I read all the comments thus far, and the only one that sounds somewhat reasonable is that from Stimpy. The rest are all negative, bashing change, and defending the status quo. We've got comments that go as far as say that crushing old computers isn't all that dangerous to health, with other comments trying to call in the blood sucking lawyers, and then other comments which talk about the untrustworthiness of right to repair advocates. Someone even defended democracy in what I assume to be the USA by saying we can at least be thankful we have elected officials who implement "our values," forgetting that America is divided 50-50, and that a house divided cannot stand. All the while, not a single person here is trying to propose a way to improve things. Not a single one. Everyone complains and screams "Safety!" and "Security!" and "Lawyers!", and nobody really cares, and nothing improves as a result.
Bravo.
There needs to be a way for sensitive data to be reasonably and securely erased in such a way that the electronics of a given device can later be repurposed rather than destroyed. Any argument that defends the status quo of "destruction is the only safe method" is not a sustainable solution and therefore requires a rethink. That's why I appreciate stories like this because it challenges us to rethink what we are doing now and asks us to think about a better way. Anyone thinking that crushing computers is a better way or the only way isn't thinking hard enough. And with all the self-praising advertising that Apple does about sustainability, solar panels, recycled materials, use of less toxic materials, etc., it behoves that same Apple to think further about how to keep its beloved machines in operation longer, even if that means some people may opt for an older Mac, now and then, rather than a new.
I can only be thankful that this security and recycling madness didn't happen in the distant past. As a result, I can thoroughly enjoy vintage 1980's and 1990's Macs today. Computing history from that era is preserved. Toying with an SE/30 or Color Classic may not be completely practical, but it is a fun hobby and there's an active community built around mods and upgrades. We still have some very old hard drives, such as the GCC HyperDrive, still in use today because folks back in the day didn't put a drill through every one out of data theft fears. And hobbyists today aren't going around sharing stolen data either, even though there is an abundance of old data still residing on ancient drives housed in machines sold at yard sales for low prices.
Well said.
It will, however, come down to cost efficiency for those computers owned by businesses and for those situations where the data must not under any circumstances become available to downstream parties.
I once worked for a company that did a lot of government work. Hard drives from used machines were stripped and sent to a business that crushed and shredded the drives, because given the right software and about a week's effort it is possible to retrieve some of the data from a physically working drive and the government insisted on proof of total data destruction - physical deconstruction takes a lot less than a week.
The destruction companies are not going to waste a revenue stream, so they're recycling as much as they can. They get more for working components, so that's what they prioritise, but where that's not possible they're still going to sell the crushed materials to some entity that will refine the raw materials from them - it's expensive and time-consuming to convert ore into metals, and the yield is significantly higher for recycled electronics.
Not ideal, perhaps, and there is always room for improvement, but it's not a dire situation.
See? If we'd only pass more right to repair laws, then fine, upstanding local repair shop owners like John Bumstead could finally flourish and save us all from the jackboot of Apple oppression. C'mon, wouldn't you like to save a few bucks and bring your Mac to Bumstead to get fixed? You could feel certain the data on our hard drive is safe with him!
This seems akin to someone going to the junkyard, buying vehicles that have been 'totaled' and then demanding that the car manufacturers commit insurance fraud by issuing new titles for the vehicles.
Seems to me more like the cash for clunkers program, through which tens of thousands of running vehicles were destroyed by government fiat instead of being used for parts. If Macs can be untethered from an activation lock without endangering data security (which is admittedly a big if), seems like a no-brainer to allow it.
First, "Cash for Clunkers" was an incentive, not a fiat. Nobody was forced to participate. The crash of 2008 had the entire US auto industry poised to collapse. This program provided a financial incentive for owners of older cars to trade them in and buy a new vehicle, saving the auto industry and the jobs that go with it. As with the Activation Lock situation here, the scrapping of the old device is crucial to the process. The idea was to get the "clunkers" off the road entirely, not simply to shift them to a secondary, cheap used car market that would undermine the new car market that desperately needed to be saved. There was also the environmental benefit of getting less fuel efficient, dirtier-exhaust-emitting vehicles off the road.
Second, your "big if" mentioned here is the whole point. Activation Lock is a protection for Apple device owners. Requiring Apple to disable that feature if they're not able to prove, within a 30-day window, that a device was stolen makes the feature a lot less protective, by releasing a device that may still have user data on it to third parties unknown to the original owner. That original owner paid for a device with the Activation Lock security feature to protect them, and it's up to them to decide if they're going to disable it. A potentially unscrupulous third party doesn't have a right to take that away.
I fully support the idea of thinking bigger and not destroying perfectly good devices, especially brand new devices. Additionally, there is a crucial issue that needs to be addressed: bypass tools. While many are concerned about security, these tools make it easy for thieves and data hackers to bypass activation lock devices accessing the persistent data. iCloud lock bypasses are readily available, allowing stolen devices to retain their previous data. Imagine stealing a device and using a free script that exploits the checkm8 vulnerability to unlock it. This is not secure. I understand this specific vulnerability is only for older devices but depending on the IOS version on a newer device it could be vulnerable to escalated privileges and leading to an activation lock bypass. A solution could be implementing a 90-day reporting system where if a device is not reported as stolen, it is erased and unlocked. This could decrease the development and usage of iCloud lock bypass tools, which pose a significant security risk. Just as jailbreaking has become less relevant as Apple has opened up the device to more carriers and added features that were previously only available through jailbreaking, I believe the same will happen with iCloud lock bypass tools. You all are stressing security but when you leave a device data indefinitely locked behind a key eventually it's picked and the data is accessed. When you put a timer like a bomb, it gives them less time and less insensitive to build such tools in the first place. If I was a criminal and stole a safe full of goods. I know I have infinite time to crack the safe and GUARANTEED access to the contents inside eventually it's inevitable I crack it.
Imagine, some magical way, after a set duration, the safe emptied itself. Yes, you can kick and scream, "the criminal can resell the safe and dismantle and use the parts for another safe?" Who cares, the actual super vulnerable data, the most important aspect is destroyed. SSN protected, auto logins protected, photos protected. I seen these bypass tools in action. I’ve seen how average people put their social security number into their notepads. I’ve seen the worse with these bypass tools. And I can tell you, you all allow theft in a bigger way. You’re talking about ruining peoples credit, liquidating bank accounts, things that would make people wish that the thief profit $200 - $900 from the stolen hardware vs entire life savings and other assets completely taken or liquidated.
Edit: I understand that the issue of stolen property is complex, but my main focus is on data security. It's important to consider that even if a device is supposed to be disposed of correctly, bad actors may still obtain it and access the data. The vulnerability of data recovery on locked devices with Apple's activation flaw is a significant concern. A quick solution could be a new feature that allows for a reset of locked devices after a certain period of time even if they don’t unlock the device. This could have a significant impact on data security, even though it wouldn't address the issue of fraudulent serial numbers because that’s the next step a fencer would take.
Lastly, It is important to remember that altering a device's serial number can also allow it to be unlocked with data still being persistent. Many individuals who engage in such activities often keep a low profile, making it difficult for people to be aware of this issue. However, it is a prevalent problem, with many individuals in possession of devices with fraudulent serial numbers without knowing or the thief simply data harvest and the device gets disposed of. It's unfortunate that this is not given more attention, and that some individuals are of the belief that Apple's security measures are top notch, despite the serious security vulnerabilities floating around.
"The process is very simple. If a user has purchased an Apple product through means that will produce a receipt, like through eBay, users can request Activation Lock to be removed. All the user has to do is navigate to Apple Support and provide a receipt as proof."
This process of Apple, though simple, does not yield an unlocked device. I have a legitimately bought M1 Mac Mini that I got on eBay a couple of months ago. It is activation locked. I uploaded my receipt to Apple and asked at least 3 times for them to unlock it and was denied. I can assure you that I do not steal computers! I make enough money to buy them and have been doing so for decades (I have a Mac Studio and a 16" MacBook Pro now, not to mention the ones I've gotten for my family.) As a technician and a pastor, used computers come my way sometimes and I "refurbish" them and give them away for free. So when I got this M1 Mac Mini, I thought I would just go through Apple's process and have it unlocked. Wrong! They denied me several times. If Apple is suspicious of my theft, then fine, but at least give me the information of the person who they think I stole it from so I can return it to them or ask them to remove the device from their Apple ID. Now I'm just stuck with a $200 paperweight. Is this really what their privacy/security endeavors are meant to do?
"The process is very simple. If a user has purchased an Apple product through means that will produce a receipt, like through eBay, users can request Activation Lock to be removed. All the user has to do is navigate to Apple Support and provide a receipt as proof."
This process of Apple, though simple, does not yield an unlocked device. I have a legitimately bought M1 Mac Mini that I got on eBay a couple of months ago. It is activation locked. I uploaded my receipt to Apple and asked at least 3 times for them to unlock it and was denied. I can assure you that I do not steal computers! I make enough money to buy them and have been doing so for decades (I have a Mac Studio and a 16" MacBook Pro now, not to mention the ones I've gotten for my family.) As a technician and a pastor, used computers come my way sometimes and I "refurbish" them and give them away for free. So when I got this M1 Mac Mini, I thought I would just go through Apple's process and have it unlocked. Wrong! They denied me several times. If Apple is suspicious of my theft, then fine, but at least give me the information of the person who they think I stole it from so I can return it to them or ask them to remove the device from their Apple ID. Now I'm just stuck with a $200 paperweight. Is this really what their privacy/security endeavors are meant to do?
Let’s also not forget major flaws like the iPhone 7 cellular recall. The iPhone 7 had a recall for cellular issues, and because I bought mine in 2021 after the recall, Apple refused to fix the logic board. Now my device is stuck on the activation screen with a "failed" message and is essentially bricked and it worked like an iPod before I factory reset the device. The Activation lock feature is a major flaw, and needs deeper thought. The only way to fix it now is to repair the amplifiers on the logic board, which is an Apple defect or pay Apple $300 for the repair, but they keep trying to upgrade me instead. These people are only supporting Apple forcing upgrades and forcing people to spend more money than they need to in the middle of hard economic times.
I’m all for right to repair, but I fear that simply ignoring the iCloud lock would likely increase the risk of theft?
Yes, it would, the right to repair movement would create a new bigger market in stolen Apple parts, right now there isn’t much of a market in stolen parts for Apple devices. Because right now it’s pretty much useless (a brick ) if you steal a iPhone, iPad or a Mac laptop or Mac desktop and it’s locked. And breaking it up into component parts is expensive and not very profitable (too much breakage without the proper tools).
What right to repair wants is for it to be easy for them to break things apart and sell the component parts or sell whole used Mac devices. Repairing computers, is actually only a very small part of the business they are aiming for, there is more money being a fence than as a actual repair shop.
Think catalytic converters….
This is bonkers. Do you honestly believe that this is how we make all of our money?
It's quite the opposite - I don't want to be in the position to have to buy donor boards from John Bumstead to begin wtih.
The only reason there is even a market for donor boards as great as there is, is because Apple's relationships with Texas Instruments, Intersil/Renesas force their hand to not sell chipsets for repair to repair shops like ours.
There is nobody I know, and I mean nobody, that would rather buy random recycled donor boards for $30-$100 than just go to mouser.com and buy a pre-balled chip for $5-$10.
Comments
It will, however, come down to cost efficiency for those computers owned by businesses and for those situations where the data must not under any circumstances become available to downstream parties.
I once worked for a company that did a lot of government work. Hard drives from used machines were stripped and sent to a business that crushed and shredded the drives, because given the right software and about a week's effort it is possible to retrieve some of the data from a physically working drive and the government insisted on proof of total data destruction - physical deconstruction takes a lot less than a week.
The destruction companies are not going to waste a revenue stream, so they're recycling as much as they can. They get more for working components, so that's what they prioritise, but where that's not possible they're still going to sell the crushed materials to some entity that will refine the raw materials from them - it's expensive and time-consuming to convert ore into metals, and the yield is significantly higher for recycled electronics.
Not ideal, perhaps, and there is always room for improvement, but it's not a dire situation.
Ridiculous.
This is my property. If I decide it needs to be destroyed, then I don't want that guy to sneak in and take it... WTF.
Also goes to show any real privacy advocate should have power tools nearby and not be afraid to use them...
Second, your "big if" mentioned here is the whole point. Activation Lock is a protection for Apple device owners. Requiring Apple to disable that feature if they're not able to prove, within a 30-day window, that a device was stolen makes the feature a lot less protective, by releasing a device that may still have user data on it to third parties unknown to the original owner. That original owner paid for a device with the Activation Lock security feature to protect them, and it's up to them to decide if they're going to disable it. A potentially unscrupulous third party doesn't have a right to take that away.
I fully support the idea of thinking bigger and not destroying perfectly good devices, especially brand new devices. Additionally, there is a crucial issue that needs to be addressed: bypass tools. While many are concerned about security, these tools make it easy for thieves and data hackers to bypass activation lock devices accessing the persistent data. iCloud lock bypasses are readily available, allowing stolen devices to retain their previous data. Imagine stealing a device and using a free script that exploits the checkm8 vulnerability to unlock it. This is not secure. I understand this specific vulnerability is only for older devices but depending on the IOS version on a newer device it could be vulnerable to escalated privileges and leading to an activation lock bypass. A solution could be implementing a 90-day reporting system where if a device is not reported as stolen, it is erased and unlocked. This could decrease the development and usage of iCloud lock bypass tools, which pose a significant security risk. Just as jailbreaking has become less relevant as Apple has opened up the device to more carriers and added features that were previously only available through jailbreaking, I believe the same will happen with iCloud lock bypass tools. You all are stressing security but when you leave a device data indefinitely locked behind a key eventually it's picked and the data is accessed. When you put a timer like a bomb, it gives them less time and less insensitive to build such tools in the first place. If I was a criminal and stole a safe full of goods. I know I have infinite time to crack the safe and GUARANTEED access to the contents inside eventually it's inevitable I crack it.
Imagine, some magical way, after a set duration, the safe emptied itself. Yes, you can kick and scream, "the criminal can resell the safe and dismantle and use the parts for another safe?" Who cares, the actual super vulnerable data, the most important aspect is destroyed. SSN protected, auto logins protected, photos protected. I seen these bypass tools in action. I’ve seen how average people put their social security number into their notepads. I’ve seen the worse with these bypass tools. And I can tell you, you all allow theft in a bigger way. You’re talking about ruining peoples credit, liquidating bank accounts, things that would make people wish that the thief profit $200 - $900 from the stolen hardware vs entire life savings and other assets completely taken or liquidated.
Edit: I understand that the issue of stolen property is complex, but my main focus is on data security. It's important to consider that even if a device is supposed to be disposed of correctly, bad actors may still obtain it and access the data. The vulnerability of data recovery on locked devices with Apple's activation flaw is a significant concern. A quick solution could be a new feature that allows for a reset of locked devices after a certain period of time even if they don’t unlock the device. This could have a significant impact on data security, even though it wouldn't address the issue of fraudulent serial numbers because that’s the next step a fencer would take.
It's quite the opposite - I don't want to be in the position to have to buy donor boards from John Bumstead to begin wtih.
The only reason there is even a market for donor boards as great as there is, is because Apple's relationships with Texas Instruments, Intersil/Renesas force their hand to not sell chipsets for repair to repair shops like ours.
There is nobody I know, and I mean nobody, that would rather buy random recycled donor boards for $30-$100 than just go to mouser.com and buy a pre-balled chip for $5-$10.