So i'm not the only one, huh. Got myself an iPhone, downloaded 2 apps, went to bed, woke up to a complete lockout. They unblocked me through a phone support request, after 18 hours, and then hit me with a fresh ban, not even 24 hours later. Account got permabanned after like 5 more calls, where they just started sending me a legal notice instead.
The fact that your device can become a complete brick, because of an issue in their completely hands-off account management system, smells like a class action suit
I bought an iPhone a couple of days ago, and was planning on using the weekend to finally migrate from my old Android phone. Luckily, I haven't even opened the box so I should be able to return it for a full refund. No way I'm spending over $1000 for this kind of experience.
Black swan events can happen to you. Recently I traveled to a European country from my base (Middle East). I normally take my phone and laptop with me and they are synced. I forgot the laptop charger and could not get one locally not at least for about a week and then dropped my phone and it got damaged. I bought another phone (Adroid) and tried to log in to by google accounts. It recognized the email and the pswd but then wanted verification from the original device! Despite having the original sim in the new phone.
On my return everything went smoothly through my laptop. Scary though.
My conclusion - have two physical phones + laptop all synced, plus hardcopy of important pswds etc.
Data is easier to protect by offline and online back-ups, but your online identity is hard.
Don't bind your online identity to Apple or Google or Microsoft, in particular not the email addresses you use for accounts. That at least limits the damage they can do.
Fundamentally it's going to be be bound to someone though. If you run your own domain to host your main email address, you're now bound to the registrar's login to manage that domain name, and also the cloud provider you're using to host the mail services (unless you run that off a machine you have physical access to).
If you use your own domain, open source software, and backup often they can't lock you up forever like Google/Microsoft/Apple tho
You're missing my point that you're still beholden to the domain name registrar that manages your domain name on your behalf. That account getting permanently locked out will have all the same bad consequences for your online life as your Google account getting locked out.
And keep in mind that being a domain name registrar is a low margin business (typically they're only grossing a few bucks per domain per year, before accounting for any other expenses like staffing and systems), so you're not gonna get great support.
I don’t think anyone is arguing that they can get away from the chain of trust required to operate in the modern world.
I believe they are advocating for minimizing risk by not deeply integrating with capricious cloud providers.
The backup for that is a registered trademark on the domain. Recovery via ICANN procedures is slow, though.
Yes, but you can choose a medium-sized, established registrar with a functioning human support desk, where you are the customer instead of the product driving hyperscale ad revenue. The hosting provider is not an issue, because you can switch very quickly to a different one if needed, and only have to change your DNS entry at the registrar, or whatever you use as your nameservers. Depending on your country’s jurisdiction, you also may have some legal rights to the domains you acquire under the country TLD and are not exclusively at the mercy of the registrar.
iTunes didn't even allow you to add your own album art. To do so you had to be signed in with Apple ID, so Apple could look up the album details on the iTunes store and set the image that way.
This was in 2008, so the software ecosystem lock-in strategy was already well-established back then.
This is utterly false: https://www.youtube.com/watch?v=bnBsIAiZfFc
You could always edit artwork in iTunes. Indeed, you could import albums from your own CDs and not even use the iTunes Music Store at all.
The video you linked is from 2015, almost a decade after the time period I referenced in my comment.
You're seriously doubling down on your ignorance instead of just admitting that you were wrong?
Google Search tends to favor more recent links, but here's one I found from 2010, which is closer to your 2008. https://www.macworld.com/article/206005/itunesart.html
I've now provided two points of evidence. Now show us yours.
I was adding my own album art to ripped CDs since well before 2008.
Which is why they make it so hard to avoid doing this.
Using your own email account doesn’t generally make things more difficult.
I'm thinking of Microsoft Accounts on PCs and how you need to know how to jump through hoops to avoid them at OOBE. And about how this is about AppleIDs and losing them - it's my understanding that Apple is less aggressive about AppleIDs than Microsoft is about Microsoft accounts, but also, TFA. Google has similar levels of fuckery especially if you're on Chromebooks but Google's sin is nonexistent customer support. I wouldn't want my most important email address to be tied to any of these three, although I speak as a gmail-using hypocrite who plans to change that soon.
The thing that really bugs me about Google is you can make an account tied to an unrelated domain, but then they don't let you use that for a lot of things, so you're forced into a gmail account.
There really isn’t a good solution for this for the masses, is there?
Buying a domain is not difficult, nor is configuring it with a mail service like Fastmail. Yes, it’s slightly more involved than signing up at GMail, but it’s less complicated than doing your taxes (YMMV). The more people do it, the more helpful resources and service would appear for it. The problem is most people don’t care until they get unlucky and their account gets cancelled for inscrutable reasons. It would be better to have regulation that protects users.
And then say, Meta decides to ask for login verification on your other device, and you lose that account because you always logged to it through a browswer in private mode, so no device actually has an active session. Happened to my wife the other day.
IT "Security" is reaching new heights of being bullshit. You can't win, and asking people to buy multiple devices and keep them continuously in sync is a bit much, and not even a guarantee of safety anyway, as next week Google or Amazon will hit you with some next weird trap to keep you "sekhure".
You likely don't need to buy multiple devices. I log in from random countries/VPNs all the time and never have issues, but I do have 2fa enabled. If your account only has a password and there was a suspicious sign in attempt, it's reasonable for them to ask for additional verification somehow because you could be a victim of a credential stuffing attack. It's hard for companies to win here. Either people complain about their accounts getting randomly locked because they were on vacation in Romania and tried signing in on a new device, or the companies get grilled by the media for "failing to proactively protect their users' data" or whatever.
I would agree with you if there actually was anything different in a suspicious way about those logins. There weren't. Same devices, same ISP, same browsers, not even an OS update in between. Just one day, few days ago, out of the blue, Facebook decided to pop up a conformation request, offering no alternative to confirming from "another device", and that's with them knowing (or at least having that information available) that there are no live sessions of that account (the whole browser in private mode thing).
Maybe the companies can't win, but they also have themselves to blame. They shouldn't have convinced people to entrust their only copies of data with them. Your vacation photos should not depend on someone's cloud platform. Half of your entire offline life shouldn't depend on Google not randomly locking you out of GMail. But here we are, and I'll keep calling those "security updates" bullshit because they don't care about long tail, and they don't care about hazards they create for most of their users.
My experience with Meta is it is just a PII fishing expedition masquerading as a security check.
I abandoned my facebook account when they asked for my driver's license scan, a few weeks later suddenly they didn't need it after all. My BIL recently wanted me to check sout omething he had setup on facebook and I found I could "login" by clicking one of the "what are people doing" spam emails they send. I've never used it on this PC before and have no idea what the password even is anymore. Super secure.
What would happen if you send them a realistic, but fake generated scan?
How many laws would that break?
It breaks a law when you are legally required to authenticate. But when a random dude on the internet asks you, you're not required to do anything.
Unless you explicitly logged out, they likely to see the opposite picture, i.e. numerous "valid" sessions (as opposed to active) that haven't been used for varying lengths of time because you logged in, but from their perspective, you never logged out. You just cleared your cookies which means the session is still "valid", even if it's inaccessible to you because the session cookies have been cleared from your device.
I don't know if they take any of this into account but as you've pointed out, assuming that the rightful owner of the account must have access to a different session is a huge assumption to make.
That's the reason to setup 2fa, because otherwise monopolies can legally kick you. Well, they can kick you anyway, because they are monopolies.
I can easily imagine an AI algorithm noticing a user has two phones, and deciding that is out of the ordinary and suspicious, and locking you out of both.
>My conclusion - have two physical phones + laptop all synced, plus hardcopy of important pswds etc.
Why do you need more than a single phone plus a hardcopy of your Google recovery codes (assuming you know your Google account password)?
Because, as I can tell from a similar experience to GP's, they also won't save you if the authentication infrastructure decides you're not who you say you are.
If I lost my phone, I would still have access to three different recovery methods:
- I have my recovery codes
- I have access to my recovery email address
- I have access to a TOTP token
I would hope this is sufficient to persuade Google's authentication infrastructure to let me in.
As I learned in Google SRE: "hope is not a strategy"
Hope is part of every strategy that doesn't have infinite cost.
In case one phone doesn't work or is lost or stolen or broken, I guess. Plus buying a second phone is great for the economy!
Society was collectively sold this deal where if you entrust everything to a trillion-dollar company, you'll be treated well and this sort of thing wouldn't happen. Yet it appears to be happening, and the trillion-dollar company that has the resources to deal with this so far isn't being very helpful, and it's falling to the consumer to take insane amounts of proactive measures to not have their digital lives fucked up when the exact deal was that you wouldn't have to, but of course now the party line will be "well you were obviously stupid to believe the trillion-dollar company's trillion-dollar marketing, then."
And I'm annoyed as one of the people who did not buy into it.
Even more damaging is the lie that modern tech continues to sell people: that they're too stupid to use computing technology, and all the restrictions of the platform (relative to real computers) are actually for their benefit and not the corporation's.
And, almost everything is a "computer" nowadays, from your phone to your car to your refrigerator, but only the OG computer is even remotely "fixable" to the average consumer. All the others, you're hamstrung and forced to go through official channels for subpar, marked-up service because if you try to do anything yourself they'll brick your device and maybe sue you for good measure.
I had a similar experience with google a while back.
My conclusion: Eliminate what little remaining usages of their services I have.
Doing that with iCloud and Google would be a colossal pain. This event has me thinking more seriously about self-hosting a few more things.
This. I never used the Apple's Cloud offerings to backup things - and I stopped using any Apple devices since the BatteryGate. I semi-degooglify my Android(s), and never use the "Google-*" (contacts, calendar, etc.). I block them with NoRoot Firewall and disable them, and use other apps for those services. I sync with my Oulook (2013) and my backup is with Carbonite. I do have to jump through a couple of hoops, but considering that I don't live under the threat of 'death' by Apple or Google to hold me hostage with my data/etc, the little effort is well worth it.
I try not to, but every year I log in and check and there is data stored in their cloud that I specifically tried not to have stored there.
Exactly. I recently had the same experience of being locked out when I lost my old device and had no recourse. My conclusion was the same and I've stopped relying on all Google services except Gmail.
1. Use two-factor auth.
2. Save those backup codes.
3. Be able to get those backup codes in some worst case scenario.
I have had to start from scratch before but never have been locked out.
4 - Discover that those backup codes are useless because the service provider will refuse to acknowledge them when you travel.
The fact that we are stuck with a pair of global apathetic undemocratic identity providers is absurd. And one of the reasons why that "shattered dream of passkeys" is on the front page. At least that dream got shattered, it would be worse if it went through.
I need to hear more about this scenario.
Did you have 2fa enabled by any chance? I have 2fa via TOTP on my accounts and while they offer using a signed in phone as a verification option, using TOTP was always an option, and I was never locked out of my account.
That would only help if google had some way of tying the installed sim to your account. Given the privacy implications and the technical difficulties, I wouldn't be outraged at the fact it didn't take your sim into consideration.
Yes I had 2fa + OTP, however being a new phone they still ask you to tap on the old phone.
Are you talking about a prompt like this[1]? If so, there should be a poorly named "more options" or "don't have your phone?" link that gives you the option to enter your TOTP code instead.
[1] https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh...
This is actually great. You basically look like a stolen device with a sim swap.
How would the thieves know the password? Even unlocked iPhones don’t show saved passwords without Face ID prompt..
A reused password that was breached somewhere else.
This is standard Google behavior. Logging into Google on any new device always asks me to confirm it on one of the other devices that are logged in (i.e. phones, tablets). Suppose it's some kind of 2FA.
I understand the security concept of it. Luckily my trip was short. As I also use wechat to communicate with some Chinese friends, my experience was different. First it send me an OTP on the new phone, then asked for two friends to send a number to the phone. Luckily I had the phone number of one and I managed to restore and to be honest having humans in the pipeline was a plus. Negative this had to be done over 5 minutes otherwise you back to square one.
A google account is not required to use an Android device.
So if you don't tie all your contacts, sync and backup to your google account, you can have a phone that they won't lock you out of.
Google has done the exact same thing in the past, deleting Google accounts without warning (which is arguably worse because not only can you not access your phone backups but your email, calendar, drive, etc. is gone too).
Some people use iCloud for email, calendar and storage so for them I imagine losing access to Apple ID would be just as bad.
Yeah, and to stress the point: this is not "can't send vacation pictures to my grandma" bad, this is "might lose my company/my job and my house" bad, as everything else in life treats one's email (and increasingly, app 2FA) as infallible backup.
Companies that wrongfully ban or delete email or phone accounts need to be civilly liable and this civil liability needs to supersede any arbitration agreement or terms of service agreement.
An Apple or Google account is far too important to people's lives to let them hide behind the "we're a private company and can do whatever we want" canard. They do need to have the right to ban spammers or people using YouTube or Drive to infringe copyrights but just randomly shutting off somebody's email or somebody's ability to make video calls should be against the law. The same would also apply to a text chat company like Slack or Discord banning somebody's work account for no reason. Certain tech companies have government-like levels of power over people's lives so they need to be restricted in how they can treat users like the government is restricted in how it can treat citizens.
What are the odds of having this experience? Shouldn’t they affect your behavior?
What's your recommendation? Try it 1000 times to get statistics?
Likelihood should affect your behavior in the same way it affects whether it actually happens and it did.
"Fool me once..."
One in a thousand wouldn't yield anything. Because it's such an unusual experience (just a few of these happening around the same time would create a news cycle), one in ten million is probably closer since there are around a billion active Apple accounts.
That's similar to the odds of dying in a non-Boeing plane ride. Even if the odds were one in a million, that's about the odds of being struck by lightning over a lifetime.
I'd think someone returning a phone over this was regretting the switch for other reasons. It's fine to keep using Android.
Apple lets you return anything, opened and used, within 14 days.
Apple doesn’t really “let”, the law demands.
This is HN frontpage. It's on a big "Mac" website. The damage is done.
Many are going to write nonsense like: "Apple is still a $2 trillion company, so this obviously works for them" to which I'll respond with a simple question: Did it not work for Apple before these SNAFUs? Does it work better for Apple now, after fuck ups like that?
It's not normal behavior and they are losing customers over this.
We had an Apple "moment" in the family: around the 2012'ish MacBook Air era. Two at home and they worked fine, for about ten years. Then the battery issues, the keyboard issues, the trackpad issues. Eventually these MacBook Airs died a painful death.
I'm on Linux since the nineties (and, yup, I can get into my system with Apple or Microsoft forcing an online ID down my throat) but the Macs were convenient for the wife.
So we bought a MacBook Air M1. After 13 months or so the screen died alone, overnight: was working fine before closing the lid, was dead in the morning. There are threads with dozens of pages on that subject.
That's when I switched the wife to Ubuntu. Ubuntu, Linux Mint: she doesn't care. Heck, I probably could have her use Debian or Devuan (Debian without systemd).
Apple is done for us. It's over. We'll never ever buy a Mac again and I'll never ever recommend a Mac to anyone.
And I'm far from the only one thinking that way.
The damage is done.
Rationalize as much as you want, invoke AAPL's market cap as much as you want, and enjoy being locked out of of your devices without any recourse.
Everyone has a brand they're never buying again because of a few problems they had in the past. For every new brand they _are_ still buying, there are 10000 other people who are never buying _that_ one again because of a few problems they had in the past.
The only difference I've seen between Apple and my previous laptop brands is that their support techs are useful.
And unlike, say, Samsung Ultrabooks or even Microsoft Surfaces, Macs last a really long time. My kids are using my 2011 MacBook Air and 2009 iMac and they still work, even the battery still kinda hangs in. They've had a few rough years 2016-2019 with the butterfly keyboards but I don't know many current manufacturers with products as solid long term.
In my experience laptops from the competition are as durable when you pick up the professionnal line instead of the general consumers one. That will be Lenovo thinkpads, Dell latitude, HP elitebook, etc.
I'll admit the support for my Dell was pretty good. They sent someone on-site to fix a known defect in their product line.
My Surface Pro 3 still gets 90% battery life.
My HP hybrid tablet, now over 15 years old, still works (when plugged in).
My dad's IBM Thinkpad, older than most people currently on this website, still works.
Apple people like to claim that Apples last longer than their competitors, but that simply isn't true. Most people, myself included, can't tell you what Dell or HP support is like because we've never had to use them. But every Apple user knows what Apple support is like, because every Apple user has had to use them.
The comparison people tend to compare from their experiences are usually much cheaper models. This is the main reason they feel apple lasts longer.
Dude Samsung can last a ton if you treat them normally, you are just confirming what OP was saying. One random example - I saw SGS II working 12 years with same battery, flawlessly. I am not even going into phones comparison, enough folks around who are not happy or migrating back to Androids for various reasons.
As for laptops I guess you are joking, I've yet to meet a single big corporation in Europe where macbooks are even allowed on premises, unless its some web app testing team or similar.
Some folks live in great echo chambers, I agree this site is a massive one for Apple. That's a simple fact, comments here confirm this. Which is fine on its own, but its not balanced truth you often find here.
The prose here insisting the damage is done comes off as clueless when the apparent scale of the damage is trivially, if not undetectably, small.
As a counterpoint, I have 4 macs notebooks, 1 dating back to 2011 and they all still work, well the 2011 has to stay plugged in because the battery is basically useless at this point but it makes a not too bad NAS with linux running on it.
Something seems missing from your story. They banned you for downloading two apps, or was something else involved? Or you still have no idea why they banned you in the first place? Just curious.
Of course there is much missing from his story, these tech corps keep the victims of their incompetence in the dark so not even the victims know the full story.
Probably installed fortnite.
>smells like a class action suit
You (and others like you) need to meticulously record and assess the financial damage the lockout does to you.
Do I bill them for my time hourly, or as a cost plus project?
Can't be that hard to justify in some way for a filing. The industrials and big commercial guys do this all. the. time. I even bet there's bunches of SLA templates out there with the right litigious lingo to ease the filing.
Bought a brand new MacBook last year and set up a fresh iCloud account to go with it. Problem was for the First and Last Name I entered some variant of Unknown User / Unknown Account (for privacy..) and chose a username “user.mailbox.unknown@icloud.com”. Everything was fine but 24 hours later, I could no longer sign into the account. It was saying my password was incorrect! I was 100% sure this password was right so wtf? In a panic, try to remove the account from my brand new device and can’t! You have to sign in normally to remove an account in settings. Obviously I called Apple support and a high quality American sounding woman took my call. She said my account appeared like it had been deleted, like when a user deletes their own account. She placed me on hold and found out what’s going on. Apparently “engineering” had my account DELETED. My only guess is they didn’t like my user name / mailbox name and suspected I was a fake person. Anyways the lady was able to get my account temporarily reinstated right there on the spot and I was able to login and delete that toxic account off my Mac. I made a new account and everything’s working fine. Needless to say I was very impressed with how they handled my situation, within 20 mins no less.
You were impressed with how they automatically deleted your legitimate account and forced you to make a new one?
They were impressed by the high quality American woman.
wtf? They destroyed your property and then started threatening you with legal notices?
Have you checked their terms and condition? There might be a clause that says - since you are using their devices you forfeit claim to your own backyard ;-)
J/K. But since it's Apple, nothing is far off.
What did the legal notice say?
Nothing. It’s just a link to the generic legal notice on apple.com
Stories like this is why I keep a used pixel 6 in my backpack.
Same applies to Apple terminating legitimate developer accounts and thus destroying livelihoods.
This is scary…
This happened to me yesterday although I was able to quickly unlock my account on my MacBook pro. I spent a while making sure it wasn't an attempt by a backdoor to access my password. Felt very suspicious!
What were the apps, and what did you (either explicitly or inadvertently) allow them to access?
I am wondering if your account was collateral damage of an automated system detecting misbehavior of the apps.
The cloud is someone else's computer, but I thought customers owned their phones.
You should email Tim Cook. Executive relations can often fix problems. Edit: amazing that someone downvoted advice. This site has some problems.
I’m curious, would you be willing to share the gist of the legal notice(s)? Even just broad strokes categorization of what they claim, perhaps…
- unauthorized access related to the lockouts and support requests you already described
- unauthorized activity related to something else you didn’t mention (even if unfounded)
- some other unrelated but specific violation of TOS or other cited rules (even if unfounded)
- zero additional information, perhaps reiterating some previous finding (even if unfounded)
I’m giving you the benefit of the doubt, but I agree with another commenter that it sounds like something is missing from your story. Details like these might help us understand how your experience fits the pattern of accounts in the article.
This is bizarre and fucked up even from Apple's standard. Did you get to know anything about it - what happened? Did those legal notices seem to be automated? Any inkling what could have triggered it (False alarm? And Apple is known to hide its incompetence in this manners)?
Return for refund?
Class actions just make lawyers rich.
A real way to hit these kinds of companies selling defective products is to coordinate simultaneous small claims courts cases around the world.