That said, yours is a completely artificial problem imposed upon you by the company you made a purchase from. You don't have the private keys to your own device, which means ultimately, your usage of that device is conditional on being in the good graces of a group of very wealthy, indifferent, strangers.

That, in, and of itself, is the issue at hand here, and while you've found yourself a favorable outcome, you're likely an exception to the rule.

The inability for a thief to just flash the device with fresh firmware and use it as if it were new is a key selling point of the device and might justify the higher price tag to some buyers.

0: https://old.reddit.com/r/applehelp/comments/13yn1o0/phone_st...

1: https://old.reddit.com/r/applehelp/comments/16fcd4c/recently...

Many, many users of these devices have rarely, if ever, had anything stolen from them. And as one such person, I don't want to hear a company tell me I can't even have the _option_ of an open device because "it's for my own good". I can damned well decide that on my own.

You don't want the thief to steal a locked device. You want the devices to have a reputation for not worthing as much on the black market if stolen. That creates a deterrent effect, and is arguably one of the reasons why the average person's phone is stolen less.

As to whether this effect is worth suffocating the secondary parts market, it really depends on whether you're actually a potential participant in it. One can argue that the vast majority of iPhone/Mac users never thought of buying parts or using non-official channels for repairing the device.

Or simply with a unique private key, printed inside a tamper proof envelope? You can at least backup the private key to somewhere safe, if you want.

Many people will lose the key (that's ok, not worse than the current situation), but at least those who care won't.

Isn't that the whole point of this argument? The buyer shouldn't need to convince Apple. My suggestion was to eliminate Apple's power to brick a device and then be the judge who decides whether you own the machine or not.

The private key mechanism is a good way to deter theft, but Apple should not be policing it. The steal back is really an edge case that doesn't need to be covered by a technical solution.

So they'd be no worse off than they are the way things currently work, except with the ability for the few who do care about this sort of thing having a better workaround than "try to email the CEO and pray that he somehow notices"

> This is not a technical problem and you cannot fix it with a technical solution

Funny, that's exactly how I see bricking a laptop to try to curtail thieves, only it actually does solve the problem, but only by creating a worse one

- Find My Device wasn’t enabled on the mac and it was stolen.

- somebody reset it and tied it tot their account

- then the same person passed it to another party and bricked it by reporting it stolen.

- somehow the original owner managed to recover it

Would the original owner been able to avoid all this has they actually enabled this security feature in the first place?

With some QR code and the device's camera, you don't need any new hardware.

https://www.mensxp.com/technology/games/55824-asus-rog-keyst...

The first-party software supports using the key to unlock a hidden encrypted volume, as well as instantly locking the computer when the key is removed. I'm not 100% sure if it can be used to secure bootup.

c:\programdata\asus\virtualdrive

wait, they made something that looks like an HSM and is marketed like an HSM, but actually it's just a glorified ID card? That's stupid

I must point out that in the original article, the author lost their MacBook and then complained it was locked after it was returned. (It would be analogous to getting it stolen then having the thief reactivate the lock.)

As I understand it the owner chose to not enable the security feature. The thief however did.

How else would you suggest this choice be implemented? Apple selling different models with or without the feature? Because then nobody would just buy the less “secure” option and Apple would rightfully soon discontinue it

https://xkcd.com/538/

But then the person who steals your laptop (as in this story) can turn it back on and you’re shit out of luck.

Yeah, just set up the machine using your own iCloud account, before it's too late to return for a refund.

Laptop theft was never a pressing enough matter for me to do anything except encrypting its disk. I never met anybody around here that claims to have done anything about protecting from it (except for physically protecting it). And nobody that I know has a locked-down device that would be worthless if stolen.

For a while I thought--and it seemed to be-- that it was pointless to steal an iPhone for that reason.

Then my phone was stolen last summer. The kind of folks that are gonna steal phones don't care one way or the other. Maybe they'll get lucky and it's unlocked (you'd be surprised!) but if not they'll just dump it in quantity for parts.

The kind of person stealing a phone isn't usually very bright and making calculated cunning decisions here.

I’m 95% sure you’re very wrong on this. Anecdotally it seems to me that phone theft is massively down from where it was 10-20 years ago.

> This line of argument just _irks_ me

That’s fine you just have different preferences and/or priorities than other people. Nothing unique about that.

> What this really does is suffocate the secondary parts market,

Certainly true. IMHO forcing Apple to sell parts for a reasonable prices would be a massively better solution

> I can damned well decide that on my own.

Isn’t it optional? On Macs anyway? (I’m not really sure)

My original incentive for spending the last 15 years and thousands of dollars in the Apple ecosystem is that their products would "just work" for my family.

Nowadays I'm spending hours on the phone with our daughter who's in tears because Apple keeps locking her out of her iPad or laptop.

I'm also not going to get into my mom having a lifetime's worth of photographs locked up in her iMac that we're literally only going to be able to get hold of if I take an overseas trip to England to do it myself. (btw, if anyone can recommend an Apple shop in the south of England who actually know what they're doing…)

So guess where Dad is shopping these holidays?

Yup, not Apple!

There's so little competition in this space that voting with your wallet barely moves the needle. Giving a company public feedback doesn't hurt.

My next computer will sadly probably not be a Mac. Who knows what I won't be allowed to do with it by the time it comes to refresh mine.

How? The person you replied to says

> The value of stolen (activation-locked) iPhones and Macs is largely only on in overseas markets where they can strip the device down to usable parts

If the only doable thing with a stolen Mac is to use it for parts, I think that would increase the availability of parts, not decrease it.

I don't know how old you were in the 2000's, but even in restricted access college libraries, laptops were stolen constantly. In the first few years after iPhones came around, phone theft started becoming super common, and was eventually a constant source of news.

Back then the thieves weren't limited to professionals who had access to a fence who has contacts with shady factories overseas. Every single hard up person could benefit from grabbing a device, and doing a DFU reset or wiping the hard drive. The market and opportunity for thievery was soooo much bigger.

Don’t most other phones have an equivalent feature? Samsung certainly does and they together with Apple control the overwhelming majority of the market almost everywhere

> I think you'd need a lot more evidence to argue convincingly that this policy made a huge difference.

I disagree. It’s perfectly obvious that it made a very big difference. The market price of stolen phones is now much, much lower that it used be which significantly alter the cost/benefit ratio from the perspective of would be thieves.

It was a real problem that kids walking around high-school, or people walking in the street, were carrying something easily stolen and fenced for several hundred dollars. Ride-by theft by bike was a notorious mode. The equivalent would be people walking around with a stack of $50s flapping in their hands. A target like that is called an "attractive nuisance", and the law has a long tradition of discouraging them.

https://news.sophos.com/en-us/2015/07/02/smartphone-anti-the...

I, alone, have the keys to my laptop's drive. The device itself is cheap, and insured in most cases, so, if it gets stolen, no worries really.

For a macbook and a not-tech-savvy user, well, we exchange cars all the time, and cars have keys, usually some flavor of RFID included. Cars are less than perfect of course, but, most can add/remove keys given a set of conditions are met. I don't think it'd be outrageous to just have an iphone app that handles the key exchange upon sale. Mix that with a little user education, a little UX, and you're good to go. More or less that'd involve a user resetting the machine and part of that process would include de-enrolling their 2nd factor from the machine to prep it for sale.

That maintains all of the same functionality and then some.

State secrets, corporate secrets, personal secrets can all be on a computer. Financial data can be on a computer. There are all sort of things that need much more protection than a car.

The attempt at comparing the two in thinking their security levels can even be compared is just not even sensible

I also think that car security is maybe not a good standard to try to emulate, given how often they have what in my opinion might be the worst security message of all time: the car alarm. I've never once heard a car alarm and thought "aha, someone must be trying to steal that car". As far as I can tell, false positives are both much more common than true positives and literally indistinguishable to bystanders, so any time someone hears a car alarm the person causing it could just claim it's their car and they activated it by mistake and no one would question it. They're also so annoyingly loud that they disturb basically everyone on the block, and they can happen at literally any time. After around 10 seconds of a car alarm waking me up from deep sleep I would probably root for a thief to get away with taking the car just to make the sound go away.

State secrets can also be in one of those mailer boxes in your car, or you might have a body in the trunk you don't want people to find. Or I might be inside the car, and I want as much protection as possible (but without adding too much weight)

You can also buy "hardened" cars that make intrusion significantly harder, there's also a vocal minority that wants to understand everything going on the car and doesn't trust the government (coreboot/ pre-emissions controls) and there's people who use vehicles that are the road equivalent of a Chromebook and also people that have really tricked-out systems that have more power on demand than will ever conceivably be used anywhere other than synthetic workloads (dynamometers) or high-end professional stuff (racing.)

Sure, but nobody is clamoring for literally every car on the market to have a remote lockout only possible to disable by the OEM or if the original owner chooses explicitly to pass on the privilege. It would be ludicrous for the solution to potentially accidentally leaving some documents in the glove compartment to be allowing the original owner of a used car to retain the privilege to brick the car after someone else buys it.

The reality is for most people the most valuable thing on their laptop are some photos. The car on the other hand holds significantly more monetary value for many, so the financial impact of loosing a car is typically much higher

For most people, the most valuable thing they have is the browser with all of their cookies saving their accounts and stored password managers. If readers on this forum can't think of why a laptop or other personal computing device like phone might be more valuable and how to access that data, then I'd suggest creative thinking is just not being applied very well.

the state secret thing was in jest.

Why so many characters for inequality.

Also I wish you could still buy cars that were not computers.

That was the joke

This is something that, weirdly enough, perl did really well and then everyone else ignored the good solution in favor of much worse alternatives.

In perl, 0 and "0" will compare equal, which can lead to trouble.

But perl prevented virtually all of that trouble by making the operators on strings different than the operators on numbers. So

    "1" + 2

    "1" . 2

One that doesn't literally make the device unusable in the case of a mistake. We protect far more valuable property with far less fancy mechanisms. If you're genuinely worried about theft, then you need layers of simple security, not a one shot nuclear bomb embedded into your device.

> The inability for a thief to just flash the device with fresh firmware and use it as if it were new is a key selling point of the device and might justify the higher price tag to some buyers.

Is that why people care about theft?

By definition making a system even somewhat secure against social engineering and the like means it is less forgiving of mistakes.

And once again I must keep reminding people that "Find My" is an opt-in feature that you are not required to use.

Isn’t that the bad part about this story? That someone with your laptop can reset it if you’ve not used ‘find my’?

In the default state the Mac works the way people say they want it to work. It is not enrolled in Find My and Apple has no idea who owns the machine. You could have walked into a retail store and bought it with cash. Or bought it used on Craigslist.

In that blank state the machine is wide open, including wide open to be enrolled in Find My with Activation Lock. That's exactly how it is supposed to work. The only way it could be otherwise is if the server did what people are falsely claiming it does: maintain a big database that indicates who is the registered owner of each machine thereby preventing someone from maliciously enrolling a non-enrolled machine. (And FYI a non-enrolled machine is not constantly checking in with the server... that only happens during restore.)

This is just another kind of CAP-like theorem situation. No one can provide anti-theft locking capability without making a tradeoff. Any sort of anti-theft feature must choose one of these strategies:

1. Trivial bypass via firmware wipe, making the feature useless. 2. Require a central database tracking ownership (think car titles), which is the dystopian world people hate 3. Physical possession of a stolen and non-enrolled machine allows the thief to enroll the machine (this case). Looks identical to a non-enrolling person selling to an enrolling buyer.

Overriding the anti-theft system must be a high bar otherwise social engineering or malicious employee attacks become a significant weakness. Even if you provide proof-of-purchase there is no way to know if you sold the machine to someone else then stole it back from them in which case breaking the activation lock is helping a scammer.

Providing opt-out is either #1 or #2 above. If you don't register that opt-out in a central database then it would likely be easy to bypass with a firmware wipe which leads back to square one.

Just about the only alternative I can think of is a fusible link system where the first person to setup the machine can choose "Do not allow anti-theft" and that blows a fuse. That sure will piss off buyers of used machines when they find out the first owner made a permanent choice on their behalf.

Kind of, but you can’t really do that more than once, so it makes for a bad business.

The main way to reduce the risk of that (which actually works) is by targeting the motivation of the thieves by making the stolen device nearly worthless for resale or reuse - i.e. literally making both the device and its parts unusable even for a semi-skilled operator of a pawn shop buying large quantities of stolen phones.

It's not that my specific information is so worth protecting, but that there is a social benefit as if everyone's phones are nearly worthless to steal, then the thefts go way down.

I cannot name a single thing I own that is more valuable than the information contained in my electronic devices.

You could steal the contents of my house and the building materials and it still would not be more valuable.

Are people actually trying to steal your information or just the chunk of valuable plastic that's currently a portal for accessing some of it?

Meanwhile.. all the animals and sometimes children at my house are more valuable than any of my information, at least, to me. And of course, the most valuable and abstract of them all, my own health.

The opportunity costs don't bear out either, as just because someone has an expensive piece of tech, does not mean they have the kind of assets you can drain into Bermuda. The reward ratio is not significant to plan for this eventuality in any meaningful way.

Which is why most people when faced with the prospect of insane security will just choose to layer two simpler methods together instead, such as basic old 2FA via SMS or FIDO. These technically reduce security barrier of entry but allow the portions of the implementation to live further apart from each other, which for most people, is enough.

Also, if your work didn't issue you a secure PC and trusted 2FA hardware, then allows you to have privileged information like email on your home laptop, that's entirely bad policy on their part.

Ease of committing a crime is surely a factor in probability of that crime occurring.

Far more people are willing to look over a shoulder for someone’s phone PIN or slip them a roofie to get access to bank account apps and transfer money than they are to confront them while conscious and threaten them to give them their money.

(Hence the advice to keep access information to only nominal amounts of wealth in phones).

The other factor is turning a profit. You have a brick, you can sell it for parts through China and get a few cents. You have a fully functioning phone/laptop, you can sell it for a lot. If everyone had Find My on then stealing Apple hardware would be pointless. It's the orthodoxy geeks who turn it off to feel like they "own" their hardware that make it a chance play & worth a shot for the criminals & hurt normies.

> confront them while conscious and threaten them to give them their money

This is called robbery, theft means no confrontation.

Passwords and drive encryption protect data. Remote bricking supposedly decreases the resale value of the laptop hardware, which supposedly makes people steal them less.

Which achieves the goal (not have laptop with this important info stolen).

I expected loved ones to be excluded from the definition of property in this context, being a discussion about theft and not more violent things like kidnapping.

> Are people actually trying to steal your information

I do not know everyone’s intentions, I just know what my loss potential is. I do not keep many paper records, so getting into my digital files will give up all of my information as well as TOTP and SMS 2FA codes that serve as proof of my identity.

Once someone can prove they are me, then it is an uphill battle for me to prove someone else was being me, and even doing that does not always help.

b: Irrelevant. There is a value to the consumer, but it is not worth the cost. There are countless possible conveniences that could be made possible if you were just willing to let someone else have essentially power of attorney over your life.

c: Even if you want to say that there is a technical limitation making a: impossible, and you have a different opinion on b:, the laptop WAS ultimately unbricked, which means all arguments and excuses that were given up to that point to justify not unbricking were proven demostrably false.

I don't just mean they always had the physical ability, I mean the fact that they were ever eventually willing, proves that all along the necessary information existed to allow them to. If there are supposedly two facts: "We can't know it's really you." plus "For integrity and principle reasons, we can't do it if we can't know it's really you.", then even Tim Cook should not have done it no matter the publicity pressure. Tim Cook should have made it a big promotional selling point plastered on those big Apple billboards in NYC how they refused to do the wrong thing even in the face of massive public pressure. Instead, they did it, which means they could have done it in the first place, not just physically but logically.

It proves that they chose not to for reasons which are valuable to Apple and NOT to the user. Another aspect of b: value not worth the cost. Cost being being at someone else's mercy who you have no leverage over.

If you are permanently deprived of your rightful property, you are a victim of theft. Whether it's via EULA and private keys, or via street thug with a wrench, I'm not sure it makes any realistic difference.

I assume he would’ve been able to recover it if he had “held on to his private key” (having the device be linked to his account being the current equivalent)?

This, and remote attestation, are tools to enforce DRM. The anti theft stuff is just a marketing strategy you fell for.

so if you steal something and therefore have physical access to it, that should trump the original owner who no longer has it because you stole it even if they have the receipt with the serial number on it?

Isn’t that what happened here? The thief and not the owner reported it as “stolen” and thus bricked. The thief could’ve as well just thrown an actual brick on it with similar effects

> The anti theft stuff is just a marketing strategy you fell for.

Also it works. Both for deincentivizing theft and allows you to recover the device had you actually enabled the feature (so not this case)

I see your point, but if it were me in OP’s shoes, I’d be annoyed by the fact that even though I chose not to enable the anti-theft stuff, Apple presumes that the laptop is “unowned” and can still be enrolled into the anti-theft service. I would much rather have the laptop ship with a physical copy of the private key that will unlock the device (paper with a QR code on it would be sufficient), that way I retain ownership of the device regardless of what the thief does. Everything else could stay the same.

Edit: also, reporting as stolen is not the same as a thief smashing the laptop with a brick — the crucial difference is that by reporting as stolen, the thief retains access to the device while locking out anyone else. The post even speculates that the shop involved used this technique to extort the person who brought the laptop to them.

I wouldn't. If someone has a device that is unusable without keys they don't have, they don't actually own that device. Far be it from me to quote the crypto crowd but "not your keys...."

Second, what does this even mean: "without giving users access to their own private keys, then having a much worse problem where dozens of users lose their private keys and forever brick their device?" What scenario exactly does that refer to?

Because (if I under the article correctly?) the owner hadn’t actually enabled “find my mac”?

Sell an HSM (free when you buy a Mac > $2000? discounted in conjunction with AppleCare?) that will remove activation lock on the Mac it's purchased with.

Instead, the keys are stored by apple and never returned to you.

Really, literally any other option than "never give the user keys".

AppleID ALREADY gives you numerous methods of recovering lost passwords, if you remember to set them up in advance.

A private key that is given to you upon purchase and that you can store in your password manager.

Of course, this approach only solves the biggest problem when your device is stolen (your data won't be easily accessible, if at all really). But I wager this friend of mine recognises that as the only thing that has any actual value in there. There are ton of devices out there.

First, this is a self-imposed problem; spread crime (theft) won't be solved by reducing the access.

Next, I could have an encrypted drive and a key stored in a key stored in a bank, or an USB storage, or print, or whatever. As a matter of fact, I do have such laptop.

And last - car thievery is still a thing in the EU, even though registering a stolen car is exceeding hard - they are either sold for parts... or exported to Russian (not so much recently for obvious reasons). Of course, Apple comes and tells that only they can repair the laptops/phones/etc. b/c of thievery and serialized parts.

Include the unlock key in the box the device was sold in, and in Apple's database. Tech-savvy users can, possessing the key, change it. Tech-unsavvy users can behave the same as they have now, even if they lost the key, as long as they didn't change it. So long as they don't carry the key with the device, all the anti-theft remains.

The freedom-respecting solution is literally trivial. The only reason it is not implemented is because Apple likes owning your devices.

You'll rarely convince either side to change their mind on this. Its an issue that pokes at a really deep element of personal philosophy.

Here's my argument from the opposite side to try, however: Asking about how you can retain the anti-theft capability isn't relevant to the discussion, because sacrificing freedom for that, especially to the degree Apple does, is not worth any trade-off. This is the same right to repair issue that HackerNews, generally, derides John Deere for; the main difference, beyond Apple's psy-op level marketing, is that Apple hasn't pushed exploitation of this control as hard. But: They absolutely, undeniably do exploit many of the people within their system of control, not just indirectly ("the control is exploitation" is kind of a dumb argument), but very directly, between extremely high upfront costs, high repair fees, cryptographically refusing to allow third party parts, etc. Additionally: their self-control in pushing further exploitation is almost definitely a product of market success, because in the mega-capitalist system Apple lives in benevolence may be the result of culture or leadership, but it is allowed by market success, and denied during market failure.

A lot of that boils down to the original thesis; very fundamental personal philosophy. I don't believe, personally, that it is ethical for individuals or companies to do something unethical (non-negotiably asserting significant control over physical goods they sell) because it enables something ethical (reducing incidents of theft).

That might be controversial, which is fine. I think a point of that which is likely even more controversial is the argument that even asserting control over devices in isolation is unethical. I hope it isn't controversial, but I feel like it might be simply given the way the world is turning. That's a different topic of discussion; but in short, I think there's a strong argument that restricting freedom to independently modify and repair physical goods you purchase is a form of classism. Additionally, to turn the dial to 11 on this, that this assertion of central control has a very real, negative impact on national security.

That differentiation is important, because it reveals the main reason why Apple is successful, and why they don't get market pushback: Most people just don't care. There's a good chunk of radicalization on the side of Freedom, there's very little radicalization on the other side, mostly just people who haven't thought about it enough, and then there's the vast majority in the middle who just don't care.

I take comfort in that reality, because it indicates to me that this will probably change. We're seeing right to repair gain steam in US legislature. It takes time to develop shared language and understanding on why this is important, and why it matters, with those people in the center, many in positions of power.

This is why this whole issue causes more trouble with John Deere: It is in the way of what people do.

A dictatorship can work out nicely as long as it doesn't stand in the way of the people.

This story is about somebody who did exactly that, and then discovered they suddenly cared about theft when their device was stolen.

Pick a lane.

Any anti-theft method needs to give complete and full control to the owner of the device so this kind of bullshit doesn't happen.

The fact that Apple doesn't provide a mechanism for the owner to gain full and complete control of his device at any given moment has more to do with Apple wanting to control their technology for ulterior motives.

We live in an age where corporations want to take away ownership, and we're letting it happen because we're stupid enough to think that they have our back.

It Apple's corporate greed that fuels that and government corruption that allows it.

Apple can afford to pay smart people to think for days for a solution. The solutions we will give here after 1 minute of thinking will not be optimum.

So it WAS "locked." I don't know what you mean by "unregistered," either.

I have a private key, not on the device, that matches a public key on the device. The device will not perform certain significant operations without a signature from my private key.

C'mon people, this is not rocket science.

Howdy stranger! Have you heard the good news about "FileVault Recovery Keys" ?

https://support.apple.com/guide/mac-help/protect-data-on-you...

This here is the misunderstanding. It's simply not possible for you to own Apple's computers.

Nobody owns even their hardware anymore.

Was it necessary to say “wealthy”? That doesn’t seem relevant, but rather incidental.

Nothing more than the typical ‘hurr durr Apple bad’ commenting common on this site. Dull, pointless, not interesting.

I think apple is currently doing the best job out of everyone as far as hardware security is concerned. That does not mean their implementation is anything close to perfect, it's more that everyone else is doing a poor job, or forgoing any attempt at it in the first place.

There is no way for the device to make the distinction if the owner does not register himself as the owner and the thief does. Then the thief is the owner and the device will protect itself from the real owner. There is just no way around it. That is a mistake made by the person writing the blog, they admit it and they say Apple should have made it more obvious which is a reasonable request. Not Apple should have not made the protection, that is an unreasonable request.

You might have philosophical problems with this kind of protection, fine, then don’t buy the devices because they have it, they are advertised to have it and you can’t get them without it.

Don’t buy a device that you know doesn’t do what you want and then go whining on the internet that it doesn’t do what you want. That’s a you problem.

The owner of the device doesn't own the keys to it, apple does. That's how the OP lost access in the first place.

I will admit that, this situation was preventable, had apple required the "find my device" feature to be active upon setup. The fact is however, they do not. You can't have it both ways, if you're going to have a walled garden, then wall off the garden, no half measures, you're responsible for everything, including this mishap.

Any other reply is going to be apologetic rambling.

No, this is an entirely self-inflicted problem by the user.

It's 2023. Everybody knows about the telemetry, the unserviceable hardware, the "fuck you" style bug reporting and customer service, and of course the fact that you no longer own your own machine.

Anybody buying Apple (and to a large extend Microsoft) at this point, knowing they have no intention of letting you have access to your own device, also knowing that there are superior open-source options, deserves precisely what they get.

Most do not know however, nor do they desire to know, and likely, they will never know. If you want to make something actually better for someone who's not you, blaming them for not making it better is hardly a solution.

Also stands to reason that, hackernews is popular with people in the industry, maybe not the actual decision makers, but, certainly people with more pull than most. It's important to express how things ought to be for that reason alone.

You still have to rely on a middleman (the blockchain), which I believe isn’t infallible either (human input error, adversarial attacks, phishing, social engineering, network availability, etc)

https://www.cbsnews.com/news/hard-drive-lost-bitcoin-landfil...

I did it with Cash App though and it backfired ("Your account has been terminated for contacting employees outside of the support system")

Now, how much is Sundar Pichai's cellphone number going to cost me? I just want to get into my Google account that I have the username, password and recovery email for, but not the old phone number.

Write the Consumer Financial Protection Bureau. They'll get you sorted right quick.

Unfortunately based on the OP’s experience it looks like the CFPB had been severely handicapped since the last time I had to complain to them. Now they only have authority over banks with more than $10 billion in assets.

What about your Congresscritter? I usually CC them on any complaints and they pick it up if there's a problem.

Here's my final response:

https://imgur.com/a/xS7k84X

I asked Cash App to do a chargeback. They told me their system doesn't allow chargebacks where the goods were "delivered." I told them they were never delivered. They argued that they were delivered back to the sender, therefore they were "delivered." I got all their execs cellphones and started politely calling them. One escalated it to their "Executive Support" who gave me the same answer, then my account was terminated. They did issue me a refund as part of the termination, but I can no longer use Cash App which is very frustrating for someone at the bottom of the food chain like me who interacts regularly with people who only use Cash App as their banking.

    In the interest of resolving your dispute, we are providing, as a one-time courtesy, a reimbursement of $93.75 for your transaction with Wibargin, LLC.  Additionally, we are electing to terminate your Cash App account (as allowed in our Terms of Service, section XIII.8).  As a result of the termination of your Cash App account, you will no longer be able to use Cash App and its services going forward.

    You will be able to access your account in order to cash out your remaining funds, however all other features, including the Cash Card, will be permanently disabled.

Terminating a users account while simultaneously admitting fault by providing reimbursement just screams to me that the leadership team are completely out of touch and don't want to hear a thing from their own customers.

They thought I was under 18, so they asked for my drivers license. I sent a picture and they responded with:

"Thank you for sending us your ID." "Your account has been permanently deactivated and we regret to inform you that we can no longer offer you the Venmo service."

Absolutely mind boggling.

Fortunately I'd paid using my Amex, and American Express support were incredibly helpful in making me whole pretty much right away. I recall the payment gateway being a Stripe thing, so I really hope the scammer got hit hard somehow.

You shouldn't be frustrated by your account being terminated. Why would you want to continue to do business with such a shitty company. I'd take that as an opportunity to explain to other people "who only use Cash App" for whatever reason, what a shitty company they are.

Not only that but the more people they run into who don't use Cash App the more likely they'll start using alternatives to also be paid by those people, giving less of a societal reliance on a corporation who will terminate your account because you used outside channels to resolve an issue regular support wouldn't help with.

According to https://www.businessofapps.com/data/cash-app-statistics/

51 million monthly active users in 2022 and 13 million people had the Cash Card in 2021.

https://news.ycombinator.com/item?id=38691458

Sounds like a fun place to work for. /s

The "before she could reply" implies that whoever wrote the angry email was being impatient and didn't wait for a reply to an email that they had sent. The only replies being awaited are devs->assistant or assistant->customer, and since the devs were only identified as a group it makes more sense to interpret the assistant as the (singular female) victim of the impatience and the customer as the one who got impatient waiting for a reply.

Helps if you're a stockholder, but you don't have to be (you can decide on the ethics of going through non-standard methods when standard methods don't work). Those inboxes are usually monitored by competent people and they'll at least forward your email to the right people so they can close out the case that gets created on every email on their side.

Patio11 goes into this here: https://www.kalzumeus.com/2017/09/09/identity-theft-credit-r... in the section: "Where exactly should I address letters?". Also goes into contacting their legal department. If you can't find an address, can always send a letter to headquarters "ATTN LEGAL DEPARTMENT", those get opened by expensive people.

I've emailed shareholder relations for a company I owned, a smaller company, like $2b, about some question I had about one of their annual reports. Didn't get a response after a followup. Sold half my stock because of their non-response and was very happy I did (unsure if my question was a sensitive topic for them, but c'mon, at least give me a fuck off reply)

Basically whenever a friend of yours installs some shitty free app on their phone and it demands to exfiltrate all their contacts your email address and phone numbers get scooped up and sold to the highest bidder. You can guarantee Tim Cook has a bunch of friends, grandmas, etc that have no idea how to use their phones and have 400 apps installed all syphoning off Tim's contact details.

But how do those apps know it's THE Tim Cook and not one of dozens of other guys named Tim Cook? Also, what if, and this is usually the case, most people don't have you as "Tim Cook" in their phonebooks, but as "Big Baws", "Honey Bunny" or "Timmeh 12 inches uncut"?

If a lot of people have that same phone number in their contacts but only a handful have it as "Big Baws", "Honey Bunny" or "Timmeh 12 inches uncut" but do have as Tim Cook, or even have his job description, email address and other stuff attached to it too, it's safe to say it's a dead ringer to be Tim Cook, CEO of Apple, Inc.

He should appear in the contact list of relevant people (Apple employees, press, ...)

I'm still waiting for the check from https://googleplaydevelopersettlement.com/, was it this one?

- in 2019 spent more than €3K to buy the best macbook 15' available (> 2 months of average salary in my Europe country)

- 2 weeks before the warranty (1y) the spacebar broke, the SPACEBAR!!!. It was a design issue and it got replaced in a few days by the local service under warranty.

- 1 year later, the battery starts dying out. Go to the authorized repairer and it was going to cost me ~€750 to replace the battery since I had to replace the entire keyboard and trackpad to do that.

- I found a PC repair shop that said he can do it for a couple hundred €, and it worked fine

- 3 months later the laptop shut down unexpectedly. The apple refused to fix it (even paying) because I used a battery not official. The Mac is now a brick

So 2.5y of personal use (not professional) cost me €3.5K. More expensive than a cheap car.

edit: the battery replacement with all top case cost me ~€750. Confirmed looking back at the emails

So what you seem to be saying is that Apple laptop batteries cannot be replaced for less than €1K if the laptop is out of warranty?

Absolutely incredible. If that's the case, it should really be reported as front page news so that nobody else makes the mistake of buying an Apple laptop ever again.

It costs $249 for a 2019 15" MBP battery (not 15', not sure they ever made them that big, GP's laptop may be special). GP's issue is that Apple, per their story, wanted to replace the keyboard and trackpad as well and wanted to charge more on top of the battery replacement.

Now: if the battery expanded and caused internal damage (bending the top case and damaging the keyboard) then what you said makes sense, but that's a pretty glaring omission if so.

The AASP was screwing you over, either deliberately or by ignorance.

That said, a thousand Euros to replace a battery is ludicrous. No consumer should be charged that, warranty or no.

For reference, I recently got a second hand recent ThinkPad with a dud battery and bought the genuine replacement battery for AU$200 (€123) and could replace it myself as it's an FRU.

Apple should not be charging literally an entire order of magnitude more for the same part, regardless of the service cost.

https://support.apple.com/mac/repair

289 EUR for all 15"/16" MBPs

The only reason they'd require a full top case replacement would be if there was additional damage making them unable to guarantee safety of the new battery

Emailing Tim doesn’t scale.

(I have filed comments with the FTC on this account recovery matter regulatory gap; identity is a component of my work in infosec, primarily in financial services)

The issue at hand is that devices are being sold where you do not take ownership of the private keys used to configure it. Not your keys, not your device.