60Hz in Big Sur and later.

Apple Support / Engineering department had me to install Catalina, show that 4k@144Hz actually works, got a ton of diagnostic data and came back with "you may downgrade to Catalina as a solution" LOL

Wrote to Tim Cook, with case number and, wait for it, MacOS Sonoma had it fixed!

keepamovin
0 replies
13h31m

My theory is that the shop reset the MacBook and reported it as lost with a new Apple ID in order to extort the person//Perhaps the person didn’t want to admit it, but they actually paid money to the shop, who initially gave it back to them “unlocked”. Later the shop could lock it again by reporting it as lost, as a way to ask for more money from the person again.

Wow...

Moral of the story is never take your Apple devices for any kind of internal repair to anyone except Apple authorized shops. There's a lot of tiny device shops that do fantastic work with all kinds of phone screens, protectors, fixing broken stuff...but there's definitely some unscrupulous ones out there. Really sad that these scammy ones give the tiny hard-working little shops a bad name...:(

gymbeaux
0 replies
12h42m

Oh absolutely it was an extortion attempt from the shop. Name and shame if you can.

gojomo
0 replies
14h49m

Seems another example of Apple pretending it can't (or never would) do something related to stolen equipment – that they can & actually do if you just reach the right person with the right request.

My related story of someone likely circumventing my activation lock, using either fake docs or a compromised Apple-authorized agent, a few days ago: https://news.ycombinator.com/item?id=38622248

encoderer
0 replies
14h0m

How many people work in the “office of the ceo” in a company like Apple or Amazon? Does he have like 5 assistants that cover different areas or is this a fully staffed org with 30+ people around the world?

dang
0 replies
13h15m

Related:

Not setting up Find My bricked my MacBook - https://news.ycombinator.com/item?id=37865941 - Oct 2023 (556 comments)

crawsome
0 replies
14h39m

For most people, this is a "You didn't know the consequences, so you never did it" kind of situation. I partially blame the process. The OOBE workflow gives you the option to not enable Find my Mac, so some percentage of users refuse. Not all Mac owners are fluent in Apple's walled garden.

But to counter my last point, owning a mac requires a mild investment in learning, and a lot of buy-in for their ecosystem, including linking and locking it with an online account. Apple Store. Apple Music. Activation Lock / iCloud everything. Not all users are fully aware of that though, and OP's scenario is one of those journeys.

But now that you know, this scenario is analogous to keeping a spare key outside your car. Someone can take it and install a new lock cylinder.

If your laptop changes hands and someone wiped it and put an activation lock of their own on it. This is working as intended. There's no functional difference between selling it to that person because anyone can wipe a machine and put a new lock on it.

The alternative includes setting up an activation lock of your own, or putting MDM on it.

This is a feature of Apple's walled garden. You either go all-in, or you go against the grain and lose the benefits and get blindsided by an unforeseen experience.

Personal thoughts: I manage Macs for a living, but never will buy one of my own. Not just the walled garden complaints above, but a 5 year old Lenovo with similar specs is a better technical investment than a 5 year old Mac. The Mac will be slower with 5 years of OS updates, meanwhile the Lenovo you won't really notice a difference. It's also less than half the price.

artdigital
0 replies
12h2m

Wait so help me understand this - how did the store revoke the existing activation lock?

Or did this happen because OP forgot to setup FindMy when they first got the device?

DeathArrow
0 replies
10h31m

So what should other people in this position do? Complaining on HN and emailing to Apple CEO isn't a working model.

What about a lawsuit against Apple?

ChrisArchitect
0 replies
2h3m

What is this scenario where someone's laptop gets stolen and then somehow returned to them? Is that common? Never heard of that ever. And with all this information about what happened to it while it was stolen. So weird.