Not sure if it’s a valid data point or not. I manage 7 people’s Apple ID accounts. This has happened a few times including twice last night but only on the people who use the @icloud.com as their primary email address. Assume that is related to password guessing attacks. Both addresses are in public email leak databases.
Can only advise that you should have recovery contacts and a recovery key set up in case something goes wrong.
I’d say your guess is right - the accounts typically get locked because hacking groups are running attacks on lists of email addresses.
The email addresses ending in @icloud.com are scraped from a master list and the attack is directed to apple, while the custom domains are ignored because there is work involved in figuring out where those are hosted.
iCloud lets the user generate secondary email addresses, it’s better to use that and keep the login email address secret.
> If you decide to stop using a recovery key, follow the steps above on your device and turn off recovery key. When you do, you can use account recovery to regain access to your Apple ID.
But the "steps above" only describe how to turn it on, not off.
To this day, I still get random "Enter your password to continue using iCloud" push notifications on my iPhone with no relevant action to trigger such a notification.
My Apple ID uses a unique password, I keep a recovery key, I don't have its login credentials saved anywhere, and it's a dev account; so I have my LLC's DUNS number attached to it. My devices are the only ones listed in my settings portal.
I have no idea why I get these notifications, lol.
I got that prompt on all my apple devices a couple days ago. I just clicked Cancel on every one. The prompts stopped coming and everything seems to still work. I don't know whether there will be some ongoing problem with my AppleID that I'm not aware of yet, but so far so good.
I think he means, what causes apple to trigger those notifications. I don’t remember ever seeing that prompt, at least not without myself doing some action to trigger it.
I understand why people enjoy Apple products, but I will never understand why people defend the company when we all know, often through direct personal experience or the experience of someone we know, that the wealthiest company is the world has chosen to provide insultingly miserable customer support as a business decision.
I think it’s because the vast, vast majority of Apple users never need to deal with customer service, and those who do can usually go to the Apple Store and have a pretty good experience.
(Please don’t reply to this with your anecdotes about the time you had a bad experience at the Apple Store. I’m not saying they’re perfect. But these situations in the OP are rare.)
Just the fact that they operate in the real physical world is a huge benefit for a LOT of people who are trying to use technology they didn’t grow up with.
Putting the Genius Bar into widely accessible Apple Stores is a business decision meant to provide useful support, not insultingly miserable.
That said, not everyone needing support has access to a Genius Bar, and not every Genius Bar employee knows every possible answer to every possible question.
But, to claim they chose to be insulting is just mistaken.
Personally, the disconnect is all the excellent customer service I've received from Apple in the 21 years I've been using their products. This includes two repairs on nine computers, and one battery replacement on an old phone. And the time that a major point release of the OS got stuck moving around my homebrew directory and hung. That, and the butterfly keyboard that needed replacing, were annoying. But the customer service was first rate.
Apple is like a religion. An Apple user told me “Apple never makes mistakes” during the Antennagate. I never forgot that, and I try not to have conversations with Apple fans after that.
>An Apple user told me “Apple never makes mistakes” during the Antennagate. I never forgot that, and I try not to have conversations with Apple fans after that.
Someone made an absurd statement to you about Apple, so you have spent the last fourteen years trying to avoid conversations with people who like Apple products?
"Why are you, a single person, doubting the decision a trillion dollar company? Certainly they know best".
edit: Algolia for the win. Quick search [1] returned this pearl from 7 days ago [2]:
> What would you have them do? Sacrifice a trillion dollar business in token protest? You’re just a keyboard warrior with no point at all who would make the same choice and justify it the same way you imagine I do if you were ever in the position they are.
This sort of thing is present in every fandom, but Apple's is sort of legendary for how far it is willing to push it. This is rather evident even if you're just skimming through topical subreddits trying to find solution to some problem. It's very common to find a post that asks the exact question you have, followed by dozens of responses telling them that what they are trying to do is either impossible or unnecessary.
I'm using my own domain for e-mail, but obviously I need another e-mail for registrar, hoster, etc. I used to use gmail for that, but recently switched to icloud as I thought gmail is too dangerous with Google banning people around. Seems Apple's no better.
I have no idea how to untangle this dependency chain. I'm using registrar in my country, so if everything goes wrong, I can just contact them with my ID and hopefully fix things up, but I'd prefer to have 100% reliable e-mail in the first place.
The only thing you need to own is your primary email address and as long as that’s on a domain you own then you can move it. That’s about the only independence there is these days. If you use @icloud.com or @gmail.com for everything then you’re screwed.
You have to depend on someone somewhere. Just make that dependency less of an issue should anything show stopping happen.
Personally I’d like to see some legislation around identity providers and service levels and account retention.
I think vbezhenar's point was simply that the recovery e-mail at a registrar should not depend on a domain managed by that same registrar. The registrar can update MX records.
Yeah keep your email provider and iCloud provider separate. For password management, use something like 1Password, and you got your main “identities” separated. In case of losing access to either of them, the impact will be relatively contained.
As long as you can change your Mx records, it doesn’t matter who is hosting your email. If Apple had a problem, you could switch it to any other provider and request the reset email again, etc.
Many places will let you. Many more will let it forward to a new email address.
Anyone who published papers which included their academic email address will want it to persist forever. Paper publishing happens to be a special priority for many educational institutions.
I feel like these random behind the scenes issues happen a month or two before WWDC to give Apple the foundation they need to announce new services.
I had read Apple is switching the name AppleID to be Apple Account or something similar at WWDC. Me thinks they are quietly pushing code that somehow is causing this for people.
Maybe it’s an age of account issue or some other commonality.
I signed up for an at me account twenty years ago and still use that as my living and haven’t had issues. Maybe icloud.com users?
It happened to me last night! At that moment, I froze, thinking that somehow my password had leaked and someone was trying to brute-force my MFA. At the time, I was at a restaurant celebrating my son's birthday and couldn't change the password on my phone... So I just ignored it and when I got home, I changed the password on my MacBook without any trouble.
This morning, as a precaution, I changed all my important passwords.
I can only imagine the uproar if this was happening to the users of any other company. But it's pretty muted here with a lot of consideration given for apple rather hostility. Nice to see.
Happened to me today. First got the message on my computer that my location was unknown and needed to enter a code from the phone. By the end of it, I had to reset my Apple password. No idea why it happened.
Happened to me last night. I got a push notification on my watch that I needed to update my iCloud password. I thought that this isn't right, so I went to my phone and MacBook. Same thing, those devices said I needed to change my password. So I figured someone has my @iCloud email address and tried to login. I do have hardware keys setup, so wasn't terribly worried.
But none the less, I liked my old password and had to change to something else.
could be somewhat related, last week I had a successful login for my Apple ID from a location I didn't recognise (somewhere in central asia).
I noticed because I got a prompt on my phone, which requested I allow (or disallow) the access.
Since I'm pretty good about password hygiene and security, I of course changed my password immediately and force-signed out all my devices.
That being said: if someone has a password list and is using a bot to scan them all; Apple will of course lock-out sign-in attempts.
Not to say what they're doing is right, there's better ways to handle it. But if I were to apply very recent anecdotal data to this even then this is a meaningful conclusion I could draw.
I wonder if there’s a new leak out there with actually recent passwords we just haven’t heard of yet. If Apple got their hands on it and confirmed a significant number of passwords were active then taking drastic measures is their only option.
I've seen a few posts by users claiming to use randomly generated unique passwords. If that's true then it could be a leak from apple. On the other hand it could also be that it's not and the security response team is catching users not on that leaked list due to unrefined heuristics.
On the third hand it is an apple leak, they've been given a sample list by whoever is ransoming them so they've enacted overly strict heuristics that apply to everyone.
How could it work? It would seem the business would need to have some agreement or side channel with Google/Apple/Microsoft to bypass the issue. Something like "we will pay you $Amount/year to let us reset any agreed upon account". Then collect a monthly fee from the users to subsidize the expense.
Insurance, not fixing service. They'd collect enough data on signing the policy to be able to independently verify your ownership of the account, and in case the account gets locked in the future, you'll get an insurance payout to help you cope with the damage. Not that different from order kinds of property insurance.
Ah that makes sense, thanks for clarifying. It would be cool though - subsidize for some dedicated account "unlock/fix/repair" team at $CORP. They get paid a bunch to sit around and wait for incoming tickets, then actually help out versus stonewalling the user like Google does.
We need to get a legal advocacy group started for dealing with digital rights (EFF isn't getting it done with consumer rights). A couple of well-funded lawsuits on behalf of wronged users will fix this with all of the vendors. This kind of thing should never happen.
This makes me want to minimize my touchpoints with any of any cloud services of the hardware I purchase to ensure I can't be locked out of my life for 18-24 hours.
|
Some people have to take care of critical dependants. I don't exist and serve at the pleasure and convenience of any aspiring digital identity provider. I actually never wanted any of them to be my digital identity.
What's convenient may also be a bigger security gap and impact than many ppl realize.
The recent threads about PalmOS phones seem timely in hindsight. With Palm devices, you installed apps yourself with a sync cable to your computer, and there was no convenient app store, no one could lock you out of your smart phone and your life. Maybe that's an option that should come back. iTunes used to backup and sync just fine.
If there's no real acknowledgement or detailed coming out about this, it's very possible it's a cybersecurity incident of some kind that is serious enough. And it's not just an Apple thing. This has or will happen with every digital identity provider.
There's no one to really pick the phone or answer an email at google or apple when it comes to your digital identity that they want to be holders and providers of.. At least with the government there's a DMV or registry to go to.
I have had iPhones for more than a decade, and I never leveraged any "feature" of having an Apple ID on any of them.
I've never bought an app or spent money on one, and I don't use iCloud, so the Apple ID for me is literally just a gateway to downloading free apps that I can always redownload with another one.
If your device is associated with the "Find my Mac" "Find my iPhone" stuff, losing your Apple ID is the same as possibly (only possibly because you can still have user accounts with separate passwords and use the OS, but there will be limitations) bricking your device.
You can't even wipe the hard drive and reinstall macOS without access to the associated Apple ID. This is a good measure to dissuade thieves from wanting to steal Apple devices, but it is a terrible measure from the point of view of a user who has lost their ID.
>If your device is associated with the "Find my Mac" "Find my iPhone"
I said "if your device".
**IF**
Is it difficult to understand?
If it isn't associated (with "find my" turned on) there's no issue.
If it is, and you lose your apple ID, you are SOL. Turning on "find my" with an associated apple ID is the same as making Apple the only entity that can truly control and own your computer. You can no longer reinstall macOS without your apple ID if there's an issue.
Without being signed into an AppleID you cannot install free apps either.
And if you install then sign out, you're also blocked from updating the free apps.
Apple support is useless. My partner lost her phone with AppleCare loss & damage coverage. She hadn't synced to iCloud in quite a while, so she delayed reporting it lost/stolen (as that flow wipes the phone). After ~4 months she gave up on finding it, and reported it stolen.
This started a Kafkaesque process where the Apple site for reporting your phone lost and initiating a claim with AIG failed to work because the phone had been lost for more than 3 months. Support was useless, they pointed the finger at AIG. AIG pointed the finger right back. Several escalations further and 6 months later, we still have no replacement phone.
I just checked the terms and conditions for AppleCare+ with theft protection, and it it states:
"IX. DUTIES IN THE EVENT OF LOSS
You must report the Loss promptly to Our Authorized Representative not later
than sixty (60) days from the Date of Loss. If You do not report the Loss within
sixty (60) days, You will have forfeited Your claim."
Hmm I used to get kicked out regularly (like 3 times per month) out of my apple login before i enabled 2FA. It completely stopped after. I assumed they were fraudulent login attempts.
This does look more like a glitch on their side though...
One of the things that helped push me away from Apple was the crazy circles the ID system would have me going around in. It's been too long to remember the details but it was madness.
Couldn't see older photos/videos in the Photo app.
Reminder for any iOS user that needs instant iCloud Photos backups (instead of manual monthly), get a Mac Mini, enable the Photos app, disable optimize for storage and keep it on to keep your memories safe.
Always check the recently deleted folder on the Mac every month since iCloud by design is a two-way sync and not a backup, unlike most clouds that are one-way upload (doesn't touch your local files).
Cold storage backup every month using the photos on the Mac should be easier as well.
While that might be Apple's "official" solution, there's a major caveat: the Photos app doesn't support storing the Photos library on a networked disk. This forces you to either fit your entire library on your Mac's internal storage or use a directly connected external disk with no network involved.
To overcome this limitation, I developed a MacOS app that creates a full backup of your Photos library. You can safely store this backup on any external storage like a NAS, network drive, internal disk, or external disk. Check it out here: https://ibeni.net
Compared to the "iCloud Photos Downloader," which scrapes data from iCloud, my app uses the official Apple Photokit APIs to back up your photos. This method is more reliable and efficient.
That’s part of the reason I always opt for the highest possible storage on my main MacBook whenever upgrading - to set Optimize=off for Photos and iCloud. Last upgrade was the 8TB M1. And then I connect that to a local NAS Time Machine backup every few days.
I've recently had the same issue but with my Google accounts. I had to get a new Phone number just to get the account back and then it got disabled again. Not much is on that account. I just casually used it for signing into websites or services that I just wanted to try out and also for having separate subscription list for youtube & watching some gaming/movie/music videos that I don't want to be recommended on my main account. Now I'm worried that my other accounts might get suspended out of the blue. What is going on? I'm already degoogled and use custom domain. I don't even block ads on Youtube. I want to support the content creators. That's why I still even use them to watch videos. Is it finally time to move on to custom youtube frontend?? But if this happens to Apple accounts too, I can't just deApple. This is concerning. I didn't lose much from that incident but I recommend everyone to make a backup of your important stuff now!!!!
It’s happened with Google too. The use of these huge companies as ID providers is not a great idea, especially given that they practically have no tech support.
Apple will let you talk to a human I guess but you have to make an appointment. Google I have no idea.
I wish there was a crowdsourced site, similar to Down Detector, that tried to estimate how common these issues are.
In particular, an attempt to normalize the data to stave off reporting biases you get when reading the comments section in HN, Reddit, etc.
It feels like medical conditions… without statistics, there’s just too many of them to be fearful of. Not that this issue isn’t worth criticism and discussion. But I can’t tell if I really ought to care personally right now or not. Life’s just a wee bit too short to act on every report.
I'm so glad I recently made the decision to leave the Apple ecosystem. I'm fed up paying a large premium for a lot of expensive marketing.
Apple HomeKit has completely busted for me. I've done hard resets of all TVs + HomePods 4 times, tried 5GHz and 2.2GHz....no difference. It's Apple's problem - clearly with either their latest OS versions and/or their cloud. I just had to replace a TV remote that didn't even last a year.
Anyone want to buy a MBP, iPhone 8, iPhone 12, iPad, 5 HomePods and an Apple TV...? :)
Sometimes HomeKit will pick the lowest power device to be the hub causing everything to stop working. The only fix is to find out which device that is and power cycle it.
Posted just 19 hrs ago, has 478 comments and 675 points at the time of writing this, and already relegated to the third page. This site sure has some whacky algorithms!
Then I believe it's slightly better to use a non-iCloud.com emails as iCloud accounts. At least one less reason in the scheme of single point Apple ID failure.
One frustrating thing about Apple is that if you try to get help, there isn’t really any way to do it. There isn’t any way to open a real support ticket that will be seen by an engineering team there. The store staff can only do basic things. And if you go to their forums, you will get bot-like responses telling you to follow some useless generic steps that do nothing for your specific problem, or weird replies justifying some obviously incorrect thing with an Apple product like asking why you would even want to do whatever you’re trying to do. I am not even sure who those people are that troll those Apple forums and serve as Apple apologists - like if they are employees of Apple or random users - but they are completely useless and basically deter anyone from seeking help in the first place.
It is staggering that a company this big has nonexistent support and I think given the decline in their quality over the years, this will become a bigger and bigger problem. Unfortunately for most people the alternative is Windows, where Microsoft is abusing their monopolistic market power to shove ads and their services everyhwere.
We really need new antitrust laws to break up these companies and support fair competition, and we also need regulations to reign in the biggest technology companies.
Not trying to excuse their behavior, but my best friend and roommate was a part time phone support in college so I learned a few tricks…
1. They get a lot of dumb questions. If you want a “talk to an engineer” bug report, you really need to prove competency to the support staff. Obviously be nice because they’re not the source of your problems they’re just trying to do their job.
2. Chat staff aren’t able to do much, phone staff have more power and insight. Chat staff can’t see your account, can’t issue pity refunds, can’t make choices outside of the generic script. You should call during US business hours if you’re trying to call the US support. Best case scenario is finding a college student.
3. They’re required to have you follow the generic published help scripts first. If you pull up the webpage and directly tell staff you followed each step - then read them the steps for proof you know them - they’ll often be able to just to the “custom help” portion.
4. If you make any reference to the TOS/Laws/etc they will mark your account as troubled and you will never get service again. You get legal canned responses only. They seem you not a valuable customer anymore. Don’t reference warranty law, definitely don’t threaten to sue, etc.
5. They can see how many apple products you have registered, how much you spend, etc and the customer service agent can decide how generous to be. If you only own a 5yo iPhone, and you’re contacting support claiming the screen magically broke in your sleep they won’t help. If you’ve upgraded every iPhone in your house every year for a decade, they might be nice when it “magically breaks on its own”.
6. They have minimal training outside of the above mentioned docs. Again, the phone staff has better training. They have common devices in front of them, and if you can get someone sympathetic on the phone, they might try to reproduce it live. That’s the golden ticket to a bug report.
>4. If you make any reference to the TOS/Laws/etc they will mark your account as troubled and you will never get service again. You get legal canned responses only. They seem you not a valuable customer anymore. Don’t reference warranty law, definitely don’t threaten to sue, etc.
This is problematic. They'll be happy to parrot out whatever TOS section you violated if you get banned under TOS, but completely stonewall you if you bring it up?
In situations like these, I draw analogy to a hypothetical legal system that does the same thing. Imagine that you are defending yourself in a court of law, and you bring up a specific legal code in your defense. The court then brickwalls you and assumes you are a bad actor, and you get thrown in jail. I know the analogy isn't perfect, but none are.
I assume the intent (right or wrong) is that they don’t want to deputize phone staff to deal with “legal” issues. They’re not lawyers, so if you make it a law issue, they’ll move you to a law support. But a big company won’t actually have a lawyer argue over the phone - lawyers like “courts or quiet” policies.
The main problem is all the kooks who will dispute an overdue payment by citing the Constitution, the Flag Code, and the Magna Carta. You can’t have support staff engaging with these people.
For a non-business user, the situation with support (or rather lack thereof) is pretty much the same across Microsoft/Google/Apple. It's amazing that this is even legal, especially when it comes to account suspension/recovery.
Can't you go to an Apple Store? Every time I see some customers seem to have a problem around Apple ID and such and staff helping. The opposite of Google, Microsoft etc. And there is a recovery process for Apple ID if you don't use a recovery key (and I guess if you have some government ID or such).
A couple of times in the last years I called them and they were helpful, but my issues were hardware so can't speak for Apple ID related stuff. When you schedule a call in the gui there are options for software troubles I recall though.
The way it works is you request the call to any number or you can eg. request a text chat. If you have no access to any phone anywhere then it sounds like bricked iphone (which this "lockout" doesn't do) is a relatively small problem for you
Hah. You expect that calling a store - after you get through the phone tree that gets you to the actual store, that someone at the store is going to sit down and start providing you customer support? No, they're going to tell you to make a Genius appointment, or go to the web, or their support number. They're not going to take time off of the floor, and if they do transfer you to the Genius bar, you've got 3-5 minutes, if that, to get an answer, before they too, do the same thing.
The idea that a sales person in an Apple store is taking 20 minutes or more off the floor to provide some random caller tech support when they don't have any of the tooling around it, can't see your account, very little if any access to support databases, let alone account manipulation, is laughable. Apple does a lot of things. This isn't one of them.
Happened to me too with apple music in November 23.
They just deleted my account with my playlists and listening history. Even support couldn't tell me why after countless calls and emails.
This implicitly canceled my yearly subscription and refunded only a small part after I requested it.
I learned my lesson about Apple.
Take it as a lesson about SaaS and closed ecosystems in general not just Apple.
Any dependencies on 3rd parties can be broken at any time without recourse be that Steam, Amazon, Google, Facebook, Apple, or less obvious services on smart devices.
Difficult to avoid though for some cases like streaming.
Fortunately I had a backup of my playlists. Still annoying. I wonder if those kinds of things happen with spotify as well. Because once your subscription ends you're only relegated to a free account, not deleted.
I had Apple Music back in 2018. Unsubbed and never used the app till March 2024 when I got a free trial. It had my complete playlists and history from then.
Sounds like a lie everything disappeared after 3 months
That's interesting! Before the disaster was also my second subscription. Now that you say it, some data was left. Not the playlists but some listening history. Might be that they only delete the iTunes-related stuff.
Maybe if I subscribed again, there still would be something. But I won't.
The support person on the phone also told me that everything gets deleted once the subscription ends, even when it's by mistake. Which seems to have been the case with me.
Not exactly what's outlined in the article, but earlier this week I encountered an issue where I couldn't log into my laptop despite entering the correct password (it kept showing 'wrong password' errors). I managed to reset the password using the recovery feature through my Apple ID, but it was still unsettling.
Scary indeed. I tried it just now, after I saw the headline, and I could log into iCloud. But then, I have 2FA activated on my account and Safari uses Sign in with Apple to log in. Or maybe whatever problem it was has been fixed by now.
I got locked out my apple account the other day while trying to login to webmail - thankfully I was able to just unlock it again by reseting my password using my iphone. Kinda terrifying.
I'm glad this is news, because it means I was probably affected by a mistake and not a specific attack. Nonetheless you can't go spooking your users like this.
yeah this happened to me yesterday! i can still get in with passkey on my iphone but im dreading needing to go to apple store and tell them that i have been progressively getting logged out of my normal couple apple devices
This is exactly what CloudFlare and Google have been doing for a while. i meet so many tech illiterate people who "can't log in to the internet" because of some discouraging CAPTCHA or because Gmail decided that even though they knew their passwords, a phone number they haven't used in 2 years (and has probably been reallocated to someone else) is a better proof of identity.
It's a shame it's even legal to discriminate people's browsers based on shady stats and not actual abuse.
Because HN loves to complain about this, I get to repeat it as always. Enroll a real 2fa (totp, security key, passkey) on your account and you will not face any of these issues. There's a reason they do this for insecure accounts and an easy way to avoid it.
I've logged into years-dormant Gmail accounts, from small towns in Mexico on a $2usd Mexican SIM and google has not even batted an eye.
It would be really awesome if Google would kindly tell them so they could have an opportunity to fix the issue and reactivate their account, instead of hard-locking them out with no recourse.
It's not like people are encouraged to keep their valuable data with these companies, only to lose the ai-fraud-detection lottery.
That's very unlikely. If you talk to anyone working in a public library or a local non-profit assisting elderly/homeless people, you will notice these issues are systemic and not isolated cases. From the cases i would see first hand, nothing would suggest that they had been compromised in any way.
Same here in AU, this happened to me about 8 hours ago. Standard reset procedure worked.
Now when trying to configure a Recovery Key from my 2021 iPad Pro I’m told that I can’t do that from ‘this new device’ of mine. ¯\_(ツ)_/¯
And when I try it from my iPhone I have to wait an hour because of Stolen Device Protection. Apparently I’m not at a ‘familiar location’. I’m at home. I work from home. This phone is in this house for 99% of the time.
I loved Stolen Device Protection when I first heard about it. And now I've wasted hours of my life dealing with it as part of the "Daily Lockout".
And tech companies again demonstrate that they are "all about the user" by providing no clarity, acknowledgement, or empathy around the issue. It's depressing.
Perhaps this is real talent in tech: to make things seem rather than be, and to build ways to avoid service and accountability unless it leads to max profit.
I shouldn't be surprised each time this happens, but optimistically I still am.
Check if you have location services -> system services -> significant locations On. If it's disabled then effectively you have no "familiar location" as far as iOS is concerned
this actually sounds like the sort of thing they might do if some master key that they were storing for some subset of accounts was internally breached, and they had to force a password reset on them.
Lol and I got some pushback here for saying Apple ID was not a serious product and that I wouldn't trust Apple to use Apple Pay even if they let me as a lowly Android user.
I mean, ffs, the only 2fa option for an Apple ID is SMS auth. Just not a serious company when it comes to actual services.
This comment being downmodded in a thread with dozens upon dozens of comments explaining BAFFLING behavior including shit where people are like "yeah I get random notifications all the time asking for my password and I just enter it" is BONKERS, I'm actually softly chuckling at the casual detachment some of yall have about it.
The truth though is that if a consumer right remains hardly enforceable and impractical to sue and get any real resolution from doing so, corporations can live with consumers retaining it...
I would say that most of the time people don't even know that not everything written in a contract might be valid in case of a legal dispute. However, once in a while we have nice things, such as requesting to be refunded the windows license https://sistemainoperativo.it/#:~:text=Come%20chiedere%20il%...).
Unfortunately it's in Italian, basically if you don't accept windows (and office) tos you can be refunded, almost nobody knows this except some Linux users. However, if you follow the steps (such as not accepting the tos) you're basically guaranteed a refund or to win the legal dispute
I did that once, almost 20 years ago. Bought an IBM laptop that came with windows (there weren't any options w/o Windows back then, for consumers at least). I always planned to put Linux on it.
Rejected the TOC. Made a meticulous image report that showed careful unboxing and setup.
There was a line in the TOC that (from very vague memory) disallowed using the OS for a.o. nuclear power mgmt. I did work in energy back then (but mostly webdev), so I could not rule this useage out. Send it along to Redmond and got a prompt reply from som e salesman for some kind of "industrial licence" for insane amounts. A few back and forths later, I got a measly €20 Euro's back. They put the rest down to admin fees, and OEM discounts.
Anyway. It ran SUSE and (k)ubuntu perfectly.
I guess it's much easier nowadays. But I buy my laptops preinstalled nowadays. Open the lid, answer five or six questions, restore my backups (/etc, .files, ~), reinstall the packages from packages.txt, reboot and continue working.
As of today, in Italy, you get refunded the average market price for a license and not the oem price (roughly ~20€),so depending on the windows version you get 40/80€ + if you have office, you get a few other bucks back, upto ~115€ for windows + office. And yeah, it's a bit easier today but companies still try to make it difficult on purpose, such as asking you to ship back the product, while you're not obliged to. I spent last hour reading the legal proceedings on the site I posted and lol, they're kinda all the same, you ask a refund, you get told to ship it back, you do the "messa in mora" (you legally tell the company to refund you), they tell you to ship, you say you're not obliged to, you're eventually refuned
Just to add: This right to be reimbursed of Windows OEM has taken extremely long in the 1990ies to become a right, after much lobbying from Linux fans.
I imagine this attitude of “even if we had laws protecting consumers they wouldn’t get used” is a big part of why Americans don’t have them. The European laws do get enforced, but of cause there is both room for and movement towards improving consumer protection.
did you ever try to use any USA federal service? you're required an id.me account.
what's that? well some anonymous group saw login.gov, realized the value of the data, and lobbied that it should be open to free capital markets to explore, not the government!
so now if you want to even talk to the irs or veteran service, you need to go to that privately owned id.me site, do a video call, scan all the documents they ask for (even ones without visible anti counterfeit mechanics like your typewritter filled ssn card).
and the best part? right after you create your account, you land on a coupon clipping page that is a facsimile of the garbage pamphlet the usps is forced to shove daily in yout physical mailbox! and among the links on that page are links to Whitepapers about how advertisers can benefit from buying user data from them because it includes gov affiliation like vetetan, taxpayer, etc and bank information!
exactly. they already hit the revenue goals even with shitty quality. it's the only goal that motivates work and in a monopoly it's tied to market size only.
what's a few thousand people per month losing all access to their data, if that is not even a blip on their revenue or revenue protections?
if you're going to buy a new iphone, you're going to buy a new iphone. it doesn't matter the slightest if you read some nerds complaining something broke one theirs that same week.
People pay in average $1000 every 3 years ($27 per month). So if 1% people choose Android next time, Apple will lose 1% of 2 billion users x $1000 / 3 years = 7 billion dollars per year.
but if you're close to a monopoly, numbers go up with market size increase. you can lose ((market size Delta) - 1) until your bonus motivated employees have to care.
I use Tailscale, NextCloud (files, pics, calendar, contacts), Podverse, Obsidian, Bitwarden (Vaultwarden), Home Assistant, ProtonMail, Signal, Element, …. If my iPhone (iCloud) goes down it’s just a node in the network with all my data still my own and available.
For most people, losing their iCloud or Google accounts would be devastating.
I always joke that I'd rather lose all my documents and credit cards than lose my main e-mail account. And only tech savvy folks understand that it is not, in fact, a joke.
You can add it the bucket of similar crap that nerds make when they don’t think to actually check if they’re building something that solves a problem that people actually want solved.
The reality is that if you go to any family BBQ and start going on about the importance of self-hosting, I - someone that’s been working with computers my whole life - am going to roll my eyes and not be all that interested in the conversation, let alone anyone else there (chances are they don’t want to talk about computers at all).
The reality is that these open-source / self-hosted solutions are, the vast majority of the time, harder to use and maintain. There are few things that sound less appealing to me than dealing with the realities of helping my family and friends with using any of that stuff.
This is all just some nerd’s out of touch pipe dream.
> This is all just some nerd’s out of touch pipe dream.
Yes, though only because it's a lot of trouble to set up today.
If it were completely commoditizated -- imagine one more button when setting up a new phone ("Choose where your data resides: Apple, Google, Facebook, Self hosted") and it was completely transparent then it would be used much more, especially if that's complemented by one of the nerds setting up e.g. a neighborhood sync server and everybody around knowing it and using it.
So yes, you are not wrong but the situation can change dramatically if ergonomics are improved. Which sadly most of the nerds never work on.
I used to think this. The Google, Apple, and Facebook options are the improved ergonomics solution. It just never pans out for these open solutions. I've been waiting decades for it things to get to that level, but it always ends up the same way - fiddling with servers.
You are restating that the self-hosted options are not as ergonomic yet which I already acknowledged.
As for waiting, yeah, sad story, but most of us don't want to be on the computer for 16-18h a day anymore. I implore any of the more privileged programmers -- people with job security, $200K+ annual salary, a lot of social safety nets -- to open their eyes and stop fucking around with the one millionth LISP interpreter and just start making non-corporate-controlled tech already.
understood. I am only extending that to say that virtually all software is built with the headspace of "some amount of maintenance" is to be expected. To overcome this, it needs to be delegated to someone. That someone will cost money. It's unclear to how this cycle will ever be broken unless the entire solution is somehow also controlled and produced with uniform open source hardware.
Sure, I don't disagree with that, though I think that we the "nerds" should _really_ stop churning tech and versions of stuff so hard, but that's sadly outside of your control and mine.
In other words, if you built one nice Golang / Rust program and only update the server once every 3 months, you can go quite far without touching it too much. Likely 3-5 years.
So, say you choose the "self hosted" option. I really hope you have at least a RAID10 with 2-drive failure, and regular off-site and off-line backups as well. Choosing "self hosted" is a very risky option, because most people have no clue how to protect their data from loss. I'm sure you'll explain next that some hack0r will figure out how to do redundant backup self-hosted for very little cost that even the stupidest human could use, but I just don't see that being an option in my lifetime, if ever. Okay, so then "self-host" in the cloud? Well that's not really "self-hosted" is it?
I will agree that nerds work far too much on pointless pursuits.
I get what you're saying, but not all of those things are self-hosted. For example, Proton Mail isn't harder to use than Gmail. Signal isn't harder to use than any other messaging app.
I've had great luck convincing even church ladies in their 60s to use both just by explaining that "end-to-end encryption" means that only the sender and recipient can read the messages, not big tech companies and advertisers.
That's great for you and everyone on HN who's tech savvy, but your average smartphone user has no idea what those even mean let alone how to set them up and use them. Your parent is right and is being needlessly downvoted.
My dad is often defeated on how to set up or use basic features of his smartphone, let alone on how to migrate stuff from one ecosystem to another, which let's be real, is purposely designed to be as friction inducing as possible.
You can use a Mac or iPhone without an iCloud account. Doing so works fine for Mac, most applications can be downloaded outside an app store. Sadly on iOS it makes the phone pretty useless if you want to install any third-party apps.
Like others say, it's fairly easy to escape, just keep backups outside iCloud. Also, it's probably best to use a password manager that is not iCloud Keychain.
Agreed. What’s more, I find iCloud’s implementation in MacOS to be far less intrusive than OneDrive in Windows, which constantly pushes me to use it as a default, and has at least once unilaterally forced the issue during an update by moving my home folders into OneDrive, and leaving an absolutely wild text file titled “Where Did My Files Go.txt” on the desktop. If I don’t want to use iCloud, I can easily forget it exists.
I’m not terribly partisan when it comes to platforms, I own and actively use an M1 Mac Mini, Dell Precision running Windows, and a Kubuntu box. I understand the assertion that software ecosystems tend to be a featured player in tactics aimed to fix users on a particular device or platform, and I think there’s plenty of evidence that this is broadly the case. But I wouldn’t use iCloud as a particularly good example of it, Apple’s clearly not banking on their cloud storage to drive its revenue.
How's that? All my contacts can be stored locally, photos backed up both on my computer and to a separate service plus iCloud, it's pretty easy to set up Dropbox or Box in-place of iCloud Files. Apple Wallet is handy but it really just stores digital copies (over-simplifying) of my physical cards, any of which I can request a replacement for outside Apple.
I don't use Safari but if I did any of its bookmarks/history are easy to import into other browsers.
Your contacts can be stored locally but your device will not work if Apple says so as it needs to be "activated" against their servers. And there is no "secondary system". So no, you are completely dependant on Apple and their infrastructure even if you (think you) store data locally.
Yes, you can do this with considerable effort.
But the moment you use OIDC with Apple ID there is a good chance you will lose many of the accounts created this way.
“Save in an encrypted file”? Christ. We really need to draw a HUGE line between “hacker news user solutions” and “things that are practical for actual people to do”.
I agree, that there is no obvious solution by just enabling a setting...
But no matter what tool you use for it, that is what needs to be done. It is quite simple for example if you use Macpass or Cryptomator on a Mac.
Most people have a file encryption program of some kind on their computers. WinRAR, 7-Zip, some versions of Microsoft Windows (note: not supported in Windows 10 Home), Microsoft Word…
OIDC is the one part of this that really is an outsize problem.
I’d say email providers are an even bigger problem though. Good luck getting your accounts back if you lose access to your own email account. I don’t know that iCloud mail is particularly popular, but the risk really applies to any provider.
If you prepare for a case like this then it's easy. If you get caught off guard (like I imagine most people will) it's hard.
I have an unhealthy habit of switching between FOSS and Apple a few times a year (don't ask) and generally it is pretty easy. The most annoying thing to me is Photos export, especially if you don't have access to a Mac. You can't download your whole library from the online environment, there's a 1000 image limit per shot.
edit: Also I have not found a good way to export from Apple Notes so I have a habit of typing into .md files from the terminal.
edit2: Gave it a search and tried Exporter. Duh. Works great!
Actually an anecdote on switching, my father in law bought an iPhone in a pawn shop. It was logged in with someone else’s iCloud account. He just used that until he dropped dead. We had no idea until I had to clean his phone out. My mother doesn’t even know what iCloud is. Literally total ignorance must be the default for everyone these days.
I’ve done the random switch thing as well as a test case. But to Microsoft. It took me a day to export all photos from Photos.app and into OneDrive and that was with a Mac (105Gb). And of course you lose all the edits you did if you export the originals.
"Even though I paid for this home (laptop) and have all my things in it, I can totally buy another from another realtor if the current locks me out. So joke's on them, it's not exactly a walled garden"
We can all use hyperbole and carefully pick our narratives when we want.
Example: I can live in this nice comfy condo for a sky high fee (Apple) or I can live in a rickety old shed I have to keep fixing for free so I don’t have to pay the ground rent (Linux).
I’d rather live in the condo even if the lease runs out one day.
I'm not saying it was a bad analogy, just that it's easy to create analogies to create a narrative based on your own perception. Obviously the point was missed.
In this case, their analogy seems to be based on reality.
The key point of their analogy is that buying another condo isn't a good solution to someone locking you out of the one you paid for, just like buying a new phone isn't a good solution to Apple locking you out of your phone that you paid for.
Your complaint with their analogy seems to boil down to "they used an analogy", without actually addressing the point above. Try to focus on the point instead.
Yeah, I never understood this whole "you're locked in, you can't get out of their ecosystem."
This has always been BS. I've switched from Apple to PC to Linux back to PC to Apple back to PC and then Android etc etc. It's actually quite simple. At the moment I'm using Apple stuff, but there's nothing holding me here other than just me being here.
Where is the button to copy your photos from apple to google? Until something like that exists normal people are 100% locked in.
They may not even own a laptop with sufficient storage to download all their photos to. If all they have is one, maybe two, phones with limited storage they're totally fucked. Just like Google & Apple designed it.
And it's not like these services make it easy to bulk download/upload your photos, either.
Suppose Walmart has a monopoly in California and Target has a monopoly in Florida. Anybody in California can shop at Target, they just have to go to Florida. "I've switched from California to Florida and then back, it's actually quite simple."
But if you're in California and you need some batteries, even if flying to Florida to buy them from Target is possible, even if you used to live in Florida and might move back there next year, even if you have the money to buy the $300 plane ticket, it's still prohibitively expensive to do it solely to avoid a $5 markup on batteries. Then the two stores don't really have to compete, and you get stuck paying the monopoly price for everything. That's what it means to be locked in.
> You buy different stuff, copy your data across and sell the original stuff.
You buy a different house, move your stuff across and sell the original house. How is it a crappy analogy?
The issue is that the cost of moving removes your choice from individual decisions because they all have to be made together. If you want iMessage then you have to sell your Android and get an iPhone. If you want F-Droid then you have to sell your iPhone and get an Android. What if you want both? This isn't because the free software community would be unwilling to set up a store/repository for iOS, it isn't because no Android messaging app would be willing to interoperate with iMessage, it's because you're locked in to one platform or the other at any given time and have to make all your choices together.
Someone who wants to provide an app store that charges lower fees would have to convince everyone to switch to their platform instead of only convincing people to switch to their store.
The reason they make it that way instead of being able to choose what you run on your device independent of the kind of device is in order to lock you in.
Nooo, then what will HN do with the multiple-times-a-week and hundreds of comments a month complaints about proprietary systems run by mega tech corps? Seriously I think there were FOUR different "fix"-win11 tools on the frontpage in the last 6 days.
I use both Mac and Windows with no Apple account or Microsoft account. I lose some features, but gain privacy. Once I lost access to a Windows machine.
I see this repeated over and over, but there's no proof that "apple hardware" is better than any combination of every possible hardware out there, it's just fanboyism.
Anecdotes of bad hardware are everywhere, given that the majority of hardware are cheaper thus more prevalent. But a comparison of all possible hardware with the same price points? Not feasible, so it's all just feels.
I've been using Thinkpads since 2006, including fancy high-end ones such as X1 Carbon. I'm typing this on a newly purchased MacBook Air, and I do have to say: it really is very good in terms of hardware. And I don't mean specs, but ergonomics. Trackpad is truly as awesome as they say, keyboard is surprisingly good (kinda expected to hate it and amazed at how fast I can type on it), and overall it is just very comfortable. The battery life is unbelievable coming from Intel.
The software, now, that's a very different story. I really wish I could run Linux on this thing.
I'll preface this by saying that this is not a defence of Apple's SSO issues as outlined in this article; but I think I can bring some quantifiable points to this discussion.
Anecdotally, after over a decade of professional computer use:
- No laptop as light as an MBP that I've been exposed to comes close to the weight-to-stiffness ratio of that case
- No laptop out there has a trackpad that feels anywhere close to the MBP, that I've seen. It's a combination of palm rejection, latency, fineness of controls, and correct handling of multi-fingered gestures, with the actual glass of the trackpad being nice too.
- Most other laptops out there don't ship with as good a display. Granted, the MBP displays aren't P3 calibrated or anything, but the colour reproduction is great, and the HiDPI clarity is excellent. Font rendering in particular is outstanding.
That's just to name a few headline features. Is it possible to buy/build a laptop with those similar qualities? Hard to say. Trackpad drivers in particular tend to be tricky, and Windows precision drivers are the closest I've seen to Apple's trackpad feel, but those will typically fall apart on material feel.
I doubt that you'd be able to make or buy a daily driver that feels as good while spending a reasonable amount of money, and you'd likely spend a good amount of time sourcing parts.
I've had the opportunity to use three other laptop types during my career: two reasonably recent (at the time I had them) Lenovo Thinkpads, a Framework (briefly), and a recentish Dell Latitude.
The Thinkpads stand out, but fall short on the display and trackpad points; otherwise they had a reasonably rigid keyboard compared to the MBP. The Framework was fine, honestly. The modularity is excellent, but the deck flex on the first-gen model was way more than I'm used to, and the display colours were deeply meh. The Latitude was bulky, but I mitigated that and other issues by just running it closed-lid and plugging it into a display, mouse, and keyboard.
In the future you have people living in excile because the conputer says no. Nobody understands why. Nobody knows how to fix it. The computer says no. Nobody gives a damn.
You have no access to a bank account. No access to find a job. No access to get health care etc
I suggest people to watch "I, Daniel Blake" who talks about malfunctioning administrative systems, and nobody caring about it. I'm aware it's not related to credential issues, but I see it as the same: you have an issue that's related to an edge case, and nobody gives a damn about it, nobody takes the responsibility to look and see what's wrong about it
Last I saw you could enable full dtrace. Involved a reboot IIRC, which makes sense. I think the process wasn’t too different from what you do to enable unsigned kexts.
It’s… entirely fine that it takes a 3-5 minute process to disable security that keeps processes from snooping on one another. That’s an excellent default.
Can only advise that you should have recovery contacts and a recovery key set up in case something goes wrong.