Unfortunately this occurred in 2016, long before they added "repair mode" in iOS 17.
But I should mention, I was in the middle of writing a comment along the lines of "apple really needs to add a repair mode to iOS" before going to look it up and realizing that it's actually been there since iOS 17.
For me this highlights another issue with iOS which is it has many awesome features that you just won't know about unless you're a techie that keeps up with the news. One great example is the "hidden folder" feature that allows you to hide sensitive apps in an unmarked folder that when set to it's most secure setting, can only be opened with FaceID and no passcode backup. Along with some other features like preventing the app from showing up in your app switcher.
This is a genius feature but I see very few people with it enabled, mostly because they just don't know it's a thing. Something like this should be front and center when you first setup your device but instead it's a feature so buried that I had to lookup a guide on how to enable it.
And repair mode is equally buried, I had to lookup a guide on how to enable it as well. IMHO Apple really needs to tweak iOS to better surface these features.
> iOS which is it has many awesome features that you just won't know about unless you're a techie that keeps up with the news
Probably the single most useful hidden feature, valuable to parents everywhere, is “Guided Access” mode available through accessibility settings.
It lets you lock the screen to a single app or disable touch entirely (or even by custom region), so that you can hand your device to a kid without worrying they will delete your photos.
They never even really promoted this features in their news updates.
Samsung has this too (not sure about other Androids), it's called "pin app".
It also makes the app come up immediately when your turn on the screen, so it's in front of the lock screen basically (but you can only access that particular app). It's good for showing someone a specific app. I also use it for instant access to my train ticket (QR code on screen on the train company's app). The iOS version sounds better though.
It’s a very confusing and hidden feature. You have to start “deleting” your phone from Find My (which is itself an hidden swipe action) and it’ll tell you that you can’t but you can enable repair mode.
IMO the feature shouldn’t even be in Find My because it’s not really related to finding your phone or activation locking/unlocking it.
You can't overwhelm the user with 300 "Here's what you can do with your phone!" tips when they first start it, so maybe something like a push notification every few days telling the user about a couple features.
Repair State isn’t a feature that you need to know about unless you’re having your phone repaired or traded in, at which point you’ll learn about it.
It’s a perfect example of a feature being surfaced exactly as it should be, when needed. Quite a bit of mental gymnastics to twist that into being an ‘issue’.
The word "easily" is doing some work here, as your scenario is already in the area of "rubber-hose cryptanalysis", where passcodes don't stay private for long either.
Fair enough. The threat model I have in mind here is cops and customs agents violating one's (US) fourth amendment rights. With FaceID they don't need your passcode to unlock your phone. With a passcode, they cannot legally arrest you [yet] for refusing to provide it.
I thought it was common knowledge that for privacy and security you should have FaceID (and before that, fingerprint reader) disabled in favour of a password.
I actually wonder if it’s possible to coerce someone to use Face ID. If you have it set properly it requires your eyes to be open and looking at the phone, so someone can’t use it while you’re sleeping. They would have to hold your eyes up at that point Their hand is in front of your face. And how can someone force you to look in the right direction?
I had a friend a few years back that got taken for close to $50k and this feature would have prevented it.
- He was at a bar and got to talking to one girl.
- There was another girl watching him and his phone and figured out his passcode. The bar was dimly lit so FaceID didn't always work and at some point he entered his passcode and she saw.
- They all left to "go back to their place" and in the process the girls stole his phone.
- Mid ride they kicked him out of the Uber.
- He goes home and realized his bank accounts have all been cleaned out via Venmo and CashApp.
Had those apps been inside the "secure folder", they would have not been able to access them and thus would not have been able to clean him out like they did.
Holding the side button + volume button together until you see the power-off slider also temporarily disables Face ID / Touch ID, requiring the device passcode for unlocking.
You can also set your phone to erase after ten failed passcodes.
Because people willing to hit you with a wrench to recover a password are definitely going to stop when they discover that you actually destroyed the thing they were looking for, thus "getting one over" on them...
Although to be fair, they might just switch to a pistol at that point. After all, you are no longer useful once the data has gone.
Congratulations on discovering XKCD 538 [1]. Depending on your exact threat model (i.e. barring a very surprise attack), this actually can be defended against in many cases, too.
Is there a way to do [2] on Android? I know you can hold the power button and choose Lockdown, but that requires actually looking at the phone, which would be difficult in some situations.
I haven't used an Android phone for more than about 5 minutes in total ever so perhaps someone more informed in that ecosystem can weigh in, but a quick Google did not find a way. It's also worth checking that the same properties of "before first unlock" hold for Android as they do for iPhones even if you can reset it in such a way.
> This case shows how, even when Apple tightly controls its repair infrastructure, it cannot prevent disastrous cases like this
Customers should be able to choose where to repair their device, or even be able to repair it themselves. Just because it's an "official" repair shop doesn't mean its the best and the safest. Louis Rossmann has been saying this for years.
I never understood why the repair techs need my passcode to repair my iPhone (like replacing display or battery) and they suggest it as a first option unapologetically without even explaining privacy risks.
Recently I had the screen replaced on my child’s iPad. The tech asked for passcode, and I refused to provide it. The tech complained and said when I came to pick it up he’d need to guide me through some things.
Indeed, there were some settings that needed to be set, to ”help” the new screen.
Having said that — I’ve previously documented a case (well over 10 years ago) where I caught a local PC repair company who used their access to a machine of mine they were repairing - to quickly scan through the thumbnails of our personal photos, and look closer at any image which showed any flesh.
People expect to be trusted but don’t act in a trustworthy manner.
I used to repair iPhone screens and can answer this. It was the easiest way to check the device worked after the repair and that the screen didn’t have any dead spots. We told people to wipe the phones before they brought them in, and gave people the option of either giving us the PIN code or accepting the device back without us validating the fix.
I don’t think I ever had a single person say no to the pin but we did have plenty of people wipe the device before they brought it in.
There are also stories of people losing all of their stuff by sending the device in. So the added benefit of suggesting a wipe is that it encourages you to assume total loss and plan ahead.
That doesn’t necessarily help with people sending in devices with special nostalgia for the physical hardware, such as a signature. Though whether those sorts of issues were from not paying attention to notes attached to the account or outright theft has rarely been clear.
Maybe the benefit of only ever dealing with extremely sketchy places for phone stuff is that they already know I won't give them information to unlock my phone so they never ask. Either the repair can be effected without, or I don't want it done. "Is it OK to wipe this phone?" is also an acceptable question, and sometimes the answer might even be "Yes".
It's crazy that a repair shop needs your passcode. I can't think of any case where it would be necessary.
I'm glad this person won the lawsuit though; getting your nudes leaked is a really shitty situation to be in. Apple needs to do a better job vetting their repair shops.
The problem is that Android doesn't offer a pre-boot UI for testing anything unless you flash TWRP (at which point the userdata will be wiped), and I'm not sure if iOS does either.
Often not even that. Samsung wants its proprietary Odin stuff to flash, Mediatek has their own toolsuite. Both need Windows to run.
Only ones actually using fully open source tools are Google's Pixel lineup.
But none, not even Pixel, allow for anything resembling actual "recovery" for common failure modes. Dead display at least for Samsung and Pixel means you have to install a new display if you want to access the data, otherwise it won't even pass the first bootloader stage, much less boot into the OS or unlock the encryption. Something gone corrupt with the OS? Same case. If you can't manage to boot at least to the Android Safe Mode, you're out of luck. And no HW self-test at all.
Somewhere in the 2013-14's or something my MBP had a faulty GPU and I brought it in for free repair (that they put in another faulty GPU which failed after the same time as the first one, but it did get them over of the warranty period is besides the point), and they asked me for my root password. I gave it, and felt incredibly dirty. I would never do that again.
Was it an Nvidia GPU? I used to work for GeekSquad and we would gladly send the Mac to the Apple store to replace the whole thing with the newer model - always free.
People would come back and thank us for sending them to Apple.
They even honored them out of warranty due to the lawsuit they faced with Nvidia over the solder failures.
It was indeed an nvidia GPU, I desoldered something and got the thing working pretty much 100% on the iGPU of the corei7 in there... For 3 days until some update bricked it once and for good.
I never heard of any actions to take after the second failure, shame. Was that also valid in the EU?
Whole thing did leave me a bit sour about Apple tbh, it was my last macbook.
Yeah we offered resoldering for a while but after Apple started replacing them there was no point.
The settlement was in the US, so that is probably why it didn't apply in the EU. Kind of surprising really.
I don't blame you for being upset, the fact that neither party could come to an agreement and left consumers to pound sand was terrible. Apple should have just replaced them while the lawsuit was pending.
I was super confused because he's all over the thread saying it happened 10 years ago. And I was like, wait a second, did I sleep through that? Thanks for the clarification.
Why doesnt apple add a repair mode? Access to most settings but not data? Then train users to never give their password to Apple (like banks say never say even to us your PIN or online password)
Date Apple announced self-repair kits program: November 17, 2021
I had been wondering what inspired that program — sure, it’s a good idea, but it’s an odd investment for a corporation. Three months is about their usual turnaround from “okay, this is humiliating” to “okay, we’ve announced our intent to fix”. Thanks, Vice!
There is a long and shameful history of repair techs and computer shops doing this to people. From the stories I've heard from people who've been in that industry, looking for nudes on customer devices has been almost an expected and tacitly tolerated norm for decades. Its not going to stop on it's own, so we need to start throwing the book at these people. Very long prison sentences are in order. It's a form of sexual abuse and should be considered a very severe felony.
Been going on long before that. When I was in high school a friend worked at a camera shop where they also did photo finishing in-house. Very common for them to make extra prints of all the nudes and amateur porn and circulate them amongst themselves and their friends.
On the one hand, that's a privacy violation. On the other hand, what did people expect when they brought their film in for processing---that nobody would see the photos? My guess is that a lot of them had an exhibitionist thing going on.
They may have expected that the photo techs wouldn't make extra copies, though -- that they'd do what was necessary for the job but no more.
(That expectation is even compatible with exhibitionism! "The photo tech will see my nudes. That's kind of cool! Of course, he wouldn't make extra copies because that would be unprofessional, maybe illegal.")
I think we should continue with the consequentialist approach where the trust violation and right to privacy are considered creepy but not punished as strictly as sexual abuse that actually harms someone or traumatizes them. "Uploads the nudes to Facebook" is not a bad place to draw the line. I spend a lot of time watching TikToks of people in prison and it is a terrible punishment where a few weeks outweighs any harm done to these victims.
This is weird. On one side, why would you give your passcode to a device that contains a lot of stuff, usually financial apps, message history, in a lot of cases access to corporate information... and eventually nudes.
On other side, as a technician, how retarded you must be to have access to all this data and to take nudes and post them online. Like whats the end game? What sort of outcome do you expect?
This is just like the story that happened few weeks ago, when someone gained access to a popular npm packages and uploaded the most obviously visible crypto stealer.
There are a lot of stupid techs. Back in the day we had a tech of a consulting firm run l0phtcrack on our network and then brag about it to a bunch of our firm’s employees. He wasn’t even doing it to steal data, which is probably why he thought it was okay.
The thing about stupid people is they don’t know they’re stupid. They are either wholly delusional about the legality, morality, or consequences or they reason that because they couldn’t catch themselves there is no way anyone else could catch them.
Unfortunately this occurred in 2016, long before they added "repair mode" in iOS 17.
But I should mention, I was in the middle of writing a comment along the lines of "apple really needs to add a repair mode to iOS" before going to look it up and realizing that it's actually been there since iOS 17.
For me this highlights another issue with iOS which is it has many awesome features that you just won't know about unless you're a techie that keeps up with the news. One great example is the "hidden folder" feature that allows you to hide sensitive apps in an unmarked folder that when set to it's most secure setting, can only be opened with FaceID and no passcode backup. Along with some other features like preventing the app from showing up in your app switcher.
This is a genius feature but I see very few people with it enabled, mostly because they just don't know it's a thing. Something like this should be front and center when you first setup your device but instead it's a feature so buried that I had to lookup a guide on how to enable it.
And repair mode is equally buried, I had to lookup a guide on how to enable it as well. IMHO Apple really needs to tweak iOS to better surface these features.
> iOS which is it has many awesome features that you just won't know about unless you're a techie that keeps up with the news
Probably the single most useful hidden feature, valuable to parents everywhere, is “Guided Access” mode available through accessibility settings.
It lets you lock the screen to a single app or disable touch entirely (or even by custom region), so that you can hand your device to a kid without worrying they will delete your photos.
They never even really promoted this features in their news updates.
Samsung has this too (not sure about other Androids), it's called "pin app".
It also makes the app come up immediately when your turn on the screen, so it's in front of the lock screen basically (but you can only access that particular app). It's good for showing someone a specific app. I also use it for instant access to my train ticket (QR code on screen on the train company's app). The iOS version sounds better though.
Pixels have it as well.
Wow as a father of two toddlers you just made my day!
Keep in mind it doesn’t always work and never works in YouTube full screen mode
Shouldn't it be a standard procedure for the Apple Store Genius to instruct the user to enable Repair Mode before accepting the device?
2016 is before repair mode existed
Oh I meant it should not be a discovery issue if this is the standard procedure. The user don't have to know the feature exists.
It’s a very confusing and hidden feature. You have to start “deleting” your phone from Find My (which is itself an hidden swipe action) and it’ll tell you that you can’t but you can enable repair mode.
IMO the feature shouldn’t even be in Find My because it’s not really related to finding your phone or activation locking/unlocking it.
I'll take shipping the org chart for a thousand Alex.
You can't overwhelm the user with 300 "Here's what you can do with your phone!" tips when they first start it, so maybe something like a push notification every few days telling the user about a couple features.
They have a tips app that does exactly this. I imagine most people ignore it after day 1.
Repair State isn’t a feature that you need to know about unless you’re having your phone repaired or traded in, at which point you’ll learn about it.
It’s a perfect example of a feature being surfaced exactly as it should be, when needed. Quite a bit of mental gymnastics to twist that into being an ‘issue’.
> can only be opened with FaceID and no passcode backup
So it can easily be opened by someone who restrains you and holds your phone in front of your face then?
The word "easily" is doing some work here, as your scenario is already in the area of "rubber-hose cryptanalysis", where passcodes don't stay private for long either.
Fair enough. The threat model I have in mind here is cops and customs agents violating one's (US) fourth amendment rights. With FaceID they don't need your passcode to unlock your phone. With a passcode, they cannot legally arrest you [yet] for refusing to provide it.
I thought it was common knowledge that for privacy and security you should have FaceID (and before that, fingerprint reader) disabled in favour of a password.
I actually wonder if it’s possible to coerce someone to use Face ID. If you have it set properly it requires your eyes to be open and looking at the phone, so someone can’t use it while you’re sleeping. They would have to hold your eyes up at that point Their hand is in front of your face. And how can someone force you to look in the right direction?
By telling you that you'll spend the next 10 years at CECOT in Honduras if you don't look in the right direction.
while they are restraining you, how are they preventing you from keeping your eyes closed?
Except physical assault leaves evidence.
I had a friend a few years back that got taken for close to $50k and this feature would have prevented it.
- He was at a bar and got to talking to one girl.
- There was another girl watching him and his phone and figured out his passcode. The bar was dimly lit so FaceID didn't always work and at some point he entered his passcode and she saw.
- They all left to "go back to their place" and in the process the girls stole his phone.
- Mid ride they kicked him out of the Uber.
- He goes home and realized his bank accounts have all been cleaned out via Venmo and CashApp.
Had those apps been inside the "secure folder", they would have not been able to access them and thus would not have been able to clean him out like they did.
> The bar was dimly lit so FaceID didn't always work
I don’t think the dark stops Face ID. It works fine in total darkness.
Or don't stay logged in to your banking apps. I have mine set to require a login every time I open them.
Were these the same girls that inspired the Hustlers movie? Or maybe they were inspired by it?
Ah that sucks, doesn't sound like Stolen Device Protection would help either.
How many wacks with a wrench do you think it'd take before you gave up your passcode?
Which is why phones should have duress passcode capability but that's another rant.
They do to some extent.
Holding the side button + volume button together until you see the power-off slider also temporarily disables Face ID / Touch ID, requiring the device passcode for unlocking.
You can also set your phone to erase after ten failed passcodes.
What exactly do you think the wrench-holder would do upon discovering the use of this?
stop hitting you with the wrench as it is no longer a useful option
Because people willing to hit you with a wrench to recover a password are definitely going to stop when they discover that you actually destroyed the thing they were looking for, thus "getting one over" on them...
Although to be fair, they might just switch to a pistol at that point. After all, you are no longer useful once the data has gone.
One of the reasons I never set up FaceID on my phone.
Congratulations on discovering XKCD 538 [1]. Depending on your exact threat model (i.e. barring a very surprise attack), this actually can be defended against in many cases, too.
[1]: https://xkcd.com/538/
[2]: https://daringfireball.net/2022/06/require_a_passcode_to_unl...
Is there a way to do [2] on Android? I know you can hold the power button and choose Lockdown, but that requires actually looking at the phone, which would be difficult in some situations.
I haven't used an Android phone for more than about 5 minutes in total ever so perhaps someone more informed in that ecosystem can weigh in, but a quick Google did not find a way. It's also worth checking that the same properties of "before first unlock" hold for Android as they do for iPhones even if you can reset it in such a way.
I mean, if they restrain your eyeballs to look at the phone…
> This case shows how, even when Apple tightly controls its repair infrastructure, it cannot prevent disastrous cases like this
Customers should be able to choose where to repair their device, or even be able to repair it themselves. Just because it's an "official" repair shop doesn't mean its the best and the safest. Louis Rossmann has been saying this for years.
And they can. https://support.apple.com/self-service-repair
I never understood why the repair techs need my passcode to repair my iPhone (like replacing display or battery) and they suggest it as a first option unapologetically without even explaining privacy risks.
Recently I had the screen replaced on my child’s iPad. The tech asked for passcode, and I refused to provide it. The tech complained and said when I came to pick it up he’d need to guide me through some things.
Indeed, there were some settings that needed to be set, to ”help” the new screen.
Having said that — I’ve previously documented a case (well over 10 years ago) where I caught a local PC repair company who used their access to a machine of mine they were repairing - to quickly scan through the thumbnails of our personal photos, and look closer at any image which showed any flesh.
People expect to be trusted but don’t act in a trustworthy manner.
I used to repair iPhone screens and can answer this. It was the easiest way to check the device worked after the repair and that the screen didn’t have any dead spots. We told people to wipe the phones before they brought them in, and gave people the option of either giving us the PIN code or accepting the device back without us validating the fix.
I don’t think I ever had a single person say no to the pin but we did have plenty of people wipe the device before they brought it in.
When I sent my Steam Deck for repair, Steam asked my to factory reset it, which I did.
Now I think this is what I would do if I need to send any electronic device for repairs.
All my data is backed up to cloud, yes setting it up again is a chore but it's better than risking my data with some unknown contractor.
> All my data is backed up to cloud
How is that less worrisome? Your data is living in someone else's storage, waiting to be compromised.
Depending on the backup mechanism they use it might be protected with cryptography and a private key or strong password.
Assuming they did all that properly of course....
My phone is not backed up. There's also nothing on it that I could not stand to lose.
There are also stories of people losing all of their stuff by sending the device in. So the added benefit of suggesting a wipe is that it encourages you to assume total loss and plan ahead.
That doesn’t necessarily help with people sending in devices with special nostalgia for the physical hardware, such as a signature. Though whether those sorts of issues were from not paying attention to notes attached to the account or outright theft has rarely been clear.
Maybe the benefit of only ever dealing with extremely sketchy places for phone stuff is that they already know I won't give them information to unlock my phone so they never ask. Either the repair can be effected without, or I don't want it done. "Is it OK to wipe this phone?" is also an acceptable question, and sometimes the answer might even be "Yes".
Could be standard protocol for all repairs, meaning they don’t discriminate between repair otherwise their staff will get overwhelmed
In my experience you just say no and they go “OK” and do the job just fine.
It's crazy that a repair shop needs your passcode. I can't think of any case where it would be necessary.
I'm glad this person won the lawsuit though; getting your nudes leaked is a really shitty situation to be in. Apple needs to do a better job vetting their repair shops.
The problem is that Android doesn't offer a pre-boot UI for testing anything unless you flash TWRP (at which point the userdata will be wiped), and I'm not sure if iOS does either.
Yes, this sucks hard.
Can't you restart into recovery mode and run graphics test?
Stock recovery mode on most devices is as barebones as possible - it _might_ have an option to flash a signed image if you're lucky.
Often not even that. Samsung wants its proprietary Odin stuff to flash, Mediatek has their own toolsuite. Both need Windows to run.
Only ones actually using fully open source tools are Google's Pixel lineup.
But none, not even Pixel, allow for anything resembling actual "recovery" for common failure modes. Dead display at least for Samsung and Pixel means you have to install a new display if you want to access the data, otherwise it won't even pass the first bootloader stage, much less boot into the OS or unlock the encryption. Something gone corrupt with the OS? Same case. If you can't manage to boot at least to the Android Safe Mode, you're out of luck. And no HW self-test at all.
Recovery mode on stock Android offers nothing other than wipe userdata and partially update firmware, that's the thing.
My stock Galaxy S24 has this option. Its the most popular Android phone of that year, no?
Somewhere in the 2013-14's or something my MBP had a faulty GPU and I brought it in for free repair (that they put in another faulty GPU which failed after the same time as the first one, but it did get them over of the warranty period is besides the point), and they asked me for my root password. I gave it, and felt incredibly dirty. I would never do that again.
Was it an Nvidia GPU? I used to work for GeekSquad and we would gladly send the Mac to the Apple store to replace the whole thing with the newer model - always free.
People would come back and thank us for sending them to Apple.
They even honored them out of warranty due to the lawsuit they faced with Nvidia over the solder failures.
It was indeed an nvidia GPU, I desoldered something and got the thing working pretty much 100% on the iGPU of the corei7 in there... For 3 days until some update bricked it once and for good.
I never heard of any actions to take after the second failure, shame. Was that also valid in the EU?
Whole thing did leave me a bit sour about Apple tbh, it was my last macbook.
Yeah we offered resoldering for a while but after Apple started replacing them there was no point.
The settlement was in the US, so that is probably why it didn't apply in the EU. Kind of surprising really.
I don't blame you for being upset, the fact that neither party could come to an agreement and left consumers to pound sand was terrible. Apple should have just replaced them while the lawsuit was pending.
My Samsung mode has a repair mode where it sort of creates like a user that doesn't have my files or personal stuff
Apple has had that for 10 years.
Wasn't it added in the fourth beta of iOS 17.5, which was around April 2024?
Samsung had had it since 2022, Google end of 2023, Apple 2024.
I was super confused because he's all over the thread saying it happened 10 years ago. And I was like, wait a second, did I sleep through that? Thanks for the clarification.
Should have used an asexual repair shop [0]
[0] https://www.youtube.com/watch?v=-XQlZdTEhPg
Why doesnt apple add a repair mode? Access to most settings but not data? Then train users to never give their password to Apple (like banks say never say even to us your PIN or online password)
They did. 10 years ago.
That seems to be incorrect
https://www.macrumors.com/2024/04/30/ios-17-5-repair-state/
What is your source?
Oh if you only knew what was happening in the back room when you transferred your device from one computer to another...
Date article posted: June 8th, 2021
Date Apple announced self-repair kits program: November 17, 2021
I had been wondering what inspired that program — sure, it’s a good idea, but it’s an odd investment for a corporation. Three months is about their usual turnaround from “okay, this is humiliating” to “okay, we’ve announced our intent to fix”. Thanks, Vice!
> I had been wondering what inspired that program
The EU legislating ‘right to repair’. It has been in the works for a fair while.
https://appleinsider.com/articles/24/04/24/apple-wont-have-t...
This is pretty bad. Surprised they got away with it for so long
There is a long and shameful history of repair techs and computer shops doing this to people. From the stories I've heard from people who've been in that industry, looking for nudes on customer devices has been almost an expected and tacitly tolerated norm for decades. Its not going to stop on it's own, so we need to start throwing the book at these people. Very long prison sentences are in order. It's a form of sexual abuse and should be considered a very severe felony.
Been going on long before that. When I was in high school a friend worked at a camera shop where they also did photo finishing in-house. Very common for them to make extra prints of all the nudes and amateur porn and circulate them amongst themselves and their friends.
On the one hand, that's a privacy violation. On the other hand, what did people expect when they brought their film in for processing---that nobody would see the photos? My guess is that a lot of them had an exhibitionist thing going on.
They may have expected that the photo techs wouldn't make extra copies, though -- that they'd do what was necessary for the job but no more.
(That expectation is even compatible with exhibitionism! "The photo tech will see my nudes. That's kind of cool! Of course, he wouldn't make extra copies because that would be unprofessional, maybe illegal.")
I think we should continue with the consequentialist approach where the trust violation and right to privacy are considered creepy but not punished as strictly as sexual abuse that actually harms someone or traumatizes them. "Uploads the nudes to Facebook" is not a bad place to draw the line. I spend a lot of time watching TikToks of people in prison and it is a terrible punishment where a few weeks outweighs any harm done to these victims.
Prison is a deterrent.
Criminal yes.
But also civil penalties that would mean closing repair shops that don't work ethically.
A "privacy first" company would never ask for passcodes. They still do in 2025. Just goes to show that Apple's privacy claims are theater.
Every time I had to send in an iDevice for repair they required me to factory-reset it before sending it in. They never asked me for passcodes.
They asked for my wife's iPhone passcode last month. I told her to deny it, ofc.
Every time I've gone to the Apple store they've asked for the passcode
No Apple Store near me so I’ve only dealt with their mail-in support.
Did anyone from Apple went to jail? This is clear case of revenge porn and online sexual abuse!
It wasn’t done by an Apple employee. The earlier example in the story was an Apple Genius though.
This is weird. On one side, why would you give your passcode to a device that contains a lot of stuff, usually financial apps, message history, in a lot of cases access to corporate information... and eventually nudes.
On other side, as a technician, how retarded you must be to have access to all this data and to take nudes and post them online. Like whats the end game? What sort of outcome do you expect?
This is just like the story that happened few weeks ago, when someone gained access to a popular npm packages and uploaded the most obviously visible crypto stealer.
There are a lot of stupid techs. Back in the day we had a tech of a consulting firm run l0phtcrack on our network and then brag about it to a bunch of our firm’s employees. He wasn’t even doing it to steal data, which is probably why he thought it was okay.
The thing about stupid people is they don’t know they’re stupid. They are either wholly delusional about the legality, morality, or consequences or they reason that because they couldn’t catch themselves there is no way anyone else could catch them.
That's what my first thought was too - nudity is everywhere, it's not like you posted the first images of a nude woman ever.
I'm guessing it's the same reason people rape, when it's relatively easy to hook up with someone consenting: the abuse of power is the point.
(2021)
Discussion at the time: https://news.ycombinator.com/item?id=27422449
[flagged]
I’m not sure blaming the victim is the appropriate response here.