Right-to-repair advocate urges Apple to let resellers bypass security protocols

Posted:
in General Discussion edited January 25
One independent MacBook reseller and right-to-repair advocate has scavenged Macs from a facility that destroys computers for security reasons, and wants Apple to let him disable iCloud Activation Locks.

2020 M1 MacBooks are making their way to recycling centers
2020 M1 MacBooks are making their way to recycling centers


John Bumstead has a business refurbishing and reselling used Macs via his RDKL INC repair store. Apple doesn't make his life easy as a business owner seeking to sell used computers on the cheap.

Products that are no longer being used by businesses, schools, and the government are often given to recycling centers with strict disposal rules to protect data. These centers are often certified by the Responsible Recycling standard, referred to as R2.

Resellers like Bumstead treat these centers as a secondhand-parts gold mine, though, not without breaking some rules. In order for resellers to obtain computers or parts marked as scrap for destruction, the facility has to willingly violate their R2 certification.

It seems simple enough for unauthorized resellers like Bumstead to find shady recycling centers willing to sell him parts and computers, but there's still an obstacle in his way. He wants Apple to make it easier for people to bypass Activation Lock on products.

How many of you out there would like a 2-year-old M1 MacBook? Well, too bad, because your local recycler just took out all the Activation Locked logic boards and ground them up into carcinogenic dust. #righttorepair

-- John Bumstead (@RDKLInc)


This has always been an issue with products like iPhone and iPad, which are locked to an Apple ID once the user signs in. However, Macs gained Activation Lock once the T2 was introduced, and that was integrated into Apple Silicon as well.

In a story from Vice, the right-to-repair advocate argues that Apple should give users the ability to request Activation Lock to be removed from a product. However, he neglects to mention that Apple already has a process to do this for legally-obtained products.

The process is very simple. If a user has purchased an Apple product through means that will produce a receipt, like through eBay, users can request Activation Lock to be removed. All the user has to do is navigate to Apple Support and provide a receipt as proof.

The problem Bumstead is likely running into is MDM or mobile device management. Apple will not unlock products that were previously part of an MDM system that's still attached.

The situation is even more complicated by how these MDM computers are being acquired. An R2-certified recycling facility will generally have sub-certifications for data disposal and other protections.

So, that means companies see those certifications and expect devices sent to that facility will be dismantled and recycled in full.

Apple's answer to right-to-repair activists so far is to rent expensive equipment
Apple's answer to right-to-repair activists so far is to rent expensive equipment


Bumstead openly admitted to his practice of obtaining parts and computers from recycling facilities that willingly violate their R2 certification. While his goal is to stop the recycling process and give a new life to these Macs, it isn't an altruistic one.

Taking computers meant for destruction and placing them on the secondhand market for his own profit likely isn't a recycling flow that Apple wants to get behind.

Previously, Bumstead was seen protesting Apple's move to kick unauthorized resellers from Amazon in 2019. A move that also impacted Bumstead's sales.

The right-to-repair movement wants Apple to give users more control over the devices they own. Conflicts have made it to the higher courts, which generally have resulted in Apple giving some ground to the movement.

Most recently, Apple began providing parts, tools, and instructions to individuals who want to self repair their own iPhones and Macs. But, as of yet, the effort does not go as far as most right-to-repair advocates want, and the tools required can be expensive to rent.

Read on AppleInsider
«1

Comments

  • Reply 1 of 32
    I wouldn’t trust him. 
    JaiOh81FileMakerFellerwatto_cobra
  • Reply 2 of 32
    F this guy, he sounds completely untrustworthy. 
    JaiOh81RhythmageFileMakerFellerwatto_cobra
  • Reply 3 of 32
    ajmasajmas Posts: 590member
    I’m all for right to repair, but I fear that simply ignoring the iCloud lock would likely increase the risk of theft?


    JaiOh81FileMakerFellerwatto_cobra
  • Reply 4 of 32
    anonymouseanonymouse Posts: 6,717member
    The right to resell stolen devices, and harvest data from them.
    JFC_PAJaiOh81Rhythmagemike1williamlondonFileMakerFellerwatto_cobraforegoneconclusion
  • Reply 5 of 32
    jdb8167jdb8167 Posts: 626member
    Anyone that advocates this is untrustworthy. They are advocating allowing access to stolen laptops (or in this case devices earmarked for destruction being semi-illegally repurposed) not only for a working laptop but also all the data on that laptop. Hard no!
    edited January 24 JaiOh81RhythmageFileMakerFellerwatto_cobra
  • Reply 6 of 32
    lkrupplkrupp Posts: 10,351member
    Sure, why not. I would trust a guy named Bumstead, wouldn’t you? I’m sure Blondie would keep him honest.

    But let’s be real. From what we read and see every day it’s clear that the general public doesn’t give a rat’s ass about their privacy, security, data, or personal information. Neither do politicians. Convenience trumps all of that. The owners of these recycled devices couldn’t take the time to wipe them before discarding them… because they didn’t care about their data.
    edited January 24 JaiOh81FileMakerFellerwatto_cobra
  • Reply 7 of 32
    AppleZuluAppleZulu Posts: 1,511member
    This seems akin to someone going to the junkyard, buying vehicles that have been 'totaled' and then demanding that the car manufacturers commit insurance fraud by issuing new titles for the vehicles. That's insurance fraud, because the process of totaling a car means that insurance companies have assessed the repair cost and determined it's more than the cost of paying out a full claim (and essentially buying the wreck) to the car's previous owner. Issuing a new title for a totaled car essentially transfers the value of the insurance company's assumed loss to the person who pays pennies for scrap but then gets a titled vehicle that can be repaired and re-sold to a new buyer who has no idea it was previously totaled.

    If the prior owners of these Macs believed they could ensure data security and also get value from the devices by reselling them as wiped surplus, they would've done that, rather than send them off to scrapped, disassembled and recycled. Instead, those previous owners have written off any possible resale value for the value of being fully assured that data security is protected by scrapping the devices. In essence, Bumstead is seeking to steal that written-off value by having the security lock disabled. The previous owner loses both the resale value of the devices they scrapped and also the value of assured data security. 
    RhythmagewilliamlondonFileMakerFellerwatto_cobra
  • Reply 8 of 32
    AppleZuluAppleZulu Posts: 1,511member
    lkrupp said:
    Sure, why not. I would trust a guy named Bumstead, wouldn’t you? I’m sure Blondie would keep him honest.

    But let’s be real. From what we read and see every day it’s clear that the general public doesn’t give a rat’s ass about their privacy, security, data, or personal information. Neither do politicians. Convenience trumps all of that. The owners of these recycled devices couldn’t take the time to wipe them before discarding them… because they didn’t care about their data.
    Yes, let's be real. You couldn't be more wrong about this. The previous owners in this case have specifically contracted to have the devices destroyed in order to protect the security of their data. Businesses routinely contract with companies that shred paper, and those shredder companies follow procedures that allow them to assure their customers that the confidential information on that paper will be protected by shredding the paper as well as by proper handling before it's fed into the shredder. The businesses hiring the shredder companies have almost certainly not had someone go through every page to redact information with a sharpie first. That's not because they don't care about their data. It's because it's more cost effective to shred it than to have someone redact each page individually. They're paying money to the disposal company to assure data security by shredding the paper. This is no different than businesses that send Macs to recyclers who assure that those devices will be destroyed in order to protect data security. Apple's activation lock helps assure that the devices are secure until they're scrapped. 
    PERockwellRhythmagewilliamlondonJFC_PAFileMakerFellerwatto_cobrabeowulfschmidt
  • Reply 9 of 32
    JinTechJinTech Posts: 966member
    AppleZulu said:
    lkrupp said:
    Sure, why not. I would trust a guy named Bumstead, wouldn’t you? I’m sure Blondie would keep him honest.

    But let’s be real. From what we read and see every day it’s clear that the general public doesn’t give a rat’s ass about their privacy, security, data, or personal information. Neither do politicians. Convenience trumps all of that. The owners of these recycled devices couldn’t take the time to wipe them before discarding them… because they didn’t care about their data.
    Yes, let's be real. You couldn't be more wrong about this. The previous owners in this case have specifically contracted to have the devices destroyed in order to protect the security of their data. Businesses routinely contract with companies that shred paper, and those shredder companies follow procedures that allow them to assure their customers that the confidential information on that paper will be protected by shredding the paper as well as by proper handling before it's fed into the shredder. The businesses hiring the shredder companies have almost certainly not had someone go through every page to redact information with a sharpie first. That's not because they don't care about their data. It's because it's more cost effective to shred it than to have someone redact each page individually. They're paying money to the disposal company to assure data security by shredding the paper. This is no different than businesses that send Macs to recyclers who assure that those devices will be destroyed in order to protect data security. Apple's activation lock helps assure that the devices are secure until they're scrapped. 
    And it is the IT department's job at the said company to ensure that the machines and the data is protected before the machines are sold or repurposed, not some third-party service run by a guy named Bumstead.
    RhythmageFileMakerFellerwatto_cobra
  • Reply 10 of 32
    netroxnetrox Posts: 1,287member
    "carcinogenic dust" is hilarious. Seriously? All electronic devices have carcinogenic chemicals but they aren't necessary dangerous if they're not exposed and when you shred, you have to do it in a controlled environment and wear masks/googles. 
    FileMakerFellerwatto_cobra
  • Reply 11 of 32
    MadbumMadbum Posts: 438member
    So I have to give up my security so some cheap moron Can repair his. 2012 iPad?

    no thanks 
    watto_cobrabeowulfschmidt
  • Reply 12 of 32
    MadbumMadbum Posts: 438member
    Only people with activation lock issues are thief’s with no means to prove their purchase .

    I just got a 2 year old max on EBay for my niece and the guy gave me his email receipt, no issue at all 
    JFC_PAwatto_cobra
  • Reply 13 of 32
    This article is skewed and I understand the skewed comments. I have over 3000 machines in a given year out on lease. I own all of them. The company leasing them adds them to their MDM accounts and are informed to remove them at the end of the lease term. When they come back about 30% of them are MDM locked. The person(s) running the MDM servers are not the person I interface with for the leases and I specify up front they are to remove them prior to shipping them back. Remember I own these machines. I simply charge the customer the full price for the machines (as per the lease agreement) since I have no easy way to remove the MDM. It's not my job to address a discipline issue with another companies IT department. I grind them up into bits and send them to recycle. Grinding up 2021 machines now. Chew on that.
    williamlondonMacocalypseFileMakerFellerwatto_cobra
  • Reply 14 of 32
    I dislike thieves.  
    watto_cobra
  • Reply 15 of 32
    AppleZulu said:
    This seems akin to someone going to the junkyard, buying vehicles that have been 'totaled' and then demanding that the car manufacturers commit insurance fraud by issuing new titles for the vehicles. 
    Seems to me more like the cash for clunkers program, through which tens of thousands of running vehicles were destroyed by government fiat instead of being used for parts. If Macs can be untethered from an activation lock without endangering data security (which is admittedly a big if), seems like a no-brainer to allow it.
    edited January 24
  • Reply 16 of 32
    DAalsethDAalseth Posts: 2,588member
    I object to the article calling him a “Right to Repair Advocate”. He is not. He is a fence. Someone dealing in property obtained through marginally illegal means who is annoyed that Apple has systems in place to prevent what he does. This isn’t a job for Right to Repair legislation, or any policy change on Apple’s part. This is time to get the attorneys involved. The DA needs to go over his operation with a fine toothed comb. I am very confident they will find criminal activity. Second, every company that has been contracting with businesses in that region to recycle and securely destroy their old equipment, needs to have their legal department go after him to find out where he was getting the stuff he was reselling. If it was from the facilities they had contracted with they have a hell of a strong case, both against them, and him. 
    mike1williamlondonFileMakerFellerwatto_cobra
  • Reply 17 of 32
    22july201322july2013 Posts: 3,219member
    There are many orthogonal value system conflicts. Safety vs Cost; Privacy vs Law Enforcement; Privacy vs Environment (which could be applied in this case); etc. It's rarely the case that one completely trumps the other. But at least we live in a country where we can decide our own future by electing the people who will implement our values. Most of Asia and African can't do that. Most of Europe and the Americas can.
    FileMakerFellerwatto_cobra
  • Reply 18 of 32
    danoxdanox Posts: 1,564member
    ajmas said:
    I’m all for right to repair, but I fear that simply ignoring the iCloud lock would likely increase the risk of theft?


    Yes, it would, the right to repair movement would create a new bigger market in stolen Apple parts, right now there isn’t much of a market in stolen parts for Apple devices. Because right now it’s pretty much useless (a brick ) if you steal a iPhone, iPad or a Mac laptop or Mac desktop and it’s locked. And breaking it up into component parts is expensive and not very profitable (too much breakage without the proper tools).

    What right to repair wants is for it to be easy for them to break things apart and sell the component parts or sell whole used Mac devices. Repairing computers, is actually only a very small part of the business they are aiming for, there is more money being a fence than as a actual repair shop.

    Think catalytic converters….
    edited January 24 JFC_PAFileMakerFellerwatto_cobra
  • Reply 19 of 32
    DAalsethDAalseth Posts: 2,588member
    This does bring up an interesting question:
    One IT job I had years ago included destroying drives to prevent any confidential information from getting out. We did this with a jig, and a drill. A couple #20 drill holes through the drives platters and there would be no way to recover the data, (unless you were the FBI or something like that). Once that was done, we’d install a new HDD and re deploy the system.

    Now that the drive on Apple machines is solid state, and soldered in place is there any way to securely destroy the data without shredding the whole computer? I mean we can say the drive was nuked, but really? There’s no visible way to verify that it happened. Even the person running the command line script doesn’t KNOW that it worked. I’m sure that a clever coder could embed a script that would fend off such attempts if they wanted to. Make it look like it ran when it didn’t.

    With the newest generation of Apple, and other companies, hardware can they be securely disposed of while leaving them available to re use? I suspect not.
    edited January 24 FileMakerFellerwatto_cobra
  • Reply 20 of 32
    MadbumMadbum Posts: 438member
    The guy is a thief. Period. Right to repair my ass lol
    Calamanderwatto_cobra
Sign In or Register to comment.