I'm glad this person won the lawsuit though; getting your nudes leaked is a really shitty situation to be in. Apple needs to do a better job vetting their repair shops.
Yes, this sucks hard.
Only ones actually using fully open source tools are Google's Pixel lineup.
But none, not even Pixel, allow for anything resembling actual "recovery" for common failure modes. Dead display at least for Samsung and Pixel means you have to install a new display if you want to access the data, otherwise it won't even pass the first bootloader stage, much less boot into the OS or unlock the encryption. Something gone corrupt with the OS? Same case. If you can't manage to boot at least to the Android Safe Mode, you're out of luck. And no HW self-test at all.
But also civil penalties that would mean closing repair shops that don't work ethically.
On the one hand, that's a privacy violation. On the other hand, what did people expect when they brought their film in for processing---that nobody would see the photos? My guess is that a lot of them had an exhibitionist thing going on.
(That expectation is even compatible with exhibitionism! "The photo tech will see my nudes. That's kind of cool! Of course, he wouldn't make extra copies because that would be unprofessional, maybe illegal.")
TLDR:
Researchers visited 11 service providers in Canada to replace a laptop battery. 10 out of 11 service providers requested OS passwords, 8 stored the password in their database and 5 printed the password on a sticky note and attached it to the device. In the second part of the study, the researchers prepared laptops with an easy-to-fix problem, some revealing pictures on the disk and custom logging software. In 6 out of 16 cases, the photos were opened and viewed and in 2 cases, logs were missing.
On other side, as a technician, how retarded you must be to have access to all this data and to take nudes and post them online. Like whats the end game? What sort of outcome do you expect?
This is just like the story that happened few weeks ago, when someone gained access to a popular npm packages and uploaded the most obviously visible crypto stealer.
The thing about stupid people is they don’t know they’re stupid. They are either wholly delusional about the legality, morality, or consequences or they reason that because they couldn’t catch themselves there is no way anyone else could catch them.
Customers should be able to choose where to repair their device, or even be able to repair it themselves. Just because it's an "official" repair shop doesn't mean its the best and the safest. Louis Rossmann has been saying this for years.
But I should mention, I was in the middle of writing a comment along the lines of "apple really needs to add a repair mode to iOS" before going to look it up and realizing that it's actually been there since iOS 17.
For me this highlights another issue with iOS which is it has many awesome features that you just won't know about unless you're a techie that keeps up with the news. One great example is the "hidden folder" feature that allows you to hide sensitive apps in an unmarked folder that when set to it's most secure setting, can only be opened with FaceID and no passcode backup. Along with some other features like preventing the app from showing up in your app switcher.
This is a genius feature but I see very few people with it enabled, mostly because they just don't know it's a thing. Something like this should be front and center when you first setup your device but instead it's a feature so buried that I had to lookup a guide on how to enable it.
And repair mode is equally buried, I had to lookup a guide on how to enable it as well. IMHO Apple really needs to tweak iOS to better surface these features.
So it can easily be opened by someone who restrains you and holds your phone in front of your face then?
Although to be fair, they might just switch to a pistol at that point. After all, you are no longer useful once the data has gone.
Holding the side button + volume button together until you see the power-off slider also temporarily disables Face ID / Touch ID, requiring the device passcode for unlocking.
You can also set your phone to erase after ten failed passcodes.
- He was at a bar and got to talking to one girl.
- There was another girl watching him and his phone and figured out his passcode. The bar was dimly lit so FaceID didn't always work and at some point he entered his passcode and she saw.
- They all left to "go back to their place" and in the process the girls stole his phone.
- Mid ride they kicked him out of the Uber.
- He goes home and realized his bank accounts have all been cleaned out via Venmo and CashApp.
Had those apps been inside the "secure folder", they would have not been able to access them and thus would not have been able to clean him out like they did.
I don’t think the dark stops Face ID. It works fine in total darkness.
[2]: https://daringfireball.net/2022/06/require_a_passcode_to_unl...
Probably the single most useful hidden feature, valuable to parents everywhere, is “Guided Access” mode available through accessibility settings.
It lets you lock the screen to a single app or disable touch entirely (or even by custom region), so that you can hand your device to a kid without worrying they will delete your photos.
They never even really promoted this features in their news updates.
It also makes the app come up immediately when your turn on the screen, so it's in front of the lock screen basically (but you can only access that particular app). It's good for showing someone a specific app. I also use it for instant access to my train ticket (QR code on screen on the train company's app). The iOS version sounds better though.
IMO the feature shouldn’t even be in Find My because it’s not really related to finding your phone or activation locking/unlocking it.
It’s a perfect example of a feature being surfaced exactly as it should be, when needed. Quite a bit of mental gymnastics to twist that into being an ‘issue’.
Now that I know it's a feature, I won't suggest that for iPhone users as backup+restore just sucks. (I know restore is easy, but bank apps, Signal, etc don't get backed up, so it is an annoyance)
Why isn't showing the user how to enable "repair mode" one of the first things the "genius" does if such a feature exists? In the same spirit as us turning away when a user enters their password.
Date Apple announced self-repair kits program: November 17, 2021
I had been wondering what inspired that program — sure, it’s a good idea, but it’s an odd investment for a corporation. Three months is about their usual turnaround from “okay, this is humiliating” to “okay, we’ve announced our intent to fix”. Thanks, Vice!
The EU legislating ‘right to repair’. It has been in the works for a fair while.
https://appleinsider.com/articles/24/04/24/apple-wont-have-t...
People would come back and thank us for sending them to Apple.
They even honored them out of warranty due to the lawsuit they faced with Nvidia over the solder failures.
I never heard of any actions to take after the second failure, shame. Was that also valid in the EU?
Whole thing did leave me a bit sour about Apple tbh, it was my last macbook.
The settlement was in the US, so that is probably why it didn't apply in the EU. Kind of surprising really.
I don't blame you for being upset, the fact that neither party could come to an agreement and left consumers to pound sand was terrible. Apple should have just replaced them while the lawsuit was pending.
Discussion at the time: https://news.ycombinator.com/item?id=27422449
vinni2•4mo ago
tialaramex•4mo ago
nashashmi•4mo ago
LeonB•4mo ago
Indeed, there were some settings that needed to be set, to ”help” the new screen.
Having said that — I’ve previously documented a case (well over 10 years ago) where I caught a local PC repair company who used their access to a machine of mine they were repairing - to quickly scan through the thumbnails of our personal photos, and look closer at any image which showed any flesh.
People expect to be trusted but don’t act in a trustworthy manner.
mattmaroon•4mo ago
maccard•4mo ago
I don’t think I ever had a single person say no to the pin but we did have plenty of people wipe the device before they brought it in.
eloisant•4mo ago
Now I think this is what I would do if I need to send any electronic device for repairs.
All my data is backed up to cloud, yes setting it up again is a chore but it's better than risking my data with some unknown contractor.
kaoD•4mo ago
How is that less worrisome? Your data is living in someone else's storage, waiting to be compromised.
gpm•4mo ago
SoftTalker•4mo ago
My phone is not backed up. There's also nothing on it that I could not stand to lose.
hinkley•4mo ago
That doesn’t necessarily help with people sending in devices with special nostalgia for the physical hardware, such as a signature. Though whether those sorts of issues were from not paying attention to notes attached to the account or outright theft has rarely been clear.