909
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 06 Jun 2024
909 points (97.8% liked)
Technology
59081 readers
3280 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
How so? A Samsung or pixel with default settings would also behave that way, possibly even more securely because it wouldn't show the thieves your number.
I guess just anecdotally. I have a pixel 7, I'm pretty confident I could factory reset the device without 3rd party authentication. Also, from the tech channels I follow, I think I could recover my data if I forgot the password. Android has always felt more "free"and customizable, and I love it for that. But I also think that freedom allows for more exploits. It's a trade off that's worth it to me, personally. But if I had illegal shit to hide on my phone, I'd probably do it on an apple device.
Edit: just checked. I can completely bypass all my locked down Google Pixel settings to factory reset my phone pretty easily if I press the right keys in the right order. It would be pretty easy to steal and resell my phone.
As everyone is pointing out you're just wrong about this.
Also apple is overbearing AF. I recently had several back and forths with my IT department about an old company mac laptop I used to have. Since I had signed into my apple account once, Apple permanently tied that laptop to my account and wouldn't allow the fucking IT department to fully wipe it.
Keep in mind also that I would have preferred to not have or use an apple account (they kind of force it on you, even asking you to login to iCloud constantly even if you've literally never used it once), and even though I could login to the apple account in my browser and see that the laptop wasn't listed under my devices, IT was still locked out.
Literally the only way to fix this was giving the IT dept my apple password so they could authenticate then sign out of it. There was nothing I could do remotely about it. This is a security issue in itself. Zero reason I shouldn't be able to use my account remotely to remove or sign that device out. Zero reason I should have to give my password to another human. Except for apple being shit.
The apple security theater is widely believed but it's still largely theater.
Edit: before you tell me I didn't have to give up my password, understand that I fucking know that. I could've driven to the office, told my employer to fuck off, had them ship the laptop, etc... all of which are things that shouldn't be necessary. I took the least shitty option at the time. Kindly fuck off if you are so dicksloppery on apple that you can't understand the obvious point: pretending every shit decision is about security doesn't shield you from all criticism.
Your post details how it isn’t possible for IT professionals to wipe a Mac without the consent of the owner’s account. How is that security theater?
IT was the owner and obviously consented to their own actions.
You didn't read the post.
You pretty much MUST use paid mobile device management tools to set up and administer company owned Apple hardware, and those tools are notoriously annoying and often just bad
MDM would have been used regardless of OS.
Read again - for most other devices there are cheap and often some free administration tools that small businesses can use. And for many devices they can just reinstall them. But for Apple devices pretty much everything is expensive or very limited.
You missed the part where I had to give my password to another human.
Also, I wasn't the owner, they are. Also, again, it makes zero sense to not allow me to sign it out remotely.
Nothing is secure about a system designed so poorly you have to give out your password. That should never be needed.
Not to mention, I never wanted or needed to sign in. I was just nagged to do so 100 times so I relented. Nothing about that means I own the device.
I'm with you that you should be able to log out remotely, but this is more of a failure in the IT department. You should have been given a PC with the apple ID already introduced, with your company mail and some password. How would they even access your PC remotely for security udpwtes if they didn't have access to your appeal id? Right, they didn't. So they gave a computer they didn't have remote access to, not properly configured, and then forced you to either move or give private information.
You are absolutely incorrect. They had remote access and I watched them use it in various ways. When troubleshooting issues they would login and move my mouse and use a virtual keyboard. They could install software remotely on a schedule.
Not sure why you're under the impression that an apple account is required for remote management. There's probably >5 different popular third party software solutions for that
The apple sign in is an extraneous unneeded piece that once they annoy you into it, it then becomes considered a sign of ownership, which I never considered, because why would I?
You are right that IT should've had a way of dealing with it better, but in their defense this may have been an anti-feature (asking a user to login to iCloud, a service they've never used once, is not a feature) added in an update, after they issued the laptop. It's a small company, so I don't fault them on it as much as the trillion dollar company with the goal of inflating their iCloud metrics by forcing users to login to it.
Oh, I assumed that you would be forced to type your password or have enough rights to install stuff in a computer, be it in person or remotely, so I assumed that whatever 3rd party program they used required to have enough access, and that apple would use the apple id as a master password, given that it's what is being used to lock down the device itself.
Well, yet another issue with apple lol, why add a ownership id if it's not even what gives root access. Lmao.
Nah the iCloud crap is literally just another account. Up until the moment you login to it, then it silently ties the device to that account for "security" purposes. I kept emailing the IT guy back saying I don't know what I can do, I can see a list of devices here and that laptop has been removed from it.
After him asking me for help repeatedly I felt I had to just give up, give him the password on a slack call, then immediately reset it once he'd done what he needed.
Apple issue then, quite the anti feature. In any case, I hope the IT team learns from it and they create a company ID or several company IDs so this doesn't happen again haha.
You couldn’t remote in to type in your password?
I don't have the type of position where that would be needed or considered appropriate. Why should I need to anyhow? A lot of people are missing the point here. Logging into a service (especially one I didn't want or need but was harassed into doing it) should not unexpectedly be considered proof of ownership.
The scenario wasn't that during os setup I was asked to login. And I wasn't prompted with a warning that this could happen. What happened was every time I opened system settings for months it wanted me to login to iCloud and no matter how many times I refused it just kept asking.
Nah - you’re complaining that you “were forced into handing your password to someone else” when there were at least six ways you could have avoided that:
Finally, we release devices like this all the time through our ABM account. It takes 5 days maximum. Your IT team led you up the garden path.
It was a small company, as he said elsewhere, negating your first 4 options, and the last two of blaming the user are equally stupid because Apple can fix this and doesn't want to. Not everybody has an MDM tool which can set up ownership right for Apple devices - and they should not have to
It's shameful that you have a bunch of upvotes and he's getting downvotes
You are bending over backwards to justify absolute garbage practices. I am aware there were literally other ways around this. I was more referring to being forced into a situation where I'd even need to consider this.
Yes, I shouldn't have used my personal account... however I also should have never expected doing so to tell apple "I own this shit please make sure no one else can use it ever without my permission". Logging into iCloud should mean "I want to use iCloud", which btw I NEVER wanted to do. Every time I opened system settings the piece of shit insisted I login to it. That alone is a problem. But I'm sure you'll justify that one too.
You are the owner. For Apple, your IT department is the thief.
You should finish reading the part where the company owned the device.
The owner of the account owns the device. It’s a standard on all smartphones and tablets for the past 10 years.
Fortunately, apple and google corporate policy != law. If a company buys a device... and let's an employee use it. There's no amount of rules or policy that makes it the employee's property. It's company property. If you want to claim it's employee property then you'd at the very least be lying to the IRS as it would be considered a form of payment.
The real unfortunate part is that Apple or Google will never be incentivized to fix it because in this case you as the employee would be on the hook for "theft"/bricking of the device.
This is nonsense and violates a few laws in plenty of places
You didn’t have to give out your password, in fact you never should. If the machine remains locked, that’s not your problem. Your IT department should have created an admin account on the machine for IT before handing it over to you to avoid this scenario. The IT departments incompetence is not your problem.
If you wanted to unlock it as a courtesy, then they should have offered to send the laptop to you so you could unlock it. You never ever give anyone your password, and IT should know better than to ask for it.
If someone is holding a family member at gunpoint and threatening to kill them if you don’t give up your password; you do NOT give up your password. If an evil mastermind is about to destroy the world, and it can only be saved by you telling your password to another person. You do NOT give your password. There is no valid reason to ever give your password to anyone.
You missed the point entirely. Harassing me into signing into iCloud shouldn't mean I ever have to do anything inconvenient at all, regardless.
I wasn't presented with a dialogue that said "login to establish device ownership". Instead it was "login to iCloud now" dozens and dozens of times. I have never once used iCloud nor will I ever. That part alone was indefensible. But then locking the device to that account is plain stupid and reckless. There are plenty of scenarios where this fucks people worse than having to choose from a few shitty options
There is an entire screen in the initial setup that explains that the machine is added to your Find My and what that means. You probably just clicked ‘continue’ without reading.
Also, you don’t have to do anything inconvenient. It’s not your laptop so not your problem. The owner can have activation lock removed if they provide proof of ownership to Apple.
You really earn your "apple simp" tag. You know apple doesn't give a fuck about you, actually.
And I really don't care about your invalidations of what happened to me. If by some chance I did make some other mistake besides using my personal apple account, it's irrelevant. I do not think it should be possible to accidentally opt in to this bullshit. It is a shitty feature to force on every user. And it shouldn't be possible for an employee to render thousands of dollars worth of company hardware useless trash ready for the landfill. It shouldn't be possible intentionally, let alone by accident. If you removed the apple schlong from you mouth for a second you might see my point but you won't.
And it isn’t. Like I said before: Apple will remove the activation lock for the owner of the device. Just provide them proof of purchase.
You can request the unlock here
Ok so if I owned this machine legally but didn't have such proof, I'm sure you'd find a way to call me a fucking idiot for that too right? It would serve me right and apple would be blameless
Yes, you would be an idiot for buying a machine worth thousands of euros and not keeping the invoice. That’s completely unrelated to activation lock.
It you’re a business then it’s double stupid not to keep invoices.
Surprise! Apple simp strikes again!
Buying something legally isn't enough. Apple owns the fucking thing because: security and simps say so
Nevermind that there are plenty of ways you could get into this scenario and even if it only happened once ever, Apple's practice is bullshit, because: security and simps
I truly hope all this gargling some day leads you to accepting something even worse from these pieces of shit and and then it fucks you
Dude, you’re an idiot.
It's more about the fact that they didn't have a webpage in their apple account where they could remotely log out, and the IT department had the physical computer so they had to either move to the department or give the department their personal password, which is bogus. Being able to remotely log out of the computer doesn't seem to be that big of an ask.
I get thay the computer should remain locked if there's no internet, but once the computer gain connectivity it should unlock if it was logged out in the user page.
I see what you’re saying. I agree that users should be able to remove device locks remotely. You can with iPhones. Hopefully that moves to all devices.
I still prefer this to not having the lock at all.