> However, he neglects to mention that Apple already has a process to do this for legally-obtained products.
> The process is very simple. If a user has purchased an Apple product through means that will produce a receipt, like through eBay, users can request Activation Lock to be removed. All the user has to do is navigate to Apple Support and provide a receipt as proof.
> The problem Bumstead is likely running into is MDM or mobile device management. Apple will not unlock products that were previously part of an MDM system that's still attached.
So devices sent to a recycling center to be destroyed are being picked up and resold. So this whole thing seems like a non issue.
I'm responding to parent saying it's not an actual problem:
> So this whole thing seems like a non issue.
...
Apple doesn't seem able to "produce a receipt" if you purchased the MacBook with cash or a discontinued credit card in their store.
I have a lovely pristine 2019 MacBook Pro 16" that I put firmware password on before crossing international borders, before pandemic. The Ventura update broke boot. I have to boot to recovery partition, but cannot. No idea what "this is obvious" firmware pass I came up with.
THIS IS MY FAULT. But a surprisingly expensive fault…
I have the original welcome to new Mac on your Apple ID email a couple days after purchase, the Mac is active in my Find My, the Mac is under AppleCare to me which I have. Apple will not unlock it without receipt, which I do not have, and, no longer having an account with that card provider, cannot produce.
This 2019 MacBook Pro sells used for $4,689 from Apple today:
// At the same time, this is a reason we provide MacBook Pros to employees: we can take comfort losing one in NYC or Mumbai probably isn't going to compromise company data. This is worth the cost to me personally, and makes me an advocate of Apple's security work.
I would note that a legal way to get a laptop is to have it given to you. Not every transaction that transfers ownership entails a receipt from a corporation or even the exchange of money.
Can anyone confirm this? The article AppleInsider links[0] doesn't seem to have a way to upload a receipt. And I don't see how this would be possible without Apple verifying that the seller's name matches the name on the Apple ID, since, otherwise, thieves could launder devices via "selling" them via ebay once (for a 12% fee), or telling buyers of stolen devices to submit their receipt to Apple to get around the lock.
IIRC the previous Vice article mostly mentioned things like school bulk-selling devices, without doing the legwork of disassociating / resetting devices out of MDM. At no point is the goal to force the destruction of the device.
I was able to get activation lock removed on 2018 MacBook I purchased off eBay this way- I took it into an Apple Store to get its keyboard replaced under warranty and they just asked me to produce the eBay listing with the serial number visible and my shipping address on the order.
Doesn't this defeat the purpose of the activation lock? If I steal a device and sell it on eBay I still make my profit. In the general case if you have a locked device could you just "launder" it through eBay for the price of the commission they take?
Generally speaking, this works to unlock one off devices (and not mdm) but if you went to them with bulk serials to unlock they would tell you to go away. The scale recyclers operate at this does not work.
If it makes my laptop useless to be stolen and protects my personal information and finances I'd choose them being sent to the landfill over second hand market.
None of this is an issue if its actually real second hand.
As much as we all like to poke fun at Apple for some of their annoying decisions with lack of user choice, their locked-down systems also have pretty impressive results in that they've made it nearly useless to steal any of their devices.
I remember hearing that in certain "protests" (definitely not riots) a couple years ago, where people were looting stores, Apple was able to easily get the serial numbers of all the stolen devices and remotely brick them. The contrast of how valuable Apple products are both new and second hand, compared to how useless they are to steal is pretty wild. I can't think of any other product like that.
> Wrong -- it means that 1000 of these devices were dumped from an institution to a recycler without even bothering to log out first. And these apathetic institutions don't return calls when asked to unlock because they want the machines destroyed.
When your ownership of things depends on a private organization - under the ultimate control of who knows who with what private agenda and incentives -, the organization's willingness of cooperation in this ownership, and proper and fair implementation of procedures, with incentives for them to do so the best being indirect (sales volume of products as a whole) then there is definitelly an issue!
Just because there are criminals out there we shouldn't mandate all and every honest parties prove themselves of their innocence proactively....
I am surprised this security vs. freedom things is still something where people argue so overwhelmingly for the security part against themselves despite the many many many bad experiences throughout the history in various levels....
(there are schemes where the ownerships is strictly controlled but by a public body of the society with regulations around it - house, car, etc - but not a private business oriented organization's coined policies and online account implemented by there sole discretion and judgement who is allowed to use what, what constitutes acceptable proof in their view, and who is given access to that authoritive account and who is locked out eventually, potentially for a completely independent reason)
> If it makes my laptop useless to be stolen and protects my personal information and finances
keeping information private and/or secret and rendering a perfectly usable device a brick are two completely orthogonal things.
My laptop is perfectly secure, without Apple having a say on what I do with it after I bought it. Including reselling it.
p.s. if someone saw my laptop and a mac laptop left alone in the same room, they would try to steal the Mac, making my laptop even safer by virtue of not being from Apple.
I can’t believe the HN consensus on this one! A system that relies on the original owner to perform some incantation or the device is e-waste? Really, that’s the best Apple could do?
I sympathize with the resellers here. Often times the original owner cannot be contacted. Maybe they are dead and the machine came form an estate sale. Maybe it was sold on consignment or something. Maybe the original owner is just very difficult to find.
I bought a MacBook off an eBay seller, and had to deal with this shit. It took the seller forever but by some miracle he was able to track down and contact the original owner so he could unlock it. Without this hassle, a perfectly good computer would have been e-waste in a landfill somewhere.
Frustrating the legitimate second hand market and the ecological impact of all this waste is a high price to pay for mere anti-theft. Companies are very eager to kill the secondary market for their goods, and accepting this scheme plays into Apple’s hands.
The reduction in iPhone theft after activation lock was remarkable in the Bay Area. Did the person writing the article confirm none of these were stolen?
Owners can now remove devices via web site I think. So if folks are saying these are just broken, have owner turn off activation lock
Looks like some of these "broken" notebooks are actually stolen notebooks. If you buy online, you can contact the seller to solve the issue. It is actually the point of the feature. If someone knows they could not do anything with the device, they will not steal it (same with new phones).
> Apple encourages owners of older devices to participate in the company’s trade-in program
Which is a pretty bad program, reusing is always better than recycling. Apple will just scrap it into basic elements: metals, maybe lithium.
I think that’s exactly what is going on here. If you’re a third party reseller who buys used Macs for resale then you need to have the original owner turn off Find My Mac so you can wipe the machine. If the person bringing the machine in for resale isn’t the original owner then, well, it may be stolen.
What if the previous owner lost their account, is not reachable, or died?
Ideally you should be able to take such a locked device to some official place, like a town hall, and they should be able to look up the previous owner. If they are deceased or they confirm that they no longer want the device, then after checking IDs and so on that office should be able to start the process to unlock the device. (That same department could give you recourse if your house burns down and you loose all your digital accounts, or you are locked out of Google unfairly.) Our civil institutions have not really kept up with technology here.
Edit: Of course I wouldn't give government the capability to decrypt anybodys device or something! Just have an organisation that's purpose is to clarify ownership, and wipe and reuse devices so they don't end up as in a landfill. I don't really trust the vendor alone to optimize for reusing used devices.
> Which is a pretty bad program, reusing is always better than recycling. Apple will just scrap it into basic elements: metals, maybe lithium.
They have a refurbished program so they definitely don't just scrap devices you trade in. Maybe they even scrap some devices for parts. In the server space this is normal. HP would regularly send us refurbished replacement parts for repairs (this is also one of the reason why they want the replaced parts back).
The thing is that the ones who steal are going to steal them anyway, even with the locks and sell them for parts. It won't really prevent theft but would only increase ewaste.
When I worked at Apple, I had used an iPad for testing. I ended up also creating an icloud test-account for it. Some year or so later I got an email from another employee within Apple (who now had the device) asking that I sign out of the device so they could wipe it. Wow, I couldn't remember my iCloud test-account password. I was surprised there wasn't some low-level way to just wipe the device. (I did eventually guess the account password.)
You can always wipe via putting it in restore mode, but if it's activation locked, you won't be able to get past setup unless you have the password. This prevents theft even if the thief knows how to hold the buttons in the right order to restore the device to factory settings.
The original vice article had a key fact that is missing from the macworld article.
The issue is the laptops are received by recyclers in an ill-gotten manner.
Companies were sending thousands of laptops to be destroyed and instead the ended up in recyclers who are attempting to wipe and then resell them, which is why recyclers could not get the original legal owners to remove the activation lock.
If the recycler had an agreement to wipe and reuse the machines, and the activation lock prevented it, then those thousands of machines should be shipped back to the company to dispose of, along with a bill for the shipping cost, and time.
The original Vice article[1] makes no such claim. I'm assuming you drew that conclusion from the following quote:
> Often the previous owners are corporations or schools who buy and sell the machines in bulk and aren't interested in helping recyclers or refurbishers unlock them. "Previous owners do not return phone calls, and large corporations that dump 3000 machines assume they have been destroyed, so it is critical we have a solution that does not depend on the previous owner approving,” Bumstead said.
But if you check his website[1], the terms of sale make it clear that devices are intended for resale:
> Although RDKL, Inc., always attempts to erase hard drives and remove personal data before a device is sold to another party, RDKL, Inc., cannot guarantee that all traces of the seller's identity have been permanently removed, and it is therefore the seller's responsibility to remove personal data from a device before selling it to RDKL, Inc.
Why would he pay for devices that he would be contractually obligated to destroy, at his own expense?
Sounds like they are using the concern for recycling to mask their frustration with Apple's Activation Lock making stolen goods worthless. If they obtained the laptops legitimately, they would have known better to remove the devices from user's accounts before accepting them.
Regarding Find My Mac and the various locks that can cause. Does anyone have advice on a business case for this? I'm planning on switching our staff over to MacBooks this year and would love to understand the pros and cons of users using their own Apple ID versus a company provided one. We work remotely, so that could possibly complicate things. The last thing I need is a former staff member setting up Find My Mac and locking it to their Apple ID then leaving the company.
Another approach is to just let employees keep or buy out their laptop when they leave as a benefit. The cost of a MacBook isn't that huge relative to a tech salary.
This is one of the reasons we've switched over to an MDM solution. If you set it up correctly, the MDM can unlock the Mac, regardless of the apple ID used.
We use macs at my job, there is MDM software available. It's clearly tagged with a sticker on the back, which I assume goes back to some entry in the MDM software, and even though I use a personal Apple ID (I created a new one for this purpose but same end effect) I have no doubt they could press a button to brick the machine until it makes its way back to them if they really had to.
Where I live, e-waste recycling is very (over)regulated, so I can see a way out of this problem that doesn't take away from the unprofitability of stealing Apple devices. If Apple allows officially-registered e-waste recyclers (which can't pay more than scrap value for devices) to send unlock requests, they can then sell them on, but thieves won't get anything out of it, barring some grand e-waste conspiracy.
I personally don't like this system, I don't want any third party to have this kind of control over my device, but I have to admit that it's a system that works today and does its job, and with one small-ish tweak it could be even better.
> but thieves won't get anything out of it, barring some grand e-waste conspiracy.
A conspiracy isn't required for this to increase theft. Recyclers could start advertising maybe $50-100 per Macbook if they can guarantee they'll be able to sell each mac people bring in. Next thing you know, people start stealing more of them since there's now a middleman that pays out enough per device and doesn't ask questions like "did you steal these" or "why are all of the Apple IDs different". The only way this would work is if the program had the e-waste centers submit a photo ID of the person that brought the product to match against the current Apple ID name and address.
I found a pair of AirPods a while back and wanted to return them to their owner. They must be associated with an Apple ID, so I reached out to Apple and asked if they’d help me get in touch. They said no, and advised me to file a police report.
I wonder why they have this policy? They have all the necessary information to facilitate a conversation. Heck, with services like Hide My Email, they could even keep the identities of each party private.
Is it hard to imagine the thief themselves using this to extort someone if they want their airpods back, or use that contact info to phish the owner for their Apple ID password?
Last time I bought an used Apple device i checked icloud/activation lock with the seller before paying for it. Guess that's what the resellers should do as well. If it's done remotely, just pay after verifying or refuse to buy.
Of course that cuts into their profit margins but it's not like used Apple thingies are particularly cheap...
Activation lock can be disabled with find my on another device sharing the iCloud account, can’t it? So are these repair shops not even calling old trade in contacts to request removing the device? Because it’s stolen or something?
>which means that the second owner needs to be able to work with the original owner to get the request fulfilled. In some instances, that’s difficult or impossible to do.
Good. Let’s not pretend that theft isn’t a problem.
[+] [-] neogodless|3 years ago|reply
https://news.ycombinator.com/item?id=34504752 2 days ago, 410 comments
[+] [-] philliphaydon|3 years ago|reply
> However, he neglects to mention that Apple already has a process to do this for legally-obtained products.
> The process is very simple. If a user has purchased an Apple product through means that will produce a receipt, like through eBay, users can request Activation Lock to be removed. All the user has to do is navigate to Apple Support and provide a receipt as proof.
> The problem Bumstead is likely running into is MDM or mobile device management. Apple will not unlock products that were previously part of an MDM system that's still attached.
So devices sent to a recycling center to be destroyed are being picked up and resold. So this whole thing seems like a non issue.
[+] [-] Terretta|3 years ago|reply
I'm responding to parent saying it's not an actual problem:
> So this whole thing seems like a non issue.
...
Apple doesn't seem able to "produce a receipt" if you purchased the MacBook with cash or a discontinued credit card in their store.
I have a lovely pristine 2019 MacBook Pro 16" that I put firmware password on before crossing international borders, before pandemic. The Ventura update broke boot. I have to boot to recovery partition, but cannot. No idea what "this is obvious" firmware pass I came up with.
THIS IS MY FAULT. But a surprisingly expensive fault…
I have the original welcome to new Mac on your Apple ID email a couple days after purchase, the Mac is active in my Find My, the Mac is under AppleCare to me which I have. Apple will not unlock it without receipt, which I do not have, and, no longer having an account with that card provider, cannot produce.
This 2019 MacBook Pro sells used for $4,689 from Apple today:
https://www.apple.com/shop/product/G14X6LL/A/refurbished-16-...
So for me, it's an issue.
// At the same time, this is a reason we provide MacBook Pros to employees: we can take comfort losing one in NYC or Mumbai probably isn't going to compromise company data. This is worth the cost to me personally, and makes me an advocate of Apple's security work.
[+] [-] fnordpiglet|3 years ago|reply
[+] [-] phpisthebest|3 years ago|reply
[+] [-] judge2020|3 years ago|reply
0: https://support.apple.com/en-us/HT201365
[+] [-] masklinn|3 years ago|reply
[+] [-] ipython|3 years ago|reply
[+] [-] unknown|3 years ago|reply
[deleted]
[+] [-] kevincox|3 years ago|reply
[+] [-] recycledmatt|3 years ago|reply
[+] [-] bakugo|3 years ago|reply
[deleted]
[+] [-] whywhywhywhy|3 years ago|reply
None of this is an issue if its actually real second hand.
[+] [-] hbn|3 years ago|reply
I remember hearing that in certain "protests" (definitely not riots) a couple years ago, where people were looting stores, Apple was able to easily get the serial numbers of all the stolen devices and remotely brick them. The contrast of how valuable Apple products are both new and second hand, compared to how useless they are to steal is pretty wild. I can't think of any other product like that.
[+] [-] philliphaydon|3 years ago|reply
https://twitter.com/rdklinc/status/1617541547469193217
> Wrong -- it means that 1000 of these devices were dumped from an institution to a recycler without even bothering to log out first. And these apathetic institutions don't return calls when asked to unlock because they want the machines destroyed.
[+] [-] userbinator|3 years ago|reply
People don't always take the time to go through everything.
Traditional disk encryption serves your protection perfectly well.
As the saying goes, "Those who give up freedom for security..."
[+] [-] mihaaly|3 years ago|reply
Just because there are criminals out there we shouldn't mandate all and every honest parties prove themselves of their innocence proactively....
I am surprised this security vs. freedom things is still something where people argue so overwhelmingly for the security part against themselves despite the many many many bad experiences throughout the history in various levels....
(there are schemes where the ownerships is strictly controlled but by a public body of the society with regulations around it - house, car, etc - but not a private business oriented organization's coined policies and online account implemented by there sole discretion and judgement who is allowed to use what, what constitutes acceptable proof in their view, and who is given access to that authoritive account and who is locked out eventually, potentially for a completely independent reason)
[+] [-] peoplefromibiza|3 years ago|reply
keeping information private and/or secret and rendering a perfectly usable device a brick are two completely orthogonal things.
My laptop is perfectly secure, without Apple having a say on what I do with it after I bought it. Including reselling it.
p.s. if someone saw my laptop and a mac laptop left alone in the same room, they would try to steal the Mac, making my laptop even safer by virtue of not being from Apple.
[+] [-] 1234letshaveatw|3 years ago|reply
[+] [-] ryandrake|3 years ago|reply
I sympathize with the resellers here. Often times the original owner cannot be contacted. Maybe they are dead and the machine came form an estate sale. Maybe it was sold on consignment or something. Maybe the original owner is just very difficult to find.
I bought a MacBook off an eBay seller, and had to deal with this shit. It took the seller forever but by some miracle he was able to track down and contact the original owner so he could unlock it. Without this hassle, a perfectly good computer would have been e-waste in a landfill somewhere.
Frustrating the legitimate second hand market and the ecological impact of all this waste is a high price to pay for mere anti-theft. Companies are very eager to kill the secondary market for their goods, and accepting this scheme plays into Apple’s hands.
[+] [-] onphonenow|3 years ago|reply
Owners can now remove devices via web site I think. So if folks are saying these are just broken, have owner turn off activation lock
[+] [-] octacat|3 years ago|reply
> Apple encourages owners of older devices to participate in the company’s trade-in program
Which is a pretty bad program, reusing is always better than recycling. Apple will just scrap it into basic elements: metals, maybe lithium.
[+] [-] chongli|3 years ago|reply
[+] [-] captainmuon|3 years ago|reply
Ideally you should be able to take such a locked device to some official place, like a town hall, and they should be able to look up the previous owner. If they are deceased or they confirm that they no longer want the device, then after checking IDs and so on that office should be able to start the process to unlock the device. (That same department could give you recourse if your house burns down and you loose all your digital accounts, or you are locked out of Google unfairly.) Our civil institutions have not really kept up with technology here.
Edit: Of course I wouldn't give government the capability to decrypt anybodys device or something! Just have an organisation that's purpose is to clarify ownership, and wipe and reuse devices so they don't end up as in a landfill. I don't really trust the vendor alone to optimize for reusing used devices.
[+] [-] jjtheblunt|3 years ago|reply
False: for just one counterexample, Apple employees receive refurbs from trade-in as work machines. (Source: First hand experience of years).
[+] [-] lwkl|3 years ago|reply
They have a refurbished program so they definitely don't just scrap devices you trade in. Maybe they even scrap some devices for parts. In the server space this is normal. HP would regularly send us refurbished replacement parts for repairs (this is also one of the reason why they want the replaced parts back).
[+] [-] hexagonwin|3 years ago|reply
[+] [-] kayodelycaon|3 years ago|reply
Yeah. Sure. You can’t wipe the drive on an M1 and have the machine still boot. Reinstalling the OS doesn’t erase the data volume.
You have to use Erase All Content and Settings. Apple documents the process pretty clearly.
https://support.apple.com/en-us/HT212749
[+] [-] lelandfe|3 years ago|reply
...but if you forget to do that stuff, the Mac will indeed be unusable by the purchaser.
[+] [-] JKCalhoun|3 years ago|reply
[+] [-] judge2020|3 years ago|reply
[+] [-] balls187|3 years ago|reply
The issue is the laptops are received by recyclers in an ill-gotten manner.
Companies were sending thousands of laptops to be destroyed and instead the ended up in recyclers who are attempting to wipe and then resell them, which is why recyclers could not get the original legal owners to remove the activation lock.
If the recycler had an agreement to wipe and reuse the machines, and the activation lock prevented it, then those thousands of machines should be shipped back to the company to dispose of, along with a bill for the shipping cost, and time.
[+] [-] dns_snek|3 years ago|reply
> Often the previous owners are corporations or schools who buy and sell the machines in bulk and aren't interested in helping recyclers or refurbishers unlock them. "Previous owners do not return phone calls, and large corporations that dump 3000 machines assume they have been destroyed, so it is critical we have a solution that does not depend on the previous owner approving,” Bumstead said.
But if you check his website[1], the terms of sale make it clear that devices are intended for resale:
> Although RDKL, Inc., always attempts to erase hard drives and remove personal data before a device is sold to another party, RDKL, Inc., cannot guarantee that all traces of the seller's identity have been permanently removed, and it is therefore the seller's responsibility to remove personal data from a device before selling it to RDKL, Inc.
Why would he pay for devices that he would be contractually obligated to destroy, at his own expense?
[1] https://www.vice.com/en/article/xgybq7/apple-macbook-activat...
[2] https://www.rdklinc.com/sell-terms
[+] [-] a_vanderbilt|3 years ago|reply
[+] [-] selykg|3 years ago|reply
[+] [-] morpheuskafka|3 years ago|reply
https://docs.jamf.com/jamf- now/documentation/Using_Activation_Lock_Bypass.html
Another approach is to just let employees keep or buy out their laptop when they leave as a benefit. The cost of a MacBook isn't that huge relative to a tech salary.
[+] [-] Xylakant|3 years ago|reply
[+] [-] pc86|3 years ago|reply
[+] [-] dvdkon|3 years ago|reply
I personally don't like this system, I don't want any third party to have this kind of control over my device, but I have to admit that it's a system that works today and does its job, and with one small-ish tweak it could be even better.
[+] [-] judge2020|3 years ago|reply
A conspiracy isn't required for this to increase theft. Recyclers could start advertising maybe $50-100 per Macbook if they can guarantee they'll be able to sell each mac people bring in. Next thing you know, people start stealing more of them since there's now a middleman that pays out enough per device and doesn't ask questions like "did you steal these" or "why are all of the Apple IDs different". The only way this would work is if the program had the e-waste centers submit a photo ID of the person that brought the product to match against the current Apple ID name and address.
[+] [-] mproud|3 years ago|reply
[+] [-] 2OEH8eoCRo0|3 years ago|reply
For a time, before factory resetting, you needed to remove your account from the phone. I had no idea.
[+] [-] fprog|3 years ago|reply
I wonder why they have this policy? They have all the necessary information to facilitate a conversation. Heck, with services like Hide My Email, they could even keep the identities of each party private.
[+] [-] judge2020|3 years ago|reply
[+] [-] mproud|3 years ago|reply
Anyway, Apple has decided there are only two ways to determine the owner:
1. Find My Activation Lock
2. Original Proof of Purchase
[+] [-] graderjs|3 years ago|reply
[+] [-] nottorp|3 years ago|reply
Of course that cuts into their profit margins but it's not like used Apple thingies are particularly cheap...
[+] [-] kylehotchkiss|3 years ago|reply
[+] [-] lowbloodsugar|3 years ago|reply
Good. Let’s not pretend that theft isn’t a problem.
[+] [-] rafaelturk|3 years ago|reply