Hacker News new | past | comments | ask | show | jobs | submit login

This line of argument just _irks_ me. I don't care enough about thieves for this to even matter to me. And I think this is zero-sum for the consumer. Maybe more devices get stolen (probably not, if I'm a thief I'm still snatching it and throwing it in a river or something). What this really does is suffocate the secondary parts market, so it costs more to repair the things or they just require a replacement.

Many, many users of these devices have rarely, if ever, had anything stolen from them. And as one such person, I don't want to hear a company tell me I can't even have the _option_ of an open device because "it's for my own good". I can damned well decide that on my own.




> Many, many users of these devices have rarely, if ever, had anything stolen from them.

You don't want the thief to steal a locked device. You want the devices to have a reputation for not worthing as much on the black market if stolen. That creates a deterrent effect, and is arguably one of the reasons why the average person's phone is stolen less.

As to whether this effect is worth suffocating the secondary parts market, it really depends on whether you're actually a potential participant in it. One can argue that the vast majority of iPhone/Mac users never thought of buying parts or using non-official channels for repairing the device.


The laptop could come with a USB-C "master key" on the box, tied to that specific laptop. Keep that key at home, and all the anti-theft benefits continue to apply, while keeping the owner in control of their hardware.


> The laptop could come with a USB-C "master key" on the box

Or simply with a unique private key, printed inside a tamper proof envelope? You can at least backup the private key to somewhere safe, if you want.

Many people will lose the key (that's ok, not worse than the current situation), but at least those who care won't.


So both you and Apple would have access to that private key and you would be able to recover it from Apple if you lose it? Directly or the way it’s handled now. Cause otherwise it wouldn’t really work


Apple can have their own, separate private key for convenience (so that you can reset your device using an iCloud account). Your private key is for when you forget your iCloud password (or the device is bricked, as in the article) and Tim Cook can't be bothered to step in.


But if Apple believes that original proof of purchase (the receipt that the author presented to Apple in hopes that it would convince them to unlock the laptop) is insufficient (and let's assume the lack of cryptographic signing of said receipt isn't the problem; Apple can verify the receipt another way) because the original owner could've sold the laptop to a second owner and then stolen it back, then why would Apple think it's ok to accept "your private key" as proof that you're still the owner? You could've sold the laptop and stolen it back -- the exact hypothetical situation that prevents them from considering the original bill of sale -- and then used the key that you had possession (or knowledge) of the whole time! A secondhand buyer should demand the key if it's physical, but if it can be duplicated this breaks down.


> why would Apple think it's ok to accept "your private key" as proof that you're still the owner?

Isn't that the whole point of this argument? The buyer shouldn't need to convince Apple. My suggestion was to eliminate Apple's power to brick a device and then be the judge who decides whether you own the machine or not.

The private key mechanism is a good way to deter theft, but Apple should not be policing it. The steal back is really an edge case that doesn't need to be covered by a technical solution.


Everyone who doesn’t throw that useless weird dongle out with the box will lose it immediately. This is not a technical problem and you cannot fix it with a technical solution.


> Everyone who doesn’t throw that useless weird dongle out with the box will lose it immediately

So they'd be no worse off than they are the way things currently work, except with the ability for the few who do care about this sort of thing having a better workaround than "try to email the CEO and pray that he somehow notices"

> This is not a technical problem and you cannot fix it with a technical solution

Funny, that's exactly how I see bricking a laptop to try to curtail thieves, only it actually does solve the problem, but only by creating a worse one


Is this the case though? From what I understood in the article:

- Find My Device wasn’t enabled on the mac and it was stolen.

- somebody reset it and tied it tot their account

- then the same person passed it to another party and bricked it by reporting it stolen.

- somehow the original owner managed to recover it

Would the original owner been able to avoid all this has they actually enabled this security feature in the first place?


Yes, if they had enabled Find My.


>> This is not a technical problem and you cannot fix it with a technical solution

> Funny, that's exactly how I see bricking a laptop to try to curtail thieves

People love to repeat slogans, regardless of whether those slogans actually apply to whatever it is they're talking about.


In fact, it could even just be a plastic "owner's card" like the one you get when you buy a new lock, that, presumably, you must have to order new keys.

With some QR code and the device's camera, you don't need any new hardware.


What happens when you lose it?


If it’s a fail safe, then losing it will impact very few people.


I believe some ASUS laptops come with a built-in security key called the "keystone" that slots into the chassis. It's visually similar to those security devices built into treadmills that will stop the machine if it gets yanked out (by someone falling or etc). It could probably be used like a master key.


The Kensington lock slot on the chassis is extremely common. My Surface Book didn’t have one, but every other laptop I’ve had has had one.

https://en.wikipedia.org/wiki/Kensington_Security_Slot


It's a security key, as in a Hardware Security Module, it's not just a lock slot. Look up "asus keystone" and you can find images of it.

https://www.mensxp.com/technology/games/55824-asus-rog-keyst...

The first-party software supports using the key to unlock a hidden encrypted volume, as well as instantly locking the computer when the key is removed. I'm not 100% sure if it can be used to secure bootup.


lol, no it’s not, it’s an NFC chip with an account ID on it. That allegedly encrypted hd is just a vhd stored in programdata that anyone can mount and read. It’s not a Kensington lock but it provides the same amount of data security as one.

c:\programdata\asus\virtualdrive


> it’s an NFC chip with an account ID on it.

wait, they made something that looks like an HSM and is marketed like an HSM, but actually it's just a glorified ID card? That's stupid


The point I was attempting to make is I don't care what the thief does. I want the option to disable it if I've determined (on my own, with no help from anyone else!) that I'm not at a high risk of theft in the first place.


Fair point.

I must point out that in the original article, the author lost their MacBook and then complained it was locked after it was returned. (It would be analogous to getting it stolen then having the thief reactivate the lock.)


“must”? The lockout is only the reason that an event consisting of a misplaced device that was returned, instead turned into the constructive loss of the device in question.


Well yes?

As I understand it the owner chose to not enable the security feature. The thief however did.

How else would you suggest this choice be implemented? Apple selling different models with or without the feature? Because then nobody would just buy the less “secure” option and Apple would rightfully soon discontinue it


A security feature that causes a security vulnerability that wouldn't exist without the feature, is not a good security feature. The existence of the security feature makes it less secure, for some people. Why wouldn't they buy the version without it?


The "security vulnerability" you refer to is that somebody who steals your device can brick it.

https://xkcd.com/538/


Isn’t that what happened here? Owner didn’t enable security feature (Find my…). Then some series of events led the thief to reset device, enable Find My, and lock themselves out.


Okay, and you can.

But then the person who steals your laptop (as in this story) can turn it back on and you’re shit out of luck.


This also deters one from buying a used Mac or iDevice, because apparently it's on the seller to remove the device from their account, and they can lock/deactivate it remotely at will. Any proof that the device was actually removed from the seller's account is subject to forgery.


Yikes wait so is there no way to guarantee against this? Like if I buy a 4K MacBook Pro second hand on eBay surely I am able to guarantee they’re not gonna brick it on me in six months?!


> surely I am able to guarantee they’re not gonna brick it on me in six months?!

Yeah, just set up the machine using your own iCloud account, before it's too late to return for a refund.


For context I live in Brazil.

Laptop theft was never a pressing enough matter for me to do anything except encrypting its disk. I never met anybody around here that claims to have done anything about protecting from it (except for physically protecting it). And nobody that I know has a locked-down device that would be worthless if stolen.


I think that ship may have sailed unfortunately.

For a while I thought--and it seemed to be-- that it was pointless to steal an iPhone for that reason.

Then my phone was stolen last summer. The kind of folks that are gonna steal phones don't care one way or the other. Maybe they'll get lucky and it's unlocked (you'd be surprised!) but if not they'll just dump it in quantity for parts.

The kind of person stealing a phone isn't usually very bright and making calculated cunning decisions here.


> the vast majority of iPhone/Mac users never thought of buying parts or using non-official channels for repairing the device.

Seriously?

People like that exist?

Now I am tempted to shun anyone carrying a fruit phone.


These anti-theft systems are one of the big reasons that so few users have their phones & laptops stolen from them.

I don't know how old you were in the 2000's, but even in restricted access college libraries, laptops were stolen constantly. In the first few years after iPhones came around, phone theft started becoming super common, and was eventually a constant source of news.

Back then the thieves weren't limited to professionals who had access to a fence who has contacts with shady factories overseas. Every single hard up person could benefit from grabbing a device, and doing a DFU reset or wiping the hard drive. The market and opportunity for thievery was soooo much bigger.


I'm not sure I buy this logic. The timeline you give could be just as easily explained as people taking time to learn to account for carrying around something valuable in a form factor they're not used to (e.g. accidentally leaving it on a table and using the bathroom only to find it gone when they returned). It's also not like Apple devices make up the majority of the phone or laptop market, and at least for laptops I'm pretty sure there's no standard equivalent for whatever remote lockout thing happened to the macbook in the article. I think you'd need a lot more evidence to argue convincingly that this policy made a huge difference.


> I'm pretty sure there's no standard equivalent

Don’t most other phones have an equivalent feature? Samsung certainly does and they together with Apple control the overwhelming majority of the market almost everywhere

> I think you'd need a lot more evidence to argue convincingly that this policy made a huge difference.

I disagree. It’s perfectly obvious that it made a very big difference. The market price of stolen phones is now much, much lower that it used be which significantly alter the cost/benefit ratio from the perspective of would be thieves.


No. It was a policy problem large enough that legislators required it as a condition of selling phones.

It was a real problem that kids walking around high-school, or people walking in the street, were carrying something easily stolen and fenced for several hundred dollars. Ride-by theft by bike was a notorious mode. The equivalent would be people walking around with a stack of $50s flapping in their hands. A target like that is called an "attractive nuisance", and the law has a long tradition of discouraging them.

https://news.sophos.com/en-us/2015/07/02/smartphone-anti-the...


My local shopping mall had visible from the food court these ATM looking machines that spit out cash if you put cell phones in, and I would watch kids standing there with bags of phones exchanging one phone after another.


In many western countries, e.g. the US, iPhones do make up the majority of the phone market.


> Maybe more devices get stolen (probably not

I’m 95% sure you’re very wrong on this. Anecdotally it seems to me that phone theft is massively down from where it was 10-20 years ago.

> This line of argument just _irks_ me

That’s fine you just have different preferences and/or priorities than other people. Nothing unique about that.

> What this really does is suffocate the secondary parts market,

Certainly true. IMHO forcing Apple to sell parts for a reasonable prices would be a massively better solution

> I can damned well decide that on my own.

Isn’t it optional? On Macs anyway? (I’m not really sure)


Yes, Find My is optional, which is why this whole chain of events could occur.


Anecdotally, in China this has had a massive impact on theft. iPhones used to be stolen regularly - most of the girls I know in China have had their phones stolen at least once. Now it is much rarer. They are still stolen, mailed to Xinjiang and disassembled, but the profit motive isn't really there.

"What this really does is suffocate the secondary parts market"

Quit the opposite, second hand parts from disassembled devices is probably even more prolific now (you're prolly getting an artificially lower price b/c of thefts)

I think you should be more sympathetic to people that live in situations where this policy has made a huge difference- where the cost of the phone is a large chunk of their income. And where nabbing a phone could net you effectively a month's income. I'm happy for you that you live in a place that has so little theft this isn't a concern for you.


You can decide this by not owning an Apple device


This is not a great argument given that Apple is in the business of selling Apple devices.

My original incentive for spending the last 15 years and thousands of dollars in the Apple ecosystem is that their products would "just work" for my family.

Nowadays I'm spending hours on the phone with our daughter who's in tears because Apple keeps locking her out of her iPad or laptop.

I'm also not going to get into my mom having a lifetime's worth of photographs locked up in her iMac that we're literally only going to be able to get hold of if I take an overseas trip to England to do it myself. (btw, if anyone can recommend an Apple shop in the south of England who actually know what they're doing…)

So guess where Dad is shopping these holidays?

Yup, not Apple!


This line gets repeated a lot. Sometimes people need both A and B, but they have to choose A xor B.

There's so little competition in this space that voting with your wallet barely moves the needle. Giving a company public feedback doesn't hurt.


I mean, this is the obvious end state for a lot of us. I've been an Apple fanboy and Mac owner for over 10 years, and Apple is slowly but surely losing me as a customer due to all these ideas that nerf their computers "for my own sake". I don't need protection from my computer and applications, and my computer does not need protection from me. The user should be the final authority on what gets run on the computer, and Apple has been steadily drifting from this principle.

My next computer will sadly probably not be a Mac. Who knows what I won't be allowed to do with it by the time it comes to refresh mine.


That's the decision I came to a couple of years ago after 18 years as an Apple hardware user. Having said that, I still use an iPhone because the use and risk profiles are so different. The phone is literally the "keys to my kingdom".


Obviously.


> And as one such person, I don't want to hear a company tell me I can't even have the _option_ of an open device because "it's for my own good".

This particular feature, Activation Lock, is an optional feature you can turn on. The problem (in this case) is that someone else enabled the feature after wiping while they had physical access to the laptop


>What this really does is suffocate the secondary parts market,

How? The person you replied to says

> The value of stolen (activation-locked) iPhones and Macs is largely only on in overseas markets where they can strip the device down to usable parts

If the only doable thing with a stolen Mac is to use it for parts, I think that would increase the availability of parts, not decrease it.


The solution is simply to give the consumer the choice. Some will want theft protection and some won’t. Problem solved!!


That choice already exists! If you don't enable Find My on your device then anyone can DFU it to a blank slate without issue. You must opt-in to this feature.


But you DO have the option of setting up your Mac as an "open device", that is exactly what the article is about.

And OP is complaining that Apple gave them that option in the first place…


There's no "keep it open" option, but is "open for now, but lockable" option. It's the worst option to have for who want open.


Lockable once you lose physical control of the device, in which case you're not profiting from the "keep it open" option anyway.


Ok no one literally cares what you think. Apple is solving a problem and you’re just an annoying nerd.


In many countries people get killed for a Phone (or much less) Just that you know the world is not the sq foot where you live now.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: