> However, he neglects to mention that Apple already has a process to do this for legally-obtained products.
> The process is very simple. If a user has purchased an Apple product through means that will produce a receipt, like through eBay, users can request Activation Lock to be removed. All the user has to do is navigate to Apple Support and provide a receipt as proof.
> The problem Bumstead is likely running into is MDM or mobile device management. Apple will not unlock products that were previously part of an MDM system that's still attached.
So devices sent to a recycling center to be destroyed are being picked up and resold. So this whole thing seems like a non issue.
I'm responding to parent saying it's not an actual problem:
> So this whole thing seems like a non issue.
...
Apple doesn't seem able to "produce a receipt" if you purchased the MacBook with cash or a discontinued credit card in their store.
I have a lovely pristine 2019 MacBook Pro 16" that I put firmware password on before crossing international borders, before pandemic. The Ventura update broke boot. I have to boot to recovery partition, but cannot. No idea what "this is obvious" firmware pass I came up with.
THIS IS MY FAULT. But a surprisingly expensive fault…
I have the original welcome to new Mac on your Apple ID email a couple days after purchase, the Mac is active in my Find My, the Mac is under AppleCare to me which I have. Apple will not unlock it without receipt, which I do not have, and, no longer having an account with that card provider, cannot produce.
This 2019 MacBook Pro sells used for $4,689 from Apple today:
// At the same time, this is a reason we provide MacBook Pros to employees: we can take comfort losing one in NYC or Mumbai probably isn't going to compromise company data. This is worth the cost to me personally, and makes me an advocate of Apple's security work.
Well, that's the fundamental problem. With open hardware that you fully and completely own when you buy it, such problems are impossible.
The move towards hardware (mostly by Apple but not unique to them) that remains firmly in control of the vendor even after you buy it... is not a good one. It means your ownership is relatively ephemeral, any wrong move (or bug) and it's no longer yours to use.
As noted in the article, this is more-or-less an issue with corporate/biz MDM solutions.
A corporation buying hardware from another corporation. The “user” here is and was never in control of the hardware. The only human beings close to that role are the IT department.
Like it or not there are legitimate reasons corps do this. HIPAA, SOC, PCI, good old fashioned responsibility, etc. Apple isn’t the only vendor that sells systems and hardware locked in this fashion.
The reason we’re talking about this and not anyone else:
1) Apple is one of the world’a most valuable companies.
2) There is a tiny but very loud minority of people who have a seething, irrational hatred of them and cannot ever acknowledge anything positive about them.
3) Their solution for this is actually implemented well and can’t be bypassed.
I understand your point but we’ve gotten here for valid reasons - “XYZ employee gets laptop with 100m SSNs stolen”, etc.
Speaking more broadly, you are aware that with Apple Silicon they had a massive opportunity to do as you say and “own” user hardware, right? It would have been trivial for them to utilize all of this to prevent alternate OS installation. Even if they did lock out alternate OS installation they’d lose what, 0.5% of sales from the people ranting about Apple on HN that were never really going to buy Apple anyway?
> With open hardware that you fully and completely own when you buy it, such problems are impossible.
I don’t understand. If you have open hardware that you have full control over, choose to lock it down to make it impossible to factory reset the device without a password, and then forget that password, how does having open hardware help?
If you say “there always should be a way to factory reset the device without a password” you are giving up a feature that Apple provides: making it less worthwhile to steal Apple devices.
While unfortunate for any affected individuals, still IMHO a much smaller problem than a few companies have basically full control over all computers people use.
That's much more dangerous for the society than a few thieves making a buck.
Are you not free to simply not use find my/activation lock?
I haven’t used Asahi yet but the way I understand it you can install Asahi right away and the hardware is forever yours to control.
And if you are worried about Apple one day remotely adding a lock to your Asahi laptop you can probably block those requests proactively on a network level anyways
“If you don’t know the credentials to reuse it, it’s bricked” is a valid choice whether the hardware is open source or not.
Yubikey equivalents that are fully open source still have to be shredded rather than recycled, if properly secured. Open computing isn’t incompatible with secure computing — but secure computing is absolutely incompatible with reusable computing.
I have nothing against reusable computing, but I’m tired of seeing “open” and “right to repair” erroneously held up as meaningful solutions to reusable–repurposeable computing. Focusing on the core issue at hand – that you feel we should have the right to repurpose hardware in our possession without impediment – would go a long ways towards starting the correct and necessary conversations about “security” and “anti-theft” that, today, will simply not happen productively under the open/repair banners that the reuse/repurpose movement is trying to ride under.
> Open computing isn’t incompatible with secure computing — but secure computing is absolutely incompatible with reusable computing.
Is the first part even true? It does seem to me that there are a class of tasks, the most obvious being competitive video games, that do require that the user not have complete control over the hardware and software they're using.
It is absolutely possible to fully implement an open source hardware stack that builds up from an HSM secure store into a UEFI secure boot chained ti a signed, reproducible-buildable Linux kernel that can launch signed, reproducible-buildable applications and attest, with cryptographic signatures chaining from the hardware HSM clear to the kernel to the application. This is wildly unpalatable, but it’s already fully implemented and available on macOS and enterprise Windows 10+ today. (Seriously: Safari can, on stock macOS, attest to a website that you’re booted securely into an unmodified Apple kernel and OS, so long as your motherboard has the HSM boot chip.)
Whether this system is implemented as closed source or as open source is wholly irrelevant to secure attestation, which could be done exactly as it is today even if the complete source code were available. The difficulty is that, for anti-cheat, someone other than the user must have signed the key inside the HSM, or else it can’t be trusted to be unmodified.
This is why Secure Boot with Attestation, and the entire objection to Microsoft Proton, turns out to be about repurposeability — people want the right to repurpose hardware without a third-party services, such as anti-cheating checks, being able to exclude them based on their modifications. That’s not about open source at all. That debate is not about open source, and with the advent of widespread secure attestation computing, it’s overdue for serious conversations.
> people want the right to repurpose hardware without a third-party services
Is that wrong?
Third-party services are temporary. Hardware lasts forever. If hardware attestation comes at the cost of ephemerally-usable hardware, it's not worth it. It's certainly not worth forcing it onto devices that would otherwise be usable, but instead become landfill because their previous IT team went insolvent.
People can (and should) get mad at this, and doing so with the Open Source community is not a mistake. Open Source represents leverage (AKA "Freedom") against corporations that would otherwise harm you for profit. You can excuse this behavior with all sorts of DRM and anticheat, but you'll never win until the kernel stops processing digital input and output. It's a snipe chase, and it's not worth pretending it's not a power grab.
Whether repurposeability should take precedence over secure attestation and antitheft is the correct question here. I’m glad to see you’re considering this in those terms now. I hope others do too.
Note, however, that as Apple takes back all products they’ve ever produced for electronics recycling, in each case where an Apple product does reach a landfill, that could have been avoided. If, as in your example, an IT department refuses to recycle Apple electronics responsibly, then that’s not sufficient to declare repurposeability a landfill-prevention measure. So I worry greatly when I see such arguments refer to Apple and landfills, because they’re easily undercut, and that’s then used as an excuse to ignore the repurposeability debate I that I consider most important here.
Your repurposability debate is right to be ignored. Apple does not deserve the ultimate authority on device usability; case closed. If you want further deliberation, watch European regulators do battle with Apple's copywriters. Either way you cut it, this fantasy of Apple products being "built different" doesn't make sense on an international scale.
People want to hold Apple (the world's richest company) accountable. Why shouldn't they?
I’d absolutely like this to be decided at a regulatory level one way or another, and I support Apple being compelled to adhere to whatever outcomes occur from that.
Using this “Apple products in landfill” sensational headline to make the regulatory case is easily defeated by Apple PR, however, so find an argument that holds more water. For example: what’s the recycling story for Microsoft, Samsung, Google, and Lenovo handheld and laptop products? Do they all take back any of their mobile computing products for recycling? If not, using whichever of them refuse to recycle as an example will go a lot further towards making a case for regulation than using the one of them that takes back absolutely everything.
You would still absolutely control the HSM, in this example, and whether you installed an HSM provided by a third-party or your own would be entirely your choice. It’s just another open source hardware component. Microsoft could release the source code to the Pluton HSM and it would still be just as effective at secure attestation.
If you want Microsoft’s online gaming services to trust your computing environment in ranked competitive play, then you may find that booting with a self-signed certificate in your HSM isn’t sufficient for them to allow you into ranked play; they might choose to require a Pluton HSM. That has nothing to do with “open source”, though; the signing keys stored in an HSM’s secure vault are not part of its schematic or software source code, any more than the SSL certificate for a Wordpress blog hosted on Linux is part of the Wordpress or Linux source code.
> A better problem, some may say, than having a thriving market for stolen laptops.
Some may say that, because having their laptop stolen is a problem they actually experienced. Having your device remain owned by a vendor, who only "licenses" it for you to use opens up a whole new world of problems, some of which average person can't even imagine.
And yet “average” people buy and sell MacBooks every day without imagining, let alone experiencing those problems.
It is only thieves and ideologues who actually experience any difficulty. And while I’m all for righteous purity, I am also happy knowing that the thief who stole my MacBook from Spaces coworking in San Jose (do not ever use Spaces!) will get nothing for the risk they took, and/or that a buyer taking a too good to be true deal will get a brick.
Yes, I like this world better than the free-open-insecure alternative.
> And while I’m all for righteous purity, I am also happy knowing that the thief who stole my MacBook from Spaces coworking in San Jose (do not ever use Spaces!) will get nothing for the risk they took, and/or that a buyer taking a too good to be true deal will get a brick.
That might be a minor consolation, but the bigger point is that this will (hopefully) significantly disrupt the market for shady used MacBook sales and thus the incentive to target MacBooks for theft.
There is n=1 up there that someone is not stealing his laptop. He just forgot his firmware password. His Find My account still showing the device, but Apple doesn’t want to unlock it because he lost his receipt.
Sure. And that sucks. But do is it worth incentivizing the theft of n = many laptops?
This is the government encryption backdoor all over again. There is no such thing as a security backdoor that can be used only by good guys. If Apple can’t determine someone is the legitimate owner of a locked device, they have two choices: allow thieves to unlock devices, resulting in more theft. Or decline to unlock for some legitimate owners who chose to lock their device and not take precautions.
It’s a tough choice, but I think Apple is making the right one here. You may disagree, and that’s fine.
It's unfortunate, for sure, but the warnings are abundant; in not so many words don't forget these passwords or the consequences will be dire. Losing receipts for big ticket items is, I'm afraid to say, irresponsible. File the hard copy, or scan and save in multiple secure locations. The burden of proof of ownership is on the owner, it cannot be any other way. Heck, I'm sure a credit card receipt would do. Find it on a bank statement and go to small claims in the worst case.
Ok, so what is the metric Apple should use for deciding whether someone has lost their password or someone has stolen a laptop?
Or should Apple just remove the activation lock feature, that was added specifically in response to large amounts of theft because we don’t think those thefts are going to happen any more?
If you own a car and by some bizarre sequence of events all evidence that you own it has vanished, and then you lock yourself out, you might have a hard time getting a locksmith to unlock it for you. Police might even get upset if they see you trying to break into it! This doesn't seem very relevant to whether or not you "own" the car or "only license it." Granted, there is probably some "last resort" where you go to a judge or something, but I bet if you got an order from a judge for Apple to unlock your laptop they would do it!
> Having your device remain owned by a vendor, who only "licenses" it for you to use opens up a whole new world of problems, some of which average person can't even imagine.
Actually, everyone experiences this right now. Macbooks are working like this. And 99% of people are fine with it. We don't have to imagine anything
That's not true. I think you're saying that Mac users are already today in an ecosystem where this could bite them hard, that much is true. But nobody gives it any thought until they personally find their multi-thousand dollar device useless and Apple refuses to help even though they totally could if they cared. Only then do they realize what a terrible situation it is.
> With open hardware that you fully and completely own when you buy it, such problems are impossible.
I don't see why, in principle, you couldn't have open hardware that provided the same capability to brick the device for unauthorised users. In which case you would be just as SOL if you forgot the credentials to that, too.
Either you have an activation lock like feature or you do not.
If your hardware has a path that allows a random person to circumvent it, then by definition it does not have an activation lock.
This isn’t an open vs closed hardware question. This “does this feature exist”, and your argument is that it should not. This is spite of the fact that activation lock was a feature introduced specifically in response to high rates of theft, and its introduction immediately reducing that theft.
Activation lock is a feature that people want, but again activation lock is either there or it is not. If your “open” hardware includes a mechanism that bypasses an ownership lock then by definition the lock is not a functional if feature.
A company can make an open laptop that has an activation system that requires an authentication in or to do a full device reset, or to replace the firmware. But if that lock is in place, it can’t let you flash a new firmware on or reset it, because again that defeats the purpose.
One could convincingly argue that dead accounts are e-waste.
The main reason I guess we don't say that is because we have expiration policies.
But if you lose access to your, say, facebook account with 100GiB of uploaded content, then that content is going to be sitting consuming at least 300GiB of media (replication, backups etc;).
Thus: is that a problem?
I see a device like this as an extension of my self, having it "open for all" is not desirable; I want to knowingly give it to someone.
If someone takes it, or I do not unlock it, then I don't want the possibility for it to unlock. I paid for it, it's mine, in perpetuity until I say otherwise, even if I'm dead: since as I mentioned it's an extension of me... it is dead too.
Funny misconception, that. You paid for it, but Apple controls it. You trust Apple to do the right thing, but you cannot prove that they do. You cannot hold them accountable for doing the right thing, either.
So, how can you trust it as an extension of your self? I understand your argument, but you've based it on a misconception if you think you're the ultimate user with the greatest authority over your device. Apple makes the rules, the only thing you do as a user is agree to play by them.
No, the great thing is that even apple can’t do everything with your device! If it’s encrypted they (presumably) can’t access that data at all.
Unlocking a device by apple has no bad incentives associated, at the very worst case someone else can use your owned device without access to any of your data, aka stealing. And that assumes that apple will corruptly open it for someone else which they have zero interest in and that just accounts for regular old stealing with a billion dollar company’s help?
> If it’s encrypted they (presumably) can’t access that data at all.
We just have to trust their implementation, which is conveniently proprietary and unaccountable.
> And that assumes that apple will corruptly open it for someone else which they have zero interest in
Are you sure about that? They very publicly gave the Chinese government control over Chinese iCloud data a few years ago. That, and they've been part of PRISM for the better half of a decade now. When a company has a working relationship with multiple sovereign governments, I'm not sure you can strongman the "Apple will save us" argument.
This is also a problem with Google, Microsoft, Amazon, 95% of cell carriers, most cable companies and your laptop manufacturer (regardless of company). Apple knows you feel insecure about this, so they market their products/services to you with this in mind. News flash: does anyone really think the largest company in America (let alone the world) isn't in kahoots with the American government? Microsoft was. Google was. IBM was. And Apple is bigger than them all.
Encryption is great. Mixing it with snake oil isn't. People are correct to call out Apple's failures to protect their users in this conversation, because their track record isn't very benevolent.
That's where the transparency part comes in. Nobody reads every line of code, but feasibly anyone could read any part of it. Patches are examined as they roll in. Really the software distribution model is no different than trusting your apps to auto-update properly.
Apple doesn't have accountability. It's not that nobody wants to prove them right, it's that their system has been deliberately designed so that no one can.
Does it really matter that you can read any line if you can’t verify whether the binary you download is truly made from said sources? There is always some trust at some level, whether it is some debian server or apple is just another question.
It only bothers me when the publisher-in-question is a cardholding member of PRISM, without two cents of developer goodwill to their name. I'm normally more generous with small-timers, but try to stick to OSS all the same.
At the same time, it hardly disincentivizes thief from laying their hands on apple devices. With that in mind I’m not sure whether this is not a worthy tradeoff.
Can you sell it to a friend, give him a legitimate receipt (from you) and have him go to Apple? (seems like a hack, but it checks the ownership box for your friend)
Activation Lock creates undue friction during the ownership transfer.
This kind of security should be tied to something like removable storage device where the users data is stored, not the main device itself. That way when the owner dies or loses acess then said owner only loses acess to the data and not the entire device.
IMHO this is Apple trying to force people to purchase new devices and prevent reuse. It doesn't matter what is intended on the surface, but what the actual outcome is. This causes more waste and it's not helpful to the environment. If you are serious about protecting user data tie it to hardware security that can be decoupled from the device itself.
I'm in the business of repairing computers.Apple is setting bad precedence on multiple fronts, More than any other company in existence.
> IMHO this is Apple trying to force people to purchase new devices and prevent reuse.
Assuming you know your Apple ID password, disabling Activation Lock takes less than 30 seconds. You can even do it remotely via Find My on the web.
It hasn't exactly curtailed the legitimate iPhone resale market in the ~seven years that it's been on by default, either, though it did produce a dramatic drop in people getting their phone snatched from their pocket[1].
I wouldn’t expect it to, since Activation Lock is tied to an Apple ID and the firmware password is local.
The number of people who manually set firmware passwords on their Mac (i.e. don’t have it set as the result of MDM) instead of just using FileVault these days must be vanishingly small.
Just an idea, but, I remember something about T2 macs, and the find my integration and if you put the device into “lost mode” on the web, it sets a (numeric) firmware password as part of the ‘mark as lost’ process.
I think that overrides any user set firmware password, so might allow you to recover it,
Just a thought maybe a little searching can validate it before you might try?
It's my understanding that the purpose is to protect data. It has a secondary effect of preventing use of the device. The goal of reuse and preventing device use are incompatible.
I think this is shortsighted. Criminals might be the target of this policy today, but when these machines are no longer current, the owners of the machines might no longer know or care where the device is, and they will still be unusable. This to me is unacceptable.
This is really an issue of control. A company that designs and sells computers, which creates a conflict of interest, should not be in the business of controlling access to a computer. That should be handled by the customer. Otherwise they will use the market position to dictate how that control is used. It's a lose across the board, you are not thinking long term.
No, it’s even in the name of the feature. Activation Lock.
It is to stop devices being stolen, wiped and re-sold. It is an attempt to allow the legal owner of the device the ability to control who can use it, rather than the possessor of the device having full control who can use it.
Its only purpose is to protect the use of the device by people removing all the software (erasing back to factory defaults) and taking control of the physical device that way.
My folks also bought a Mac from an Apple Store with an active credit card. When the laptop was stolen and recovered by the police, it had some kind of boot lock on it.
They refused acknowledgement of the credit card because they say it could’ve been stolen and they refused state ID as it could’ve been stolen or forged. They refused acknowledgement of documentation from the police. They said it was my folks fault for putting the boot lock on as it warns you, but my folks weren’t the ones who did that. I didn’t even know that boot lock existed until then. This experience was in the same original Apple store my folks purchased the computer, which is why I presumed state ID and original credit card would’ve been adequate.
Unfortunately my folks had made themselves indistinguishable from foreign intelligence. The amusing thing is that if they're so worried about forged government ID's and stolen credit cards, then how on earth can they trust a receipt? Unlike a government ID, your face isn't on it.
They literally can, but are choosing not to. If there is concern about stolen devices, then there could be a way for victims of theft to submit such information to apple and then when someone wants to purchase a used laptop they could check whether it's stolen. They could also provide a mechanism by which a laptop could be submitted for unlocking and sits in the request queue for three months pending someone saying "that's mine!"
At the end of the day it's bullshit that functional laptops are going into the trash stream for artificial reasons. There should be a tax of 10x the highest global retail price of the device assessed against the manufacturer.
You can probably get your old card issuer to pull up your statement. I’ve done similar stuff in the past with closed brokerage accounts. It may be an involved process and take a while to reach the right person but worth a try at least!
In this case it seems like Apple has more than enough information to verify that Terretta is the valid owner of this computer, and so they should unlock it. Whether this goes via "reissue the receipt, then unlock it" or just "unlock it" isn't important.
Apple knows the time and place of each product (SN) they sell, and they know who activated it to their account. They should certainly be technically able to produce the receipt at the time of sale but also a duplicate later.
> Apple doesn't seem able to "produce a receipt" if you purchased the MacBook with cash or a discontinued credit card in their store.
I'm not sure if this is standard policy or a fluke. If true then Apple should absolutely not demand that proof of purchase back from the owner at any point. I can't imagine how it's legal to sell that in a store and not provide proof of purchase but that's a different matter.
I don't read the parent as wanting support going back indefinitely; 2019 to 2023 is well within when the company should have sale records. You generally need to keep them for at least seven years from when you file taxes, which might be more like eight years from the sale: https://www.nolo.com/legal-encyclopedia/how-long-should-you-...
The paper receipt most likely doesn't have any information (his name, email, etc) that identifies him as the actual person that was in the store that day and made the purchase. He said he purchased with cash or a card he doesn't have anymore.
Surely you can see how just handing out a generic receipt to whomever shows up and asks for it is a real issue.
Lesson here is, for ANY merchant: pay with a credit card, have the receipt emailed to you if possible. If not take a picture with your cell phone of the receipt, _on the spot_. That's it, you are future proofed.
Are you suggesting their system did not record the sale? I agree that OP should have the receipt but I'm quite sure Apple has the data for that sale somewhere.
I am suggesting that if I bring a laptop and ask them to produce a receipt of its purchase it’d not prove that I purchased the laptop. Anyone could do it and then use that receipt to say they bought it in the first place.
Indeed. The receipt should serve as proof of purchase from the purchaser to the vendor. I'm sure Apple does have proof on their side, likely even tied to the serial number, credit card, Apple ID, etc., but going to an Apple Store and asking them to verify your identity and connect the dots... that's probably out of scope for their everyday support. OP would need to work with a higher tier of support to reestablish ownership and receipt, which maybe isn't unreasonable to do.
Apple business has told me no guarantees but as a company owner I could possibly get an exception through our company's Enterprise Support, which, as a user of that service, I have observed being more empowered than the consumer channel.
Whether that might work or not, it's likely not available to casual purchasers.
I can't stop laughing at the shit apple users justify and put themselves through. You should be able to wipe everything clean and reinstall the OS without the need of any fancy firmware nonsense. But apple convinced their mac users that that's ancient tech and they need firmware passwords now( lol).
This is a silly idea but wanted to throw it out there anyway: What if you listed the laptop for sale on eBay, then bought it back using a friend or another account? Could that be used as "proof of sale" for Apple to unlock it?
What happened to you really sucks and I am sure you took away a lesson or two from it. But you have a really good point... "if it didn't work for me then I'm sure it won't work for an actual criminal" it's a good point.
In a way, you pen-tested Apple's anti-fraud processes... although at your own expense ;)
I would note that a legal way to get a laptop is to have it given to you. Not every transaction that transfers ownership entails a receipt from a corporation or even the exchange of money.
My dad was given an old company laptop a while back. He has since switched jobs. The laptop is locked with an UEFI password but is no longer in anyone's system and I doubt anyone ever stored a real receipt. He has a receipt from the company that gave him the laptop I believe, but the manufacturer won't ever take that as proof of ownership.
> In this case, if a device is given to you, why can't you have the person giving it to you (assuming they're the legitimate owner obviously) remove activation lock if they forgot?
The device was given away after it was written off. The data related to it has been deleted, there is no receipt any more. I don't have the receipt of the laptop I bought seven years ago, why should I?.
> Why not check the device quickly at time of transaction?
They could have, but they forgot. Now they can't.
You can think of processes and procedures all you want but in real life people lose receipts and forget to check some stuff.
I would say not everyone who has the activation lock enabled knows it exists or how to remove it. My parents, for instance. I fully expect one day they’ll take it to goodwill and it’ll be slag.
I’m actually not concerned about this. The security value is higher. I’m just pointing out ownership doesn’t require a receipt.
> In this case, if a device is given to you, why can't you have the person giving it to you (assuming they're the legitimate owner obviously) remove activation lock if they forgot?
think these discussions can be higher quality if you spend a minute thinking through your hot takes and doing a bit of research. In this case, > > if a device is given to you, why can't you have the person giving it to you (assuming they're the legitimate owner obviously) remove activation lock if they forgot?
Because it creates too much friction at the point of transfer.
Decryption security should be handled in a way that the decouples user data from the device itself. There will always be theft. The impact that we have on the planet is something we can no longer afford to ignore.
This isn't an issue of turning off our brains. We have two problems we have an issue with theft and how security mechanisms that are tied directly to the device strongly prevents reuse and resale.
>Because it creates too much friction at the point of transfer.
The definition of the desired process outcome is "it is demonstrable that the asset was transferred willingly". What is your idea of "less friction at the point of transfer" that achieves that goal? Otherwise, we're back to "this is indistinguishable from theft".
No, its Apple inserting themselves into the process. The same process apple uses to deny independent computer repair centers access to parts. This isn't about preventing theft. Its about apple controlling how hardware is accessed and used and you can see that be how the treat their customers and repair centers.
By trusted 3d party do you mean Apple? The same company profiting of off making hardware less accessible, forcing people to by new devices instead of being able to repair there own stuff. You mean that trusted 3d party?
I don't agree. We don't need a company the same company that provides the product tell its users how to protect themselves. Thats up to the people purchasing the product. It creates a conflict of interest and it causes people to loose the freedom on how they wish to protect their devices.
There will always be theft, but only one livable planet. You do the math. The way Apple is implementing this security makes the impact on the planet worse. In the long run, its not worth it, for user control or for the environment.
These discussions would be higher quality of blatant apple shills didn't write 4 paragraphs defending an obviously flawed policy that is objectively sending good hardware to the landfill.
"Please don't post insinuations about astroturfing, shilling, bots, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data."
Can anyone confirm this? The article AppleInsider links[0] doesn't seem to have a way to upload a receipt. And I don't see how this would be possible without Apple verifying that the seller's name matches the name on the Apple ID, since, otherwise, thieves could launder devices via "selling" them via ebay once (for a 12% fee), or telling buyers of stolen devices to submit their receipt to Apple to get around the lock.
So what happens if I bought a macbook from someone who bought it from apple or apple’s reseller but no original receipt was given to me and then I forgot my password to unlock my laptop?
Will I ‘lost’ my laptop forever?
IIRC the previous Vice article mostly mentioned things like school bulk-selling devices, without doing the legwork of disassociating / resetting devices out of MDM. At no point is the goal to force the destruction of the device.
I was able to get activation lock removed on 2018 MacBook I purchased off eBay this way- I took it into an Apple Store to get its keyboard replaced under warranty and they just asked me to produce the eBay listing with the serial number visible and my shipping address on the order.
Doesn't this defeat the purpose of the activation lock? If I steal a device and sell it on eBay I still make my profit. In the general case if you have a locked device could you just "launder" it through eBay for the price of the commission they take?
Generally speaking, this works to unlock one off devices (and not mdm) but if you went to them with bulk serials to unlock they would tell you to go away. The scale recyclers operate at this does not work.
If it makes my laptop useless to be stolen and protects my personal information and finances I'd choose them being sent to the landfill over second hand market.
None of this is an issue if its actually real second hand.
As much as we all like to poke fun at Apple for some of their annoying decisions with lack of user choice, their locked-down systems also have pretty impressive results in that they've made it nearly useless to steal any of their devices.
I remember hearing that in certain "protests" (definitely not riots) a couple years ago, where people were looting stores, Apple was able to easily get the serial numbers of all the stolen devices and remotely brick them. The contrast of how valuable Apple products are both new and second hand, compared to how useless they are to steal is pretty wild. I can't think of any other product like that.
I think I also read the the comments last time this was posted someone talking about how their kids locker room had a bunch of phones stolen but the thief's left all of the iPhones because they couldn't be unlocked.
Don't Android phones have a similar feature with a linked Google Account? I once needed to contact the old Owner of an Samsung phone because of such an account lock.
I don't see how popping an eFuse would really prevent anything. Even if logging in triggered some sort of key generation for remote bricking that was tied to the phone's password, at the end of the day Apple still controls everything. You'd still have to trust that they wouldn't just silently push out an update that replaces the key, because they'd have to have the ability to replace the key anyway.
If you don't trust Apple to not remotely brick your iPhone, don't buy an iPhone.
Im just spitballing here. I'm sure Apple could securely create a scheme that all sides are happy with but they obviously don't care because it makes them money.
Well spitball a bit harder because it's actually a hard problem to solve - given buying and selling of used items, how do you prove who actually owns a device? The official registered owner is the one who's iCloud locked the device. If you were the legitimate owner, you could just iCloud unlock the device. If you bought it off Craigslist legitimately, the old owner would be able to iCloud unlock the device, if cooperative. If it's a time-based thing, then thieves just have to steal the phone, wait 6-months 3-years whatever, and then they get a free phone/laptop/iMac. If you have to show a receipt to Apple to prove you bought it, a thief could just have a friend make a post on craigslist that they "answer", and there you go.
If you go into the Apple store and request a firmware reset, Apple will ask you for the original receipt before sending it off to the factory to do it, but they can. But given how expensive their laptops are, a rogue employee at a computer recycling center could still slip in a few stolen ones and pocket the gains if Apple worked with recycling centers to unlock their laptops.
You are in control. You attaching your account to it is what is bricking it for anyone else. You can always remove your account from it and hand it to another entity. The only thing Apple is doing in these cases is saying no to letting someone else remove your account/mdm association.
Good thing I didn't say anything about the vendor locking the phone is the only way. Apple designed their system and yes, they do have control. It's also a good thing that Apple has delegated the ability for you to lock/unlock your own phone when you want.
I'm trying to figure out how you want this to work.
If your own laptop is stolen, you're no longer in physical possession of it.
So from the perspective of the laptop, some sort of interaction should brick it. What should that interaction be? It needs to happen early, before thieves have a chance to disable it. So it needs to happen before login, say. Really it needs to happen at either bootup or as soon as the laptop establishes a connection to the internet.
At which point it should... reach out to you? How? Must you own a second Apple device for that to work? Okay, let's go with that. You have an iPhone, and you use Find My to brick the laptop. So now someone can steal your phone and use it to brick your laptop? Your laptop needs to talk to your phone every time it boots up or connects to the internet?
I'm not sure you've thought this through.
It seems reasonable to me that the only entity that makes sense here is Apple. Even a savvy thief, who might block packets to anywhere unexpected--and "person's iPhone somewhere" is definitely unexpected--is going to need to let packets go to Apple, making them the only party with the means and opportunity to do this.
> So from the perspective of the laptop, some sort of interaction should brick it. It needs to happen early, before thieves have a chance to disable it.
Not really. Encrypted data on the drive, password protection to get in should be enough. If the password implementation is top notch it essentially is a brick to anyone not in the know — time will be of no use to them.
And how do you think Apple implements their anti-theft functionality?
It's really not that hard to design a system that will become essentially a brick when the password is lost. E.g. just put some flash memory on the main processor chip that partakes in the encryption of the harddrive.
> from the perspective of the laptop, some sort of interaction should brick it
Yes, that is the sales scenario for remote lockout. Its kind of lame, like "if I can't have my thing then nobody else can either and it becomes e-waste," and also depends on a crook being smart enough to realize this valuable looking thing has no resale value.
Now run out the scenario where you are the Canadian truck driver or in some other politically unpopular position and getting progressively locked out of stuff. Maybe the feds start leaning on Apple like they do to debank state-level authorized herbal commerce. Maybe some other entity gets into Apple's system and holds your computer hostage. It seems like the wrong direction for computing devices.
Off the top of my head: if you can change those bytes, sophisticated thieves can change those bytes, and eventually anybody buying a kit on the open market can change those bytes.
Also, as I previously mentioned, sophisticated thieves can block traffic anywhere other than Apple by default.
They should have just called them riots, then. "I remember hearing that in certain protests a couple years ago" or "I remember hearing that in certain riots a couple years ago" would both work. The wording as-is is provocative for no actual benefit to the point.
Whether you agree with their position or not, it's not really relevant to this discussion to draw attention to the ethics of those protests/riots.
The comment didn't need to mention it at all, especially considering that it was preceded by "I remember hearing." It didn't add anything to the point about security and it goes against the spirit of the site.
Here's a thought: if there is both protesting and rioting going on, we don't have to say this is either protesting or rioting. This implies the venn diagram of the protesters and rioters is a circle. It could be, but there also could be no overlap whatsoever. Pretending it is necessarily a circle -- they are one and the same -- is asserting a political point of view.
(Also, this makes it easy to delegitimize any protest: send some looters. As soon as anyone loots simultaneous with and adjacent to the protests, it is now a riot.)
OP was ostensibly making a completely unrelated point. The word "need" was referring to the relationship between the original topic of discussion and the snarky aside that OP dropped into it. There was no need for there to be a political component to make that point. It didn't add anything to the discussion. Obviously people are downvoting my comment, so people don't think that I was contributing to the discussion either, but I thought it was worth a shot to try to discourage the kind of comments that I believe degrade online discussions. I think I made my point in a pretty civil fashion, and that's the end of it as far as I'm concerned.
Need is a value judgment. There's no need for this website. If you want to say it's irrelevant, that would make more sense, and then as you say your comment would be relevant to OP's.
> Wrong -- it means that 1000 of these devices were dumped from an institution to a recycler without even bothering to log out first. And these apathetic institutions don't return calls when asked to unlock because they want the machines destroyed.
Yeah, this is a problem with how many recyclers sell their services. What they sell to businesses is something like "we dispose of your device and securely shred your data" beside some picture of physically shredded hard drives... but reality is often something more like "we have a kid run DBAN on it and then flip it on eBay".
Recyclers are going to have to have to make it worthwhile to the businesses they source their product from, and be a little bit more upfront about it, if they want to recycle these devices. What they want to do is whine to Apple so they can continue to go behind their customer's backs like they do now with every other device.
Isn't this just a case of "buyer beware" for the recycler? If the machines haven't been properly erased so that they can have ownership transferred then the recyclers should refuse to accept them.
On the other hand, if the original owners want the machines actually destroyed and not resold then I don't see the problem here.
On the third hand, they're a recycler. It's unfortunate these Macs can't be reused, but I imagine the Recycler got these for free or bought them and paid scrap metal prices, not "we'll resell this" prices.
It's not just "unfortunate": our wildly consumptive and wasteful nature is a crime against future generations.
It's not just that our consumption and waste production are at record levels, to the point that we have damaged our climate!, but that they continue to increase at exponential rates.
All of this central control assumes the central control will still be there in the future. Someday, apple will cease to exist, and when it does, there will be millions of unverified bricks that used to be computers.
Sure, but as soon as they remove it from their iCloud account that activation lock is removed. (yes, you can connect to wifi before you enter the password)
The only time this is not true is when the previous owner has intentionally marked the device lost or stolen in the find-my App/Site.
I think a lot of this backlash is recyclers getting stolen goods.
(Also, iCloud lock is bypassed if there is an MDM, like in a corporate setting- then the icloud lock can be remotely enabled/disabled by the organisations IT department)
Because the actually valuable content (the data) is protected, while the disposable part (the hardware) is taken. If you have a responsible backup habit, disaster recovery is as simple as restoring another device. FDE gives you permission to shrug-off lost devices and data, something an unencrypted laptop can't quite offer.
You've got it the other way around: for a thief stealing a laptop whilee you're careless in a coffee shop, the actually valuable content is the hardware, while the data is the disposable part.
Sometimes the data can be valuable as well (perhaps you can be blackmailed, or perhaps they can steal additional things from your bank accounts etc), but that is far from guaranteed. The hardware has a clear value though.
It's not about the thieves intent. It's about the person that ends up with a stolen or recycled device that wasn't properly wiped and now has a bunch of sensitive data on the hard drive (you can find tons of stories like that).
Also industrial espionage is a thing and but I agree with you that's probably a minority of thefts.
Yes, I know what FDE is good for. But it doesn't prevent or deter anyone from stealing the device, as Activation Lock does. FDE has no utility in reducing the value of a stolen device, because they can be simply reset to factory settings.
I could also deter thieves from stealing Macbooks by engineering it to detonate the battery when an unauthorized user takes it. That doesn't make it right, or justify the collateral damage caused by the feature.
Your data is valuable to you, but unless you happen to be Hunter Biden it's probably valueless to anyone else. On the other hand, your hardware is valuable to a thief who can resell it.
Full-disk encryption protects your data. Activation locking dissuades theft.
When your ownership of things depends on a private organization - under the ultimate control of who knows who with what private agenda and incentives -, the organization's willingness of cooperation in this ownership, and proper and fair implementation of procedures, with incentives for them to do so the best being indirect (sales volume of products as a whole) then there is definitelly an issue!
Just because there are criminals out there we shouldn't mandate all and every honest parties prove themselves of their innocence proactively....
I am surprised this security vs. freedom things is still something where people argue so overwhelmingly for the security part against themselves despite the many many many bad experiences throughout the history in various levels....
(there are schemes where the ownerships is strictly controlled but by a public body of the society with regulations around it - house, car, etc - but not a private business oriented organization's coined policies and online account implemented by there sole discretion and judgement who is allowed to use what, what constitutes acceptable proof in their view, and who is given access to that authoritive account and who is locked out eventually, potentially for a completely independent reason)
> If it makes my laptop useless to be stolen and protects my personal information and finances
keeping information private and/or secret and rendering a perfectly usable device a brick are two completely orthogonal things.
My laptop is perfectly secure, without Apple having a say on what I do with it after I bought it. Including reselling it.
p.s. if someone saw my laptop and a mac laptop left alone in the same room, they would try to steal the Mac, making my laptop even safer by virtue of not being from Apple.
> p.s. if someone saw my laptop and a mac laptop left alone in the same room, they would try to steal the Mac, making my laptop even safer by virtue of not being from Apple.
A lot of people around are claiming the exact opposite: thieves have learned that stealing Macs is useless, while other laptops have clear re-sale value. The retail price of Macs is irrelevant if there is no way to fence them, and if thieves are aware that there is no way to fence them.
electronic devices are a source of copper, silver, gold, nickel, zinc, steel, glass, cobalt etc etc
They are quite more valuable than the bare aluminium case.
In 2016 Apple declared that it had recovered nearly 90 million pounds of materials from Apple devices recycled through its program in 2015. Sixty-one million pounds of those materials are reusable in future products, including 2,204 pounds of gold
From an environmental POV Apple should allow people to use/re-use/resell their devices as long as possible. Of course that would not align with their interest that is selling as many new devices as possible.
except when they can't (I saw comments of users that lost the access to their accounts or that could not prove they bought the item because they lost the receipt that had their devices turned into very expensive bricks)
OTOH e-waste should not be allowed under any circumstances when the raw materials are scarce and/or retrieving them is damaging to the environment or they are polluting.
Last but not least the device destiny should be under the control of the person in possess of the item, unless the item was stolen.
If someone brings their car to my junkyard to destroy it and I fix it and resell it or dismantle it and sell it as spare parts it's completely under my rights, I don't see why electronic devices should work differently and why the manufacturer should have the keys.
Don't let me start on non-Apple compatible replacements parts that Apple won't let you use, even if the warranty has expired.
I would rather my devices become bricked if they're stolen from me. You are welcome to disable the feature on your own devices or not purchase devices that have this feature.
> I would rather my devices become bricked if they're stolen from me
Non sequitur.
The device is mine when I buy it, but it is sometimes impossible to unbrick something that Apple bricked.
I would rather let you pay a premium to have the features you so much want, because annoying the majority just because you want something, should cost you more.
Also the will to generate useless e-waste should be punished, we are past the times when people (especially americans) can use the entire planet as their own junkyard.
>if someone saw my laptop and a mac laptop left alone in the same room, they would try to steal the Mac, making my laptop even safer by virtue of not being from Apple.
That might be true now, but it might not be as time goes on and this bricking functionality becomes common knowledge.
The previous owner CAN unlock if they're able to and they know they're supposed to. Unfortunately I suspect a lot of devices are intentionally donated or recycled while unintentionally locked. I wonder what percentage of SMBs have proper MDM set up for their devices versus just a bunch of personal apple IDs with no way for the org that owns them to unlock them?
This is a self-correcting problem: if I buy a Mac from you on Craigslist I’m not going to say “oops, no big deal” if I can’t use it - I’ll ask you to unlink it, reverse a charge, or even take you to small claims court.
Over time, people learn this and it becomes routine just like people buying used cars know to check that the seller really owns it and isn’t lying about the collision history.
You don’t, which is why many people either avoid them, carefully check before paying (Apple has a detailed “before you buy” guide for this exact reason), or in the worst case that’s why I mentioned small claims court since regrettably some people will misrepresent what they’re selling.
Apple could help by emailing the owners and asking them if they want to unlock the device or report it stolen. That would remove the ambiguity, help honest recyclers and users and the environment, and generate evidence against thieves.
You could even go a step further and require the person requesting the unlock to provide photo ID and affirm that they are claiming to be the legitimate owner of the device to dissuade thieves from trying to use it and also for the unwitting receiver of stolen goods you now have a way to get that back to the real owner and potentially track down the thieves on the other side of the transaction. Sadly I doubt that would result in police actually taking action against thieves but a macbook is expensive enough to be felony theft in most places. The guy selling it on Craigslist probably isn't going to use a burner phone, meet away from his home, and use a rental car just to sell a stolen macbook. I think there are much better odds of identifying them if Apple would try and get devices past activation lock and track these cases down.
Apple literally just released a security update to a 10 years old device, and their devices have a huge second-, and even third-hand market so they easily live for that long.
There are plenty things to say about apple, but their devices do serve their lifetimes. I would be much more worried about the litany of low-end laptops and mobile phones that end up in the trash with zero value in a year.
iDevices are actually excellent at e-waste reduction precisely because of their "erase everything" feature, which gives owners a very quick and assured way to ensure the devices are actually wiped and reduces incentives to shredding devices or parts of them.
The article is about the opposite, and how can you trust that the "erase everything" works? You can't verify it without destroying the device, since the storage is not removable.
The drives are actually already doing this, it's just that the key is set to 0's.
I can imagine that, given the drive is accessed via T2, that Apples NANDS are being accessed the same way, in which case scrambling the key is enough to make it unrecoverable permanently.
fwiw self-encrypting drives always manage to end up in a research paper every ten years where they show the crypto is catastrophically broken, the key is "md5(serialno)" and the access check turns out to be if(!strcmp(pw,...) || !strcmp(pw, "letmein").
It's on the refurb companies to ensure it's unlocked before distributing payment and accepting the product. Otherwise this business is indistinguishable from trafficking stolen property.
I can’t believe the HN consensus on this one! A system that relies on the original owner to perform some incantation or the device is e-waste? Really, that’s the best Apple could do?
I sympathize with the resellers here. Often times the original owner cannot be contacted. Maybe they are dead and the machine came form an estate sale. Maybe it was sold on consignment or something. Maybe the original owner is just very difficult to find.
I bought a MacBook off an eBay seller, and had to deal with this shit. It took the seller forever but by some miracle he was able to track down and contact the original owner so he could unlock it. Without this hassle, a perfectly good computer would have been e-waste in a landfill somewhere.
Frustrating the legitimate second hand market and the ecological impact of all this waste is a high price to pay for mere anti-theft. Companies are very eager to kill the secondary market for their goods, and accepting this scheme plays into Apple’s hands.
It does work though. I had a thief break into my house a couple of years ago (2019 or 2020 can’t quite remember), they stole my expensive DSLR kit out of the cupboard, left the six-month old iPad Pro that was sitting on my bed.
For the dead person scenario, you can get access to iCloud with a court order once they are deceased, or if they have set up their legacy contact. So that would be the procedure to unlock the device.
For the ones in the article, the people sending them to the recycler seem to be refusing to unlock the devices and want them destroyed. Perhaps Apple should take back these machines for refurb in such a case (especially since they’re quite new)
> For the ones in the article, the people sending them to the recycler seem to be refusing to unlock the devices and want them destroyed. Perhaps Apple should take back these machines for refurb in such a case (especially since they’re quite new)
That seems to be the obvious solution: let Apple reset them completely, wiping out anything that could possible store any data, and make the components usable again. As long as Apple doesn't pay out any more than the shipping & handling of the laptops, there's no profit motive so the theft protection is still there but the planet is just a little bit greener and happier.
> you can get access to iCloud with a court order once they are deceased
Even for important memories, has anyone heard of anyone else actually doing this? Just curious, lots of deaths in my family lately and i'm positive none of the grieving members would attempt a court order
The 'mere' anti-theft and privacy benefits are way more important to me than the second-hand market. Plus, the difficulty caused by the anti-theft mechanism is straightforward to overcome provided the seller is legitimate.
Why should onus be on legitimate refurbishers and resellers to prove that the device is not stolen (extremely hard) rather than on the victim to report the device as stolen within a 30-90 day grace period (trivial)? After this grace period the device would wipe the data encryption keys and unlock itself.
A simple solution that protects both sides, it just so happens to conflict with Apple's earnings goals.
When I spend several thousand pounds on a laptop, I expect its features, including its privacy features, to maximally benefit me, not some hypothetical refurbisher who I, quite honestly, don't give a shit about.
Its privacy features will always maximally benefit you. There is no way to get data off the Macbook unless you don't trust Apple's secure enclave encryption. Activation lock is a separate unrelated concept.
You might not give a shit about recycling but Apple says they do[1], they really love to go on about how much they care about climate change and the environment. It's important to point out clear violations of those claims so others can make informed choices.
Well said! There has to be a better way to balance anti-theft and the interest of re-use. It seems abhorrent that fully functional, almost new devices have to be thrown away.
For example, a possible solution could be the following: If a device is locked to an account, the new owner can send an anonymous request to the apple account of the previous owner of the device, asking them to authorize an unlock. This would protect stolen devices, while also making it possible to recover devices where the previous owner was simply neglectful in unlocking the device before selling it. Of course, it would not help if the previous owner is dead, but anything helps.
Sing it with me: One of these things, is not like the other!
Look if you just want to get your 3 minute hate against Apple out I'm happy to yell and scream with you (fsck their walled garden), but scanning for CSAM on your device (which they took back and aren't oing) is not the same thing as fighting thieves. Hell, Apple recently made the move to allow iCloud backups to be fully encrypted, impervious to Apple, the local police department, the FBI, the CIA, and the NSA (unless they've broken the encryption scheme, and they didn't tell anyone, which is entirely possible, but that's like Edward Snowden levels of "they're out to get you"), so I'm not sure how they're "the police now".
This assumes the previous owner (still) uses an Apple account. If I were to switch from Mac to Windows, I don't see why I would check my Apple account for notifications.
I really don't understand the argument for this situation. The drives are encrypted, right? Why can't the drive just be formatted and the system reused? The data is the thing that's important here, no?
I feel like there's some sort of middle ground here. If a device is still registered to the original owner, notify the original owner and give them a grace period where they can permanently lock down the device. After that grace period, the device automatically unlocks. Having to provide the sale receipt feels more like vendor lock in than actual security.
That’s already being phished despite being in Find My. A local iPhone users Facebook group here regularly gets posts of “I lost my iPhone and then got a text from Apple to find it by clicking this link, should I?”, text sent by the thieves.
Adding a similar real interface (even if delivered by Find My and not texts) would just make phishing more successful. That’s why Apple Support/2FA prompts are verbose popups on every device you own at the same time.
So the answer to thwarting crime is just to have every device lucked and make the machines completely useless? Which just indirectly makes transferring the device to legitimate next owners harder?
I get it, people are conditioned to vendor lock in because of cell phones. In reality it's incredibly wasteful. I'm still not convinced the current way of doing things is best for the consumer.
It makes transferring the device to a new owner slightly harder. But it takes two minutes to remove the activation lock. If the trade-off is protecting owner privacy/disincentivizing thieves and forcing sellers to make a two-minute config chance, it think it's worthwhile.
How completely useless? If you bought a locked phone (Android included!) or Apple device from someone, you just ask them to remove & unlock it. At worst they recover their Apple ID and then remove it. Otherwise, you get your money back (almost sure a court will side with you if necessary).
That only works for people who have another Apple device. A lot of people just own one Apple device – their phone. So you would have to send out an email for this to work, in the general case.
We're talking about a proposal that you are putting forward as a
good idea. I pointed out that the proposal won't work for users who
have only one Apple device. You've responded by suggesting that Apple
wouldn't care. Well, maybe they wouldn't – I don't know – but don't you care?
If so, how would you solve the problem?
No, I don't care. If an Apple user signs up for Find My on their laptop, then their laptop is stolen and they don't try to use Find My to recover it... I don't know man. It's a "we've tried nothing and we're all out of ideas" situation. Meanwhile it provides the benefit where if you're sold a machine and the original seller can't be contacted to unlock it, it gets automatically unlocked some timespan later. It's not perfect, but it's better than the current situation.
I guess at some point this is a subjective value judgment that's not worth arguing about, but help me to understand this. If you bought an Apple laptop, would you be more worried about (a) the laptop being stolen, or (b) an indirect recipient of the laptop being unable to use it because they couldn't contact you in order to unlock it? For me it's pretty clearly (a). If I want to sell the laptop, I can easily reset it and do so. If you think about it from the point of view of Apple
customers (which is hopefully what Apple is doing), then the choice is pretty clear.
In light of all possible e-waste, and waste, this pales in comparison while giving the users a lot of power. In my opinion, it is an acceptable trade off.
Alternatively, the machines can become donor boards instead of e-waste.
Compared to the ecological impact of industries around the world dumping far worse directly into the environment, the desire for people to not want their expensive device stolen and resold is not a contributing factor.
The reduction in iPhone theft after activation lock was remarkable in the Bay Area. Did the person writing the article confirm none of these were stolen?
Owners can now remove devices via web site I think. So if folks are saying these are just broken, have owner turn off activation lock
Typical clickbait title, my main takeaway was; this security actually works that well? Sign me up.
Give the original owner 30 days and if no response unlock it and let the thieves win? Uh, no I don't think so. It's not a far stretch to think everything got stolen and the owner is now locked out of their complete digital life.
> Owners can now remove devices via web site I think. So if folks are saying these are just broken, have owner turn off activation lock
For this to work and for the device to _see_ that it has been removed from an account requires that even in it's locked that it must be able to start up and allow the person with physical access to at least configure some network details right?
Yes, but this makes perfect sense as activation lock only comes into play when the device is working. So when you go to reset the device it checks activation lock during install.
> Owners can now remove devices via web site I think. So if folks are saying these are just broken, have owner turn off activation lock
I expect that some means to "phone home" is required. I just had to spend an hour on the phone with Asurion to avoid a $300 fee for returning an iPhone for warranty replacement where the Activation Lock wouldn't turn off despite removing the device via the web site.
I don’t think asurion spends the time to do the reset flow if the lock is showing as on. In most cases users don’t turn off lock after the fact. I thought reset flow was needed to get network connectivity back which is needed to check lock status.
I think you used to be able to run stolen phones back through insurance claims as broken but I think that has stopped being possible as they take a harder line.
On my call, the rep put me on hold for a few minutes and came back saying that they could verify I'd removed the device, even though the activation screen was showing. It may have also just them giving me a freebie since I've been paying them for well over a decade.
I'm not saying they can't figure it out, but there is a lot of repair flow stuff that may not do that because if the person didn't unlock before mailing not that many will unlock after mailing? Or even know how to?
Find My relies on BLE and other devices in that mesh network to transmit location (and “make sound” requests) in case the device is offline/soft-off, maybe Activation Lock has a similar implementation? Find My just hangs onto a cryptographic proof to disable Activation Lock and other devices around it deliver it in case there’s no internet connectivity.
Apple is explicit about making sure lock is off when buying - and at least apple won’t pay out on an unlocked phone reported “stolen”. But yes - the scams migrate.
Stolen product still had some value via bogus warranty claims because that process didn’t always cross check lock status because item was “broken” or wouldn’t turn on and apple doesn’t always put serial number externally visible. If person fixed laptop they’d find it was locked. All that has tightened up I think?
I nevertheless had my M2 MacBook stolen on BART in San Francisco last month. This wouldn't have happened if it were universally understood that stolen MacBooks are worthless. My interaction went smoothly, but this could have gone badly.
If all buyers checked that the activation lock was disabled before sale, we wouldn't be having this discussion. I prefer the reduction in crime that activation lock promises.
If you were around when phone theft was a thing on BART and Muni you'd never sit near a door again :) It was comical how bad it was and how little the govt did about it other than demand apple fix the issue. Would have been trivial to have an undercover cop on their phone near a door all day - they'd have caught tons of criminals.
That said, at least for phones activation lock was game changing. Not sure about laptops, maybe they can't ID them or fewer activate lock or there is a way to use them in a claim scam (ie, damage and "return" laptops while reselling the real one?)
and in a decade? What if apple no longer maintains this system? Will all these m-series macs be bricks if they change hands for free or are legitimately recycled?
From other comments, it appears that this is not the case in London. But it appears that stolen iPhones in that city get shipped to China in large enough scale that someone is making a profit.
Looks like some of these "broken" notebooks are actually stolen notebooks. If you buy online, you can contact the seller to solve the issue. It is actually the point of the feature. If someone knows they could not do anything with the device, they will not steal it (same with new phones).
> Apple encourages owners of older devices to participate in the company’s trade-in program
Which is a pretty bad program, reusing is always better than recycling. Apple will just scrap it into basic elements: metals, maybe lithium.
I think that’s exactly what is going on here. If you’re a third party reseller who buys used Macs for resale then you need to have the original owner turn off Find My Mac so you can wipe the machine. If the person bringing the machine in for resale isn’t the original owner then, well, it may be stolen.
It may. Or it may not be. The default assumption that it's stolen causes a lot of needless waste. And frankly, even if it is stolen, is it really in the best interests of society to effectively destroy such a large investment of time and raw materials as a Macbook? One cannot but help noticing that this policy, like many of Apple's "for your own good" policies, are awfully convenient for Apple's bottom line.
There are so many ways this could be resolved without destroying working equipment. Apple presumably knows who the registered owner is - they could be contacted. They could be unlocked at Apple stores, with various details taken to facilitate any potential theft investigation.
> even if it is stolen, is it really in the best interests of society
When laws were passed to require Apple to enable the feature by default on it's phones, society certainly seemed to think it was in everyone's best interests.
>The temptation of a smartphone for a thief is dropping, thanks to Apple’s decision to implement a remote kill switch via Find My Phone that can erase and disable a phone once it’s been stolen or gone missing. A new report from Reuters found that iPhone theft dropped by 50 percent in London, 40 percent in San Francisco and 25 percent in New York. The drops represent theft activity as measured during the 12 months following Apple’s introduction of the remote locking feature in September 2013 as part of iOS 7. With iOS 8, Apple made its so-called said “kill switch” active by default, in accordance with California regulation, and that should help the rates of theft continue to trend downwards.
> The default assumption that it's stolen causes a lot of needless waste.
We're talking about 2-year-old M1 macbooks [1], some of which are worth $1000 unlocked and approximately $0 locked.
Even with broken screens etc, the owner can unlock them online. Large institutional owners like schools can get them unlocked in bulk through device management. And even if the institutional owners messed up the device registration and it's been locked to a fired employee's personal account, Apple can unlock them using the original sales records.
In the absence of theft, it's difficult to imagine why the owner would be refusing to unlock the device, given they could share $1000 of value with the recycler. There aren't that many macbooks being repossessed by bailiffs.
But if the devices have been stolen? That easily explains what is otherwise mysterious.
> In the absence of theft, it's difficult to imagine why the owner would be refusing to unlock the device,
It's generally not the owner refusing to unlock. It's the owner not being able to work out how to do it. Forgetting or not knowing they needed to do it. And/or not being contactable.
So these recyclers have records so thorough they're completely sure these laptops aren't stolen, and yet so incomplete they can't contact the owners at all?
Even when hundreds of dollars is at stake, which could surely pay for a few hours of phone calls walking people through the unlock procedure?
If you believe that, I've got a bridge to sell you.
Why is the burden of proof on the resellers to show that the devices have not been stolen? Imagine if any other product worked this way. Trying to sell a classic guitar? Can't show a paper trail proving continuous legal ownership back to the manufacturer? The cops show up and throw it on a bonfire. Now imagine that it's not even the cops, but private security hired by the manufacturer, following nothing more than the manufacturer's own policy. Oh, and the manufacturer naturally has all the paperwork of all the past owners - they made sure of that with this policy - but they won't bother to check it. Nope. Straight on the bonfire.
Who said anything about businesses? Hugh swathes of the used tech market are peer to peer sales on craigslist, facebook market, the literal village noticeboard, etc.
The original story is about large scale recyclers complaining about bulk bricked machines. If you buy a used MacBook on Craigslist then it’s on you to make sure the seller properly transfers ownership to you. Same as buying a house or a car. Buyer beware!
The difference here is that if this doesn't happen properly for some reason then the device is permanently bricked and must be scrapped. That doesn't happen with houses or cars, and it's incredibly wasteful.
What if the previous owner lost their account, is not reachable, or died?
Ideally you should be able to take such a locked device to some official place, like a town hall, and they should be able to look up the previous owner. If they are deceased or they confirm that they no longer want the device, then after checking IDs and so on that office should be able to start the process to unlock the device. (That same department could give you recourse if your house burns down and you loose all your digital accounts, or you are locked out of Google unfairly.) Our civil institutions have not really kept up with technology here.
Edit: Of course I wouldn't give government the capability to decrypt anybodys device or something! Just have an organisation that's purpose is to clarify ownership, and wipe and reuse devices so they don't end up as in a landfill. I don't really trust the vendor alone to optimize for reusing used devices.
No, this shouldn’t be the case at all. Set this up with your family members if you want this to happen when you die. Give them your 1Password login and recovery keys or something.
I do not want anyone, least of all city hall to be able to unlock my stuff under any circumstance, including the one where I’m dead.
We already have something similar with bicycle registrations, and of course with cars (titles).
There should be a big cerimonial thing where I go to a place with a sworn in official, show my ID, and say "I hereby lock down this device for all time with the power of cryptography" so that nobody can use it as long as I'm considered the legitimate owner.
OK I'm exaggerating. But the problem is real. If you buy a second hand device this can happen, or if you have a company and a previous employee doesn't unlock it for some reason. Yeah, ideally you should have documentation of an unbroken chain of ownership and should be able to go to Apple. But in reality that doesn't happen, and I think Apple isn't the best custodian for this. They don't have an incentive to reduce the number of thrown away producs. (To be clear, I wouldn't trust current governments either! But conceptually, this function belongs in the civil area and not in private hand.)
If you buy a second hand device and this happens you bring it back to whom you bought it from and ask it to be unlocked or your money back. Same as if it does just not turn on.
> if you have a company and a previous employee doesn't unlock it for some reason
You put it into the offboarding process to check this. If it is missed or can’t be done for some reason you take it to Apple with proof of purchase and they unlock it for you.
> But in reality that doesn't happen
Yeah. Like for example you fenced a laptop from a shady guy.
> I do not want anyone, least of all city hall to be able to unlock my stuff under any circumstance, including the one where I’m dead.
Why do you think anyone here is talking about decrypting your data? What's being discussed is wiping the devices and making them usable by someone else.
Because GP uses “unlock your device” (ambiguous) immediately adjacent to “also unlock your accounts on other services” (unambiguously about accessing your data).
I have no intention of trusting our civil institutions with access to my private data. In fact, as a citizen of the United States I would like to see the Fourth Amendment of the Constitution more widely held to prohibit our civil institutions from having access to my private data. I do not believe that I am secure in my papers and effects from unreasonable searches and seizures if our civil institutions have the power to lock or unlock my devices and accounts.
If you support either popular option for political parties in the United States, you're already trusting them with access to various parts of your private data. That is simply unavoidable in the modern world, unless you never use anything but cash, never connect to the internet other than through Tails on a burner PC, and never make use of any government services whatsoever. Paying taxes? They've got your info. Got a drivers license? They've got your info.
If you don't think both the Democrats and Republicans would love nothing more than a few easily-squeezable companies being the clearinghouse for everyone's data, then you're exhibiting some quite hard cognitive dissonance. There are already companies in existence with the sole focus being to funnel your data to anyone who asks, including the government.
That’s not what’s being proposed at all: Apple clearing the activation lock doesn’t give you the previous owner’s encryption key. It does let you wipe it and generate your own key.
The GP also specifically proposes some institution which can grant you access to your Google account if you are locked out "unfairly." Besides the weasel word "unfairly," that means the government gets to determine who can access your Google account. Adding in "unfairly" implies that your access to digital accounts depends on a politician's notion of what it means to "fairly" lock you out of an account, and I guarantee you that, in the fullness of time, that will come to include political dissidence.
> that means the government gets to determine who can access your Google account
This is already the case legally: if you lose a court case, Google will follow a legal order to turn something over to the winner. If you're suspected of some kind of crime, Google will follow a legal order granting the relevant authorities access to something like your Gmail messages.
It's also important to remember that this is a real problem affecting a lot of people: ask anyone who deals with the larger public and you'll hear that it's not uncommon for people to change email addresses after getting locked out of their old one, and that problem disproportionately affects certain groups of people (e.g. the elderly).
What would make sense in this regard is something similar to what Apple does where you can optionally set up a legacy contact who is allowed to initiate a password reset, presumably with time delays and notifications (“your password will be reset in 3 days unless you deny this request”). Imagine an option where you could do something like go to the local public library, DMV, police station, notary, etc. and they could basically login to a special Google form to attest that they did a full photo ID validation to confirm that your ID matched the ID registered to an account. That would be useful for thousands of people and if you made it optional, people who are especially worried about their government could choose not to enable it.
Because delegating it to the manufacturer produces a conflict of interest (said manufacturer can't be bothered to unlock a device which is legally yours, prefers to sell a new one). Registering possessions (house, land, cars etc) is already a task of the state so it would fit there.
> Ideally you should be able to take such a locked device to some official place, like a town hall, and they should be able to look up the previous owner.
Local governments struggle to provide basic services like roads, emergency services, and utilities. Offering a product registration service for Apple devices is so low on anyone's priorities that it might as well be in a different universe.
To be honest, I really like that policy: a software developer using a machine which is a couple of years old isn’t going to be as cavalier about performance and the hardware engineers would get a good idea about durability issues.
> Which is a pretty bad program, reusing is always better than recycling. Apple will just scrap it into basic elements: metals, maybe lithium.
They have a refurbished program so they definitely don't just scrap devices you trade in. Maybe they even scrap some devices for parts. In the server space this is normal. HP would regularly send us refurbished replacement parts for repairs (this is also one of the reason why they want the replaced parts back).
Louis Rossman built a business/cult around criticising everything Apple does for exposure and is not a credible source of unbiased information about Apple's policies.
> Apple rejects current industry best practices by forcing the recyclers it works with to shred iPhones and MacBooks so they cannot be repaired or reused—instead, they are turned into tiny shards of metal and glass.
Yeah I never argued that they don’t shred some of the devices. They probably refurbish part of the returns, take parts they need and shred the rest.
This is also what’s written on the agreement in the screenshot of this article but they don’t mention it in the article.
I don’t live in the US but in Switzerland you have to get the customers approval to refurbish and sell hardware that you take back from customers. This is probably similar in the US.
The thing is that the ones who steal are going to steal them anyway, even with the locks and sell them for parts. It won't really prevent theft but would only increase ewaste.
They don’t, though. As cited in the last discussion about this, the theft rate for Apple devices is much lower than ones which are usable by criminals.
The interesting part about all of this to me is that this has been no-win for Apple.
When they didn't have measures like this on the iPhone and Mac, they were lambasted by local police and DAs for not doing anything about theft.
Now they have it, and it's causing otherwise useful devices to be rendered useless. There's going to have to be a very finely-crafted compromise to be usable, enable reselling when the original owner has forgotten or is unable to do things, and prevents theft. They've made some strides towards this but cases where MDM devices are liquidated but not de-enrolled are still problematic.
I still remember the NPR interviews with SF police, district attorneys, etc.
It was a massive campaign by New York City, SF, and other officials in the media to say Apple was not doing enough about theft and it was causing petty and violent crime.
When I worked at Apple, I had used an iPad for testing. I ended up also creating an icloud test-account for it. Some year or so later I got an email from another employee within Apple (who now had the device) asking that I sign out of the device so they could wipe it. Wow, I couldn't remember my iCloud test-account password. I was surprised there wasn't some low-level way to just wipe the device. (I did eventually guess the account password.)
You can always wipe via putting it in restore mode, but if it's activation locked, you won't be able to get past setup unless you have the password. This prevents theft even if the thief knows how to hold the buttons in the right order to restore the device to factory settings.
Yeah, I assumed there was a restore mode. But honestly, it changes so much from generation to generation that I have stopped trying to keep track of what you can/can't do with iHardware.
Recovery mode is still relatively easy, it's DFU mode that has been vastly complicated. It seems the timing has to be just right since it took me about 30 minutes of trying to get my 12 in DFU mode due to something that wasn't going away from a regular recovery mode ipsw restore.
The original vice article had a key fact that is missing from the macworld article.
The issue is the laptops are received by recyclers in an ill-gotten manner.
Companies were sending thousands of laptops to be destroyed and instead the ended up in recyclers who are attempting to wipe and then resell them, which is why recyclers could not get the original legal owners to remove the activation lock.
If the recycler had an agreement to wipe and reuse the machines, and the activation lock prevented it, then those thousands of machines should be shipped back to the company to dispose of, along with a bill for the shipping cost, and time.
The original Vice article[1] makes no such claim. I'm assuming you drew that conclusion from the following quote:
> Often the previous owners are corporations or schools who buy and sell the machines in bulk and aren't interested in helping recyclers or refurbishers unlock them. "Previous owners do not return phone calls, and large corporations that dump 3000 machines assume they have been destroyed, so it is critical we have a solution that does not depend on the previous owner approving,” Bumstead said.
But if you check his website[1], the terms of sale make it clear that devices are intended for resale:
> Although RDKL, Inc., always attempts to erase hard drives and remove personal data before a device is sold to another party, RDKL, Inc., cannot guarantee that all traces of the seller's identity have been permanently removed, and it is therefore the seller's responsibility to remove personal data from a device before selling it to RDKL, Inc.
Why would he pay for devices that he would be contractually obligated to destroy, at his own expense?
Yes, I inferred that by having machines that were thought to be destroyed, the PC refurbisher got them in violation of an agreement.
> Why would he pay for devices that he would be contractually obligated to destroy, at his own expense?
That assumes RDKL was the original service provider chosen to destroy the macbooks; it's also probable that RDKL purchased those dumped machines from another service provider, the latter collecting not only the fee to destroy the machine but revenue for reselling usable machines.
Sounds like they are using the concern for recycling to mask their frustration with Apple's Activation Lock making stolen goods worthless. If they obtained the laptops legitimately, they would have known better to remove the devices from user's accounts before accepting them.
Regarding Find My Mac and the various locks that can cause. Does anyone have advice on a business case for this? I'm planning on switching our staff over to MacBooks this year and would love to understand the pros and cons of users using their own Apple ID versus a company provided one. We work remotely, so that could possibly complicate things. The last thing I need is a former staff member setting up Find My Mac and locking it to their Apple ID then leaving the company.
Another approach is to just let employees keep or buy out their laptop when they leave as a benefit. The cost of a MacBook isn't that huge relative to a tech salary.
Data privacy and security policies can’t let ex-employees just walk off with devices containing company data.
A neat feature Apple could maybe add is the ability for the user to have their device wiped in a way that generates a suitable certificate of destruction.
MDM allows you to remotely wipe laptop and you get confirmation that laptop was wiped. If you are a business with more than 2 people and provide laptops to employees, not enabling MDM is just negligence. Lots of inexpensive MDM services for all sizes of businesses.
In this case we're a non-profit funded by grant dollars. So, we're spending a good chunk of cash on hardware relative to what many do primarily because I want quality products for our staff and I'd like it to be reliable and secure. I don't think buying it out will be a possibility, but perhaps. Always a discussion. We would definitely need to find a way to validate wiping the device though. Nothing we have is... that sensitive but I'd like to make sure they aren't walking away with user data.
I assumed MDM might do something here but wasn't 100% positive.
This is one of the reasons we've switched over to an MDM solution. If you set it up correctly, the MDM can unlock the Mac, regardless of the apple ID used.
We use macs at my job, there is MDM software available. It's clearly tagged with a sticker on the back, which I assume goes back to some entry in the MDM software, and even though I use a personal Apple ID (I created a new one for this purpose but same end effect) I have no doubt they could press a button to brick the machine until it makes its way back to them if they really had to.
Awesome, that is probably the direction I need to head then. I have another company doing the general infrastructure, but I get to be the one deciding the rules. Trying to find the right balance between giving people a little freedom but not so much they hang me, or the company.
Where I live, e-waste recycling is very (over)regulated, so I can see a way out of this problem that doesn't take away from the unprofitability of stealing Apple devices. If Apple allows officially-registered e-waste recyclers (which can't pay more than scrap value for devices) to send unlock requests, they can then sell them on, but thieves won't get anything out of it, barring some grand e-waste conspiracy.
I personally don't like this system, I don't want any third party to have this kind of control over my device, but I have to admit that it's a system that works today and does its job, and with one small-ish tweak it could be even better.
> but thieves won't get anything out of it, barring some grand e-waste conspiracy.
A conspiracy isn't required for this to increase theft. Recyclers could start advertising maybe $50-100 per Macbook if they can guarantee they'll be able to sell each mac people bring in. Next thing you know, people start stealing more of them since there's now a middleman that pays out enough per device and doesn't ask questions like "did you steal these" or "why are all of the Apple IDs different". The only way this would work is if the program had the e-waste centers submit a photo ID of the person that brought the product to match against the current Apple ID name and address.
That's true, but if e-waste recycling is regulated (by the government or a private entity) so that the recyclers can't pay more than scrap value, that would require a conspiracy of the recycler and a third party.
I found a pair of AirPods a while back and wanted to return them to their owner. They must be associated with an Apple ID, so I reached out to Apple and asked if they’d help me get in touch. They said no, and advised me to file a police report.
I wonder why they have this policy? They have all the necessary information to facilitate a conversation. Heck, with services like Hide My Email, they could even keep the identities of each party private.
Is it hard to imagine the thief themselves using this to extort someone if they want their airpods back, or use that contact info to phish the owner for their Apple ID password?
Last time I bought an used Apple device i checked icloud/activation lock with the seller before paying for it. Guess that's what the resellers should do as well. If it's done remotely, just pay after verifying or refuse to buy.
Of course that cuts into their profit margins but it's not like used Apple thingies are particularly cheap...
Activation lock can be disabled with find my on another device sharing the iCloud account, can’t it? So are these repair shops not even calling old trade in contacts to request removing the device? Because it’s stolen or something?
>which means that the second owner needs to be able to work with the original owner to get the request fulfilled. In some instances, that’s difficult or impossible to do.
Good. Let’s not pretend that theft isn’t a problem.
This is also institutions using them wrong. You're supposed to enroll these things into DEP, which is annoying to shut up (boot into recovery, enable rw on system partition, block deviceenrollment.apple.com via hosts, turn system integrity back on), but at worst the user will be asked to enroll their device every 4 hours.
I just bought a second hand Mac which is due to arrive and am worried about this.
If I set up the device with my Apple ID and enable Find My, is there any way for the original owner to lock me out afterwards even after I’ve associated the device with my own Apple ID?
No surprise to see the majority on this website defending Apple's production of massive amounts of e-waste for the sake of "security and privacy" because that's that the marketing tells them and they don't actually understand the topic at all.
Less security (a small-time attacker isn't going to break the encryption) and more reduction/prevention of theft. These Macs end up in recycling centers because thieves know they'll get banned/a strike from eBay if they sell an activation locked device to a customer and that customer complains to the site, so the recycling centers end up being the ones trying to resell/reuse the devices only when most of the ones they get are from thieves (or, as it turns out, IT departments that don't disassociate MDM).
It's not "massive amounts of e-waste". There are a couple cases to consider.
1. Individual sales of used devices to individual buyers.
You only get e-waste in this case if (a) the seller doesn't realize they need to unlock the device first, and (b) they buyer doesn't realize that the device needs to be unlocked by the seller, and (c) once the buyer receives the device and notices it needs to be unlocked (which they will notice the first time they try to use it) the buyer cannot make an arrangement with the seller to unlock it.
This should be very rare, because even if the seller doesn't realize the device is locked they are probably going to realize that they have plenty of personal data on it they need to erase first, and are going to Google something like "wipe Mac before selling" or "erase Mac before selling" and the first result is going to be Apple's "What to do before you sell, give away, or trade in your Mac" article.
2. Sales to entities that deal in used computers.
Similar analysis to #1, except in this case the buyer definitely should know about how locking works and the need to ensure that the seller unlocks it. If the seller cannot ensure it is unlocked the buyer should offer a lot less money.
The difference in value between an unlocked device and a locked one is large, so the seller should be willing to unlock it.
We should then only get e-waste in the case where the seller cannot unlock it.
If the seller cannot unlock it because they legitimately owned it but somehow forgot the necessary credentials, they can get Apple to unlock it if they can show Apple proof of legitimate ownership. Corporate sellers tend to keep purchase records for these kind of things so this should be no problem. Individual owners often don't keep such records, but the number of individuals selling used Apple devices who have forgotten their credentials is very likely quite low.
As others pointed out, most likely stolen, although one legitimate case would be computers from a bankruptcy where the IT department was laid off and did not wipe the machines.
It would be good for Apple to have a bounty program to take the machines back and reunite them with the owner, possibly paying a reward to the finder. If the finder is the thief, they'd be taking a big risk of being fingered and arrested.
I saw someone on Tiktok complaining about this and they said that the laptops came from a company.
But the iCloud lock very clearly showed an @outlook.com email address, which would be absolutely bizarre for a company that's recycling a bundle of 50 or so laptops.
You'd be surprised at the amount of companies that cheap out on MDM solutions - it's easier to keep track of a bunch of outlook icloud accounts than it is to get a mac and set up MDM to some companies.
Not saying it's right, but it's been done before - likely because you have an IT department that's exclusively Windows-based and you have a creative department that wants all Apple products... Either ignorance, cheapness, or unwillingness to learn.
Previous discussion (original Vice article, referenced within this one):
https://news.ycombinator.com/item?id=34504752 2 days ago, 410 comments
https://appleinsider.com/articles/23/01/24/right-to-repair-a...
> However, he neglects to mention that Apple already has a process to do this for legally-obtained products.
> The process is very simple. If a user has purchased an Apple product through means that will produce a receipt, like through eBay, users can request Activation Lock to be removed. All the user has to do is navigate to Apple Support and provide a receipt as proof.
> The problem Bumstead is likely running into is MDM or mobile device management. Apple will not unlock products that were previously part of an MDM system that's still attached.
So devices sent to a recycling center to be destroyed are being picked up and resold. So this whole thing seems like a non issue.
EDIT: I AM NOT COMPLAINING ABOUT THIS.
I'm responding to parent saying it's not an actual problem:
> So this whole thing seems like a non issue.
...
Apple doesn't seem able to "produce a receipt" if you purchased the MacBook with cash or a discontinued credit card in their store.
I have a lovely pristine 2019 MacBook Pro 16" that I put firmware password on before crossing international borders, before pandemic. The Ventura update broke boot. I have to boot to recovery partition, but cannot. No idea what "this is obvious" firmware pass I came up with.
THIS IS MY FAULT. But a surprisingly expensive fault…
I have the original welcome to new Mac on your Apple ID email a couple days after purchase, the Mac is active in my Find My, the Mac is under AppleCare to me which I have. Apple will not unlock it without receipt, which I do not have, and, no longer having an account with that card provider, cannot produce.
This 2019 MacBook Pro sells used for $4,689 from Apple today:
https://www.apple.com/shop/product/G14X6LL/A/refurbished-16-...
So for me, it's an issue.
// At the same time, this is a reason we provide MacBook Pros to employees: we can take comfort losing one in NYC or Mumbai probably isn't going to compromise company data. This is worth the cost to me personally, and makes me an advocate of Apple's security work.
They ask you for an email address when you buy a high ticket price product (which, let's face it, is basically all products).
I understand you're upset, but sadly I have to say to you that this is working as intended.
1) You bought a machine and can't prove it.
2) You enabled authentication which you lost
3) You also lost your backup to the account
How can they help you? How can anyone help you?
You've made it nearly impossible to distinguish yourself from a thief or random stranger.
> How can they help you? How can anyone help you?
Well, that's the fundamental problem. With open hardware that you fully and completely own when you buy it, such problems are impossible.
The move towards hardware (mostly by Apple but not unique to them) that remains firmly in control of the vendor even after you buy it... is not a good one. It means your ownership is relatively ephemeral, any wrong move (or bug) and it's no longer yours to use.
Not a world I want to live in.
As noted in the article, this is more-or-less an issue with corporate/biz MDM solutions.
A corporation buying hardware from another corporation. The “user” here is and was never in control of the hardware. The only human beings close to that role are the IT department.
Like it or not there are legitimate reasons corps do this. HIPAA, SOC, PCI, good old fashioned responsibility, etc. Apple isn’t the only vendor that sells systems and hardware locked in this fashion.
The reason we’re talking about this and not anyone else:
1) Apple is one of the world’a most valuable companies.
2) There is a tiny but very loud minority of people who have a seething, irrational hatred of them and cannot ever acknowledge anything positive about them.
3) Their solution for this is actually implemented well and can’t be bypassed.
I understand your point but we’ve gotten here for valid reasons - “XYZ employee gets laptop with 100m SSNs stolen”, etc.
Speaking more broadly, you are aware that with Apple Silicon they had a massive opportunity to do as you say and “own” user hardware, right? It would have been trivial for them to utilize all of this to prevent alternate OS installation. Even if they did lock out alternate OS installation they’d lose what, 0.5% of sales from the people ranting about Apple on HN that were never really going to buy Apple anyway?
Yet here we are with Asahi Linux.
> I understand your point but we’ve gotten here for valid reasons - “XYZ employee gets laptop with 100m SSNs stolen”, etc.
That's not the reason you're prevented from resetting the laptop.
> With open hardware that you fully and completely own when you buy it, such problems are impossible.
I don’t understand. If you have open hardware that you have full control over, choose to lock it down to make it impossible to factory reset the device without a password, and then forget that password, how does having open hardware help?
If you say “there always should be a way to factory reset the device without a password” you are giving up a feature that Apple provides: making it less worthwhile to steal Apple devices.
> Well, that's the fundamental problem.
A better problem, some may say, than having a thriving market for stolen laptops.
> Not a world I want to live in.
But a world many may prefer to the world with a thriving market for stolen laptops.
While unfortunate for any affected individuals, still IMHO a much smaller problem than a few companies have basically full control over all computers people use.
That's much more dangerous for the society than a few thieves making a buck.
Are you not free to simply not use find my/activation lock?
I haven’t used Asahi yet but the way I understand it you can install Asahi right away and the hardware is forever yours to control.
And if you are worried about Apple one day remotely adding a lock to your Asahi laptop you can probably block those requests proactively on a network level anyways
I tend to agree, but that's not really one of the options on the table for this particular discussion.
[flagged]
Too true, as evidenced by the comments in this thread. I fear for open computing and software based on what im seeing here.
“If you don’t know the credentials to reuse it, it’s bricked” is a valid choice whether the hardware is open source or not.
Yubikey equivalents that are fully open source still have to be shredded rather than recycled, if properly secured. Open computing isn’t incompatible with secure computing — but secure computing is absolutely incompatible with reusable computing.
I have nothing against reusable computing, but I’m tired of seeing “open” and “right to repair” erroneously held up as meaningful solutions to reusable–repurposeable computing. Focusing on the core issue at hand – that you feel we should have the right to repurpose hardware in our possession without impediment – would go a long ways towards starting the correct and necessary conversations about “security” and “anti-theft” that, today, will simply not happen productively under the open/repair banners that the reuse/repurpose movement is trying to ride under.
> Open computing isn’t incompatible with secure computing — but secure computing is absolutely incompatible with reusable computing.
Is the first part even true? It does seem to me that there are a class of tasks, the most obvious being competitive video games, that do require that the user not have complete control over the hardware and software they're using.
It is absolutely possible to fully implement an open source hardware stack that builds up from an HSM secure store into a UEFI secure boot chained ti a signed, reproducible-buildable Linux kernel that can launch signed, reproducible-buildable applications and attest, with cryptographic signatures chaining from the hardware HSM clear to the kernel to the application. This is wildly unpalatable, but it’s already fully implemented and available on macOS and enterprise Windows 10+ today. (Seriously: Safari can, on stock macOS, attest to a website that you’re booted securely into an unmodified Apple kernel and OS, so long as your motherboard has the HSM boot chip.)
Whether this system is implemented as closed source or as open source is wholly irrelevant to secure attestation, which could be done exactly as it is today even if the complete source code were available. The difficulty is that, for anti-cheat, someone other than the user must have signed the key inside the HSM, or else it can’t be trusted to be unmodified.
This is why Secure Boot with Attestation, and the entire objection to Microsoft Proton, turns out to be about repurposeability — people want the right to repurpose hardware without a third-party services, such as anti-cheating checks, being able to exclude them based on their modifications. That’s not about open source at all. That debate is not about open source, and with the advent of widespread secure attestation computing, it’s overdue for serious conversations.
> people want the right to repurpose hardware without a third-party services
Is that wrong?
Third-party services are temporary. Hardware lasts forever. If hardware attestation comes at the cost of ephemerally-usable hardware, it's not worth it. It's certainly not worth forcing it onto devices that would otherwise be usable, but instead become landfill because their previous IT team went insolvent.
People can (and should) get mad at this, and doing so with the Open Source community is not a mistake. Open Source represents leverage (AKA "Freedom") against corporations that would otherwise harm you for profit. You can excuse this behavior with all sorts of DRM and anticheat, but you'll never win until the kernel stops processing digital input and output. It's a snipe chase, and it's not worth pretending it's not a power grab.
Whether repurposeability should take precedence over secure attestation and antitheft is the correct question here. I’m glad to see you’re considering this in those terms now. I hope others do too.
Note, however, that as Apple takes back all products they’ve ever produced for electronics recycling, in each case where an Apple product does reach a landfill, that could have been avoided. If, as in your example, an IT department refuses to recycle Apple electronics responsibly, then that’s not sufficient to declare repurposeability a landfill-prevention measure. So I worry greatly when I see such arguments refer to Apple and landfills, because they’re easily undercut, and that’s then used as an excuse to ignore the repurposeability debate I that I consider most important here.
Your repurposability debate is right to be ignored. Apple does not deserve the ultimate authority on device usability; case closed. If you want further deliberation, watch European regulators do battle with Apple's copywriters. Either way you cut it, this fantasy of Apple products being "built different" doesn't make sense on an international scale.
People want to hold Apple (the world's richest company) accountable. Why shouldn't they?
I’d absolutely like this to be decided at a regulatory level one way or another, and I support Apple being compelled to adhere to whatever outcomes occur from that.
Using this “Apple products in landfill” sensational headline to make the regulatory case is easily defeated by Apple PR, however, so find an argument that holds more water. For example: what’s the recycling story for Microsoft, Samsung, Google, and Lenovo handheld and laptop products? Do they all take back any of their mobile computing products for recycling? If not, using whichever of them refuse to recycle as an example will go a lot further towards making a case for regulation than using the one of them that takes back absolutely everything.
Then isn’t the HSM just the part of your hardware that you don’t control? Isn’t that the complaint?
You would still absolutely control the HSM, in this example, and whether you installed an HSM provided by a third-party or your own would be entirely your choice. It’s just another open source hardware component. Microsoft could release the source code to the Pluton HSM and it would still be just as effective at secure attestation.
If you want Microsoft’s online gaming services to trust your computing environment in ranked competitive play, then you may find that booting with a self-signed certificate in your HSM isn’t sufficient for them to allow you into ranked play; they might choose to require a Pluton HSM. That has nothing to do with “open source”, though; the signing keys stored in an HSM’s secure vault are not part of its schematic or software source code, any more than the SSL certificate for a Wordpress blog hosted on Linux is part of the Wordpress or Linux source code.
> A better problem, some may say, than having a thriving market for stolen laptops.
Some may say that, because having their laptop stolen is a problem they actually experienced. Having your device remain owned by a vendor, who only "licenses" it for you to use opens up a whole new world of problems, some of which average person can't even imagine.
And yet “average” people buy and sell MacBooks every day without imagining, let alone experiencing those problems.
It is only thieves and ideologues who actually experience any difficulty. And while I’m all for righteous purity, I am also happy knowing that the thief who stole my MacBook from Spaces coworking in San Jose (do not ever use Spaces!) will get nothing for the risk they took, and/or that a buyer taking a too good to be true deal will get a brick.
Yes, I like this world better than the free-open-insecure alternative.
> And while I’m all for righteous purity, I am also happy knowing that the thief who stole my MacBook from Spaces coworking in San Jose (do not ever use Spaces!) will get nothing for the risk they took, and/or that a buyer taking a too good to be true deal will get a brick.
That might be a minor consolation, but the bigger point is that this will (hopefully) significantly disrupt the market for shady used MacBook sales and thus the incentive to target MacBooks for theft.
There is n=1 up there that someone is not stealing his laptop. He just forgot his firmware password. His Find My account still showing the device, but Apple doesn’t want to unlock it because he lost his receipt.
Sure. And that sucks. But do is it worth incentivizing the theft of n = many laptops?
This is the government encryption backdoor all over again. There is no such thing as a security backdoor that can be used only by good guys. If Apple can’t determine someone is the legitimate owner of a locked device, they have two choices: allow thieves to unlock devices, resulting in more theft. Or decline to unlock for some legitimate owners who chose to lock their device and not take precautions.
It’s a tough choice, but I think Apple is making the right one here. You may disagree, and that’s fine.
It's unfortunate, for sure, but the warnings are abundant; in not so many words don't forget these passwords or the consequences will be dire. Losing receipts for big ticket items is, I'm afraid to say, irresponsible. File the hard copy, or scan and save in multiple secure locations. The burden of proof of ownership is on the owner, it cannot be any other way. Heck, I'm sure a credit card receipt would do. Find it on a bank statement and go to small claims in the worst case.
Ok, so what is the metric Apple should use for deciding whether someone has lost their password or someone has stolen a laptop?
Or should Apple just remove the activation lock feature, that was added specifically in response to large amounts of theft because we don’t think those thefts are going to happen any more?
If you own a car and by some bizarre sequence of events all evidence that you own it has vanished, and then you lock yourself out, you might have a hard time getting a locksmith to unlock it for you. Police might even get upset if they see you trying to break into it! This doesn't seem very relevant to whether or not you "own" the car or "only license it." Granted, there is probably some "last resort" where you go to a judge or something, but I bet if you got an order from a judge for Apple to unlock your laptop they would do it!
In my experience, and FWIW, locksmiths do not bother asking for ID when defeating the lock on your car or house.
I had to present ID when a locksmith drilled my lock in Sweden.
He took down the details of it.
> Having your device remain owned by a vendor, who only "licenses" it for you to use opens up a whole new world of problems, some of which average person can't even imagine.
Actually, everyone experiences this right now. Macbooks are working like this. And 99% of people are fine with it. We don't have to imagine anything
> Actually, everyone experiences this right now.
That's not true. I think you're saying that Mac users are already today in an ecosystem where this could bite them hard, that much is true. But nobody gives it any thought until they personally find their multi-thousand dollar device useless and Apple refuses to help even though they totally could if they cared. Only then do they realize what a terrible situation it is.
Isn’t that quite a slippery slope to call it licensing?
> With open hardware that you fully and completely own when you buy it
Unless you lose the password to unlock the BIOS.
Which is not resettable via the (now very old) method of removing the CMOS battery or shorting a jumper on the motherboard for at least a decade.
(I had this issue on a HP Elitebook 8440p from 2011)
> With open hardware that you fully and completely own when you buy it, such problems are impossible.
I don't see why, in principle, you couldn't have open hardware that provided the same capability to brick the device for unauthorised users. In which case you would be just as SOL if you forgot the credentials to that, too.
Open hardware doesn’t change this at all.
Either you have an activation lock like feature or you do not.
If your hardware has a path that allows a random person to circumvent it, then by definition it does not have an activation lock.
This isn’t an open vs closed hardware question. This “does this feature exist”, and your argument is that it should not. This is spite of the fact that activation lock was a feature introduced specifically in response to high rates of theft, and its introduction immediately reducing that theft.
Activation lock is a feature that people want, but again activation lock is either there or it is not. If your “open” hardware includes a mechanism that bypasses an ownership lock then by definition the lock is not a functional if feature.
A company can make an open laptop that has an activation system that requires an authentication in or to do a full device reset, or to replace the firmware. But if that lock is in place, it can’t let you flash a new firmware on or reset it, because again that defeats the purpose.
The main corrolarry is your user account.
One could convincingly argue that dead accounts are e-waste.
The main reason I guess we don't say that is because we have expiration policies.
But if you lose access to your, say, facebook account with 100GiB of uploaded content, then that content is going to be sitting consuming at least 300GiB of media (replication, backups etc;).
Thus: is that a problem?
I see a device like this as an extension of my self, having it "open for all" is not desirable; I want to knowingly give it to someone.
If someone takes it, or I do not unlock it, then I don't want the possibility for it to unlock. I paid for it, it's mine, in perpetuity until I say otherwise, even if I'm dead: since as I mentioned it's an extension of me... it is dead too.
> I paid for it, it's mine
Funny misconception, that. You paid for it, but Apple controls it. You trust Apple to do the right thing, but you cannot prove that they do. You cannot hold them accountable for doing the right thing, either.
So, how can you trust it as an extension of your self? I understand your argument, but you've based it on a misconception if you think you're the ultimate user with the greatest authority over your device. Apple makes the rules, the only thing you do as a user is agree to play by them.
No, the great thing is that even apple can’t do everything with your device! If it’s encrypted they (presumably) can’t access that data at all.
Unlocking a device by apple has no bad incentives associated, at the very worst case someone else can use your owned device without access to any of your data, aka stealing. And that assumes that apple will corruptly open it for someone else which they have zero interest in and that just accounts for regular old stealing with a billion dollar company’s help?
> If it’s encrypted they (presumably) can’t access that data at all.
We just have to trust their implementation, which is conveniently proprietary and unaccountable.
> And that assumes that apple will corruptly open it for someone else which they have zero interest in
Are you sure about that? They very publicly gave the Chinese government control over Chinese iCloud data a few years ago. That, and they've been part of PRISM for the better half of a decade now. When a company has a working relationship with multiple sovereign governments, I'm not sure you can strongman the "Apple will save us" argument.
This is also a problem with Google, Microsoft, Amazon, 95% of cell carriers, most cable companies and your laptop manufacturer (regardless of company). Apple knows you feel insecure about this, so they market their products/services to you with this in mind. News flash: does anyone really think the largest company in America (let alone the world) isn't in kahoots with the American government? Microsoft was. Google was. IBM was. And Apple is bigger than them all.
Encryption is great. Mixing it with snake oil isn't. People are correct to call out Apple's failures to protect their users in this conversation, because their track record isn't very benevolent.
> We just have to trust their implementation, which is conveniently proprietary and unaccountable.
I also have to trust Debian, as I can’t audit millions of lines of code.
You really have no choice but to trust your OS vendor. If you don’t, find another vendor.
That's where the transparency part comes in. Nobody reads every line of code, but feasibly anyone could read any part of it. Patches are examined as they roll in. Really the software distribution model is no different than trusting your apps to auto-update properly.
Apple doesn't have accountability. It's not that nobody wants to prove them right, it's that their system has been deliberately designed so that no one can.
Does it really matter that you can read any line if you can’t verify whether the binary you download is truly made from said sources? There is always some trust at some level, whether it is some debian server or apple is just another question.
It only bothers me when the publisher-in-question is a cardholding member of PRISM, without two cents of developer goodwill to their name. I'm normally more generous with small-timers, but try to stick to OSS all the same.
you really think apple doesnt have a way to completely wipe your device without your permission?
At the same time, it hardly disincentivizes thief from laying their hands on apple devices. With that in mind I’m not sure whether this is not a worthy tradeoff.
I'm not upset.
I can prove it to a remarkable degree with the welcome email 3 days after this model was launched.
I didn't lose backup to account. I'd already migrated to the latest M1 MacBook, and my account is fine.
There's appears to me to be no backup to the firmware lock, there is a backup to FileVault, I have file vault.
I get it and am not complaining. But person above me said it wasn't a real problem.
My point is, it can be a $4500 problem for a legitimate purchaser.
Can you sell it to a friend, give him a legitimate receipt (from you) and have him go to Apple? (seems like a hack, but it checks the ownership box for your friend)
This is a good advice to try. Ask someone to buy it from your eBay list. Using that receipt ask Apple to unlock the laptop.
It would seem nearly bonkers that this would work though.
Maybe try and take Apple to small claims court for not honoring the warranty?
Activation Lock creates undue friction during the ownership transfer.
This kind of security should be tied to something like removable storage device where the users data is stored, not the main device itself. That way when the owner dies or loses acess then said owner only loses acess to the data and not the entire device.
IMHO this is Apple trying to force people to purchase new devices and prevent reuse. It doesn't matter what is intended on the surface, but what the actual outcome is. This causes more waste and it's not helpful to the environment. If you are serious about protecting user data tie it to hardware security that can be decoupled from the device itself.
I'm in the business of repairing computers.Apple is setting bad precedence on multiple fronts, More than any other company in existence.
> IMHO this is Apple trying to force people to purchase new devices and prevent reuse.
Assuming you know your Apple ID password, disabling Activation Lock takes less than 30 seconds. You can even do it remotely via Find My on the web.
It hasn't exactly curtailed the legitimate iPhone resale market in the ~seven years that it's been on by default, either, though it did produce a dramatic drop in people getting their phone snatched from their pocket[1].
1. https://techcrunch.com/2015/02/11/apples-activation-lock-lea...
Removing it from FindMy definitely doesn't solve firmware.
I wouldn’t expect it to, since Activation Lock is tied to an Apple ID and the firmware password is local.
The number of people who manually set firmware passwords on their Mac (i.e. don’t have it set as the result of MDM) instead of just using FileVault these days must be vanishingly small.
Just an idea, but, I remember something about T2 macs, and the find my integration and if you put the device into “lost mode” on the web, it sets a (numeric) firmware password as part of the ‘mark as lost’ process.
I think that overrides any user set firmware password, so might allow you to recover it,
Just a thought maybe a little searching can validate it before you might try?
That defeats the entire purpose of the feature. I want my computer to be unusable if stolen.
It's my understanding that the purpose is to protect data. It has a secondary effect of preventing use of the device. The goal of reuse and preventing device use are incompatible.
Activation Lock started on iPhones and the purpose was to discourage theft, as people were having them ripped out of their hands and then sold on.
Everyone supports the concept of reuse.
But most of us don't want to extend the courtesy to petty criminals.
I think this is shortsighted. Criminals might be the target of this policy today, but when these machines are no longer current, the owners of the machines might no longer know or care where the device is, and they will still be unusable. This to me is unacceptable.
So how many thefts, home break-ins, violent assaults etc should we tolerate so that in decades to come the devices can still be usable.
Even though at any point said device can be unlocked, transferred, sold etc.
As long as the owner can still log in to their iCloud account they can deregister their device. This is a non-issue.
I think its wrong to be dismissive of how inacessible this could become if apple is no longer a company
For almost any other company, I think this would be a reasonable concern.
Given Apple's staggering pile of cash, I think that we'll have decades of warning if they're going to stop existing.
This is really an issue of control. A company that designs and sells computers, which creates a conflict of interest, should not be in the business of controlling access to a computer. That should be handled by the customer. Otherwise they will use the market position to dictate how that control is used. It's a lose across the board, you are not thinking long term.
No, it’s even in the name of the feature. Activation Lock.
It is to stop devices being stolen, wiped and re-sold. It is an attempt to allow the legal owner of the device the ability to control who can use it, rather than the possessor of the device having full control who can use it.
Its only purpose is to protect the use of the device by people removing all the software (erasing back to factory defaults) and taking control of the physical device that way.
Activation lock is not the same thing as file system encryption.
I’d rather not make my belongings such valuable targets for theft
My folks also bought a Mac from an Apple Store with an active credit card. When the laptop was stolen and recovered by the police, it had some kind of boot lock on it.
They refused acknowledgement of the credit card because they say it could’ve been stolen and they refused state ID as it could’ve been stolen or forged. They refused acknowledgement of documentation from the police. They said it was my folks fault for putting the boot lock on as it warns you, but my folks weren’t the ones who did that. I didn’t even know that boot lock existed until then. This experience was in the same original Apple store my folks purchased the computer, which is why I presumed state ID and original credit card would’ve been adequate.
Unfortunately my folks had made themselves indistinguishable from foreign intelligence. The amusing thing is that if they're so worried about forged government ID's and stolen credit cards, then how on earth can they trust a receipt? Unlike a government ID, your face isn't on it.
Why that the device is listed in his My Find account not a proof of the ownership?
> How can they help you? How can anyone help you?
They literally can, but are choosing not to. If there is concern about stolen devices, then there could be a way for victims of theft to submit such information to apple and then when someone wants to purchase a used laptop they could check whether it's stolen. They could also provide a mechanism by which a laptop could be submitted for unlocking and sits in the request queue for three months pending someone saying "that's mine!"
At the end of the day it's bullshit that functional laptops are going into the trash stream for artificial reasons. There should be a tax of 10x the highest global retail price of the device assessed against the manufacturer.
You can probably get your old card issuer to pull up your statement. I’ve done similar stuff in the past with closed brokerage accounts. It may be an involved process and take a while to reach the right person but worth a try at least!
How are they supposed to produce the receipt? You’re supposed to have it. They gave it to your hand or send it to you over email.
In this case it seems like Apple has more than enough information to verify that Terretta is the valid owner of this computer, and so they should unlock it. Whether this goes via "reissue the receipt, then unlock it" or just "unlock it" isn't important.
I agree on that point, but not on the one where Apple should give him the original proof of purchase.
Apple knows the time and place of each product (SN) they sell, and they know who activated it to their account. They should certainly be technically able to produce the receipt at the time of sale but also a duplicate later.
> Apple doesn't seem able to "produce a receipt" if you purchased the MacBook with cash or a discontinued credit card in their store.
I'm not sure if this is standard policy or a fluke. If true then Apple should absolutely not demand that proof of purchase back from the owner at any point. I can't imagine how it's legal to sell that in a store and not provide proof of purchase but that's a different matter.
> They should certainly be technically able to produce the receipt at the time of sale but also a duplicate later.
For privacy reasons, they might not legally be allowed to keep purchase history around forever.
I don't read the parent as wanting support going back indefinitely; 2019 to 2023 is well within when the company should have sale records. You generally need to keep them for at least seven years from when you file taxes, which might be more like eight years from the sale: https://www.nolo.com/legal-encyclopedia/how-long-should-you-...
The IRS recommends keeping records for 7 years. That's long enough.
The paper receipt most likely doesn't have any information (his name, email, etc) that identifies him as the actual person that was in the store that day and made the purchase. He said he purchased with cash or a card he doesn't have anymore.
Surely you can see how just handing out a generic receipt to whomever shows up and asks for it is a real issue.
Lesson here is, for ANY merchant: pay with a credit card, have the receipt emailed to you if possible. If not take a picture with your cell phone of the receipt, _on the spot_. That's it, you are future proofed.
Are you suggesting their system did not record the sale? I agree that OP should have the receipt but I'm quite sure Apple has the data for that sale somewhere.
I am suggesting that if I bring a laptop and ask them to produce a receipt of its purchase it’d not prove that I purchased the laptop. Anyone could do it and then use that receipt to say they bought it in the first place.
Indeed. The receipt should serve as proof of purchase from the purchaser to the vendor. I'm sure Apple does have proof on their side, likely even tied to the serial number, credit card, Apple ID, etc., but going to an Apple Store and asking them to verify your identity and connect the dots... that's probably out of scope for their everyday support. OP would need to work with a higher tier of support to reestablish ownership and receipt, which maybe isn't unreasonable to do.
This is probably right.
Apple business has told me no guarantees but as a company owner I could possibly get an exception through our company's Enterprise Support, which, as a user of that service, I have observed being more empowered than the consumer channel.
Whether that might work or not, it's likely not available to casual purchasers.
OP bought it with a credit card, I'd be surprised if there was no record of any name, address or ZIP code attached to the purchase.
Exactly. And most likely in a DB column directly connected to the serial number.
I can't stop laughing at the shit apple users justify and put themselves through. You should be able to wipe everything clean and reinstall the OS without the need of any fancy firmware nonsense. But apple convinced their mac users that that's ancient tech and they need firmware passwords now( lol).
This is a silly idea but wanted to throw it out there anyway: What if you listed the laptop for sale on eBay, then bought it back using a friend or another account? Could that be used as "proof of sale" for Apple to unlock it?
This is brilliant. Hopefully it's not that easy. Worth the ebay fee to try!
looking forward to your blog post with the story up on HN :)
Isn’t listing stolen laptops on eBay the exact thing purported to be the problem?
If thieves can just list on eBay and tell user to take the receipt to Apple…
Pretty sure they wouldn't let you walk out of a store without issuing a receipt regardless of mode of payment used
You linked to an M1 model, but apple did not make these in 2019.
You're right. Wrong link.
Damn. Are you going to continue being an Apple customer?
Yes. Since this was refused, I've bought two new iPad Pros, two new MacBook Airs, a MacBook M1 Pro, and now the new M2 Pro, from the same store.
I like that I can't get into it. It gives me comfort employee machines with company IP cannot be readily compromised.
What happened to you really sucks and I am sure you took away a lesson or two from it. But you have a really good point... "if it didn't work for me then I'm sure it won't work for an actual criminal" it's a good point.
In a way, you pen-tested Apple's anti-fraud processes... although at your own expense ;)
OT, but I find this fascinating: did you buy all of those computers for yourself? If so, why do you need to upgrade them so frequently?
This amounts to not owning the device in my book.
How so? The owner set a password that they cannot remember.
The vendor can reset it, but wouldn't, and can block the device at will (say if reported stolen with a receipt).
I would note that a legal way to get a laptop is to have it given to you. Not every transaction that transfers ownership entails a receipt from a corporation or even the exchange of money.
[flagged]
My dad was given an old company laptop a while back. He has since switched jobs. The laptop is locked with an UEFI password but is no longer in anyone's system and I doubt anyone ever stored a real receipt. He has a receipt from the company that gave him the laptop I believe, but the manufacturer won't ever take that as proof of ownership.
> In this case, if a device is given to you, why can't you have the person giving it to you (assuming they're the legitimate owner obviously) remove activation lock if they forgot?
The device was given away after it was written off. The data related to it has been deleted, there is no receipt any more. I don't have the receipt of the laptop I bought seven years ago, why should I?.
> Why not check the device quickly at time of transaction?
They could have, but they forgot. Now they can't.
You can think of processes and procedures all you want but in real life people lose receipts and forget to check some stuff.
I would say not everyone who has the activation lock enabled knows it exists or how to remove it. My parents, for instance. I fully expect one day they’ll take it to goodwill and it’ll be slag.
I’m actually not concerned about this. The security value is higher. I’m just pointing out ownership doesn’t require a receipt.
> In this case, if a device is given to you, why can't you have the person giving it to you (assuming they're the legitimate owner obviously) remove activation lock if they forgot?
What happens if the original owner died?
Apple will transfer control to a legal heir.
Does it also need the receipt?
think these discussions can be higher quality if you spend a minute thinking through your hot takes and doing a bit of research. In this case, > > if a device is given to you, why can't you have the person giving it to you (assuming they're the legitimate owner obviously) remove activation lock if they forgot?
Because it creates too much friction at the point of transfer.
Decryption security should be handled in a way that the decouples user data from the device itself. There will always be theft. The impact that we have on the planet is something we can no longer afford to ignore.
This isn't an issue of turning off our brains. We have two problems we have an issue with theft and how security mechanisms that are tied directly to the device strongly prevents reuse and resale.
>Because it creates too much friction at the point of transfer.
The definition of the desired process outcome is "it is demonstrable that the asset was transferred willingly". What is your idea of "less friction at the point of transfer" that achieves that goal? Otherwise, we're back to "this is indistinguishable from theft".
Who is the authority that determines that "it is demonstrable that the asset was transferred willingly"?
Receipts from Best Buy
No, its Apple inserting themselves into the process. The same process apple uses to deny independent computer repair centers access to parts. This isn't about preventing theft. Its about apple controlling how hardware is accessed and used and you can see that be how the treat their customers and repair centers.
>No, its Apple inserting themselves into the process.
How exactly do you think this works, without a trusted third party?
By trusted 3d party do you mean Apple? The same company profiting of off making hardware less accessible, forcing people to by new devices instead of being able to repair there own stuff. You mean that trusted 3d party?
There should be a tiny (a couple minutes at most) amount of friction for the transfer of $1000s of dollars worth of property.
Activation lock doesn't prevent resale, it prevents theft.
I don't agree. We don't need a company the same company that provides the product tell its users how to protect themselves. Thats up to the people purchasing the product. It creates a conflict of interest and it causes people to loose the freedom on how they wish to protect their devices.
“There will always be theft so we shouldn’t try to reduce theft” is pretty circular.
There will always be theft, but only one livable planet. You do the math. The way Apple is implementing this security makes the impact on the planet worse. In the long run, its not worth it, for user control or for the environment.
>Because it creates too much friction at the point of transfer.
It takes literally a minute.
[flagged]
These discussions would be higher quality of blatant apple shills didn't write 4 paragraphs defending an obviously flawed policy that is objectively sending good hardware to the landfill.
You can't post like this to HN, regardless of how wrong other people or you feel they are.
If you'd please review https://news.ycombinator.com/newsguidelines.html and stick to the rules when posting here, we'd appreciate it. Note this one:
"Please don't post insinuations about astroturfing, shilling, bots, brigading, foreign agents and the like. It degrades discussion and is usually mistaken. If you're worried about abuse, email hn@ycombinator.com and we'll look at the data."
Why would be ok to destroy a perfectly working device that is sent to a "recycling center". Reuse is the correct way.
Can anyone confirm this? The article AppleInsider links[0] doesn't seem to have a way to upload a receipt. And I don't see how this would be possible without Apple verifying that the seller's name matches the name on the Apple ID, since, otherwise, thieves could launder devices via "selling" them via ebay once (for a 12% fee), or telling buyers of stolen devices to submit their receipt to Apple to get around the lock.
0: https://support.apple.com/en-us/HT201365
https://support.apple.com/en-us/HT201441
Seems to be an option at the bottom of this page.
It's proof of purchase from an Apple authorized seller, if you bought it from some random owner you're out of luck.
So what happens if I bought a macbook from someone who bought it from apple or apple’s reseller but no original receipt was given to me and then I forgot my password to unlock my laptop? Will I ‘lost’ my laptop forever?
IIRC the previous Vice article mostly mentioned things like school bulk-selling devices, without doing the legwork of disassociating / resetting devices out of MDM. At no point is the goal to force the destruction of the device.
It may not be a goal, but it's an inveitable result of the design of the policy.
I was able to get activation lock removed on 2018 MacBook I purchased off eBay this way- I took it into an Apple Store to get its keyboard replaced under warranty and they just asked me to produce the eBay listing with the serial number visible and my shipping address on the order.
Doesn't this defeat the purpose of the activation lock? If I steal a device and sell it on eBay I still make my profit. In the general case if you have a locked device could you just "launder" it through eBay for the price of the commission they take?
Generally speaking, this works to unlock one off devices (and not mdm) but if you went to them with bulk serials to unlock they would tell you to go away. The scale recyclers operate at this does not work.
[flagged]
If it makes my laptop useless to be stolen and protects my personal information and finances I'd choose them being sent to the landfill over second hand market.
None of this is an issue if its actually real second hand.
As much as we all like to poke fun at Apple for some of their annoying decisions with lack of user choice, their locked-down systems also have pretty impressive results in that they've made it nearly useless to steal any of their devices.
I remember hearing that in certain "protests" (definitely not riots) a couple years ago, where people were looting stores, Apple was able to easily get the serial numbers of all the stolen devices and remotely brick them. The contrast of how valuable Apple products are both new and second hand, compared to how useless they are to steal is pretty wild. I can't think of any other product like that.
I think I also read the the comments last time this was posted someone talking about how their kids locker room had a bunch of phones stolen but the thief's left all of the iPhones because they couldn't be unlocked.
The comment https://news.ycombinator.com/item?id=34504990
Don't Android phones have a similar feature with a linked Google Account? I once needed to contact the old Owner of an Samsung phone because of such an account lock.
Sadly, not as effective: https://www.google.com/search?q=FRP+workaround+android
Not even thieves want them. Like how Jerry tried to get his smelly car stolen.
Security good. A vendor being able to remote wipe your device is bad.
I wonder if they could burn a fuse when the user logs in so that Apple can no longer do that but the owner can.
I don't see how popping an eFuse would really prevent anything. Even if logging in triggered some sort of key generation for remote bricking that was tied to the phone's password, at the end of the day Apple still controls everything. You'd still have to trust that they wouldn't just silently push out an update that replaces the key, because they'd have to have the ability to replace the key anyway.
If you don't trust Apple to not remotely brick your iPhone, don't buy an iPhone.
Im just spitballing here. I'm sure Apple could securely create a scheme that all sides are happy with but they obviously don't care because it makes them money.
Well spitball a bit harder because it's actually a hard problem to solve - given buying and selling of used items, how do you prove who actually owns a device? The official registered owner is the one who's iCloud locked the device. If you were the legitimate owner, you could just iCloud unlock the device. If you bought it off Craigslist legitimately, the old owner would be able to iCloud unlock the device, if cooperative. If it's a time-based thing, then thieves just have to steal the phone, wait 6-months 3-years whatever, and then they get a free phone/laptop/iMac. If you have to show a receipt to Apple to prove you bought it, a thief could just have a friend make a post on craigslist that they "answer", and there you go.
If you go into the Apple store and request a firmware reset, Apple will ask you for the original receipt before sending it off to the factory to do it, but they can. But given how expensive their laptops are, a rogue employee at a computer recycling center could still slip in a few stolen ones and pocket the gains if Apple worked with recycling centers to unlock their laptops.
Hmm, 'vendor can remotely brick my device' could be a selling point or a not buying point depending on view point.
Why does the vendor need to be in control, though?
Why can't I be the one in control over my own laptop if it is stolen?
Or why can't I assign a different entity to be in control over my laptop?
You are in control. You attaching your account to it is what is bricking it for anyone else. You can always remove your account from it and hand it to another entity. The only thing Apple is doing in these cases is saying no to letting someone else remove your account/mdm association.
No, Apple is clearly in control by being the only possible provider of accounts.
For example I could run my own account/password system, and lock my own phone if it is stolen. Or transfer that right to another organization.
Saying that "vendor can remotely brick the phone" is the only way to have this functionality is not true.
Good thing I didn't say anything about the vendor locking the phone is the only way. Apple designed their system and yes, they do have control. It's also a good thing that Apple has delegated the ability for you to lock/unlock your own phone when you want.
I'm trying to figure out how you want this to work.
If your own laptop is stolen, you're no longer in physical possession of it.
So from the perspective of the laptop, some sort of interaction should brick it. What should that interaction be? It needs to happen early, before thieves have a chance to disable it. So it needs to happen before login, say. Really it needs to happen at either bootup or as soon as the laptop establishes a connection to the internet.
At which point it should... reach out to you? How? Must you own a second Apple device for that to work? Okay, let's go with that. You have an iPhone, and you use Find My to brick the laptop. So now someone can steal your phone and use it to brick your laptop? Your laptop needs to talk to your phone every time it boots up or connects to the internet?
I'm not sure you've thought this through.
It seems reasonable to me that the only entity that makes sense here is Apple. Even a savvy thief, who might block packets to anywhere unexpected--and "person's iPhone somewhere" is definitely unexpected--is going to need to let packets go to Apple, making them the only party with the means and opportunity to do this.
> So from the perspective of the laptop, some sort of interaction should brick it. It needs to happen early, before thieves have a chance to disable it.
Not really. Encrypted data on the drive, password protection to get in should be enough. If the password implementation is top notch it essentially is a brick to anyone not in the know — time will be of no use to them.
The idea here is to prevent theft for resale - nobody needs your vacation photos. They'll erase it and sell it for $$$$$
And how do you think Apple implements their anti-theft functionality?
It's really not that hard to design a system that will become essentially a brick when the password is lost. E.g. just put some flash memory on the main processor chip that partakes in the encryption of the harddrive.
Which sounds like the Secure Enclave.
> from the perspective of the laptop, some sort of interaction should brick it
Yes, that is the sales scenario for remote lockout. Its kind of lame, like "if I can't have my thing then nobody else can either and it becomes e-waste," and also depends on a crook being smart enough to realize this valuable looking thing has no resale value.
Now run out the scenario where you are the Canadian truck driver or in some other politically unpopular position and getting progressively locked out of stuff. Maybe the feds start leaning on Apple like they do to debank state-level authorized herbal commerce. Maybe some other entity gets into Apple's system and holds your computer hostage. It seems like the wrong direction for computing devices.
Obviously, the laptop contains some bytes somewhere which refer to Apple.
Just make those bytes point somewhere else (assuming Apple allows you to), and run a server at that location and you're done.
What is the problem?
Off the top of my head: if you can change those bytes, sophisticated thieves can change those bytes, and eventually anybody buying a kit on the open market can change those bytes.
Also, as I previously mentioned, sophisticated thieves can block traffic anywhere other than Apple by default.
People can still part them out or scam others
Weird side angle to get in your political views known on HN, completely unnecessary.
If you don't use quotes you are legitimising the "protests", which is a political view as well (but I guess you wouldn't care about that one)
They should have just called them riots, then. "I remember hearing that in certain protests a couple years ago" or "I remember hearing that in certain riots a couple years ago" would both work. The wording as-is is provocative for no actual benefit to the point.
Whether you agree with their position or not, it's not really relevant to this discussion to draw attention to the ethics of those protests/riots.
The comment didn't need to mention it at all, especially considering that it was preceded by "I remember hearing." It didn't add anything to the point about security and it goes against the spirit of the site.
Using quotes is sarcasm and mockery.
It is not a good look.
It costs nothing to be polite. Even if your political beliefs revere rudeness, leave it at home here.
Believing that mass looting stores isn't a legitimate form of protesting is a controversial political view now?
Here's a thought: if there is both protesting and rioting going on, we don't have to say this is either protesting or rioting. This implies the venn diagram of the protesters and rioters is a circle. It could be, but there also could be no overlap whatsoever. Pretending it is necessarily a circle -- they are one and the same -- is asserting a political point of view.
(Also, this makes it easy to delegitimize any protest: send some looters. As soon as anyone loots simultaneous with and adjacent to the protests, it is now a riot.)
> we don't have to say this is either protesting or rioting
This is true. The problem is, no one is doing this WRT any of the "civil disturbances" that happened over the last few years.
> this makes it easy to delegitimize any protest: send some looters
Or anyone willing to make the protest cross the line from "peaceful" to "violent."
Of course, these caveats can be just as easily applied to events in the midwest as to events in the capitol.
It's not that it's a controversial political view, it's that it's really not relevant to this discussion.
Odd coincidence considering the video that's going to be released in a few hours.
There was really no need to shoehorn a snarky political talking point into this discussion.
"Need" is a subjective bar. Was there a need for you to reply? Was there a need for me to reply to you?
OP was ostensibly making a completely unrelated point. The word "need" was referring to the relationship between the original topic of discussion and the snarky aside that OP dropped into it. There was no need for there to be a political component to make that point. It didn't add anything to the discussion. Obviously people are downvoting my comment, so people don't think that I was contributing to the discussion either, but I thought it was worth a shot to try to discourage the kind of comments that I believe degrade online discussions. I think I made my point in a pretty civil fashion, and that's the end of it as far as I'm concerned.
Need is a value judgment. There's no need for this website. If you want to say it's irrelevant, that would make more sense, and then as you say your comment would be relevant to OP's.
Talking is just a cheap talking point.
Apparently the laptops are given to a recycler to be destroyed by an institution. He’s trying to refurb and sell.
https://twitter.com/rdklinc/status/1617541547469193217
> Wrong -- it means that 1000 of these devices were dumped from an institution to a recycler without even bothering to log out first. And these apathetic institutions don't return calls when asked to unlock because they want the machines destroyed.
Yeah, this is a problem with how many recyclers sell their services. What they sell to businesses is something like "we dispose of your device and securely shred your data" beside some picture of physically shredded hard drives... but reality is often something more like "we have a kid run DBAN on it and then flip it on eBay".
Recyclers are going to have to have to make it worthwhile to the businesses they source their product from, and be a little bit more upfront about it, if they want to recycle these devices. What they want to do is whine to Apple so they can continue to go behind their customer's backs like they do now with every other device.
Isn't this just a case of "buyer beware" for the recycler? If the machines haven't been properly erased so that they can have ownership transferred then the recyclers should refuse to accept them.
On the other hand, if the original owners want the machines actually destroyed and not resold then I don't see the problem here.
On the third hand, they're a recycler. It's unfortunate these Macs can't be reused, but I imagine the Recycler got these for free or bought them and paid scrap metal prices, not "we'll resell this" prices.
> It's unfortunate
It's not just "unfortunate": our wildly consumptive and wasteful nature is a crime against future generations.
It's not just that our consumption and waste production are at record levels, to the point that we have damaged our climate!, but that they continue to increase at exponential rates.
This is incredibly well said, thank you.
All of this central control assumes the central control will still be there in the future. Someday, apple will cease to exist, and when it does, there will be millions of unverified bricks that used to be computers.
I disagree.
I think apple should run a refurb but they wouldn't as that would depress their retail price.
The devices are recycled just for parts. Even the motherboard will have parts removed and reused.
It's a lot more work than flipping the laptop on eBay.
I think apple should run a refurb but they wouldn't as that would depress their retail price.
I think people should at least make a good faith effort to look this shit up before gettin' all snarky:
https://www.apple.com/shop/refurbished
Yikes I was totally wrong.
Like I’ve never made a mistake, have an upvote. :-)
Apple's sold refurbished products for decades.
I'm totally wrong.
Like the most wrong I've ever been.
Well once I made a marmite pizza, other than that I've never been so wrong in my life
Indeed. Probably almost half of the Macs I’ve bought over the past couple decades have been refurbished.
>Apparently the laptops are given to a recycler to be destroyed by an institution. He’s trying to refurb and sell.
So he stole those then? Because he's not the rightful owner right? Even trash belongs to someone.
None of this is an issue if its actually real second hand.
People don't always take the time to go through everything.
Traditional disk encryption serves your protection perfectly well.
As the saying goes, "Those who give up freedom for security..."
Sure, but as soon as they remove it from their iCloud account that activation lock is removed. (yes, you can connect to wifi before you enter the password)
The only time this is not true is when the previous owner has intentionally marked the device lost or stolen in the find-my App/Site.
I think a lot of this backlash is recyclers getting stolen goods.
(Also, iCloud lock is bypassed if there is an MDM, like in a corporate setting- then the icloud lock can be remotely enabled/disabled by the organisations IT department)
Traditional disk encryption doesn't dissuade from stealing my device in any way. It's my device and I want it bricked if it's not in my hands.
How does fde make a laptop useless to be stolen?
Because the actually valuable content (the data) is protected, while the disposable part (the hardware) is taken. If you have a responsible backup habit, disaster recovery is as simple as restoring another device. FDE gives you permission to shrug-off lost devices and data, something an unencrypted laptop can't quite offer.
You've got it the other way around: for a thief stealing a laptop whilee you're careless in a coffee shop, the actually valuable content is the hardware, while the data is the disposable part.
Sometimes the data can be valuable as well (perhaps you can be blackmailed, or perhaps they can steal additional things from your bank accounts etc), but that is far from guaranteed. The hardware has a clear value though.
Thieves don't steal devices to sell the data. They steal devices to sell the device.
It's not about the thieves intent. It's about the person that ends up with a stolen or recycled device that wasn't properly wiped and now has a bunch of sensitive data on the hard drive (you can find tons of stories like that).
Also industrial espionage is a thing and but I agree with you that's probably a minority of thefts.
Yes, I know what FDE is good for. But it doesn't prevent or deter anyone from stealing the device, as Activation Lock does. FDE has no utility in reducing the value of a stolen device, because they can be simply reset to factory settings.
I could also deter thieves from stealing Macbooks by engineering it to detonate the battery when an unauthorized user takes it. That doesn't make it right, or justify the collateral damage caused by the feature.
Sorry, at what point did anyone suggest that turning the MacBook into a bomb is right or justified.
Booby traps are illegal because they harm indiscriminately.
It does in combination with with Activation Lock or similar technology that is available x86 devices.
The claim above being disputed is that FDE alone makes it useless to steal a laptop.
Most people won't shrug off the loss of a material investment of over a thousand dollars.
Your data is valuable to you, but unless you happen to be Hunter Biden it's probably valueless to anyone else. On the other hand, your hardware is valuable to a thief who can resell it.
Full-disk encryption protects your data. Activation locking dissuades theft.
Personally, I want both.
> Traditional disk encryption serves your protection perfectly well.
Exactly. I don't need Apple to protect me from thieves, I need the computer that I bought to protect my information.
Disable "Find My" in iCloud settings and it works as normal.
You will likely get a little bit of Herd Immunity because Apple devices are known to be miserable to steal.
But otherwise it will work as you expect, just add some Filevault for FDE.
If you're advocating to remove these features for the rest of us, then as an Apple user: no thanks.
> If you're advocating to remove these features for the rest of us
Not at all. It obviously needs to be better documented or changed since so many legitimate resales are being affected.
As someone who was mugged on the DC subway for an iPhone about 10 years ago, hard disagree.
When your ownership of things depends on a private organization - under the ultimate control of who knows who with what private agenda and incentives -, the organization's willingness of cooperation in this ownership, and proper and fair implementation of procedures, with incentives for them to do so the best being indirect (sales volume of products as a whole) then there is definitelly an issue!
Just because there are criminals out there we shouldn't mandate all and every honest parties prove themselves of their innocence proactively....
I am surprised this security vs. freedom things is still something where people argue so overwhelmingly for the security part against themselves despite the many many many bad experiences throughout the history in various levels....
(there are schemes where the ownerships is strictly controlled but by a public body of the society with regulations around it - house, car, etc - but not a private business oriented organization's coined policies and online account implemented by there sole discretion and judgement who is allowed to use what, what constitutes acceptable proof in their view, and who is given access to that authoritive account and who is locked out eventually, potentially for a completely independent reason)
You don’t have to buy one. Problem solved.
You mean if I do not buy then this whole problematic construction will go away for good?!
I can do that! I can refrain from buying for the sake of the humanity, no problem! : )
You don't need to breathe. Problem solved for driving my rolling coal around.
> If it makes my laptop useless to be stolen and protects my personal information and finances
keeping information private and/or secret and rendering a perfectly usable device a brick are two completely orthogonal things.
My laptop is perfectly secure, without Apple having a say on what I do with it after I bought it. Including reselling it.
p.s. if someone saw my laptop and a mac laptop left alone in the same room, they would try to steal the Mac, making my laptop even safer by virtue of not being from Apple.
> p.s. if someone saw my laptop and a mac laptop left alone in the same room, they would try to steal the Mac, making my laptop even safer by virtue of not being from Apple.
A lot of people around are claiming the exact opposite: thieves have learned that stealing Macs is useless, while other laptops have clear re-sale value. The retail price of Macs is irrelevant if there is no way to fence them, and if thieves are aware that there is no way to fence them.
> thieves have learned that stealing Macs is useless, while other laptops have clear re-sale value
thieves have also learned that the only easily re-sellable laptops are the $200 brandless stuff bought on Aliplay, that are probably not worth it.
every brand laptop today can be registered, has some form of "find my laptop" and supports encrypted filesystems
Macs aren't good only for re-sale, but also for spare parts and/or raw materials.
Nobody would steal a Trabant over a BMW just because the BMW has more sophisticated security.
Thieves are able to learn new tricks too.
> Macs aren't good only for re-sale, but also for spare parts and/or raw materials.
Except this entire thing blew up because of recyclers bitching that the laptops were only worth the value of scrap, something like $13.
electronic devices are a source of copper, silver, gold, nickel, zinc, steel, glass, cobalt etc etc
They are quite more valuable than the bare aluminium case.
In 2016 Apple declared that it had recovered nearly 90 million pounds of materials from Apple devices recycled through its program in 2015. Sixty-one million pounds of those materials are reusable in future products, including 2,204 pounds of gold
From an environmental POV Apple should allow people to use/re-use/resell their devices as long as possible. Of course that would not align with their interest that is selling as many new devices as possible.
The legitimate owner of the device can resell it.
except when they can't (I saw comments of users that lost the access to their accounts or that could not prove they bought the item because they lost the receipt that had their devices turned into very expensive bricks)
OTOH e-waste should not be allowed under any circumstances when the raw materials are scarce and/or retrieving them is damaging to the environment or they are polluting.
Last but not least the device destiny should be under the control of the person in possess of the item, unless the item was stolen.
If someone brings their car to my junkyard to destroy it and I fix it and resell it or dismantle it and sell it as spare parts it's completely under my rights, I don't see why electronic devices should work differently and why the manufacturer should have the keys.
Don't let me start on non-Apple compatible replacements parts that Apple won't let you use, even if the warranty has expired.
I would rather my devices become bricked if they're stolen from me. You are welcome to disable the feature on your own devices or not purchase devices that have this feature.
> I would rather my devices become bricked if they're stolen from me
Non sequitur.
The device is mine when I buy it, but it is sometimes impossible to unbrick something that Apple bricked.
I would rather let you pay a premium to have the features you so much want, because annoying the majority just because you want something, should cost you more.
Also the will to generate useless e-waste should be punished, we are past the times when people (especially americans) can use the entire planet as their own junkyard.
>if someone saw my laptop and a mac laptop left alone in the same room, they would try to steal the Mac, making my laptop even safer by virtue of not being from Apple.
That might be true now, but it might not be as time goes on and this bricking functionality becomes common knowledge.
Totally bro. Bring on the e-waste, as long as I am good who cares?
It’s only e waste if stolen or similar. If you are selling it then you can unlock it and there’s no problem.
The previous owner CAN unlock if they're able to and they know they're supposed to. Unfortunately I suspect a lot of devices are intentionally donated or recycled while unintentionally locked. I wonder what percentage of SMBs have proper MDM set up for their devices versus just a bunch of personal apple IDs with no way for the org that owns them to unlock them?
This is a self-correcting problem: if I buy a Mac from you on Craigslist I’m not going to say “oops, no big deal” if I can’t use it - I’ll ask you to unlink it, reverse a charge, or even take you to small claims court.
Over time, people learn this and it becomes routine just like people buying used cars know to check that the seller really owns it and isn’t lying about the collision history.
how do you reverse a cash payment?
You don’t, which is why many people either avoid them, carefully check before paying (Apple has a detailed “before you buy” guide for this exact reason), or in the worst case that’s why I mentioned small claims court since regrettably some people will misrepresent what they’re selling.
Apple could help by emailing the owners and asking them if they want to unlock the device or report it stolen. That would remove the ambiguity, help honest recyclers and users and the environment, and generate evidence against thieves.
You could even go a step further and require the person requesting the unlock to provide photo ID and affirm that they are claiming to be the legitimate owner of the device to dissuade thieves from trying to use it and also for the unwitting receiver of stolen goods you now have a way to get that back to the real owner and potentially track down the thieves on the other side of the transaction. Sadly I doubt that would result in police actually taking action against thieves but a macbook is expensive enough to be felony theft in most places. The guy selling it on Craigslist probably isn't going to use a burner phone, meet away from his home, and use a rental car just to sell a stolen macbook. I think there are much better odds of identifying them if Apple would try and get devices past activation lock and track these cases down.
That just means it’s an education problem. Not an apple problem.
On one side everyone wants security and privacy. But when they get it they complain when it prevents them reselling devices that are not theirs.
Apple literally just released a security update to a 10 years old device, and their devices have a huge second-, and even third-hand market so they easily live for that long.
There are plenty things to say about apple, but their devices do serve their lifetimes. I would be much more worried about the litany of low-end laptops and mobile phones that end up in the trash with zero value in a year.
iDevices are actually excellent at e-waste reduction precisely because of their "erase everything" feature, which gives owners a very quick and assured way to ensure the devices are actually wiped and reduces incentives to shredding devices or parts of them.
The article is about the opposite, and how can you trust that the "erase everything" works? You can't verify it without destroying the device, since the storage is not removable.
The article is saying that people don't unlock their devices before recycling them.
This could be true, but as I mentioned in another comment, as soon as it's removed from the original users iCloud account that lock will be removed.
> how can you trust that the "erase everything" works?
You can't remove it, but as long as nobody else can use the device to recover data then it's fine.
FWIW it's actually pretty easy with SATA SSD's to set a device key, which then encrypts everything on the drive at full speed: https://github.com/Drive-Trust-Alliance/sedutil
The drives are actually already doing this, it's just that the key is set to 0's.
I can imagine that, given the drive is accessed via T2, that Apples NANDS are being accessed the same way, in which case scrambling the key is enough to make it unrecoverable permanently.
fwiw self-encrypting drives always manage to end up in a research paper every ten years where they show the crypto is catastrophically broken, the key is "md5(serialno)" and the access check turns out to be if(!strcmp(pw,...) || !strcmp(pw, "letmein").
"Some institutions ignore the fact that you can safely resell these devices and just bulk-recycle everything" is not a good counterargument to the GP.
It's on the refurb companies to ensure it's unlocked before distributing payment and accepting the product. Otherwise this business is indistinguishable from trafficking stolen property.
Nah fuck thieves.
Please.
I can’t believe the HN consensus on this one! A system that relies on the original owner to perform some incantation or the device is e-waste? Really, that’s the best Apple could do?
I sympathize with the resellers here. Often times the original owner cannot be contacted. Maybe they are dead and the machine came form an estate sale. Maybe it was sold on consignment or something. Maybe the original owner is just very difficult to find.
I bought a MacBook off an eBay seller, and had to deal with this shit. It took the seller forever but by some miracle he was able to track down and contact the original owner so he could unlock it. Without this hassle, a perfectly good computer would have been e-waste in a landfill somewhere.
Frustrating the legitimate second hand market and the ecological impact of all this waste is a high price to pay for mere anti-theft. Companies are very eager to kill the secondary market for their goods, and accepting this scheme plays into Apple’s hands.
It does work though. I had a thief break into my house a couple of years ago (2019 or 2020 can’t quite remember), they stole my expensive DSLR kit out of the cupboard, left the six-month old iPad Pro that was sitting on my bed.
For the dead person scenario, you can get access to iCloud with a court order once they are deceased, or if they have set up their legacy contact. So that would be the procedure to unlock the device.
For the ones in the article, the people sending them to the recycler seem to be refusing to unlock the devices and want them destroyed. Perhaps Apple should take back these machines for refurb in such a case (especially since they’re quite new)
> For the ones in the article, the people sending them to the recycler seem to be refusing to unlock the devices and want them destroyed. Perhaps Apple should take back these machines for refurb in such a case (especially since they’re quite new)
That seems to be the obvious solution: let Apple reset them completely, wiping out anything that could possible store any data, and make the components usable again. As long as Apple doesn't pay out any more than the shipping & handling of the laptops, there's no profit motive so the theft protection is still there but the planet is just a little bit greener and happier.
> you can get access to iCloud with a court order once they are deceased
Even for important memories, has anyone heard of anyone else actually doing this? Just curious, lots of deaths in my family lately and i'm positive none of the grieving members would attempt a court order
The 'mere' anti-theft and privacy benefits are way more important to me than the second-hand market. Plus, the difficulty caused by the anti-theft mechanism is straightforward to overcome provided the seller is legitimate.
Why should onus be on legitimate refurbishers and resellers to prove that the device is not stolen (extremely hard) rather than on the victim to report the device as stolen within a 30-90 day grace period (trivial)? After this grace period the device would wipe the data encryption keys and unlock itself.
A simple solution that protects both sides, it just so happens to conflict with Apple's earnings goals.
When I spend several thousand pounds on a laptop, I expect its features, including its privacy features, to maximally benefit me, not some hypothetical refurbisher who I, quite honestly, don't give a shit about.
Its privacy features will always maximally benefit you. There is no way to get data off the Macbook unless you don't trust Apple's secure enclave encryption. Activation lock is a separate unrelated concept.
You might not give a shit about recycling but Apple says they do[1], they really love to go on about how much they care about climate change and the environment. It's important to point out clear violations of those claims so others can make informed choices.
[1] https://www.apple.com/environment/
Well said! There has to be a better way to balance anti-theft and the interest of re-use. It seems abhorrent that fully functional, almost new devices have to be thrown away.
For example, a possible solution could be the following: If a device is locked to an account, the new owner can send an anonymous request to the apple account of the previous owner of the device, asking them to authorize an unlock. This would protect stolen devices, while also making it possible to recover devices where the previous owner was simply neglectful in unlocking the device before selling it. Of course, it would not help if the previous owner is dead, but anything helps.
It also seems abhorrent that fully functional, almost new devices are stolen and resold for commercial gain.
Agreed! Let's try to find a solution where neither happens.
Apparently Apple is the police now and people want this. They scan for CSAM on your devices and lock it down to fight thieves.
Sing it with me: One of these things, is not like the other!
Look if you just want to get your 3 minute hate against Apple out I'm happy to yell and scream with you (fsck their walled garden), but scanning for CSAM on your device (which they took back and aren't oing) is not the same thing as fighting thieves. Hell, Apple recently made the move to allow iCloud backups to be fully encrypted, impervious to Apple, the local police department, the FBI, the CIA, and the NSA (unless they've broken the encryption scheme, and they didn't tell anyone, which is entirely possible, but that's like Edward Snowden levels of "they're out to get you"), so I'm not sure how they're "the police now".
This assumes the previous owner (still) uses an Apple account. If I were to switch from Mac to Windows, I don't see why I would check my Apple account for notifications.
I really don't understand the argument for this situation. The drives are encrypted, right? Why can't the drive just be formatted and the system reused? The data is the thing that's important here, no?
For some thieves the data is important. But for most, the hardware is what they are after as they can get a quick couple of hundred quid for it.
Because if you could do this it would make Apple devices much more attractive targets for thieves.
I feel like there's some sort of middle ground here. If a device is still registered to the original owner, notify the original owner and give them a grace period where they can permanently lock down the device. After that grace period, the device automatically unlocks. Having to provide the sale receipt feels more like vendor lock in than actual security.
If Apple sent such emails out, that would just make it very easy to phish the original owner.
Nah, send it out via notifications on other macOS or iOS systems. Have it available in Find My.
That’s already being phished despite being in Find My. A local iPhone users Facebook group here regularly gets posts of “I lost my iPhone and then got a text from Apple to find it by clicking this link, should I?”, text sent by the thieves.
Adding a similar real interface (even if delivered by Find My and not texts) would just make phishing more successful. That’s why Apple Support/2FA prompts are verbose popups on every device you own at the same time.
So the answer to thwarting crime is just to have every device lucked and make the machines completely useless? Which just indirectly makes transferring the device to legitimate next owners harder?
I get it, people are conditioned to vendor lock in because of cell phones. In reality it's incredibly wasteful. I'm still not convinced the current way of doing things is best for the consumer.
It makes transferring the device to a new owner slightly harder. But it takes two minutes to remove the activation lock. If the trade-off is protecting owner privacy/disincentivizing thieves and forcing sellers to make a two-minute config chance, it think it's worthwhile.
How completely useless? If you bought a locked phone (Android included!) or Apple device from someone, you just ask them to remove & unlock it. At worst they recover their Apple ID and then remove it. Otherwise, you get your money back (almost sure a court will side with you if necessary).
That only works for people who have another Apple device. A lot of people just own one Apple device – their phone. So you would have to send out an email for this to work, in the general case.
Apple has no problem building features assuming people have more than one Apple device. Hell, AirPods can't update unless someone has an iPhone.
We're talking about a proposal that you are putting forward as a good idea. I pointed out that the proposal won't work for users who have only one Apple device. You've responded by suggesting that Apple wouldn't care. Well, maybe they wouldn't – I don't know – but don't you care? If so, how would you solve the problem?
No, I don't care. If an Apple user signs up for Find My on their laptop, then their laptop is stolen and they don't try to use Find My to recover it... I don't know man. It's a "we've tried nothing and we're all out of ideas" situation. Meanwhile it provides the benefit where if you're sold a machine and the original seller can't be contacted to unlock it, it gets automatically unlocked some timespan later. It's not perfect, but it's better than the current situation.
I guess at some point this is a subjective value judgment that's not worth arguing about, but help me to understand this. If you bought an Apple laptop, would you be more worried about (a) the laptop being stolen, or (b) an indirect recipient of the laptop being unable to use it because they couldn't contact you in order to unlock it? For me it's pretty clearly (a). If I want to sell the laptop, I can easily reset it and do so. If you think about it from the point of view of Apple customers (which is hopefully what Apple is doing), then the choice is pretty clear.
As someone with a single apple device (laptop) that's not really an option, is it?
In light of all possible e-waste, and waste, this pales in comparison while giving the users a lot of power. In my opinion, it is an acceptable trade off.
Alternatively, the machines can become donor boards instead of e-waste.
Compared to the ecological impact of industries around the world dumping far worse directly into the environment, the desire for people to not want their expensive device stolen and resold is not a contributing factor.
The reduction in iPhone theft after activation lock was remarkable in the Bay Area. Did the person writing the article confirm none of these were stolen?
Owners can now remove devices via web site I think. So if folks are saying these are just broken, have owner turn off activation lock
Typical clickbait title, my main takeaway was; this security actually works that well? Sign me up.
Give the original owner 30 days and if no response unlock it and let the thieves win? Uh, no I don't think so. It's not a far stretch to think everything got stolen and the owner is now locked out of their complete digital life.
> the owner is now locked out of their complete digital life.
Everything what? Do laptop theves also usually steal your sticky note with password?
Losing a phone is more serious than a laptop for most people in a world of enforced 2fa.
And it really isn't that far fetched that both your phone and laptop got stolen. Maybe they were in the same bag etc.
> Owners can now remove devices via web site I think. So if folks are saying these are just broken, have owner turn off activation lock
For this to work and for the device to _see_ that it has been removed from an account requires that even in it's locked that it must be able to start up and allow the person with physical access to at least configure some network details right?
Yes, but this makes perfect sense as activation lock only comes into play when the device is working. So when you go to reset the device it checks activation lock during install.
> Owners can now remove devices via web site I think. So if folks are saying these are just broken, have owner turn off activation lock
I expect that some means to "phone home" is required. I just had to spend an hour on the phone with Asurion to avoid a $300 fee for returning an iPhone for warranty replacement where the Activation Lock wouldn't turn off despite removing the device via the web site.
I don’t think asurion spends the time to do the reset flow if the lock is showing as on. In most cases users don’t turn off lock after the fact. I thought reset flow was needed to get network connectivity back which is needed to check lock status.
I think you used to be able to run stolen phones back through insurance claims as broken but I think that has stopped being possible as they take a harder line.
On my call, the rep put me on hold for a few minutes and came back saying that they could verify I'd removed the device, even though the activation screen was showing. It may have also just them giving me a freebie since I've been paying them for well over a decade.
I'm not saying they can't figure it out, but there is a lot of repair flow stuff that may not do that because if the person didn't unlock before mailing not that many will unlock after mailing? Or even know how to?
Find My relies on BLE and other devices in that mesh network to transmit location (and “make sound” requests) in case the device is offline/soft-off, maybe Activation Lock has a similar implementation? Find My just hangs onto a cryptographic proof to disable Activation Lock and other devices around it deliver it in case there’s no internet connectivity.
There's a lot of evidence to support this but it's not without problems.
Now a common scam is for someone to sell an iPhone and then report it stolen, getting a new one on insurance and pocketing the sale.
This is still an overall better situation of course.
Apple is explicit about making sure lock is off when buying - and at least apple won’t pay out on an unlocked phone reported “stolen”. But yes - the scams migrate.
Stolen product still had some value via bogus warranty claims because that process didn’t always cross check lock status because item was “broken” or wouldn’t turn on and apple doesn’t always put serial number externally visible. If person fixed laptop they’d find it was locked. All that has tightened up I think?
I nevertheless had my M2 MacBook stolen on BART in San Francisco last month. This wouldn't have happened if it were universally understood that stolen MacBooks are worthless. My interaction went smoothly, but this could have gone badly.
If all buyers checked that the activation lock was disabled before sale, we wouldn't be having this discussion. I prefer the reduction in crime that activation lock promises.
If you were around when phone theft was a thing on BART and Muni you'd never sit near a door again :) It was comical how bad it was and how little the govt did about it other than demand apple fix the issue. Would have been trivial to have an undercover cop on their phone near a door all day - they'd have caught tons of criminals.
That said, at least for phones activation lock was game changing. Not sure about laptops, maybe they can't ID them or fewer activate lock or there is a way to use them in a claim scam (ie, damage and "return" laptops while reselling the real one?)
and in a decade? What if apple no longer maintains this system? Will all these m-series macs be bricks if they change hands for free or are legitimately recycled?
From other comments, it appears that this is not the case in London. But it appears that stolen iPhones in that city get shipped to China in large enough scale that someone is making a profit.
On Apple website, remove devices is not the same as remove deactivation lock.
Yes it is. Erasing & removing it from Find My on the website[1] removes activation lock.
1: https://support.apple.com/en-gb/HT201351
Feh, and if I choose not to use My Find, how does that help me?
That's the most complex set of steps to disowning the Apple.
Then your devices still appear in the Find My app but have no location data associated.
Looks like some of these "broken" notebooks are actually stolen notebooks. If you buy online, you can contact the seller to solve the issue. It is actually the point of the feature. If someone knows they could not do anything with the device, they will not steal it (same with new phones).
> Apple encourages owners of older devices to participate in the company’s trade-in program
Which is a pretty bad program, reusing is always better than recycling. Apple will just scrap it into basic elements: metals, maybe lithium.
I think that’s exactly what is going on here. If you’re a third party reseller who buys used Macs for resale then you need to have the original owner turn off Find My Mac so you can wipe the machine. If the person bringing the machine in for resale isn’t the original owner then, well, it may be stolen.
It may. Or it may not be. The default assumption that it's stolen causes a lot of needless waste. And frankly, even if it is stolen, is it really in the best interests of society to effectively destroy such a large investment of time and raw materials as a Macbook? One cannot but help noticing that this policy, like many of Apple's "for your own good" policies, are awfully convenient for Apple's bottom line.
There are so many ways this could be resolved without destroying working equipment. Apple presumably knows who the registered owner is - they could be contacted. They could be unlocked at Apple stores, with various details taken to facilitate any potential theft investigation.
> even if it is stolen, is it really in the best interests of society
When laws were passed to require Apple to enable the feature by default on it's phones, society certainly seemed to think it was in everyone's best interests.
>The temptation of a smartphone for a thief is dropping, thanks to Apple’s decision to implement a remote kill switch via Find My Phone that can erase and disable a phone once it’s been stolen or gone missing. A new report from Reuters found that iPhone theft dropped by 50 percent in London, 40 percent in San Francisco and 25 percent in New York. The drops represent theft activity as measured during the 12 months following Apple’s introduction of the remote locking feature in September 2013 as part of iOS 7. With iOS 8, Apple made its so-called said “kill switch” active by default, in accordance with California regulation, and that should help the rates of theft continue to trend downwards.
https://techcrunch.com/2015/02/11/apples-activation-lock-lea...
> The default assumption that it's stolen causes a lot of needless waste.
We're talking about 2-year-old M1 macbooks [1], some of which are worth $1000 unlocked and approximately $0 locked.
Even with broken screens etc, the owner can unlock them online. Large institutional owners like schools can get them unlocked in bulk through device management. And even if the institutional owners messed up the device registration and it's been locked to a fired employee's personal account, Apple can unlock them using the original sales records.
In the absence of theft, it's difficult to imagine why the owner would be refusing to unlock the device, given they could share $1000 of value with the recycler. There aren't that many macbooks being repossessed by bailiffs.
But if the devices have been stolen? That easily explains what is otherwise mysterious.
[1] https://www.vice.com/en/article/xgybq7/apple-macbook-activat...
> In the absence of theft, it's difficult to imagine why the owner would be refusing to unlock the device,
It's generally not the owner refusing to unlock. It's the owner not being able to work out how to do it. Forgetting or not knowing they needed to do it. And/or not being contactable.
So these recyclers have records so thorough they're completely sure these laptops aren't stolen, and yet so incomplete they can't contact the owners at all?
Even when hundreds of dollars is at stake, which could surely pay for a few hours of phone calls walking people through the unlock procedure?
If you believe that, I've got a bridge to sell you.
Why is the burden of proof on the resellers to show that the devices have not been stolen? Imagine if any other product worked this way. Trying to sell a classic guitar? Can't show a paper trail proving continuous legal ownership back to the manufacturer? The cops show up and throw it on a bonfire. Now imagine that it's not even the cops, but private security hired by the manufacturer, following nothing more than the manufacturer's own policy. Oh, and the manufacturer naturally has all the paperwork of all the past owners - they made sure of that with this policy - but they won't bother to check it. Nope. Straight on the bonfire.
> Imagine if any other product worked this way.
What, like cars?
Cars aren’t scrapped if ownership can’t be proven.
More regarding proving ownership. You can't get registration for a car you don't have the title to.
Anyway, doesn't Apple refurbish devices? Will they not accept these devices back?
They accept them, but the “refurbishment” consists of dismantling them for parts/scrap material. They won’t unlock them.
What if neither side of the sale has the technical competence to do this?
Tech recyclers absolutely do. It's pretty much their entire business model to turn disposed devices into something they can resell.
Then they have no reason to be in the used computer business.
Who said anything about businesses? Hugh swathes of the used tech market are peer to peer sales on craigslist, facebook market, the literal village noticeboard, etc.
The original story is about large scale recyclers complaining about bulk bricked machines. If you buy a used MacBook on Craigslist then it’s on you to make sure the seller properly transfers ownership to you. Same as buying a house or a car. Buyer beware!
The difference here is that if this doesn't happen properly for some reason then the device is permanently bricked and must be scrapped. That doesn't happen with houses or cars, and it's incredibly wasteful.
What if the previous owner lost their account, is not reachable, or died?
Ideally you should be able to take such a locked device to some official place, like a town hall, and they should be able to look up the previous owner. If they are deceased or they confirm that they no longer want the device, then after checking IDs and so on that office should be able to start the process to unlock the device. (That same department could give you recourse if your house burns down and you loose all your digital accounts, or you are locked out of Google unfairly.) Our civil institutions have not really kept up with technology here.
Edit: Of course I wouldn't give government the capability to decrypt anybodys device or something! Just have an organisation that's purpose is to clarify ownership, and wipe and reuse devices so they don't end up as in a landfill. I don't really trust the vendor alone to optimize for reusing used devices.
No, this shouldn’t be the case at all. Set this up with your family members if you want this to happen when you die. Give them your 1Password login and recovery keys or something.
I do not want anyone, least of all city hall to be able to unlock my stuff under any circumstance, including the one where I’m dead.
We already have something similar with bicycle registrations, and of course with cars (titles).
There should be a big cerimonial thing where I go to a place with a sworn in official, show my ID, and say "I hereby lock down this device for all time with the power of cryptography" so that nobody can use it as long as I'm considered the legitimate owner.
OK I'm exaggerating. But the problem is real. If you buy a second hand device this can happen, or if you have a company and a previous employee doesn't unlock it for some reason. Yeah, ideally you should have documentation of an unbroken chain of ownership and should be able to go to Apple. But in reality that doesn't happen, and I think Apple isn't the best custodian for this. They don't have an incentive to reduce the number of thrown away producs. (To be clear, I wouldn't trust current governments either! But conceptually, this function belongs in the civil area and not in private hand.)
> if you have a company and a previous employee doesn't unlock it for some reason
When you buy an Apple computer as a company you should enroll it with MDM.
MDM bypasses this issue completely, you can remotely wipe and re-use a computer if it's signed to a companies MDM.
> If you buy a second hand device this can happen
If you buy a second hand device and this happens you bring it back to whom you bought it from and ask it to be unlocked or your money back. Same as if it does just not turn on.
> if you have a company and a previous employee doesn't unlock it for some reason
You put it into the offboarding process to check this. If it is missed or can’t be done for some reason you take it to Apple with proof of purchase and they unlock it for you.
> But in reality that doesn't happen
Yeah. Like for example you fenced a laptop from a shady guy.
> I do not want anyone, least of all city hall to be able to unlock my stuff under any circumstance, including the one where I’m dead.
Why do you think anyone here is talking about decrypting your data? What's being discussed is wiping the devices and making them usable by someone else.
Because GP uses “unlock your device” (ambiguous) immediately adjacent to “also unlock your accounts on other services” (unambiguously about accessing your data).
I have no intention of trusting our civil institutions with access to my private data. In fact, as a citizen of the United States I would like to see the Fourth Amendment of the Constitution more widely held to prohibit our civil institutions from having access to my private data. I do not believe that I am secure in my papers and effects from unreasonable searches and seizures if our civil institutions have the power to lock or unlock my devices and accounts.
If you support either popular option for political parties in the United States, you're already trusting them with access to various parts of your private data. That is simply unavoidable in the modern world, unless you never use anything but cash, never connect to the internet other than through Tails on a burner PC, and never make use of any government services whatsoever. Paying taxes? They've got your info. Got a drivers license? They've got your info.
If you don't think both the Democrats and Republicans would love nothing more than a few easily-squeezable companies being the clearinghouse for everyone's data, then you're exhibiting some quite hard cognitive dissonance. There are already companies in existence with the sole focus being to funnel your data to anyone who asks, including the government.
That’s not what’s being proposed at all: Apple clearing the activation lock doesn’t give you the previous owner’s encryption key. It does let you wipe it and generate your own key.
The GP also specifically proposes some institution which can grant you access to your Google account if you are locked out "unfairly." Besides the weasel word "unfairly," that means the government gets to determine who can access your Google account. Adding in "unfairly" implies that your access to digital accounts depends on a politician's notion of what it means to "fairly" lock you out of an account, and I guarantee you that, in the fullness of time, that will come to include political dissidence.
> that means the government gets to determine who can access your Google account
This is already the case legally: if you lose a court case, Google will follow a legal order to turn something over to the winner. If you're suspected of some kind of crime, Google will follow a legal order granting the relevant authorities access to something like your Gmail messages.
It's also important to remember that this is a real problem affecting a lot of people: ask anyone who deals with the larger public and you'll hear that it's not uncommon for people to change email addresses after getting locked out of their old one, and that problem disproportionately affects certain groups of people (e.g. the elderly).
What would make sense in this regard is something similar to what Apple does where you can optionally set up a legacy contact who is allowed to initiate a password reset, presumably with time delays and notifications (“your password will be reset in 3 days unless you deny this request”). Imagine an option where you could do something like go to the local public library, DMV, police station, notary, etc. and they could basically login to a special Google form to attest that they did a full photo ID validation to confirm that your ID matched the ID registered to an account. That would be useful for thousands of people and if you made it optional, people who are especially worried about their government could choose not to enable it.
I'd imagine the potential number of estate sales is far less than the potential number of stolen products.
I wonder if there's any organized crime groups that have tried to get someone hired into Apple support for unlocking these things.
If you can prove you legally obtained the locked apple device, apple can unlock it for you. So this is a solved problem
Being given an old MacBook (by the original owner) is legal, but if you don't have a receipt Apple won't do a thing...
That original owner can simply remove the macbook from their appleid and the whole thing is solved, even if the macbook is already in your hands.
What is it with HN and blind faith in delegating literally everything to the state?
Because delegating it to the manufacturer produces a conflict of interest (said manufacturer can't be bothered to unlock a device which is legally yours, prefers to sell a new one). Registering possessions (house, land, cars etc) is already a task of the state so it would fit there.
The state is already in charge of arbitrating ownership. It has to be.
So why not use that to reduce bricking?
I’m not handing the keys to my digital life to a politician
Your car is also registered by the state, but you don't have to give your keys to a politician.
> Ideally you should be able to take such a locked device to some official place, like a town hall, and they should be able to look up the previous owner.
Local governments struggle to provide basic services like roads, emergency services, and utilities. Offering a product registration service for Apple devices is so low on anyone's priorities that it might as well be in a different universe.
> Apple will just scrap…
False: for just one counterexample, Apple employees receive refurbs from trade-in as work machines. (Source: First hand experience of years).
To be honest, I really like that policy: a software developer using a machine which is a couple of years old isn’t going to be as cavalier about performance and the hardware engineers would get a good idea about durability issues.
cool, in this case. OK, they have refurbs on their site: https://www.apple.com/shop/refurbished Though something like 2015 year models are not listed.
> Which is a pretty bad program, reusing is always better than recycling. Apple will just scrap it into basic elements: metals, maybe lithium.
They have a refurbished program so they definitely don't just scrap devices you trade in. Maybe they even scrap some devices for parts. In the server space this is normal. HP would regularly send us refurbished replacement parts for repairs (this is also one of the reason why they want the replaced parts back).
Louis Rossmann says they shred them and recycle the raw materials so that nobody can resell for repair.
Louis Rossman built a business/cult around criticising everything Apple does for exposure and is not a credible source of unbiased information about Apple's policies.
https://www.vice.com/en/article/yp73jw/apple-recycling-iphon...
> Apple rejects current industry best practices by forcing the recyclers it works with to shred iPhones and MacBooks so they cannot be repaired or reused—instead, they are turned into tiny shards of metal and glass.
Yeah I never argued that they don’t shred some of the devices. They probably refurbish part of the returns, take parts they need and shred the rest.
This is also what’s written on the agreement in the screenshot of this article but they don’t mention it in the article.
I don’t live in the US but in Switzerland you have to get the customers approval to refurbish and sell hardware that you take back from customers. This is probably similar in the US.
The thing is that the ones who steal are going to steal them anyway, even with the locks and sell them for parts. It won't really prevent theft but would only increase ewaste.
Are you sure? Seems like the market for spare parts would be saturated pretty quickly and the incentive to thieves would be reduced.
selling something for parts (which implies it will be used to repair other devices) does not sound ewaste-y so me
They don’t, though. As cited in the last discussion about this, the theft rate for Apple devices is much lower than ones which are usable by criminals.
Many parts of new devices are serial number locked or soldered (or both). Makes the repairs hard though.
> If you’re selling a device, you can’t just wipe out the drive and reinstall the operating system.
Yeah. Sure. You can’t wipe the drive on an M1 and have the machine still boot. Reinstalling the OS doesn’t erase the data volume.
You have to use Erase All Content and Settings. Apple documents the process pretty clearly.
https://support.apple.com/en-us/HT212749
And, even more directly, "What to do before you sell, give away, or trade in your Mac": https://support.apple.com/en-us/HT201065
...but if you forget to do that stuff, the Mac will indeed be unusable by the purchaser.
The interesting part about all of this to me is that this has been no-win for Apple.
When they didn't have measures like this on the iPhone and Mac, they were lambasted by local police and DAs for not doing anything about theft.
Now they have it, and it's causing otherwise useful devices to be rendered useless. There's going to have to be a very finely-crafted compromise to be usable, enable reselling when the original owner has forgotten or is unable to do things, and prevents theft. They've made some strides towards this but cases where MDM devices are liquidated but not de-enrolled are still problematic.
That's not no-win. There's plenty of praise going around when the system works.
"win" can't be zero criticism, that's way too high of a bar.
> they were lambasted by local police and DAs for not doing anything about theft.
No, they weren't, they just want you to think they were. They're not special vs other computer manufacturers in this context.
> and it's causing otherwise useful devices to be rendered useless
This is a win for them. They don't want you reselling devices, they want you to throw your old devices in the trash and buy brand new ones.
I still remember the NPR interviews with SF police, district attorneys, etc.
It was a massive campaign by New York City, SF, and other officials in the media to say Apple was not doing enough about theft and it was causing petty and violent crime.
https://www.theverge.com/2013/5/13/4326690/new-york-smartpho...
https://www.macrumors.com/2013/06/13/state-and-city-official...
How about inheriting a device?
As in a family member dies?
https://support.apple.com/en-us/HT208510
When I worked at Apple, I had used an iPad for testing. I ended up also creating an icloud test-account for it. Some year or so later I got an email from another employee within Apple (who now had the device) asking that I sign out of the device so they could wipe it. Wow, I couldn't remember my iCloud test-account password. I was surprised there wasn't some low-level way to just wipe the device. (I did eventually guess the account password.)
You can always wipe via putting it in restore mode, but if it's activation locked, you won't be able to get past setup unless you have the password. This prevents theft even if the thief knows how to hold the buttons in the right order to restore the device to factory settings.
Yeah, I assumed there was a restore mode. But honestly, it changes so much from generation to generation that I have stopped trying to keep track of what you can/can't do with iHardware.
Recovery mode is still relatively easy, it's DFU mode that has been vastly complicated. It seems the timing has to be just right since it took me about 30 minutes of trying to get my 12 in DFU mode due to something that wasn't going away from a regular recovery mode ipsw restore.
The original vice article had a key fact that is missing from the macworld article.
The issue is the laptops are received by recyclers in an ill-gotten manner.
Companies were sending thousands of laptops to be destroyed and instead the ended up in recyclers who are attempting to wipe and then resell them, which is why recyclers could not get the original legal owners to remove the activation lock.
If the recycler had an agreement to wipe and reuse the machines, and the activation lock prevented it, then those thousands of machines should be shipped back to the company to dispose of, along with a bill for the shipping cost, and time.
The original Vice article[1] makes no such claim. I'm assuming you drew that conclusion from the following quote:
> Often the previous owners are corporations or schools who buy and sell the machines in bulk and aren't interested in helping recyclers or refurbishers unlock them. "Previous owners do not return phone calls, and large corporations that dump 3000 machines assume they have been destroyed, so it is critical we have a solution that does not depend on the previous owner approving,” Bumstead said.
But if you check his website[1], the terms of sale make it clear that devices are intended for resale:
> Although RDKL, Inc., always attempts to erase hard drives and remove personal data before a device is sold to another party, RDKL, Inc., cannot guarantee that all traces of the seller's identity have been permanently removed, and it is therefore the seller's responsibility to remove personal data from a device before selling it to RDKL, Inc.
Why would he pay for devices that he would be contractually obligated to destroy, at his own expense?
[1] https://www.vice.com/en/article/xgybq7/apple-macbook-activat...
[2] https://www.rdklinc.com/sell-terms
Yes, I inferred that by having machines that were thought to be destroyed, the PC refurbisher got them in violation of an agreement.
> Why would he pay for devices that he would be contractually obligated to destroy, at his own expense?
That assumes RDKL was the original service provider chosen to destroy the macbooks; it's also probable that RDKL purchased those dumped machines from another service provider, the latter collecting not only the fee to destroy the machine but revenue for reselling usable machines.
Sounds like they are using the concern for recycling to mask their frustration with Apple's Activation Lock making stolen goods worthless. If they obtained the laptops legitimately, they would have known better to remove the devices from user's accounts before accepting them.
Regarding Find My Mac and the various locks that can cause. Does anyone have advice on a business case for this? I'm planning on switching our staff over to MacBooks this year and would love to understand the pros and cons of users using their own Apple ID versus a company provided one. We work remotely, so that could possibly complicate things. The last thing I need is a former staff member setting up Find My Mac and locking it to their Apple ID then leaving the company.
I believe your MDM solution should be able to set up a corporate bypass for this as well as allow you to remotely locate the device:
https://docs.jamf.com/jamf- now/documentation/Using_Activation_Lock_Bypass.html
Another approach is to just let employees keep or buy out their laptop when they leave as a benefit. The cost of a MacBook isn't that huge relative to a tech salary.
Data privacy and security policies can’t let ex-employees just walk off with devices containing company data.
A neat feature Apple could maybe add is the ability for the user to have their device wiped in a way that generates a suitable certificate of destruction.
MDM allows you to remotely wipe laptop and you get confirmation that laptop was wiped. If you are a business with more than 2 people and provide laptops to employees, not enabling MDM is just negligence. Lots of inexpensive MDM services for all sizes of businesses.
In this case we're a non-profit funded by grant dollars. So, we're spending a good chunk of cash on hardware relative to what many do primarily because I want quality products for our staff and I'd like it to be reliable and secure. I don't think buying it out will be a possibility, but perhaps. Always a discussion. We would definitely need to find a way to validate wiping the device though. Nothing we have is... that sensitive but I'd like to make sure they aren't walking away with user data.
I assumed MDM might do something here but wasn't 100% positive.
This is one of the reasons we've switched over to an MDM solution. If you set it up correctly, the MDM can unlock the Mac, regardless of the apple ID used.
We use macs at my job, there is MDM software available. It's clearly tagged with a sticker on the back, which I assume goes back to some entry in the MDM software, and even though I use a personal Apple ID (I created a new one for this purpose but same end effect) I have no doubt they could press a button to brick the machine until it makes its way back to them if they really had to.
Awesome, that is probably the direction I need to head then. I have another company doing the general infrastructure, but I get to be the one deciding the rules. Trying to find the right balance between giving people a little freedom but not so much they hang me, or the company.
Where I live, e-waste recycling is very (over)regulated, so I can see a way out of this problem that doesn't take away from the unprofitability of stealing Apple devices. If Apple allows officially-registered e-waste recyclers (which can't pay more than scrap value for devices) to send unlock requests, they can then sell them on, but thieves won't get anything out of it, barring some grand e-waste conspiracy.
I personally don't like this system, I don't want any third party to have this kind of control over my device, but I have to admit that it's a system that works today and does its job, and with one small-ish tweak it could be even better.
> but thieves won't get anything out of it, barring some grand e-waste conspiracy.
A conspiracy isn't required for this to increase theft. Recyclers could start advertising maybe $50-100 per Macbook if they can guarantee they'll be able to sell each mac people bring in. Next thing you know, people start stealing more of them since there's now a middleman that pays out enough per device and doesn't ask questions like "did you steal these" or "why are all of the Apple IDs different". The only way this would work is if the program had the e-waste centers submit a photo ID of the person that brought the product to match against the current Apple ID name and address.
That's true, but if e-waste recycling is regulated (by the government or a private entity) so that the recyclers can't pay more than scrap value, that would require a conspiracy of the recycler and a third party.
Or, you know, people can remove the Find My before they sell it. Because any other loophole will be taken advantaged of.
I once factory reset my Google Nexus 6 and sold it on eBay only to find out they needed my credentials!
For a time, before factory resetting, you needed to remove your account from the phone. I had no idea.
I found a pair of AirPods a while back and wanted to return them to their owner. They must be associated with an Apple ID, so I reached out to Apple and asked if they’d help me get in touch. They said no, and advised me to file a police report.
I wonder why they have this policy? They have all the necessary information to facilitate a conversation. Heck, with services like Hide My Email, they could even keep the identities of each party private.
Is it hard to imagine the thief themselves using this to extort someone if they want their airpods back, or use that contact info to phish the owner for their Apple ID password?
Nah, AirPods can’t be forcibly activation locked. So, yes, they can be taken and used by someone else. (But they’re a low cost item.)
Anyway, Apple has decided there are only two ways to determine the owner:
1. Find My Activation Lock
2. Original Proof of Purchase
Owners need to unlink their device before sale, and buyers need to verify that before purchase. This is not Apple's problem to serve.
Last time I bought an used Apple device i checked icloud/activation lock with the seller before paying for it. Guess that's what the resellers should do as well. If it's done remotely, just pay after verifying or refuse to buy.
Of course that cuts into their profit margins but it's not like used Apple thingies are particularly cheap...
Activation lock can be disabled with find my on another device sharing the iCloud account, can’t it? So are these repair shops not even calling old trade in contacts to request removing the device? Because it’s stolen or something?
>which means that the second owner needs to be able to work with the original owner to get the request fulfilled. In some instances, that’s difficult or impossible to do.
Good. Let’s not pretend that theft isn’t a problem.
Or, maybe all those Macs were actually stolen..
This is also institutions using them wrong. You're supposed to enroll these things into DEP, which is annoying to shut up (boot into recovery, enable rw on system partition, block deviceenrollment.apple.com via hosts, turn system integrity back on), but at worst the user will be asked to enroll their device every 4 hours.
I just bought a second hand Mac which is due to arrive and am worried about this.
If I set up the device with my Apple ID and enable Find My, is there any way for the original owner to lock me out afterwards even after I’ve associated the device with my own Apple ID?
Wouldn’t that cause more electronic waste?
This seems like an intentional feature to sell more MacBooks.
just think about all those poor kids around the world who couldn't afford a school laptop.
This is a feature not a bug.
“millions”, huh? I see hyperbole like this and I just skip the article and move on.
TL;DR: Apple M1 MacBook have near-zero resale value.
[dead]
No surprise to see the majority on this website defending Apple's production of massive amounts of e-waste for the sake of "security and privacy" because that's that the marketing tells them and they don't actually understand the topic at all.
Less security (a small-time attacker isn't going to break the encryption) and more reduction/prevention of theft. These Macs end up in recycling centers because thieves know they'll get banned/a strike from eBay if they sell an activation locked device to a customer and that customer complains to the site, so the recycling centers end up being the ones trying to resell/reuse the devices only when most of the ones they get are from thieves (or, as it turns out, IT departments that don't disassociate MDM).
It's not "massive amounts of e-waste". There are a couple cases to consider.
1. Individual sales of used devices to individual buyers.
You only get e-waste in this case if (a) the seller doesn't realize they need to unlock the device first, and (b) they buyer doesn't realize that the device needs to be unlocked by the seller, and (c) once the buyer receives the device and notices it needs to be unlocked (which they will notice the first time they try to use it) the buyer cannot make an arrangement with the seller to unlock it.
This should be very rare, because even if the seller doesn't realize the device is locked they are probably going to realize that they have plenty of personal data on it they need to erase first, and are going to Google something like "wipe Mac before selling" or "erase Mac before selling" and the first result is going to be Apple's "What to do before you sell, give away, or trade in your Mac" article.
2. Sales to entities that deal in used computers.
Similar analysis to #1, except in this case the buyer definitely should know about how locking works and the need to ensure that the seller unlocks it. If the seller cannot ensure it is unlocked the buyer should offer a lot less money.
The difference in value between an unlocked device and a locked one is large, so the seller should be willing to unlock it.
We should then only get e-waste in the case where the seller cannot unlock it.
If the seller cannot unlock it because they legitimately owned it but somehow forgot the necessary credentials, they can get Apple to unlock it if they can show Apple proof of legitimate ownership. Corporate sellers tend to keep purchase records for these kind of things so this should be no problem. Individual owners often don't keep such records, but the number of individuals selling used Apple devices who have forgotten their credentials is very likely quite low.
Would you like to elaborate on the security and privacy aspect? Otherwise you are dunking on folks without a substantive argument.
As others pointed out, most likely stolen, although one legitimate case would be computers from a bankruptcy where the IT department was laid off and did not wipe the machines.
It would be good for Apple to have a bounty program to take the machines back and reunite them with the owner, possibly paying a reward to the finder. If the finder is the thief, they'd be taking a big risk of being fingered and arrested.
I saw someone on Tiktok complaining about this and they said that the laptops came from a company.
But the iCloud lock very clearly showed an @outlook.com email address, which would be absolutely bizarre for a company that's recycling a bundle of 50 or so laptops.
You'd be surprised at the amount of companies that cheap out on MDM solutions - it's easier to keep track of a bunch of outlook icloud accounts than it is to get a mac and set up MDM to some companies.
Not saying it's right, but it's been done before - likely because you have an IT department that's exclusively Windows-based and you have a creative department that wants all Apple products... Either ignorance, cheapness, or unwillingness to learn.