I've experienced that repair shops ask "and your password and username is?", many times when handing over my laptop - and i'm always like "what, no i'm not giving you my password" resulting in them looking surprised.
Who the on earth gives their passwords, also all laptops should be encrypted by default. I find it absurd to give away the keys to your bank, search history, personal notes, images, whatever - it's beyond private and personal besides being economically dangerous and very bad job security wise for most jobs.
Not blaming regular people though, but it's weird that people are so lax about giving the keys to absolutely everything.
I once sent in a ThinkPad for repair and Lenovo explicitly mentioned that I should remove any drives from the device before shipping it. I really think this should be the standard for fixing hardware issues.
Edit: This was during the times when even a layman could do it because drives were in a slot secured by a single screw. These days it might be more complex.
This was my experience with a ThinkPad last year. They could not do on-site (in home) service due to the [redacted] lockdown so I had to do mail-in. They even emailed a PDF with instructions on how to remove the drive.
Sadly this is not possible with a modern MacBook. When I have had to send a MacBook to Apple (or a service partner) for repair I was instructed to wipe the machine (along with ensuring I log out of iCloud to disable Activation Lock and disable Find My). While it is good to ensure my personal data is not compromised it isn't user friendly at all to have to wipe my whole machine for a battery replacement :(
It's not user-friendly at all to require a machine to be sent off for a battery replacement.
For the ThinkPad, it's a 5 minute task which many people can do themselves -- certainly anyone who works in IT.
We've had less strict restrictions than France, but a couple of my colleagues replaced the batteries on their HP laptops. I sent videos, and they saw how easy it was -- less painful than a Covid test.
> For the ThinkPad, it's a 5 minute task which many people can do themselves
Which is still a step backwards. On my ThinkPad I can remove the battery in seconds without looking. Mainly because sometimes I had to disconnect it to reset it completely. If that would take 5 minutes or any kind of tool that's already hard to justify imho. What do we gain from integrated batteries? Nothing that makes up for easy replacement or, in the case of ThinkPads, the option to upgrade the capacity before the purchase.
I appreciate the lower weight and size (and presumably cost) of devices, and I don't need to swap the battery often enough to justify batteries that can be replaced without tools.
Battery replacement is a once-in-a-few-years operation and it's OK for it to take 5 minutes.
I have the T470 (with swappable battery) and the T14 (newest T-line Thinkpad without external battery).
Weight difference is minimal, size difference is minimal. Yes, there is a difference, but I don't notice it really. And I'm someone who actually lugs the laptop around, on buses and trains and while riding a bike. Most people don't even really carry their laptops, maybe from car to office and that's it.
As a person who actually carries their laptop around, I appreciate the swappable battery. Train rides are much less anxious, no need to find a seat with a plug nearby, because I know I have an extra battery.
The T14 is definitely less portable. There's less ports as well, which is quite annoying. The only downside of the T470 is the screen - I like to work outside and a higher brightness screen is crucial. If I could have the T470 with a better screen and AMD CPU, I wouldn't bother buying a new Thinkpad.
I don't know why they call ultraportables ultraportables. Are they marketed for people who sometimes lift their laptop off the table and who are bothered by the "extra weight"?
These days one can use an external battery over USB-C if the internal battery is not enough. And I can use it to charge all the devices plus there is no need to shutdown the laptop to change the batteries.
It's better to use T470 in your situation because T14 is just a cheaper T line product. Its design is less cared to be lightweight. Comparing T470 vs X1 Carbon would be better to compare portability by using embedded battery.
> I appreciate the lower weight and size (and presumably cost) of devices
The newest T14 is more expensive than my Thinkpad from the same series was - as extra thin, hard to repair notebooks usually are. It is a bit slimmer, but in the display part, not the base with the battery. It is a bit lighter, I'm guessing because of a plastic case? I'm not sure, but the case material is noticeably absent from marketing material and the datasheet, while in the case of mine both mentioned the magnesium case and internal metal cage.
Of course that's just a surface-level comparison. But after my really bad time with the Surface Pro I am absolutely not going to buy a laptop with integrated battery as long as I can avoid it. It's just not worth the pain if something goes wrong.
Yes, that's why USB-C powerbanks exist. I can charge my laptop from one and it's nicer than lugging around laptop batteries, plus the laptop can be thinner.
Laptop being thinner is a trade off you're willing to make, I am not.
Charging a battery with another battery is extremely inefficient.
Lugging around laptop batteries is exactly the same thing as lugging around power banks, except laptop batteries don't require a dongle and a cable to tether you to a table.
Laptop batteries mean you laptop can continue to in fact work from your lap.
I am a big fan of removable batteries but even I can see the huge advantage of USB-C Powerbanks. An additional ThinkPad battery can cost ~$100 iirc. And this battery will only ever work with this specific laptop model.
A powerbank for the same price will probably have a higher capacity, and be able to charge any USB-C device.
All this is not a reason for integrated batteries, but Powerbanks using a universal interface are clearly more practical.
I had a second battery instead of a CD, as well as the 9 cell. Trouble is the latches weren’t fewer, it would often slip out, and that would cause the machine to lose power momentarily knocking it out of “sleep”.
also relies on it being in working-enough-order to do the erase to begin with.. plenty of machines broken enough to not to power on but still hold data...
I mean it's not like you're ineligible for service if you can't wipe your machine, I imagine there are alternative directions if that is one of your issues.
"Keep Your Drive" is now a non-free (but not that expensive) "service upgrade". Disks are still removable on most models and it's not hard, but you still have to open the bottom of the laptop. (For ThinkPads, through ultra thin models like the X1 or "unusual" models like the ThinkPad Yoga might be more problematic.)
EDIT: Through it also depends on you service/guarantee contract. If you normally have a service contract where a technician will come to you but for some reasons that currently don't work you probably can keep your drive anyway etc. Also KYD extends to some other cases.
>"Keep Your Drive" is now a non-free (but not that expensive) "service upgrade".
It's almost more of a donation in my experience. Don't pay it, remove the disk, no consequence. It's also a good idea to put the OEM ram back in the machine if youve upgraded. One of the few things they may balk at and return it unfixed.
In the case where you're sending it in for a repair under warranty, I imagine for some classes of problems the manufacturer could refuse warranty service if you've removed the drive, especially since most designs now make it really easy to accidentally damage something while doing that.
In the US they would have to prove your removal of the drive is what caused the damage,
I am not sure how it easy to damage something when removing a NVMe drive, it is trivial to remove the drive and should not even come close to damaging anything
My first computer repair, (epson 486) I left the drives and extra memory in when I sent in for repair. It must have had something really wrong as I got back a new machine without the hard drive and extra memory I had installed. It took a little bit to discover what was going on. Long hours on the phone trying to get those back (or something back.. that machine was maxed out at 16mb? of ram..)
> I once sent in a ThinkPad for repair and Lenovo explicitly mentioned that I should remove any drives from the device before shipping it. I really think this should be the standard for fixing hardware issues.
YES. THIS. I am in vehement disagreement with Apple soldering SSDs to motherboards for partially this reason (among others, including making data recovery much harder, and lack of user upgradeability).
Apple fanboys all over the world will hate on me every single time saying "What if I told you that Apple just makes the best PC". Fuck that. I want a removeable SSD so repair technicians don't need the SSD to repair other parts of the PC.
I own about 6 thinkpads. I bought the other 5 after realising how much of a dream they are to open. So easy thst I could instruct a family member to remove the SSD over the phone if needed.
Certainly not in every device. But access to the drive has definitely gotten more difficult on average. I also have a newer ThinkPad where the drive is still replaceable, but it requires taking the laptop apart.
Same here with Tuxedo Computers, I had already removed the drive because that's standard procedure. If a repair shop ever asks me my password I'm just going to another one because that is to me a clear sign they're incompetent.
(to be absolutely clear: I recommend Tuxedo computers. They suggested I remove the harddrive when sending me shipping instructions, something I had already done, but I found it very reassuring they said so and hence recommend them to tech-illiterate family and friends as well)
Which is also quite absurd considering how much hassle it is to restore your backup once it's shipped back. (sure it's still much better than giving repair shop access to your hd).
Yeah, honestly, I'm not sure why one couldn't run an external technician boot image, do minor checking for on-board drive health in an unused area, and never touch the customer data. Though sometimes I understand that the entire main board gets swapped. That would shorten the repair timeline, and the malfunctioning board can be assessed and repaired or disposed of on some other timeline.
Yes, but "hassle" and "security" are synonymous a lot of the time. even if their policy was that they didn't use the boot drive, I'd rather wipe it. No reason to give someone your data, your employers' data, etc.
And as someone who has recently had a MacBook Pro repaired, they swapped virtually everything. Keyboard, Mboard, Touch Bar, etc. the only original thing now is the screen. I would have had to restore from backup anyway. As a plus, my SSD is now brand new so any wear on it after 2.9 years of service is gone :)
Honestly, I've not had this particular issue in about 10 years, but you're right. If it is dead enough it won't boot, then I guess wiping it would be tough. For me, the combo of Target disk mode, recovery partition, or external boot drive have always gotten the job done. But yeah, if the logic board is really dead and not just "failing" then I might be tempted to use a drill.
yea. I can understand them suggesting backup your hd before shipping it to repair, because shit happens and they could need to swap your hd. but also suggesting customer to wipe it means even when shit doesn't happen customer still need to deal with the hassle of restore the hd once repair is done.
Time Capsule was discontinued in 2018. I am not sure I want to trust Qnap or Synology on my TimeCapsule backup for Security Reason. I dont have another Mac to do Backup. And dont want anything to do with iCloud or iCloud backup / restore is very slow even with 1Gbps Internet connection.
How is a customer suppose to backup and wipe their devices?
I imagine that taking out the HDD would've been beyond most Apple customers even when the storage was removable and the computer was held together with (somewhat) standard screws.
It doesn't feel like that long ago (granted, it was the best part of twenty years...) that my Mac laptop had a lever underneath which popped the HDD clean out. That was a lovely design.
Apple has been making their devices much harder to open as time has passed. My 2011 MacBook didn't have any kind of a lever mechanism but after taking out about ten Philips 00 screws, the lid lifts clean open.
And now my 2019 work MacBook requires taking out non-standard pentalobe screws, then using a suction cup to pry the lid open slightly in order to cram a wedge tool in-between to pop it open and then you need to slide it out in order to actually get it out.
I'm an Apple customer and I'm happy with my pre-2013 era Macbook Pros with 2x2TB SSDs and 16 GB RAM, which is more than the basic configuration of modern offerings. Unfortunately, the last OS they can run is Mojave so I'll have no choice but to upgrade to M2 when M3 comes out.
It really makes me sad Apple gave up this environment-friendly policy and started to aggressively glue everything preventing upgrades.
I feel this is a bit like popping your hood at the car shop, but taking your key with you. I can absolutely see why repair shops would want to verify that a) it's not a software problem and b) everything still works fine afterwards, both of which is hard w/o the password.
Sure, you can send in a wiped device or a device without hard drive - and if you can do so yourself, this is probably fine. But for the "average" user it's quite likely a better experience, assuming you can trust the repair shop - but then again, they have full access to your hardware plus the knowledge and time to permanently bug your device. If you really don't trust them, you probably should not give them your device at all.
I can see the issue here and I'd probably err on the side of privacy given the choice, but the other side has a point.
For once I think a car analogy is actually useful. But, in this analogy, "taking all your valuables out of the car" would be like removing all the important documents from the computer. Which would be a reasonable thing to do, I guess, if the computer shop really needed access to do the repairs that they need to do.
Another possibility -- maybe the computer is so borked that you can't even log on to remove your important documents. This seems more like calling somebody because your key broke in the lock... which... I guess most people would stick around? It is a little bit of a mismatch, because it is a quick fix and it isn't like you can go anywhere anyway.
Also, people from the general public don't know how to write random bits to a drive. Deleting files doesn't actually wipe the information, it just marks the space as available on the OS. Repair agents could still take an image of the drive and recover many of those secret documents.
It should be standard procedure in the repair world to hand the hard drive to the user to take home and keep only the PC for servicing.
Be aware that this can be completely different between HDDs ("spinning rust") and SSDs. HDDs don't get data cleared until it's explicitly overwritten, SSDs with OSes that support TRIM shouldn't have a lot of stray data left behind.
Also when wiping SSDs get something like Parted Magic (since at least 2018 likely earlier) that can properly erase SSDs. DBAN is NOT appropriate for SSDs in any way - extra wear from the writes, and wear leveling means you have zero idea where they're actually going.
Well, the protection strategy for my valuables is not "leave the car locked in the shop". And then there's that one customer who's "rattle" is something in the glove compartment, to extend the metaphor further.
So, in keeping with my points above, I would probably move the really valuable stuff out, but for some customers taking everything out will prevent the technician from removing the issue (and they will probably be blamed for it) and if I feel the need to completely get everything saved out of the car beforehand, I would not trust that shop with my car, either.
Let's not water the analogy down so far that it loses all connections to the current case.
I doubt anyone would leave an album with their nude pictures in the car hoping that the mechanic wouldn't do anything with it. Like...posting it all over the block where the customer lives.
This. Protecting data is practical for those of us sufficiently technically literate, but I've helped a fair number of people over the years that certainly would not be capable of doing it. (Admittedly, selection bias--the people who are asking for software help aren't the most technically knowledgeable.)
No, it won't. They could simply put in a different BIOS chip, which records you password the next time you enter it. Or a malicious RAM chip that injects a virus at runtime and extract your data that way. Or a bugged keyboard that transmits your key presses, combined with a full copy of your disk ...
Sure, it's a bit more sophisticated than Ctrl+C/Ctrl+V. But if you're running a computer repair shop, it is quite likely that you have a good amount of technical knowledge. If someone has hardware access, you can usually see your device as compromised - especially if they have a lot of time and are expected to open up the device.
If that's your threat model, you should not be using any repair shop. And the attacks you describe are not just "a bit more sophisticated than Ctrl+C/Ctrl+V", they're most likely far beyond the abilities of most repair technicians.
> If that's your threat model, you should not be using any repair shop.
That's exactly what I said in my first comment:
>> If you really don't trust them, you probably should not give them your device at all.
> And the attacks you describe are not just "a bit more sophisticated than Ctrl+C/Ctrl+V", they're most likely far beyond the abilities of most repair technicians.
The RAM one, yes. ROM chip swaps, on the other hand, are rather common. You will need to be able to solder quite well, but given the current state of macs, this is basically a given for anyone doing repairs on them. You'd of course need to get a malicious ROM chip, which might not be so easy, but probably doable - the technician only needs to be able to swap it, not to manufacture one.
And if you can't get your hands on one - your can order a keylogger right now, for just a few bucks! [0] This was just the first result; if you invest a bit more time, you can surely find a smaller one or more fitting one. The keyboard is probably connected with USB [1], so no trouble there. As a bonus, you get all the passwords of accounts that were not saved at the time.
Sure, simply unlocking is a bit easier. But it's not like this stuff is beyond anyone who is able to debug and solder on a Mac.
"Trust not to source and install malicious hardware in order to potentially steal unknown to them data" is a magnitude apart from "Trust not to go snooping around through unprotected photo albums."
I've always either told them to wipe the drive, or setup a deliberate 'apple support' account before taking it in.
I sympathise with the young woman who was the victim here, but apart from "send your device unlocked" Apple do also recommend wiping the device before sending it.
When PINs started to become more common here, I had supermarket and continence store workers asking me to tell them the pin to my card, when paying for stuff. It didn't help that they'd ask me in Thai, I'd not understand, my wife would translate, and I'd immediately respond - in English - to the staff "Are you fucking crazy?".
Thankfully that idea didn't last long. I guess enough other people had similar reactions in their native tongue that they realised that's a really stupid way to do business.
I had this experience at an Apple authorised repair center (ie. not Apple Store but a shop that is partner with Apple): they almost forced me to give the password of my Mac, even after I argued that we set up security/Filevault explicitly to protect data and it would be stupid to give the password to anyone after that... They argued that when they change the component (battery problem), they have to test that everything works fine. I found that really shady!
At the Apple Store, they also asked for the password, but when I said no way, the support person was just "ok, no problem".
>At the Apple Store, they also asked for the password, but when I said no way, the support person was just "ok, no problem".
Can we take a moment to realize how crazy this is? I'm glad they didn't fight you, but the fact that they didn't means that they know in an instant that _they never needed the password in the first place to do what you asked them to_. This means that them asking for the password is them asking you for the private key to your entire personal life for no other reason than "most people will give it to them".
It could mean that they just won't do as much testing if they don't know the password, which means there's a greater risk you'll get your computer back and discover there's still something wrong with it.
Which might also be a perfectly reasonable tradeoff, but there's nothing inherently nefarious about it. And people can make different choices depending on the amount of private information on their laptop.
I once refused to give my MBP password to the technician at the Apple store for some hardware repair, and he said that they just wouldn't be able to verify the repair completely. I'm not sure how true that was, but it did catch me off guard that they would even ask for a password.
Having done this kind of support before (mixed hardware + software), a large number of people present their computer with multiple vague problems that can very well be a set of issues with both the actual physical hardware AND with whatever they have done to their actual user account on their operating system.
Most want all their problems fixed with as little action required on their part as possible, with as much certainty as possible, and do not care about security in the least.
People are hard to reach once they are out of your sight, and get very unpleasant when things take a while....even when they take a while largely because they didn't get back to you in a timely manner (because you turn out to actually need their password to troubleshoot their configuration).
"Wipe the device and start fresh" is understandably not a valid solution to most users (especially as anything other than last-resort), even though it'll rule out a large portion of potential software problems.
---------
To note on some other elements I see in this thread:
- Hardware diagnostics exist in some form on most devices. They do not catch every problem that exists, and are often especially bad with more intermittent issues. If the complaint is that Facetime drops out after 10 minutes, the most certain you can be that the issue is resolved is by running those diagnostics AND booting to their actual user account and having Facetime work for 15 minutes. No one cares that "it passed the Camera diagnostic" when they've still got a problem when they get home with their "fixed" device. Many people actively want you to be signed into their account and do exactly what they did to confirm the issue no longer happens.
- IIRC you can't actually boot a modern (T2) Mac to an external drive without an Admin password being entered at least once to change the Startup Security Utility settings.
- Whether being run as a business or as internal support in an organization (more so a college or the like with personally owned devices), time matters. Getting credentials from everyone who's willing regardless of if they turn out to be necessary is absolutely terrible security practice, but great for turning around repairs more quickly and with fewer repeats of devices coming back because the issue isn't fixed.
--------
tl;dr - Sensible security practices are at odds with everything else the average person wants from their computer repairs.
Similar with restoring account access that's been lost for some reason. Certainly, there are good practices and better practices. But somewhere between show up in Cupertino between 10am and 1pm on Friday with these notarized documents and just restoring access because someone requested it in some unverifiable way, there is a large spectrum of tradeoffs.
ADDED: And, indeed for a sufficient threat model, the correct answer if a laptop or phone breaks is to throw it out and get a new one. It would be rather paranoid, but it would be the safest thing.
Personally, I have backups usually so my general attitude would be no password, fine to wipe the device.
I had a similar experience with a battery replacement. I declined to share the password, and the owner claims he was able to run the battery diagnostics without the password.
I believe they can boot up from an external device, or over network, and run the tests. There's absolutely no reason to give them your password.
I went through a battery replacement (out of warranty, but still covered by Apple), and I was never asked for the password. But maybe they didn't even bother to run tests, since it was literally pushing the keyboard up ever so slightly, the touch pad wouldn't click anymore (haptic feedback very weak) and the bottom plate was bulging out. It was pretty obvious what is up. The nice thing tho, I ended up with a new battery, new keyboard, new touchpad and new bottom plate. I guess every (most?) cloud has a silver lining? :)
This is blaming users for something they shouldn't have to do. The onus should be on manufacturers to keep private data private by default. And also to sell systems that make it easy for repair shops to back up and restore private data without braking the privacy.
You can't start with "It just works" and then add "As long as you spend hours backing up and restoring your data before you can send it in for repairs, just - you know - in case."
Maybe the millions that were paid out will make Apple think about a more user-oriented solution.
Australians lost AU$840 million dollars last year to scammers.
It's on the government have strong regulations that separate the sewage from the drinking water; strong regulations about who can connect what to the electrical power system; etc etc; require doctors to not pick their noses immediately before they perform surgery (gloves, masks, washing hands etc); encourage people to wash their hands after they poop.............
And inform people of good security practices, through public policy and school education.
I can't really see another way of educating the whole population on something they're otherwise fairly disinterested in.
There's a US-nationwide chain called "ubreakifix". I brought my Pixel phone there to have a broken screen replaced, and they wanted my passcode. I told them they were insane, and they acted as if I was the first person who ever declined. I can't believe they even ask, especially when there's no need for it whatsoever for a screen replacement.
Opposite experience here w/ two uBreakiFix stores and a Pixel 3. Neither time I was asked to provide the PIN. The first time I asked and they gave me a strong "no". No factory wipe, etc.
Same. I've had them replace phone screens for me multiple times--both in Austin and Atlanta--and neither location asked for the PIN nor reset my phone.
The usual reasoning behind this is to confirm the phone is properly functioning before opening it up.
Lots of people try to scam repair shops bringing broken phones in.
On top of that repairs can often break fingerprint scanner connections and depending on the screen type its good to check camera functionality after screen replacement.
In my case the screen didn't work at all. I couldn't backup the device, log out of any accounts, etc. I still wouldn't have given them the passcode if I could have done that, but if my only option were to backup and wipe the device before the repair, I would have reluctantly done that. In this case I had no way to secure the device at all, and I couldn't wipe it remotely because the only critical thing on it was my TOTP app (which I've since replaced with one I can sync/backup).
Of course they can, but that means having the user come in to unlock the device and potentially sending them home again if you have to do additional repairs after testing it with them.
It’s all a balance of convenience vs privacy. Best solution is to wipe the device before repair, which is what I have done every time but it’s a hassle even when I have a backup to restore.
Ya I once went to get my iPhone screen replaced, the technician wanted me to turn off my passcode just to diagnose the problem. I of course said I am not doing that. Instead I backed up my iPhone and reset it. This is ridiculous how can they even dare to ask people to turn off passcode and hand over their phones with so much personal information. This was not even an apple Genius Bar. This was an Apple premium reseller. I am sure many non tech savvy people just handover their iPhones this way.
Regular people are slowly catching up and understanding the consequences of technical stuff. For example, I think for years I struggled to provide concrete examples when trying to explain why people should care about privacy. Now, unfortunately, it's obvious that we should care about privacy because without, we're essentially provided a blueprint to our brains and how we can be psychologically exploited, e.g. fake news, conspiracy theories, etc...
I think these are concepts that before would have seemed liked sci-fi, but after 2020, I think most regular people seem to have an intuitive appreciation for how damaging this can be. It's a shame that it's taken such a tragic schism to allow, but here we are and it's better late than never.
Another example would be people probably have a better intuitive understanding for motivations behind decentralized architecture, after seeing people being removed from certain platforms. Note: I'm not saying I'm for or against this in any way, but I am saying that the technological architecture is sort of the lay of the land, in a way that I think people understand better than they used to.
And no, I would never in a million years give my password to a repair technician in the past either. Hopefully others now are starting to get a sense for why.
I worked at a tech support desk at my university, and we asked for passwords. We were supporting software, so there's really no way around that. I always felt a bit uneasy that a dozen college kids had full access to the data on every machine in the shop. We should have at least recommended that folks change their password when they picked the machine up, or set a temporary password while it was in the shop.
I had the same issue. I sent my phone to ubreakifix (Google's official repair partner) for a repair with warranty. After completing the repair they asked for my password and said that if I didn't provide it it would void the warranty on my phone.
I refused and they eventually relented while still providing the warranty but it ended up delaying the repair by 5 days (for a 2h repair).
This is really bad. Apple can and should fix this through policy and training. They talk so much about privacy and so many people have bought into Apple ecosystem because of it that. Many years ago, I had to take an iPhone for repair, my first and only time. It was a week old brand new phone whose proximity sensor wasn't working. The service person said he would need to take it to the back room and debug it. I insisted he diagnose it in front of me and I refused to hand over my phone for him to take it to the back room. Later, I had to wipe the device and send it in for replacement. But I was not happy that they asked me to unlock the phone and hand it to them to take it to the back office.
The problem being, if the device is so dead, that you cannot factory reset, or otherwise, wipe it, what do you do?
My daughter's MacBook Pro, with lovely soldered down solid state memory died, and had to go in for repair. There was simply no way to wipe it, and no physical drive to pull.
Same thing with most phones. Soldered storage, glued shut case. If it dies under warranty, what do you do? You have to trust the repair chain, or just chuck it in the garbage.
They asked for my password when I took a MacBook I took get repaired, it wouldn't power on.
I told them in no uncertain terms they cannot have my password, full disk encryption was enabled, and then pointed out if they can get the machine to the password prompt I'll be satisfied it's repaired.
I'm convinced these people are either intentionally being nefarious, or they were dropped on their fucking heads at birth.
The answer is “everyone”. I’m particularly aware of this as I just spent the past two days setting up my non technical parents-in-law with 1Password. Not to go out on a tangent here, but on the whole, authentication is broken for “normal” people. By the time someone takes a computer in to a repair facility, giving the person on the other end their password is about the least of their concerns.
i agree, if it's a hardware issue there's no reason to require a login. If the repair is finished and the tech can get to the login/pin screen then the job is done.
If it's a software issue then maybe they do legitimately need a password but i would never hand one over without very careful consideration. And, strange hands on the keyboard of my laptop or phone would be watched very very closely at all times.
I good app would be one that disables the network stack, bluetooth, and cell modem with a separate secure pin.
I think it should be a standard to have hardware come with a full suite of tests that can be accessed by anyone, without any kind of login. Otherwise, repair shops will keep asking for full access.
In my case, many years ago, I got asked by a phone repair shop to backup the phone and wipe it before handing it over unlocked. My understanding was, they had no good way of doing proper diagnosis and after-repair testing without full access to the system.
You can boot into fastboot (a barebones flashing and unlocking mode implemented by the bootloader itself) and recovery (a real kernel + minimal UI on top to apply updates and wipe). From fastboot mode, you can boot into an arbitrary image, but that obviously requires an unlocked bootloader. Unlocking the bootloader almost always performs a wipe "to protect data".
In principle, it should be possible to have a diagnostic mode the same way recovery is implemented. But there are no device I know of that have this.
I see what you mean, but that sounds like a gigantic attack surface for all the companies that sell oppressive regimes tools for hacking into arrested human rights activists' phones.
It depends on how it's designed. It wouldn't be that expensive to add a second memory chip. Provide some way to boot to the alternate, when the alternate is running the primary isn't even powered up. Zero attack surface.
It is actually sometimes necessary to do some calibration and system tests, I don't know the details but it's basically because Apple wants to screw over third-party repair shops.
It's a heuristics quirk. It starts with "unknown unknowns" - the things you aren't even aware that you should be concerned about. Then add in a relationship where someone is trying to fix something for you. If you've never been trained to refuse information from someone who's seemingly trying to help you, it would never occur to you.
When you go to the doctor and they prescribe you pills, most people don't question it and just take them. And that leads to a lot of people taking antibiotics that they don't need. Or when you move and need to sign up for internet, phone service, power, water, electricity, gas, etc.... almost all of them will ask for your social security number. Even I don't know when it's mandatory and when it's optional, so usually I ask them first, but sometimes I don't.
The last time I witnessed this was some malware that infected an ex-roommate's laptop. The malware pretended to be an anti-virus and said she had a virus on her computer that it would fix. But first she needed to pay for the software - by putting in her credit card info & social security number. She complied because the files on her laptop were very sensitive and she didn't want lose them, and she had no idea that there was no reason to ask for a social to pay for this software.
We could probably do more as a community to educate people on keeping sensitive information secure. Part of it involves media outreach, as most people seem to get their news from the TV or Facebook.
Talented business consultant Nathan Fielder covered this topic not long ago. I believe he was the first one to spot this gap in the market for an asexual computer repair service.
I know there is historical precedent for royals trusting eunuchs with things they can't trust to horny men, but these days I'd be very skeptical of any repair service saying "Don't worry, you can trust us because we're asexual". This is like a priest saying, don't worry you can trust me not to be tempted by anything "sinful" because I'm a priest. Information security is not just about sex. I'd rather trust a computer repair service that passes third party security audits and is verfiably secure. The sexuality of employees is none of my business.
The genius of business consultant Nathan Fielder is that his empathy for the consumer is near-unlimited. Sure, you may have some opposition to the methods at use in the above consultation, but it put customers at ease. He saw the market before it existed. He put the customers first, and it worked. We can all learn something here I think.
That's not the point the previous comment made, I think. It's not that you could not trust asexual people to be calmer in this regard, but someone willing to sniff and publish your private data is probably not going to be afraid to lie to you when you ask whether they are asexual.
While the thought process here is sound, and I agree with you, watching the video will probably reveal that national treasure Nathan Fielder is also a part-time comedian alongside being an exceptional business consultant.
Or to sort of pile on to what was said previously, you may be telling the truth as an asexual, but you are also in debt to the Russian mafia, and are looking for quick money so you don't get killed. Could still steal the noodie pics, but the motive is money not tittilation.
The poster you're replying to is pulling your leg. Nathan For You was a reality tv comedy show that would often give unsuspecting business owners overly elaborate business plans to "help them." He basically creates extremely awkward situations for all parties involved.
He is probably most famous for his "Dumb Starbucks" bit, he talked to a lawyer about it and it's pretty hilarious:
Right, even as a joke the above proposal makes little sense. If a king suspects his eunuch of secretly being a predator, the eunuch can at the very least easily prove that he is in fact a eunuch. With an asexual, no such proof can be demonstrated. You have to take their word for it. Eunuchs were valued because you didn't have to take their word for it.
If you have to take their word for it, then you may as well hire anybody and take their word for it. But also consider this: a creepy incel predator can lie and claim to be asexual, but will find it much harder to convincingly lie about being in a healthy relationship. They probably wouldn't normally do that, but given the right incentives (being trusted with other people's computers) they very well might. I don't and wouldn't distrust asexuals any more than anybody else, but neither would I trust them any more than anybody else. It just doesn't make sense.
This is a gross understatement. Before being a consultant, Nathan also had a phenomenal career on CBC's On Your Side segment, it was CBC Marketplace before Marketplace. Why Nathan hasn't been awarded the Order of Canada for his hard work on behalf of the every day Canadian is beyond me.
I wonder how many times this has happened and they didn't find out about it. Posting it to her own Facebook made it pretty obvious.
My father was an accountant for many years and he always said if you found evidence of fraud you shouldn't be congratulatory because what you found is maybe 10% of what is actually there if you found it by chance.
I worked as a state security guard while I was going to school.
It was a good gig because I could get all my homework done while working, and state law said my pay needed to be equal to full time employees.
My boss took his job very serious. He got the state to send us to security seminars.
This was the late 80's and what suprised me the most is whom steals, or commits financial fraud.
At least back then most loss in retail was committed by management. The higher up the tree, the more they stole be it cash, or merchandise. The employees, and customers stole, but the big thefts were usually committed by long term trusted management types.
The instructor said, employees/owners usually don't question management, and they have more opportunities alone, with no one watching. He also said owners were notorious for stealing their stuff, and writing it off, or claiming it as a loss through their insurance company.
He said, this is a dirty secret, that most organizations don't want leaked. It's much easier to blame the homeless, or gangs on theft.
I imagine that has changed with the proliferation of cameras everywhere, but when I gear about large scale theft in a corporation, I automatically look at those in command of the employeees.
My local Goodwill had gone through three store managers in a row for embezzlement. This was years ago though. Goodwill never prosecutes employees because they don't want to tarnish their image.
Smart people are pretty quickly able to identify gaps in a process (and there are always gaps). Jaded people realize that nobody really cares what you do, good or bad; all that matters is hitting the metrics. And cynical people feel entitled because of what they've been through ("I gave my life to this company, and they don't appreciate it...").
The higher you are in management, the more you have of all of those traits. Theft and fraud are so pervasive and most managers get away with it for years. Even if they are caught, at worst, they are merely fired.
The more Machiavellian-types rope in low-level employees. So while it might seem like a "gang" of 20-somethings at an electronics store made off with a shipment. The reality is, an upper-level manager provided the cover for them to do so, and knew how to leave just enough evidence that it was an inside job, but not enough for the police to bother. For example, the badge used to access the storage area might belong to a little old lady who is honest to a fault and would be readily identified by security cameras. And if anyone questions why the store greeter has such privileged access, then it was just an honest mistake.
I believe it. When I worked at an electronics retailer as a teen I knew a manager that would erroneously mark brand new products as "open box". Once they were marked as such the manager could change the price to anything they wanted. Then they would sell the products to friends and family for next to nothing.
It’s a lot more common than anyone thinks at electronics retailers, nearly always by the store managers. I worked as a technical consultant to one of the bigger electronics retail chains and it wasn’t hard to notice at many of the stores.
Happens a lot. I used to work at a att store, workers getting into trouble for saving pics off customer phones happened regularly. I remember it going around that a verizon(? I think,it was a while ago) employee ring got busted for having a shared Dropbox full of pics from multiple stores and all of our managers were on guard about it happening at att.
This came up in Ozark too (good series) someone busts an employee stealing something and isn’t sure what to do, gets the advice “Fire her. It’s not the first time she stole from you. It’s the first time you caught her.”
A few years ago a friend of a friend was victim of the exact same thing, also involving Apple. Unfortunately it only led to the technicians to be fired, I wish it had gotten press coverage and they faced criminal charges.
In the occasion, they didn't upload it anywhere, but she discovered because in the moment she was picking up her device back somehow (don't know the details) she saw one of her half-naked pictures in the technician computer.
I feel like that's the case with most solved crimes, e.g. drug smuggling; they are proud of catching big shipments, but if the shipments are that big already it implies that it's only the tip of the iceberg, as in, don't put all your eggs in one basket.
Thats been my experience too. Every time a topic like this comes up, people want to debate why its not lacking a paper trail and how people can theoretically get caught and when you disagree they want a break down of how, which is equally absurd to write anywhere.
I feel like everyone thinks they are entitled to being able to google something as evidence of its occurrence and don’t realize that the absence of evidence isn't the evidence of absence.
This is one area where there are technological solutions to people problems. Namely, that currently an iOS device needs to be fully unlocked to be services but realistically there should be something between "service access" and "full unrestricted access to a customer's PII and app state."
Keep in mind that in iOS root is rarely available, so even when servicing devices they're manipulating the OS via a restricted service interface that can only perform certain actions (e.g. wipe, re-flash, test different components, etc).
I cannot access the original article, but I am hoping criminal charges were also utilized as this is unlawful in many states (and frankly should be national).
There should also be audit logs recorded by the device and sent to the user's Apple account. So you can see which apps, screens, and data a service person used. This is a routine ask from companies to cloud providers, for example.
It's not meant to be the only solution. Apple should lock things down for service people, certainly. On top of that, audit logs would offer peace of mind. There's no reason they couldn't be presented in a way that is easy to understand for a regular person.
This already exists, to some extent. You can see "screen time" data via the settings, which I think tracks what apps are launched and when. So it shouldn't be too difficult for Apple to make this a little more granular (such as specific pages within apps) and to display the data in a chronological fashion, like an audit log.
It is not surveillance, it is transparency. IT support people are in a position of power where they have access to a lot of personal information, and the users should definitely know if there has been a data breach. And somebody getting access to things like bank records of home-made personal porn definitively is a breach.
Ideally, they should not be in a situation where they can access any personal file without the owner being present.
> There should also be audit logs recorded by the device and sent to the user's Apple account.
The recording of every app opening, every site, every click being sent to organizations is lamented normally, and then desired if put into the right narrative. This is part of the reason we got where we are.
Not really. The position is, and always has been: the vendor should not be entitled to data about what the user is doing with their device. The user is absolutely entitled to the data about how the device they own is being used, whether by themselves, someone else, or remotely by a third party.
> an iOS device needs to be fully unlocked to be serviced but realistically there should be something between "service access" and "full unrestricted access to a customer's PII and app state."
This exists. Anyone who is security conscious should store all of their sensitive files and PII in an encrypted vault that only they hold they keys to. Realistically, most people don't have the vigilance to do this, and it's pretty hard to do it perfectly. But I highly recommend to everyone at least to install something like Cryptomator to secure their most private documents and information, so that no one else has access even if they gain access to your computer or cloud storage.
This seems like something that would be difficult to do on a mobile device such as an iOS or Android, which trains the user not to think about the filesystem at all. Is there a user-friendly mobile solution for this?
I don't think there is a solution as yet, but phones nowadays already have full disk encryption, i.e. the bits stored on the "disk" are garbled, and they have to be read through the decryption layer that transforms the gabled bytes to my_butt.jpg (And well, it also encrypts that image the IM app wants to save, before writing it to disk). The decryption layer gets initialized with a key during the boot process of the phone (after you've entered your password and unlocked the key) and remains active until the phone is shut down.
One way of using the above would be to allow "logout" of the main user and login of an e.g. repair user, on logout the decryption key would be erased from memory, and this way the repair user has no access to my_butt.jpg . Actually Android already has the concept of multiple users, and each user has their own data storage, so the can open their own Facebook or Tinder and have the phone be loading their personal profile. Not sure about things stored on disk, though, and AFAIK if a user can be root then s/he can read all the files on the mounted encrypted disk.
So, the repair user would not have access to my_butt.jpg, but maybe they need access to an installed app? I guess 1 solution would be to have apps installed on a separate partition to data. Android has a system partition (I'm not familiar with iOS), so if the repair user just needs internal apps, that should be accessible from the system partition.
I use cryptomator on my phone, but you're right, it's not user-friendly at all. I have to remember to delete files after I download them from cryptomator.
Why shouldn't there be "service access" that is essentially only an OS with service tools. No access to storage, but would store diagnostic tools. It shouldn't even be very big these days...
> there should be something between "service access" and "full unrestricted access to a customer's PII and app state."
iOS has this in the form of apps that require Face ID to access them. Some fall back to your PIN if Face ID doesn't work but others do not, presumably a choice on the app developers behalf.
A decade ago I can remember forums suggesting you take out your hard drive out of your Mac when you send it in for repair. Part of the reason was privacy and the other part was user upgraded RAM or HD being removed by the repair techs and you getting billed for it.
I believe there was another case where the FBI was getting Best Buy’s Geek Squad repair centers to report CP.
I once tried checking in a MacBook Air without SSD once at a 3rd-party authorized repair center, and they flat out refused to repair once they noticed the SSD was missing, and said Apple would "blacklist" me from any future repair.
I communicated this to Apple and while Apple apologized profusely to me, and even paid for the new battery and repair (I didn't ask for it, it was out of warranty for 5 years), but I still never trusted third-party repairers again... that put off buying new Apple stuff until I became able to move to a place with an Apple Store.
I'm happy to say however that I never had this problem going to the Apple Store in Berlin, but not everyone lives in a big city with one of those.
> I'm happy to say however that I never had this problem going to the Apple Store in Berlin
I visited the store in Augsburg once (although... is that an official dealership?) and they wanted to keep my work MBP for two weeks while repairing it.
As it was a new one (butterfly keyboard broken) you could not remove the HDD/SSD, I think. Took it back with me again, keyboard stayed unrepaired for as long as I worked with that company.
The Butterfly keyboard MBs are a PITA to disassemble.
I just got a new M1 Air and while I have no idea how bad it is, I still keep two accounts (one empty for repair, one encrypted and backed up for me) just in case, although it seems Apple itself doesn't ask the password... since I don't think I can't remove the SSD myself :/
Don't blame the repair ship. Apple legitimately runs draconian level control over repair shops that partner with them. They want to follow the rules to the T or Apple will drop them. They more than like misconstrued the rules.
> and said Apple would "blacklist" me from any future repair.
This sounds highly illegal. Also, why would Apple care? I can see how repair shops could want that, but I don’t get the thought process that would lead to this becoming Apple’s policy. I would not trust these people anymore either.
>>I believe there was another case where the FBI was getting Best Buy’s Geek Squad repair centers to report CP.
I mean, that sounds great in principle, except that I do remmeber reading about a case where they reported some older dude for having CP on his laptop, and it took him being arrested and fired from his job and obiously smeared in every newspaper possible, before prosecutor finally looked at the pictures and figured that yes, indeed, the "CP" in question was just pictures of his grandchildren in a pool with other family around.
I sent in a laptop once to Best Buy that came back with a smaller hard drive. I think it is likely that a local employee swapped it before sending it into the real repair facility.
Reminder that when you take in a phone to get repaired you should back up the phone and erase all of its data. I feel like this type of stuff is common in smaller repair shops.
When I had to repair my phone, they asked me to write down the code; I refused, and said I'll wait there and unlock it when they need. Modern iPhones (and I would guess that's also true of Androids) apparently can be accessed by law enforcement - but AFAIK that involves disabling the lock-up counters and some form of brute-forcing, which takes time.
99% of the people just give the phone password to the tech. If I was a foreign intelligence service, I'd set up attractive repair shops around army bases and government offices (quick turn around, competent service, reasonable prices) and just mirror every phone that comes through. Most of it will be useless, but I'm sure that one can occasionally find some gold (in the form of documents or compromising material).
> I'd set up attractive repair shops around army bases and government offices (quick turn around, competent service, reasonable prices) and just mirror every phone that comes through. Most of it will be useless, but I'm sure that one can occasionally find some gold (in the form of documents or compromising material).
1) I would be surprised if that isn't already happening.
2) NOTHING is useless in intelligence work like that. It doesn't have to be directly and immediately useful, but you can learn an enormous amount through so called patterns or life analysis.
3) Information leakage via devices like this is an enormous problem. C.f., leaking the location of military bases through Strava logging or nuclear weapons storage information via flash card study apps
And you don't even need to find compromising materials. You can find passwords and other credentials that later on you can use to get access to some service, and then jump higher from there.
Yeah. The times I've needed to have a phone serviced I simply was available to unlock when needed. So long as the service time is reasonably short it's the simplest approach.
Won't iCloud lost mode and remote erase mostly accomplish that? Not sure how many photos are cached on the phone in off-line mode, but that would remove icloud photo access at least.
> The victim isn't responsible for the crime committed against them, as shown by this verdict.
The victim isn't responsible, but often the damage really is irreparable, and you don't even know who is the criminal (your private photos are online. Now what?), so it's a good idea to make the crime less likely to happen. As always, it's an effort-benefit tradeoff.
> If your phone is broken that may not be an option.
Definitely true, this is something that companies responsible for handling private data need to be more vigilant at. Whether that be finding a means to restrict access to that data (which Apple should be doing), training and supervision, restricted access to internet, or whatever, there's definitely more preventative measures that should be taken to ensure that this doesn't happen.
> The victim isn't responsible for the crime committed against them, as shown by this verdict.
No one is claiming that a victim is responsible for the crime committed against them, just that there are strategies to mitigate risk. You should prepare yourself for how things are, not how they should be.
> It is common because it is under-prosecuted. Hopefully we can see changes there.
It's hard to say how common it is, but ultimately it's a crime of opportunity. Maybe they need to stick the workers in a faraday cage so they can't connect the phones to the cell network or wifi.
It wasn't a crime. It was a civil action. There was no verdict because Apple paid.
Apple should implement a "send for service" option that configures the device so that service can be done without exposing the customer's information.
All Apple customers for iPhones have an Apple ID. When the phone is in service mode, all the data is backed up to iCloud (irrespective of whether the customer has paid for it) and the phone wiped. The fact that an iPhone doesn't include at least as much iCloud storage as it has local storage for backup is ridiculous.
After repair, the data is loaded back into the device before being returned to the customer.
> Apple should implement a "send for service" option that configures the device so that service can be done without exposing the customer's information.
except that doesn't solve the problem if your phone is broken and you can't enable that option.
I wonder if smartphone vendors couldn’t provide a test mode which doesn’t require the unlock code for the phone. E.g. if I get my phone display replaced nobody needs access to my full personal data to test of the basics are working.
There could be a special mode accessible which allows testing of standard use cases.
Android already has a boot menu. It would be useful even for consumers to have an option "Self-Test" added to that list. I think the only real concern would be the storage space required if the test suite was large.
The entire reason I repair a phone instead of buying a new one is because I want the data on it. Erasing all the data completely defeats the entire purpose of the repair.
FWIW, I think most people repair their device because it would cost much less--in some cases, nothing, but in most cases at least 3 if not 5-10 times less--than it would cost to replace the phone.
Indeed. Especially since if you bring an iPhone for a screen replacement, you have to give them your pin and disable Find My for it. (At least in the 6S era). This is because they need to run a diagnostic/callibration tool and that can not run on a locked phone.
Naturally I told them to wait a minute to erase my phone, but the technician told me that I shouldn't bother because the phones are kept in a safe anyways. Naturally I have still politely asked them to wait until I erase the phone, but this might not be everybody's reflex.
Edit: clarification, this was in an official Apple Store
When I went to a local Apple Store to replace the battery of my iPhone 6, they asked me to disable Find My iPhone and explicitly told me to do a factory reset. I thought that was a good standard procedure, as I already did a reset though didn't disable Find My iPhone.
On the other hand, when I went to repair the keyboard for my MacBook Pro, they did ask for my password. I refused, and they just said they would have to wipe the hard drive and do a reset.
I guess it really depends on how responsible the individual "Apple Genius" is.
Apple stores require this for screen repair or even battery replacement. I won't get my aging iphone X battery replaced for exactly this reason. It's too much work to erase my phone and restore it.
> It's too much work to erase my phone and restore it.
Hmm, care to elaborate? I found the process quite easy, and done it multiple times. One thing that comes to mind is that if you don't have the iCloud backup option on for any reason, and you don't have a mac. Then you need to go through Windows iTunes which is really subpar. (no idea what to do on linux except a VM)
I don't really complain about the need to reset the phone, I'd like them to be more consistent with the messaging thouhg.
I broke the screen on my phone. I would rather not have to reset it if not required. (It isn't critical, I have fairly easy backups and restores, but would still prefer not to go through that).
My threat model is low risk enough that I trust the full-disk encryption of my phone. So it makes sense for me to send my phone in with all of the data to avoid the reinstall.
Didn't Apple testify that allowing third-party repairs would risk user security/privacy? If Apple can't be trusted either, and has to be sued before making things right, isn't the testimony superfluous?
This another example why nudes and so forth should never make it onto a digital device. If that's your kink, then Polaroid cameras and camcorders exist.
> If that's your kink, then Polaroid cameras and camcorders exist.
That sounds a bit like the Onion sketch "Google allows you to opt-out of tracking by moving to remote mountain village" [1].
This case proves that the criminal justice system works to protect your personal images, we just need a better way to be notified when it happens (the kind of action you would expect Apple to take if they cared, instead of "we continued to strengthen our vendor protocols")
The story doesn't mention anything about any criminal charges.
The only reason they got caught is because they uploaded the pictures/videos to her Facebook. If they had sent them to a porn site instead they would have gotten away with it. The grandparent is largely correct, if sexually explicit photos/videos of you make it onto a digital device controlling their distribution is difficult at best.
> This is another example why nudes and so forth should never make it onto a digital device.
This is true, but focusing on nudes is somewhat missing the real point (and could be interpreted as victim blaming): this story is another example why your email and bank information should never make it on to a digital device. If pictures aren’t safe, then no information is safe. We all have chosen to put information on our devices that is not safe to publish.
Just to be clear: definitely not my intention. The victim is not in any way at fault here, this story is yet another warning to the rest of us.
> then no information is safe
This is definitely true. When I was still on Facebook, I intentionally changed my profile to public (because it ultimately is), and only shared information I was comfortable with the world knowing. Now that you've made this point, off the top of my head, I have realized that my digital footprint has grown more innocuous (apart from taxes and BS like that).
> focusing on nudes is somewhat missing the real point (and could be interpreted as victim blaming): this story is another example why your email and bank information should never make it on to a digital device
Assuming that focusing on nudes is victim blaming: how is focusing on email less problematic than that?
> This another example why nudes and so forth should never make it onto a digital device. If that's your kink, then Polaroid cameras and camcorders exist.
This might be the only surefire way now, but it's not how it should be. How it should be is that a HIIPA-like wrath of god may descend on you if it turns out you mishandle someone's data like this.
Aside from this, this could be applied to US Code 1801, "video voyeurism", which seems to apply to "capture...or "broadcast"" and/or "revenge porn" law.
Can be charged as a felony and can land you on the sex offender registry.
I want to agree with you, but with caveats; HIPAA systems need to be certified to be secure to a certain degree and are specifically meant to handle sensitive PII data. While Apple could eat the cost of accreditation, it would be a significant burden to require your average IT/PC repair shop to do so. It would also mean opening yourself up to significant liability every time you work on someone's computer, so there would probably have to be some kind of malpractice insurance. I think there's probably a middle ground in there somewhere, but I don't know what it is.
I briefly thought how much additional complexity and process the rest of the software industry would have to go through, to accomplish HIPPA-like compliance, and then I thought how great it would be if everything were like that.
I had a friend of a friend that, in the old days where you used to have to get your photo films developed at a shop, used to keep a copy of anything featuring nudity. I think he had a stack about 2" thick.
Well, Apple's devices do have that. As the article mentions, the problem is that they tell you to disable that very protection before sending in your device.
This might be true on the device, but if it's synced with iCloud the rules[0] are different.
> iCloud secures your information by encrypting it when it's in transit, storing it in iCloud in an encrypted format, and using secure tokens for authentication. For certain sensitive information, Apple uses end-to-end encryption. This means that only you can access your information, and only on devices where you’re signed into iCloud. No one else, not even Apple, can access end-to-end encrypted information.
> End-to-end encryption requires that you have two-factor authentication turned on for your Apple ID. Keeping your software up-to-date and using two-factor authentication are the most important things that you can do to maintain the security of your devices and data.
Then it lists what is end-to-end encrypted when the criteria is met, mail, photos, messages are not listed.
Funny enough Louis Rossman, a person I'm sure many people here look up to with regards to his commitment to fight for right to repair, made a video on this exact subject: https://www.youtube.com/watch?v=xt3YSD36ZNc
I really resonate with his opening point; that somehow there's this belief that the "authorised man can't be a creep". This same logic I see paraded about across a number of other sectors to discredit small businesses and institutions.
Also interesting is that his shop's policy is to ask for a password, so that they can verify everything works afterwards and that prevents people for blaming them for things that were already broken.
We need digital devices that respect their owners first and foremost. That means the actual owners, not the company that sold it or the government they operate under.
This should be the top voted commen. This is similar to their claims about App Store security, on which they continuously fail to deliver. They want absolute control but don't give you absolute security and they are only ever liable if you take them to court personally (and who wants to take the worlds biggest company to court really?).
Lawyers, accountants, auto mechanics, plumbers, pretty much all every professional that gets access to people's private documents or spaces draws the line for professional discretion in the vicinity of "unless it's child abuse or you're plotting an obvious terrorist attack I didn't see anything"
> This another example why nudes and so forth should never make it onto a digital device
It definitely isn't an argument for that. It's an argument for cleaning your device before handing it to anybody together with the password. That is the only situation when you're at risk.
Really disappointed this was downvoted. Not for the HN Karma (who cares?) but because the GP's comment (from virgil_disgr4ce), calling attention to victim shaming, really is worthwhile.
It's kinda funny that Apple denounced 3rd party repairs with "because they could misuse your data" while (proper) 3rd parity repair shops normally don't ask for you password and in turn can't access the phones data after it had been shut down once.
I'm more irritated that a Apple repair shop asked for login information then that a repair person with login information abused them (which sadly isn't surprising).
I am not going to make a judgement on the morality, but this is not surprising.
Awards for loss of life are actually codified in case law as being vastly smaller awards than the award for loss of limbs, senses, etc.
It is somewhat logical since the primary injured (the dead) can't be made whole. Contrast this to someone injured but not dead - they will have to live with the injury for the rest of their life. Case in point - this girl.
This is why disability policies are more expensive for higher income individuals. Presumably, the injured and his/her family depends on that income to live, and the income loss must be made whole.
> they will have to live with the injury for the rest of their life. Case in point - this girl.
I’m conflicted in taking this side, but if it’s millions — with an s — given just to her, then she’s basically set for life. Never has to work again to maintain a decent middle-class life, because her FB friends saw her nudes. That seems wildly disproportionate — most everyone I know would gladly take that trade.
If it’s a class action suit, or is constructed such that not all that money goes to this one victim, that’s a different thing. The part that disturbs me is whenever being a victim can become similar to winning the lottery.
It’s easy to say “hey sorry network, you’re going to some explicit photos of me and I’m gonna make millions from it. Just ignore it and we’re good”. But that wasn’t the deal.
This feels a bit like the McDonald’s coffee lawsuit. On the surface it’s easy for some to take that deal (nudes for millions) but consider this:
1) she might have been Facebook friends with family or family friends.
2) this could wreck someone in high school and cause issues with dating, friends, etc. taken the wrong way it could kill your social life and cause depression
3) people jump to assuming she’s conventionally attractive. She might be very shy about her body and was taking those for herself. People might have grabbed them and made fun of her..
4) there was no guarantee of a payout and it took five years legal distraction during prime high school and college age for a resolution
5) if she is from a small town or a highly religious town, she will now be known as the girl that had her nudes leaked. If it was a religious town, it could have brought shame on the family and in some cases ended relationships
6) if this screwed up her high school trajectory, it could have messed up her grades and limited her college choices
Lastly, I think part of this amount is to make it somewhat meaningful to Apple. If it happened once because they didn’t properly vet their 3rd party, a small fine would do nothing to prevent it from happening in the future.
I guess Apple realized that the PR damage here was going to be significant as well. If they settle then can put an NDA in there, if they take it all the way to court and loose at a lower amount they have saved maybe a million compared to the settlement but now the other party isn't under NDA and can cause huge reputational damage by appearing on a few talkshows.
I once brought my MBP 15" Early 2011 into an Apple store (or maybe an authorized reseller? For that GPU snafu), they wanted the admin password with it... ugh I felt dirty giving them that.
Just boot from stick to test the hardware, leave my hdd/ssd alone!
Eventually they stopped booting into your account and now they plug in whatever computer they get into the store's intranet and boot off their images. I'm surprised it took them years to do that, though.
Privacy violations are one of the floats in the Parade Of Horribles that Apple el al. offer when attempting to defend their repair monopoly. Guess that argument is out the window.
And yet I trust "Cupertino iPhone Repair" (my go to third-party repair people, in whom I have quite a lot of trust) or "Shakeel the iPhone Repair Guy" (that is a legit place I have multiple friends who highly recommend, though I haven't used him personally; I have, however, heard detailed stories of his process) more than this process from Apple on this matter of data privacy (and always have: this story has changed nothing for me except help me prove to others how careful you have to be) as my chosen third-party repair people will repair my phones while I wait--often in front of me (making it quite difficult to screw with me very much)--and notably don't ask me for my passcode. If Apple's system isn't, in fact, perfect--or at least nearly so--then they can't continue to morally justify their monopoly on grounds of "but everyone else is dangerous!! only we can be trusted!!" (not that that should allow their behavior anyway, but it isn't even a legitimate defense).
i have literally never been asked for a password by apple when I had issues. I unlocked my phone myself when they needed to look at something and they looked at it only while I was present. If they needed to take the phone “in the back” I made sure it was locked (this was for a screen replacement) or I simply wiped it when it had an issue that needed replacement.
Ah yes, Apple explicitly states on their web page to never give the pass to anyone, including apple staff.
In the backyard shops, they probably ask for no malicious reasons, but when you think how many people have their email client open or WhatsApp images with kyc docs or credit cards it makes you think how reckless or careless some people are.
Most of the people are not aware that some apps can be configured to always require a password any time an app is closed. That said, i do not remember seeing that functionality on WhatsApp, did I just overlook it?
I remove any media from my computers when I send to a repair shop. If any media fails, it should be destroyed. If you ever sells storage media, dd if=/dev/zero it; also consider that it may not be enough with some wear leveling SSD's.
A few years ago, someone bought an used harddisk and got some private information of Brazil's then first lady Marcela Temer[0] and tried to blackmail her. He was later caught and imprisoned, but not everybody has the same luck.
/dev/zero is perfectly fine for modern high density drives. If the drive in question is MFM or RLL from the '80s or '90s, then absolutely go bananas with 53 different bit patterns. But otherwise zeros is effective for nay hard drive made in the last decade. SSD has issues with wear leveling, so good luck wiping those. Though you're only going to have to worry about someone who is willing to disassemble the SSD device and read the chips individually.
Fair she got a settlement but immediate reaction to this report was it sounds like automatic facebook uploading? Like it's pretty crazy the techs went to trouble of uploading, but if her account was logged in/app logged in (as most are) then even a small adjustment to settings as far as what folders to upload etc might have triggered?
Not saying it wasn't malicious, likely was, but man, seems like could also be an accident of resetting settings etc
I wonder what (if anything) the repair techs thought when doing it. If a disgruntled employee wanted to maximize damage to the company (without regard to personal consequences), this surely looks like one of the ways to do it. I think it's still more likely that they just did it because they found it funny, but this is a kind of insider risk for companies that is really hard to defend against.
Seriously unless it's OS filesstem corrupted, Apple has no need to decrypt the user storage. If they can't do that, it just mean their design of the computer is horrible.
I get that people need fancy thin phone, but storage and battery shall be removable.
The only workaround as of now is not to own a phone which I exercise. I can't trust any of them.
> In a statement to The Telegraph, Apple said “when we learned of this egregious violation of our policies at one of our vendors in 2016, we took immediate action and have since continued to strengthen our vendor protocols.”
Yet it took us 5 years to figure out how to make this right with the victim.
> One of the issues here is that Apple instructs customers to send in their iPhone with the passcode disabled, which allows anyone in the chain to access any data stored on the device.
This right here is the problem. Apple must not ask people to turn off passcode instead reset iPhone.
Given the millions paid out for essentially the malpractice of these technicians, is it possible in another scenario that a 'victim' and technicians collude to repeat the same outcome, and split the court winnings?
The technicians remain nameless, and suffer no reputational damage, just losing their jobs.
Put another way - how is Apple actually responsible for the activities of these individual technicians?
Congress does this as well. They pay out millions in sexual harassment claims to staff and they never name the people involved.
What should happen here is the technician should be named, there should be big billboards put up in whatever town they live in, and they should have to get "I distributed child porn" tattooed on their face. As well as not be allowed to come within 50 yards of a computer or cell phone or transistor. There are harms you can't undo and the punishment should be as permanent as the harm.
A Facebook friend posted about getting a new phone. It was one of the last posts before someone tried to fish me through FB messenger posing as her. I reached out to her father, brother, and one friend that she posted pictures with - all people that know her IRL. All 3 appear to be compromised. I keep thinking this may have started with her old phone getting in the wrong hands.
It's not, but it's still careless or slightly reckless behavior. Like leaving a pile of valuables on the front seat of your unattended (but locked) car.
That analogy doesn't really work here, because then anyone who's walking past could steal the valuables in your car.
Consider that you had to send your car in for repairs to the company that produced your car, and you placed some valuables in your (locked) glove compartment. They then steal all of your valuables.
The car company (or their trained engineers) should never have to entered the glove compartment at all. The fact of the matter is that you left your valuables in your car with a trusted third party, and that trust was abused and your valuables were stolen.
The issue isn't that someone stole your stuff, it's that you trusted the company that built your car to not go snooping around and stealing your stuff.
Trusting a third party is not "careless or "reckless" behaviour, the onus is on the company to behave responsibly with your personal items/data.
EDIT: I took a look at the original article from the Telegraph[0], and it seems like the perpetrators were an Apple contractor called "Pegatron". While this isn't as bad as a BMW employee stealing stuff from a locked compartment in your BMW car, it still isn't great.
If this contractor was officially allowed to perform repairs (which it seems like they were, as Apple paid the lawsuit), then they should be held to the same standards as Apple employees when it comes to data privacy.
> That analogy doesn't really work here, because then anyone who's walking past could steal the valuables in your car.
I said locked car but whatever. Better analogy would be you get your car cleaned, and leave cash on the seat.
> Trusting a third party is not "careless or "reckless" behavior
I disagree but maybe it's a result of being taught to be "street smart" or "common sense" as it's sometimes called. I don't jog with headphones, I don't assume someone is going to turn when driving, I don't cross crosswalks without making sure traffic is stopping, and I don't assume a technician is going to be 100% honest when working on my stuff.
Sure "it's not my fault" if I get hit by a car, or robbed but blindly trusting every "professional" you encounter is nuts.
If anyone engaged in "slickly reckless behavior" it was the technicians snooping around in nude photos of a 16 year old. Not the 16 year old herself. She was a kid. She probably wasn't even aware of the potential risk. I know a lot of adults who aren't.
> If anyone engaged in "slickly reckless behavior" it was the technicians snooping around in nude photos of a 16 year old
Of course! It's more than reckless, it's disgusting, horrifying & illegal. I have kids about this age. If they left nude photos on their phone for a technician to find, I would scold them for being careless.
I don't understand why they need to unlock the phone for hardware repairs. I took my Toshiba laptop for a motherboard replacement after a power surge, and never provided my password. They gave it back after the repair and the OS was literally untouched. I would think Apple with their trillions would have figured out proper hardware repairs by now?
With the laptop example they can pull the storage medium (2.5" HDD/SSD, or NVMe), service it, and then reinstall. Whereas iOS devices have storage soldered onto the mainboard and there's a cryptographic sync between the T2 chip and OS installation, so you cannot simply swap the storage onto a different phone (this is actually a legitimate security feature that just happens to hurt service-ability also).
I believe there are things they can do (different levels of access, managed by iOS) but the laptop analogy doesn't help here since it is an Apples and Grapefruit kinda comparison.
> there's a cryptographic sync between the T2 chip and OS installation, so you cannot simply swap the storage onto a different phone
This is similar to how many laptops encrypt the ssd with a TPM chip. But they can still decrypt and image the drive provided they have the owner's credentials. So yes, of course apple can swap storage in Iphone, they just don't want to.
They get mad when you show up at the apple store for service having just reset the phone. “We take privacy seriously”, “you can trust us us”, blah blah blah. No. Always fully wipe before handing your phone or laptop over to anyone you don’t know and trust.
> They get mad when you show up at the apple store for service having just reset the phone.
They don’t. I’ve done it several times with my old MBP and a couple of iPhones. I never leave a device with a technician without wiping it first. If someone gets upset about that, the proper thing to do is escalate with the manager, because that would be highly irregular.
The article doesn't specify if the sharing of photos was intentional or not.
There should be safeguards either way, but it seems that most articles and posters are assuming that it was. I can imagine a number of ways to accidentally or automatically sync photo albums to Facebook, and this is one of the main reasons I don't have it on my phone.
Similarly, if the privacy breach was intentional, I would have guessed the techs would have downloaded the content and done something that was less obviously traceable to them.
How do you unintentionally open someone's FB app and then unintentionally go to submit a post, and then unintentionally open the photo gallery and unintentionally attach a select few nude pics before unintentionally confirming the selection and unintentionally submitting the post? Perhaps more than once?
I don't recall FB having a mechanism to automatically sync your camera roll to your FB feed.
Or do you mean to suppose they thought they were on there own FB account and expected to send the pics to themselves?
That's one of the reasons I brought it up. I thought there were setting to upload the camera roll or back it up to FB without ever going into FB itself.
Seems pretty obvious it was intentional. The amount of planets to align for a repair tech to accidentally post 10 nude photos to Facebook is greater than the number in the Solar System.
Who the on earth gives their passwords, also all laptops should be encrypted by default. I find it absurd to give away the keys to your bank, search history, personal notes, images, whatever - it's beyond private and personal besides being economically dangerous and very bad job security wise for most jobs.
Not blaming regular people though, but it's weird that people are so lax about giving the keys to absolutely everything.