I back up regularly using Google Takeout and similar tools, but I don’t think it’s fair to shame this author . Even if you have backups , your recent and essential content and credentials will be locked out . 1% of your content is the most important
We all depend heavily on cloud storage and sso . Everything works fine until you are locked out .
And using them isn’t fully voluntary. They are necessary for collaboration . You end up using what your team uses .
You can try to be that “own cloud” snob but it only works if you live in a basement
Every normal person has content in Google , iCloud , OneDrive , Dropbox and maybe more. That’s 4+ single points of failure
You’re just not imaginative enough if you think you’re safe .
Lot of arrogant people here who think they are safe and better than anybody and blame OP.
It is totally normal in today’s world to depend on cloud services and reasonably difficult to do without it. In China: no WeChat you are practically dead. Here try to join meetings without account, try to send a message on WhatsApp without account, etc… a lot can go wrong very fast. What if you used your Apple account as SSO to other services ?
So you can't call or send letters? Your own fault if you don't write down adresses and numbers, best on paper. People are stupid, thats a given, and relying on these tech overlords is even more so.
So let me try to understand you. You have 200 friends on whatsapp and FB locks you out . Now you can start sending them letters ? And how do you get their number .
WhatsApp,WeChat , messenger , telegram all use private addressing
I’ve interpreted it as a sort of head-in-sand coping mechanism for those low-likelihood, high-consequence events people feel powerless over. It’s less distressing to be powerless if you decide that the real issue wasn’t a powerlessness that you share in common with the victim.
Using a separate email address for each site is smart, but creating a separate email account for each site is going to be very tedious, and I imagine Google, Yahoo, etc are going to stop you very quickly after you've opened 20+ accounts with the same phone number.
(Use a catch-all to have different email addresses for different sites, because when one gets hacked, then the damage is limited.)
I am not depending on cloud storage at all. What do I need to upload onto some cloud? And when I need to sync between devices, or rather want to sync, then I have a Syncthing setup on my server running. No cloud. And copies on participating devices.
Sure, it is not directly their fault, when they are treated badly by big tech. Though of course they could have been more careful, and rely less on big tech and cloud. We can all learn from this example, like many others before this one.
Presumably, as the OP said, you're not a normal person and you live in a basement. >sigh<
The solutions for non-technical people are terrible. Presumably there's no market for selling a solution that gives individuals data sovereignty. I would guess the margin isn't there and a recurring subscription for something you own is probably unpalatable to a lot of consumers. So this is what we get.
For what it’s worth, I remember having this issue with Samsung OneUI keyboard when it was in French. There is this rule there that you should put a space before “?” and “!”, so perhaps they understood “all punctuation” or something.
Not saying this in a derogatory way, but that pretty much means you are not a "normal" user but someone who is tech savvy enough to not rely on someone else's cloud.
It's just insane that a gift card redemption can trigger this. What's the rationale? It would make more sense if they just locked the person out of redeeming gift cards or something, not the entire account.
But reading horror stories like this is is why I only use the very bare minimum of any of these cloud services. Keep local copies of everything. For developer accounts, I always create them under a separate email so they're not tied to my personal. At least it can minimize the damage somewhat.
It sucks that I have to take all these extra precautions though. It's definitely made me develop a do not trust any big corp mindset.
If enough of these horror stories are publicized, people will learn to never buy/redeem Apple gift cards because of the real possibility of account bans.
- Don't give Apple gift cards to family and friends: You're potentially ruining the recipient's digital life if they redeem it.
- Don't buy Apple gift cards: You risk ruining your own digital life.
If you've been given an Apple gc for Christmas -- and you have paranoia of the risks -- don't buy anything online that's tied to your Apple ID. Instead, go to the physical Apple store to redeem it. And don't buy an iPhone with it because that will eventually get assigned to an Apple ID. Instead, get a non-AppleID item such as the $249 ISSEY MIYAKE knit sock.
I have thousands of credit-card reward points that could be traded in for Apple gift cards but I don't do it because Apple's over-aggressive fraud tracking means Apple's store currency is too dangerous to use.
I'm the author of that Reddit post. I should probably update it to clarify that I didn’t just purchase the gift cards, but also redeemed them. I don’t think it was purchasing them that triggered the lock on my Apple account. I mean, after all, how would they know what my Apple account is until they’re redeemed?
>, how would they know what my Apple account is until they’re redeemed?
Not saying this applies to you but one can buy Apple Gift Cards using their Apple ID. After adding gift cards to the ecommerce shopping bag on Apple.com, it offers the option : "Check out with your Apple Account"
So Apple would know the exact AppleID at the time-of-sale instead of waiting until redemption. If for some reason Apple's fraud detection system doesn't like the transaction (e.g. unusual ip address from Mexico instead of USA, or too many high-value cards in a certain time period, or other black-box opaque heuristic) ... then the buyer puts their Apple account at risk.
Fraud prevention heuristics are insanely aggresive these days...
Last week, I bought a Netflix subscription and 5 days later, Netflix cancelled the membership for no apparent reason. I got on a customer support chat with Netflix and the agent said it was cancelled because of the credit-card #. It didn't pass their fraud prevention system and to try using another card. At least Netflix automatically refunded the entire amount back to me -- whereas Apple keeps the gift card balance for itself after locking accounts.
In another incident, I used a Chase credit-card at a physical Apple store to buy 2 iPhones on 2 separate receipts. The first iPhone sale was a success. The 2nd iPhone transaction just 1 minute later was denied and Chase locked the entire account. I had to call Chase customer service and recite the make & model of a car I had 20 years ago to prove my identity for them to re-activate the credit card!
I’m not trying to be rude, but what is the point of buying and then redeeming gift cards yourself?
I just pay Apple with my credit card when I want to buy something. Is this some kind of weird credit card rewards churning thing? Are you unbanked? I don’t understand why you’d voluntarily add unnecessary extra steps.
A credit card offers far more protections to consumers than a gift card.
I think it's a combination of money laundering and phone scams where people are told they owe money to the IRS or something and are tricked into buying a bunch of gift cards.
That said, if buying and redeeming gift cards are such an indicator of fraud that people are legitimately afraid of getting their accounts permanently locked, why doesn't Apple just stop selling them?
This is a problem with modern life in general. Computing and the internet have exploded the complexity of society. Regular people have so much on their plate as it is (school, work, family, mortgage, etc) that they simply cannot keep up with all of the privacy and security risks of a digital life. They also can't keep up with the complexity of politics and civic life, but that's another discussion entirely!
The most money I have ever had on my PayPal account was 100 bucks from a reversed transaction (like, double booking of a hotel room or wrong item sent), otherwise it's just a gateway. It would be annoying if my PayPal account was locked, because I use it a lot to order pizza online and a few small purchases. I could just use my credit card or something else but it's more clicks. And I know a lot of people who do it like this. The only thing lost is convenience. No past purchases, no digital identities.
Maybe you meant the merchants who really amass thousands but I suppose they are a small minority of active users.
For every purchase you make as a gateway there's a vendor account on the other end receiving that money and required to do accounting with it (like issuing refunds) which requires keeping a balance. These are the people having big problems when their account gets locked and their funds are no longer available. The blow back does potentially effect you if you return an item and then the vendor can't issue the refund because the account is locked.
There are a good number of freelancers of various sorts that get paid via PayPal and only occasionally pull that money to their bank accounts to avoid the fixed fee, or even prefer to spend much of it straight from PayPal to avoid the percent fee. People also use it to send money between family members in different countries because it's often cheaper than an international wire.
It's quite easy to build up a few hundred or thousand USD worth. It feels just enough like a bank account that you think you're safe. Then...well, the internet is full of PayPal horror stories, I won't bore you with my own.
Last time I had to deal with that was 8-ish years ago and there was definitely a fee. Can't check now because they blocked my account due to a failed Spotify payment and I don't care enough to deal with their phone support again to get it unblocked
That you don't keep a PayPal balance and i don't buy Apple gift cards is irrelevant to the people that do keep a PayPal balance and do use Apple gift cards
I skimmed some of the comments from that giant Reddit thread. A lot of people responded that they’ve been buying even more Apple gift cards without problem.
One commonality among the stories in that thread from people who had problems was either switching their App Store country or using their App Store account primarily from a different country than the setting.
> If enough of these horror stories are publicized, people will learn to never buy/redeem Apple gift cards because of the real possibility of account bans.
If you are trying to be a bad person you could weaponize that approach. You do not like person x, send them some Apple gift cards... :o
> You do not like person x, send them some Apple gift cards... :o
99.999% chance they happily redeem them and go about their lives.
These stories, while frustrating, are clearly edge cases. Yes I know you can find more if you search social media, but I don’t think a lot of these HN commenters realize the volume of gift cards Apple sells and redeems without problem every day.
> You do not like person x, send them some Apple gift cards
Please start not liking me then.
I use VIM. I use Linux. I'm a Zionist. I don't watch football (either type) so I don't support your favourite team. I acknowledge that Trump did more to advance world peace than anybody else in decades. I'm a straight man. Surely there's something in there to hate me for!
In this case buy the gift card from some shady retailer with a one-time-use virtual card, and give this shady code to your friend. Or buy a physical card from aliexpress, the cheapest one with bad reviews.
It seems you haven't learned the whole lesson. You're close, though. If you're going to be skittish, there's a better and easier set of rules. Don't use anything that involves an Apple ID.
The newer iPhones have such great cameras, I have have been considering an iPhone for my next phone. The only thing holding me back is the lack of built-in stylus.
Does the iPhone require an Apple ID? I don't even log into my Google account with my Android device. If the phone requires an Apple ID, then obviously I'm not buying one.
And in fact, a prohibition is never a solution, it is a reduction in solution options
And this advice takes into account exactly zero aspects of the particular problems a given person may have to solve, besides “problems with Apple”, in a world where most people have “problems with X” for each of the few large ecosystems.
Freedom of choice would mean for N choices, being able to make, well, N indepointed choices. N may be a very large number given how many things people do.
For an ideal world of compatible modular technologies, N choices is easy.
But our technology world is highly non-modular, centralized at many levels, and full of incompatibilities and dependencies of various kinds and costs. Including important dependencies involving the choices of other people we interact with, or very specific tools or resources.
So no, “Don’t buy Apple” is not better advice, it is just bad random generic advice, without knowing a lot more about any particular situation.
But it is a solution. Apple being a poor stuard of their customers is indicative that people buying their hardware and software are not their priority. Apple support used to be stellar, they used to care about customers, they no longer do.
Apple's ToS should be readily indicative of anyone using any of their products that Apple's perspective is that you don't own anything and they can do whatever they want with anything you do with their products. As the author points out you clearly don't own free access to what you've purchased.
The last thing I'll say is that it is fantastic advice to not purchase Apple in 2025. You can only be certain that this won't happen if you avoid them. I actually own a MPB, with receipts from purchase, that I had to purchase a bypass for when the device was enrolled in MDM by a family member that Apple has MDM locked and refuses to remove from iCloud.
Avoid Apple, that's the best advice. If you can't avoid Apple, minimize your footprint and make sure you're a good boy or girl else Tim Cook will steal from you and hide behind some bullshit first line support tar pit and an army of lawyers if you do happen to decide to threaten them.
But, at least with Google you can use hardware without the binding software requirement. You can use an Android device with GrapheneOS and have the phone entirely de-Googled, yet still use Android apps.
If the implication was that there's no other option outside of Apple and Google then that is unfortunate.
LOL it’s not some sisyphean task to not use big tech products, its slightly inconvenient and takes some time to adjust, don’t talk about it as though it were something that only the great men of the ancient times could do, take your iPhone and throw it as hard as you can against the concrete, you will be fine.
Great advice if you don’t need a smartphone. Many do, they are now an identity tool.
The alternative to Apple is…Google? How is that in any way better other than not being Apple? Sure, there are de-Googlefied versions of Android and today they work . But Google is actively working on ending the ability of those alternative operating systems to work.
In phones you have a choice of iOS (Apple) or Android (Google). Sure, maybe some people can go back to flip phones, but I can’t without finding a new job.
This is the first I’ve heard of Apple locking someone out of their account for no reason. Google does it all the time. So, yeah, can’t leave Apple over this.
People love to smugly suggest this useless advice like there aren’t literal public services from governments around the world that are being tied to these platforms, let alone the many private companies which gate access to their goods and services behind apps on proprietary devices.
To say nothing of the fact that well-adjusted humans need to communicate with friends and family, and many times that also practically requires being on these platforms as well.
Someone has to be the stick in the mud, right? I personally enjoy being that guy that doesn’t have a smartphone and causing problems in every government office / institution that assumes everyone has a smartphone, it’s like I’m a pioneer on the frontier :)
E-stim addicts will rationalize their slavery to a small rock in their pocket and sing grand songs about how it’s a curse but they need it. Like all addicts, they are not capable of rationally assessing the utility of the dependence object, and they’ll start carting out all sorts of silly things and gesturing vaguely “See this washing machine? Yep, it needs the rock, that’s why I keep my rock on me and charged at all times”
If it was be that simple. In that case I would have to go to the bank for every transaction/payment I want to initiate online. Banking app doesn't work for jailbroken devices. Using PC to access banks website works, but transactions still require 2FA and they don't support any other 2FA flow except the one in the app.
Depends though what you mean by "do not use Google". Having an Android phone with a Google account logged in will not affect you much. If they would block one account you just create another.
Having all your emails on Gmail and used for external services (bank, insurances, etc) is a different story though. I prefer to pay my email provider, at least they will care a bit more than they do for a free account...
There's always a workaround. There are banks with far less annoying root checking and you can just switch. Many banks allow SMS or a physical authenticator for web banking or 3DS 2FA. There are also many was to bypass root detection. If your main problem is 3DS 2FA for online card payments, get a proxy card.
"you can just switch" and yet then you have to contact X people and change Y contracts that are related to your prior bank account. It is not that simple.
Plus nothing ensures the bank you switch to won't up their "defenses" in a week.
I never said it was trivial, I said it was possible. In many places, it's actually very easy. In others it takes some work, but we're talking about de-googling your life, having to put in some work is already implied.
At least around here, I can walk into a bank, sign a few papers, then that bank coordinates with my old bank to transfer all my direct debits, move all my money and notify all my periodic creditors (employer, social security, tax office...). Peer-to-peer payments (like splitting bills with friends) are usually done by alias (phone number or email) on our instant payment scheme, not by IBAN, and my new bank will take care of rerouting that too. And if for whatever reason someone has my old IBAN and tries to send me money in the future, they'll get a rejection and will just have to ask me for my new one, no big deal.
As for "in a week", come on, you're just being intentionally annoying. Obviously there's no guarantee. If they don't have root detection now, after everyone has had it for a decade, there's probably a reason and they won't implement it any time soon. And if you're just supremely unlucky and they actually do it right after you switch, oh well, you wasted and afternoon. Definitely less time wasted than trying all the million different root hiding techniques that probably don't work anymore.
You don't have to go to the bank for every transaction, you can just go there once to close out your account and open one somewhere that doesn't require that.
I'm surprised, most banks I've come across force sms or phone-call 2fa only. A rare few allow generic TOTP authenticators, and maybe one or two has an app as an option. And I've only come across one bank that detects and warns for root access. Is there no "jailbreak hide" on ios?
In Poland it's SMS OTPs, bank app (heavily recommended and in some cases enforced by the bank) or additionally paid physical TOTP token devices. And almost all banks throw a hissy fit once you have some sort of vector of root detection left open.
I am in a situation right now where Amazon delivered a fake product. Support suggested they can also try redelivery, and when I asked what if it happens again, they said it should not happen.
It happened - fake again. Now the customer support flow is: you upload images of the product (max. three), and the system approves the verification or rejects it, and then you have a way to contact customer care. System rejected. The trick is - they do not know why the rejection happened, they are not able to tell me, they are confirming the images are very clear and crisp, but they can't do anything to help me because the system leaves them with zero options to move forward - in fact, there is no further escalation matrix either. Nada!
The bank (credit card issuer) refused to raise the chargeback because "but the merchant 'delivered' the item". But it was fake, so? No, no, it "delivered" - that is what counts, so you have to sort it out with the merchant. But they are refusing any further help. You have to sort it out with them. And so on... in a loop.
Can I take them to court? Sure. It may take weeks, months, and maybe years, and even then, in the end (if I win), the court may just instruct them to refund and possibly (possibly!) compensate a trivial amount for legal expenses, which is never even remotely close to the actual legal expenses in this country's courts.
I had the misfortune of visiting an Amazon Go store. They charged me for items that I never picked.
No option to contest the receipt....until the "would you recommend a friend visit amazon Go" survey popped up. I responded negatively, then the "why?" question had a "My receipt was incorrect" option.
Suddenly I was able to go through the "contest receipt" workflow.
The system works as long there is user trust in the system. It is sad and annoying when something like this happens, but occasionally the best thing you can do is tell your story and never use a service again. I find there are still reasonable alternatives to Amazon, maybe not at the same price, but at least they deliver less fakes.
I'm pretty sure there are different levels of customer service based on how much you spend.
Even though they made it more difficult to contact customer service, I still receive good customer service, even when I did not have Prime but still spent thousands of dollars.
Unless you live in a jurisdiction that is known to have very generous court judgements that fully compensate all expenses occured… wouldn’t this be true for literally every dispute you have above a certain threshold?
That’s simply the actual cost of living in your jurisdiction.
I don’t think any large retailer or bank on Earth guarantees there will be a viable escalation pathway for all possible combination of scenarios either.
Maybe a very high end private bank but even that’s iffy.
My parents had their account with Deutsche Bank private bankers. They had moved overseas and sold their house in the 90s and were living off the proceeds. Everyone got lucky that they bought their house in a big city in the 1960s. Since they didn't spend too much money, the capital accumulated for a while. It could have gone the way of Detroit but went the other way. When they passed away, we inherited the money and bought a house in the suburbs. It wasn't a huge amount of money, but it changed our lives, no question.
So, when my mom passed, our family had to deal with DB. I have never, ever hand such a bad experience with a bank. The bank overseas was so courteous and efficient that I asked if I could open a bank account with them but I couldn't since I don't live in the country, just a frequent visitor. The IRS and government were easy. The will was as easy as it gets. Do things by the book, you'll be fine.
The NY DB office, to which I would have to go frequently and sit in some luxurious waiting room with nice art, was insane. My lawyer and accountant could not understand how they could repeatedly ask for the same information, deny they had received it, ask for information that literally the US government does not give out to anyone and on and on and on. And no there was nothing shady or shifty about my parents' lives. My lawyer started sending meaner and meaner letters to them, the kind that talk about making my client whole and litigation.
And yet, a few years later it turned out that same bank was often in the news for, among other things catering to Jeffrey Epstein. Who knows, maybe he spent his last hours complaining about them too. I could only hope he had that experience to add to his all-too-brief punishment. Actually, I have often wondered if we got raked over the coals because they had genuinely fishy clients and thus all the clients, especially the ones overseas, were on some kind of government watch list.
Amazon expects you hire a consultant that is a buddy with the manager responsible for closing your account, and bribe them through that engagement to re-enable your account. They started doing that a decade ago with the mass-banning of legitimate sellers.
For all the negative press he gets and the way he treats his workers I'm surprised he still has resources allocated to handle complaints sent to his inbox.
I'm just always a little surprised to read things like "i couldn't live without Amazon," and i wonder if there are no other alternatives for two day shipping on other countries or what it is that keeps people stuck on Amazon instead of using other next-day deliveries
It's not that Amazon is irreplaceable, but sometimes it's the best option by far depending on where you live and what you're looking for.
I'm in Austria (not Australia) and local retail prices are infamous for being 25% to 100% higher than in neighboring Germany for the same stuff because of cartel behavior of local retail industry.
Buying from amazon Germany means I can get the same prices as Germans (with +1% extra for higher Austrian VAT) for the same goods.
I'd love to give up Amazon in favor of local stores but local cartels are just as bad or even worse.
So to fix the Amazon problem you need to fix the competition problem first, which is caused by players other than Amazon too.
People in my circles in the US (in an area with tons of alternative options) look at me like I have two heads when I say we don’t have Prime and never shop on Amazon. For many, I think, Amazon has simply been the default option to buy anything for long enough now that it’s ingrained muscle memory.
Big part of that is just that it's insanely easy to use compared to most of the competition.
But still, most people go to the shop to buy toilet paper. Once you get used to Amazon, it just saves so much time and effort. The prices aren't bad either, I just checked toilet paper on amazon.com and 30 rolls of good quality amazonbasics toilet paper costs $0.22 more than the equivalent kirkland product on costco.com
You can order almost everything you need in the same app, whenever you feel like it. Just a couple of clicks, no need to fill in delivery information or anything.
The only part where YMMV is receiving the parcels obviously.
I live between central London and a smaller European city, the competition is generally much much worse.
Sure, for every individual item there might be a better better local option. I'd have to spend time finding that, then go through the terrible order process and hope their delivery service isn't utter shit. Oh, and yeah, half the time they'll probably block my order because I'm using a non-european card.
Just being able to use Amazon for almost everything starting from bottled water and toilet paper saves me immense amounts of time. I can generally trust that the stuff I order reliably arrives at the concierge, which isn't a given.
And FWIW, most of the time I've shopped around, Amazon has been cheaper or essentially the same price. Doesn't really matter to me, but it is a plus. I'd happily pay more for a more convenient service, but in this case it seems I'm usually paying less.
> It's definitely made me develop a do not trust any big corp mindset.
I've been reading about Lovecraft's Old Ones. Apparently they have no ill will towards humans. They just sometimes cause harm without realizing it, while going about their business.
I watched an interview with Elon Musk a few years ago (circa 2018?). I'm no fan of him but he was asked about AGI and he kinda just said matter of factly, AI can view humanity as we view anthills. We don't really care about anthills, but if they're in the way of us building a neighborhood in an area then goodbye anthill.
I'm not sure if I like that take because of how horrifying it is, but I found it very interesting that harm can be caused so nonchalantly by more powerful entities, since humans already view themselves as the most powerful entity.
Not only local copies but also at least own and use one device where you have your important data that is not on the same OS ecosystem as the other device(s) - also helps with things like 2FA, password manager, etc., if shit has hit the ceiling fan on the other device.
In addition, I always suggest people to:
- Not use big tech's cloud services - ever
- But if you must, do not use many cloud services from just one provider (i.e no Google everything, no iCloud everything) i.e stop using "one account gateways".
- Needless to say, it's time you had a domain and start paying for mail hosting (at least for critical stuff - you can actually buy a very cheap plan; and use that gmail/live-hotmail/yahoo/iCloud/whatever everywhere else) [0]
- Keep an offline (but safe) copy of your "most" important data [1] and ways to remember (i.e cryptic hints) for your "most" important passwords
- Gain some experience in fighting in consumer courts/forums (depending upon your country) - start early, start with e-com companies. A lot many times we don't put up a fight because we have never done it before and we give up always because every time it's a first time. Apple and Google make a mockery of consumers everywhere because we have allowed them to. In fact sometimes when we talk of lack of accessible support at Google and Apple (yes, Apple) we speak in a disdainful appreciation or awe :)
[0] Some might disagree but disabling (or dev/nulling in a way) mail@, hi@, contact@, sales@ etc on your domain (esp. if you have catch-all enabled) goes a long way in terms of avoiding spam
[1] It's also very important to have a tiered approach to data storage and backup strategies. There should be a very, very, very small subset of your personal data, including some of your photos and videos, that is really, really small in storage footprint that you can back up/sync to multiple locations and actually pay the full price for it at storage costs via your own setup, preferably using FOSS tools (which are becoming too good these days) out there.
How much free time do you think the average person has to learn and set all this up?
“You’re giving these companies your data and then dare to be angry when you lose it? Just get a degree in computer science and host it yourself!!1! I am very smart”
The question is: will you roll over and die without a fight for your rights?
At least you have time you are spending on HN that could be devoted to learning to fight. The fewer people that fight, the faster your rights disappear.
The list is a bit overkill for the normal person. I would suggest just:
- Have a local backup (simple giving the storage prices)
- Pay for one email provider (less chance to ignore you)
- For important services (bank, etc.) always register also a telephone number / second email if possible (there is a low chance that both primary and secondary thing will be blocked at the same time)
I don’t mean to defend this, but I know from experience that gift cards are frequently used for money laundring. The laws against that are very strict, incentivizing companies to overshoot and block false positives.
At the same time, AML solutions tend to be a closely guarded black box which simply tells you to block a customer, finding out why is pretty difficult.
To add more to the problem, some anti money Landry solutions are … AI powered.
>At the same time, AML solutions tend to be a closely guarded black box which simply tells you to block a customer, finding out why is pretty difficult.
For a good reason! You, as a rule, really don't want to tell the customer why you're blocking them. What will happen in the end is that you will be facing federal charges for assisting the money launderers because you kept telling them what they're doing wrong.
> This is the same failure mode of all security-through-obscurity. Secrecy means that bad guys are privy to defects in systems, while the people who those systems are supposed to defend are in the dark, and can have their defenses weaponized against them.
That’s a great article - explains what I haven’t fully thought through or quite been able to put into words but what I’ve always felt, because the “you can’t tell people the secret rules” with things like money laundering is treated by many as obvious, but has never sat right with me.
I disagree with this article—its premise relies too heavily on the oft repeated, oft misunderstood line “there is no security in obscurity.”
This concept is used to argue that obscurity shouldn’t be used at all as a defense mechanism, when really all it means is it shouldn’t be your only line of defense.
Obscuring aspects of a system can contribute to its overall functioning: it’s a filter for the laziest of adversaries, and it creates an imperative for more motivated ones to probe and explore to understand the obfuscation, creating signal and therefore opportunities to notice their behavior and intervene.
I think for anyone who has dealt firsthand with mitigating online fraud, hackers, spam, trolls, cheating etc, the idea of having completely transparent defense mechanisms is pretty much ludicrous.
Also, to be fair, for money laundering it does raise the barrier to entry quite a bit. Doesn't matter if you have billions of dollars to launder, could already make quite a bit of a difference if you only have millions of dollars to launder.
> The laws against that are very strict, incentivizing companies to overshoot and block false positives.
Yes, in many countries they are, but I don't think the laws are dictating Apple to completely turn off the accounts, but instead dictate that Apple should take measures against it.
They could disable those gift card features + Apple wallet/pay if they suspect fraud, and if no one complains within a month, then disable the entire account, rather than start with disabling the account. Would give them space/time to investigate, and wouldn't be a huge pain in the ass when the inevitable false-positives happen, like in this case.
> I don't think the laws are dictating Apple to completely turn off the accounts, but instead dictate that Apple should take measures against it.
You misunderstand the nature of financial regulation. The laws on things like money laundering are intentionally vague, they say things like "Apple should take measures against it". And financial regulators will not come out and say (especially in writing) that you MUST do any particular thing (like ban customers entirely on suspicion).
What they WILL do is ask probing questions, frown a lot, and make suggestions. Which the company had better take seriously. Because the financial regulators have the ability to simply close down your business, and if you cross enough of the unclear lines they will do so.
This is also one of the reasons the government is fond of gag orders. If companies could tell you "sorry we closed your account because of government pressure" then at least you would know why, but then you would know why. Which could give you standing to challenge it or create bad PR for the government and generate public outrage sufficient to make them stop doing that.
So instead they censor the company from telling you the reason, because everyone whose account is locked is guilty of Terrorism, obviously, and the people actually committing fraud would be unable to discern that they've tripped the detection system from the fact that their account is locked unless you told them that was why. Certainly not because it would make people unsympathetic to what the government is doing.
> Because the financial regulators have the ability to simply close down your business
You misunderstand how business regulation works in free countries. Financial regulators can't just "simply close down your business" however they want, unless you live in a country that is primarily authoritarian.
Again, I'm not saying closing down accounts isn't easier than turning of functionality, but companies could chose the "harder route" if they did care about the users themselves. Alas, most companies priority remains "make more money above all".
Every company's priority has always been "make more money above all," it's just that once upon a time some of them beloved that treating their workers and customers well was a part of that goal. History has shown them that wasn't really necessary.
And don't think for a second the US federal government couldn't do a huge amount of damage to anyone it feels like by way of its financial regulators. In general it's better for the US government if Apple continues to exist, though.
> Every company's priority has always been "make more money above all,"
Maybe that's true where you live, but it's definitely not true all over the world, many economies have a free economy yet companies exist for public benefit, not shareholder value generation. It's out there, wouldn't be impossible to implement where you live either.
> And don't think for a second the US federal government couldn't do a huge amount of damage to anyone it feels like by way of its financial regulators
Right, I agree. But I also qualified my statement to not be valid in authoritarian countries, so maybe not the greatest example to use.
A bit like OpenAI (non-profit) or Anthropic (public-benefit-corporation). Based on their business model it is clear that profitability is not their goal, and in their own statements: greater good for the humanity
All this costs money for little return of invest. As long as the collateral damage is below a threshold that causes reputational damage, there is no business incentive to solve this.
Yes, I agree, the companies don't actually care about consumers, only what's cheaper for them. But this is a choice companies do, not because laws somehow require them to block the entire account vs individual features. I was just adding that because the original comment made it seem like the companies are somehow forced to act like they do because of laws, but it isn't, it's an intentional cost-measured choice they make by themselves.
Ironically, I had Amazon flag and undo some gift card purchases (of cards, not with cards) that I made for Christmas, while myself thinking about this category of problem, about why cards are a mechanism for scams rather than specifically money laundering.
The cards were to family members that I normally send gift cards to at Christmas, and the activity was counted as "sus" even though I was asked to validate my card number and expiration date before being allowed to make the purchase.
I agree. The way they make sending parcels internationally more difficult through custom declarations and taxes and fines for smaller occasions it’s more practical to send a gift card from the destination country.
> The laws against that are very strict, incentivizing companies to overshoot and block false positives.
On that note[1] is a good read (Cmd+F: "suspicious activity report"), although this specific case is about gift cards, but the AML/T&S etc. space is remarkably similar.
Unfortunately, when you access multiple accounts from the same set of IP addresses and browser signatures, you can bet Google, Apple, Microsoft, and any other large company with that level of information collection has probably correlated all of those accounts to you. The company may lock them all if any one of them is suspected of "bad behavior".
Yeah I dont remember the details but I remember a developer at a studio causing their account to lock up when google shut down the previous studio he was working woth account
Most likely stolen cards. Stolen credit cards are used to purchase gift cards which are then resold to unsuspecting buyers. Think of it as stolen money laundering.
Youtube is full of scam baiting videos – of people who waste scammer's time for entertainment.
A very usual scenario is that the scammer pretends to be a technician doing some remote support and for example pretends to provide some refund. Then they pretend that they've mistakenly sent out e.g. 10x the amount and they ask for the difference back, claiming that their job is on the line.
Crypto would work, but since they target old and tech-illiterate people, the easiest way is usually to ask the victim to go to a store, buy gift cards and read out the codes.
Google kitboga (a known scam baiter) for the videos.
Well from my view as European working in finance. Handling money for customers to pay (buy apps) likely requires an e money license (not sure about other states). And with this there is lot of things coming, like AML and what not.
So disabling the account might be due to regulations required for the e money license.
Of course Support should be able to resolve this if proves are given
It is probably lazy in the sense that they would need more lawyers and more careful ToS. Defending their ability to shut anyone off completely is a lot easier than dealing with lawsuits from customers denied X, denied Y, denied Z in regions A,B,C..
Gift cards are often used for money laundering or scams, because they allow to transfer monetary value in small increments and without tracking: there's no link between the person who bought a gift card (anonymously with cash) and a person who used its code to put money onto an account.
It genuinely makes me a little anxious whenever I come across people whose entire digital lives are dependent on a google/apple account. Just one misstep and it's all gone
Their mega high risk - high value gift cards are effective for laundering stolen/fraudulent credit cards. Buy a $500 gift card with a stolen CC and sell it on FB marketplace for $400 - you’re up $400, the buyer saves $100, Apple get paid by the retailer and the CC company are (likely) on the hook.
Of course the actual solution here is _don’t sell high value gift cards_, or require the Apple ID email at time of purchase/activation of the card
I created a Google developer account with a separate email due to warnings like this. Then Google closed it because I left it idle too long and I didn't get the warning email. Sometimes you can't win.
It would make more sense to stop offering gift cards, which make zero financial sense for the consumer, but why stop offering a lucrative product that people buy because they're bad at logic, when you can just shut down accounts and greatly inconvenience people at no cost to you?
> which make zero financial sense for the consumer
Not in all situations. Because of various cross promotions between car insurance, supermarket and airlines, by using gift cards for groceries I get an effective ~9% discount every time. That really adds up over a year.
For Apple and others, you can use secondary gift card market to get some discounts too, if you wanna risk it.
Wouldn’t work for money laundering. As far as AML regs (and banks) are concerned a small business is indistinguishable from a personal retail account. This makes sense from a business point of view because a lot of small businesses are just one guy, and small business owners tend to mix their personal finance with their business finance. From an AML point of view, a lot, perhaps most money laundering is done with registered business entities. It’s easier to create a numbered corporation than a whole person.
I'm sure they're not all scammers, but what's the upside to the consumer? Why not just give the money directly? Seems to me like all the upside is on the company, and all the risk is on the user.
In some countries, where people receive conditioned social security benefits, just sending the money via bank account will have disadvantages (at worst the next sum from social security is lowered 1:1 by the money received and they try to keep it that way). So, if you do not meet the gift receiver in person and do not trust the postal service with cash, a gift card can be a solution.
The theory is that if you give someone cash, they're just going to put it in the bank or buy gas with it, but if you give them gift card to e.g. a game store then they're going to buy a game, without you having to know which game they want.
It's the same premise as buying someone any gift instead of just giving them the money so they can buy whatever they want.
Arguably, they'll be happier with the video game than with a tank of gas, which you've ensured they'll choose by not giving them the cash
Edit to add: kids often don't have bank accounts, i mostly received gift cards as a child, from relatives who wouldn't want to mail cash and couldn't give me cash in person. On a dark note, giving a kid a gift card to a toy store makes it harder for the parents to steal it for themselves.
The whole practice originates from "gift certificates" where you'd maybe go to your favorite spa and get a gift certificate to give someone, so that the spa treatment is the gift you're giving, but the recipient redeems it whenever they want. That just got abstracted to non-service gifts as well, with the same idea ("treat yourself to a new video game, whichever and whenever you feel like it" -- that's the gift, facilitated by the card)
Also for kids at least, sometimes they really will be happier with less choice. Sometimes kids make bad decisions and limiting choice to good options is helpful.
Additionally the inverse is true. Sometimes kids choices are restrained, and they really would like to do a thing they are not allowed to, and gift cards offered them away to do that. Case in point: my tween figured out that we don’t let him buy in game currency for any the games that we do let him play, however, when a relative gives him a gift card, we let him redeem it, making gift cards incredibly popular gifts.
I joke that a $100 gift card is an "inferior $100 bill", because you can spend the bill anywhere, but the gift card only in one place. People give them as gifts because it shows marginally more effort than just giving cash.
That's backwards. The company treats the GC as a liability. It cannot recognize the funds as revenue until they are spent. This is GAAP and law (but see exception below).
GCs are valuable to brands because they are marketing tools. Recipients are prompted to go to the merchant to spend money, and they usually spend about 40% more than the face value of the card.
Also, GCs are valuable to merchants for breakage. This is when a card (or partial balance) goes unused. Starbucks, as an imperfect example, recognizes about 10% of their total outstanding GC balance as revenue every year, due to breakage. This amounts to hundreds of millions of dollars.
But all those GC funds sit in investment accounts until they are used. It's genuinely profitable to have millions in unredeemed gift cards (and mobile app dollars) sitting around unused.
I've never had my $100 GC be worth $104 a year later, but for the issuer it is. They just keep the $4.
Sorry I was not aware of GAAP. Anyways, I think the primary benefit is the interest-free financing. The company gets to hold the customer's cash and use it for operations (working capital) for the entire time the gift card is unspent. Maybe I was not right with the account terminology and should have mentioned the cash flow positive impact only.
Well yes, obviously, and the company doesn't have to pay anything for the cost of locking you out of all your work files forever and costing you however much, so it's all upside for them.
If they had to reimburse you for the cost of all your lost files, then we'd see the real impact on finances.
One practical reason gift cards exist is tax treatment. In the UK, small non-cash gifts to employees can be tax-free under the “trivial benefits” rules (each under £50, not cash or cash-equivalent). For owner-managed companies, directors have a £300 annual cap across such benefits. Cash or cash-redeemable vouchers don’t qualify and are taxed like salary.
Gift cards are used by phishers. In our institution, we routinely get personalized spam mails (in the name of the corresponding group lead of the recipient, sent via GMail -- this is not low-effort) that ask whether they are available and, when (accidentally) responding, ask for Apple gift cards.
I had similar trouble redeeming a gift card on Amazon. Twice. (thankfully they got resolved upon appeal).
Enough that I am very wary of buying or redeeming gift cards now, especially more than one in a row.
Apparently there's some sort of scam with gift cards, which must affect any platform which allows them, and legit uses often get flagged by automated systems.
If they are so much trouble for Amazon/Apple I wonder why not disallow gift cards, instead of randomly banning users?
> It's just insane that a gift card redemption can trigger this. What's the rationale?
If I need to guess, gift cards are sold online in money laundering schemes, also on some platforms they are used to let you buy apps from a lower priced country
> I am not a casual user. I have literally written the book on Apple development (taking over the Learning Cocoa with Objective-C series, which Apple themselves used to write, for O’Reilly Media, and then 20+ books following that). I help run the longest-running Apple developer event not run by Apple themselves, /dev/world. I have effectively been an evangelist for this company’s technology for my entire professional life. We had an app on the App Store on Day 1 in every sense of the world.
I am surprised that with such a pedigree, the author doesn't already have contacts at Apple they could reach out to for that personal touch.
From my experiences with people at Apple, everyone seems so siloed that it doesn't surprise me that they couldn't help him. It doesn't seem like they have the culture where you could just drop by the Apple fraud team and ask for help for a friend.
It's relevant because it shows they are not newbie on the platform and are unlikely to have misbehave in some capacity to warrant a full deactivation. It adds credibility to their story.
That sentence smells like AI writing, so who knows what the author actually thinks. (As usual, the other major "tell" is the superfluous section headers of the form "The [awkward noun phrase]"...)
I'm more curious how/why the author ended up with a $500 gift card. That's a large amount, and the author never shares how this was obtained, which seems like a key missing detail. Did the author buy the gift card for himself (why?) or did someone give him a very large gift (why not mention that?)
> I'm more curious how/why the author ended up with a $500 gift card. That's a large amount, and the author never shares how this was obtained, which seems like a key missing detail. Did the author buy the gift card for himself (why?) or did someone give him a very large gift (why not mention that?)
The author mentions a big store (names it similar to Walmart for US based readers).
I would assume this was an accepted form of "return a product without a receipt" or "we want to accept your complain about this product we sold going crazy 1 day after it's warranty but we cannot give you cash back" etc
I don't understand. Gift cards typically cannot be returned, at least in the US. And the author said the gift card was redeemed "to pay for my 6TB iCloud+ storage plan", which also cannot be returned I'd imagine.
The author lives in Australia. You get points from supermarket for purchasing some gift cards during some promotion, it's around 10% of the card value.
Gift cards are central to money laundering and many online scams. I would guess any usage of them (especially in larger denominations) would attract increased attention and additional risk. That's nonsensical of course, why does Apple sell them if they are also suspicious of them, but I would guess if he had paid with a credit card there would have been no issue.
If you receive them as a gift, use them only in a situation unconnected with your cloud ID, such as to pay for new hardware at an Apple store.
LLMs were trained on books like the ones written by the author, which is why AI writing "smells" like professional writing. The reason that AI is notorious for using em dashes, for example, is that professional authors use em dashes, whereas amateur writers tend not to use em dashes.
It's becoming absurd that we're now accusing professional writers of being AI.
I didn't mention em dashes anywhere in my comment!
If this isn't AI writing, why say "The “New Account” Trap" with then further sub-headers "The Legal Catch", "The Technical Trap", "The Developer Risk"... I have done a lot of copyreading in my life and humans simply didn't write this way prior to recent years.
> humans simply didn’t write this way prior to recent years.
Aren’t LLMs evidence that humans did write this way? They’re literally trained to copy humans on vast swaths of human written content. What evidence do you have to back up your claim?
Decades of reading experience of blog posts and newspaper articles. They simply never contained this many section headers or bolded phrases after bullet points, and especially not of the "The [awkward noun phrase]" format heavily favored by LLMs.
So what would explain why AI writes a certain way, when there is no mechanism for it, and when the way AI works is to favor what humans do? LLM training includes many more writing samples than you’ve ever seen. Maybe you have a biased sample, or maybe you’re misremembering? The article’s style is called an outline, we were taught in school to write the way the author did.
The relevance is that it affects whether or not the article's claims are trustworthy, when combined with some other details here. It is very easy to ask AI to generate a grievance post, for whatever motivation. This is why I mentioned it in combination with the question of how/why exactly the gift card was obtained.
There's the further detail of multiple commenters here saying their various contacts at Apple all cannot solve this particular case, which seems odd.
Now that said, given the OP is a published author, it's more likely he is trustworthy on that basis, but personally I still get a "something doesn't add up here" vibe from all this. Entirely likely I'm wrong though, who knows.
LLMs learned from human writing. They might amplify the frequency of some particular affectations, but they didn't come up with those affectations themselves. They write like that because some people write like that.
That seems like straw man. Image generation matches style quite well. LLM hallucination conjures untrue statements while still matching the training data style and word choices.
Heuristics are nice but must be reviewed when confronted with actual counterexamples.
If this is a published author known to write books before LLMs, why automatically decide "humans don't write like this". He's human and he does write like this!
Most of those section headers and bolded bullet-point summary phrases should simply be removed. That's why I described them as superfluous.
In cases where it makes sense to divide an article into sections, the phrasing should be varied so that they aren't mostly of the same format ("The Blahbity Blah", in the case of what AI commonly spews out).
This is fairly basic writing advice!
To be clear, I'm not accusing his books as being written like this or using AI. I'm simply responding to the writing style of this article. For me, it reduces the trustworthiness of the claims in the article, especially combined with the key missing detail of why/how exactly such a large gift card was being purchased.
> To be clear, I'm not accusing his books as being written like this or using AI. I'm simply responding to the writing style of this article.
It's unlikely that the article had the benefit of professional, external editing, unlike the books. Moreover, it's likely that this article was written in a relatively short amount of time, so maybe give the author a break that it's not formatted the way you would prefer if you were copyediting? I think you're just nitpicking here. It's a blog post, not a book.
It's a difference of opinion and that's fine. But I'll just say, notice how those 3 previous articles you linked don't contain "The Blahbity Blah" style headers throughout, while this article has nine occurrences of them.
Did you even read the article? "The only recent activity on my account was a recent attempt to redeem a $500 Apple Gift Card to pay for my 6TB iCloud+ storage plan" a 6TB plan is $29.99 monthly.. It's not farfetched to assume he purchased a $500 gift card so he could keep the subscription without worrying about it!
"The card was purchased from a major brick-and-mortar retailer (Australians, think Woolworths scale; Americans, think Walmart scale)" There's not much of a reason to assume someone else unaffiliated with the author bought this card, he mentions talking to the vendor and getting a replacement which means he has the receipt
Yes, I read the article and it simply does not directly address who purchased the card.
It certainly implies the author bought the card for himself, yes; but that seems rather unusual to me, especially in such a high amount.
Why would you purchase a $500 gift card for yourself to "keep a subscription without worrying about it" as opposed to just paying the small monthly amount? Honest question, I literally don't understand that motivation at all. In my mind a gift card is more problematic than a normal credit card in this scenario since it eventually runs out.
Second question: why did you create an HN account just to write this comment?
I wonder if you can prepay using a card ? But otherwise to answer your potential question, I understand OP as I like to prepay things like my phone operator. I put 500 USD there, and come back one year later. This way it can free-up my limit of 10 virtual cards I have, and most of all, can keep their limits as close as possible to the minimum. If you have a mix of services on the same card it is much more difficult and more risky. If you have 100 USD + 50 USD + 25 USD + 75 USD + 60 USD in monthly spend. Then you have 310 USD at risk, when your risk could be way lower.
“Please don't comment on whether someone read an article. "Did you even read the article? It mentions that" can be shortened to "The article mentions that". ” --https://news.ycombinator.com/newsguidelines.html
Did you read the comment you're responding to? Where in the article does it explain why an adult is buying a $500 gift card to pay their apple subscription instead of just paying for it directly?
I went to Uni with this person (though I doubt they remember me.) They have a very high reputation. If anyone should be able to resolve this, it’s them — that they can’t, and they have to go public, is absolutely terrifying and should make Apple execs pay attention.
I mean that. Exec level. This story and that this specific person cannot get it fixed indicates absolute failure.
This reminds of a joke we have in Russia which roughly translates into English as follows: "Comrade Stalin, it has been a terrible mistake!" The phrase could belong to one of Stalin's own sycophants who unluckily for themselves got imprisoned and executed during the big purge in the 1930s. They didn't understand why it happened to them.
I have a feeling that this guy also doesn't get why this happened to him and that he himself contributed towards it with the work of his life.
The untapped answer is litigation. Call a lawyer and file against Apple. It may take several business days, and cost $$$$ but it will absolutely light a fire at Apple and get the attention of many-a-human. And if they ignore it, well, maybe a class action lawsuit awaits.
To paraphrase an old saying: Live by Big Tech, die by Big Tech.
After nearly 30 years as a loyal customer
I've heard others say this (and was a "loyal advocate" of Windows for around 2 decades myself), but the reality is they simply do not care. You are merely a single user out of several billion.
Many of the reps I’ve spoken to have suggested strange things
That almost sounds like some sort of AI, not a human. But if I were in your situation I'd be inclined to print out that response as evidence, and then actually go there physically to see what happens.
This is why I don't use an os that depends on cloud functionality built into the os for much of its fuctionality. It's really stupid IMHO to depend on a closed system like this to store data.
> This is why I don't use an os that depends on cloud functionality built into the os for much of its fuctionality.
macOS doesn't require this. My Apple account has a handful of apps purchased over the years, and that's it. I could've bought them directly from the vendors, but the store makes it easier to update.
Technically true but I tried using a mac without creating an Apple ID and gave up. You can't access the store without it so you are locked out of Mac apps that aren't installed by default, and all apps that only distribute through the store now.
Perhaps that's not a loss, because why would you want to depend on apps that you essentially need an Apple account to use? I've had great luck with finding apps with Homebrew.
I've used macbooks for 15 years and have never felt the need to create an Apple ID. Maybe I've just been lucky but I have never even encountered a piece of software that didn't offer a direct download or brew installation.
I don’t think it is stupid but the golden rule is multiple backups. I personally believe 3 backups is the minimum. A physical one and 2 others. Either another physical copy stored at another location to protect against things like fire or 2 cloud backups to prevent situations like this. But I have only ever met one person who did this. His house burned to the ground and lost all data at his house but had back ups at his brother and on some cloud service and lost nothing. I was impressed as most people I know have zero back ups.
I don’t think so either in the sense we are seeing in this case. As in there should be some legal protections like sure Apple can choose to close his accounts but should allow him a reasonable amount of time to export his data.
But one should in best practice always have their own redundancies as too many times we have seen companies lose data for various reasons.
It’s pretty silly to rely an OS that you don’t own. Though one can be forgiven if you have basically no other reasonable choice such as on mobile phones.
I think we must have passed peak Apple this week or something…
I’ve had Clone Hero running badly on an ancient MacBook for my drums, so I decided to swap it out for an M1 Mini that was collecting dust on a shelf. I did a full erase, but I couldn’t get past its activation lock. At all.
This is a piece of hardware I purchased on my credit card, for my company, (luckily) linked to a phone number I control and an email address on a domain I can control, but Apple in their infinite wisdom are still locking me out of my own hardware because I don’t know the password the last employee used on the computer! I don’t want any data off it, thats gone, I just want the computer I spent money on to actually be usable!
I initiated a “recovery” process to unlock it (at Apples discretion?) and they’ve sent me an automated email saying the initial checks are passed and they will contact me again in 7 calendar days. Kafka-esque doesnt even begin to describe it. So for the next week I have to whistle Dixie!
I’ve been a massive Apple fanboy since I swore off Windows a couple of decades ago, giving them a decent high 6 figure spend over that time and influencing countless others to buy Apple devices. Well that very much ended this week & going forwards without Apple will be painful, but the message they sent me couldn’t have been any louder & clearer. The writing has been slowly creeping on to the wall for the last few years, between buckling to UK government pressure, the CSAM photo scanning nonsense, the absolute UI abomination of this new glass crap, this was my final straw.
I’m also going to be relaying their “message” very clearly and loudly now to any friend or family member considering another Apple device.
This happened to me[1] a decade ago, now. Left Apple hardware on shelf for a year or two, Apple in the mean time did their iCloud migration or something, and my login account could no longer unlock the device. It's been effectively bricked since.
A similar thing happened to me - I lent a phone to my mother-in-law and created an account for her. She returned the phone once her own phone was fixed.
A few years passed, and a couple of weeks ago my phone broke, so I wanted to use that one until I bought a new one. It turned out that Apple had permanently deactivated the iCloud account on that phone. I could make calls, but I couldn’t install or update any apps, even though I still controlled the email address that was used to create the Apple account. Not that 5S is very useful these days but still.
Not sure if the Chinese have figured out a way for the newer ARM-based ones yet (I realise it's already been several years since the M1 was released...) but I believe most of the older x86 ones have been cracked.
I've unlocked some old Thinkpads that were similarly left locked with a BIOS password by departed employees, officially not possible, but actually possible if you reflash the BIOS and EC ROMs.
A CH341A-based programmer with the accessories ("chip clip" cables and adapters) is available on AE for cheap (~$10) and will work to read/write the main BIOS.
If you need to recover the EC, then I believe anything that can work as a generic JTAG device, like an FX2LP dongle (~$5 or less, and useful for other things like a logic analyser) will also be needed.
> That almost sounds like some sort of AI, not a human
It’s almost certainly not, it’s just humans being human and going off script. I worked in a place where we dealt with an enormous number of customer service requests, and one of our measured support metrics was “how often do the agents deviate from what they’re allowed to offer”.
I’ve talked to apple support reps in the past. It’s absolutely not surprising to hear that there’s confusion. ISTR some aren’t actually direct Apple employees, so they don’t have access to certain information.
> I've heard others say this (and was a "loyal advocate" of Windows for around 2 decades myself), but the reality is they simply do not care. You are merely a single user out of several billion.
What changed your outlook? Did you get burned by Microsoft?
Hard disagree. I find that Linux (particularly but not exclusively Gnome) is actually even better than Windows or Mac OS. I hate having to use Windows or Mac again for how clumsy and poorly thought out they are. It took how long before they finally got Window snapping? And file search is still atrocious on both, and getting worse on Windows.
It always seemed to me the people who deride Linux's desktop GUI are those who actually never bothered to use it, especially not seriously in the past decade.
While Plasma is among the better desktop options, it’s still something of an acquired taste, being a significantly different flavor from either mainstream commercial OS (and particularly un-Mac-like). I know some like it, but having used it on various single-purpose machines of my own I don’t think I could make it the desktop of my daily driver or work machines.
Why would my government care less about me than a multinational corporation with billions of customers that isn't headquartered or listed where I live?
My Member of Parliament represents about 130,000 people, does regular door knocking to talk to people, and has a staffed office a few km away the I can walk into anytime I want.
None of that applies to a multinational corporation.
You're lucky and this is not a representative of the politicians at all.
In my Parliament MPs seem to represent primarily the interests of their donors, not those of their country, not even constituents.
It still better than it used to be, the corr...., er lobbying is not as blatant, but its still obvious.
Seeing the MP? Yeah. Maybe if someone lives in the "unsafe seat" area and the MP is trying to get reelected:)
People can vote the government out on the next election but they can't vote Tim Cook and other executives out of Apple unless they're shareholders with significant voting powers.
And don't tell me to "vote with my wallet". We're talking about Big Tech, not your next door kebab shop.
Big tech giants locking unsuspecting users out of their digital lives is nothing new. What would it take for our society to stop relying on these closed, walled gardens for critical stuff?
How many account lockouts must occur before we accept that digital life built on permission rather than ownership is inherently fragile?
There was a time when I accidentally deleted some photos of which I had only one copy. I blamed myself for being stupid not having a copy but also money was tight for additional drives.
Then there is this: depending on a service provider and then blaming them for something like this. The problem is that now you are losing trust in service providers (of which there should be little to begin with) and on top of that you are also blaming yourself for depending on them. However you have to create a trust model where your fault allows you to have a service helping you with it while a fault at the service provider will allow you to restore data from your end too, getting the best of both worlds.
MacOS and Windows / Google with always logged in systems that lock you out completely at their will is an example of how your devices are not owned by you to begin with and then trusting them with your data as well means your digital life is basically owned by them completely.
Now imagine that there are no humans to solve this but endless LLM bots that respond with generic responses because the LLM has never seen a problem like this. I want to point out that owning your data and hardware is really important if you depend on it and your business especially does.
I think this argument conflates “what’s possible” with “what’s reasonable”.
In a complex modern society, we can’t all be expected to have backup plans to the Nth degree.
Is it possible to bore for my own water supply, install solar+inverter/battery backup for electricity, get a medical degree to treat my own wounds? Sure but most would say it’s not reasonable.
It’s why we have regulations and ombudsmans for healthcare, transport, finance, water provider, electricity providers, communications providers etc.
Oddly missing from that list is critical technical infrastructure providers like Microsoft, Apple and Google.
I actually really like the idea of a Digital Services Provider Ombudsman, who you can go to if you feel like you've been wronged by a big tech corp. They have a "way in" that consumers potentially don't, and they have the capacity to levy fines in certain circumstances. I love this! What's preventing this from happening, other than no governmental pressure to make it happen? I might write to my MP...
> However you have to create a trust model where your fault allows you to have a service helping you with it while a fault at the service provider will allow you to restore data from your end too, getting the best of both worlds.
This is why I suggested to have a dual model. Leveraging the cloud and services is really a good choice as long as you have backup systems running independently as well. Your backups may not be as powerful and full fledged as the main provider but in case of emergencies like these, you still own your data and hardware and don’t panic.
In this example a weekly backup of iCloud to a drive connected to a pi with rsync could be a simple solution. 6tb is not even that much given that 500$ gift cards are being used by the author. The backup is not great but it is easy to see why it’s also necessary to own your data.
That is in no way a reasonable suggestion. You’re suggesting a raspberry pi (first red flag) along with a command line program. This is not reasonable in any sense of the word. Imagine me suggesting that everyone should be set up their own unraid server to make sure they can still stream movies and videos if Netflix goes down. Imagine me telling you you should set up a foundry to build your own engines because you can’t trust big car manufacturers. This is the case with everything in your life
Regulations exist because it’s impossible for any one person to handle everything that needs to be handled.
>That is in no way a reasonable suggestion. You’re suggesting a raspberry pi (first red flag) along with a command line program. This is not reasonable in any sense of the word.
Uh, the guy writes programming books for a living.
But since he's all-in Apple he could just use Time Machine to some sort of NAS and get a more streamlined version of the above.
It’s not reasonable because you’re assuming that 1) they have the time to set up that network infrastructure 2) their skills align with that 3) they have the knowledge to do so 4) they live in a country without strong regulations that would make such a thing unnecessary.
Just because you know objective-c doesn’t mean you know a damn thing about raspberry pis, backup programs, NASes, or anything else. It doesn’t mean you know or want to manage your own network infrastructure. They’re a Mac app programmer, not a Linux professional, not a micro-computer professional, not a network engineer, not a sys admin.
Time Machine wouldn’t work here, because it needs the files locally and he’s already stated he doesn’t have a 6tb drive.
1. I am pretty sure OP could manage to plug in an ethernet cable.
2. Again, he should be able to manage to set up a computer and plug in a USB drive, even if not familiar with the particular OS. People are not that narrow
3. I am pretty sure he could manage to install and run some backup software on his devices
4. I assuming you are missing a not there, but regulations have clearly not solved the problem, in fact its likely AML regulations caused it.
> he’s already stated he doesn’t have a 6tb drive
Someone who uses a $500 gift card to renew subscriptions could afford one
So that solves it for OP, but not for every single other person out there who's not as tech proficient and relies on iCloud for backups.
Which is not an unreasonable thing at all considering it's literally marketed as a storage solution for your photos, and a top of that even encourages users to store originals only in the cloud.
It won't solve for people that only own an iOS device but setting up a Time Machine backup is aggressively recommended by OS level notifications for every macOS users.
A simple usb hard drive will actually do, no need for a NAS. The only action required to implement proposed solution is to check "Keep all data on this Mac" in both photos and iCloud Drive settings. And to be extra cautious add a second backup drive from another vendor (to be extra extra cautious don't use Time Machine for the second drive).
For the specific case of thoses that don't have a big enough internal drive they might need to store data on an external drive. But if you do have 6TB of pictures you normally should ask yourself if a RAID1 or RAID6 is not warranted at this stage.
In conclusion it's not a binary decision there is lot of room between "I solely rely on the cloud" and "never trust the cloud".
> Is it possible to bore for my own water supply, install solar+inverter/battery backup for electricity, get a medical degree to treat my own wounds? Sure but most would say it’s not reasonable.
Bad analogy. A better one would be having a torch in case of power cuts (done that) having some extra food in the house in case the grocery delivery fails, having some basic medical supplies in the house, having mobile internet connection in case your broadband fails etc.
Having backups of your stuff is an emergency fallback
This is one of the worst stories I’ve seen yet. It sounds like they were “all in” on Apple with zero backups, which shows some questionable judgment, but still, this sort of thing shouldn’t be possible any more than a bank deciding to take all your money with no recourse. (They can close your account, but they can’t keep your money.) Maybe hosts should be required to mail you a hard drive with your data on it when they close your account. Regardless, never assume cloud data is in safe hands.
> this sort of thing shouldn’t be possible any more than a bank deciding to take all your money with no recourse. (They can close your account, but they can’t keep your money.)
I once had to help a relative sue a bank who had closed his account after he refused to answer their very intrusive questions (they wanted to know details about distant relatives living in another country). They also refused to return his money (tens of thousands) and refused to explain why. No amount of complaining or escalating made any difference, although we did manage to get a nice recording of an employee saying that he thought the bank was in the wrong.
It took me issuing court proceedings, plus several more months of negotiating with their lawyer, before they finally settled out of court. Even then they tried to not pay the court fee, and they tried to get us to sign an NDA (I refused to budge on both). Altogether, it took 6 months to get the money.
Similar to how people in this thread are talking about mitigating reliance on cloud providers (e.g. with offline backups), I now do not trust any bank. I avoid being in a position where any one bank can ruin my life. That means having multiple accounts and spreading my money around.
Luckily for me I have a legal background so when a corp (big or small) does this sort of thing to me I don't hesitate to sue them. In almost all cases this causes them to "wake up" and start taking your issue seriously, in a way that the front line customer support reps never do. I recommend this to the author of the original post.
all banks. Any bank that can indefinitely freeze your money and get away with it will do it. And now that everyone is doing it, the reputation damage is minimized.
It baffles me how much this community is opposed to Bitcoin (and fails to delimit it from the rest of the crypto-scams on going) when, for me, it is existential. When you go through 1-2 experiences of bank-freezing and you realize your life is literally at stake here, the abstract debates about energy consumption or speculative bubbles feel like they come from completely misinformed individuals.
It's like watching someone on a rail track arguing not knowing what is about to hit them.
> It sounds like they were “all in” on Apple with zero backups, which shows some questionable judgment
iCloud literally encourages users to opt for storing originals only in the cloud. It's marketed as such, it nags you about this every now and then, and iCloud is the preinstalled default cloud storage on every iPhone. Consider non-techies dealing with this too.
I do have backups of most data, including photos, but there are things you can't backup like shared actively edited iWork documents, and things like that. I can rebuild from it, but it's still a shitshow and my very expensive devices are bricked.
Concerning all those 'bricked' devices it would be really nice to get some more details concerning the 'block'.
Can you use your iPhone to call someone, can you use your MacBook overall? Login, use Apple Passwords(!), looking at photos within photos app and so on...
> this sort of thing shouldn’t be possible any more than a bank deciding to take all your money with no recourse. (They can close your account, but they can’t keep your money.)
To me this is the biggest problem. Just like a bank can decide to close your account at any time, it's reasonable that Apple (or any business) could do the same. But they can't keep your stuff.
You can say "don't be naive and assume your cloud data is safe", but in today's world that's like saying "don't keep your money in a bank". The reason I pay for iCloud storage is because it's supposed to be safe (safer than my local HDD going bust or getting lost).
To what extent is the victim their own perpetrator? They allow the status quo to succeed by endorsing it. They voted for this with $30,000 of their own money, and they will likely vote again.
So taking a wrong turn should result in you being mugged, raped and subsequently killed because apparently there was some "safe", but less convenient, passage?
You're not helping OSS by making claims like these.
Obviously you're being facetious, that is not at all what that poster is claiming.
While I agree that entering a dark alley shouldn't result in ill effects, if ill effects happen in said dark alley it is still worth the discussion to remind people to stay out of dark alleys in today's day and age (or until the root problem, whatever it is, is improved).
Pretending that it is OK to enter dark alleys and forcing blame elsewhere will continue to have people unwittingly enter dark alleys.
So many asslickers of Apple here, blaming the victim when clearly anyone could be the next victim. The same issue with clouds like Google Cloud that can charge you 100k USD tomorrow just because of someone doing a loop of wget on a cdn endpoint.
The real solution is to have a neutral, efficient and formal process under supervision of regulators to have such case escalated and handled.
I already see all the tech-bros coming: “you see it was not an issue, they reinstated the account after you posted” while ignoring there are silent victims.
> While I agree that entering a dark alley shouldn't result in ill effects, if ill effects happen in said dark alley it is still worth the discussion to remind people to stay out of dark alleys in today's day and age (or until the root problem, whatever it is, is improved).
This is not a dark alley. It's the main street. It's the world we live in. iPhone has more than half the market share in the US and well over a billion users worldwide. Moreover, Apple, Google, and Microsoft collectively monopolize consumer operating systems on both mobile and desktop. Try going into a retail store and buying a computing device that is not running iOS, Android, macOS, or Windows. That's the reality for most people.
The dark alleys are the non-mainstream options that hardly anyone knows about.
To further stretch the analogy: the main street is now full of potholes, sinkholes, and even landmines. The root problem is that, in exchange for convenience, we as a society have ceded too much power to these large businesses and we are now paying the price for it. We have bought the proverbial monorail [1] and now we are stuck with it.
> The root problem is that, in exchange for convenience, we as a society have ceded too much power to these large businesses and we are now paying the price for it.
I don't know why some people have made "convenience" into a dirty word. Almost everything we do is for convenience. You could live in a remote log cabin with no electricity and grow/hunt your own food, separating yourself from most of society, but that wouldn't be convenient or pleasant.
Individual consumers have very little power over the market. There's a collective action problem, which is why governments and regulation exist... or should exist. The way I see it, the root problem is a massive failure by (corrupt) governments to protect consumer rights.
How do governments become corrupt in the first place though, if they don't start that way? It's collective action problems all the way down.
Perhaps the root problem is that we've blown too far past Dunbar's number to be able to deal with the societies we live in. All of these systems we've contrived to mitigate the trust problem are full of holes.
As for convenience, that carries a tradeoff. All of the technology and all of the revolutions we've had (agricultural, industrial, information technology) have come with these tradeoffs. Even the log cabin has downsides compared to the nomadic hunter-gatherer lifestyle.
> How do governments become corrupt in the first place though, if they don't start that way?
I think the US government did start that way. Maybe not "corrupt" as such, but the United States was founded by plutocrats and was clearly designed to protect the minority of plutocrats against mass democracy.
> Even the log cabin has downsides compared to the nomadic hunter-gatherer lifestyle.
Yes, but I'd say the nomadic hunter-gatherer lifestyle has even greater downsides, and our current state of convenience is in many ways a vast improvement over the precarious existence of our distant ancestors.
LLMs actually do a good job at reading legalese, this may finally reverse the trend of corporations using inpenetrable language to screw over customers.
Of course, that doesn't help in the US with its vicious Supreme Court endorsing the most blatant abuses under cover of binding aritration.
Every single cloud storage provider has a generic cop-out clause in their TOS that allows them to lock you out of your account for no reason at all, with no legal obligation to provide any proper justification.
This leaves you with just about zero cloud storage solutions that you can use.
Yes, yes, you can rsync your files to your NAS. Now explain that to your non tech-savvy neighbors.
You may want to consider filling a small claims lawsuit against Apple for the maximum amount of damages your state permits in small claims.
It's not really about winning the claim. It's about getting them to acknowledge you and hopefully resolve it before the court case comes up. That is, you want them to "settle" by restoring your account.
The OP is in Australia, but I'd like to add some advice which would apply in the US: Apple is one of the few organizations which does not use an arbitration clause, which means suing in court really is an option.
(With the exception of some services like their credit card, but you can opt out of that more easily than any other arbitration clause I've seen.)
Here is how the gift card scam works (in Australia)
[Quote]
Yes they do still get activated at the checkout. But when you go to redeem, the code is missing the last digit or two so it doesn't work. People take the unactivated gift card, tamper with it to get inside carefully so it's not detectable, scratch and get the code, remove the last digit or two, replace the scratch off layer, put the unactivated gift card back on the shelf.
Then after you activate the gift card at the checkout, they redeem it.
This is why Target doesn't have the activation code on their gift cards anymore, you have to have it added with a sticker when it is being activated now, and then scratch it off.
Since your money is gone, I would file a complaint here:
ACCC (Australian Competition and Consumer Commission): The primary enforcer of gift card laws, ensuring businesses comply with the three-year minimum expiry, clear terms, and fair practices.
It's baffling that gift cards are so popular. You're essentially paying to decrease the value of your own money by restricting its use and adding an expiration date (and handing to someone as a gift as if it's a thoughtful alternative to cash).
An even more egregious case is the corporate credit card. The company dictates its use exclusively for business expenses, yet pushes all the liability onto the employee. The business gets a massive, interest-free credit line with absolutely no risk. The company gets the float, and the employee gets the bill and the potential credit damage if anything goes wrong.
Same reason they gift you a book instead of a can of petrol. By giving you a gift card, they're forcing you to buy something sold at a specific store chain, not to buy more petrol.
It can also be a way to make sure e.g. “fun money” gifts are actually spent as intended, getting around things like sense of responsibility, overbearing spouses, etc making the recipient feel obligated or pressured to spend it some other way.
Gift cards are great for companies you don't trust with (up-to-date) payment details. Amazon, Google, Apple, whatever evil megacorp you can think of, they all have made the news with stories like these, and they have proven time and again that they will stand by and defend their arbitrary decisions in court if they have to, because involving basic human intellect in the chain is too much of a fraud risk.
Even if you like their services, who knows what they'll do when they have access to your credit card information directly. I can completely understand why someone would pay for their services with gift cards bought from a well-known, respectable store instead.
This story proves that none of it matters if your money along with your account vanish because the megacorp doesn't like your gift card for whatever reason.
In fact, it is far worse than paying with a credit card directly in terms of risk. At least, when something goes wrong (which rarely ever happens), the bank has your back. On the other hand, I have seen too many cases where people find their gift card codes invalid.
It seems OP bought the gift card themselves as a means to top up their account balance (https://news.ycombinator.com/item?id=46252989). They basically used the gift card as an alternative payment option.
Book a date with TASCAT. I haven't used the Tasmanian one but in NSW it cost me a couple tens of dollars from memory and I got a response in days. Once the case lands with the _LAWYERS_ who are expensive, it'll get resolved.
Civil tribunals in Australia (an equivalent of small claim courts in other countries) do not involve lawyers in vast majority of cases and encourage self-representation instead.
In fact, the NSW Civil Administrative Tribunal explicitly requires the Tribunal’s explicit permission for a person to be represented by somebody else, including a lawyer.
But tribunal's decision is binding on the commercial entity, should it be found at fault and incurs penalties for avoidance or non-compliance with the decision.
> do not involve lawyers in vast majority of cases and encourage self-representation instead.
Sure, but if it's a corporation, who is going to represent the corporation besides a lawyer? In the US, some states explicitly do not allow a lawyer and require a different officer of the company represent them, but plenty do allow lawyers.
If Paris is taking Apple to the tribunal, there's no single human equivalent to Paris on Apple's side. This seems like the exact sort of situation where a lawyer is approved to represent somebody else.
You also get things like Stripe with mandatory arbitration. The arbitrator is chosen by Stripe. Naturally arbitrator wants to keep Stripe as a client.
Stripe terms allow them to hold the funds until 'investigation' is concluded but while held, they have the right to invest the funds and keep the profit.
> Sure, but if it's a corporation, who is going to represent the corporation besides a lawyer?
Under common law, lawyers (in the US sense) are not required on either side in the case of handling a dispute or a small claim.
Specifically in Australia, the company would have a complaint department, and the case would be dealt with by a complaint officer, not a lawyer.
If the scope of the case exceeds the tribunal's authority, the case is handled in the state's district court or in a federal court for cross-jurisdictional matters. The official title of the person representing the defendant (e.g. a company) in a courtroom is the barrister, but the case documentation and legal advice are provided by a solicitor.
Hi, I’m closely involved in xCAT cases for my Australian organisation.
We send an in-house lawyer to represent us at every mediation and hearing.
Every complaint that goes to an official body is dealt with by the lawyers at that point. Only if they complain directly to us does our “complaints department” handle it.
There are escalative methods to employ in such situations.
In many legal jurisdictions, a 'demand letter' holds weight. These can be served by courier, with proof of delivery as valid. One aspect of such a letter is a hard, specific time by which you will start legal action, along with associated additional costs.
You have two paths after the letter. The first is small claims court, or normal court. In many places, small claims court does not allow lawyers, and the judge will even have to explain any confusing terms.
Which means the playing is leveled, including reduced or no disclosure requirements, and legal cost assignments. Where I am, it's $100 to file.
The goal is to force a fix, at threat of legal consequences.
It is saturday! Guy had a trouble during non-business times and advice to make a complaint to ACCC?
People who unlock accounts do not work on weekends, it is not front line of support who works all the time.
What happened with giving a chance to people (which is Apple consists of) to actually do something before complaining to 4 letter agency?
Also ACCC will not deal with such complaints. It says right on their home page.
I didn't see a timeline but there were indications that the author has been trying to resolve this for much longer than one day.
Regulatory agencies can forward complaints to other authorities and act based on them even if they can't resolve the particular issue for the complainant.
There is part of me that sort of wishes this would happen to me. I wonder if getting locked out of my cloud identities + bricking all my devices would actually be a great blessing in disguise from the Machine?
I treat apple ID and google ID like throwaway accounts. I would never trust anything valuable to either. The problem is that it is very hard for "usual people" to do that.
I will also never have an electronic ID. We (Switzerland) were dumb enough to vote yes for it but we are giving away our freedoms eventually.
We need regulations to ensure vendor cannot lock in users and cannot threaten them. Everything should work like if you have your own domain and use email. If your provider go nuts, move your hosting and change your MX and point your local copy to it.
This should not be reserved to some nerd like me, it should be an universal right.
It is already late, but it can be reversed. We need for more sotires like this one to errupt, so people understand.
> I will also never have an electronic ID. We (Switzerland) were dumb enough to vote yes for it but we are giving away our freedoms eventually.
What's the link with the rest though? Your government already knows you, whether your id has your information printed with ink or stored on a chip.
Belgium has had electronic id for decades now and I fail to see how it has taken away any freedom, but it has enabled people to get their official documents online without having to make appointments in person in most cases.
I think the fear many people have is that digital ID will be required for non-government services as well. I can easily see that happen in the USA and Switzerland is the kind of weird that may also let that sort of thing happen.
With things like age verification becoming mandatory just about everywhere and actual privacy-conscious digital age verification being very difficult, there's definitely a risk towards abuse and badly designed authorization mechanisms (although the EU's open source backend and frontends should make it easy for other countries if they do actually care about privacy).
It seems to me as if it would get used by the same services that already require an id, except they would now not require a physical check of the id anymore.
You don't? Google already requires ID for developers in Belgium [0], and it's complying with regional laws for age verification [1]. The EU is also starting to look at age verification [2]. I don't see how it's such a stretch that Google may want to expand this further even in the absence of government demands, considering the huge ad/data incentive for them to directly link accounts to IRL identities.
> The problem is that it is very hard for "usual people" to do that.
Exactly, for all the victim blaming in other comments, try to explain 3-2-1 backup to non-technical people and you'll be met with glazed eyes.
Sadly I think it's going to take more people losing their irreplaceable digital assets and for the network effect of having it happen to someone close to actually see any change.
There's a surge of people losing their Google accounts with hackers abusing parental controls at the moment, although I suspect a lot of those people will just move to Microsoft or Apple thinking they're safer until they get burnt there too.
My grandfather’s Apple account was blacklisted too but I was less sympathetic to him because he genuinely sends spam email from his personal account (it’s politically motivated).
One day he was bricked from his accounts because he ran afoul of Apple’s ToS. The problem then was I couldn’t feel sure that he hadn’t actually done something which a reasonable person would say should result in account closure.
Paris’s case is much more strange, because it feels more likely to be a false-positive.
There is no legal right to have an account with Apple or Google, and I’m not sure I want there to be. But so much of our lives are built on these services and these stories erode our trust that the services themselves can handle the responsibility of adjudicating acceptable use. We need our digital accounts to be robust in the very long-term, even when there are bad actors who want to do all manner of bad things. And we need to feel confident that a properly empowered human reviewed the case and can articulate the reasons for a ban. When we charge a person with a crime, we tell them what the crime was and give them due process to fight it. I’m not sure I want the courts to decide these questions but we need some more due process when it comes to account termination.
> There is no legal right to have an account with Apple or Google, and I’m not sure I want there to be.
There shouldn’t be a legal right to an account, but there absolutely should be a legal right to sit down with someone from the company to plead your case, understand why the account was locked, and at least be given the opportunity to gather your things if they decide not give you a second chance.
If you get evicted from an apartment they don’t just change the locks and keep all your stuff…
There should be a legal right to a clear explanation and a mechanism of appealing these decisions with an external organisation. I think it’s unreasonable to expect that they should be able to delete users this casually with everything that is tied to your devices.
You could make it so costs for arbitration could be paid up front by the person appealing and then if the account deletion was deemed wrong the company refunds said user. Could probably apply to monetisation on YouTube that I see withdrawn for very dubious reasons too.
>arbitration could be paid up front by the person appealing
We need a constitutional amendment that prevents binding arbitration agreements, which removes judicial review from public accessibility.
There absolutely should be a legal right to pursue this through the courts (which require a response from the company, to avoid default judgment).
----
My main PiHole blocks all of *.google.* & *.apple.* for many reasons. My exploration into PiHoles began a decade ago, after Google pulled a similar response-less account termination (without explanation). This left me unable to update a blog (with several million annual impressions), with no recourse [0].
[0] Unlike OP's situation, I was able to download most of my writing/photos, only because they were public-facing (website).
I'm not the biggest advocate of the EU DMA, but account and device access is one item we should actually be regulating very heavily, where potential penalties for (suspected) abuse or incompliance must be much more granular than full-on account bans.
It's hard to believe EU governments are actually considering mandating iOS and Android as gateways to access government services. It's a level of ignorance that's unfathomable.
This story is also exactly why I invest precious time running a Linux machine in the basement that rclones my cloud drives locally, as well as having full local copies of my webmail contents.
> It's hard to believe EU governments are actually considering mandating iOS and Android as gateways to access government services. It's a level of ignorance that's unfathomable.
There's a good reason behind this approach, even though I don't think the benefits outweigh the downsides. These apps are supposed to be the phone equivalent of the NFC chips inside of passports and ID cards, which have all kinds of encryption and verification inside of them. They have to be protected against malicious data extraction, manipulation, and other fakery.
Phones do have the ability to do that, even free ones, and even regular desktops and laptops. How they do it kind of depends on the implementation (whether you call it a "secure element", a "TPM", or a "trusted execution environment"), but they all come down to "hardware proof shows that this digital signature is not extractable or alterable". The data isn't supposed to be something you can access, like a password, but something you can only do signed reads from, like the physical ID chips.
In iOS, that part runs entirely on dedicated hardware which will refuse to run non-Apple code, which is probably the best approach. On Android, there are more options and many phones run a software version of that concept in a dedicated separate virtual machine to save cost on physical hardware. The security of that virtual mechanism relies squarely on the early boot process having been verified not to be altered by malware. That's what the Google verification library is for in this case.
This approach can work just as well on other hardware with dedicated TPMs (although a lot of free software enthusiasts will tell you those are evil contraptions designed by Microsoft to turn your unborn children into little versions of Clippy) or dedicated encryption modules. However, you'd need a common enough, accessible API for those to function. That's actually quite easy on Windows and macOS, but Linux TPM support is rather woeful at the moment, especially with how uncommon things like secure boot (even self-signed secure boot) are.
In practice, nobody is going to buy a special sort of yubikey to log into their government's tax portal. Dragging people into basic multi-factor security has been a challenge that lasted decades.
However, pretty much all citizens already have phones capable of top-of-the-line security verification. Developing a free app is a lot easier than implementing cross-platform HSM support for a novel authentication mechanism.
All of this comes at the cost of having to run vendor-approved software. That's a huge problem for a lot of HN visitors, but those people form a sliver of a fraction of the population. I'm willing to bet the EU's digital access is inhibited more by the amount of old people without cell phones than the number of people who care about free software.
I personally feel like outsourcing this kind of trust to closed source implementations of vendor blobs is a terrible idea, but it's hard to find an accessible alternative that provides even the lax security properties those blobs provide.
Something I do find lacking in discussions about these technologies is how much the EU is relying specifically on American vendors here. America has been shown to be an unreliable ally that will gladly force the EU's hand with whatever mechanism comes to mind for extremely arbitrary reasons. There is a distinct lack of European alternatives when it comes to accessible secure computing, and I'd rather see the EU invest in local alternatives than go all-in on the security promises from Apple and Google.
We must have regulation, and I support that fully. It also seems healthy to me to have an independent view on the specifics of said regulations. I mostly agree with the vision and direction of the DMA, but in my opinion it lacks specificity and clear unacceptable boundaries.
That lack of specificity, to me, is why Apple has been able to implement malicious compliance. At the same time the lack of specifics risks companies leaving the EU market in its entirety due to regulatory unclarity with high fines.
Wow. This is a cautionary tale. I don't think I'd be as devastated as this poor chap, but as it grew I realize I've allowed my iCloud photo library to become a single copy.
How are people handling this these days? If i wanted to ensure a full backup of everything on my iCloud to a NAS, what's the best way these days? Seems like they make it difficult by design..
I self host an Immich [1] instance to backup photos on my iPhone. It’s OSS and has a level of polish I’ve rarely seen in free software. Really, it’s shockingly good. The iOS app whisks my photo off to my home server several times per day.
What I’m not sure about is how to backup things like iMessages, Notes, and my Contacts. Every time I’ve looked, it appears the only options are random GitHub scripts that have reverse engineered the iMessage database.
I use Nextcloud for files/contacts/calendar/etc. as well, but for photos I use PhotopPrism [1].
The reason is simple: photos require much more processing and focus on performance. In addition, photos take up much more space, so while my Nextcloud instance runs on an SSD, the photos reside on an HDD, mostly in sleep mode.
The imessage db is literally just a sqlite db. If you have a Mac you can read the entire thing with an applescript. It’s really easy from what I remember from years ago
I run a separate Mac Mini that has the full iCloud Photos library on a massive external drive, set to "Download originals". I then rsync that filesystem to a separate Linux box. This works but you must not ever disconnect the external drive.
I don't have a solution for iCloud Drive, as there wasn't a keep offline setting last time I checked. So use it only ephemerally.
Arq [1] has an option to "materialize" dataless files, basically forcing them to be locally available. The only issue is if it's a large file and it gets pushed off device often, you can burn a lot of bandwidth re-downloading it over and over again.
At least as of Sequoia, the Settings > iCloud > Drive > Optimize Mac Storage option enables iCloud Drive files to be stored offline. Likewise, right clicking any iCloud Drive files in the Finder includes a Keep Downloaded option. Since I minimally use iCloud Drive, in the past (older OSes) I also had Hazel make copies of iCloud Drive files so they were certain to be in backups.
I'm not familiar with the "Photos Library.app", but I have an m4 mini with my photos in a Photo's Library. I'd love to know your script to rsync the photos into a separate drive/directory
(note: tested with brew rsync, IIRC the default rsync is outdated on macOS)
Somewhere in the directory structure is a folder /originals/ which has all the actual files.
Note that this is only a last resort backup. Restoring the library as a whole requires a Mac with a compatible OS version. Restoring without a Mac would only get you the originals, so only the out-of-camera files (jpg, heic, raw), with no edits or metadata changes from Apple Photos applied (Apple Photos doesn't touch the EXIF data). You'd probably also lose the video part of all live photos, as the live video files stored as separate files and not part of the .heic files. They're there, but not very usable.
An alternative to this workflow is to export all photos (with edits applied) from the Photos app, but honestly I'm not sure if that even works and how long it would take for multi-TB libraries.
The issue with OneDrive is that it doesn’t store metadata like the photo location, its damn near useless. But I do pay for storage for Google Photos and iCloud.
If you take all of your photos from your phone, you don’t need your Mac at all. Google Photos will sync directly.
I wouldn’t use BackBlaze (the $7 a month service). It doesn’t support NAS at all and it has to phone home every 30 days or it will erase anything that is stored on external drive.
I would use an app that backs up to their B2 service.
I personally just use my personal AWS account to back up my Plex media and just use the AWS s3 sync command using the AWS CLI and store everything in S3 Deep Archive. It’s less than $2 a month for 2TB.
Backblaze doesn’t erase after 30 days… I’ve had a computer be offline from it for several months and it still retained all data. And you can use the backblaze docker container to run on a NAS, much much much cheaper than B2.
Wasabi is much cheaper than AWS as well.
Finally the best solution for backing up your iCloud Photos is definitely Immich. Set it up on your own NAS or a VPS, back up to that, and then back up that server to an S3 storage using rsync or restic. I’ll note that I still backup to Backblaze because its so dang cheap.
I spent months trying to find the best setup a few months ago and this is by far the cheapest.
But still, this shouldn’t be required for normal people. They should get what they pay for.
> It has to phone home every 30 days or it will erase anything that is stored on an external drive
It’s actually more nuanced. It will back up files on a USB attached drive. If it doesn’t see the drive attached for 30 days, it will erase the backup.
If you have your computer off for more than 30 days and you bring your computer back on and the USB drive isn’t attached when it connects to BackBlaze, it will erase it.
Only if you’re backing up nothing and using non-encrypted files and making sure you don’t delete anything (rsync with delete turned off). I tested this not even three months ago. I hit $30 with only 3 tb of data with deep archive while wasabi AND backblaze cost less than that. No need to even trust a single provider. If you’re never changing your files AND you don’t care about encrypting them then yes GDA is fine and pretty cheap. Otherwise wasabi and backblaze get more done for less cost.
yeah that's the thing. When my iPhotos library exceeded 1TB I lost the ability to store the full local copies. Since then, iCloud itself has been the sole source.
I recently rebuilt my home server as an unraid machine. Currently it’s mainly torrents and a Minecraft server but it’s got 10tb of locally redundant storage with a sightline to scale that to around 24tb, so it would be a logical place to store a full gphotos copy.
Thanks, I have the same problem and need to do something about it.
I wonder if it can calculate (estimate) how big of an external disk I'll need. My wife and I each have 40-50k photos and a few thousand videos in iCloud Photos.
If you want to truly save your photos, make backups of the locals and put it in your safe deposit box at the bank. Or alternatively, at a trusted friend/relative's house.
Even doing this yearly can save the immense sadness of lost memories. And of course, this works for emails, and everything else.
If you encrypt it, make sure you use a method not tied to any external service, or the machine you're on. I don't use Apple, yet I suspect that an encrypted external backup might be tied to your Apple ID, or some such, because that's how the world flies today.
Yeah, the plan would be external disk -> offsite storage.
I wouldn't bother to encrypt, it's just family photos and I wouldn't want to complicate restores. Especially if it was my wife who eventually needed to use it.
immich is an extremely polished, FOSS alternative to google/apple photos. It's an investment, but a 4 bay NAS running immich should do nicely. Additionally I backup snapshots to Backblaze B2 via restic which runs another $5/TB
Why would you need it to be end to end encrypted anyway? You’re running it. Set it to only upload photos when you’re on your home network and you’re fine. Or fork it and make a PR and make it e2e encrypted.
You can’t just “fork it and make a PR and make it e2e encrypted”. All the features run serverside, e2ee is fundamentally impossible because of its design, of which you seem to know fuck all.
I’m being dismissed by I run a rather large homelab and I still want my photos iCloud like, where end devices decrypt and run ML. Immich is a Google Photos clone where you give it everything and some server does all the magic.
Syncthing is wonderful, and does a great job of syncing between an Android phone's photos/videos and a laptop. And if you have regular automated backups of the laptop, you'll have backups of the photos/videos too.
For an iPhone, perhaps you could use iTunes to sync to a computer and back up that computer.
sushtrain seems like the best option for syncthing at the moment. its a bit more polished than mobius. neither of them sync in the background but i think i remember seeing someone using shortcuts to open the sushitrain app every now and again to wake it up so it would sync
Sync to Dropbox -> Dropbox hourly & monthly backups to my NAS using Bvckup2.
(One of these days I’ll setup my NAS to backup offsite fo a #3 backup).
I know that others with Macbooks sync their whole library to their Macbook and then Time Machine to a NAS as their copy #2. Is this vulnerable to the problem in TFA?
I simply manually periodically download everything to disk/software raid. Really important/sentimental stuff like baby photos and videos I have on DVD with par2s.
I ran into similar issues with Apple. They have a very tight leash on gift cards (likely due to an increase in frauds and scams involving them). And once gift cards get triggered for fraud, your purchase account, which is separate, gets disabled. It’s a giant headache because their support team varies widely in terms of training. Getting it resolved is extremely difficult as a result. I wouldn’t wish climbing out of that to my worst enemies.
Here’s my lesson from my own episode:
1) Create an entirely separate purchasing account for Apple hardwares and gift cards. Do not use it for anything else. Do not put this account in your family group. Save all receipts including all paper trails from your gift card purchases and trade-in’s. You will need this information to prove that they came from legitimate sources.
2) Make sure your kids’ accounts are not labeled under 13. It will be nearly impossible to keep those accounts if your account goes down because they need to be physically detached and moved to a different family group which is not possible if your account is nuked. Your family will lose access to all Apple services within 48 hours.
3) Think twice about relying on your iCloud. Once your account is nuked you will eventually be downgraded to free tier since you cannot pay for the services. Do at least one or two back ups per year from your iCloud. Yes, downloading pictures and videos will take a long time but it’s better than losing them. Also, if you use the Notes app on your iPhone, be aware that it’s not easy to backup and download them. Have a plan or use a different app.
4) Once you’re flagged, nearly everyone at Apple will treat you like a fraudster. I was even accused of trading in stolen goods to obtain my gift cards and needed to provide purchase receipts for my devices. So be prepared to have those conversations. A lot of us here have been Apple stans since 1980s. None of that will matter. They will treat you like a scammer. It hurts because you supported this company through some rough times when people laughed at you for that G3 Macbook Pro and your MS Office crashed ten times facing tight deadlines at work.
This is horrible and a big reason why I refuse to go “all in” on Apple, Google, or Microsoft (among other reasons). Apple is the one I’m closest to given my hardware, though.
Given how invested you are in the Apple ecosystem I can’t fathom why you would go get an Apple Gift Card from a store to do this kind of transaction, though. It wouldn’t even cross my mind to do it that way.
Yeah it seems odd, and if Apple won't tell him or do anything, it might be because they can't: such as circumstances of an active police investigation.
We are obviously not going to get a fuller idea about this situation from a blog post, and while I won't assume that the author has done anything wrong, there have been similar stories in the past where the affected individual was deliberately withholding the whole, much more illegal, story.
Presuming his innocence: What could have happened here is that the gift card he's purchased has been marked as part of a scam operation. Apple gift cards are frequently used for "tax bill" and "police fine" scams in Australia (where they are sold there is often signage informing people of that.) So potentially this person is accidentally roped into that.
Also it's not entirely unheard of to purchase gift cards for long-time users (who would normally just use their linked credit card), as the cards are often sold in the retail space with a 10% discount, or can be redeemed as rewards through points/loyalty schemes.
With all that said, at this point if he's not getting anywhere, he should approach a lawyer, as they'd be able to petition on his behalf (whether that is to Apple or to the state of Tasmania.)
It sounds like the gift card # is included as part of a police investigation (as you already know scams often use gift cards as payment) - which would explain Apple's inability to help you or provide information (because they would be required by the state not to.)
You should approach a lawyer to petition Apple and the Tasmanian police on your behalf.
If local backups were not so hard...
It is sometimes impossible to back up an iPhone to a computer; yet seamless to backup to iCloud... Infer what you will. I am skeptical of over reliance and dependance on Apple more than ever. Unfortunately, interoperability is something we can wish for rather than expect.
This just makes me extremely concerned for the iCloud transition I’ve been making. It shouldn’t be this easy to perform a user-disruptive action from the support/ops side. I would think they’d have visibility to some sort of “reputation” metric, given the age/purchase history etc even if anonymized.
I can understand this happening if it was a freshly created account topped up with a sus gift card but it’s unacceptable that the first action is to completely block an account with history.
Even more concerning is the nonchalant support response to “go create a new one” with emojis. C’mon Apple — this is just a terrible way to respond to this situation.
This sucks Paris. What hope does the normal joe have to get a fair shake if you can't even get this resolved? The layers of click through contracts, opaque terms, LLM customer service, un-empowered customer service, and arbitration agreements make this a crazy relationship we get into with big tech. If we have a problem like this, we should be able to talk to a person at the company that can resolve this right without threatening a lawsuit. It's nuts.
I'm curious about the apple's passwords app. Where you able to use it? What about passkeys?
Send this in an e-mail to tcook@apple.com. He has a team that reads for stuff like this and can magically fix issues.
I've had to do it before, also for a gift-card-related problem (different from yours), and I was contacted by a member of the Apple executive escalations team a couple days later.
I don't see stories anymore from this working. Back when it was under Jobs, there were more concessions from his team operating the account. And maybe in the early Cook years. Apple has trimmed a lot of fat.
I did read about part of the product development org having a standup about trending social media cases, and prioritizing followup on items that were under public scrutiny.
I have a friend who did this last year after he had a poor support experience with AppleCare for his Apple Watch and he got a call from Executive support early the next morning
Maybe events like this will be a wake up call to our community. Virtually everyone around me uses Apple everything - colleagues, friends, family. And they find it weird when I say I don't use Apple out of principle and I even have to justify it.
"Many of the reps I’ve spoken to have suggested strange things, one of the strangest was telling me that I could physically go to Apple’s Australian HQ at Level 3, 20 Martin Place, Sydney, and plead my case."
This does not seem strange to me and could be a course of action. When I moved my domains off Google because of this type of "banned without recourse" possibility, I found a registrar that had a physical address, small office, and people listed on the company website (porkbun) so in the worse case I could fly to the office and straighten things out.
No mention of even going to an Apple store. Maybe the nearest one is very far away from him?
If I were the person at Apple in charge of this kind of matter, I would ignore this case, just as I do for other regular people. Everyone should be equally not cared for by Apple. That's how Apple sucks in a way I can accept myself still using their product.
If the only way to get your digital property back is a public plea to your Lord, that's called feudalism. Everyone should be treated fairly, not only those who can get their public pleas heard.
You just made it clear to me why I felt not resonated and a bit uncomfortable reading that article, despite I thought I should be. Because what I want to see is something straight like "fuck you Apple", not a begging and emphasis on how much the author has contributed to the megacorp.
This seems to happen quite often. Not just with Apple, but also with Google. In spite of this obviously insane behaviour, EU governments want to rely on Apple and Google for smartphone-based electronic government IDs.
I upvoted this for visibility but if you put your entire digital life in the hands of any of these tech companies and store all your shit in the cloud with no local backups, you are at least as blameworthy as they are. I’m less surprised that Apple would do this than I am that somebody who is clearly tech savvy could be this stupid about tech.
Apple clearly has a problem. In recent months there have been a number of reports online of people getting locked out of their Apple ID/iCloud, the appeal getting denied, and Apple refusing to disclose why or reverse it. Generally those reports don’t relate to gift cards or developer accounts.
My father passed many moons ago, and the family wanted access to his icloud account and they did not have the password. This was a huge struggle. Finally, after weeks, we were able to reset the password, but only because we had access to the email he used. In retrospect, perhaps it is a good thing that Apple restricts access like this for privacy and security. But in this digital age there should be other mechanisms in scenarios like this. What if i wake up from a coma, and forgot all my passwords and have not recorded them physically anywhere ?
Off-topic and a stupid question: why does anything related to Apple attract so much attention on HN? As a newcomer, I assumed HN focused mostly on reverse engineering,retro computing, and deep technical topics.
Apple offers the most convenient computing experience available to mankind as of right now. That's why I care, at least. I love their products and services, but not so much when it fails (as in the authors case). That shit is scary.
Tech stopped being full of tech nerds when 10 weeks in a JavaScript boot camp and a few thousand lines of code in your personal GitHub would land you a $140k remote job.
Maybe now we will start seeing a reversion to the people in it for the passion.
I would not say your list is anything like complete, although those topics are often discussed here. Apple is a huge player in the general computing ecosystem, and probably a majority of front- and back-end developers these days work on macbooks, so it isn't surprising that the things they do resonate in this community.
HN hasn't focused on those topics in a long time, they rarely are on the front page. Skip the top 20 articles and you'll start to see some interesting content instead of all the VC & AI drivel.
Hackaday is a content aggregator site that usually has more content on these topics - https://hackaday.com
Companies like apple should be liable to pay many millions in damages for this kind of shit. The people should make it hurt so much for them that they think twice before doing it without having a clear and working appeal process where you are clearly explained what happened and guided through it.
My son was just scammed out of $1000 using some gift card scam. Typically these gift cards cannot be revoked once issued and anyone using the gift cards (like the people who scammed my son) would be able to reap the rewards without any consequences. I’m hopeful that Apple has found a way to track fraudulent Apple Gift cards and are now locking people’s Apple ID who use them. I suspect there’s more to the story than is being shared. What’s the provenance of the original gift card? Could it have been obtained through some not 100% above board means?
From other comments explaining the kind of scams running at the moment, one possible scenario is that the card may have been taken, tampered with by a scammer (and the code recorded), and then placed back in the supermarket, with the scammer waiting until the OP purchased it and it was activated at the checkout.
Perhaps between the scammer redeeming it and the poster then trying to redeem by entering the same code, the scammer’s account was flagged and then the OP’s account terminated along with the scammer for using the same code (even though the OP had done nothing wrong).
hopefully he’ll get resolution by bringing his case to the “media”. Still, for someone who heavily presents the argument that he’s a professional writer and even says “I am asking for a human at Apple to review this case.” , I find it odd that he tries to make his case via an obviously ai-written post.
I mean, isn't writing what you said you do for a living?
Out of curiosity, why did you buy and redeem such a large gift card instead of paying directly? And was this a form of payment that was unusual in light of your account history?
I have similar questions. At the scale Apple operates I'm sure mistakes are made all the time, but often it feels like there is something missing when these types of stories pop up. I have had support from Apple before and they went out of their way to help me, supervisors doing research and calling me back for example. How Apple stonewalled here makes it seem like it was more than a single large gift card that caused the issue.
Back in 2015, I traveled to the US and wanted to buy a Macbook Pro at the Apple Store. The configuration I wanted wasn’t available in Apple Stores, and I couldn’t buy it online because at that point there was some limitation in the online store like they only took US credit cards, or something.
At the Apple Store, the employees suggestion (a more senior one, who was consulted) was to buy a gift card for the computer’s cost (~$1500) and pay at the online store with that. I didn’t do it because buying “virtual stuff” for that amount seemed crazy (this was a huge amount of money for me, at the time).
This happened to me really early on when my original Apple ID had an invalid format, as it was an ID made prior to the current version of Apple ID everyone uses, and Apple refused to port what I owned to the ID that I was forced to generate to sign into my newer device. My old ID had software no longer available in App Store, so this wasn’t just a matter of needing to repurchase apps- they were taking away my ability to use applications I bought from them. Since then, I’ve been incredibly wary of losing my Apple ID. I have a lot of respect for Apple, but I would bet that it’s easier to deal with ID related problems for someone with Q level clearance in the U.S. government or even a non-existent Men In Black ID problem than to resolve a problem with an Apple ID. They probably would tell the almighty to get a new ID.
I do have an Apple ID, which was banned due to fraud and customer support couldn’t do anything about.
The thing is, that account was just used for dev. things for the US company, which builds/sells software for the US federal government (among the other US entities).
This happened to me as well with a secondary iCloud account, and I still have no idea what triggered the ban. Apple support said they couldn't reverse it. The account was on an old iPhone, and after the ban, it became impossible to log out, rendering the device e-waste overnight. I at least didn't have any valuable data in icloud. But that experience prompted me to stop using Apple products or any other device that requires an online account to function. Fortunately, since recent AMD APUs are quite capable, I sold my MacBook M2 Max and have happily returned to using x86_64 Linux. No more Apple in my life, ever.
While I understand the attraction of doing so, I’m not sure I like the implication in the post that the reason this needs to be reviewed is because of how loyal of a customer this person is, or the fact that they have written books on developing for Apple devices.
This is why I self host my blog. My email. This is why i try to stay away from the convenience of big tech. It is not the first time this happens and it will not be the last.
Wen thinking about risks from depending on the cloud, people fixate on the risk of losing data, when this kind of denial of access is a much more likely occurrence.
I've started on my de-appleification plan in earnest this year:
This kind of Kafkaesque behaviour is what I've come to expect from any kind of online services. It's also why I won't use anything that cannot be setup offline.
I used to have an eBay account, and at some point, despite not having used it for a year or so, I got an email saying I was permanently banned from eBay.
No appeal, no reasons given, no possible way to create another account.
Just. Banned.
The companies need to be big enough to provide the amazing services they do, but once they are large enough they will never care about individuals.
My internal model of large companies is that they are intelligent, psychopathic aliens. The people in them are like cells in our body, important for the function, but with no agency, and they are not who you are dealing with.
You're dealing with the company, and it's an inhuman, psychopathic alien.
PayPal permanently blocked my account and all of its connected cards and bank accounts after I sent them my passport for some verification (I don't remember why). It was because a lifetime ago I had opened my PayPal account as a minor.
Yeah literally the exact same thing can happen on android and windows. The solution is regulation, not ridiculous solutions like telling billions of people to back up their own stuff.
The broken logic is that it will expose why the account was flagged, and thus, allow 'bad actors' to better navigate and bypass such flags.
Of course, this is absolutely silly and beyond absurd, for bad actors share information of forums, can deduce fairly easily, and even have help from people on staff.
Such actors typically know about detection and flagging methods within days of implementation. There's literally zero benefit to secrecy. None. Security through obscurity can be a beneficial additional layer, but it simply never helps here.
We really should pass a law requiring full disclosure of the precise method of banning. I can even see a 'trial' period, where accounts activated (and used!) for 3 months receive this benefit, but new accounts, or new + dormant accounts do not.
This should likely be coupled with mandated full refunds of phones or computers, as an example.
Note that this isn't a 'free' account we're talking about here. An Apple account, or a Google account is required to use an iphone or pixel in its default config, and all the features it entails. These accounts aren't free, they're part of purchase cost, and core-required.
(Even if it's a, for example, Samsung phone? It comes pre-installed, with uninstallable Google Play cruft, as part of an agreement with Samsung. Same conditions need apply here)
Not for long. Android phones (with Google Play Services) will soon require some degree of authentication to sideload applications, once that happens then those phones will only have the barest of features available without a Google account.
For the average person, including buying apps, this simply isn't a reality.
And Google will now be throwing up massive "OMG! You're going to install an app that isn't from the Play Store?!" warnings to anyone that tries, including requiring some degree of technical skill to do so.
> That‘s always the most kafkaesque part of these problems and should be illegal
it is very likely illegal to tell him. it was triggered by the use of a gift card, and therefore very likely to be AML, and in many places (I am not sure about Australia specifically) it is illegal to provide information in the circumstances.
Perhaps the most annoying thing about this, certainly after getting traction on HN, is that his account will be reinstated....
...and then nothing. No sorry, no "here's what went wrong", no blog post to address the angry masses, no recognition, reconciliation, or reformation. Just things working again and silence.
This is a good post and I wish all the best to the author that someone from Apple can help resolve this. I will personally never use iCloud ever again because of this.
I went back to an MacBook pro M5, after being away from Apple for a year or 5 (Lenovo etc).
I tried to re-enable my apple account but I had to wait 5(!) days to change the password. I ended up making another account.
It's a defence mechanism against account hijacking if someone has access to your phone number, linked to your account. Went through the same procedure to recover an account I haven't been using for a few years.
As someone using Linux to build web applications, I wonder what about the Apple ecosystem could make it worth to have such a Damocles’ sword hanging over me my whole life.
Am I missing something? My current perspective is that not only am I free of all the hassle that comes with building for a closed ecosystem, such as managing a developer account and using proprietary tools, it also comes with much harder distribution. I can put up a website with no wait time and everybody on planet earth can use it right away. So much nicer than having to go through all the hoops and limitations of an app store.
Honest question: Am I missing something? What would I get in return if I invested all the work to build for iOS or Mac?
Plenty of things do work better as a native application. Packaging is a pain across the board nowadays. Apple is pretty good, you pay a yearly fee if you want your executable signed and notorized, but they make it very hard to run without that (for the lay person). Windows can run apps without them being signed but it gives you hell and the signing process is awful and expensive. Linux can be a packaging nightmare.
If you're full in Apple ecosystem, like my GF, you get:
- Shared clipboard across devices
- Shared documents
- Shared browser
- Shared passwords
- Free, quality office suite
- Interoperable devices (use iPhone as camera on Mac, for example)
- Payments across different devices (use clock to pay, for example, shared with your iPhone)
All of this with just one account without any third-party service.
And billion of things more, probably, I'm not a full Apple head.
And that website is hosted somewhere, you’re using several layers of network providers, the registrar has control over your domain, the copper in the ground most likely has an easement controlling access to it so your internet provider literally can just cut off access to you whenever they want, if you publish your apps to a registry the registry controls your apps as well.
There are so many companies that control access to every part of your life. Your argument is meaningless because it applies to _everything_.
A trustless society is not one that anyone should want to be a part of. Regulations exist for a reason.
Not wanting centralization under one company does not equal advocating for "trustless society".
All the things you mentioned (registrars, ISPs, registries, etc) have multiple alternative providers you can choose from. Get cut off from GCP, move to AWS. Get banned in Germany, VPS in Sweden. Domain registration revoked, get another domain.
Lose your Apple ID, and you're locked out of the entire Apple ecosystem, permanently, period.
Even if a US federal court ordered that you could never again legally access the internet, that would only be valid within the US, and you could legally and freely access it by going to any other country.
So in fact, rather than everything being equivalent to Apple's singular control, almost nothing is equivalent (really, only another company with a similarly closed ecosystem).
If aws decided to block your access to their ecosystem you would lose so so so much more than Apple blocking your access to theirs. If the US decided what you said, t1 networks would restrict your access across much of the planet.
Your logic makes no sense since you can easily switch to Google or whatever other smartphone providers there are (China has a bunch).
But of course those providers can also cut you off, so what I said still applies.
The stories of online-only service failures are legion. And yet if you can get face to face support, even one person can do so much. The gap is infuriating.
I didn’t notice, do you have a Brick and Mortar Apple Store you can visit? I can’t help thinking this as I read the post.
Of course this is not a physical hardware issue. Where a store employee could just hand you, say, a new phone. This is on the level of getting a slot on Tim Cook’s day planner, though I imagine the person with the ability to fix this is an underling many levels down Cook on the org chart.
I have had an apple id problem myself, for the past N years. Mine is an old mac.com account, which has my Gmail address as the backup email (and the primary one now that mac.com isn't doing email anymore). Because of this, I cannot sign up for a new account with my Gmail (it is tied to the older mac.com account).
I've managed to reset the password, but I must answer a security question to log in. I mean, I answered those security questions probably a decade ago and I do not know what they are anymore. You can reset your security questions, but to do that you need to use an iPhone (last one I owned was a 4) that is still logged in, or, answer a security question. Which is as we established, the problem.
So every couple of months I log in, try a few other possible answers, get them wrong, and get locked out for a bit.
Anyway, I need to get this fixed my march, due to apple being the formula one streamer in my country now, so I have to actually solve the problem of logging in to my apple account. Or, I guess, making another random email just so I can watch f1. Sigh.
But if anyone knows how to reset security questions, I'd love to know. I would way rather pay apple actual money than go back to torrenting the races.
It sounds like you unfortunately have gotten yourself kinda stuck, but I very much sympathize. I too have an account dating back to iTools, and for a long time it was a major frustration that I was stuck with that original email address as unchangeable for the Apple ID, unlike newer accounts. However, some time in the last, I dunno 3-5 years maybe? I can't remember now the exact time I noticed, but after over a decade of requests and fading hope Apple actually did allow me to change the email address for that Apple ID, which I shifted to my own domain. So for anyone else who hasn't checked in a long time, worth noting situation might be marginally better now.
Re: "mac.com isn't doing email anymore", all the original mac.com email addresses still work fine. Apple has played around with various domains (mac.com/me.com/icloud.com) over their decades of bumbling with online services but they made them all interchangeable for older users, mails to the original @mac.com emails still go through. Even originally made aliases (they allowed 5 with iTools) still work. Not sure what your issue was on that one.
Finally yeah, ""security"" questions are one of those horrible legacy anti-patterns that I will cheer to see finally be dead and buried. If you try to answer them honestly probably anyone can learn it with a bit of online searching, if you go for more obscure stuff they're easy to forget defeating the purpose. It's really best just to treat them as extra passwords, use random alphanumeric values and keep them in your password manager same as the password. Apple has also fumbled around with recovery over the years, at one point you had options to have a manual recovery key you could save but I think that's dead and can't set it up after already forgetting. Maybe if you go in person to a store with physical ID and evidence, if you had payment associated with the account and have that credit card for example that might do it.
If you have nothing of value tied to the account though probably no reason not to just abandon it.
youremail+anystring@gmail.com will always redirect to youremail@gmail.com Before making a random email address, try using youremail+f1@gmail.com or something similar.
It's one thing to lock someone's account so they can't make payments or whatever. It's another altogether to lock them out of accessing their own documents / photos / etc. That's just 100% unacceptable regardless of what triggered it. And even if they did have a valid reason to lock your account, at the very least it should be, "you have 7 days to download / clear out your documents".
Absolutely horrible black mark on Apple.
I'll be buying an external HDD to download all my photos / iCloud docs to. I've been too trusting.
I will empathize with you then and with your inability to empathize with the fact that people are different. Some people don't want to admit to themselves that this world is a wolf eat sheep world, trust that if you're a law abiding citizen, you shouldn't expect to be unfairly treated. Some people have more priorities and no time to dwell on harshness. They also would love it if everything just worked and you didn't need to spend 2 months of your life to configure things and always have to DIY everything.
They're not like me and I accept that. I will never use Apple & Google Cloud for my personal things. But I will empathize for those who get unfair treatement from these companies.
The whole meaning of a society is that we look out for each other, these big corpos have lost the plot, but I will not.
It is supposed to be : I buy a service from you, I did nothing wrong, please treat me fairly and do actually deliver on what I paid for.
That we don't trust them isn't how it's supposed to be, I wish I didn't have to do all of these things I do to keep away from big corpos, but this isn't how it is supposed to be. We're supposed to have the ability to trust each other in a society.
I qualified with "technically-inclined". You can't avoid seeing stories like this (about Apple and Google) on a monthly basis if you read tech websites. It is a known risk, which needs to be managed. Failing to manage it to this extent, while also writing tech books, is just baffling.
Apple is clearly in the wrong, and I'm certain that there are thousands of similar cases that are less public. The author is one of the best-positioned people to know and understand that. I'm sure they'll also get their account back, unlike many others.
(I can empathize with the difficult decision they'll face after that: do they continue to promote Apple, or try to reinvent their career somehow?)
"Looking out for each other", in this case, implies telling the people you care about to have backups, and helping them set up. I do that, a lot. I'd try to also help with this plea, if I had any pull with Apple.
I don't understand the sections of your comment with the word "supposed" in them. Supposed by who, and on what basis? What paid-for service are Apple not delivering? I assume they don't charge the author anymore.
How do you that with Apple hardware that requires an AppleID to operate?
Is your advise to avoid all Apple hardware?
Or buy backup hardware none of which will run MacOS / iOS, so you still couldn't access things like your Apple Developer account, or any shared documents?
Sounds like something triggered a suspicious activity report. Not sure if it also applies to the likes of Apple but they’re forbidden from revealing any information about what caused it, etc with the customer or anyone.
It's really difficult to give up the convenience of cloud-based accounts. It would be nice for regulators to step up and protect consumers when it comes to this kind of thing.
The real, foundational problem here is that we have abandoned the principles that made the internet. We don't care about open protocols, we accept walled gardens. Every day those walls get a little higher until eventually someone wins and the only thing that exists is the garden.
I don't know what the solution is, but I think part of it is deliberately divorcing yourself from the big players as much as you can, which isn't much for some people, and encouraging government efforts to break them up and pull down garden walls whenever the opportunity arises.
This is what government is for even if we've forgotten it in some places.
Getting a special "notice me on social media (like HN)" fix won't actually fix the problem with using Apple's systems. It's just a temporary reprieve until some other aspect of their control of one's life breaks (by accident or indent).
This is disgusting and unconscionable conduct by Apple. Your whole life is locked into your account (digital data and physical devices), and they either don't care or don't have the processes in place to fix it.
This is the kind of thing they need to be sued on a massive scale for to solve but it's too rare and too expensive for anything to ever happen to them for it.
Same story here. I'll never go back to Apple Music, even if only for streaming. I had hundreds of tracks and albums just demolished by something related to iTunes Match, didn't realize for months, and didn't have a solid backup system at the time.
oh man, I started with iTunes Match because that's the only service that I could use to backup all my MP3s, and now it's all messed up and so much music has just disappeared from my playlist... so sad.
Unfortunately I still don't know a service I can use that will allow me to sync my current MP3s / what I have in Apple Music, and export it if I need it. There's really an issue of owning data and being able to take it elsewhere :/
fwiw: when I've uploaded tracks I've purchased, it almost immediately locks them because they're copyrighted... because AFAICT it's a feature for independent musicians to upload their own stuff, not a library backup. all the text around it seems to support that interpretation.
What I've learned from all these disaster stories: have backups for everythig. I have an iCloud+ subscription but also a OneDrive subscription, photos are sync'ed to both storages. On gmail, I set up fwd for all emails to another email address (non-Google related) just in case. Of course you can't do this for every service but do it for the ones you can.
On a meta note, Fuck Apple, I'm so glad I didn't pursue an iOS developer career 10 years ago.
I've been locked from my apple id for two *months*.
Even though I:
- had my recovery password
- re-confirmed the email
- re-confirmed my phone
They just kept telling me "we'll contact you in two weeks", and kept not following.
Then after the 4th recovery they sent me my recovery link on email (in any case weeks later).
Worst of all? Their privacy and security they keep repeating like propaganda are beyond bogus. Sure, they de-logged me from all of my accounts, that I appreciate, but I had 0 issues accessing all of the contents on my hard drive if I was a thief with a simple script in recovery mode I could still access everything. Where's the security? Propaganda only non-technical normies believe and then repeat.
I'm never ever buying Apple products ever in my life, I've got MBPs that my clients send me, but that's it.
This kind of thing happens more often than people think. You trade convenience for blind trust and sometimes that trust gets revoked without warning. Whether it's Apple, Google or whoever’s "ecosystem" you live in if you don’t own your keys and data, you’re just a tenant who forgot the landlord doesn’t take calls.
I know this might sound cynical... But the author should really understand that Apple gives less than zero fcks about them. Apple is known (and, weirdly, loved) for being tyrannical in this sense. Apple is known for their "my way or the highway" approach to anything, without much explanation and with self-attributed "we're always right" attitude.
> The Damage: I effectively have over $30,000 worth of previously-active “bricked" hardware. My iPhone, iPad, Watch, and Macs cannot sync, update, or function properly. I have lost access to thousands of dollars in purchased software and media.
And that's why people complain about Apple's walled garden. Given the size of the damage I'd look into getting a lawyer involved, and possibly try and get Apple to court (in coerce them into being reasonable).
Frankly, I'm taking note of the archived page (https://archive.is/jrsLV) that I will reference to anybody that will ask why not to trust Apple in the future. Note that Google is also known for having a similar approach (there is no way to get support if something like this happens UNLESS you happen to know somebody inside google). Amazon on the other hand has made customer support one of its defining traits.
Btw if you are doing any decent amount of tech stuff, you should REALLY get off walled gardens and at the very least have an on-premise backup solution (an off-the-shelf nas with spinning disks could be a good starter solution).
While I can't help with extricating your data from the fruit factory's claws I do have a suggestion what to do next: get a 10-foot or 3 m pole and use it to distance yourself from them in the future. Self-host your data if possible, find a friend you trust who already self-hosts and see if you can hitch a ride, use some commercial service if necessary but don't allow yourself to get trapped within an 'ecosystem' again. If a company makes it extra hard to use things outside of their own control you should understand that they're not doing this for their users but to remain in control and maximise their chances of extracting as much from their captives as possible.
Don´t check in to Hotel Cupertino or soon you'll be singing along:
Mirrors on the ceiling
The pink champagne on ice, and she said
"We are all just prisoners here
Of our own device"
And in the master's chambers
They gathered for the feast
They stab it with their steely knives
But they just can't kill the beast
Last thing I remember, I was
Running for the door
I had to find the passage back
To the place I was before
"Relax," said the night man
"We are programmed to receive
You can check out any time you like
But you can never leave"
These online storage services like iCloud and Google Drive are, and always have been, a trap.
They feel convenient, but they will keep changing their TOS to disadvantage you further and further as time goes on.
Everything you upload is scanned into their AI to create a profile about you that they can then exploit (once again, to your disadvantage). They do it despite regulations against it (Who's to say what they're complying with, deep in their complex data centers? Who's gonna even check? And how?) This is why online services that take control of your data are such gold mines (subscription fees, analytics, profiling, etc). They get you coming and going.
And of course, the account terminations: The earthquakes and "natural disasters" of the online world that destroy lives with no consequence or care.
When your data is not in your sole possession, you own nothing.
I hope you get it back. I always had the mindset that if I am a paying customer that this type of situation is very unlikely. But you are literally a massive paying customer and you got hit. The truth is you are just a nobody even as a customer who has dumped thousands of dollars as a loyal supporter. Showing up on HackerNews is a positive thing as the only way to get any traction in these situations is either be famous and complain or your story going viral and someone with power seeing your plea.
I worried about only having a physical copy of my family photos so started paying apple for some storage. This type of event worries me. Good reminder to have multiple backup solutions.
Oh yeah and it absolutely does away with bullshit of "If you're not paying you're the product" I'm sorry it doesn't work when these services, even free, are monopolies
You can have free services, you can have paid services but they ALL absolutely have to be answerable to the consumer
No idea if this has ever been tried, but a GDPR "subject access request" requires a company to hand over all the data they hold on you, which technically should include all your photos, media, messages and everything.
I would like to think you're wrong, but if they fix this, you're possibly right. My career is built on Apple technologies. I don't love that I'm captured by a vendor, but I have a lot of knowledge, and building to that level elsewhere is hard.
I just want to keep using my stuff, and getting on with the fun things I get to work on. I don't have a strong attachment to Apple, I have a strong attachment to the familiar productivity I normally have.
Even if you helped and this is fixed, consider the privileged situation you are in to even get this fixed. Most "normal" people would be doomed to lose their entire digital life. Evangelizing for a Megacorp is dooming more people into willing incompetence and dependency.
Reconsider at least that part. You can work with and use their products (as I do at work with the GSuite or AWS) but I will never recommend or evangelize for them or rely on them with things I care about.
I always knew Google and Facebook did this (let's make Oculus a Facebook requirement! oops now you're banned - genius, brilliant, all the people working there have an IQ of 600) but now the trifecta is complete
Seriously can we fucking have any products that work, in the 21st century
Being a "loyal customer" to any giant corp is just making it extra convenient for them when they fuck you.. You need your stuff as files on a computer you actually control.
That emoji in the last pic felt like passive aggressiveness. I don’t have anything to say but it’s why I never put my eggs in one basket, and essential stuff are always backed up, but if your job is developing in an apple eco system and this scenario happens, it’s basically like getting fired and banned from working ever again!
If Apple engineers read this: I can't sign in into my iCloud account from my android phone, it just doesn't work, meaning I can't manage my subscription like HBO now that I switched to an android phone.
PS: My plan is to wait for Apple to release a folding iPhone to move back!
I back up regularly using Google Takeout and similar tools, but I don’t think it’s fair to shame this author . Even if you have backups , your recent and essential content and credentials will be locked out . 1% of your content is the most important
We all depend heavily on cloud storage and sso . Everything works fine until you are locked out .
And using them isn’t fully voluntary. They are necessary for collaboration . You end up using what your team uses .
You can try to be that “own cloud” snob but it only works if you live in a basement
Every normal person has content in Google , iCloud , OneDrive , Dropbox and maybe more. That’s 4+ single points of failure
You’re just not imaginative enough if you think you’re safe .
OPs only recourse is an insider or a lawyer
Lot of arrogant people here who think they are safe and better than anybody and blame OP.
It is totally normal in today’s world to depend on cloud services and reasonably difficult to do without it. In China: no WeChat you are practically dead. Here try to join meetings without account, try to send a message on WhatsApp without account, etc… a lot can go wrong very fast. What if you used your Apple account as SSO to other services ?
Very true. And account integrity check pointing is stochastic and more aggressive so at any time there are people being locked out .
One of 20 of your services could lock you out tomorrow and that means you’re blocked from coworkers and family
So you can't call or send letters? Your own fault if you don't write down adresses and numbers, best on paper. People are stupid, thats a given, and relying on these tech overlords is even more so.
So let me try to understand you. You have 200 friends on whatsapp and FB locks you out . Now you can start sending them letters ? And how do you get their number .
WhatsApp,WeChat , messenger , telegram all use private addressing
I’m sorry but this sounds so preposterous that it’s making my point
I’ve interpreted it as a sort of head-in-sand coping mechanism for those low-likelihood, high-consequence events people feel powerless over. It’s less distressing to be powerless if you decide that the real issue wasn’t a powerlessness that you share in common with the victim.
> t. What if you used your Apple account as SSO to other services ?
Your own wrongdoing. Always use a site-specific auth method, i.e. by email. And a separate email for each site.
Using a separate email address for each site is smart, but creating a separate email account for each site is going to be very tedious, and I imagine Google, Yahoo, etc are going to stop you very quickly after you've opened 20+ accounts with the same phone number.
(Use a catch-all to have different email addresses for different sites, because when one gets hacked, then the damage is limited.)
I am not depending on cloud storage at all. What do I need to upload onto some cloud? And when I need to sync between devices, or rather want to sync, then I have a Syncthing setup on my server running. No cloud. And copies on participating devices.
Sure, it is not directly their fault, when they are treated badly by big tech. Though of course they could have been more careful, and rely less on big tech and cloud. We can all learn from this example, like many others before this one.
Presumably, as the OP said, you're not a normal person and you live in a basement. >sigh<
The solutions for non-technical people are terrible. Presumably there's no market for selling a solution that gives individuals data sovereignty. I would guess the margin isn't there and a recurring subscription for something you own is probably unpalatable to a lot of consumers. So this is what we get.
Off topic, but I'm curious. Why are you typing spaces before every period and comma?
Maybe iPhone is adding those ?
For what it’s worth, I remember having this issue with Samsung OneUI keyboard when it was in French. There is this rule there that you should put a space before “?” and “!”, so perhaps they understood “all punctuation” or something.
I wonder what is his case.
How precisely do you reckon a lawyer would help?
> Every normal person has content in Google , iCloud , OneDrive , Dropbox and maybe more. That’s 4+ single points of failure.
Well, i don't. I have my local file storage. Contacts and Calendar get synched, thats it. These get lcal backups, but aren't important so or so.
Not saying this in a derogatory way, but that pretty much means you are not a "normal" user but someone who is tech savvy enough to not rely on someone else's cloud.
Right, they said normal person.
Want to bet we can find holes in your solution too?
It's just insane that a gift card redemption can trigger this. What's the rationale? It would make more sense if they just locked the person out of redeeming gift cards or something, not the entire account.
But reading horror stories like this is is why I only use the very bare minimum of any of these cloud services. Keep local copies of everything. For developer accounts, I always create them under a separate email so they're not tied to my personal. At least it can minimize the damage somewhat.
It sucks that I have to take all these extra precautions though. It's definitely made me develop a do not trust any big corp mindset.
>It's just insane that a gift card redemption can trigger this.
It's also the buying of gift cards that can get Apple accounts locked: https://old.reddit.com/r/apple/comments/r8b1lu/apple_will_pe...
If enough of these horror stories are publicized, people will learn to never buy/redeem Apple gift cards because of the real possibility of account bans.
- Don't give Apple gift cards to family and friends: You're potentially ruining the recipient's digital life if they redeem it.
- Don't buy Apple gift cards: You risk ruining your own digital life.
If you've been given an Apple gc for Christmas -- and you have paranoia of the risks -- don't buy anything online that's tied to your Apple ID. Instead, go to the physical Apple store to redeem it. And don't buy an iPhone with it because that will eventually get assigned to an Apple ID. Instead, get a non-AppleID item such as the $249 ISSEY MIYAKE knit sock.
I have thousands of credit-card reward points that could be traded in for Apple gift cards but I don't do it because Apple's over-aggressive fraud tracking means Apple's store currency is too dangerous to use.
I'm the author of that Reddit post. I should probably update it to clarify that I didn’t just purchase the gift cards, but also redeemed them. I don’t think it was purchasing them that triggered the lock on my Apple account. I mean, after all, how would they know what my Apple account is until they’re redeemed?
>, how would they know what my Apple account is until they’re redeemed?
Not saying this applies to you but one can buy Apple Gift Cards using their Apple ID. After adding gift cards to the ecommerce shopping bag on Apple.com, it offers the option : "Check out with your Apple Account"
So Apple would know the exact AppleID at the time-of-sale instead of waiting until redemption. If for some reason Apple's fraud detection system doesn't like the transaction (e.g. unusual ip address from Mexico instead of USA, or too many high-value cards in a certain time period, or other black-box opaque heuristic) ... then the buyer puts their Apple account at risk.
Fraud prevention heuristics are insanely aggresive these days...
Last week, I bought a Netflix subscription and 5 days later, Netflix cancelled the membership for no apparent reason. I got on a customer support chat with Netflix and the agent said it was cancelled because of the credit-card #. It didn't pass their fraud prevention system and to try using another card. At least Netflix automatically refunded the entire amount back to me -- whereas Apple keeps the gift card balance for itself after locking accounts.
In another incident, I used a Chase credit-card at a physical Apple store to buy 2 iPhones on 2 separate receipts. The first iPhone sale was a success. The 2nd iPhone transaction just 1 minute later was denied and Chase locked the entire account. I had to call Chase customer service and recite the make & model of a car I had 20 years ago to prove my identity for them to re-activate the credit card!
I’m not trying to be rude, but what is the point of buying and then redeeming gift cards yourself?
I just pay Apple with my credit card when I want to buy something. Is this some kind of weird credit card rewards churning thing? Are you unbanked? I don’t understand why you’d voluntarily add unnecessary extra steps.
A credit card offers far more protections to consumers than a gift card.
It’s against money laundering. Onerous regulations being interpreted highly defensively create these kind outcomes.
Neither the people creating the legislations nor the people at Apple responsible for these flows care very much about collateral damage.
I think it's a combination of money laundering and phone scams where people are told they owe money to the IRS or something and are tricked into buying a bunch of gift cards.
That said, if buying and redeeming gift cards are such an indicator of fraud that people are legitimately afraid of getting their accounts permanently locked, why doesn't Apple just stop selling them?
Apple keeps money from the gift card after banning you. Just business, nothing personal.
> If enough of these horror stories are publicized, people will learn to never buy/redeem Apple gift cards
You'd think so. Yet, the stories of PayPal locking up payouts to surprised people keep coming every year - and people still use them.
This is a problem with modern life in general. Computing and the internet have exploded the complexity of society. Regular people have so much on their plate as it is (school, work, family, mortgage, etc) that they simply cannot keep up with all of the privacy and security risks of a digital life. They also can't keep up with the complexity of politics and civic life, but that's another discussion entirely!
> You'd think so. Yet, the stories of PayPal locking up payouts to surprised people keep coming every year - and people still use them.
At least in Europe, PayPal is a regulated bank which means you can hand the case over to the authorities and they can and will help you out.
They aren’t regulated as a bank in the US, where they have a much lighter-touch type of licensing.
Do the bank regulators in Europe typically help effectively when PayPal freezes an account?
Yes they do. Someone got banned for Cuba sanctions [1], others I don't know the context [2], and for others media attention is enough [3].
[1] https://www.onlinehaendler-news.de/recht/urteile-entscheidun...
[2] https://www.sbs-legal.de/blog/update-sbs-legal-erwirkt-zwei-...
[3] https://www.test.de/Leserfall-Wenn-Paypal-ein-Kundenkonto-ei...
I thought I'd buy Cory Doctrow's Enshittification ebook direct from his website. Surprised to be redirected to Paypal with no other option.
That's so much not a fitting comparison.
The most money I have ever had on my PayPal account was 100 bucks from a reversed transaction (like, double booking of a hotel room or wrong item sent), otherwise it's just a gateway. It would be annoying if my PayPal account was locked, because I use it a lot to order pizza online and a few small purchases. I could just use my credit card or something else but it's more clicks. And I know a lot of people who do it like this. The only thing lost is convenience. No past purchases, no digital identities.
Maybe you meant the merchants who really amass thousands but I suppose they are a small minority of active users.
For every purchase you make as a gateway there's a vendor account on the other end receiving that money and required to do accounting with it (like issuing refunds) which requires keeping a balance. These are the people having big problems when their account gets locked and their funds are no longer available. The blow back does potentially effect you if you return an item and then the vendor can't issue the refund because the account is locked.
There are a good number of freelancers of various sorts that get paid via PayPal and only occasionally pull that money to their bank accounts to avoid the fixed fee, or even prefer to spend much of it straight from PayPal to avoid the percent fee. People also use it to send money between family members in different countries because it's often cheaper than an international wire.
It's quite easy to build up a few hundred or thousand USD worth. It feels just enough like a bank account that you think you're safe. Then...well, the internet is full of PayPal horror stories, I won't bore you with my own.
> and only occasionally pull that money to their bank accounts to avoid the fixed fee
You have a fee for transferring from PayPal to your bank account?
It’s always been free for me, as long as I don’t opt for the instant transfer option.
Last time I had to deal with that was 8-ish years ago and there was definitely a fee. Can't check now because they blocked my account due to a failed Spotify payment and I don't care enough to deal with their phone support again to get it unblocked
That you don't keep a PayPal balance and i don't buy Apple gift cards is irrelevant to the people that do keep a PayPal balance and do use Apple gift cards
I wish there are more comments like this on HN - well done :)
the number of people commenting like “well I don’t do/use/…” is mind-boggling
I think the point was that PayPal and Apple are different since PayPal is easy to mitigate, and Apple not so much.
I skimmed some of the comments from that giant Reddit thread. A lot of people responded that they’ve been buying even more Apple gift cards without problem.
One commonality among the stories in that thread from people who had problems was either switching their App Store country or using their App Store account primarily from a different country than the setting.
> If enough of these horror stories are publicized, people will learn to never buy/redeem Apple gift cards because of the real possibility of account bans.
If you are trying to be a bad person you could weaponize that approach. You do not like person x, send them some Apple gift cards... :o
> You do not like person x, send them some Apple gift cards... :o
99.999% chance they happily redeem them and go about their lives.
These stories, while frustrating, are clearly edge cases. Yes I know you can find more if you search social media, but I don’t think a lot of these HN commenters realize the volume of gift cards Apple sells and redeems without problem every day.
I use VIM. I use Linux. I'm a Zionist. I don't watch football (either type) so I don't support your favourite team. I acknowledge that Trump did more to advance world peace than anybody else in decades. I'm a straight man. Surely there's something in there to hate me for!
> I'm a Zionist
I don't like you too.
In this case buy the gift card from some shady retailer with a one-time-use virtual card, and give this shady code to your friend. Or buy a physical card from aliexpress, the cheapest one with bad reviews.
It seems you haven't learned the whole lesson. You're close, though. If you're going to be skittish, there's a better and easier set of rules. Don't use anything that involves an Apple ID.
The newer iPhones have such great cameras, I have have been considering an iPhone for my next phone. The only thing holding me back is the lack of built-in stylus.
Does the iPhone require an Apple ID? I don't even log into my Google account with my Android device. If the phone requires an Apple ID, then obviously I'm not buying one.
An even better advice: Don't buy Apple.
This isn’t a solution for many people.
And in fact, a prohibition is never a solution, it is a reduction in solution options
And this advice takes into account exactly zero aspects of the particular problems a given person may have to solve, besides “problems with Apple”, in a world where most people have “problems with X” for each of the few large ecosystems.
Freedom of choice would mean for N choices, being able to make, well, N indepointed choices. N may be a very large number given how many things people do.
For an ideal world of compatible modular technologies, N choices is easy.
But our technology world is highly non-modular, centralized at many levels, and full of incompatibilities and dependencies of various kinds and costs. Including important dependencies involving the choices of other people we interact with, or very specific tools or resources.
So no, “Don’t buy Apple” is not better advice, it is just bad random generic advice, without knowing a lot more about any particular situation.
Like what someone writes books about.
But it is a solution. Apple being a poor stuard of their customers is indicative that people buying their hardware and software are not their priority. Apple support used to be stellar, they used to care about customers, they no longer do.
Apple's ToS should be readily indicative of anyone using any of their products that Apple's perspective is that you don't own anything and they can do whatever they want with anything you do with their products. As the author points out you clearly don't own free access to what you've purchased.
The last thing I'll say is that it is fantastic advice to not purchase Apple in 2025. You can only be certain that this won't happen if you avoid them. I actually own a MPB, with receipts from purchase, that I had to purchase a bypass for when the device was enrolled in MDM by a family member that Apple has MDM locked and refuses to remove from iCloud.
Avoid Apple, that's the best advice. If you can't avoid Apple, minimize your footprint and make sure you're a good boy or girl else Tim Cook will steal from you and hide behind some bullshit first line support tar pit and an army of lawyers if you do happen to decide to threaten them.
Does Google have a better track record when it comes to arbitrarily locking people out of their digital lives?
No.
But, at least with Google you can use hardware without the binding software requirement. You can use an Android device with GrapheneOS and have the phone entirely de-Googled, yet still use Android apps.
If the implication was that there's no other option outside of Apple and Google then that is unfortunate.
LOL it’s not some sisyphean task to not use big tech products, its slightly inconvenient and takes some time to adjust, don’t talk about it as though it were something that only the great men of the ancient times could do, take your iPhone and throw it as hard as you can against the concrete, you will be fine.
Great advice if you don’t need a smartphone. Many do, they are now an identity tool.
The alternative to Apple is…Google? How is that in any way better other than not being Apple? Sure, there are de-Googlefied versions of Android and today they work . But Google is actively working on ending the ability of those alternative operating systems to work.
In phones you have a choice of iOS (Apple) or Android (Google). Sure, maybe some people can go back to flip phones, but I can’t without finding a new job.
This is the first I’ve heard of Apple locking someone out of their account for no reason. Google does it all the time. So, yeah, can’t leave Apple over this.
So keep your crappy crap phone for a job and use a real computer for your personal life.
BSD, Linux or TempleOS would never lock you out.
Nor provide much utility to the average person.
BSD and Linux seem to be fine for the average person. I wouldn't recommend TempleOS.
> such as the $249 ISSEY MIYAKE knit sock
I mean that is a problem in itself :D
- Don't use Apple. Or Google.
People love to smugly suggest this useless advice like there aren’t literal public services from governments around the world that are being tied to these platforms, let alone the many private companies which gate access to their goods and services behind apps on proprietary devices.
To say nothing of the fact that well-adjusted humans need to communicate with friends and family, and many times that also practically requires being on these platforms as well.
Someone has to be the stick in the mud, right? I personally enjoy being that guy that doesn’t have a smartphone and causing problems in every government office / institution that assumes everyone has a smartphone, it’s like I’m a pioneer on the frontier :)
E-stim addicts will rationalize their slavery to a small rock in their pocket and sing grand songs about how it’s a curse but they need it. Like all addicts, they are not capable of rationally assessing the utility of the dependence object, and they’ll start carting out all sorts of silly things and gesturing vaguely “See this washing machine? Yep, it needs the rock, that’s why I keep my rock on me and charged at all times”
If it was be that simple. In that case I would have to go to the bank for every transaction/payment I want to initiate online. Banking app doesn't work for jailbroken devices. Using PC to access banks website works, but transactions still require 2FA and they don't support any other 2FA flow except the one in the app.
Depends though what you mean by "do not use Google". Having an Android phone with a Google account logged in will not affect you much. If they would block one account you just create another.
Having all your emails on Gmail and used for external services (bank, insurances, etc) is a different story though. I prefer to pay my email provider, at least they will care a bit more than they do for a free account...
There's always a workaround. There are banks with far less annoying root checking and you can just switch. Many banks allow SMS or a physical authenticator for web banking or 3DS 2FA. There are also many was to bypass root detection. If your main problem is 3DS 2FA for online card payments, get a proxy card.
"you can just switch" and yet then you have to contact X people and change Y contracts that are related to your prior bank account. It is not that simple.
Plus nothing ensures the bank you switch to won't up their "defenses" in a week.
I never said it was trivial, I said it was possible. In many places, it's actually very easy. In others it takes some work, but we're talking about de-googling your life, having to put in some work is already implied.
At least around here, I can walk into a bank, sign a few papers, then that bank coordinates with my old bank to transfer all my direct debits, move all my money and notify all my periodic creditors (employer, social security, tax office...). Peer-to-peer payments (like splitting bills with friends) are usually done by alias (phone number or email) on our instant payment scheme, not by IBAN, and my new bank will take care of rerouting that too. And if for whatever reason someone has my old IBAN and tries to send me money in the future, they'll get a rejection and will just have to ask me for my new one, no big deal.
As for "in a week", come on, you're just being intentionally annoying. Obviously there's no guarantee. If they don't have root detection now, after everyone has had it for a decade, there's probably a reason and they won't implement it any time soon. And if you're just supremely unlucky and they actually do it right after you switch, oh well, you wasted and afternoon. Definitely less time wasted than trying all the million different root hiding techniques that probably don't work anymore.
You don't have to go to the bank for every transaction, you can just go there once to close out your account and open one somewhere that doesn't require that.
I'm surprised, most banks I've come across force sms or phone-call 2fa only. A rare few allow generic TOTP authenticators, and maybe one or two has an app as an option. And I've only come across one bank that detects and warns for root access. Is there no "jailbreak hide" on ios?
In Poland it's SMS OTPs, bank app (heavily recommended and in some cases enforced by the bank) or additionally paid physical TOTP token devices. And almost all banks throw a hissy fit once you have some sort of vector of root detection left open.
This heavily depends on the country.
Or Microsoft.
Stay as far away from BigIT as you can. Linux or BSD are there for many good reasons. This is another one.
Why does Apple sell giftcards?
Some cultures stigmatize gifting money, yet gifting corporate scrip is fine.
For the similar reasons Apple sells socks.. maybe?
I had Amazon close my old, almostt-unused account in Amazon-in-another-country because I dared to add a new payment method.
I proved them who I am, that the new payment method (virtual card from a well-known organization) is mine, everything.
After lots of back-forth I've been informed their decision is final.
I HAVE NOT BREACHED TOS. I wish I has a major law company behind me to force them to admit that.
Very happy it was my almost unused account, heavily went down with my purchases in mt main account (in my usual country of residence) as well.
And yes, I use login-with-companyName as sparingly as possible. We are not the users, we're beggars.
I am in a situation right now where Amazon delivered a fake product. Support suggested they can also try redelivery, and when I asked what if it happens again, they said it should not happen.
It happened - fake again. Now the customer support flow is: you upload images of the product (max. three), and the system approves the verification or rejects it, and then you have a way to contact customer care. System rejected. The trick is - they do not know why the rejection happened, they are not able to tell me, they are confirming the images are very clear and crisp, but they can't do anything to help me because the system leaves them with zero options to move forward - in fact, there is no further escalation matrix either. Nada!
The bank (credit card issuer) refused to raise the chargeback because "but the merchant 'delivered' the item". But it was fake, so? No, no, it "delivered" - that is what counts, so you have to sort it out with the merchant. But they are refusing any further help. You have to sort it out with them. And so on... in a loop.
Can I take them to court? Sure. It may take weeks, months, and maybe years, and even then, in the end (if I win), the court may just instruct them to refund and possibly (possibly!) compensate a trivial amount for legal expenses, which is never even remotely close to the actual legal expenses in this country's courts.
Just stonewalled. It almost feels Kafkaesque.
I had the misfortune of visiting an Amazon Go store. They charged me for items that I never picked.
No option to contest the receipt....until the "would you recommend a friend visit amazon Go" survey popped up. I responded negatively, then the "why?" question had a "My receipt was incorrect" option.
Suddenly I was able to go through the "contest receipt" workflow.
100% completely automated.
The system works as long there is user trust in the system. It is sad and annoying when something like this happens, but occasionally the best thing you can do is tell your story and never use a service again. I find there are still reasonable alternatives to Amazon, maybe not at the same price, but at least they deliver less fakes.
Wow, i received a fake product from Amazon ten years ago, their support gave me a full refund no questions asked. Shame how far they've fallen.
(Fwiw, i never bought anything from Amazon again after receiving one fake item. If i want to gamble I'll pay Aliexpress prices)
I'm pretty sure there are different levels of customer service based on how much you spend.
Even though they made it more difficult to contact customer service, I still receive good customer service, even when I did not have Prime but still spent thousands of dollars.
Unless you live in a jurisdiction that is known to have very generous court judgements that fully compensate all expenses occured… wouldn’t this be true for literally every dispute you have above a certain threshold?
That’s simply the actual cost of living in your jurisdiction.
I don’t think any large retailer or bank on Earth guarantees there will be a viable escalation pathway for all possible combination of scenarios either.
Maybe a very high end private bank but even that’s iffy.
My parents had their account with Deutsche Bank private bankers. They had moved overseas and sold their house in the 90s and were living off the proceeds. Everyone got lucky that they bought their house in a big city in the 1960s. Since they didn't spend too much money, the capital accumulated for a while. It could have gone the way of Detroit but went the other way. When they passed away, we inherited the money and bought a house in the suburbs. It wasn't a huge amount of money, but it changed our lives, no question.
So, when my mom passed, our family had to deal with DB. I have never, ever hand such a bad experience with a bank. The bank overseas was so courteous and efficient that I asked if I could open a bank account with them but I couldn't since I don't live in the country, just a frequent visitor. The IRS and government were easy. The will was as easy as it gets. Do things by the book, you'll be fine.
The NY DB office, to which I would have to go frequently and sit in some luxurious waiting room with nice art, was insane. My lawyer and accountant could not understand how they could repeatedly ask for the same information, deny they had received it, ask for information that literally the US government does not give out to anyone and on and on and on. And no there was nothing shady or shifty about my parents' lives. My lawyer started sending meaner and meaner letters to them, the kind that talk about making my client whole and litigation.
And yet, a few years later it turned out that same bank was often in the news for, among other things catering to Jeffrey Epstein. Who knows, maybe he spent his last hours complaining about them too. I could only hope he had that experience to add to his all-too-brief punishment. Actually, I have often wondered if we got raked over the coals because they had genuinely fishy clients and thus all the clients, especially the ones overseas, were on some kind of government watch list.
Amazon expects you hire a consultant that is a buddy with the manager responsible for closing your account, and bribe them through that engagement to re-enable your account. They started doing that a decade ago with the mass-banning of legitimate sellers.
Emailing jeff@amazon rapidly solved the problem for me when I was in the exactly same situation.
Of course it'd have been nicer to tell them to fuck off, but living without Amazon would simply be far too inconvenient.
For all the negative press he gets and the way he treats his workers I'm surprised he still has resources allocated to handle complaints sent to his inbox.
Are you in the US?
I'm just always a little surprised to read things like "i couldn't live without Amazon," and i wonder if there are no other alternatives for two day shipping on other countries or what it is that keeps people stuck on Amazon instead of using other next-day deliveries
It's not that Amazon is irreplaceable, but sometimes it's the best option by far depending on where you live and what you're looking for.
I'm in Austria (not Australia) and local retail prices are infamous for being 25% to 100% higher than in neighboring Germany for the same stuff because of cartel behavior of local retail industry.
Buying from amazon Germany means I can get the same prices as Germans (with +1% extra for higher Austrian VAT) for the same goods.
I'd love to give up Amazon in favor of local stores but local cartels are just as bad or even worse.
So to fix the Amazon problem you need to fix the competition problem first, which is caused by players other than Amazon too.
People in my circles in the US (in an area with tons of alternative options) look at me like I have two heads when I say we don’t have Prime and never shop on Amazon. For many, I think, Amazon has simply been the default option to buy anything for long enough now that it’s ingrained muscle memory.
Big part of that is just that it's insanely easy to use compared to most of the competition.
But still, most people go to the shop to buy toilet paper. Once you get used to Amazon, it just saves so much time and effort. The prices aren't bad either, I just checked toilet paper on amazon.com and 30 rolls of good quality amazonbasics toilet paper costs $0.22 more than the equivalent kirkland product on costco.com
You can order almost everything you need in the same app, whenever you feel like it. Just a couple of clicks, no need to fill in delivery information or anything.
The only part where YMMV is receiving the parcels obviously.
I live between central London and a smaller European city, the competition is generally much much worse.
Sure, for every individual item there might be a better better local option. I'd have to spend time finding that, then go through the terrible order process and hope their delivery service isn't utter shit. Oh, and yeah, half the time they'll probably block my order because I'm using a non-european card.
Just being able to use Amazon for almost everything starting from bottled water and toilet paper saves me immense amounts of time. I can generally trust that the stuff I order reliably arrives at the concierge, which isn't a given.
And FWIW, most of the time I've shopped around, Amazon has been cheaper or essentially the same price. Doesn't really matter to me, but it is a plus. I'd happily pay more for a more convenient service, but in this case it seems I'm usually paying less.
Honestly, good riddance. Just abandon that company and everything they touch.
If you can…
And yet you keep paying money to this company. That is on you.
> It's definitely made me develop a do not trust any big corp mindset.
I've been reading about Lovecraft's Old Ones. Apparently they have no ill will towards humans. They just sometimes cause harm without realizing it, while going about their business.
I watched an interview with Elon Musk a few years ago (circa 2018?). I'm no fan of him but he was asked about AGI and he kinda just said matter of factly, AI can view humanity as we view anthills. We don't really care about anthills, but if they're in the way of us building a neighborhood in an area then goodbye anthill.
I'm not sure if I like that take because of how horrifying it is, but I found it very interesting that harm can be caused so nonchalantly by more powerful entities, since humans already view themselves as the most powerful entity.
People have been saying that for literal decades before Elon Musk said it.
Not only local copies but also at least own and use one device where you have your important data that is not on the same OS ecosystem as the other device(s) - also helps with things like 2FA, password manager, etc., if shit has hit the ceiling fan on the other device.
In addition, I always suggest people to:
- Not use big tech's cloud services - ever
- But if you must, do not use many cloud services from just one provider (i.e no Google everything, no iCloud everything) i.e stop using "one account gateways".
- Needless to say, it's time you had a domain and start paying for mail hosting (at least for critical stuff - you can actually buy a very cheap plan; and use that gmail/live-hotmail/yahoo/iCloud/whatever everywhere else) [0]
- Keep an offline (but safe) copy of your "most" important data [1] and ways to remember (i.e cryptic hints) for your "most" important passwords
- Gain some experience in fighting in consumer courts/forums (depending upon your country) - start early, start with e-com companies. A lot many times we don't put up a fight because we have never done it before and we give up always because every time it's a first time. Apple and Google make a mockery of consumers everywhere because we have allowed them to. In fact sometimes when we talk of lack of accessible support at Google and Apple (yes, Apple) we speak in a disdainful appreciation or awe :)
[0] Some might disagree but disabling (or dev/nulling in a way) mail@, hi@, contact@, sales@ etc on your domain (esp. if you have catch-all enabled) goes a long way in terms of avoiding spam
[1] It's also very important to have a tiered approach to data storage and backup strategies. There should be a very, very, very small subset of your personal data, including some of your photos and videos, that is really, really small in storage footprint that you can back up/sync to multiple locations and actually pay the full price for it at storage costs via your own setup, preferably using FOSS tools (which are becoming too good these days) out there.
How much free time do you think the average person has to learn and set all this up?
“You’re giving these companies your data and then dare to be angry when you lose it? Just get a degree in computer science and host it yourself!!1! I am very smart”
Nobody believes this is right.
The question is: will you roll over and die without a fight for your rights?
At least you have time you are spending on HN that could be devoted to learning to fight. The fewer people that fight, the faster your rights disappear.
I think you’re taking the message the wrong way.
Those are the steps the commenter suggests you take to use these services safely.
It’s not that these steps are reasonable.
So if they aren’t reasonable what’s the point of typing them out in a list exhorting others to implement them?
The list is a bit overkill for the normal person. I would suggest just:
- Have a local backup (simple giving the storage prices)
- Pay for one email provider (less chance to ignore you)
- For important services (bank, etc.) always register also a telephone number / second email if possible (there is a low chance that both primary and secondary thing will be blocked at the same time)
Cryptic hints only work while your memories remain intact, unexpected health issues can render them useless
At this point, are we relaying all emails to three or four locations for access to auth codes?
I don’t mean to defend this, but I know from experience that gift cards are frequently used for money laundring. The laws against that are very strict, incentivizing companies to overshoot and block false positives.
At the same time, AML solutions tend to be a closely guarded black box which simply tells you to block a customer, finding out why is pretty difficult.
To add more to the problem, some anti money Landry solutions are … AI powered.
>At the same time, AML solutions tend to be a closely guarded black box which simply tells you to block a customer, finding out why is pretty difficult.
For a good reason! You, as a rule, really don't want to tell the customer why you're blocking them. What will happen in the end is that you will be facing federal charges for assisting the money launderers because you kept telling them what they're doing wrong.
See https://doctorow.medium.com/como-is-infosec-307f87004563
> This is the same failure mode of all security-through-obscurity. Secrecy means that bad guys are privy to defects in systems, while the people who those systems are supposed to defend are in the dark, and can have their defenses weaponized against them.
That’s a great article - explains what I haven’t fully thought through or quite been able to put into words but what I’ve always felt, because the “you can’t tell people the secret rules” with things like money laundering is treated by many as obvious, but has never sat right with me.
I disagree with this article—its premise relies too heavily on the oft repeated, oft misunderstood line “there is no security in obscurity.”
This concept is used to argue that obscurity shouldn’t be used at all as a defense mechanism, when really all it means is it shouldn’t be your only line of defense.
Obscuring aspects of a system can contribute to its overall functioning: it’s a filter for the laziest of adversaries, and it creates an imperative for more motivated ones to probe and explore to understand the obfuscation, creating signal and therefore opportunities to notice their behavior and intervene.
I think for anyone who has dealt firsthand with mitigating online fraud, hackers, spam, trolls, cheating etc, the idea of having completely transparent defense mechanisms is pretty much ludicrous.
Also, to be fair, for money laundering it does raise the barrier to entry quite a bit. Doesn't matter if you have billions of dollars to launder, could already make quite a bit of a difference if you only have millions of dollars to launder.
I don't disagree, but still think it's better to do as the lawyers tell you to.
> The laws against that are very strict, incentivizing companies to overshoot and block false positives.
Yes, in many countries they are, but I don't think the laws are dictating Apple to completely turn off the accounts, but instead dictate that Apple should take measures against it.
They could disable those gift card features + Apple wallet/pay if they suspect fraud, and if no one complains within a month, then disable the entire account, rather than start with disabling the account. Would give them space/time to investigate, and wouldn't be a huge pain in the ass when the inevitable false-positives happen, like in this case.
> I don't think the laws are dictating Apple to completely turn off the accounts, but instead dictate that Apple should take measures against it.
You misunderstand the nature of financial regulation. The laws on things like money laundering are intentionally vague, they say things like "Apple should take measures against it". And financial regulators will not come out and say (especially in writing) that you MUST do any particular thing (like ban customers entirely on suspicion).
What they WILL do is ask probing questions, frown a lot, and make suggestions. Which the company had better take seriously. Because the financial regulators have the ability to simply close down your business, and if you cross enough of the unclear lines they will do so.
This is also one of the reasons the government is fond of gag orders. If companies could tell you "sorry we closed your account because of government pressure" then at least you would know why, but then you would know why. Which could give you standing to challenge it or create bad PR for the government and generate public outrage sufficient to make them stop doing that.
So instead they censor the company from telling you the reason, because everyone whose account is locked is guilty of Terrorism, obviously, and the people actually committing fraud would be unable to discern that they've tripped the detection system from the fact that their account is locked unless you told them that was why. Certainly not because it would make people unsympathetic to what the government is doing.
> Because the financial regulators have the ability to simply close down your business
You misunderstand how business regulation works in free countries. Financial regulators can't just "simply close down your business" however they want, unless you live in a country that is primarily authoritarian.
Again, I'm not saying closing down accounts isn't easier than turning of functionality, but companies could chose the "harder route" if they did care about the users themselves. Alas, most companies priority remains "make more money above all".
Every company's priority has always been "make more money above all," it's just that once upon a time some of them beloved that treating their workers and customers well was a part of that goal. History has shown them that wasn't really necessary.
And don't think for a second the US federal government couldn't do a huge amount of damage to anyone it feels like by way of its financial regulators. In general it's better for the US government if Apple continues to exist, though.
> Every company's priority has always been "make more money above all,"
Maybe that's true where you live, but it's definitely not true all over the world, many economies have a free economy yet companies exist for public benefit, not shareholder value generation. It's out there, wouldn't be impossible to implement where you live either.
> And don't think for a second the US federal government couldn't do a huge amount of damage to anyone it feels like by way of its financial regulators
Right, I agree. But I also qualified my statement to not be valid in authoritarian countries, so maybe not the greatest example to use.
A bit like OpenAI (non-profit) or Anthropic (public-benefit-corporation). Based on their business model it is clear that profitability is not their goal, and in their own statements: greater good for the humanity
All this costs money for little return of invest. As long as the collateral damage is below a threshold that causes reputational damage, there is no business incentive to solve this.
Yes, I agree, the companies don't actually care about consumers, only what's cheaper for them. But this is a choice companies do, not because laws somehow require them to block the entire account vs individual features. I was just adding that because the original comment made it seem like the companies are somehow forced to act like they do because of laws, but it isn't, it's an intentional cost-measured choice they make by themselves.
Ironically, I had Amazon flag and undo some gift card purchases (of cards, not with cards) that I made for Christmas, while myself thinking about this category of problem, about why cards are a mechanism for scams rather than specifically money laundering.
The cards were to family members that I normally send gift cards to at Christmas, and the activity was counted as "sus" even though I was asked to validate my card number and expiration date before being allowed to make the purchase.
I agree. The way they make sending parcels internationally more difficult through custom declarations and taxes and fines for smaller occasions it’s more practical to send a gift card from the destination country.
> The laws against that are very strict, incentivizing companies to overshoot and block false positives.
On that note[1] is a good read (Cmd+F: "suspicious activity report"), although this specific case is about gift cards, but the AML/T&S etc. space is remarkably similar.
[1] https://www.bitsaboutmoney.com/archive/debanking-and-debunki...
AML = ?
(edit) Ah, right, anti-money-laundering, found it in your last sentence.
Anti-money laundering.
Unfortunately, when you access multiple accounts from the same set of IP addresses and browser signatures, you can bet Google, Apple, Microsoft, and any other large company with that level of information collection has probably correlated all of those accounts to you. The company may lock them all if any one of them is suspected of "bad behavior".
Yeah I dont remember the details but I remember a developer at a studio causing their account to lock up when google shut down the previous studio he was working woth account
> What's the rationale?
Most likely stolen cards. Stolen credit cards are used to purchase gift cards which are then resold to unsuspecting buyers. Think of it as stolen money laundering.
> It would make more sense if they just locked the person out of redeeming gift cards or something, not the entire account.
I always wondered why sites like g2a sell gift cards at a price higher than the gift card is actually worth.
A lot of things are clicking into place for me in this thread.
Youtube is full of scam baiting videos – of people who waste scammer's time for entertainment.
A very usual scenario is that the scammer pretends to be a technician doing some remote support and for example pretends to provide some refund. Then they pretend that they've mistakenly sent out e.g. 10x the amount and they ask for the difference back, claiming that their job is on the line.
Crypto would work, but since they target old and tech-illiterate people, the easiest way is usually to ask the victim to go to a store, buy gift cards and read out the codes.
Google kitboga (a known scam baiter) for the videos.
Well from my view as European working in finance. Handling money for customers to pay (buy apps) likely requires an e money license (not sure about other states). And with this there is lot of things coming, like AML and what not. So disabling the account might be due to regulations required for the e money license.
Of course Support should be able to resolve this if proves are given
That doesn't explain why an entire account is shut down, rather than just use of gift cards. Hammer to crack an egg, and just plain lazy/incompetent
It is probably lazy in the sense that they would need more lawyers and more careful ToS. Defending their ability to shut anyone off completely is a lot easier than dealing with lawsuits from customers denied X, denied Y, denied Z in regions A,B,C..
> And with this there is lot of things coming, like AML and what not
Whats coming?
Anti Money Laundering measures.
Gift cards are often used for money laundering or scams, because they allow to transfer monetary value in small increments and without tracking: there's no link between the person who bought a gift card (anonymously with cash) and a person who used its code to put money onto an account.
Money laundering, I think.
AML = Anti Money Laundering
It genuinely makes me a little anxious whenever I come across people whose entire digital lives are dependent on a google/apple account. Just one misstep and it's all gone
> what’s the rationale
Their mega high risk - high value gift cards are effective for laundering stolen/fraudulent credit cards. Buy a $500 gift card with a stolen CC and sell it on FB marketplace for $400 - you’re up $400, the buyer saves $100, Apple get paid by the retailer and the CC company are (likely) on the hook.
Of course the actual solution here is _don’t sell high value gift cards_, or require the Apple ID email at time of purchase/activation of the card
I created a Google developer account with a separate email due to warnings like this. Then Google closed it because I left it idle too long and I didn't get the warning email. Sometimes you can't win.
It would make more sense to stop offering gift cards, which make zero financial sense for the consumer, but why stop offering a lucrative product that people buy because they're bad at logic, when you can just shut down accounts and greatly inconvenience people at no cost to you?
> which make zero financial sense for the consumer
Not in all situations. Because of various cross promotions between car insurance, supermarket and airlines, by using gift cards for groceries I get an effective ~9% discount every time. That really adds up over a year.
For Apple and others, you can use secondary gift card market to get some discounts too, if you wanna risk it.
Gift cards are huge in the B2B business as they are used a lot as gifts from companies to employees.
Seems like restricting their purchase to companies would be an easy way to prevent fraud.
Wouldn’t work for money laundering. As far as AML regs (and banks) are concerned a small business is indistinguishable from a personal retail account. This makes sense from a business point of view because a lot of small businesses are just one guy, and small business owners tend to mix their personal finance with their business finance. From an AML point of view, a lot, perhaps most money laundering is done with registered business entities. It’s easier to create a numbered corporation than a whole person.
In the US, gift cards seem to be popular with consumers.
I regularly see people in line at the supermarket, buying gift cards. I notice, because it’s a discrete workflow, that stands out.
I doubt they are all feeding scammers.
I think that charities often solicit gift cards.
I'm sure they're not all scammers, but what's the upside to the consumer? Why not just give the money directly? Seems to me like all the upside is on the company, and all the risk is on the user.
In some countries, where people receive conditioned social security benefits, just sending the money via bank account will have disadvantages (at worst the next sum from social security is lowered 1:1 by the money received and they try to keep it that way). So, if you do not meet the gift receiver in person and do not trust the postal service with cash, a gift card can be a solution.
The theory is that if you give someone cash, they're just going to put it in the bank or buy gas with it, but if you give them gift card to e.g. a game store then they're going to buy a game, without you having to know which game they want.
It's the same premise as buying someone any gift instead of just giving them the money so they can buy whatever they want.
I don't understand, what's the benefit to the recipient if I limit their choice for them?
https://youtu.be/xj-7_YU-KIs
Arguably, they'll be happier with the video game than with a tank of gas, which you've ensured they'll choose by not giving them the cash
Edit to add: kids often don't have bank accounts, i mostly received gift cards as a child, from relatives who wouldn't want to mail cash and couldn't give me cash in person. On a dark note, giving a kid a gift card to a toy store makes it harder for the parents to steal it for themselves.
The whole practice originates from "gift certificates" where you'd maybe go to your favorite spa and get a gift certificate to give someone, so that the spa treatment is the gift you're giving, but the recipient redeems it whenever they want. That just got abstracted to non-service gifts as well, with the same idea ("treat yourself to a new video game, whichever and whenever you feel like it" -- that's the gift, facilitated by the card)
Also for kids at least, sometimes they really will be happier with less choice. Sometimes kids make bad decisions and limiting choice to good options is helpful.
Additionally the inverse is true. Sometimes kids choices are restrained, and they really would like to do a thing they are not allowed to, and gift cards offered them away to do that. Case in point: my tween figured out that we don’t let him buy in game currency for any the games that we do let him play, however, when a relative gives him a gift card, we let him redeem it, making gift cards incredibly popular gifts.
For some reason, many people think that gifting money is gauche, but gift cards are somehow okay.
I agree, but, still, it is what it is.
No argument there, but I'm sure the loads of marketing on how "cash is out, gift cards are the new hip thing" didn't hurt.
I joke that a $100 gift card is an "inferior $100 bill", because you can spend the bill anywhere, but the gift card only in one place. People give them as gifts because it shows marginally more effort than just giving cash.
It’s a financial gimmick. The company realizes the income immediately while service is rendered later. This has positive impact on the finances.
That's backwards. The company treats the GC as a liability. It cannot recognize the funds as revenue until they are spent. This is GAAP and law (but see exception below).
GCs are valuable to brands because they are marketing tools. Recipients are prompted to go to the merchant to spend money, and they usually spend about 40% more than the face value of the card.
Also, GCs are valuable to merchants for breakage. This is when a card (or partial balance) goes unused. Starbucks, as an imperfect example, recognizes about 10% of their total outstanding GC balance as revenue every year, due to breakage. This amounts to hundreds of millions of dollars.
But all those GC funds sit in investment accounts until they are used. It's genuinely profitable to have millions in unredeemed gift cards (and mobile app dollars) sitting around unused.
I've never had my $100 GC be worth $104 a year later, but for the issuer it is. They just keep the $4.
Sorry I was not aware of GAAP. Anyways, I think the primary benefit is the interest-free financing. The company gets to hold the customer's cash and use it for operations (working capital) for the entire time the gift card is unspent. Maybe I was not right with the account terminology and should have mentioned the cash flow positive impact only.
Maybe it is more accurate this way?
Well yes, obviously, and the company doesn't have to pay anything for the cost of locking you out of all your work files forever and costing you however much, so it's all upside for them.
If they had to reimburse you for the cost of all your lost files, then we'd see the real impact on finances.
One practical reason gift cards exist is tax treatment. In the UK, small non-cash gifts to employees can be tax-free under the “trivial benefits” rules (each under £50, not cash or cash-equivalent). For owner-managed companies, directors have a £300 annual cap across such benefits. Cash or cash-redeemable vouchers don’t qualify and are taxed like salary.
> What's the rationale?
Gift cards are used by phishers. In our institution, we routinely get personalized spam mails (in the name of the corresponding group lead of the recipient, sent via GMail -- this is not low-effort) that ask whether they are available and, when (accidentally) responding, ask for Apple gift cards.
My coworkers report these to me every single business day. They’re usually like:
> Hey, it’s me, your CEO. I’m in a meeting with our big customer and I need an urgent favor. Thanks! You’re a life saver.
> - Mr. CEO
I had similar trouble redeeming a gift card on Amazon. Twice. (thankfully they got resolved upon appeal).
Enough that I am very wary of buying or redeeming gift cards now, especially more than one in a row.
Apparently there's some sort of scam with gift cards, which must affect any platform which allows them, and legit uses often get flagged by automated systems.
If they are so much trouble for Amazon/Apple I wonder why not disallow gift cards, instead of randomly banning users?
Going through this at the moment. Was it a physical card? What evidence of purchase did they ask you to provide?
I mean it gets triggered every time I download a new app. This has been bugged for years.
> It's just insane that a gift card redemption can trigger this. What's the rationale?
If I need to guess, gift cards are sold online in money laundering schemes, also on some platforms they are used to let you buy apps from a lower priced country
Selling gift cards is like borrowing money at 0% interest. And because some people forget and never use them, it's negative interest.
anything can trigger this. it is totally at the company's discretion
The real problem is that all these big tech companies have a callcenter in India with agents who cannot do anything to actually fix problems.
And some of them don't even have that!
Do not redeem /s
> I am not a casual user. I have literally written the book on Apple development (taking over the Learning Cocoa with Objective-C series, which Apple themselves used to write, for O’Reilly Media, and then 20+ books following that). I help run the longest-running Apple developer event not run by Apple themselves, /dev/world. I have effectively been an evangelist for this company’s technology for my entire professional life. We had an app on the App Store on Day 1 in every sense of the world.
I am surprised that with such a pedigree, the author doesn't already have contacts at Apple they could reach out to for that personal touch.
> I have escalated this through my many friends in WWDR and SRE at Apple, with no success. Ouch. If he can't get it fixed, it's scary
From my experiences with people at Apple, everyone seems so siloed that it doesn't surprise me that they couldn't help him. It doesn't seem like they have the culture where you could just drop by the Apple fraud team and ask for help for a friend.
I am surprised that evangelists keep thinking they are safe from the evil of big corporations.
If you don't have root access to your machine, it's not your machine.
If you don't have root access to the machine your data is on, it's not your data.
Brillant, I'm stealing it.
Even Meta approves. If it is not your data why should data protection laws apply ?
There's no reason to presume that the author 'thinks' that.
Then why did he mention it (their credentials)? It has literally zero relevance in this case. Maybe they were trying to show off?
It's relevant because it shows they are not newbie on the platform and are unlikely to have misbehave in some capacity to warrant a full deactivation. It adds credibility to their story.
“This isn’t just an email address; it is my core digital identity”
If he doesn’t think like that, then why does he act like it?
That sentence smells like AI writing, so who knows what the author actually thinks. (As usual, the other major "tell" is the superfluous section headers of the form "The [awkward noun phrase]"...)
I'm more curious how/why the author ended up with a $500 gift card. That's a large amount, and the author never shares how this was obtained, which seems like a key missing detail. Did the author buy the gift card for himself (why?) or did someone give him a very large gift (why not mention that?)
> I'm more curious how/why the author ended up with a $500 gift card. That's a large amount, and the author never shares how this was obtained, which seems like a key missing detail. Did the author buy the gift card for himself (why?) or did someone give him a very large gift (why not mention that?)
The author mentions a big store (names it similar to Walmart for US based readers).
I would assume this was an accepted form of "return a product without a receipt" or "we want to accept your complain about this product we sold going crazy 1 day after it's warranty but we cannot give you cash back" etc
I don't understand. Gift cards typically cannot be returned, at least in the US. And the author said the gift card was redeemed "to pay for my 6TB iCloud+ storage plan", which also cannot be returned I'd imagine.
The author lives in Australia. You get points from supermarket for purchasing some gift cards during some promotion, it's around 10% of the card value.
Gift cards are central to money laundering and many online scams. I would guess any usage of them (especially in larger denominations) would attract increased attention and additional risk. That's nonsensical of course, why does Apple sell them if they are also suspicious of them, but I would guess if he had paid with a credit card there would have been no issue.
If you receive them as a gift, use them only in a situation unconnected with your cloud ID, such as to pay for new hardware at an Apple store.
> That sentence smells like AI writing, so who knows what the author actually thinks.
The author has been a professional writer since long before LLMs were invented: https://hey.paris/books-and-events/books/
LLMs were trained on books like the ones written by the author, which is why AI writing "smells" like professional writing. The reason that AI is notorious for using em dashes, for example, is that professional authors use em dashes, whereas amateur writers tend not to use em dashes.
It's becoming absurd that we're now accusing professional writers of being AI.
I didn't mention em dashes anywhere in my comment!
If this isn't AI writing, why say "The “New Account” Trap" with then further sub-headers "The Legal Catch", "The Technical Trap", "The Developer Risk"... I have done a lot of copyreading in my life and humans simply didn't write this way prior to recent years.
> humans simply didn’t write this way prior to recent years.
Aren’t LLMs evidence that humans did write this way? They’re literally trained to copy humans on vast swaths of human written content. What evidence do you have to back up your claim?
Decades of reading experience of blog posts and newspaper articles. They simply never contained this many section headers or bolded phrases after bullet points, and especially not of the "The [awkward noun phrase]" format heavily favored by LLMs.
So what would explain why AI writes a certain way, when there is no mechanism for it, and when the way AI works is to favor what humans do? LLM training includes many more writing samples than you’ve ever seen. Maybe you have a biased sample, or maybe you’re misremembering? The article’s style is called an outline, we were taught in school to write the way the author did.
You’re pointlessly derailing a conversation with a claim you can’t support that isn’t relevant even if true.
Regardless of whether AI wrote that line he published it and we can safely assume it is what he thinks.
The relevance is that it affects whether or not the article's claims are trustworthy, when combined with some other details here. It is very easy to ask AI to generate a grievance post, for whatever motivation. This is why I mentioned it in combination with the question of how/why exactly the gift card was obtained.
There's the further detail of multiple commenters here saying their various contacts at Apple all cannot solve this particular case, which seems odd.
Now that said, given the OP is a published author, it's more likely he is trustworthy on that basis, but personally I still get a "something doesn't add up here" vibe from all this. Entirely likely I'm wrong though, who knows.
LLMs learned from human writing. They might amplify the frequency of some particular affectations, but they didn't come up with those affectations themselves. They write like that because some people write like that.
Do image generation AI tools output people with the wrong number of fingers because people often have extra fingers?
That seems like straw man. Image generation matches style quite well. LLM hallucination conjures untrue statements while still matching the training data style and word choices.
The author is reputable, just look at the rest of their website.
Your accusation on the other hand is based on far-fetched speculation.
Heuristics are nice but must be reviewed when confronted with actual counterexamples.
If this is a published author known to write books before LLMs, why automatically decide "humans don't write like this". He's human and he does write like this!
> I didn't mention em dashes anywhere in my comment!
I know. I just mentioned them as another silly but common reason why people unjustly accuse professional writers of being AI.
> I have done a lot of copyreading in my life and humans simply didn't write this way prior to recent years.
What would you have written instead?
Most of those section headers and bolded bullet-point summary phrases should simply be removed. That's why I described them as superfluous.
In cases where it makes sense to divide an article into sections, the phrasing should be varied so that they aren't mostly of the same format ("The Blahbity Blah", in the case of what AI commonly spews out).
This is fairly basic writing advice!
To be clear, I'm not accusing his books as being written like this or using AI. I'm simply responding to the writing style of this article. For me, it reduces the trustworthiness of the claims in the article, especially combined with the key missing detail of why/how exactly such a large gift card was being purchased.
> To be clear, I'm not accusing his books as being written like this or using AI. I'm simply responding to the writing style of this article.
It's unlikely that the article had the benefit of professional, external editing, unlike the books. Moreover, it's likely that this article was written in a relatively short amount of time, so maybe give the author a break that it's not formatted the way you would prefer if you were copyediting? I think you're just nitpicking here. It's a blog post, not a book.
Look at the last line of the article: "No permission granted to any AI/LLM/ML-powered system (or similar)." The author has also written several previous articles that appear to be anti-AI: https://hey.paris/posts/govai/ https://hey.paris/posts/cba/ https://hey.paris/posts/genai/
So again, I think it's ridiculous to claim that the article was written by AI.
It's a difference of opinion and that's fine. But I'll just say, notice how those 3 previous articles you linked don't contain "The Blahbity Blah" style headers throughout, while this article has nine occurrences of them.
Did you even read the article? "The only recent activity on my account was a recent attempt to redeem a $500 Apple Gift Card to pay for my 6TB iCloud+ storage plan" a 6TB plan is $29.99 monthly.. It's not farfetched to assume he purchased a $500 gift card so he could keep the subscription without worrying about it!
"The card was purchased from a major brick-and-mortar retailer (Australians, think Woolworths scale; Americans, think Walmart scale)" There's not much of a reason to assume someone else unaffiliated with the author bought this card, he mentions talking to the vendor and getting a replacement which means he has the receipt
Yes, I read the article and it simply does not directly address who purchased the card.
It certainly implies the author bought the card for himself, yes; but that seems rather unusual to me, especially in such a high amount.
Why would you purchase a $500 gift card for yourself to "keep a subscription without worrying about it" as opposed to just paying the small monthly amount? Honest question, I literally don't understand that motivation at all. In my mind a gift card is more problematic than a normal credit card in this scenario since it eventually runs out.
Second question: why did you create an HN account just to write this comment?
I wonder if you can prepay using a card ? But otherwise to answer your potential question, I understand OP as I like to prepay things like my phone operator. I put 500 USD there, and come back one year later. This way it can free-up my limit of 10 virtual cards I have, and most of all, can keep their limits as close as possible to the minimum. If you have a mix of services on the same card it is much more difficult and more risky. If you have 100 USD + 50 USD + 25 USD + 75 USD + 60 USD in monthly spend. Then you have 310 USD at risk, when your risk could be way lower.
“Please don't comment on whether someone read an article. "Did you even read the article? It mentions that" can be shortened to "The article mentions that". ” --https://news.ycombinator.com/newsguidelines.html
Did you read the comment you're responding to? Where in the article does it explain why an adult is buying a $500 gift card to pay their apple subscription instead of just paying for it directly?
I went to Uni with this person (though I doubt they remember me.) They have a very high reputation. If anyone should be able to resolve this, it’s them — that they can’t, and they have to go public, is absolutely terrifying and should make Apple execs pay attention.
I mean that. Exec level. This story and that this specific person cannot get it fixed indicates absolute failure.
This reminds of a joke we have in Russia which roughly translates into English as follows: "Comrade Stalin, it has been a terrible mistake!" The phrase could belong to one of Stalin's own sycophants who unluckily for themselves got imprisoned and executed during the big purge in the 1930s. They didn't understand why it happened to them.
I have a feeling that this guy also doesn't get why this happened to him and that he himself contributed towards it with the work of his life.
Indeed. The machine eating its enablers.
Oh, yes, only "important" people deserve customer service. That is an appallingly elitist attitude.
Nobody said that.
The untapped answer is litigation. Call a lawyer and file against Apple. It may take several business days, and cost $$$$ but it will absolutely light a fire at Apple and get the attention of many-a-human. And if they ignore it, well, maybe a class action lawsuit awaits.
To paraphrase an old saying: Live by Big Tech, die by Big Tech.
After nearly 30 years as a loyal customer
I've heard others say this (and was a "loyal advocate" of Windows for around 2 decades myself), but the reality is they simply do not care. You are merely a single user out of several billion.
Many of the reps I’ve spoken to have suggested strange things
That almost sounds like some sort of AI, not a human. But if I were in your situation I'd be inclined to print out that response as evidence, and then actually go there physically to see what happens.
This is why I don't use an os that depends on cloud functionality built into the os for much of its fuctionality. It's really stupid IMHO to depend on a closed system like this to store data.
> This is why I don't use an os that depends on cloud functionality built into the os for much of its fuctionality.
macOS doesn't require this. My Apple account has a handful of apps purchased over the years, and that's it. I could've bought them directly from the vendors, but the store makes it easier to update.
>macOS doesn't require this
Technically true but I tried using a mac without creating an Apple ID and gave up. You can't access the store without it so you are locked out of Mac apps that aren't installed by default, and all apps that only distribute through the store now.
Perhaps that's not a loss, because why would you want to depend on apps that you essentially need an Apple account to use? I've had great luck with finding apps with Homebrew.
Well I just stopped using a Mac. It's not worth jumping through hoops.
I've used macbooks for 15 years and have never felt the need to create an Apple ID. Maybe I've just been lucky but I have never even encountered a piece of software that didn't offer a direct download or brew installation.
And even if, there are torrents and sites. Same for Steam games. Fuck the cloud.
Does iOS?
The operating system does not. The App Store does, and unfortunately on iOS the App Store is the only way to download apps not included with the OS.
I don’t think it is stupid but the golden rule is multiple backups. I personally believe 3 backups is the minimum. A physical one and 2 others. Either another physical copy stored at another location to protect against things like fire or 2 cloud backups to prevent situations like this. But I have only ever met one person who did this. His house burned to the ground and lost all data at his house but had back ups at his brother and on some cloud service and lost nothing. I was impressed as most people I know have zero back ups.
I don't think the customer should be required to implement their own redundancy on top of the services they subscribe to.
I don’t think so either in the sense we are seeing in this case. As in there should be some legal protections like sure Apple can choose to close his accounts but should allow him a reasonable amount of time to export his data. But one should in best practice always have their own redundancies as too many times we have seen companies lose data for various reasons.
Yes, therefore it is better to stick with services that have open protocols, so you can rely on FOSS tools to handle redundancy for you.
Using FOSS solutions and setting redundancy is not going to work for average users.
I think you’re missing the point here, which is we need regulations to protect consumers against big tech.
It’s pretty silly to rely an OS that you don’t own. Though one can be forgiven if you have basically no other reasonable choice such as on mobile phones.
I think we must have passed peak Apple this week or something…
I’ve had Clone Hero running badly on an ancient MacBook for my drums, so I decided to swap it out for an M1 Mini that was collecting dust on a shelf. I did a full erase, but I couldn’t get past its activation lock. At all.
This is a piece of hardware I purchased on my credit card, for my company, (luckily) linked to a phone number I control and an email address on a domain I can control, but Apple in their infinite wisdom are still locking me out of my own hardware because I don’t know the password the last employee used on the computer! I don’t want any data off it, thats gone, I just want the computer I spent money on to actually be usable!
I initiated a “recovery” process to unlock it (at Apples discretion?) and they’ve sent me an automated email saying the initial checks are passed and they will contact me again in 7 calendar days. Kafka-esque doesnt even begin to describe it. So for the next week I have to whistle Dixie!
I’ve been a massive Apple fanboy since I swore off Windows a couple of decades ago, giving them a decent high 6 figure spend over that time and influencing countless others to buy Apple devices. Well that very much ended this week & going forwards without Apple will be painful, but the message they sent me couldn’t have been any louder & clearer. The writing has been slowly creeping on to the wall for the last few years, between buckling to UK government pressure, the CSAM photo scanning nonsense, the absolute UI abomination of this new glass crap, this was my final straw.
I’m also going to be relaying their “message” very clearly and loudly now to any friend or family member considering another Apple device.
This happened to me[1] a decade ago, now. Left Apple hardware on shelf for a year or two, Apple in the mean time did their iCloud migration or something, and my login account could no longer unlock the device. It's been effectively bricked since.
[1] https://news.ycombinator.com/item?id=26482635
A similar thing happened to me - I lent a phone to my mother-in-law and created an account for her. She returned the phone once her own phone was fixed.
A few years passed, and a couple of weeks ago my phone broke, so I wanted to use that one until I bought a new one. It turned out that Apple had permanently deactivated the iCloud account on that phone. I could make calls, but I couldn’t install or update any apps, even though I still controlled the email address that was used to create the Apple account. Not that 5S is very useful these days but still.
Not sure if the Chinese have figured out a way for the newer ARM-based ones yet (I realise it's already been several years since the M1 was released...) but I believe most of the older x86 ones have been cracked.
I've unlocked some old Thinkpads that were similarly left locked with a BIOS password by departed employees, officially not possible, but actually possible if you reflash the BIOS and EC ROMs.
Thanks, that gives me hope - my SO bricked their Thinkpad by forcibly powering it off in the midst of the firmware upgrade of all things. Don't ask.
I was looking for the flashing hardware around here, but i should probably peek on AliExpress :)
A CH341A-based programmer with the accessories ("chip clip" cables and adapters) is available on AE for cheap (~$10) and will work to read/write the main BIOS.
If you need to recover the EC, then I believe anything that can work as a generic JTAG device, like an FX2LP dongle (~$5 or less, and useful for other things like a logic analyser) will also be needed.
> That almost sounds like some sort of AI, not a human
It’s almost certainly not, it’s just humans being human and going off script. I worked in a place where we dealt with an enormous number of customer service requests, and one of our measured support metrics was “how often do the agents deviate from what they’re allowed to offer”.
> It’s almost certainly not
AIs are RLHF'd to have a corporate-pleasing interface w.r.t. metrics.
I’ve talked to apple support reps in the past. It’s absolutely not surprising to hear that there’s confusion. ISTR some aren’t actually direct Apple employees, so they don’t have access to certain information.
> I've heard others say this (and was a "loyal advocate" of Windows for around 2 decades myself), but the reality is they simply do not care. You are merely a single user out of several billion.
What changed your outlook? Did you get burned by Microsoft?
The gradual decline of quality, and increasing hostility towards the user once they went from software to services.
Probably they tried a real operating system.
Linux and the other unices are great for their CLI, but GUIs seem more like an afterthought on that side.
Hard disagree. I find that Linux (particularly but not exclusively Gnome) is actually even better than Windows or Mac OS. I hate having to use Windows or Mac again for how clumsy and poorly thought out they are. It took how long before they finally got Window snapping? And file search is still atrocious on both, and getting worse on Windows.
It always seemed to me the people who deride Linux's desktop GUI are those who actually never bothered to use it, especially not seriously in the past decade.
I find KDE Plasma to be much better than Windows and MacOS.
While Plasma is among the better desktop options, it’s still something of an acquired taste, being a significantly different flavor from either mainstream commercial OS (and particularly un-Mac-like). I know some like it, but having used it on various single-purpose machines of my own I don’t think I could make it the desktop of my daily driver or work machines.
with this same logic, you don't want to know how much your government and your country cares about you. odds are even a lot lower for them.
Why would my government care less about me than a multinational corporation with billions of customers that isn't headquartered or listed where I live?
My Member of Parliament represents about 130,000 people, does regular door knocking to talk to people, and has a staffed office a few km away the I can walk into anytime I want.
None of that applies to a multinational corporation.
You're lucky and this is not a representative of the politicians at all.
In my Parliament MPs seem to represent primarily the interests of their donors, not those of their country, not even constituents. It still better than it used to be, the corr...., er lobbying is not as blatant, but its still obvious.
Seeing the MP? Yeah. Maybe if someone lives in the "unsafe seat" area and the MP is trying to get reelected:)
Because you can’t get rid of your government, whilst you can easily stop buying apple crap.
People can vote the government out on the next election but they can't vote Tim Cook and other executives out of Apple unless they're shareholders with significant voting powers.
And don't tell me to "vote with my wallet". We're talking about Big Tech, not your next door kebab shop.
You can vote out the government, you can’t vote out the state.
And yes. Don’t give them money. Buy something else. We are not short on phone or laptop brands.
Exactly. Corp. at least have some expectation about revenue and reputation etc. Certain % of people only cost government, literally.
oh, no, they will do a lot to make you pay taxes
they can always print the difference, lol.
Big tech giants locking unsuspecting users out of their digital lives is nothing new. What would it take for our society to stop relying on these closed, walled gardens for critical stuff?
How many account lockouts must occur before we accept that digital life built on permission rather than ownership is inherently fragile?
My 2 cents:
There was a time when I accidentally deleted some photos of which I had only one copy. I blamed myself for being stupid not having a copy but also money was tight for additional drives.
Then there is this: depending on a service provider and then blaming them for something like this. The problem is that now you are losing trust in service providers (of which there should be little to begin with) and on top of that you are also blaming yourself for depending on them. However you have to create a trust model where your fault allows you to have a service helping you with it while a fault at the service provider will allow you to restore data from your end too, getting the best of both worlds.
MacOS and Windows / Google with always logged in systems that lock you out completely at their will is an example of how your devices are not owned by you to begin with and then trusting them with your data as well means your digital life is basically owned by them completely.
Now imagine that there are no humans to solve this but endless LLM bots that respond with generic responses because the LLM has never seen a problem like this. I want to point out that owning your data and hardware is really important if you depend on it and your business especially does.
I think this argument conflates “what’s possible” with “what’s reasonable”.
In a complex modern society, we can’t all be expected to have backup plans to the Nth degree.
Is it possible to bore for my own water supply, install solar+inverter/battery backup for electricity, get a medical degree to treat my own wounds? Sure but most would say it’s not reasonable.
It’s why we have regulations and ombudsmans for healthcare, transport, finance, water provider, electricity providers, communications providers etc.
Oddly missing from that list is critical technical infrastructure providers like Microsoft, Apple and Google.
I actually really like the idea of a Digital Services Provider Ombudsman, who you can go to if you feel like you've been wronged by a big tech corp. They have a "way in" that consumers potentially don't, and they have the capacity to levy fines in certain circumstances. I love this! What's preventing this from happening, other than no governmental pressure to make it happen? I might write to my MP...
> However you have to create a trust model where your fault allows you to have a service helping you with it while a fault at the service provider will allow you to restore data from your end too, getting the best of both worlds.
This is why I suggested to have a dual model. Leveraging the cloud and services is really a good choice as long as you have backup systems running independently as well. Your backups may not be as powerful and full fledged as the main provider but in case of emergencies like these, you still own your data and hardware and don’t panic.
In this example a weekly backup of iCloud to a drive connected to a pi with rsync could be a simple solution. 6tb is not even that much given that 500$ gift cards are being used by the author. The backup is not great but it is easy to see why it’s also necessary to own your data.
That is in no way a reasonable suggestion. You’re suggesting a raspberry pi (first red flag) along with a command line program. This is not reasonable in any sense of the word. Imagine me suggesting that everyone should be set up their own unraid server to make sure they can still stream movies and videos if Netflix goes down. Imagine me telling you you should set up a foundry to build your own engines because you can’t trust big car manufacturers. This is the case with everything in your life
Regulations exist because it’s impossible for any one person to handle everything that needs to be handled.
>That is in no way a reasonable suggestion. You’re suggesting a raspberry pi (first red flag) along with a command line program. This is not reasonable in any sense of the word.
Uh, the guy writes programming books for a living.
But since he's all-in Apple he could just use Time Machine to some sort of NAS and get a more streamlined version of the above.
It’s not reasonable because you’re assuming that 1) they have the time to set up that network infrastructure 2) their skills align with that 3) they have the knowledge to do so 4) they live in a country without strong regulations that would make such a thing unnecessary.
Just because you know objective-c doesn’t mean you know a damn thing about raspberry pis, backup programs, NASes, or anything else. It doesn’t mean you know or want to manage your own network infrastructure. They’re a Mac app programmer, not a Linux professional, not a micro-computer professional, not a network engineer, not a sys admin.
Time Machine wouldn’t work here, because it needs the files locally and he’s already stated he doesn’t have a 6tb drive.
1. I am pretty sure OP could manage to plug in an ethernet cable. 2. Again, he should be able to manage to set up a computer and plug in a USB drive, even if not familiar with the particular OS. People are not that narrow 3. I am pretty sure he could manage to install and run some backup software on his devices 4. I assuming you are missing a not there, but regulations have clearly not solved the problem, in fact its likely AML regulations caused it.
> he’s already stated he doesn’t have a 6tb drive
Someone who uses a $500 gift card to renew subscriptions could afford one
So that solves it for OP, but not for every single other person out there who's not as tech proficient and relies on iCloud for backups.
Which is not an unreasonable thing at all considering it's literally marketed as a storage solution for your photos, and a top of that even encourages users to store originals only in the cloud.
It won't solve for people that only own an iOS device but setting up a Time Machine backup is aggressively recommended by OS level notifications for every macOS users.
A simple usb hard drive will actually do, no need for a NAS. The only action required to implement proposed solution is to check "Keep all data on this Mac" in both photos and iCloud Drive settings. And to be extra cautious add a second backup drive from another vendor (to be extra extra cautious don't use Time Machine for the second drive).
For the specific case of thoses that don't have a big enough internal drive they might need to store data on an external drive. But if you do have 6TB of pictures you normally should ask yourself if a RAID1 or RAID6 is not warranted at this stage.
In conclusion it's not a binary decision there is lot of room between "I solely rely on the cloud" and "never trust the cloud".
> Is it possible to bore for my own water supply, install solar+inverter/battery backup for electricity, get a medical degree to treat my own wounds? Sure but most would say it’s not reasonable.
Bad analogy. A better one would be having a torch in case of power cuts (done that) having some extra food in the house in case the grocery delivery fails, having some basic medical supplies in the house, having mobile internet connection in case your broadband fails etc.
Having backups of your stuff is an emergency fallback
This is one of the worst stories I’ve seen yet. It sounds like they were “all in” on Apple with zero backups, which shows some questionable judgment, but still, this sort of thing shouldn’t be possible any more than a bank deciding to take all your money with no recourse. (They can close your account, but they can’t keep your money.) Maybe hosts should be required to mail you a hard drive with your data on it when they close your account. Regardless, never assume cloud data is in safe hands.
> this sort of thing shouldn’t be possible any more than a bank deciding to take all your money with no recourse. (They can close your account, but they can’t keep your money.)
I once had to help a relative sue a bank who had closed his account after he refused to answer their very intrusive questions (they wanted to know details about distant relatives living in another country). They also refused to return his money (tens of thousands) and refused to explain why. No amount of complaining or escalating made any difference, although we did manage to get a nice recording of an employee saying that he thought the bank was in the wrong.
It took me issuing court proceedings, plus several more months of negotiating with their lawyer, before they finally settled out of court. Even then they tried to not pay the court fee, and they tried to get us to sign an NDA (I refused to budge on both). Altogether, it took 6 months to get the money.
Similar to how people in this thread are talking about mitigating reliance on cloud providers (e.g. with offline backups), I now do not trust any bank. I avoid being in a position where any one bank can ruin my life. That means having multiple accounts and spreading my money around.
Luckily for me I have a legal background so when a corp (big or small) does this sort of thing to me I don't hesitate to sue them. In almost all cases this causes them to "wake up" and start taking your issue seriously, in a way that the front line customer support reps never do. I recommend this to the author of the original post.
Which bank?
all banks. Any bank that can indefinitely freeze your money and get away with it will do it. And now that everyone is doing it, the reputation damage is minimized.
> I now do not trust any bank.
It baffles me how much this community is opposed to Bitcoin (and fails to delimit it from the rest of the crypto-scams on going) when, for me, it is existential. When you go through 1-2 experiences of bank-freezing and you realize your life is literally at stake here, the abstract debates about energy consumption or speculative bubbles feel like they come from completely misinformed individuals.
It's like watching someone on a rail track arguing not knowing what is about to hit them.
> It sounds like they were “all in” on Apple with zero backups, which shows some questionable judgment
iCloud literally encourages users to opt for storing originals only in the cloud. It's marketed as such, it nags you about this every now and then, and iCloud is the preinstalled default cloud storage on every iPhone. Consider non-techies dealing with this too.
> which shows some questionable judgment
Convenience is a hell of a drug.
I do have backups of most data, including photos, but there are things you can't backup like shared actively edited iWork documents, and things like that. I can rebuild from it, but it's still a shitshow and my very expensive devices are bricked.
What's an iWord and why can't it be backed up?
What a nightmare - hope everything will end well.
Concerning all those 'bricked' devices it would be really nice to get some more details concerning the 'block'.
Can you use your iPhone to call someone, can you use your MacBook overall? Login, use Apple Passwords(!), looking at photos within photos app and so on...
Or are all those devices completely locked?
> there are things you can't backup like shared actively edited iWork documents
If they’re shared, surely someone else can still access them?
When you are an Apple Developer, as the poster states - it goes deeper and more destructive.
> this sort of thing shouldn’t be possible any more than a bank deciding to take all your money with no recourse. (They can close your account, but they can’t keep your money.)
To me this is the biggest problem. Just like a bank can decide to close your account at any time, it's reasonable that Apple (or any business) could do the same. But they can't keep your stuff.
You can say "don't be naive and assume your cloud data is safe", but in today's world that's like saying "don't keep your money in a bank". The reason I pay for iCloud storage is because it's supposed to be safe (safer than my local HDD going bust or getting lost).
You can probably use a GDPR personal information request to get photos and data at least. Doesn't help with other stuff you've paid for though.
We really need laws for this sort of thing. They should have included it in the DMA for gatekeepers.
Great victim blaming there buddy.
To what extent is the victim their own perpetrator? They allow the status quo to succeed by endorsing it. They voted for this with $30,000 of their own money, and they will likely vote again.
So taking a wrong turn should result in you being mugged, raped and subsequently killed because apparently there was some "safe", but less convenient, passage? You're not helping OSS by making claims like these.
Obviously you're being facetious, that is not at all what that poster is claiming.
While I agree that entering a dark alley shouldn't result in ill effects, if ill effects happen in said dark alley it is still worth the discussion to remind people to stay out of dark alleys in today's day and age (or until the root problem, whatever it is, is improved).
Pretending that it is OK to enter dark alleys and forcing blame elsewhere will continue to have people unwittingly enter dark alleys.
There are 1.5 BILLIONS of iOS users. Is that what you call a dark alley? This is a broad day, city center attack.
So many asslickers of Apple here, blaming the victim when clearly anyone could be the next victim. The same issue with clouds like Google Cloud that can charge you 100k USD tomorrow just because of someone doing a loop of wget on a cdn endpoint.
The real solution is to have a neutral, efficient and formal process under supervision of regulators to have such case escalated and handled.
I already see all the tech-bros coming: “you see it was not an issue, they reinstated the account after you posted” while ignoring there are silent victims.
> While I agree that entering a dark alley shouldn't result in ill effects, if ill effects happen in said dark alley it is still worth the discussion to remind people to stay out of dark alleys in today's day and age (or until the root problem, whatever it is, is improved).
This is not a dark alley. It's the main street. It's the world we live in. iPhone has more than half the market share in the US and well over a billion users worldwide. Moreover, Apple, Google, and Microsoft collectively monopolize consumer operating systems on both mobile and desktop. Try going into a retail store and buying a computing device that is not running iOS, Android, macOS, or Windows. That's the reality for most people.
The dark alleys are the non-mainstream options that hardly anyone knows about.
To further stretch the analogy: the main street is now full of potholes, sinkholes, and even landmines. The root problem is that, in exchange for convenience, we as a society have ceded too much power to these large businesses and we are now paying the price for it. We have bought the proverbial monorail [1] and now we are stuck with it.
[1] https://www.youtube.com/watch?v=taJ4MFCxiuo
> The root problem is that, in exchange for convenience, we as a society have ceded too much power to these large businesses and we are now paying the price for it.
I don't know why some people have made "convenience" into a dirty word. Almost everything we do is for convenience. You could live in a remote log cabin with no electricity and grow/hunt your own food, separating yourself from most of society, but that wouldn't be convenient or pleasant.
Individual consumers have very little power over the market. There's a collective action problem, which is why governments and regulation exist... or should exist. The way I see it, the root problem is a massive failure by (corrupt) governments to protect consumer rights.
How do governments become corrupt in the first place though, if they don't start that way? It's collective action problems all the way down.
Perhaps the root problem is that we've blown too far past Dunbar's number to be able to deal with the societies we live in. All of these systems we've contrived to mitigate the trust problem are full of holes.
As for convenience, that carries a tradeoff. All of the technology and all of the revolutions we've had (agricultural, industrial, information technology) have come with these tradeoffs. Even the log cabin has downsides compared to the nomadic hunter-gatherer lifestyle.
> How do governments become corrupt in the first place though, if they don't start that way?
I think the US government did start that way. Maybe not "corrupt" as such, but the United States was founded by plutocrats and was clearly designed to protect the minority of plutocrats against mass democracy.
> Even the log cabin has downsides compared to the nomadic hunter-gatherer lifestyle.
Yes, but I'd say the nomadic hunter-gatherer lifestyle has even greater downsides, and our current state of convenience is in many ways a vast improvement over the precarious existence of our distant ancestors.
That's not what happened here though. The victim paid the muggers... so as you can see something is very wrong in this relationship.
Victim blaming is simply a way to feel comfortable that it won’t happen to you. The takeaway should be that it CAN happen to you.
read the TOS before agreeing
Let’s be real, the number of people who read it approaches zero.
Not only does no one read it but it seems like they are intentionally designed to be difficult to read.
They are written by lawyers for lawyers, not for common people to read.
You don't even have to actually read them, just assume the worst case for the customer and you'll be right.
LLMs actually do a good job at reading legalese, this may finally reverse the trend of corporations using inpenetrable language to screw over customers.
Of course, that doesn't help in the US with its vicious Supreme Court endorsing the most blatant abuses under cover of binding aritration.
And then what? Go to Google, Samsung, any other Android vendor and read the same TOS?
There should be laws to protect people, instead of blaming victims.
Every single cloud storage provider has a generic cop-out clause in their TOS that allows them to lock you out of your account for no reason at all, with no legal obligation to provide any proper justification.
This leaves you with just about zero cloud storage solutions that you can use.
Yes, yes, you can rsync your files to your NAS. Now explain that to your non tech-savvy neighbors.
I had this happen to me once while traveling, and then by random chance I ran into a former Apple Store employee at a hostel.
She told me to email Tim Cook directly (his email is entirely guessable).
I did this and within a day or two my access was restored.
You may want to consider filling a small claims lawsuit against Apple for the maximum amount of damages your state permits in small claims.
It's not really about winning the claim. It's about getting them to acknowledge you and hopefully resolve it before the court case comes up. That is, you want them to "settle" by restoring your account.
IANAL and YMMV.
The OP is in Australia, but I'd like to add some advice which would apply in the US: Apple is one of the few organizations which does not use an arbitration clause, which means suing in court really is an option.
(With the exception of some services like their credit card, but you can opt out of that more easily than any other arbitration clause I've seen.)
Here is how the gift card scam works (in Australia)
[Quote]
Yes they do still get activated at the checkout. But when you go to redeem, the code is missing the last digit or two so it doesn't work. People take the unactivated gift card, tamper with it to get inside carefully so it's not detectable, scratch and get the code, remove the last digit or two, replace the scratch off layer, put the unactivated gift card back on the shelf. Then after you activate the gift card at the checkout, they redeem it.
[/Quote]
From this discussion
https://www.ozbargain.com.au/node/937339
This is why Target doesn't have the activation code on their gift cards anymore, you have to have it added with a sticker when it is being activated now, and then scratch it off.
Since your money is gone, I would file a complaint here:
ACCC (Australian Competition and Consumer Commission): The primary enforcer of gift card laws, ensuring businesses comply with the three-year minimum expiry, clear terms, and fair practices.
It's baffling that gift cards are so popular. You're essentially paying to decrease the value of your own money by restricting its use and adding an expiration date (and handing to someone as a gift as if it's a thoughtful alternative to cash).
An even more egregious case is the corporate credit card. The company dictates its use exclusively for business expenses, yet pushes all the liability onto the employee. The business gets a massive, interest-free credit line with absolutely no risk. The company gets the float, and the employee gets the bill and the potential credit damage if anything goes wrong.
</rant>
I still don't get why my friends and family think gifting a less liquid form of money is better than just giving cash.
Gift cards are the best proof against the existence of the homo economicus, that's for sure.
Because it shows some thoughtfulness. 'I know you like x so here's money to spend on that'. Cash looks like you didn't bother.
Same reason they gift you a book instead of a can of petrol. By giving you a gift card, they're forcing you to buy something sold at a specific store chain, not to buy more petrol.
It can also be a way to make sure e.g. “fun money” gifts are actually spent as intended, getting around things like sense of responsibility, overbearing spouses, etc making the recipient feel obligated or pressured to spend it some other way.
Gift cards are great for companies you don't trust with (up-to-date) payment details. Amazon, Google, Apple, whatever evil megacorp you can think of, they all have made the news with stories like these, and they have proven time and again that they will stand by and defend their arbitrary decisions in court if they have to, because involving basic human intellect in the chain is too much of a fraud risk.
Even if you like their services, who knows what they'll do when they have access to your credit card information directly. I can completely understand why someone would pay for their services with gift cards bought from a well-known, respectable store instead.
This story proves that none of it matters if your money along with your account vanish because the megacorp doesn't like your gift card for whatever reason.
In fact, it is far worse than paying with a credit card directly in terms of risk. At least, when something goes wrong (which rarely ever happens), the bank has your back. On the other hand, I have seen too many cases where people find their gift card codes invalid.
It seems OP bought the gift card themselves as a means to top up their account balance (https://news.ycombinator.com/item?id=46252989). They basically used the gift card as an alternative payment option.
Book a date with TASCAT. I haven't used the Tasmanian one but in NSW it cost me a couple tens of dollars from memory and I got a response in days. Once the case lands with the _LAWYERS_ who are expensive, it'll get resolved.
https://tascat.tas.gov.au/
Civil tribunals in Australia (an equivalent of small claim courts in other countries) do not involve lawyers in vast majority of cases and encourage self-representation instead.
In fact, the NSW Civil Administrative Tribunal explicitly requires the Tribunal’s explicit permission for a person to be represented by somebody else, including a lawyer.
But tribunal's decision is binding on the commercial entity, should it be found at fault and incurs penalties for avoidance or non-compliance with the decision.
> do not involve lawyers in vast majority of cases and encourage self-representation instead.
Sure, but if it's a corporation, who is going to represent the corporation besides a lawyer? In the US, some states explicitly do not allow a lawyer and require a different officer of the company represent them, but plenty do allow lawyers.
If Paris is taking Apple to the tribunal, there's no single human equivalent to Paris on Apple's side. This seems like the exact sort of situation where a lawyer is approved to represent somebody else.
You also get things like Stripe with mandatory arbitration. The arbitrator is chosen by Stripe. Naturally arbitrator wants to keep Stripe as a client.
Stripe terms allow them to hold the funds until 'investigation' is concluded but while held, they have the right to invest the funds and keep the profit.
> Sure, but if it's a corporation, who is going to represent the corporation besides a lawyer?
Under common law, lawyers (in the US sense) are not required on either side in the case of handling a dispute or a small claim.
Specifically in Australia, the company would have a complaint department, and the case would be dealt with by a complaint officer, not a lawyer.
If the scope of the case exceeds the tribunal's authority, the case is handled in the state's district court or in a federal court for cross-jurisdictional matters. The official title of the person representing the defendant (e.g. a company) in a courtroom is the barrister, but the case documentation and legal advice are provided by a solicitor.
Hi, I’m closely involved in xCAT cases for my Australian organisation.
We send an in-house lawyer to represent us at every mediation and hearing.
Every complaint that goes to an official body is dealt with by the lawyers at that point. Only if they complain directly to us does our “complaints department” handle it.
Absolutely, but that doesn't solve my immediate issue of my devices and accounts, but of course I will do that.
There are escalative methods to employ in such situations.
In many legal jurisdictions, a 'demand letter' holds weight. These can be served by courier, with proof of delivery as valid. One aspect of such a letter is a hard, specific time by which you will start legal action, along with associated additional costs.
You have two paths after the letter. The first is small claims court, or normal court. In many places, small claims court does not allow lawyers, and the judge will even have to explain any confusing terms.
Which means the playing is leveled, including reduced or no disclosure requirements, and legal cost assignments. Where I am, it's $100 to file.
The goal is to force a fix, at threat of legal consequences.
I am sending an email.
"Beat the Grass to Startle the Snake" (打草惊蛇)
You would be better off in the US. Trust me, nothing creates bigger fuzz than complaining to financial authorities.
From the fire into the frying pan.
It appears that the only way to reach Apple Customer Relations is by way of writing a formal letter to:
Apple Pty Ltd, PO Box A2629, Sydney South NSW 1235
It is saturday! Guy had a trouble during non-business times and advice to make a complaint to ACCC? People who unlock accounts do not work on weekends, it is not front line of support who works all the time. What happened with giving a chance to people (which is Apple consists of) to actually do something before complaining to 4 letter agency? Also ACCC will not deal with such complaints. It says right on their home page.
I didn't see a timeline but there were indications that the author has been trying to resolve this for much longer than one day.
Regulatory agencies can forward complaints to other authorities and act based on them even if they can't resolve the particular issue for the complainant.
There is part of me that sort of wishes this would happen to me. I wonder if getting locked out of my cloud identities + bricking all my devices would actually be a great blessing in disguise from the Machine?
I treat apple ID and google ID like throwaway accounts. I would never trust anything valuable to either. The problem is that it is very hard for "usual people" to do that.
I will also never have an electronic ID. We (Switzerland) were dumb enough to vote yes for it but we are giving away our freedoms eventually.
We need regulations to ensure vendor cannot lock in users and cannot threaten them. Everything should work like if you have your own domain and use email. If your provider go nuts, move your hosting and change your MX and point your local copy to it.
This should not be reserved to some nerd like me, it should be an universal right.
It is already late, but it can be reversed. We need for more sotires like this one to errupt, so people understand.
> I will also never have an electronic ID. We (Switzerland) were dumb enough to vote yes for it but we are giving away our freedoms eventually.
What's the link with the rest though? Your government already knows you, whether your id has your information printed with ink or stored on a chip.
Belgium has had electronic id for decades now and I fail to see how it has taken away any freedom, but it has enabled people to get their official documents online without having to make appointments in person in most cases.
I think the fear many people have is that digital ID will be required for non-government services as well. I can easily see that happen in the USA and Switzerland is the kind of weird that may also let that sort of thing happen.
With things like age verification becoming mandatory just about everywhere and actual privacy-conscious digital age verification being very difficult, there's definitely a risk towards abuse and badly designed authorization mechanisms (although the EU's open source backend and frontends should make it easy for other countries if they do actually care about privacy).
Because it will be used by other services. Like google requiring one for you to use their services. That's the problem.
It seems to me as if it would get used by the same services that already require an id, except they would now not require a physical check of the id anymore.
I don’t see that happening in Belgium, though?
You don't? Google already requires ID for developers in Belgium [0], and it's complying with regional laws for age verification [1]. The EU is also starting to look at age verification [2]. I don't see how it's such a stretch that Google may want to expand this further even in the absence of government demands, considering the huge ad/data incentive for them to directly link accounts to IRL identities.
[0]https://support.google.com/googleplay/android-developer/answ...
[1]https://www.digitaltrends.com/phones/google-play-store-wants...
[2]https://digital-strategy.ec.europa.eu/en/factpages/blueprint...
> Google already requires ID for developers in Belgium
But it also requires id in France, even for people who don't have an eid. Or in the US, and most likely just about everywhere in the world.
I don't see how this is related in any way to having a chip on an id document.
> The problem is that it is very hard for "usual people" to do that.
Exactly, for all the victim blaming in other comments, try to explain 3-2-1 backup to non-technical people and you'll be met with glazed eyes.
Sadly I think it's going to take more people losing their irreplaceable digital assets and for the network effect of having it happen to someone close to actually see any change.
There's a surge of people losing their Google accounts with hackers abusing parental controls at the moment, although I suspect a lot of those people will just move to Microsoft or Apple thinking they're safer until they get burnt there too.
My grandfather’s Apple account was blacklisted too but I was less sympathetic to him because he genuinely sends spam email from his personal account (it’s politically motivated).
One day he was bricked from his accounts because he ran afoul of Apple’s ToS. The problem then was I couldn’t feel sure that he hadn’t actually done something which a reasonable person would say should result in account closure.
Paris’s case is much more strange, because it feels more likely to be a false-positive.
There is no legal right to have an account with Apple or Google, and I’m not sure I want there to be. But so much of our lives are built on these services and these stories erode our trust that the services themselves can handle the responsibility of adjudicating acceptable use. We need our digital accounts to be robust in the very long-term, even when there are bad actors who want to do all manner of bad things. And we need to feel confident that a properly empowered human reviewed the case and can articulate the reasons for a ban. When we charge a person with a crime, we tell them what the crime was and give them due process to fight it. I’m not sure I want the courts to decide these questions but we need some more due process when it comes to account termination.
> There is no legal right to have an account with Apple or Google, and I’m not sure I want there to be.
There shouldn’t be a legal right to an account, but there absolutely should be a legal right to sit down with someone from the company to plead your case, understand why the account was locked, and at least be given the opportunity to gather your things if they decide not give you a second chance.
If you get evicted from an apartment they don’t just change the locks and keep all your stuff…
There should be a legal right to a clear explanation and a mechanism of appealing these decisions with an external organisation. I think it’s unreasonable to expect that they should be able to delete users this casually with everything that is tied to your devices.
You could make it so costs for arbitration could be paid up front by the person appealing and then if the account deletion was deemed wrong the company refunds said user. Could probably apply to monetisation on YouTube that I see withdrawn for very dubious reasons too.
>arbitration could be paid up front by the person appealing
We need a constitutional amendment that prevents binding arbitration agreements, which removes judicial review from public accessibility.
There absolutely should be a legal right to pursue this through the courts (which require a response from the company, to avoid default judgment).
----
My main PiHole blocks all of *.google.* & *.apple.* for many reasons. My exploration into PiHoles began a decade ago, after Google pulled a similar response-less account termination (without explanation). This left me unable to update a blog (with several million annual impressions), with no recourse [0].
[0] Unlike OP's situation, I was able to download most of my writing/photos, only because they were public-facing (website).
What sucks is that it's a group of probably like 2000 people who are causing all the insane bureaucracy around these digital accounts.
People running scams that will shamelessly and relentlessly pull any string at their disposal to keep their account running.
I'm not the biggest advocate of the EU DMA, but account and device access is one item we should actually be regulating very heavily, where potential penalties for (suspected) abuse or incompliance must be much more granular than full-on account bans.
It's hard to believe EU governments are actually considering mandating iOS and Android as gateways to access government services. It's a level of ignorance that's unfathomable.
This story is also exactly why I invest precious time running a Linux machine in the basement that rclones my cloud drives locally, as well as having full local copies of my webmail contents.
> It's hard to believe EU governments are actually considering mandating iOS and Android as gateways to access government services. It's a level of ignorance that's unfathomable.
There's a good reason behind this approach, even though I don't think the benefits outweigh the downsides. These apps are supposed to be the phone equivalent of the NFC chips inside of passports and ID cards, which have all kinds of encryption and verification inside of them. They have to be protected against malicious data extraction, manipulation, and other fakery.
Phones do have the ability to do that, even free ones, and even regular desktops and laptops. How they do it kind of depends on the implementation (whether you call it a "secure element", a "TPM", or a "trusted execution environment"), but they all come down to "hardware proof shows that this digital signature is not extractable or alterable". The data isn't supposed to be something you can access, like a password, but something you can only do signed reads from, like the physical ID chips.
In iOS, that part runs entirely on dedicated hardware which will refuse to run non-Apple code, which is probably the best approach. On Android, there are more options and many phones run a software version of that concept in a dedicated separate virtual machine to save cost on physical hardware. The security of that virtual mechanism relies squarely on the early boot process having been verified not to be altered by malware. That's what the Google verification library is for in this case.
This approach can work just as well on other hardware with dedicated TPMs (although a lot of free software enthusiasts will tell you those are evil contraptions designed by Microsoft to turn your unborn children into little versions of Clippy) or dedicated encryption modules. However, you'd need a common enough, accessible API for those to function. That's actually quite easy on Windows and macOS, but Linux TPM support is rather woeful at the moment, especially with how uncommon things like secure boot (even self-signed secure boot) are.
In practice, nobody is going to buy a special sort of yubikey to log into their government's tax portal. Dragging people into basic multi-factor security has been a challenge that lasted decades.
However, pretty much all citizens already have phones capable of top-of-the-line security verification. Developing a free app is a lot easier than implementing cross-platform HSM support for a novel authentication mechanism.
All of this comes at the cost of having to run vendor-approved software. That's a huge problem for a lot of HN visitors, but those people form a sliver of a fraction of the population. I'm willing to bet the EU's digital access is inhibited more by the amount of old people without cell phones than the number of people who care about free software.
I personally feel like outsourcing this kind of trust to closed source implementations of vendor blobs is a terrible idea, but it's hard to find an accessible alternative that provides even the lax security properties those blobs provide.
Something I do find lacking in discussions about these technologies is how much the EU is relying specifically on American vendors here. America has been shown to be an unreliable ally that will gladly force the EU's hand with whatever mechanism comes to mind for extremely arbitrary reasons. There is a distinct lack of European alternatives when it comes to accessible secure computing, and I'd rather see the EU invest in local alternatives than go all-in on the security promises from Apple and Google.
"I'm not a fan of regulating extremely huge companies, except for the way I'd regulate them."
We must have regulation, and I support that fully. It also seems healthy to me to have an independent view on the specifics of said regulations. I mostly agree with the vision and direction of the DMA, but in my opinion it lacks specificity and clear unacceptable boundaries.
That lack of specificity, to me, is why Apple has been able to implement malicious compliance. At the same time the lack of specifics risks companies leaving the EU market in its entirety due to regulatory unclarity with high fines.
Wow, imagine living in a world not being black and white. Crazy!
People make exceptions sometimes, what’s your point?
Wow. This is a cautionary tale. I don't think I'd be as devastated as this poor chap, but as it grew I realize I've allowed my iCloud photo library to become a single copy.
How are people handling this these days? If i wanted to ensure a full backup of everything on my iCloud to a NAS, what's the best way these days? Seems like they make it difficult by design..
I self host an Immich [1] instance to backup photos on my iPhone. It’s OSS and has a level of polish I’ve rarely seen in free software. Really, it’s shockingly good. The iOS app whisks my photo off to my home server several times per day.
What I’m not sure about is how to backup things like iMessages, Notes, and my Contacts. Every time I’ve looked, it appears the only options are random GitHub scripts that have reverse engineered the iMessage database.
1. https://immich.app/
I run a nextcloud [1] instance and use it for contacts, calendars, and reminders
1. https://nextcloud.com
I use Nextcloud for files/contacts/calendar/etc. as well, but for photos I use PhotopPrism [1].
The reason is simple: photos require much more processing and focus on performance. In addition, photos take up much more space, so while my Nextcloud instance runs on an SSD, the photos reside on an HDD, mostly in sleep mode.
[1] https://www.photoprism.app
The imessage db is literally just a sqlite db. If you have a Mac you can read the entire thing with an applescript. It’s really easy from what I remember from years ago
What's wrong with `imessage-exporter`?
https://github.com/ReagentX/imessage-exporter
I run a separate Mac Mini that has the full iCloud Photos library on a massive external drive, set to "Download originals". I then rsync that filesystem to a separate Linux box. This works but you must not ever disconnect the external drive.
I don't have a solution for iCloud Drive, as there wasn't a keep offline setting last time I checked. So use it only ephemerally.
Arq [1] has an option to "materialize" dataless files, basically forcing them to be locally available. The only issue is if it's a large file and it gets pushed off device often, you can burn a lot of bandwidth re-downloading it over and over again.
1. https://www.arqbackup.com
At least as of Sequoia, the Settings > iCloud > Drive > Optimize Mac Storage option enables iCloud Drive files to be stored offline. Likewise, right clicking any iCloud Drive files in the Finder includes a Keep Downloaded option. Since I minimally use iCloud Drive, in the past (older OSes) I also had Hazel make copies of iCloud Drive files so they were certain to be in backups.
I'm not familiar with the "Photos Library.app", but I have an m4 mini with my photos in a Photo's Library. I'd love to know your script to rsync the photos into a separate drive/directory
The Photos library "file" is just a big folder, I just sync the whole thing.
#!/bin/sh rsync --iconv=utf-8-mac,utf-8 -avh --delete-after --partial --progress /Volumes/myExternalDrive/Photos\ Library.photoslibrary myuser@mylinuxmachine.local:"/srv/myExternalDriveBackup/"
(note: tested with brew rsync, IIRC the default rsync is outdated on macOS)
Somewhere in the directory structure is a folder /originals/ which has all the actual files.
Note that this is only a last resort backup. Restoring the library as a whole requires a Mac with a compatible OS version. Restoring without a Mac would only get you the originals, so only the out-of-camera files (jpg, heic, raw), with no edits or metadata changes from Apple Photos applied (Apple Photos doesn't touch the EXIF data). You'd probably also lose the video part of all live photos, as the live video files stored as separate files and not part of the .heic files. They're there, but not very usable.
An alternative to this workflow is to export all photos (with edits applied) from the Photos app, but honestly I'm not sure if that even works and how long it would take for multi-TB libraries.
For iCloud Drive have a look at rclone. You can run it straight from your Linux machine
One rather counter intuitive way to “backup” your photos is to install Google Photos and One Drive on your iPhone!
Google and MS don’t charge as much as Apple for storage, and you probably need you need to pay beyond the free limits, but it’s not a huge expense.
Once your installed Google Photos and One Drive on your iPhone, just tell the apps to sync all your photos all the time!
Now I appreciate that isn’t for everyone.
But it works, is reliable, and requires no technical knowledge of running your own service.
The other thing to do is setup a Mac that synchs all your iCloud data, One Drive documents and Google Drive.
Then back up that device with Backblaze.
This gets expensive as a Mac with decent levels of storage isn’t cheap!
I live in fear everyday or my primary Apple and Google accounts getting locked!
I’ve had accounts since day one of iTools and very shortly after Gmail launched….
The issue with OneDrive is that it doesn’t store metadata like the photo location, its damn near useless. But I do pay for storage for Google Photos and iCloud.
If you take all of your photos from your phone, you don’t need your Mac at all. Google Photos will sync directly.
I wouldn’t use BackBlaze (the $7 a month service). It doesn’t support NAS at all and it has to phone home every 30 days or it will erase anything that is stored on external drive.
I would use an app that backs up to their B2 service.
I personally just use my personal AWS account to back up my Plex media and just use the AWS s3 sync command using the AWS CLI and store everything in S3 Deep Archive. It’s less than $2 a month for 2TB.
Backblaze doesn’t erase after 30 days… I’ve had a computer be offline from it for several months and it still retained all data. And you can use the backblaze docker container to run on a NAS, much much much cheaper than B2.
Wasabi is much cheaper than AWS as well.
Finally the best solution for backing up your iCloud Photos is definitely Immich. Set it up on your own NAS or a VPS, back up to that, and then back up that server to an S3 storage using rsync or restic. I’ll note that I still backup to Backblaze because its so dang cheap.
I spent months trying to find the best setup a few months ago and this is by far the cheapest.
But still, this shouldn’t be required for normal people. They should get what they pay for.
> It has to phone home every 30 days or it will erase anything that is stored on an external drive
It’s actually more nuanced. It will back up files on a USB attached drive. If it doesn’t see the drive attached for 30 days, it will erase the backup.
If you have your computer off for more than 30 days and you bring your computer back on and the USB drive isn’t attached when it connects to BackBlaze, it will erase it.
Yeah I’m not going to trust my storage to Wasabi.
AWS S3 Glacier Deep Archive is $1 a month.
> AWS S3 Glacier Deep Archive is $1 a month.
Only if you’re backing up nothing and using non-encrypted files and making sure you don’t delete anything (rsync with delete turned off). I tested this not even three months ago. I hit $30 with only 3 tb of data with deep archive while wasabi AND backblaze cost less than that. No need to even trust a single provider. If you’re never changing your files AND you don’t care about encrypting them then yes GDA is fine and pretty cheap. Otherwise wasabi and backblaze get more done for less cost.
I meant a $1 a month per TB for AWS S3 Glacier Deep Archive That was my bad.
I am definitely a fan of B2.
I run Arq Backup automatically in the background.
It copy Photos, iCloud files and my mails once every days to S3 with incremental backups.
It requires to have a full copy locally.
Works great!
It is not hard to configure once, with the proper folders and settings.
> It requires to have a full copy locally.
yeah that's the thing. When my iPhotos library exceeded 1TB I lost the ability to store the full local copies. Since then, iCloud itself has been the sole source.
Looks like there's some decent, reasonably priced apps to handle this like https://apps.apple.com/us/app/parachute-backup/id6748614170?... (no affiliation)
I recently rebuilt my home server as an unraid machine. Currently it’s mainly torrents and a Minecraft server but it’s got 10tb of locally redundant storage with a sightline to scale that to around 24tb, so it would be a logical place to store a full gphotos copy.
You can request an archive of all your data (including photos and drive) in 25gb chunks.
https://support.apple.com/en-us/102208
Thanks, I have the same problem and need to do something about it.
I wonder if it can calculate (estimate) how big of an external disk I'll need. My wife and I each have 40-50k photos and a few thousand videos in iCloud Photos.
If you want to truly save your photos, make backups of the locals and put it in your safe deposit box at the bank. Or alternatively, at a trusted friend/relative's house.
Even doing this yearly can save the immense sadness of lost memories. And of course, this works for emails, and everything else.
If you encrypt it, make sure you use a method not tied to any external service, or the machine you're on. I don't use Apple, yet I suspect that an encrypted external backup might be tied to your Apple ID, or some such, because that's how the world flies today.
Yeah, the plan would be external disk -> offsite storage.
I wouldn't bother to encrypt, it's just family photos and I wouldn't want to complicate restores. Especially if it was my wife who eventually needed to use it.
To anyone who reads it: actually A HARD FISK, not a pendrive/SSD
On my iPhone, I can see the size of my iCloud photo backups. Settings -> Apple Account -> iCloud -> Storage.
Weirdly, that number is different than Immich’s estimate of my photo library (95 GB vs 150 GB), but perhaps good enough to get you in the ballpark.
Oh yes, of course. Thank you. 422 GB. Looks like my wife has slightly more.
10TB external harddrives are relatively affordable.
I run a Synology NAS with a docker container that periodically downloads new iCloud Photos to a local directory.
this? https://github.com/boredazfcuk/docker-icloudpd
seems pretty high touch. A lot of hoop-jumping if you don't have a mac in the middle
Thanks. I had no idea something like that existed.
How do we know using such a tool won’t trigger an account lockout? How ironic would that be.
No idea if it’ll trigger a lockout, but if it does at least I have a copy of my photos already.
Been running it for a couple years without issue. But yes your milage may vary.
Yeah that’s the one.
I do have a Mac so it didn’t seem difficult to me, but I accept it will be for those that don’t.
immich is an extremely polished, FOSS alternative to google/apple photos. It's an investment, but a 4 bay NAS running immich should do nicely. Additionally I backup snapshots to Backblaze B2 via restic which runs another $5/TB
For me personally Immich is a non-starter because its not end-to-end encrypted.
It runs on your own hardware. There is nobody else who has access to unencrypted data.
Storage vps are cheap. Why would I have to run it in my own house?
:)
Why would you need it to be end to end encrypted anyway? You’re running it. Set it to only upload photos when you’re on your home network and you’re fine. Or fork it and make a PR and make it e2e encrypted.
You can’t just “fork it and make a PR and make it e2e encrypted”. All the features run serverside, e2ee is fundamentally impossible because of its design, of which you seem to know fuck all.
I’m being dismissed by I run a rather large homelab and I still want my photos iCloud like, where end devices decrypt and run ML. Immich is a Google Photos clone where you give it everything and some server does all the magic.
What are you talking about. It’s literally open source. Here’s the server code https://github.com/immich-app/immich/tree/main/server You run the server. You can make the entire thing e2e encrypted if you want.
You could even set it up so that it could only backup over tailscale or wireguard through a tunneled connection so ALL of your traffic is e2e.
> How are people handling this these days?
Syncthing is wonderful, and does a great job of syncing between an Android phone's photos/videos and a laptop. And if you have regular automated backups of the laptop, you'll have backups of the photos/videos too.
For an iPhone, perhaps you could use iTunes to sync to a computer and back up that computer.
sushtrain seems like the best option for syncthing at the moment. its a bit more polished than mobius. neither of them sync in the background but i think i remember seeing someone using shortcuts to open the sushitrain app every now and again to wake it up so it would sync
Sync to Dropbox -> Dropbox hourly & monthly backups to my NAS using Bvckup2.
(One of these days I’ll setup my NAS to backup offsite fo a #3 backup).
I know that others with Macbooks sync their whole library to their Macbook and then Time Machine to a NAS as their copy #2. Is this vulnerable to the problem in TFA?
I keep copies of any important stuff i need on my server, and in a few hard drives at my home. i don't use any "cloud".
Back in the iPhoto days I used to symlink the library to an external drive.
Not an iCloud user, but I use Immich on my NAS.
I simply manually periodically download everything to disk/software raid. Really important/sentimental stuff like baby photos and videos I have on DVD with par2s.
I ran into similar issues with Apple. They have a very tight leash on gift cards (likely due to an increase in frauds and scams involving them). And once gift cards get triggered for fraud, your purchase account, which is separate, gets disabled. It’s a giant headache because their support team varies widely in terms of training. Getting it resolved is extremely difficult as a result. I wouldn’t wish climbing out of that to my worst enemies.
Here’s my lesson from my own episode:
1) Create an entirely separate purchasing account for Apple hardwares and gift cards. Do not use it for anything else. Do not put this account in your family group. Save all receipts including all paper trails from your gift card purchases and trade-in’s. You will need this information to prove that they came from legitimate sources.
2) Make sure your kids’ accounts are not labeled under 13. It will be nearly impossible to keep those accounts if your account goes down because they need to be physically detached and moved to a different family group which is not possible if your account is nuked. Your family will lose access to all Apple services within 48 hours.
3) Think twice about relying on your iCloud. Once your account is nuked you will eventually be downgraded to free tier since you cannot pay for the services. Do at least one or two back ups per year from your iCloud. Yes, downloading pictures and videos will take a long time but it’s better than losing them. Also, if you use the Notes app on your iPhone, be aware that it’s not easy to backup and download them. Have a plan or use a different app.
4) Once you’re flagged, nearly everyone at Apple will treat you like a fraudster. I was even accused of trading in stolen goods to obtain my gift cards and needed to provide purchase receipts for my devices. So be prepared to have those conversations. A lot of us here have been Apple stans since 1980s. None of that will matter. They will treat you like a scammer. It hurts because you supported this company through some rough times when people laughed at you for that G3 Macbook Pro and your MS Office crashed ten times facing tight deadlines at work.
This is horrible and a big reason why I refuse to go “all in” on Apple, Google, or Microsoft (among other reasons). Apple is the one I’m closest to given my hardware, though.
Given how invested you are in the Apple ecosystem I can’t fathom why you would go get an Apple Gift Card from a store to do this kind of transaction, though. It wouldn’t even cross my mind to do it that way.
I can't wrap my head around that as well. Given OP's expertise and experience with technology, how was this option better than using a credit card.
Obviously I'm not claiming it was OP's mistake, that wouldn't make me any better than the guy who was telling people "you're holding it wrong™".
Yeah it seems odd, and if Apple won't tell him or do anything, it might be because they can't: such as circumstances of an active police investigation.
We are obviously not going to get a fuller idea about this situation from a blog post, and while I won't assume that the author has done anything wrong, there have been similar stories in the past where the affected individual was deliberately withholding the whole, much more illegal, story.
Presuming his innocence: What could have happened here is that the gift card he's purchased has been marked as part of a scam operation. Apple gift cards are frequently used for "tax bill" and "police fine" scams in Australia (where they are sold there is often signage informing people of that.) So potentially this person is accidentally roped into that.
Also it's not entirely unheard of to purchase gift cards for long-time users (who would normally just use their linked credit card), as the cards are often sold in the retail space with a 10% discount, or can be redeemed as rewards through points/loyalty schemes.
With all that said, at this point if he's not getting anywhere, he should approach a lawyer, as they'd be able to petition on his behalf (whether that is to Apple or to the state of Tasmania.)
It sounds like the gift card # is included as part of a police investigation (as you already know scams often use gift cards as payment) - which would explain Apple's inability to help you or provide information (because they would be required by the state not to.)
You should approach a lawyer to petition Apple and the Tasmanian police on your behalf.
If local backups were not so hard... It is sometimes impossible to back up an iPhone to a computer; yet seamless to backup to iCloud... Infer what you will. I am skeptical of over reliance and dependance on Apple more than ever. Unfortunately, interoperability is something we can wish for rather than expect.
This just makes me extremely concerned for the iCloud transition I’ve been making. It shouldn’t be this easy to perform a user-disruptive action from the support/ops side. I would think they’d have visibility to some sort of “reputation” metric, given the age/purchase history etc even if anonymized.
I can understand this happening if it was a freshly created account topped up with a sus gift card but it’s unacceptable that the first action is to completely block an account with history.
Even more concerning is the nonchalant support response to “go create a new one” with emojis. C’mon Apple — this is just a terrible way to respond to this situation.
This sucks Paris. What hope does the normal joe have to get a fair shake if you can't even get this resolved? The layers of click through contracts, opaque terms, LLM customer service, un-empowered customer service, and arbitration agreements make this a crazy relationship we get into with big tech. If we have a problem like this, we should be able to talk to a person at the company that can resolve this right without threatening a lawsuit. It's nuts.
I'm curious about the apple's passwords app. Where you able to use it? What about passkeys?
Send this in an e-mail to tcook@apple.com. He has a team that reads for stuff like this and can magically fix issues.
I've had to do it before, also for a gift-card-related problem (different from yours), and I was contacted by a member of the Apple executive escalations team a couple days later.
Care you write it down somewhere and share it?
I imagine it could be helpful to other people in the same situation.
It's been done, a few days ago. Nothing yet, but here's hoping.
Good. Don't be afraid to follow up if they drag their feet. Be respectful but persistent. I'm sorry this is happening to you. It's a shitty feeling.
I don't see stories anymore from this working. Back when it was under Jobs, there were more concessions from his team operating the account. And maybe in the early Cook years. Apple has trimmed a lot of fat.
I did read about part of the product development org having a standup about trending social media cases, and prioritizing followup on items that were under public scrutiny.
Mine happened earlier this year, FWIW.
Believe me, I have no desire to defend Apple. Their behavior absolutely sucks. I just want a good resolution for the author of this blog post.
I have a friend who did this last year after he had a poor support experience with AppleCare for his Apple Watch and he got a call from Executive support early the next morning
Good to know. They certainly don't care for emails about my dead AirPods Max (flex cable designed to fail after enough rotations back and forth)
Maybe events like this will be a wake up call to our community. Virtually everyone around me uses Apple everything - colleagues, friends, family. And they find it weird when I say I don't use Apple out of principle and I even have to justify it.
"Many of the reps I’ve spoken to have suggested strange things, one of the strangest was telling me that I could physically go to Apple’s Australian HQ at Level 3, 20 Martin Place, Sydney, and plead my case."
This does not seem strange to me and could be a course of action. When I moved my domains off Google because of this type of "banned without recourse" possibility, I found a registrar that had a physical address, small office, and people listed on the company website (porkbun) so in the worse case I could fly to the office and straighten things out.
No mention of even going to an Apple store. Maybe the nearest one is very far away from him?
If I were the person at Apple in charge of this kind of matter, I would ignore this case, just as I do for other regular people. Everyone should be equally not cared for by Apple. That's how Apple sucks in a way I can accept myself still using their product.
Agreed.
If the only way to get your digital property back is a public plea to your Lord, that's called feudalism. Everyone should be treated fairly, not only those who can get their public pleas heard.
You just made it clear to me why I felt not resonated and a bit uncomfortable reading that article, despite I thought I should be. Because what I want to see is something straight like "fuck you Apple", not a begging and emphasis on how much the author has contributed to the megacorp.
One lesson I'm taking away from this is never to buy or use Apple gift cards
Last time I had this problem, I got it fixed after applying for and accepting a job at Apple.
This seems to happen quite often. Not just with Apple, but also with Google. In spite of this obviously insane behaviour, EU governments want to rely on Apple and Google for smartphone-based electronic government IDs.
I upvoted this for visibility but if you put your entire digital life in the hands of any of these tech companies and store all your shit in the cloud with no local backups, you are at least as blameworthy as they are. I’m less surprised that Apple would do this than I am that somebody who is clearly tech savvy could be this stupid about tech.
Apple clearly has a problem. In recent months there have been a number of reports online of people getting locked out of their Apple ID/iCloud, the appeal getting denied, and Apple refusing to disclose why or reverse it. Generally those reports don’t relate to gift cards or developer accounts.
My father passed many moons ago, and the family wanted access to his icloud account and they did not have the password. This was a huge struggle. Finally, after weeks, we were able to reset the password, but only because we had access to the email he used. In retrospect, perhaps it is a good thing that Apple restricts access like this for privacy and security. But in this digital age there should be other mechanisms in scenarios like this. What if i wake up from a coma, and forgot all my passwords and have not recorded them physically anywhere ?
Off-topic and a stupid question: why does anything related to Apple attract so much attention on HN? As a newcomer, I assumed HN focused mostly on reverse engineering,retro computing, and deep technical topics.
Apple offers the most convenient computing experience available to mankind as of right now. That's why I care, at least. I love their products and services, but not so much when it fails (as in the authors case). That shit is scary.
Tech stopped being full of tech nerds when 10 weeks in a JavaScript boot camp and a few thousand lines of code in your personal GitHub would land you a $140k remote job.
Maybe now we will start seeing a reversion to the people in it for the passion.
I would not say your list is anything like complete, although those topics are often discussed here. Apple is a huge player in the general computing ecosystem, and probably a majority of front- and back-end developers these days work on macbooks, so it isn't surprising that the things they do resonate in this community.
HN hasn't focused on those topics in a long time, they rarely are on the front page. Skip the top 20 articles and you'll start to see some interesting content instead of all the VC & AI drivel.
Hackaday is a content aggregator site that usually has more content on these topics - https://hackaday.com
Or there are still some good old blogs out there with RSS feeds http://www.righto.com/ http://oldvcr.blogspot.com/ https://blog.ret2.io/
Only depend on platforms as redundancy. Never as primary source.
Break that discipline and you are exposing yourself to this danger.
Companies like apple should be liable to pay many millions in damages for this kind of shit. The people should make it hurt so much for them that they think twice before doing it without having a clear and working appeal process where you are clearly explained what happened and guided through it.
My son was just scammed out of $1000 using some gift card scam. Typically these gift cards cannot be revoked once issued and anyone using the gift cards (like the people who scammed my son) would be able to reap the rewards without any consequences. I’m hopeful that Apple has found a way to track fraudulent Apple Gift cards and are now locking people’s Apple ID who use them. I suspect there’s more to the story than is being shared. What’s the provenance of the original gift card? Could it have been obtained through some not 100% above board means?
From other comments explaining the kind of scams running at the moment, one possible scenario is that the card may have been taken, tampered with by a scammer (and the code recorded), and then placed back in the supermarket, with the scammer waiting until the OP purchased it and it was activated at the checkout.
Perhaps between the scammer redeeming it and the poster then trying to redeem by entering the same code, the scammer’s account was flagged and then the OP’s account terminated along with the scammer for using the same code (even though the OP had done nothing wrong).
The card was purchased from a major brick-and-mortar retailer (Australians, think Woolworths scale; Americans, think Walmart scale)
The emojis in the support chat are insane.
Why in the hell were they using "relieved face" after telling OP to say goodbye to their 20yo account and create a new one to "solve" the issue?
It makes me so mad, that's insane!
https://unicode.org/emoji/charts/full-emoji-list.html#1f60c
"I've lost 25k+, my account and my documents"
"I understand, relieved face"
Literal psychopath reply.
hopefully he’ll get resolution by bringing his case to the “media”. Still, for someone who heavily presents the argument that he’s a professional writer and even says “I am asking for a human at Apple to review this case.” , I find it odd that he tries to make his case via an obviously ai-written post.
I mean, isn't writing what you said you do for a living?
I imagine that every "should have known better" respondent on this thread has internalized their abuse.
Why in the world do we let tech companies adjudicate our service relations?
It's more of an 'is' thing rather than an 'ought'
Out of curiosity, why did you buy and redeem such a large gift card instead of paying directly? And was this a form of payment that was unusual in light of your account history?
It’s common in Australia for retailers to offer discounts or reward points for gift cards.
https://www.ozbargain.com.au/product/apple-gift-card
I have similar questions. At the scale Apple operates I'm sure mistakes are made all the time, but often it feels like there is something missing when these types of stories pop up. I have had support from Apple before and they went out of their way to help me, supervisors doing research and calling me back for example. How Apple stonewalled here makes it seem like it was more than a single large gift card that caused the issue.
Back in 2015, I traveled to the US and wanted to buy a Macbook Pro at the Apple Store. The configuration I wanted wasn’t available in Apple Stores, and I couldn’t buy it online because at that point there was some limitation in the online store like they only took US credit cards, or something.
At the Apple Store, the employees suggestion (a more senior one, who was consulted) was to buy a gift card for the computer’s cost (~$1500) and pay at the online store with that. I didn’t do it because buying “virtual stuff” for that amount seemed crazy (this was a huge amount of money for me, at the time).
I prefer to keep it topped up like that. It's been the same for 20 years.
What’s the basis for your preference?
These retailers have a problem with gift card fraud.
Pretty infuriating to see those chatbot responses. (The emoji -- and the particular choice of emoji -- were a very clear tell.)
Take it to your state or territory tribunal ASAP. You might be able to take it to the courts and get temporary injunctive relief.
Just curious if the account owner is still able to access their passkeys stored on their Apple device at the moment.
Not too keen on passkeys without an easy way to backup.
Same goes with sign in with Google and Apple.
Buy two Yubikeys and save your passkeys there if you would
Do Yubikeys even work with iPhone? Besides, if the account is locked, how would that help? The issue isn't a forgotten passcode or passkey.
Yes they work with iPhone
My condolences. I don't have any advice, but you may be able to learn something from my very similar experience.
https://skogsbrus.xyz/dont-put-all-your-apples-in-one-basket...
Probably worth reading Doctorow's "Scroogled": https://craphound.com/scroogled.html
Centralization of power in unaccountable organizations has always been a recipe for disaster.
I could suggest some slogans:
"Apple. Not even once."
"Friends don't let friends use Apple."
But I think this is a problem that merits more than slogans.
This happened to me really early on when my original Apple ID had an invalid format, as it was an ID made prior to the current version of Apple ID everyone uses, and Apple refused to port what I owned to the ID that I was forced to generate to sign into my newer device. My old ID had software no longer available in App Store, so this wasn’t just a matter of needing to repurchase apps- they were taking away my ability to use applications I bought from them. Since then, I’ve been incredibly wary of losing my Apple ID. I have a lot of respect for Apple, but I would bet that it’s easier to deal with ID related problems for someone with Q level clearance in the U.S. government or even a non-existent Men In Black ID problem than to resolve a problem with an Apple ID. They probably would tell the almighty to get a new ID.
Most cases we see here do only lock the media side of accounts. It’s concerning this blocked the entire account.
Disabling iCloud seems like a gift. I wish I could just get rid of it all without any subsequent nagging every time I update/upgrade macOS.
Shouldn't these huge platform guys be mandated to offer data transfer-out service?
My thought. There should be a mandate to allow downloading all data on account closure from any service.
Remember, companies get away with these over the top behaviours cause it costs them nothing to have one less customer.
If this situation somehow escalates until they have to take action, they will already have made so much money that is not a blip.
They don’t care. You as an individual customer means absolutely nothing.
I do have an Apple ID, which was banned due to fraud and customer support couldn’t do anything about.
The thing is, that account was just used for dev. things for the US company, which builds/sells software for the US federal government (among the other US entities).
It would not be very wise to do fraud.
This happened to me as well with a secondary iCloud account, and I still have no idea what triggered the ban. Apple support said they couldn't reverse it. The account was on an old iPhone, and after the ban, it became impossible to log out, rendering the device e-waste overnight. I at least didn't have any valuable data in icloud. But that experience prompted me to stop using Apple products or any other device that requires an online account to function. Fortunately, since recent AMD APUs are quite capable, I sold my MacBook M2 Max and have happily returned to using x86_64 Linux. No more Apple in my life, ever.
If this person with all his Apple-centric work cannot get personal support from Apple, well then perhaps no one does get it anyway.
No way, if you have close ties to the Party, you'll get it, guaranteed.
I've shared your post with a friend at Apple.
In the past people have emailed Tim Cook directly - his email id is fairly easy to find.
Edit: "I have escalated this through my many friends in WWDR and SRE at Apple, with no success."
This doesn't bode well.
This comment should be among the top voted contributions to this submission for everyone to see.
WWDR stands for World-Wide Developer Relations and SRE stands for Site Reliability Engineering.
If Apple has the ability to do this, why don’t they just brick all devices in Russia?
While I understand the attraction of doing so, I’m not sure I like the implication in the post that the reason this needs to be reviewed is because of how loyal of a customer this person is, or the fact that they have written books on developing for Apple devices.
This is why I self host my blog. My email. This is why i try to stay away from the convenience of big tech. It is not the first time this happens and it will not be the last.
Well, you keep literally selling your own life to one immense American corporation and that's how you are treated.
Time to say bye to Apple and Google for good...
Wen thinking about risks from depending on the cloud, people fixate on the risk of losing data, when this kind of denial of access is a much more likely occurrence.
I've started on my de-appleification plan in earnest this year:
https://blog.majid.info/quit-apple/
This kind of Kafkaesque behaviour is what I've come to expect from any kind of online services. It's also why I won't use anything that cannot be setup offline.
Exactly for this reason I bought a NAS where I can backup all my photos that are normally saved directly into iCloud.
How utterly indifferent one needs to be to have no "VIP" support line for cases like this.
On the other hand, great learning case on putting eggs in one basket and on "own nothing and be happy".
I used to have an eBay account, and at some point, despite not having used it for a year or so, I got an email saying I was permanently banned from eBay.
No appeal, no reasons given, no possible way to create another account.
Just. Banned.
The companies need to be big enough to provide the amazing services they do, but once they are large enough they will never care about individuals.
My internal model of large companies is that they are intelligent, psychopathic aliens. The people in them are like cells in our body, important for the function, but with no agency, and they are not who you are dealing with.
You're dealing with the company, and it's an inhuman, psychopathic alien.
PayPal permanently blocked my account and all of its connected cards and bank accounts after I sent them my passport for some verification (I don't remember why). It was because a lifetime ago I had opened my PayPal account as a minor.
Has it been 12 months again already? That's about how often one of these stories come up. I guess some people don't learn.
Apple has over a billion users. Do you expect every single one of them to learn how to do backups, protect their purchase on iOS, etc.?
Yeah literally the exact same thing can happen on android and windows. The solution is regulation, not ridiculous solutions like telling billions of people to back up their own stuff.
What's your proposed regulation?
As of data (photos, contacts, files etc.), you should have rights to request all that for download. GDPR etc that grants you that.
> Support staff refused to tell me why the account was banned or provide specific details on the decision.
That‘s always the most kafkaesque part of these problems and should be illegal
The broken logic is that it will expose why the account was flagged, and thus, allow 'bad actors' to better navigate and bypass such flags.
Of course, this is absolutely silly and beyond absurd, for bad actors share information of forums, can deduce fairly easily, and even have help from people on staff.
Such actors typically know about detection and flagging methods within days of implementation. There's literally zero benefit to secrecy. None. Security through obscurity can be a beneficial additional layer, but it simply never helps here.
We really should pass a law requiring full disclosure of the precise method of banning. I can even see a 'trial' period, where accounts activated (and used!) for 3 months receive this benefit, but new accounts, or new + dormant accounts do not.
This should likely be coupled with mandated full refunds of phones or computers, as an example.
Note that this isn't a 'free' account we're talking about here. An Apple account, or a Google account is required to use an iphone or pixel in its default config, and all the features it entails. These accounts aren't free, they're part of purchase cost, and core-required.
(Even if it's a, for example, Samsung phone? It comes pre-installed, with uninstallable Google Play cruft, as part of an agreement with Samsung. Same conditions need apply here)
You can use an Android phone without a Google account.
Not for long. Android phones (with Google Play Services) will soon require some degree of authentication to sideload applications, once that happens then those phones will only have the barest of features available without a Google account.
For the average person, including buying apps, this simply isn't a reality.
And Google will now be throwing up massive "OMG! You're going to install an app that isn't from the Play Store?!" warnings to anyone that tries, including requiring some degree of technical skill to do so.
https://news.ycombinator.com/item?id=45908938
You can nitpick this, but the truth is my comments are about the average user, and from that perspective, factually accurate.
> That‘s always the most kafkaesque part of these problems and should be illegal
it is very likely illegal to tell him. it was triggered by the use of a gift card, and therefore very likely to be AML, and in many places (I am not sure about Australia specifically) it is illegal to provide information in the circumstances.
Usually if you get punished they have to tell you the crime you committed.
That seems like a dangerous loophole.
Imagine being banned from all online activities without any reason given.
Apple is no better than other Big Corps out there.
Perhaps the most annoying thing about this, certainly after getting traction on HN, is that his account will be reinstated....
...and then nothing. No sorry, no "here's what went wrong", no blog post to address the angry masses, no recognition, reconciliation, or reformation. Just things working again and silence.
This is a good post and I wish all the best to the author that someone from Apple can help resolve this. I will personally never use iCloud ever again because of this.
I went back to an MacBook pro M5, after being away from Apple for a year or 5 (Lenovo etc). I tried to re-enable my apple account but I had to wait 5(!) days to change the password. I ended up making another account.
It's a defence mechanism against account hijacking if someone has access to your phone number, linked to your account. Went through the same procedure to recover an account I haven't been using for a few years.
As someone using Linux to build web applications, I wonder what about the Apple ecosystem could make it worth to have such a Damocles’ sword hanging over me my whole life.
Am I missing something? My current perspective is that not only am I free of all the hassle that comes with building for a closed ecosystem, such as managing a developer account and using proprietary tools, it also comes with much harder distribution. I can put up a website with no wait time and everybody on planet earth can use it right away. So much nicer than having to go through all the hoops and limitations of an app store.
Honest question: Am I missing something? What would I get in return if I invested all the work to build for iOS or Mac?
Plenty of things do work better as a native application. Packaging is a pain across the board nowadays. Apple is pretty good, you pay a yearly fee if you want your executable signed and notorized, but they make it very hard to run without that (for the lay person). Windows can run apps without them being signed but it gives you hell and the signing process is awful and expensive. Linux can be a packaging nightmare.
What works better as a native application?
If you're full in Apple ecosystem, like my GF, you get:
- Shared clipboard across devices - Shared documents - Shared browser - Shared passwords - Free, quality office suite - Interoperable devices (use iPhone as camera on Mac, for example) - Payments across different devices (use clock to pay, for example, shared with your iPhone)
All of this with just one account without any third-party service.
And billion of things more, probably, I'm not a full Apple head.
Strange, I don't need any of that.
And when I hang out with people who ARE in Apple's ecosystem, to me it seems they struggle more to get things done than me.
Why would I want a shared clipboard across multiple devices?
And that website is hosted somewhere, you’re using several layers of network providers, the registrar has control over your domain, the copper in the ground most likely has an easement controlling access to it so your internet provider literally can just cut off access to you whenever they want, if you publish your apps to a registry the registry controls your apps as well.
There are so many companies that control access to every part of your life. Your argument is meaningless because it applies to _everything_.
A trustless society is not one that anyone should want to be a part of. Regulations exist for a reason.
Not wanting centralization under one company does not equal advocating for "trustless society".
All the things you mentioned (registrars, ISPs, registries, etc) have multiple alternative providers you can choose from. Get cut off from GCP, move to AWS. Get banned in Germany, VPS in Sweden. Domain registration revoked, get another domain.
Lose your Apple ID, and you're locked out of the entire Apple ecosystem, permanently, period.
Even if a US federal court ordered that you could never again legally access the internet, that would only be valid within the US, and you could legally and freely access it by going to any other country.
So in fact, rather than everything being equivalent to Apple's singular control, almost nothing is equivalent (really, only another company with a similarly closed ecosystem).
If aws decided to block your access to their ecosystem you would lose so so so much more than Apple blocking your access to theirs. If the US decided what you said, t1 networks would restrict your access across much of the planet.
Your logic makes no sense since you can easily switch to Google or whatever other smartphone providers there are (China has a bunch).
But of course those providers can also cut you off, so what I said still applies.
Nightmare.
The stories of online-only service failures are legion. And yet if you can get face to face support, even one person can do so much. The gap is infuriating.
I didn’t notice, do you have a Brick and Mortar Apple Store you can visit? I can’t help thinking this as I read the post.
Of course this is not a physical hardware issue. Where a store employee could just hand you, say, a new phone. This is on the level of getting a slot on Tim Cook’s day planner, though I imagine the person with the ability to fix this is an underling many levels down Cook on the org chart.
They'll probably reverse this soon, but it's an eye-opener for people who store their entire existence on 3rd party clouds. Nextcloud is your friend.
Just talk to a lawyer, have the lawyer send a letter, there is no need to bang head against CS for escalation
That "just" is doing a lot of heavy lifting. I'm not confident that this would prevent data loss and that it would act in a reasonable time scale.
Not necessarily, CS is just following some AML script here and will not deviate :)
I have had an apple id problem myself, for the past N years. Mine is an old mac.com account, which has my Gmail address as the backup email (and the primary one now that mac.com isn't doing email anymore). Because of this, I cannot sign up for a new account with my Gmail (it is tied to the older mac.com account).
I've managed to reset the password, but I must answer a security question to log in. I mean, I answered those security questions probably a decade ago and I do not know what they are anymore. You can reset your security questions, but to do that you need to use an iPhone (last one I owned was a 4) that is still logged in, or, answer a security question. Which is as we established, the problem.
So every couple of months I log in, try a few other possible answers, get them wrong, and get locked out for a bit.
Anyway, I need to get this fixed my march, due to apple being the formula one streamer in my country now, so I have to actually solve the problem of logging in to my apple account. Or, I guess, making another random email just so I can watch f1. Sigh.
But if anyone knows how to reset security questions, I'd love to know. I would way rather pay apple actual money than go back to torrenting the races.
It sounds like you unfortunately have gotten yourself kinda stuck, but I very much sympathize. I too have an account dating back to iTools, and for a long time it was a major frustration that I was stuck with that original email address as unchangeable for the Apple ID, unlike newer accounts. However, some time in the last, I dunno 3-5 years maybe? I can't remember now the exact time I noticed, but after over a decade of requests and fading hope Apple actually did allow me to change the email address for that Apple ID, which I shifted to my own domain. So for anyone else who hasn't checked in a long time, worth noting situation might be marginally better now.
Re: "mac.com isn't doing email anymore", all the original mac.com email addresses still work fine. Apple has played around with various domains (mac.com/me.com/icloud.com) over their decades of bumbling with online services but they made them all interchangeable for older users, mails to the original @mac.com emails still go through. Even originally made aliases (they allowed 5 with iTools) still work. Not sure what your issue was on that one.
Finally yeah, ""security"" questions are one of those horrible legacy anti-patterns that I will cheer to see finally be dead and buried. If you try to answer them honestly probably anyone can learn it with a bit of online searching, if you go for more obscure stuff they're easy to forget defeating the purpose. It's really best just to treat them as extra passwords, use random alphanumeric values and keep them in your password manager same as the password. Apple has also fumbled around with recovery over the years, at one point you had options to have a manual recovery key you could save but I think that's dead and can't set it up after already forgetting. Maybe if you go in person to a store with physical ID and evidence, if you had payment associated with the account and have that credit card for example that might do it.
If you have nothing of value tied to the account though probably no reason not to just abandon it.
It doesn't sound like you use your old Apple account. Why don't you abandon it and use a new one?
> making another random email
youremail+anystring@gmail.com will always redirect to youremail@gmail.com Before making a random email address, try using youremail+f1@gmail.com or something similar.
Add and verify another primary email address.
On a device: Settings > (iCloud user) > Sign-in & Security -> (+) {{name}}@gmail.com
If that doesn't work, then use the dot trick.. y.ourname@gmail.com = yourname@gmail.com.
If Apple doesn't have the sense to reply to this in a sensible manner then that company is in far worse shape than I thought.
lol prepare to be disappointed
It's one thing to lock someone's account so they can't make payments or whatever. It's another altogether to lock them out of accessing their own documents / photos / etc. That's just 100% unacceptable regardless of what triggered it. And even if they did have a valid reason to lock your account, at the very least it should be, "you have 7 days to download / clear out your documents".
Absolutely horrible black mark on Apple.
I'll be buying an external HDD to download all my photos / iCloud docs to. I've been too trusting.
Seems like we need to popularise proper guides on how to convert our iCloud storage using self-hosted solutions. It's a shame though.
It's hard to empathize with a technically-inclined person who uses cloud services for life-critical things.
Let's just hope more people read the story.
> It's hard to empathize
I will empathize with you then and with your inability to empathize with the fact that people are different. Some people don't want to admit to themselves that this world is a wolf eat sheep world, trust that if you're a law abiding citizen, you shouldn't expect to be unfairly treated. Some people have more priorities and no time to dwell on harshness. They also would love it if everything just worked and you didn't need to spend 2 months of your life to configure things and always have to DIY everything.
They're not like me and I accept that. I will never use Apple & Google Cloud for my personal things. But I will empathize for those who get unfair treatement from these companies.
The whole meaning of a society is that we look out for each other, these big corpos have lost the plot, but I will not.
It is supposed to be : I buy a service from you, I did nothing wrong, please treat me fairly and do actually deliver on what I paid for.
That we don't trust them isn't how it's supposed to be, I wish I didn't have to do all of these things I do to keep away from big corpos, but this isn't how it is supposed to be. We're supposed to have the ability to trust each other in a society.
I qualified with "technically-inclined". You can't avoid seeing stories like this (about Apple and Google) on a monthly basis if you read tech websites. It is a known risk, which needs to be managed. Failing to manage it to this extent, while also writing tech books, is just baffling.
Apple is clearly in the wrong, and I'm certain that there are thousands of similar cases that are less public. The author is one of the best-positioned people to know and understand that. I'm sure they'll also get their account back, unlike many others.
(I can empathize with the difficult decision they'll face after that: do they continue to promote Apple, or try to reinvent their career somehow?)
"Looking out for each other", in this case, implies telling the people you care about to have backups, and helping them set up. I do that, a lot. I'd try to also help with this plea, if I had any pull with Apple.
I don't understand the sections of your comment with the word "supposed" in them. Supposed by who, and on what basis? What paid-for service are Apple not delivering? I assume they don't charge the author anymore.
Do you also find it hard to emphasize with any kind of victim or only when it confirms your tech identity war beliefs?
You are so smart.
parisidau, I hope you get your account back.
you can in the meantime, and for the future, try compartmentalizing services you use. the old saying of "all eggs in one basket" applies here as well.
VPS, hard drives, etc. are cheap and keep you more in control of your own data than you're with big tech.
How do you that with Apple hardware that requires an AppleID to operate?
Is your advise to avoid all Apple hardware?
Or buy backup hardware none of which will run MacOS / iOS, so you still couldn't access things like your Apple Developer account, or any shared documents?
Are you not able to use them at all without an apple id? I have some older apple devices which I guess predate that
A painful reminder that Apple's service is subject to terms.
Incidentally, the guy's .paris domain name may be next unless you are a resident or have a business related to the region of of Ile-de-France
Sounds like something triggered a suspicious activity report. Not sure if it also applies to the likes of Apple but they’re forbidden from revealing any information about what caused it, etc with the customer or anyone.
Richard Stallman warned us about this.
those who laughed at him are waxing poetic about local backups at the moment
True nightmare :( hope to get resolved
The OP is Australian and I've been recently reading of this scam that they may have fell victim of: https://www.ozbargain.com.au/node/937339
A painful reminder that Apple's service is subject to terms.
Speaking of which, the guy's .paris domain name may be next unless he is a resident of Ile-de-France etc.......
I hope he learns, does backups and switches to hardware without walled garden baked in, without the company being the real owner of your belongings.
It's really difficult to give up the convenience of cloud-based accounts. It would be nice for regulators to step up and protect consumers when it comes to this kind of thing.
The real, foundational problem here is that we have abandoned the principles that made the internet. We don't care about open protocols, we accept walled gardens. Every day those walls get a little higher until eventually someone wins and the only thing that exists is the garden.
I don't know what the solution is, but I think part of it is deliberately divorcing yourself from the big players as much as you can, which isn't much for some people, and encouraging government efforts to break them up and pull down garden walls whenever the opportunity arises.
This is what government is for even if we've forgotten it in some places.
Wtf is this:
>I live on the land of the muwinina people. Sovereignty was never ceded.
Take this shit off your website.
Why? It's his website, he can put what he likes on it. Your rational is...?
you're mad that they're acknowledging stolen land?
Getting a special "notice me on social media (like HN)" fix won't actually fix the problem with using Apple's systems. It's just a temporary reprieve until some other aspect of their control of one's life breaks (by accident or indent).
This is disgusting and unconscionable conduct by Apple. Your whole life is locked into your account (digital data and physical devices), and they either don't care or don't have the processes in place to fix it.
This is the kind of thing they need to be sued on a massive scale for to solve but it's too rare and too expensive for anything to ever happen to them for it.
Given how Apple Music has completely fucked up my wife’s music collection, I can’t imagine them being able to unfuck your situation at all. So sorry.
Same story here. I'll never go back to Apple Music, even if only for streaming. I had hundreds of tracks and albums just demolished by something related to iTunes Match, didn't realize for months, and didn't have a solid backup system at the time.
oh man, I started with iTunes Match because that's the only service that I could use to backup all my MP3s, and now it's all messed up and so much music has just disappeared from my playlist... so sad.
Unfortunately I still don't know a service I can use that will allow me to sync my current MP3s / what I have in Apple Music, and export it if I need it. There's really an issue of owning data and being able to take it elsewhere :/
https://tidal.com ?
fwiw: when I've uploaded tracks I've purchased, it almost immediately locks them because they're copyrighted... because AFAICT it's a feature for independent musicians to upload their own stuff, not a library backup. all the text around it seems to support that interpretation.
What I've learned from all these disaster stories: have backups for everythig. I have an iCloud+ subscription but also a OneDrive subscription, photos are sync'ed to both storages. On gmail, I set up fwd for all emails to another email address (non-Google related) just in case. Of course you can't do this for every service but do it for the ones you can.
On a meta note, Fuck Apple, I'm so glad I didn't pursue an iOS developer career 10 years ago.
google locked my sister's account for some reason and we spent months trying to get it unlocked. no luck. fuckers.
I also got locked out of my Apple ID several years ago. I have the password but still can’t access it. I had to make a new one
I’d expect this crap from Google, but not Apple.
If this doesn’t get fixed, I’m going to have to rethink a lot of my digital life, including my company’s.
Email Tim Cook (serious)
I've been locked from my apple id for two *months*.
Even though I:
- had my recovery password
- re-confirmed the email
- re-confirmed my phone
They just kept telling me "we'll contact you in two weeks", and kept not following.
Then after the 4th recovery they sent me my recovery link on email (in any case weeks later).
Worst of all? Their privacy and security they keep repeating like propaganda are beyond bogus. Sure, they de-logged me from all of my accounts, that I appreciate, but I had 0 issues accessing all of the contents on my hard drive if I was a thief with a simple script in recovery mode I could still access everything. Where's the security? Propaganda only non-technical normies believe and then repeat.
I'm never ever buying Apple products ever in my life, I've got MBPs that my clients send me, but that's it.
This person has read literally dozens of stories just like theirs and just shrugged and said "couldn't be me".
Well, it can always be you.
Definitely a problem with a lot of developers, though I'm not sure if it's only a matter of having higher than average SES.
This kind of thing happens more often than people think. You trade convenience for blind trust and sometimes that trust gets revoked without warning. Whether it's Apple, Google or whoever’s "ecosystem" you live in if you don’t own your keys and data, you’re just a tenant who forgot the landlord doesn’t take calls.
"After nearly 30 years as a loyal customer"
I know this might sound cynical... But the author should really understand that Apple gives less than zero fcks about them. Apple is known (and, weirdly, loved) for being tyrannical in this sense. Apple is known for their "my way or the highway" approach to anything, without much explanation and with self-attributed "we're always right" attitude.
> The Damage: I effectively have over $30,000 worth of previously-active “bricked" hardware. My iPhone, iPad, Watch, and Macs cannot sync, update, or function properly. I have lost access to thousands of dollars in purchased software and media.
And that's why people complain about Apple's walled garden. Given the size of the damage I'd look into getting a lawyer involved, and possibly try and get Apple to court (in coerce them into being reasonable).
Frankly, I'm taking note of the archived page (https://archive.is/jrsLV) that I will reference to anybody that will ask why not to trust Apple in the future. Note that Google is also known for having a similar approach (there is no way to get support if something like this happens UNLESS you happen to know somebody inside google). Amazon on the other hand has made customer support one of its defining traits.
Btw if you are doing any decent amount of tech stuff, you should REALLY get off walled gardens and at the very least have an on-premise backup solution (an off-the-shelf nas with spinning disks could be a good starter solution).
The emojis are so passive-aggressive it's actually crazy.
While I can't help with extricating your data from the fruit factory's claws I do have a suggestion what to do next: get a 10-foot or 3 m pole and use it to distance yourself from them in the future. Self-host your data if possible, find a friend you trust who already self-hosts and see if you can hitch a ride, use some commercial service if necessary but don't allow yourself to get trapped within an 'ecosystem' again. If a company makes it extra hard to use things outside of their own control you should understand that they're not doing this for their users but to remain in control and maximise their chances of extracting as much from their captives as possible.
Don´t check in to Hotel Cupertino or soon you'll be singing along:
These online storage services like iCloud and Google Drive are, and always have been, a trap.
They feel convenient, but they will keep changing their TOS to disadvantage you further and further as time goes on.
Everything you upload is scanned into their AI to create a profile about you that they can then exploit (once again, to your disadvantage). They do it despite regulations against it (Who's to say what they're complying with, deep in their complex data centers? Who's gonna even check? And how?) This is why online services that take control of your data are such gold mines (subscription fees, analytics, profiling, etc). They get you coming and going.
And of course, the account terminations: The earthquakes and "natural disasters" of the online world that destroy lives with no consequence or care.
When your data is not in your sole possession, you own nothing.
I hope you get it back. I always had the mindset that if I am a paying customer that this type of situation is very unlikely. But you are literally a massive paying customer and you got hit. The truth is you are just a nobody even as a customer who has dumped thousands of dollars as a loyal supporter. Showing up on HackerNews is a positive thing as the only way to get any traction in these situations is either be famous and complain or your story going viral and someone with power seeing your plea. I worried about only having a physical copy of my family photos so started paying apple for some storage. This type of event worries me. Good reminder to have multiple backup solutions.
Oh yeah and it absolutely does away with bullshit of "If you're not paying you're the product" I'm sorry it doesn't work when these services, even free, are monopolies
You can have free services, you can have paid services but they ALL absolutely have to be answerable to the consumer
No idea if this has ever been tried, but a GDPR "subject access request" requires a company to hand over all the data they hold on you, which technically should include all your photos, media, messages and everything.
Now that this is on the Hacker News front page, surely Apple will be escalating this and provide a general solution, no?
Let's hope so...
“I never thought leopards would eat my face,”
[flagged]
I would like to think you're wrong, but if they fix this, you're possibly right. My career is built on Apple technologies. I don't love that I'm captured by a vendor, but I have a lot of knowledge, and building to that level elsewhere is hard.
I just want to keep using my stuff, and getting on with the fun things I get to work on. I don't have a strong attachment to Apple, I have a strong attachment to the familiar productivity I normally have.
Even if you helped and this is fixed, consider the privileged situation you are in to even get this fixed. Most "normal" people would be doomed to lose their entire digital life. Evangelizing for a Megacorp is dooming more people into willing incompetence and dependency.
Reconsider at least that part. You can work with and use their products (as I do at work with the GSuite or AWS) but I will never recommend or evangelize for them or rely on them with things I care about.
Totally agree.
I always knew Google and Facebook did this (let's make Oculus a Facebook requirement! oops now you're banned - genius, brilliant, all the people working there have an IQ of 600) but now the trifecta is complete
Seriously can we fucking have any products that work, in the 21st century
Or is the answer just "lol automation is cheaper"
Come on Apple do the right thing here. Surely there are some people from Apple reading this in the comments
Being a "loyal customer" to any giant corp is just making it extra convenient for them when they fuck you.. You need your stuff as files on a computer you actually control.
That emoji in the last pic felt like passive aggressiveness. I don’t have anything to say but it’s why I never put my eggs in one basket, and essential stuff are always backed up, but if your job is developing in an apple eco system and this scenario happens, it’s basically like getting fired and banned from working ever again!
If Apple engineers read this: I can't sign in into my iCloud account from my android phone, it just doesn't work, meaning I can't manage my subscription like HBO now that I switched to an android phone.
PS: My plan is to wait for Apple to release a folding iPhone to move back!
That reads as rewarding them for taking your account hostage
You can manage Apple subscriptions using your web browser (no Mac/iPhone needed). The subscription management page is:
https://account.apple.com/account/manage/section/subscriptio...