So i'm not the only one, huh. Got myself an iPhone, downloaded 2 apps, went to bed, woke up to a complete lockout. They unblocked me through a phone support request, after 18 hours, and then hit me with a fresh ban, not even 24 hours later. Account got permabanned after like 5 more calls, where they just started sending me a legal notice instead.
The fact that your device can become a complete brick, because of an issue in their completely hands-off account management system, smells like a class action suit
> The fact that your device can become a complete brick, because of an issue in their completely hands-off account management system, smells like a class action suit
This is HN frontpage. It's on a big "Mac" website. The damage is done.
Many are going to write nonsense like: "Apple is still a $2 trillion company, so this obviously works for them" to which I'll respond with a simple question: Did it not work for Apple before these SNAFUs? Does it work better for Apple now, after fuck ups like that?
It's not normal behavior and they are losing customers over this.
We had an Apple "moment" in the family: around the 2012'ish MacBook Air era. Two at home and they worked fine, for about ten years. Then the battery issues, the keyboard issues, the trackpad issues. Eventually these MacBook Airs died a painful death.
I'm on Linux since the nineties (and, yup, I can get into my system with Apple or Microsoft forcing an online ID down my throat) but the Macs were convenient for the wife.
So we bought a MacBook Air M1. After 13 months or so the screen died alone, overnight: was working fine before closing the lid, was dead in the morning. There are threads with dozens of pages on that subject.
That's when I switched the wife to Ubuntu. Ubuntu, Linux Mint: she doesn't care. Heck, I probably could have her use Debian or Devuan (Debian without systemd).
Apple is done for us. It's over. We'll never ever buy a Mac again and I'll never ever recommend a Mac to anyone.
And I'm far from the only one thinking that way.
The damage is done.
Rationalize as much as you want, invoke AAPL's market cap as much as you want, and enjoy being locked out of of your devices without any recourse.
Everyone has a brand they're never buying again because of a few problems they had in the past. For every new brand they _are_ still buying, there are 10000 other people who are never buying _that_ one again because of a few problems they had in the past.
The only difference I've seen between Apple and my previous laptop brands is that their support techs are useful.
And unlike, say, Samsung Ultrabooks or even Microsoft Surfaces, Macs last a really long time. My kids are using my 2011 MacBook Air and 2009 iMac and they still work, even the battery still kinda hangs in. They've had a few rough years 2016-2019 with the butterfly keyboards but I don't know many current manufacturers with products as solid long term.
In my experience laptops from the competition are as durable when you pick up the professionnal line instead of the general consumers one. That will be Lenovo thinkpads, Dell latitude, HP elitebook, etc.
Lenovo has been tarnishing the think pad brand for several years now, pushing plastic junk that also has the thinkpad branding. It’s not enough to stick to thinkpad anymore, which thinkpad matters.
Ditto HP. Their machines are… not great to operate on (from a maintenance perspective), their hardware maintenance manuals are much lower quality than they used to be…
Only dell latitude hasn’t disappointed me yet, and I fix laptops as a hobby so I’ve worked on quite a few 2014-2019 machines.
Agreed. There are countless old models you can buy off eBay, drop in a new SSD and battery, install your distro of choice and keep using for several more years. Almost all models of that kind have a lot of serviceable parts, for example replacing the thermal paste is usually easy and makes the cooling better than it was brand new.
I haven't bought one myself simply because I have my own units that still work 10-15 years later. The screens mean they're dreadful as actual hands-on laptop experiences, but they're perfectly fine for home servers with built-in battery backup and management console.
My HP hybrid tablet, now over 15 years old, still works (when plugged in).
My dad's IBM Thinkpad, older than most people currently on this website, still works.
Apple people like to claim that Apples last longer than their competitors, but that simply isn't true. Most people, myself included, can't tell you what Dell or HP support is like because we've never had to use them. But every Apple user knows what Apple support is like, because every Apple user has had to use them.
I'm writing this on a 2013 MBP. This specific machine is slightly bent and endured being hit by a car. Those other laptops that you mentioned, that aren't made out of aluminum would be dead. I've also had a few Lenovo T410s (circa 2010). I would say the quality and spec of those T410s isn't up to par with MBPs of similar era. Their CPU fans fall apart. They tend to overheat. The hinge breaks- plastic. The display and audio quality is worse. Software support also sucks. At some point newer versions of Windows just don't have good support, the webcam from example doesn't work in modern Windows. On the Macs though you can still run fairly modern OS and everything works. I would totally take a 2010 MBP over a Lenovo Thinkpad of any type. (EDIT: from the same era)
I've also used top of the line Dell laptops over the years and a Lenovo Yoga.
Way way back I used to have a desktop color Macintosh of some sort (I forget the model, a 68k, maybe IIci ?) and as PCs were getting tossed in the landfill for years while the Mac kept going and running most new software.
I just bought my daughter a laptop and decided to go with the MacBook Air m2. Great value for money IMO. Not sure what's even close in terms of performance, build quality, battery life etc. This should easily last 10 years.
No. Those other laptops WOULDN'T be dead. They WOULDN'T be dented either. ThinkPads from that era had a maganisum alloy frame. They are hella rigid but the plastic shell gives enough bouce so they don't dent when dropped.
And macOS software support is awful. It's completely random and up to the whims of Apple with some models getting only 6 or 7 years support if you bought at launch.
As someone who used to manage a tech support department with a bunch of Dell and Lenovos for a large traveling sales team, I can assure you that they are not “hella rigid” and definitely will die and break when dropped from waist height.
Meanwhile I just disposed last year a 2008 MBP with a swollen battery and cracked case that I used daily as a secondary device on my desk (for about the last 7 years) until day I decided that it was more a liability because of the battery maybe deciding to explode soon than help.
I'm not talking about a dent. I'm talking about the entire (closed) MBP bent by a car driving into it. There is no way a ThinkPad plastics wouldn't have broken (and its frame bent). But I guess we can't perform this experiment. Plastic is just not as good a material - sorry. Not just is it not as strong when new it also doesn't have the same longevity.
The ThinkPads are pretty good vs. most laptops in terms of design and durability (going back to IBM). I still think the MacBooks are an overall better design. I owned 3 T410s for many years and repaired them and kept them going so I'm very familiar with their design (And all the things that broke or failed over those years). The laptop I'm using right now is a 2013 MBP (which has been my daily driver for a long time with zero issues) and I have a new 13" M3 MBP work laptop (a great laptop) and another 2012 MacBook right here with me.
I agree 6 year OS software support isn't good but the 2013 machine still got updates up to the end of last year (though can't run the very latest OS). That said, as long as applications run on the older OS it's not necessarily such a huge problem unless some critical security issues pops up.
It's all a matter of tradeoffs. Aluminum is nice but it doesn't protect the internal glass panel from shock damage and a $600 topcase replacement if you mess it up. Especially on the older Macs, that chassis adds to the weight and leaves them pretty fragile considering their tank-like exterior.
Speaking for myself, I'd rather have the plastic Thinkpad. Lenovo commits well to the OS I use (Linux) and I don't want to baby around a laptop that threatens to bankrupt me if I drop it on the Starbucks tile. In terms of longevity, I can do a hell of a lot more with a 10 year old Thinkpad than I can with a 10 year old Mac.
> Not sure what's even close in terms of performance, build quality, battery life etc. This should easily last 10 years.
Recently picked up a Lenovo Thinkbook with a Ryzen 5800u in it. Basically a Steam Deck in sheep's clothing, with a nice HDR 1440p display. I gave it to my brother, and I expect it to last just as long (if not further with community driver support).
The M2 is faster and more power efficient than the 5800u. The display is 2560 x 1664. I think the Air display is better and brighter. The speakers on the Apple laptops also tend to be better.
Not sure about drop resistance or cost of repairs. I've dropped MBPs and they were fine (anecdotal) and the MBP I'm using was literally hit by a car and was slightly bent as a result and still works.
The battery life of the air is supposedly 18 hours and having no fan is also nice. No laptop I previously used compares with my work MBP m3 for battery life or performance. The air weighs 2.7 lb. I don't know which specific Lenovo you got at but the Thinkbook 14 weighs 3.3lb.
That said, I did pick a 13" Lenovo Intel i7 about 5 years ago when I was looking for a laptop for my other daughter. That laptop is still going strong. It did die about a year after I bought it but was repaired under warranty (still a quality question though). But I think today Apple has pulled ahead and the prices on the m2 these days are good.
I've never had a good experience with Linux on laptops. The hardware support always seemed iffy. Power management also iffy. But I have to admit I haven't tried in a long while.
To put things bluntly, literally every classmate in law school using an Apple laptop had to get their laptop replace at least once due to the failure of the device caused by normal usage. My understanding from younger relatives is the same.
That HP hybrid? That was my laptop in law school. It still works, and it's great for drawing (though not as good as my Surface).
Their CPU fans fall apart. They tend to overheat. The hinge breaks- plastic. The display and audio quality is worse.
Apple laptops circa that era were notorious for heat issues, weak plastic, and poor displays. Their sound quality wasn't much better than a cheap PC laptop, unless you shelled out for a top-of-the line MBP..and of course a $2500+ laptop is going to be better than a $500 laptop.
Software support also sucks. At some point newer versions of Windows just don't have good support, the webcam from example doesn't work in modern Windows.
This is objectively false. I can still run software, and use hardware, from the 80s on my Windows 11 desktop. You can't even run 5-year old software on an Apple because Apple broke compatibility.
while the Mac kept going and running most new software.
This is objectively false. Older Macs can't runner new Apple OS software.
My 2013 MBP is running Big Sur latest release September 11, 2023. But yes, you can't upgrade past that. All the hardware and software works just fine.
My web cam on the T410 doesn't work under the Windows version it's running and hasn't worked for many years (and I've had a few of those, it's not just one bad hardware).
EDIT: The variability of hardware on Windows laptops is just so much larger. There's so many different motherboards, so many different peripherals, so many different GPUs. There's no way Microsoft is testing against all permutations of laptops from more than 10 years ago with their native drivers. Lenovo doesn't have modern drivers for the T410 either and I doubt other laptop companies release new drivers for their old laptops. I've owned and used for work many Windows laptops from various vendors. I've had 3 T410s I inherited and I spent a lot of time trying to keep them going including cannibalizing some of them for parts.
My web cam on the T410 doesn't work under the Windows version it's running and hasn't worked for many years
The T410 works in Windows 11, so if it's not working for you, it's a simple driver update.
But on the note of Apple just working, there is an entire frontpage thread about how Apple isn't "just working" for thousands of people whose Apple IDs have been locked out. And The Verge currently has a front-page post about their Apple editor discovering that Apple doesn't just work and in fact has quite piss-poor speakers (https://www.theverge.com/24139303/mac-mini-laptops-desktops).
I'm just about to retire my last of 3 T410s (its hinge is broken and it tends to freeze from overheating. I replaced the cpu fan on it 2 years ago). I tried all sorts of drivers. Some just don't work. Some work for like 10 minutes and stop working. Windows 11. Maybe there is some magical driver somewhere. Are you guessing or do you have a T410 with Windows 11 and you use the webcam regularly?
Yeah, I saw the Apple ID thread today. I thought Apple ID was optional. (e.g. I don't have an Apple ID for the MBP I'm using right now).
The article you linked to says: "My M2 Air had great speakers." It's the Mac Mini (not a laptop) that has poor speakers. Can't comment on that one.
EDIT: A by the way there is that I believe a T410 can actually have different components, i.e. some might have a camera from one vendor while others have a camera from another.
I’ve been an Apple user since the Core 2 Duo laptops. So something like 20 years. I’ve owned countless laptops, every other iPhone since launch, two iPads, two watches (a first gen and last year’s), two HomePods, a pair of AirPods Pro and Max, a Time Capsule, two Apple TVs, and… lord knows I’m missing multiple somethings.
The only time I’ve had to use support is when I’ve broken an iPhone screen to have it replaced.
My experience goes back to the early ‘90s. I’ll admit an intense hatred then and the occasional support call, but that was mainly because I was a network engineer in a publishing company and AppleTalk was a chatty POS protocol. Since maybe ‘00s managing many, many apple devices (not just my own), I’d bet I can count on both hands with a finger or two left over that I needed to call support. Personally, I have only used Apple devices since 2009 and have only engaged support on an Apple Watch back in 2019, which was my own damn fault for smacking it into a wall and swimming a mile right after bricking it.
After so many laptops, purchasing a new laptop is starts to feel like purchasing the death of a laptop.
I have used lots of HPs, Dells, Lenovos. They do last, until they don't and you have to reinstall everything from scratch because the hardware is different.
I did run mine pretty hard, and my HPs, Lenovos and Dells did go into warranty pretty regularly. I never saw it as purchasing a laptop as much as purchasing the guarantee of a laptop.
Apple got me because it would reasonably copy one laptop onto the next.
Apple used to make their devices to be too thin, and they could not thermally handle themselves. Especially 2017-2019 Macbook pros. Before then, most were pretty reliable. Hoping the new ones are.
I hope you can see that what you wrote can’t possibly be true.
Surface people, HP people, or Thinkpad people have all had to contact support at times as well. Is it more or is it less than Apple, is the question (and isn’t answered)
Every Apple user I know has had to contact Apple support due to an issue with their Apple device. Even the guy in this thread who claims never to have dealt with Apple support before had a comment in another Apple thread talking about their experience with Apple support. It was apparently great, but that's the problem. Apple service is great because almost every Apple user will have to interact with it because of a problem with their device.
HP, Surface, and Lenovo support can suck because so few people need to contact support for issues with their devices that it's not important to those companies to focus on support.
> Most people, myself included, can't tell you what Dell or HP support is like because we've never had to use them. But every Apple user knows what Apple support is like, because every Apple user has had to use them.
That is such an absurd statement. You’re even italicising “every” (twice!) as if you’re really convinced it is true.
Hate is severely blinding you to reason. They’re just consumer electronics brands, they’re not eating your children. Calm down and think for a moment about your assertion. Maybe talk to some people outside of your circle.
Dude Samsung can last a ton if you treat them normally, you are just confirming what OP was saying. One random example - I saw SGS II working 12 years with same battery, flawlessly. I am not even going into phones comparison, enough folks around who are not happy or migrating back to Androids for various reasons.
As for laptops I guess you are joking, I've yet to meet a single big corporation in Europe where macbooks are even allowed on premises, unless its some web app testing team or similar.
Some folks live in great echo chambers, I agree this site is a massive one for Apple. That's a simple fact, comments here confirm this. Which is fine on its own, but its not balanced truth you often find here.
Linux fan but hard pass on this. Apple's ecosystem integration across their devices (I have Apple Watch, an M1, an iPhone 15 Pro Max, a couple Apple TV's etc.) is unparalleled. And the iPhone camera is excellent for documenting my rapidly-growing, almost 3 year old kid. Also, Livephotos kick ass. Every single Android phone I've used is annoying AF and I hate having to fix issues with them when I'm at my in-laws' house (her dad insists on them for... some irrational reason).
Of course, I do sync my entire photo library with both Google (preserves the Livephotos) and Amazon (does not preserve livephotos), because I once lost an entire photo library due to a fuckup combined with an Apple bug. And I use non-Apple services for music and video.
Maybe just don't put all your eggs in one basket to the extent you can.
Sounds like the same shtick I heard from Windows 8 apologists in the past. "Yes, yes, Microsoft is a ghoulish company; but look at how my laptop connects to my Xbox!"
Apple's whole premium marketing shtick feels gone. Not only has the halo-effect worn off now that everyone owns an iPhone, but they're portioning up their own operating system to endless service integration and nonsense software offerings. Who the hell is paying for Apple Arcade? What about Apple Music Voice? Does anyone still pay for Apple Fitness+ without having forgot to unsubscribe? The whole thing reeks of Microsoft trying to market Groove Music and Onedrive to an audience of confused senior citizens and barely-literate pre-teen gamers.
Their hardware revenue is threatened, their software revenue is headed towards the toilet, and their latest product category is a non-starter. If you aren't preparing to see the worst of what Apple is capable of, I advise you get ready (and perhaps an alternative smartphone you feel comfortable using).
I can’t hear you over the 140 photos of my son I am airdropping to my sister at full resolution and way faster than they would be made available to her in any other fashion
But again, I am a Linux fan (NixOS actually), despite it sucking ass in the user department
As a counterpoint, I have 4 macs notebooks, 1 dating back to 2011 and they all still work, well the 2011 has to stay plugged in because the battery is basically useless at this point but it makes a not too bad NAS with linux running on it.
I bought an iPhone a couple of days ago, and was planning on using the weekend to finally migrate from my old Android phone. Luckily, I haven't even opened the box so I should be able to return it for a full refund. No way I'm spending over $1000 for this kind of experience.
Black swan events can happen to you. Recently I traveled to a European country from my base (Middle East). I normally take my phone and laptop with me and they are synced. I forgot the laptop charger and could not get one locally not at least for about a week and then dropped my phone and it got damaged. I bought another phone (Adroid) and tried to log in to by google accounts. It recognized the email and the pswd but then wanted verification from the original device! Despite having the original sim in the new phone.
On my return everything went smoothly through my laptop. Scary though.
My conclusion - have two physical phones + laptop all synced, plus hardcopy of important pswds etc.
Data is easier to protect by offline and online back-ups, but your online identity is hard.
> My conclusion: Eliminate what little remaining usages of their services I have.
This. I never used the Apple's Cloud offerings to backup things - and I stopped using any Apple devices since the BatteryGate. I semi-degooglify my Android(s), and never use the "Google-*" (contacts, calendar, etc.). I block them with NoRoot Firewall and disable them, and use other apps for those services. I sync with my Oulook (2013) and my backup is with Carbonite. I do have to jump through a couple of hoops, but considering that I don't live under the threat of 'death' by Apple or Google to hold me hostage with my data/etc, the little effort is well worth it.
Exactly. I recently had the same experience of being locked out when I lost my old device and had no recourse. My conclusion was the same and I've stopped relying on all Google services except Gmail.
Well, if you used Google 2FA, the Authy app exists, and allows you to securely store 2FA in the cloud (as long as you remember your Authy credentials).
If you don't, then yes, your physical phone essentially becomes a dongle and if you lose it, you're screwed. Perhaps they don't educate users enough about this, but that's the fact
Don't bind your online identity to Apple or Google or Microsoft, in particular not the email addresses you use for accounts. That at least limits the damage they can do.
Fundamentally it's going to be be bound to someone though. If you run your own domain to host your main email address, you're now bound to the registrar's login to manage that domain name, and also the cloud provider you're using to host the mail services (unless you run that off a machine you have physical access to).
Sure, but I'd much rather be bound to a domain registrar, where I'm paying them for a small, well-defined, self-contained service, where I have recourse if they do someone shady to me.
For Google/Apple/etc., I'm either not paying them at all (in which case they have very little incentive to help me off someone goes wrong), or I am, but for a basket of services. The identity portion of those services is probably not what that company is focusing on providing, and any weirdness with any other service in that basket could cause me to lose my access to the identity bits, often without recourse.
Yes, but you can choose a medium-sized, established registrar with a functioning human support desk, where you are the customer instead of the product driving hyperscale ad revenue. The hosting provider is not an issue, because you can switch very quickly to a different one if needed, and only have to change your DNS entry at the registrar, or whatever you use as your nameservers. Depending on your country’s jurisdiction, you also may have some legal rights to the domains you acquire under the country TLD and are not exclusively at the mercy of the registrar.
You're missing my point that you're still beholden to the domain name registrar that manages your domain name on your behalf. That account getting permanently locked out will have all the same bad consequences for your online life as your Google account getting locked out.
And keep in mind that being a domain name registrar is a low margin business (typically they're only grossing a few bucks per domain per year, before accounting for any other expenses like staffing and systems), so you're not gonna get great support.
My understandingis is that legally you own the domain and the registrar is only managing it on your behalf and they are required to transfer it to another registrar if they terminate you as a customer. As recently happened for russian users on namecheap for example.
This. My TOTP 2FA for Namecheap just stopped working one day, despite nothing changing. I was totally locked out. I got lucky and their support was helpful and we reset it after a few hours, but it made me realize that there is no way to be 100% safe.
(My Google account is dead even though I have the username, password and recovery email which forwards to me since I don't have the phone number)
At some level, every business has incentives to minimize what they provide you vs what you provide them. But even low margin businesses where you’re the customer are more likely to have incentives and structures built around paying attention to you than low margin per user businesses where users aren’t the customer but part of the product.
I host my own email service and several times have had the registrars get sold and once sold and then the purchasing registry discontinued the registry service, or maybe the secondary DNS. They generally have support that at least understands how DNS works, which I find surprisingly rare among tech folks.
However the big problem is I am frequently banned from emailing gmail or office365. Never Apple for some reason. So I can read email but I can’t that well send it. But I don’t really care much, mostly people have to tell me out of band to check my email if they have sent me email. My email sessions are mostly a review of current spam practices and questionable emails from firms I have done business with.
Registrars are beholden to the registry and ultimately to ICANN rules (for classic TLDs at least. They can't just fuck you over whenever they feel like in the same way that Google/Microsoft/Apple can with their services.
Some failure states are unique to people who exist in these weird edge-case states though. Like the person who had their luggage stolen, the person registered the laptop to their own account, then returned it still paired. And apple wouldn’t un-pair it from Find My even with a police report documenting it all, therefore it’s bricked.
(And to be fair to apple here - they didn’t do anything wrong here, strong end-to-end security inherently means allowing these states. Otherwise the cops could order apple to unlock it too, and apple wouldn’t have a moral ground to object if they’re regularly performing the task in other circumstances. Otherwise people could social-engineer apple support to unlock a stolen device, or their partners. To a certain mindset, google and apple not having any real support is a strength because there’s no way to social-engineer your way past the actual security. But people want both the idea of E2E security and the convenience of being able to remotely un-register a laptop from someone else's account...)
Anyway, that failure mode wouldn’t exist if they were logged in to their account, and e2e encryption makes that a very low-risk thing overall.
Apple can’t see where to it devices are anyway, without doing a song-and-dance to authorize the session on a pre-authed device. Airtags and iphones have a rolling hardware identifier for bluetooth and wifi based on a cryptographically strong pseudorandom sequence, and apple can't correlate the identifiers back to an actual device without a pre-authed device relaying the sequence from your account. Etc etc.
Apple have actually done the legwork to make sure they can't see anything (or be forced to reveal anything) if you don't want them to (by enabling E2E), and that actually does drive a lot of "user-unfriendly decisions". And sure, android people will say "that's awfully convenient", but, the end state is still a lot stronger than any other major offering regardless of why you think they're doing it.
Buying a domain is not difficult, nor is configuring it with a mail service like Fastmail. Yes, it’s slightly more involved than signing up at GMail, but it’s less complicated than doing your taxes (YMMV). The more people do it, the more helpful resources and service would appear for it. The problem is most people don’t care until they get unlucky and their account gets cancelled for inscrutable reasons. It would be better to have regulation that protects users.
The risk of an average person forgetting to update their credit card details and irrecoverably losing a personal domain is almost certainly thousands of times higher than them being accidentally and permanently locked out of a Google or iCloud account.
Where I live, the most common payment method for such services is direct debit from your bank account, where the details never change unless you switch banks; and in the rare event that you switch, you can make use of a service that banks are legally required to provide for transferring debit mandates to the new account. I bought my first domain about twenty years ago and never had to change anything regarding payment.
A lot of people live paycheck to paycheck. I’d wager even more people on average would lose their domains with this approach either by forgetting to or being unable to put the necessary funds in their account, and having the payment declined.
Losing your entire online identity because you didn’t pay on time is an absolute show stopper for an enormous number of people.
Most people are not tech people. They do not know or car, or even care to know, about the details and importance of maintaining and protecting an online identity. They won’t remember to update payment details until things start failing. They won’t check their email frequently enough to notice before this happens. They will ignore text messages, either assuming they’re scams, spam, or unimportant.
You’re in the US, presumably? Is it really that common there for people to overdraw their account to the extent that direct debit in the $10 range would fail? That would be a very rare occurrence here. And you wouldn’t immediately lose your domain just because the payment failed once. It would be a much longer process.
People also have a mobile phone number with a plan they have to pay for. I don’t see why a domain should be any different, and it isn’t actually that different in my country.
5% of American households have no bank account at all - either because fees are too high or because they have cashed bad checks or failed to pay bank fees in the past and are now refused an account.
Another 25% had their bank balance go below zero in the past year. And that number is worse than it sounds, because it doesn't include people who have selected to have transactions fail instead of put their balance below zero.
https://www.consumerfinance.gov/data-research/research-repor...
In the current state, the majority will need some help, similar to how they need some help when something goes wrong with their laptop. But as I said, if this would become a more widespread practice, more services would become available that make it easy and that help in case of trouble.
The biggest impediment is probably that most people aren’t willing to pay (say) $10 per month for a domain and email hosting like they do for streaming services, because they’re used to email being free. So they remain at the mercy of the big providers.
But I can at least encourage the HN crowd here to move to independent services and to use their own domain.
You’re first two sentences prove my point that this is not adoptable by most. Cell phones are ubiquitous and permeated all tiers of society. Hosting your own domain and email isn’t. I get the limitations but my point was that this isn’t practical by most for technical reasons. Ignoring the financial challenges of convincing people to spend money on something that has been free for their entire life.
You can use your own domain with Google at least, and I’m guessing Microsoft as well. It could be a good middle ground where you control your email and just let google,etc use it for the time being. It looks just like gmail but you can always get out if you have to.
I'm thinking of Microsoft Accounts on PCs and how you need to know how to jump through hoops to avoid them at OOBE. And about how this is about AppleIDs and losing them - it's my understanding that Apple is less aggressive about AppleIDs than Microsoft is about Microsoft accounts, but also, TFA. Google has similar levels of fuckery especially if you're on Chromebooks but Google's sin is nonexistent customer support. I wouldn't want my most important email address to be tied to any of these three, although I speak as a gmail-using hypocrite who plans to change that soon.
The thing that really bugs me about Google is you can make an account tied to an unrelated domain, but then they don't let you use that for a lot of things, so you're forced into a gmail account.
iTunes didn't even allow you to add your own album art. To do so you had to be signed in with Apple ID, so Apple could look up the album details on the iTunes store and set the image that way.
This was in 2008, so the software ecosystem lock-in strategy was already well-established back then.
> You're seriously doubling down on your ignorance instead of just admitting that you were wrong?
From the guidelines:
> Be kind. Don't be snarky. Converse curiously; don't cross-examine. Edit out swipes.
> When disagreeing, please reply to the argument instead of calling names. "That is idiotic; 1 + 1 is 2, not 3" can be shortened to "1 + 1 is 2, not 3."
> Please don't fulminate. Please don't sneer, including at the rest of the community.
I don't really care one way or the other if iTunes let people set custom album covers back in the day. That first comment by OP just stuck out like a sore thumb. The guidelines are there because they make HN nicer to participate in.
Or, keep a set of single-use backup codes for 2FA. Google offers this[1], though I don't know if Apple does or not.
Storing them seems problematic, but it really isn't: They're just random-looking 8-digit numbers and nobody but you needs to know that they belong to your Google account.
Or, KISS. If you're happy with the idea that the SIM card controls the key to the castle, as it seems that you are, then: Put a backup code in a contact in your SIM card. (It is kind of a lost art these days, but SIM cards are still data storage devices here in 2024.)
> It recognized the email and the pswd but then wanted verification from the original device!
Did you have 2fa enabled by any chance? I have 2fa via TOTP on my accounts and while they offer using a signed in phone as a verification option, using TOTP was always an option, and I was never locked out of my account.
>Despite having the original sim in the new phone.
That would only help if google had some way of tying the installed sim to your account. Given the privacy implications and the technical difficulties, I wouldn't be outraged at the fact it didn't take your sim into consideration.
Are you talking about a prompt like this[1]? If so, there should be a poorly named "more options" or "don't have your phone?" link that gives you the option to enter your TOTP code instead.
> My conclusion - have two physical phones + laptop all synced, plus hardcopy of important pswds etc.
And then say, Meta decides to ask for login verification on your other device, and you lose that account because you always logged to it through a browswer in private mode, so no device actually has an active session. Happened to my wife the other day.
IT "Security" is reaching new heights of being bullshit. You can't win, and asking people to buy multiple devices and keep them continuously in sync is a bit much, and not even a guarantee of safety anyway, as next week Google or Amazon will hit you with some next weird trap to keep you "sekhure".
I can easily imagine an AI algorithm noticing a user has two phones, and deciding that is out of the ordinary and suspicious, and locking you out of both.
>IT "Security" is reaching new heights of being bullshit. You can't win, and asking people to buy multiple devices and keep them continuously in sync is a bit much
You likely don't need to buy multiple devices. I log in from random countries/VPNs all the time and never have issues, but I do have 2fa enabled. If your account only has a password and there was a suspicious sign in attempt, it's reasonable for them to ask for additional verification somehow because you could be a victim of a credential stuffing attack. It's hard for companies to win here. Either people complain about their accounts getting randomly locked because they were on vacation in Romania and tried signing in on a new device, or the companies get grilled by the media for "failing to proactively protect their users' data" or whatever.
I would agree with you if there actually was anything different in a suspicious way about those logins. There weren't. Same devices, same ISP, same browsers, not even an OS update in between. Just one day, few days ago, out of the blue, Facebook decided to pop up a conformation request, offering no alternative to confirming from "another device", and that's with them knowing (or at least having that information available) that there are no live sessions of that account (the whole browser in private mode thing).
Maybe the companies can't win, but they also have themselves to blame. They shouldn't have convinced people to entrust their only copies of data with them. Your vacation photos should not depend on someone's cloud platform. Half of your entire offline life shouldn't depend on Google not randomly locking you out of GMail. But here we are, and I'll keep calling those "security updates" bullshit because they don't care about long tail, and they don't care about hazards they create for most of their users.
My experience with Meta is it is just a PII fishing expedition masquerading as a security check.
I abandoned my facebook account when they asked for my driver's license scan, a few weeks later suddenly they didn't need it after all. My BIL recently wanted me to check sout omething he had setup on facebook and I found I could "login" by clicking one of the "what are people doing" spam emails they send. I've never used it on this PC before and have no idea what the password even is anymore. Super secure.
> and that's with them knowing (or at least having that information available) that there are no live sessions of that account (the whole browser in private mode thing).
Unless you explicitly logged out, they likely to see the opposite picture, i.e. numerous "valid" sessions (as opposed to active) that haven't been used for varying lengths of time because you logged in, but from their perspective, you never logged out. You just cleared your cookies which means the session is still "valid", even if it's inaccessible to you because the session cookies have been cleared from your device.
I don't know if they take any of this into account but as you've pointed out, assuming that the rightful owner of the account must have access to a different session is a huge assumption to make.
4 - Discover that those backup codes are useless because the service provider will refuse to acknowledge them when you travel.
The fact that we are stuck with a pair of global apathetic undemocratic identity providers is absurd. And one of the reasons why that "shattered dream of passkeys" is on the front page. At least that dream got shattered, it would be worse if it went through.
This is standard Google behavior. Logging into Google on any new device always asks me to confirm it on one of the other devices that are logged in (i.e. phones, tablets). Suppose it's some kind of 2FA.
I understand the security concept of it. Luckily my trip was short. As I also use wechat to communicate with some Chinese friends, my experience was different. First it send me an OTP on the new phone, then asked for two friends to send a number to the phone. Luckily I had the phone number of one and I managed to restore and to be honest having humans in the pipeline was a plus. Negative this had to be done over 5 minutes otherwise you back to square one.
In case one phone doesn't work or is lost or stolen or broken, I guess. Plus buying a second phone is great for the economy!
Society was collectively sold this deal where if you entrust everything to a trillion-dollar company, you'll be treated well and this sort of thing wouldn't happen. Yet it appears to be happening, and the trillion-dollar company that has the resources to deal with this so far isn't being very helpful, and it's falling to the consumer to take insane amounts of proactive measures to not have their digital lives fucked up when the exact deal was that you wouldn't have to, but of course now the party line will be "well you were obviously stupid to believe the trillion-dollar company's trillion-dollar marketing, then."
And I'm annoyed as one of the people who did not buy into it.
Even more damaging is the lie that modern tech continues to sell people: that they're too stupid to use computing technology, and all the restrictions of the platform (relative to real computers) are actually for their benefit and not the corporation's.
And, almost everything is a "computer" nowadays, from your phone to your car to your refrigerator, but only the OG computer is even remotely "fixable" to the average consumer. All the others, you're hamstrung and forced to go through official channels for subpar, marked-up service because if you try to do anything yourself they'll brick your device and maybe sue you for good measure.
I think the modern definition of computer is something with a screen and keyboard. While you’re right that almost everything has a chip in it, calling your fridge a computer is disingenuous.
> Why do you need more than a single phone plus a hardcopy of your Google recovery codes
Because, as I can tell from a similar experience to GP's, they also won't save you if the authentication infrastructure decides you're not who you say you are.
Google has done the exact same thing in the past, deleting Google accounts without warning (which is arguably worse because not only can you not access your phone backups but your email, calendar, drive, etc. is gone too).
Companies that wrongfully ban or delete email or phone accounts need to be civilly liable and this civil liability needs to supersede any arbitration agreement or terms of service agreement.
An Apple or Google account is far too important to people's lives to let them hide behind the "we're a private company and can do whatever we want" canard. They do need to have the right to ban spammers or people using YouTube or Drive to infringe copyrights but just randomly shutting off somebody's email or somebody's ability to make video calls should be against the law. The same would also apply to a text chat company like Slack or Discord banning somebody's work account for no reason. Certain tech companies have government-like levels of power over people's lives so they need to be restricted in how they can treat users like the government is restricted in how it can treat citizens.
Yeah, and to stress the point: this is not "can't send vacation pictures to my grandma" bad, this is "might lose my company/my job and my house" bad, as everything else in life treats one's email (and increasingly, app 2FA) as infallible backup.
Interesting, is that in the US? I’ve never heard of that being required by law in the UK. I think it’s just an Apple thing here. I mean we obviously have laws about refunds etc but I don’t think we have any law saying you can open any product and start using it and then return it even if you have no complaint with it.
There is no uniform law. In the EU most countries have this type of laws but they all vary in the duration and scope. In the US is more or less similar as it varies by state and many don't have any laws regarding this.
But even the more permissive laws have many exceptions, like not applying to perishable goods, underwear, lipstick, etc. and it's heavily tilted for unused products or very light us that doesn't affect the value of the product when re-sold.
When the product doesn't work like in the case of this Apple situation, it's not even a question. As long as the hardware is not damaged and everything is return, "the law" completely sides with the consumer.
One in a thousand wouldn't yield anything. Because it's such an unusual experience (just a few of these happening around the same time would create a news cycle), one in ten million is probably closer since there are around a billion active Apple accounts.
That's similar to the odds of dying in a non-Boeing plane ride. Even if the odds were one in a million, that's about the odds of being struck by lightning over a lifetime.
I'd think someone returning a phone over this was regretting the switch for other reasons. It's fine to keep using Android.
This is a reasonable point of view I guess. But there's not really a reliable way for the consumer to get the real probability. If it happened to me, it's likely enough to consider. Maybe there's a hidden variable about my usage pattern that makes it more likely. Since it's totally opaque, there's no way to know.
Sure, if actually happens to someone, they're rightfully not risking it again. If for no other reason, it'd be likely that a fresh account would be detected and associated with the old one. Plus, whatever unusual situation of yours triggered the ban, such as border crossing or how you route your Internet traffic, would probably still apply. (I'm not saying someone is doing the wrong thing if those things are the case for them.)
I’m curious, would you be willing to share the gist of the legal notice(s)? Even just broad strokes categorization of what they claim, perhaps…
- unauthorized access related to the lockouts and support requests you already described
- unauthorized activity related to something else you didn’t mention (even if unfounded)
- some other unrelated but specific violation of TOS or other cited rules (even if unfounded)
- zero additional information, perhaps reiterating some previous finding (even if unfounded)
I’m giving you the benefit of the doubt, but I agree with another commenter that it sounds like something is missing from your story. Details like these might help us understand how your experience fits the pattern of accounts in the article.
Something seems missing from your story. They banned you for downloading two apps, or was something else involved? Or you still have no idea why they banned you in the first place? Just curious.
I wish that were the case, but I've really just gotten the bare necessities in messaging apps, and called it a day. Didn't have time to set anything up that night.
They didn't tell me what was wrong, as supposedly the support is not allowed to disclose that. All they were repeating is that after a confirmation of which account it is, they will put in an unblock request. It's supposed to send you either a confirmation (which i got the first time), or a denial message. I never got a single one of the latter. A few calls later, the system prohibited putting any new requests in, with no option to override, "supposedly".
Of course there is much missing from his story, these tech corps keep the victims of their incompetence in the dark so not even the victims know the full story.
This happened to me yesterday although I was able to quickly unlock my account on my MacBook pro. I spent a while making sure it wasn't an attempt by a backdoor to access my password. Felt very suspicious!
> they just started sending me a legal notice instead
This is bizarre and fucked up even from Apple's standard. Did you get to know anything about it - what happened? Did those legal notices seem to be automated? Any inkling what could have triggered it (False alarm? And Apple is known to hide its incompetence in this manners)?
Can't be that hard to justify in some way for a filing. The industrials and big commercial guys do this all. the. time. I even bet there's bunches of SLA templates out there with the right litigious lingo to ease the filing.
Have you checked their terms and condition? There might be a clause that says - since you are using their devices you forfeit claim to your own backyard ;-)
Bought a brand new MacBook last year and set up a fresh iCloud account to go with it. Problem was for the First and Last Name I entered some variant of Unknown User / Unknown Account (for privacy..) and chose a username “user.mailbox.unknown@icloud.com”. Everything was fine but 24 hours later, I could no longer sign into the account. It was saying my password was incorrect! I was 100% sure this password was right so wtf? In a panic, try to remove the account from my brand new device and can’t! You have to sign in normally to remove an account in settings. Obviously I called Apple support and a high quality American sounding woman took my call. She said my account appeared like it had been deleted, like when a user deletes their own account. She placed me on hold and found out what’s going on. Apparently “engineering” had my account DELETED. My only guess is they didn’t like my user name / mailbox name and suspected I was a fake person. Anyways the lady was able to get my account temporarily reinstated right there on the spot and I was able to login and delete that toxic account off my Mac. I made a new account and everything’s working fine. Needless to say I was very impressed with how they handled my situation, within 20 mins no less.
Wrong. That description was meant to provide context to the story. Vs the alternative: getting some foreign oversees call center agent who doesn’t speak English as a first language and doesn’t truly care about my account, as many companies use. When I said quality, I meant professional and helpful at the same time as an employee. Her being female was of no consequence and that’s your own projection.
I was impressed simply by the timely resolution of their engineering issue.
No I wasn’t impressed by that part Lol it actually terrified me badly because the Mac is still the single most important tech item I own, imagine if it was a $1600 Googlebook and locked on a brand new Google account. Who do you call? Anyways I accept partial fault for registering a sketchy mailbox name and using a name such as Unknown Name. But then again, perhaps it’s possible for a legal person to have that name so theoretically it could be legitimate. Not sure if any jurisdiction would allow a person to make their name that.
I was thinking about something related yesterday.
It is amazing how big "Internet Silos"
Google, Facebook, etc provide close to no
customer support services and that we "users" have
accepted this.
Getting cut off from one of these places can have a
huge impact on people.
They happen without warning and often without explanation.
I think they ought to be forced to be more open around
the process and how to get help in general.
For Apple I have usually managed to get a hold of some support.
Often not helpful but at least somebody.
With Google and Facebook I have never been able to find anyone.
Sameting that is demonstrated on this site frequently
when someone will post a plea for someone who knows people
at Google who they can't contact on their behalf.
Since they can't get hold of anyone themselves.
(Yes I am sure its covered in the EULA several times that
there is close to no support)
(For Google Workplace it is usually possible to get a hold of someone.)
> Google, Facebook, etc provide close to no customer support services and that we "users" have accepted this.
This is why I've always rejected the concept of vendor "ecosystems" and cloud-first SaaS solutions for my personal computing. I've also designed my life so it's not dependent on having uninterrupted access to Facebook or Gmail.
> I was thinking about something related yesterday. It is amazing how big "Internet Silos" Google, Facebook, etc provide close to no customer support services and that we "users" have accepted this.
That's because you aren't the "customer", you're the product. The people paying the bills for Google and Facebook are the actual customers.
With Apple it's supposed to work differently - the user is the customer.
That doesn't really make sense as I pay for GCP and Google Enterprise. They specifically refer to me as a customer and in a roundabout way I pay for their bills. Your statement, while a neat adage, doesn't reflect the complexity of it all.
Facebook is easy to get back in if you have several thousand to spend. There are plenty of insiders selling their services to get your account unlocked.
Google, not so much. I've yet to find someone to unlock my Google account, even though I've slowly been working my way through their phone and email directory. [it seems everyone has access to the internal phone/email directory? and people sure want to hand you off to someone else to fix your problem..]
These corporations are actively hostile to users and it's insane that anyone trusts or interacts with them.
Recently when setting up GrapheneOS (android OS distro), my login to google play services was delayed by 24 hours for 'security concerns', after authenticating via youtube app. (Try to go OSS? Here's a 24 hour ban).
It's funny because the forced youtube app authentication itself is not a security measure, it's a dark pattern to force the youtube app to be installed and opened. Logging in by phone or email quietly doesn't work anymore, the SSO messages never reach their destination. I find it hard to believe that this is not representative of google's perverse incentives.
The thing that scared me recently was two updates that gave me new encryption keys. At first I trusted apple and wrote down the new key. But I became suspicious after the second update and checked online. It seems like it's happening to others, so I used the recommended command-line tool to verify my new encryption key and it didn't verify. Apparently it works after disabling and enabling encryption, but
I'm just keeping it disabled for now.
This also spooked me. I’m a former security professional—there are few good reasons Apple should be doing this, and it smells of a targeted attack. If I had a zero-day exploit to steal your data, this is what it would look like.
In the other hand, if Apple suddenly found out that a good chunk of encrypted volumes weren’t actually encrypted / the key was recoverable by an offline attacker, this would also explain the facts.
But the lack of explanation from Apple is troubling.
Yeah, I’m one of the people affected by this and it has happened to me on multiple machines on multiple updates and I have no idea what’s happening. Of course the keys do not actually work like for everyone else, which is even worse from a consumer UX standpoint (if I didn’t knew better I’d just throw away the old key…)
It's on my todo list to backup and wipe that machine at some point. It's a desktop machine, not a laptop, and I don't save the recovery key to my iCloud, so I don't see how this could be a security threat. But something smells fishy.
Oh sorry, I would edit the comment but it's locked, I realize now it's not that clear. This is about FileVault encryption on Mac and the recovery key. I think the command was `fdesetup validaterecovery`.
I'm not him, but for me it was MacOS. After the update was installed and the system rebooted it presented a dialog asking if I wanted to be able to use iCloud for recovery if I forgot my Mac login password. I let it set that up.
Afterwards I wondered if it was just storing the recovery key I already had in iCloud or if it had generated a new recovery key and my saved one was invalid.
I checked my recovery key ("sudo fdesetup validaterecovery") and it was no longer valid. A bit of Googling failed to turn up a way to get a copy of the recovery key that was in iCloud, and I decided I'd rather have a recovery key I store myself in case I need to recover when I cannot get online so I switched it back.
Switching back is easy. You just turn off FileVault, then turn it back on and choose to manage the new recovery key yourself.
On the first update when it showed me the message, I trusted it and wrote down the new key and threw the original piece of paper into the trash. Then the second time it showed up, I became suspicious and did a quick google search and then ran the command tool just to confirm that the new backup key validates, but it didn't. My hunch is that it was still using the original key I had set up myself, but I couldn't confirm since I had tossed it.
Oh wow, thanks for the heads up! Turns out my recovery key was also invalid... That's something Apple really should have notified people about. These kinds of slip ups without notifying users is terrible.
Only tangentially related, but I have been trying to enroll for Apple's developer program for almost 3 months now.
Understanding what the problem is is essentially impossible. Going to a physical store doesn't help, calling their customer service has them telling you to go to www.apple.com/support (???), and writing for support has them rotate you through 4 different, and decreasingly useful, representatives.
The last response I got I was told the issue had to be handled by yet a different representative and it would take an "indefinite amount of time". Which may be a nice way of them saying it's never going to happen.
It really is demoralizing when you realize there is nothing you can do really, even in cases when you have done nothing wrong.
A friend and I spent a month or so building an iOS app we were hoping to release and monetize, but we're also entirely unable to get a developer account created. Corporate entity, DUNS number, American, extremely boring people, and just a generic "Error creating developer account" on the signup form. Apple's support was hopeless in helping.
We gave up and re-built it as a web app. The thing that convinced me was the realization: When was the last time you installed/used a non-game App on the app store that, by your assessment, has less than 1 million users? I looked down my list of installed apps and realized that indie apps are kinda dead anyway. And our web app has been pretty successful.
Just curious, with the web app, how has the experience been for your Apple users vis a vis the Androids? Are you seeing some reduction in expected footfall because of your web app decision?
I had similar issues, and I wish I could remember what solved it. It was something stupidly dumb like I had to log out and log back in on my phone or something. There have a couple of different edge case bugs that prevent people from signing up, and Apple customer support is useless on this.
Same here. It was something trivial with the form that I fussed around with until it worked, or maybe I didn't have iCloud enabled at all and the form didn't alert me about it.
I've had a similar problem trying to renew my Apple developer account. Had it for over 10 years. I had an email a few weeks ago telling me it could not automatically renew (same bank details that worked fine last year). Nothing I could do on their website would make it work. I got hold of someone on their online chat who directed me to the Apple developer forums.
I gave up in the end. But I will have to sort it out before I can release the Mac version of my current project.
That's a funny take. I guess Apple is going to pay my sick leave, then? Buy me the hardware I need to do my "work for them"? No? Weird, guess I'm not working for them at all in any way.
No, you're right, it's actually worse than if you worked for them. Lmao. Really the worst of all worlds. You're dead in the water with out their platform, without their grace, or with all of those things, but their incompetent auth platform.
You could reframe that easily by saying that without Apple making the hardware and services exist, there would be nothing to run your app on. It’s a symbiotic relationship: devs need Apple and Apple needs devs.
I'm not sure what your point is, but I 100% agree with you. Apple is awful, and you have to be downright masochistic to develop for their platforms. Thinking you're their employee when you develop for their platform is laughable.
This requires a Dun & Bradstreet DUNS ID number, which isn’t the most difficult thing in the world to obtain, but also isn’t trivial, especially if you don’t actually have any formal business documents.
Yeah, can say from recent experience this just adds _more_ steps and opportunities to ghost for a couple weeks, get another vague email, ghost for a couple weeks...took me about 3 months to get it all going.
The DUNS stuff was pretty funny. All flows related to getting an ID have a big "Are you doing Apple dev stuff?" button. It's like Apple outsourced support to them. Apple's DUNS lookup tool saw my business and the correct DUNS number, but trying to register with it got an error...eventually dissipated after a couple weeks. Same story for registering an account in the first place: it refused to register james@tld.com, where tld is a Google Workspace account, with no discernable error. Again, dissipated after 3 weeks, thankfully.
Been locked for almost 3 months between November 2022 and January 2023.
Apple is crazy. My iPad with the authenticator broke, and even though I filled endless forms, verified emails and phone number they just keep sending me emails I was gonna be called by support at a date 3 weeks away.
Got no call, restarted the procedure. Got called in January, and it was an automatic voicemail or something..
I literally couldn't use my work machine (had a backup desktop to use).
Needless to say, except for the MBP I sadly need for work I'm not giving apple a dime for my life.
With risk of being spammy, this is probably the most relevant discussion I've seen so far on HN w.r.t my experience of being locked out from my Apple ID.
I hope legislation will force Apple to step up and be more transparent / helpful.
In hindsight, yes that was a bad move (especially considering that my work laptop is still locked to my banned ID…)
As an Apple noob at the time, I assumed that if my MDM-managed device prompted me to log in with my Apple ID, that it of course would be an allowed action.
With regards to data being shared, the only thing I noticed was wifi passwords and peripherals pairing (apple keyboard).
This is why I don't sign in or enable 'find my' on any of my devices. Apple even has a backdoor which bypasses the encryption, allowing them to wipe a device in store.
Logging in takes control of your device out of your hands.
You don't have a requirement to have an email account to login to Windows. MS is pushing it hard, (deceptive trend in big software) but the user can still push back.
I don't know if its still true today, but last time I setup a macOS machine (2020), it didn't require, but pushed, an Apple ID. My Pixel phone I setup this February also didn't require, but pushed, a Google account. I think iOS did require an AppleID, though.
macOS doesn't require Apple ID, although you wouldn't be able to use the app store without it (but pretty much everything worth installing is available as direct downloads anyway). This is similar to the current state of affairs with Win11, except that the latter very aggressively pushes you to use your online email/password as Windows login, whereas macOS insists on having a local account even if you do also set up Apple ID.
Don’t want to sound like I’m victim blaming the author. But I can tell you exactly the issue with their account: registering with an email on a self hosted .xyz domain. Using sketchy tld’s is just asking for this kind of trouble.
Nothing sketchy about self hosting your email. Sure, that is what the big tech cartel wants you to think so you're forced to let them handle your correspondence "for your own safety". Don't believe their lies.
Issue isn’t self hosting email, it’s self hosting it at .xyz.
They had one of the cheapest registration costs. And so ended up with a high concentration of spammers compared to older established tld’s like dot com. Using the tld for legitimate purposes is really challenging due to the high number of systems that flat out blacklist it.
Making assumptions on someone's right to communicate based on their choice of email domain is discrimination, and only serves to drive people to their walled gardens.
I'm not the one making assumptions, it's thousands of independent hosts, and all big tech orgs (including specifically Apple in this case) who are making that assumption. I didn't say the assumption was right, just that it's trivial to avoid falling afoul of it by choosing to use a different TLD.
I babysit a few corporate mailfilters and have more spam from .xyz than from all other TLDs combined. I dont block on that (most get disappeared due to 'new domain') but that's the cohort all .xyz pages are sharing.
xyz has been accomodating to scammers ever since its inception. After a decade I think we can say that it is on purpose.
You end up fighting an uphill battle against every third party that blacklists .xyz, It’s not worth the fight just to use a cute tld and save a few dollars on registration cost.
i also did this: created an email address that i use exclusively on apple. it actually wasn’t hard at all.
zero issues since.
> The problem stems from nefarious groups getting a hold of email addresses and running distributed dictionary attacks.
years back my email was leaked by a website that i never visited. apparently someone signed up using my email address and the website never verified the email.
in the meantime more and more people used the same email address [0] to signup everywhere (it’s not the same person, i checked).
Another tip is to run a custom domain for email that just serves to redirect mail to your real email address. It's is a handy way of keeping track of how and who has leaked your information.
For example I give custom email addresses to every service I sign up for, then I can see who they on-sold that information to, or if the email address turns up in database hack.
The only thing to be mindful about with this approach is to choose a service that gives you a fair bit of control over how to manage that incoming email. Such as being able to bounce or block specific email addresses including the use of wildcards, because I notice some hacking groups will try permutations based on the original email address.
Does account sign-in also ignore dots? If not, if sign-in is sensitive, there's a path to somewhat better safety: Start incrementally moving all daily email to variants containing added dot characters.
> The problem stems from nefarious groups getting a hold of email addresses and running distributed dictionary attacks.
I use [REDACTED] as a provider and I create an email address/account (if possible) per company/domain I interact with (e.g.: personal_github@domain.tld or amazon_personal@domain.tld). This produces two results:
1. No shared credentials across any space.
2. Any junk emails to these addresses immediately tells me who's sold it (or been hacked) and I delete the account[s] and relevant email aliases and get on with my day.
Some services, like Firefox, are starting to offer a form of "hide my email address" but this doesn't solve the problem of using <fistnamelastname@somepopularhostingservice.tld> as the same login id across a lot of services. If that was dumped somewhere, it is probably a strong bet someone has used that as their login, elsewhere.
I don't know if there's another viable solution - but this reduction of possible login ids to one unique id per site is the only way I know how to (possibly) prevent myself from being an easy dictionary attack target.
Got a message on her phone (settings notification). She had to change her password through the settings app.
Called Apple just to check and they said they weren’t seeing any weird activity. That they did see the password was changed, but no weird login or attempted logins.
"As a tip: Do something completely unintuitive, annoying and also you had to have started doing this years ago, and maybe apple won't lock you out. Fingers crossed!"
In the app we have released, we use an email (we don’t care which one, as long as it can receive email) as the login ID.
The main reason is to limit the data we require be stored on the server.
We only have one required PID item: the login ID. The user also enters a display name, but that can be anything, and does not need to be unique.
Since we need the email anyway, we would need to have it stored separately, so this means only one PID item is stored. We also afford Sign in with Apple, which allows the user to obfuscate their email.
Not having the information is the best way to ensure it doesn’t leak.
It's not fully arbitrary, but one can make an Apple ID from any email address or phone number (i.e. you can use a hotmail address if you like), both approaches dodge the issue mentioned since they're not obviously apple accounts.
However the issue with using something like a gmail or hotmail account is that instead of targeting Apple's servers, they just target Google and Microsoft's instead.
Not sure if it’s a valid data point or not. I manage 7 people’s Apple ID accounts. This has happened a few times including twice last night but only on the people who use the @icloud.com as their primary email address. Assume that is related to password guessing attacks. Both addresses are in public email leak databases.
Can only advise that you should have recovery contacts and a recovery key set up in case something goes wrong.
I’d say your guess is right - the accounts typically get locked because hacking groups are running attacks on lists of email addresses.
The email addresses ending in @icloud.com are scraped from a master list and the attack is directed to apple, while the custom domains are ignored because there is work involved in figuring out where those are hosted.
iCloud lets the user generate secondary email addresses, it’s better to use that and keep the login email address secret.
> If you decide to stop using a recovery key, follow the steps above on your device and turn off recovery key. When you do, you can use account recovery to regain access to your Apple ID.
But the "steps above" only describe how to turn it on, not off.
To this day, I still get random "Enter your password to continue using iCloud" push notifications on my iPhone with no relevant action to trigger such a notification.
My Apple ID uses a unique password, I keep a recovery key, I don't have its login credentials saved anywhere, and it's a dev account; so I have my LLC's DUNS number attached to it. My devices are the only ones listed in my settings portal.
I have no idea why I get these notifications, lol.
I got that prompt on all my apple devices a couple days ago. I just clicked Cancel on every one. The prompts stopped coming and everything seems to still work. I don't know whether there will be some ongoing problem with my AppleID that I'm not aware of yet, but so far so good.
I think he means, what causes apple to trigger those notifications. I don’t remember ever seeing that prompt, at least not without myself doing some action to trigger it.
I understand why people enjoy Apple products, but I will never understand why people defend the company when we all know, often through direct personal experience or the experience of someone we know, that the wealthiest company is the world has chosen to provide insultingly miserable customer support as a business decision.
I think it’s because the vast, vast majority of Apple users never need to deal with customer service, and those who do can usually go to the Apple Store and have a pretty good experience.
(Please don’t reply to this with your anecdotes about the time you had a bad experience at the Apple Store. I’m not saying they’re perfect. But these situations in the OP are rare.)
Just the fact that they operate in the real physical world is a huge benefit for a LOT of people who are trying to use technology they didn’t grow up with.
Putting the Genius Bar into widely accessible Apple Stores is a business decision meant to provide useful support, not insultingly miserable.
That said, not everyone needing support has access to a Genius Bar, and not every Genius Bar employee knows every possible answer to every possible question.
But, to claim they chose to be insulting is just mistaken.
Personally, the disconnect is all the excellent customer service I've received from Apple in the 21 years I've been using their products. This includes two repairs on nine computers, and one battery replacement on an old phone. And the time that a major point release of the OS got stuck moving around my homebrew directory and hung. That, and the butterfly keyboard that needed replacing, were annoying. But the customer service was first rate.
Apple is like a religion. An Apple user told me “Apple never makes mistakes” during the Antennagate. I never forgot that, and I try not to have conversations with Apple fans after that.
>An Apple user told me “Apple never makes mistakes” during the Antennagate. I never forgot that, and I try not to have conversations with Apple fans after that.
Someone made an absurd statement to you about Apple, so you have spent the last fourteen years trying to avoid conversations with people who like Apple products?
"Why are you, a single person, doubting the decision a trillion dollar company? Certainly they know best".
edit: Algolia for the win. Quick search [1] returned this pearl from 7 days ago [2]:
> What would you have them do? Sacrifice a trillion dollar business in token protest? You’re just a keyboard warrior with no point at all who would make the same choice and justify it the same way you imagine I do if you were ever in the position they are.
This sort of thing is present in every fandom, but Apple's is sort of legendary for how far it is willing to push it. This is rather evident even if you're just skimming through topical subreddits trying to find solution to some problem. It's very common to find a post that asks the exact question you have, followed by dozens of responses telling them that what they are trying to do is either impossible or unnecessary.
I'm using my own domain for e-mail, but obviously I need another e-mail for registrar, hoster, etc. I used to use gmail for that, but recently switched to icloud as I thought gmail is too dangerous with Google banning people around. Seems Apple's no better.
I have no idea how to untangle this dependency chain. I'm using registrar in my country, so if everything goes wrong, I can just contact them with my ID and hopefully fix things up, but I'd prefer to have 100% reliable e-mail in the first place.
The only thing you need to own is your primary email address and as long as that’s on a domain you own then you can move it. That’s about the only independence there is these days. If you use @icloud.com or @gmail.com for everything then you’re screwed.
You have to depend on someone somewhere. Just make that dependency less of an issue should anything show stopping happen.
Personally I’d like to see some legislation around identity providers and service levels and account retention.
I think vbezhenar's point was simply that the recovery e-mail at a registrar should not depend on a domain managed by that same registrar. The registrar can update MX records.
Yeah keep your email provider and iCloud provider separate. For password management, use something like 1Password, and you got your main “identities” separated. In case of losing access to either of them, the impact will be relatively contained.
As long as you can change your Mx records, it doesn’t matter who is hosting your email. If Apple had a problem, you could switch it to any other provider and request the reset email again, etc.
Many places will let you. Many more will let it forward to a new email address.
Anyone who published papers which included their academic email address will want it to persist forever. Paper publishing happens to be a special priority for many educational institutions.
I feel like these random behind the scenes issues happen a month or two before WWDC to give Apple the foundation they need to announce new services.
I had read Apple is switching the name AppleID to be Apple Account or something similar at WWDC. Me thinks they are quietly pushing code that somehow is causing this for people.
Maybe it’s an age of account issue or some other commonality.
I signed up for an at me account twenty years ago and still use that as my living and haven’t had issues. Maybe icloud.com users?
It happened to me last night! At that moment, I froze, thinking that somehow my password had leaked and someone was trying to brute-force my MFA. At the time, I was at a restaurant celebrating my son's birthday and couldn't change the password on my phone... So I just ignored it and when I got home, I changed the password on my MacBook without any trouble.
This morning, as a precaution, I changed all my important passwords.
I can only imagine the uproar if this was happening to the users of any other company. But it's pretty muted here with a lot of consideration given for apple rather hostility. Nice to see.
Happened to me today. First got the message on my computer that my location was unknown and needed to enter a code from the phone. By the end of it, I had to reset my Apple password. No idea why it happened.
Happened to me last night. I got a push notification on my watch that I needed to update my iCloud password. I thought that this isn't right, so I went to my phone and MacBook. Same thing, those devices said I needed to change my password. So I figured someone has my @iCloud email address and tried to login. I do have hardware keys setup, so wasn't terribly worried.
But none the less, I liked my old password and had to change to something else.
could be somewhat related, last week I had a successful login for my Apple ID from a location I didn't recognise (somewhere in central asia).
I noticed because I got a prompt on my phone, which requested I allow (or disallow) the access.
Since I'm pretty good about password hygiene and security, I of course changed my password immediately and force-signed out all my devices.
That being said: if someone has a password list and is using a bot to scan them all; Apple will of course lock-out sign-in attempts.
Not to say what they're doing is right, there's better ways to handle it. But if I were to apply very recent anecdotal data to this even then this is a meaningful conclusion I could draw.
I wonder if there’s a new leak out there with actually recent passwords we just haven’t heard of yet. If Apple got their hands on it and confirmed a significant number of passwords were active then taking drastic measures is their only option.
I've seen a few posts by users claiming to use randomly generated unique passwords. If that's true then it could be a leak from apple. On the other hand it could also be that it's not and the security response team is catching users not on that leaked list due to unrefined heuristics.
On the third hand it is an apple leak, they've been given a sample list by whoever is ransoming them so they've enacted overly strict heuristics that apply to everyone.
How could it work? It would seem the business would need to have some agreement or side channel with Google/Apple/Microsoft to bypass the issue. Something like "we will pay you $Amount/year to let us reset any agreed upon account". Then collect a monthly fee from the users to subsidize the expense.
Insurance, not fixing service. They'd collect enough data on signing the policy to be able to independently verify your ownership of the account, and in case the account gets locked in the future, you'll get an insurance payout to help you cope with the damage. Not that different from order kinds of property insurance.
Ah that makes sense, thanks for clarifying. It would be cool though - subsidize for some dedicated account "unlock/fix/repair" team at $CORP. They get paid a bunch to sit around and wait for incoming tickets, then actually help out versus stonewalling the user like Google does.
We need to get a legal advocacy group started for dealing with digital rights (EFF isn't getting it done with consumer rights). A couple of well-funded lawsuits on behalf of wronged users will fix this with all of the vendors. This kind of thing should never happen.
This makes me want to minimize my touchpoints with any of any cloud services of the hardware I purchase to ensure I can't be locked out of my life for 18-24 hours.
|
Some people have to take care of critical dependants. I don't exist and serve at the pleasure and convenience of any aspiring digital identity provider. I actually never wanted any of them to be my digital identity.
What's convenient may also be a bigger security gap and impact than many ppl realize.
The recent threads about PalmOS phones seem timely in hindsight. With Palm devices, you installed apps yourself with a sync cable to your computer, and there was no convenient app store, no one could lock you out of your smart phone and your life. Maybe that's an option that should come back. iTunes used to backup and sync just fine.
If there's no real acknowledgement or detailed coming out about this, it's very possible it's a cybersecurity incident of some kind that is serious enough. And it's not just an Apple thing. This has or will happen with every digital identity provider.
There's no one to really pick the phone or answer an email at google or apple when it comes to your digital identity that they want to be holders and providers of.. At least with the government there's a DMV or registry to go to.
I have had iPhones for more than a decade, and I never leveraged any "feature" of having an Apple ID on any of them.
I've never bought an app or spent money on one, and I don't use iCloud, so the Apple ID for me is literally just a gateway to downloading free apps that I can always redownload with another one.
If your device is associated with the "Find my Mac" "Find my iPhone" stuff, losing your Apple ID is the same as possibly (only possibly because you can still have user accounts with separate passwords and use the OS, but there will be limitations) bricking your device.
You can't even wipe the hard drive and reinstall macOS without access to the associated Apple ID. This is a good measure to dissuade thieves from wanting to steal Apple devices, but it is a terrible measure from the point of view of a user who has lost their ID.
>If your device is associated with the "Find my Mac" "Find my iPhone"
I said "if your device".
**IF**
Is it difficult to understand?
If it isn't associated (with "find my" turned on) there's no issue.
If it is, and you lose your apple ID, you are SOL. Turning on "find my" with an associated apple ID is the same as making Apple the only entity that can truly control and own your computer. You can no longer reinstall macOS without your apple ID if there's an issue.
Without being signed into an AppleID you cannot install free apps either.
And if you install then sign out, you're also blocked from updating the free apps.
Apple support is useless. My partner lost her phone with AppleCare loss & damage coverage. She hadn't synced to iCloud in quite a while, so she delayed reporting it lost/stolen (as that flow wipes the phone). After ~4 months she gave up on finding it, and reported it stolen.
This started a Kafkaesque process where the Apple site for reporting your phone lost and initiating a claim with AIG failed to work because the phone had been lost for more than 3 months. Support was useless, they pointed the finger at AIG. AIG pointed the finger right back. Several escalations further and 6 months later, we still have no replacement phone.
I just checked the terms and conditions for AppleCare+ with theft protection, and it it states:
"IX. DUTIES IN THE EVENT OF LOSS
You must report the Loss promptly to Our Authorized Representative not later
than sixty (60) days from the Date of Loss. If You do not report the Loss within
sixty (60) days, You will have forfeited Your claim."
Hmm I used to get kicked out regularly (like 3 times per month) out of my apple login before i enabled 2FA. It completely stopped after. I assumed they were fraudulent login attempts.
This does look more like a glitch on their side though...
One of the things that helped push me away from Apple was the crazy circles the ID system would have me going around in. It's been too long to remember the details but it was madness.
Couldn't see older photos/videos in the Photo app.
Reminder for any iOS user that needs instant iCloud Photos backups (instead of manual monthly), get a Mac Mini, enable the Photos app, disable optimize for storage and keep it on to keep your memories safe.
Always check the recently deleted folder on the Mac every month since iCloud by design is a two-way sync and not a backup, unlike most clouds that are one-way upload (doesn't touch your local files).
Cold storage backup every month using the photos on the Mac should be easier as well.
While that might be Apple's "official" solution, there's a major caveat: the Photos app doesn't support storing the Photos library on a networked disk. This forces you to either fit your entire library on your Mac's internal storage or use a directly connected external disk with no network involved.
To overcome this limitation, I developed a MacOS app that creates a full backup of your Photos library. You can safely store this backup on any external storage like a NAS, network drive, internal disk, or external disk. Check it out here: https://ibeni.net
Compared to the "iCloud Photos Downloader," which scrapes data from iCloud, my app uses the official Apple Photokit APIs to back up your photos. This method is more reliable and efficient.
That’s part of the reason I always opt for the highest possible storage on my main MacBook whenever upgrading - to set Optimize=off for Photos and iCloud. Last upgrade was the 8TB M1. And then I connect that to a local NAS Time Machine backup every few days.
I've recently had the same issue but with my Google accounts. I had to get a new Phone number just to get the account back and then it got disabled again. Not much is on that account. I just casually used it for signing into websites or services that I just wanted to try out and also for having separate subscription list for youtube & watching some gaming/movie/music videos that I don't want to be recommended on my main account. Now I'm worried that my other accounts might get suspended out of the blue. What is going on? I'm already degoogled and use custom domain. I don't even block ads on Youtube. I want to support the content creators. That's why I still even use them to watch videos. Is it finally time to move on to custom youtube frontend?? But if this happens to Apple accounts too, I can't just deApple. This is concerning. I didn't lose much from that incident but I recommend everyone to make a backup of your important stuff now!!!!
It’s happened with Google too. The use of these huge companies as ID providers is not a great idea, especially given that they practically have no tech support.
Apple will let you talk to a human I guess but you have to make an appointment. Google I have no idea.
I wish there was a crowdsourced site, similar to Down Detector, that tried to estimate how common these issues are.
In particular, an attempt to normalize the data to stave off reporting biases you get when reading the comments section in HN, Reddit, etc.
It feels like medical conditions… without statistics, there’s just too many of them to be fearful of. Not that this issue isn’t worth criticism and discussion. But I can’t tell if I really ought to care personally right now or not. Life’s just a wee bit too short to act on every report.
I'm so glad I recently made the decision to leave the Apple ecosystem. I'm fed up paying a large premium for a lot of expensive marketing.
Apple HomeKit has completely busted for me. I've done hard resets of all TVs + HomePods 4 times, tried 5GHz and 2.2GHz....no difference. It's Apple's problem - clearly with either their latest OS versions and/or their cloud. I just had to replace a TV remote that didn't even last a year.
Anyone want to buy a MBP, iPhone 8, iPhone 12, iPad, 5 HomePods and an Apple TV...? :)
Sometimes HomeKit will pick the lowest power device to be the hub causing everything to stop working. The only fix is to find out which device that is and power cycle it.
Posted just 19 hrs ago, has 478 comments and 675 points at the time of writing this, and already relegated to the third page. This site sure has some whacky algorithms!
Then I believe it's slightly better to use a non-iCloud.com emails as iCloud accounts. At least one less reason in the scheme of single point Apple ID failure.
Happened to me too with apple music in November 23.
They just deleted my account with my playlists and listening history. Even support couldn't tell me why after countless calls and emails.
This implicitly canceled my yearly subscription and refunded only a small part after I requested it.
I learned my lesson about Apple.
Take it as a lesson about SaaS and closed ecosystems in general not just Apple.
Any dependencies on 3rd parties can be broken at any time without recourse be that Steam, Amazon, Google, Facebook, Apple, or less obvious services on smart devices.
Difficult to avoid though for some cases like streaming.
Fortunately I had a backup of my playlists. Still annoying. I wonder if those kinds of things happen with spotify as well. Because once your subscription ends you're only relegated to a free account, not deleted.
I had Apple Music back in 2018. Unsubbed and never used the app till March 2024 when I got a free trial. It had my complete playlists and history from then.
Sounds like a lie everything disappeared after 3 months
That's interesting! Before the disaster was also my second subscription. Now that you say it, some data was left. Not the playlists but some listening history. Might be that they only delete the iTunes-related stuff.
Maybe if I subscribed again, there still would be something. But I won't.
The support person on the phone also told me that everything gets deleted once the subscription ends, even when it's by mistake. Which seems to have been the case with me.
One frustrating thing about Apple is that if you try to get help, there isn’t really any way to do it. There isn’t any way to open a real support ticket that will be seen by an engineering team there. The store staff can only do basic things. And if you go to their forums, you will get bot-like responses telling you to follow some useless generic steps that do nothing for your specific problem, or weird replies justifying some obviously incorrect thing with an Apple product like asking why you would even want to do whatever you’re trying to do. I am not even sure who those people are that troll those Apple forums and serve as Apple apologists - like if they are employees of Apple or random users - but they are completely useless and basically deter anyone from seeking help in the first place.
It is staggering that a company this big has nonexistent support and I think given the decline in their quality over the years, this will become a bigger and bigger problem. Unfortunately for most people the alternative is Windows, where Microsoft is abusing their monopolistic market power to shove ads and their services everyhwere.
We really need new antitrust laws to break up these companies and support fair competition, and we also need regulations to reign in the biggest technology companies.
Not trying to excuse their behavior, but my best friend and roommate was a part time phone support in college so I learned a few tricks…
1. They get a lot of dumb questions. If you want a “talk to an engineer” bug report, you really need to prove competency to the support staff. Obviously be nice because they’re not the source of your problems they’re just trying to do their job.
2. Chat staff aren’t able to do much, phone staff have more power and insight. Chat staff can’t see your account, can’t issue pity refunds, can’t make choices outside of the generic script. You should call during US business hours if you’re trying to call the US support. Best case scenario is finding a college student.
3. They’re required to have you follow the generic published help scripts first. If you pull up the webpage and directly tell staff you followed each step - then read them the steps for proof you know them - they’ll often be able to just to the “custom help” portion.
4. If you make any reference to the TOS/Laws/etc they will mark your account as troubled and you will never get service again. You get legal canned responses only. They seem you not a valuable customer anymore. Don’t reference warranty law, definitely don’t threaten to sue, etc.
5. They can see how many apple products you have registered, how much you spend, etc and the customer service agent can decide how generous to be. If you only own a 5yo iPhone, and you’re contacting support claiming the screen magically broke in your sleep they won’t help. If you’ve upgraded every iPhone in your house every year for a decade, they might be nice when it “magically breaks on its own”.
6. They have minimal training outside of the above mentioned docs. Again, the phone staff has better training. They have common devices in front of them, and if you can get someone sympathetic on the phone, they might try to reproduce it live. That’s the golden ticket to a bug report.
>4. If you make any reference to the TOS/Laws/etc they will mark your account as troubled and you will never get service again. You get legal canned responses only. They seem you not a valuable customer anymore. Don’t reference warranty law, definitely don’t threaten to sue, etc.
This is problematic. They'll be happy to parrot out whatever TOS section you violated if you get banned under TOS, but completely stonewall you if you bring it up?
In situations like these, I draw analogy to a hypothetical legal system that does the same thing. Imagine that you are defending yourself in a court of law, and you bring up a specific legal code in your defense. The court then brickwalls you and assumes you are a bad actor, and you get thrown in jail. I know the analogy isn't perfect, but none are.
I assume the intent (right or wrong) is that they don’t want to deputize phone staff to deal with “legal” issues. They’re not lawyers, so if you make it a law issue, they’ll move you to a law support. But a big company won’t actually have a lawyer argue over the phone - lawyers like “courts or quiet” policies.
The main problem is all the kooks who will dispute an overdue payment by citing the Constitution, the Flag Code, and the Magna Carta. You can’t have support staff engaging with these people.
For a non-business user, the situation with support (or rather lack thereof) is pretty much the same across Microsoft/Google/Apple. It's amazing that this is even legal, especially when it comes to account suspension/recovery.
Can't you go to an Apple Store? Every time I see some customers seem to have a problem around Apple ID and such and staff helping. The opposite of Google, Microsoft etc. And there is a recovery process for Apple ID if you don't use a recovery key (and I guess if you have some government ID or such).
A couple of times in the last years I called them and they were helpful, but my issues were hardware so can't speak for Apple ID related stuff. When you schedule a call in the gui there are options for software troubles I recall though.
The way it works is you request the call to any number or you can eg. request a text chat. If you have no access to any phone anywhere then it sounds like bricked iphone (which this "lockout" doesn't do) is a relatively small problem for you
Hah. You expect that calling a store - after you get through the phone tree that gets you to the actual store, that someone at the store is going to sit down and start providing you customer support? No, they're going to tell you to make a Genius appointment, or go to the web, or their support number. They're not going to take time off of the floor, and if they do transfer you to the Genius bar, you've got 3-5 minutes, if that, to get an answer, before they too, do the same thing.
The idea that a sales person in an Apple store is taking 20 minutes or more off the floor to provide some random caller tech support when they don't have any of the tooling around it, can't see your account, very little if any access to support databases, let alone account manipulation, is laughable. Apple does a lot of things. This isn't one of them.
Not exactly what's outlined in the article, but earlier this week I encountered an issue where I couldn't log into my laptop despite entering the correct password (it kept showing 'wrong password' errors). I managed to reset the password using the recovery feature through my Apple ID, but it was still unsettling.
Scary indeed. I tried it just now, after I saw the headline, and I could log into iCloud. But then, I have 2FA activated on my account and Safari uses Sign in with Apple to log in. Or maybe whatever problem it was has been fixed by now.
I got locked out my apple account the other day while trying to login to webmail - thankfully I was able to just unlock it again by reseting my password using my iphone. Kinda terrifying.
I'm glad this is news, because it means I was probably affected by a mistake and not a specific attack. Nonetheless you can't go spooking your users like this.
yeah this happened to me yesterday! i can still get in with passkey on my iphone but im dreading needing to go to apple store and tell them that i have been progressively getting logged out of my normal couple apple devices
This is exactly what CloudFlare and Google have been doing for a while. i meet so many tech illiterate people who "can't log in to the internet" because of some discouraging CAPTCHA or because Gmail decided that even though they knew their passwords, a phone number they haven't used in 2 years (and has probably been reallocated to someone else) is a better proof of identity.
It's a shame it's even legal to discriminate people's browsers based on shady stats and not actual abuse.
Because HN loves to complain about this, I get to repeat it as always. Enroll a real 2fa (totp, security key, passkey) on your account and you will not face any of these issues. There's a reason they do this for insecure accounts and an easy way to avoid it.
I've logged into years-dormant Gmail accounts, from small towns in Mexico on a $2usd Mexican SIM and google has not even batted an eye.
It would be really awesome if Google would kindly tell them so they could have an opportunity to fix the issue and reactivate their account, instead of hard-locking them out with no recourse.
It's not like people are encouraged to keep their valuable data with these companies, only to lose the ai-fraud-detection lottery.
That's very unlikely. If you talk to anyone working in a public library or a local non-profit assisting elderly/homeless people, you will notice these issues are systemic and not isolated cases. From the cases i would see first hand, nothing would suggest that they had been compromised in any way.
Same here in AU, this happened to me about 8 hours ago. Standard reset procedure worked.
Now when trying to configure a Recovery Key from my 2021 iPad Pro I’m told that I can’t do that from ‘this new device’ of mine. ¯\_(ツ)_/¯
And when I try it from my iPhone I have to wait an hour because of Stolen Device Protection. Apparently I’m not at a ‘familiar location’. I’m at home. I work from home. This phone is in this house for 99% of the time.
I loved Stolen Device Protection when I first heard about it. And now I've wasted hours of my life dealing with it as part of the "Daily Lockout".
And tech companies again demonstrate that they are "all about the user" by providing no clarity, acknowledgement, or empathy around the issue. It's depressing.
Perhaps this is real talent in tech: to make things seem rather than be, and to build ways to avoid service and accountability unless it leads to max profit.
I shouldn't be surprised each time this happens, but optimistically I still am.
Check if you have location services -> system services -> significant locations On. If it's disabled then effectively you have no "familiar location" as far as iOS is concerned
this actually sounds like the sort of thing they might do if some master key that they were storing for some subset of accounts was internally breached, and they had to force a password reset on them.
Lol and I got some pushback here for saying Apple ID was not a serious product and that I wouldn't trust Apple to use Apple Pay even if they let me as a lowly Android user.
I mean, ffs, the only 2fa option for an Apple ID is SMS auth. Just not a serious company when it comes to actual services.
This comment being downmodded in a thread with dozens upon dozens of comments explaining BAFFLING behavior including shit where people are like "yeah I get random notifications all the time asking for my password and I just enter it" is BONKERS, I'm actually softly chuckling at the casual detachment some of yall have about it.
The truth though is that if a consumer right remains hardly enforceable and impractical to sue and get any real resolution from doing so, corporations can live with consumers retaining it...
I would say that most of the time people don't even know that not everything written in a contract might be valid in case of a legal dispute. However, once in a while we have nice things, such as requesting to be refunded the windows license https://sistemainoperativo.it/#:~:text=Come%20chiedere%20il%...).
Unfortunately it's in Italian, basically if you don't accept windows (and office) tos you can be refunded, almost nobody knows this except some Linux users. However, if you follow the steps (such as not accepting the tos) you're basically guaranteed a refund or to win the legal dispute
I did that once, almost 20 years ago. Bought an IBM laptop that came with windows (there weren't any options w/o Windows back then, for consumers at least). I always planned to put Linux on it.
Rejected the TOC. Made a meticulous image report that showed careful unboxing and setup.
There was a line in the TOC that (from very vague memory) disallowed using the OS for a.o. nuclear power mgmt. I did work in energy back then (but mostly webdev), so I could not rule this useage out. Send it along to Redmond and got a prompt reply from som e salesman for some kind of "industrial licence" for insane amounts. A few back and forths later, I got a measly €20 Euro's back. They put the rest down to admin fees, and OEM discounts.
Anyway. It ran SUSE and (k)ubuntu perfectly.
I guess it's much easier nowadays. But I buy my laptops preinstalled nowadays. Open the lid, answer five or six questions, restore my backups (/etc, .files, ~), reinstall the packages from packages.txt, reboot and continue working.
As of today, in Italy, you get refunded the average market price for a license and not the oem price (roughly ~20€),so depending on the windows version you get 40/80€ + if you have office, you get a few other bucks back, upto ~115€ for windows + office. And yeah, it's a bit easier today but companies still try to make it difficult on purpose, such as asking you to ship back the product, while you're not obliged to. I spent last hour reading the legal proceedings on the site I posted and lol, they're kinda all the same, you ask a refund, you get told to ship it back, you do the "messa in mora" (you legally tell the company to refund you), they tell you to ship, you say you're not obliged to, you're eventually refuned
Just to add: This right to be reimbursed of Windows OEM has taken extremely long in the 1990ies to become a right, after much lobbying from Linux fans.
I imagine this attitude of “even if we had laws protecting consumers they wouldn’t get used” is a big part of why Americans don’t have them. The European laws do get enforced, but of cause there is both room for and movement towards improving consumer protection.
did you ever try to use any USA federal service? you're required an id.me account.
what's that? well some anonymous group saw login.gov, realized the value of the data, and lobbied that it should be open to free capital markets to explore, not the government!
so now if you want to even talk to the irs or veteran service, you need to go to that privately owned id.me site, do a video call, scan all the documents they ask for (even ones without visible anti counterfeit mechanics like your typewritter filled ssn card).
and the best part? right after you create your account, you land on a coupon clipping page that is a facsimile of the garbage pamphlet the usps is forced to shove daily in yout physical mailbox! and among the links on that page are links to Whitepapers about how advertisers can benefit from buying user data from them because it includes gov affiliation like vetetan, taxpayer, etc and bank information!
exactly. they already hit the revenue goals even with shitty quality. it's the only goal that motivates work and in a monopoly it's tied to market size only.
what's a few thousand people per month losing all access to their data, if that is not even a blip on their revenue or revenue protections?
if you're going to buy a new iphone, you're going to buy a new iphone. it doesn't matter the slightest if you read some nerds complaining something broke one theirs that same week.
People pay in average $1000 every 3 years ($27 per month). So if 1% people choose Android next time, Apple will lose 1% of 2 billion users x $1000 / 3 years = 7 billion dollars per year.
but if you're close to a monopoly, numbers go up with market size increase. you can lose ((market size Delta) - 1) until your bonus motivated employees have to care.
I use Tailscale, NextCloud (files, pics, calendar, contacts), Podverse, Obsidian, Bitwarden (Vaultwarden), Home Assistant, ProtonMail, Signal, Element, …. If my iPhone (iCloud) goes down it’s just a node in the network with all my data still my own and available.
For most people, losing their iCloud or Google accounts would be devastating.
I always joke that I'd rather lose all my documents and credit cards than lose my main e-mail account. And only tech savvy folks understand that it is not, in fact, a joke.
You can add it the bucket of similar crap that nerds make when they don’t think to actually check if they’re building something that solves a problem that people actually want solved.
The reality is that if you go to any family BBQ and start going on about the importance of self-hosting, I - someone that’s been working with computers my whole life - am going to roll my eyes and not be all that interested in the conversation, let alone anyone else there (chances are they don’t want to talk about computers at all).
The reality is that these open-source / self-hosted solutions are, the vast majority of the time, harder to use and maintain. There are few things that sound less appealing to me than dealing with the realities of helping my family and friends with using any of that stuff.
This is all just some nerd’s out of touch pipe dream.
> This is all just some nerd’s out of touch pipe dream.
Yes, though only because it's a lot of trouble to set up today.
If it were completely commoditizated -- imagine one more button when setting up a new phone ("Choose where your data resides: Apple, Google, Facebook, Self hosted") and it was completely transparent then it would be used much more, especially if that's complemented by one of the nerds setting up e.g. a neighborhood sync server and everybody around knowing it and using it.
So yes, you are not wrong but the situation can change dramatically if ergonomics are improved. Which sadly most of the nerds never work on.
I used to think this. The Google, Apple, and Facebook options are the improved ergonomics solution. It just never pans out for these open solutions. I've been waiting decades for it things to get to that level, but it always ends up the same way - fiddling with servers.
You are restating that the self-hosted options are not as ergonomic yet which I already acknowledged.
As for waiting, yeah, sad story, but most of us don't want to be on the computer for 16-18h a day anymore. I implore any of the more privileged programmers -- people with job security, $200K+ annual salary, a lot of social safety nets -- to open their eyes and stop fucking around with the one millionth LISP interpreter and just start making non-corporate-controlled tech already.
understood. I am only extending that to say that virtually all software is built with the headspace of "some amount of maintenance" is to be expected. To overcome this, it needs to be delegated to someone. That someone will cost money. It's unclear to how this cycle will ever be broken unless the entire solution is somehow also controlled and produced with uniform open source hardware.
Sure, I don't disagree with that, though I think that we the "nerds" should _really_ stop churning tech and versions of stuff so hard, but that's sadly outside of your control and mine.
In other words, if you built one nice Golang / Rust program and only update the server once every 3 months, you can go quite far without touching it too much. Likely 3-5 years.
So, say you choose the "self hosted" option. I really hope you have at least a RAID10 with 2-drive failure, and regular off-site and off-line backups as well. Choosing "self hosted" is a very risky option, because most people have no clue how to protect their data from loss. I'm sure you'll explain next that some hack0r will figure out how to do redundant backup self-hosted for very little cost that even the stupidest human could use, but I just don't see that being an option in my lifetime, if ever. Okay, so then "self-host" in the cloud? Well that's not really "self-hosted" is it?
I will agree that nerds work far too much on pointless pursuits.
I get what you're saying, but not all of those things are self-hosted. For example, Proton Mail isn't harder to use than Gmail. Signal isn't harder to use than any other messaging app.
I've had great luck convincing even church ladies in their 60s to use both just by explaining that "end-to-end encryption" means that only the sender and recipient can read the messages, not big tech companies and advertisers.
That's great for you and everyone on HN who's tech savvy, but your average smartphone user has no idea what those even mean let alone how to set them up and use them. Your parent is right and is being needlessly downvoted.
My dad is often defeated on how to set up or use basic features of his smartphone, let alone on how to migrate stuff from one ecosystem to another, which let's be real, is purposely designed to be as friction inducing as possible.
You can use a Mac or iPhone without an iCloud account. Doing so works fine for Mac, most applications can be downloaded outside an app store. Sadly on iOS it makes the phone pretty useless if you want to install any third-party apps.
Like others say, it's fairly easy to escape, just keep backups outside iCloud. Also, it's probably best to use a password manager that is not iCloud Keychain.
Agreed. What’s more, I find iCloud’s implementation in MacOS to be far less intrusive than OneDrive in Windows, which constantly pushes me to use it as a default, and has at least once unilaterally forced the issue during an update by moving my home folders into OneDrive, and leaving an absolutely wild text file titled “Where Did My Files Go.txt” on the desktop. If I don’t want to use iCloud, I can easily forget it exists.
I’m not terribly partisan when it comes to platforms, I own and actively use an M1 Mac Mini, Dell Precision running Windows, and a Kubuntu box. I understand the assertion that software ecosystems tend to be a featured player in tactics aimed to fix users on a particular device or platform, and I think there’s plenty of evidence that this is broadly the case. But I wouldn’t use iCloud as a particularly good example of it, Apple’s clearly not banking on their cloud storage to drive its revenue.
How's that? All my contacts can be stored locally, photos backed up both on my computer and to a separate service plus iCloud, it's pretty easy to set up Dropbox or Box in-place of iCloud Files. Apple Wallet is handy but it really just stores digital copies (over-simplifying) of my physical cards, any of which I can request a replacement for outside Apple.
I don't use Safari but if I did any of its bookmarks/history are easy to import into other browsers.
Your contacts can be stored locally but your device will not work if Apple says so as it needs to be "activated" against their servers. And there is no "secondary system". So no, you are completely dependant on Apple and their infrastructure even if you (think you) store data locally.
Yes, you can do this with considerable effort.
But the moment you use OIDC with Apple ID there is a good chance you will lose many of the accounts created this way.
“Save in an encrypted file”? Christ. We really need to draw a HUGE line between “hacker news user solutions” and “things that are practical for actual people to do”.
I agree, that there is no obvious solution by just enabling a setting...
But no matter what tool you use for it, that is what needs to be done. It is quite simple for example if you use Macpass or Cryptomator on a Mac.
Most people have a file encryption program of some kind on their computers. WinRAR, 7-Zip, some versions of Microsoft Windows (note: not supported in Windows 10 Home), Microsoft Word…
OIDC is the one part of this that really is an outsize problem.
I’d say email providers are an even bigger problem though. Good luck getting your accounts back if you lose access to your own email account. I don’t know that iCloud mail is particularly popular, but the risk really applies to any provider.
If you prepare for a case like this then it's easy. If you get caught off guard (like I imagine most people will) it's hard.
I have an unhealthy habit of switching between FOSS and Apple a few times a year (don't ask) and generally it is pretty easy. The most annoying thing to me is Photos export, especially if you don't have access to a Mac. You can't download your whole library from the online environment, there's a 1000 image limit per shot.
edit: Also I have not found a good way to export from Apple Notes so I have a habit of typing into .md files from the terminal.
edit2: Gave it a search and tried Exporter. Duh. Works great!
Actually an anecdote on switching, my father in law bought an iPhone in a pawn shop. It was logged in with someone else’s iCloud account. He just used that until he dropped dead. We had no idea until I had to clean his phone out. My mother doesn’t even know what iCloud is. Literally total ignorance must be the default for everyone these days.
I’ve done the random switch thing as well as a test case. But to Microsoft. It took me a day to export all photos from Photos.app and into OneDrive and that was with a Mac (105Gb). And of course you lose all the edits you did if you export the originals.
"Even though I paid for this home (laptop) and have all my things in it, I can totally buy another from another realtor if the current locks me out. So joke's on them, it's not exactly a walled garden"
We can all use hyperbole and carefully pick our narratives when we want.
Example: I can live in this nice comfy condo for a sky high fee (Apple) or I can live in a rickety old shed I have to keep fixing for free so I don’t have to pay the ground rent (Linux).
I’d rather live in the condo even if the lease runs out one day.
I'm not saying it was a bad analogy, just that it's easy to create analogies to create a narrative based on your own perception. Obviously the point was missed.
In this case, their analogy seems to be based on reality.
The key point of their analogy is that buying another condo isn't a good solution to someone locking you out of the one you paid for, just like buying a new phone isn't a good solution to Apple locking you out of your phone that you paid for.
Your complaint with their analogy seems to boil down to "they used an analogy", without actually addressing the point above. Try to focus on the point instead.
Yeah, I never understood this whole "you're locked in, you can't get out of their ecosystem."
This has always been BS. I've switched from Apple to PC to Linux back to PC to Apple back to PC and then Android etc etc. It's actually quite simple. At the moment I'm using Apple stuff, but there's nothing holding me here other than just me being here.
Where is the button to copy your photos from apple to google? Until something like that exists normal people are 100% locked in.
They may not even own a laptop with sufficient storage to download all their photos to. If all they have is one, maybe two, phones with limited storage they're totally fucked. Just like Google & Apple designed it.
And it's not like these services make it easy to bulk download/upload your photos, either.
Suppose Walmart has a monopoly in California and Target has a monopoly in Florida. Anybody in California can shop at Target, they just have to go to Florida. "I've switched from California to Florida and then back, it's actually quite simple."
But if you're in California and you need some batteries, even if flying to Florida to buy them from Target is possible, even if you used to live in Florida and might move back there next year, even if you have the money to buy the $300 plane ticket, it's still prohibitively expensive to do it solely to avoid a $5 markup on batteries. Then the two stores don't really have to compete, and you get stuck paying the monopoly price for everything. That's what it means to be locked in.
> You buy different stuff, copy your data across and sell the original stuff.
You buy a different house, move your stuff across and sell the original house. How is it a crappy analogy?
The issue is that the cost of moving removes your choice from individual decisions because they all have to be made together. If you want iMessage then you have to sell your Android and get an iPhone. If you want F-Droid then you have to sell your iPhone and get an Android. What if you want both? This isn't because the free software community would be unwilling to set up a store/repository for iOS, it isn't because no Android messaging app would be willing to interoperate with iMessage, it's because you're locked in to one platform or the other at any given time and have to make all your choices together.
Someone who wants to provide an app store that charges lower fees would have to convince everyone to switch to their platform instead of only convincing people to switch to their store.
The reason they make it that way instead of being able to choose what you run on your device independent of the kind of device is in order to lock you in.
Nooo, then what will HN do with the multiple-times-a-week and hundreds of comments a month complaints about proprietary systems run by mega tech corps? Seriously I think there were FOUR different "fix"-win11 tools on the frontpage in the last 6 days.
I use both Mac and Windows with no Apple account or Microsoft account. I lose some features, but gain privacy. Once I lost access to a Windows machine.
I see this repeated over and over, but there's no proof that "apple hardware" is better than any combination of every possible hardware out there, it's just fanboyism.
Anecdotes of bad hardware are everywhere, given that the majority of hardware are cheaper thus more prevalent. But a comparison of all possible hardware with the same price points? Not feasible, so it's all just feels.
I've been using Thinkpads since 2006, including fancy high-end ones such as X1 Carbon. I'm typing this on a newly purchased MacBook Air, and I do have to say: it really is very good in terms of hardware. And I don't mean specs, but ergonomics. Trackpad is truly as awesome as they say, keyboard is surprisingly good (kinda expected to hate it and amazed at how fast I can type on it), and overall it is just very comfortable. The battery life is unbelievable coming from Intel.
The software, now, that's a very different story. I really wish I could run Linux on this thing.
I'll preface this by saying that this is not a defence of Apple's SSO issues as outlined in this article; but I think I can bring some quantifiable points to this discussion.
Anecdotally, after over a decade of professional computer use:
- No laptop as light as an MBP that I've been exposed to comes close to the weight-to-stiffness ratio of that case
- No laptop out there has a trackpad that feels anywhere close to the MBP, that I've seen. It's a combination of palm rejection, latency, fineness of controls, and correct handling of multi-fingered gestures, with the actual glass of the trackpad being nice too.
- Most other laptops out there don't ship with as good a display. Granted, the MBP displays aren't P3 calibrated or anything, but the colour reproduction is great, and the HiDPI clarity is excellent. Font rendering in particular is outstanding.
That's just to name a few headline features. Is it possible to buy/build a laptop with those similar qualities? Hard to say. Trackpad drivers in particular tend to be tricky, and Windows precision drivers are the closest I've seen to Apple's trackpad feel, but those will typically fall apart on material feel.
I doubt that you'd be able to make or buy a daily driver that feels as good while spending a reasonable amount of money, and you'd likely spend a good amount of time sourcing parts.
I've had the opportunity to use three other laptop types during my career: two reasonably recent (at the time I had them) Lenovo Thinkpads, a Framework (briefly), and a recentish Dell Latitude.
The Thinkpads stand out, but fall short on the display and trackpad points; otherwise they had a reasonably rigid keyboard compared to the MBP. The Framework was fine, honestly. The modularity is excellent, but the deck flex on the first-gen model was way more than I'm used to, and the display colours were deeply meh. The Latitude was bulky, but I mitigated that and other issues by just running it closed-lid and plugging it into a display, mouse, and keyboard.
In the future you have people living in excile because the conputer says no. Nobody understands why. Nobody knows how to fix it. The computer says no. Nobody gives a damn.
You have no access to a bank account. No access to find a job. No access to get health care etc
I suggest people to watch "I, Daniel Blake" who talks about malfunctioning administrative systems, and nobody caring about it. I'm aware it's not related to credential issues, but I see it as the same: you have an issue that's related to an edge case, and nobody gives a damn about it, nobody takes the responsibility to look and see what's wrong about it
Last I saw you could enable full dtrace. Involved a reboot IIRC, which makes sense. I think the process wasn’t too different from what you do to enable unsigned kexts.
It’s… entirely fine that it takes a 3-5 minute process to disable security that keeps processes from snooping on one another. That’s an excellent default.
The fact that your device can become a complete brick, because of an issue in their completely hands-off account management system, smells like a class action suit
This is HN frontpage. It's on a big "Mac" website. The damage is done.
Many are going to write nonsense like: "Apple is still a $2 trillion company, so this obviously works for them" to which I'll respond with a simple question: Did it not work for Apple before these SNAFUs? Does it work better for Apple now, after fuck ups like that?
It's not normal behavior and they are losing customers over this.
We had an Apple "moment" in the family: around the 2012'ish MacBook Air era. Two at home and they worked fine, for about ten years. Then the battery issues, the keyboard issues, the trackpad issues. Eventually these MacBook Airs died a painful death.
I'm on Linux since the nineties (and, yup, I can get into my system with Apple or Microsoft forcing an online ID down my throat) but the Macs were convenient for the wife.
So we bought a MacBook Air M1. After 13 months or so the screen died alone, overnight: was working fine before closing the lid, was dead in the morning. There are threads with dozens of pages on that subject.
That's when I switched the wife to Ubuntu. Ubuntu, Linux Mint: she doesn't care. Heck, I probably could have her use Debian or Devuan (Debian without systemd).
Apple is done for us. It's over. We'll never ever buy a Mac again and I'll never ever recommend a Mac to anyone.
And I'm far from the only one thinking that way.
The damage is done.
Rationalize as much as you want, invoke AAPL's market cap as much as you want, and enjoy being locked out of of your devices without any recourse.
The only difference I've seen between Apple and my previous laptop brands is that their support techs are useful.
Ditto HP. Their machines are… not great to operate on (from a maintenance perspective), their hardware maintenance manuals are much lower quality than they used to be…
Only dell latitude hasn’t disappointed me yet, and I fix laptops as a hobby so I’ve worked on quite a few 2014-2019 machines.
I haven't done any deep research into my next laptop yet. My ThinkPad x220 is still going strong but it is getting long of tooth.
Can’t tell you, they refuse to ship or honor warranties to the country I live in at the moment.
I haven't bought one myself simply because I have my own units that still work 10-15 years later. The screens mean they're dreadful as actual hands-on laptop experiences, but they're perfectly fine for home servers with built-in battery backup and management console.
My HP hybrid tablet, now over 15 years old, still works (when plugged in).
My dad's IBM Thinkpad, older than most people currently on this website, still works.
Apple people like to claim that Apples last longer than their competitors, but that simply isn't true. Most people, myself included, can't tell you what Dell or HP support is like because we've never had to use them. But every Apple user knows what Apple support is like, because every Apple user has had to use them.
I've also used top of the line Dell laptops over the years and a Lenovo Yoga.
Way way back I used to have a desktop color Macintosh of some sort (I forget the model, a 68k, maybe IIci ?) and as PCs were getting tossed in the landfill for years while the Mac kept going and running most new software.
I just bought my daughter a laptop and decided to go with the MacBook Air m2. Great value for money IMO. Not sure what's even close in terms of performance, build quality, battery life etc. This should easily last 10 years.
And macOS software support is awful. It's completely random and up to the whims of Apple with some models getting only 6 or 7 years support if you bought at launch.
Meanwhile I just disposed last year a 2008 MBP with a swollen battery and cracked case that I used daily as a secondary device on my desk (for about the last 7 years) until day I decided that it was more a liability because of the battery maybe deciding to explode soon than help.
See here for some random MBP drop tests: https://youtu.be/8kLtQBF52m8?si=a42uejjR4rUWWg-F
The ThinkPads are pretty good vs. most laptops in terms of design and durability (going back to IBM). I still think the MacBooks are an overall better design. I owned 3 T410s for many years and repaired them and kept them going so I'm very familiar with their design (And all the things that broke or failed over those years). The laptop I'm using right now is a 2013 MBP (which has been my daily driver for a long time with zero issues) and I have a new 13" M3 MBP work laptop (a great laptop) and another 2012 MacBook right here with me.
I agree 6 year OS software support isn't good but the 2013 machine still got updates up to the end of last year (though can't run the very latest OS). That said, as long as applications run on the older OS it's not necessarily such a huge problem unless some critical security issues pops up.
Speaking for myself, I'd rather have the plastic Thinkpad. Lenovo commits well to the OS I use (Linux) and I don't want to baby around a laptop that threatens to bankrupt me if I drop it on the Starbucks tile. In terms of longevity, I can do a hell of a lot more with a 10 year old Thinkpad than I can with a 10 year old Mac.
> Not sure what's even close in terms of performance, build quality, battery life etc. This should easily last 10 years.
Recently picked up a Lenovo Thinkbook with a Ryzen 5800u in it. Basically a Steam Deck in sheep's clothing, with a nice HDR 1440p display. I gave it to my brother, and I expect it to last just as long (if not further with community driver support).
Not sure about drop resistance or cost of repairs. I've dropped MBPs and they were fine (anecdotal) and the MBP I'm using was literally hit by a car and was slightly bent as a result and still works.
The battery life of the air is supposedly 18 hours and having no fan is also nice. No laptop I previously used compares with my work MBP m3 for battery life or performance. The air weighs 2.7 lb. I don't know which specific Lenovo you got at but the Thinkbook 14 weighs 3.3lb.
That said, I did pick a 13" Lenovo Intel i7 about 5 years ago when I was looking for a laptop for my other daughter. That laptop is still going strong. It did die about a year after I bought it but was repaired under warranty (still a quality question though). But I think today Apple has pulled ahead and the prices on the m2 these days are good.
I've never had a good experience with Linux on laptops. The hardware support always seemed iffy. Power management also iffy. But I have to admit I haven't tried in a long while.
That HP hybrid? That was my laptop in law school. It still works, and it's great for drawing (though not as good as my Surface).
Their CPU fans fall apart. They tend to overheat. The hinge breaks- plastic. The display and audio quality is worse.
Apple laptops circa that era were notorious for heat issues, weak plastic, and poor displays. Their sound quality wasn't much better than a cheap PC laptop, unless you shelled out for a top-of-the line MBP..and of course a $2500+ laptop is going to be better than a $500 laptop.
Software support also sucks. At some point newer versions of Windows just don't have good support, the webcam from example doesn't work in modern Windows.
This is objectively false. I can still run software, and use hardware, from the 80s on my Windows 11 desktop. You can't even run 5-year old software on an Apple because Apple broke compatibility.
while the Mac kept going and running most new software.
This is objectively false. Older Macs can't runner new Apple OS software.
My web cam on the T410 doesn't work under the Windows version it's running and hasn't worked for many years (and I've had a few of those, it's not just one bad hardware).
EDIT: The variability of hardware on Windows laptops is just so much larger. There's so many different motherboards, so many different peripherals, so many different GPUs. There's no way Microsoft is testing against all permutations of laptops from more than 10 years ago with their native drivers. Lenovo doesn't have modern drivers for the T410 either and I doubt other laptop companies release new drivers for their old laptops. I've owned and used for work many Windows laptops from various vendors. I've had 3 T410s I inherited and I spent a lot of time trying to keep them going including cannibalizing some of them for parts.
The T410 works in Windows 11, so if it's not working for you, it's a simple driver update.
But on the note of Apple just working, there is an entire frontpage thread about how Apple isn't "just working" for thousands of people whose Apple IDs have been locked out. And The Verge currently has a front-page post about their Apple editor discovering that Apple doesn't just work and in fact has quite piss-poor speakers (https://www.theverge.com/24139303/mac-mini-laptops-desktops).
Yeah, I saw the Apple ID thread today. I thought Apple ID was optional. (e.g. I don't have an Apple ID for the MBP I'm using right now).
The article you linked to says: "My M2 Air had great speakers." It's the Mac Mini (not a laptop) that has poor speakers. Can't comment on that one.
EDIT: A by the way there is that I believe a T410 can actually have different components, i.e. some might have a camera from one vendor while others have a camera from another.
I have never contacted Apple support. Not once. Yes, really.
Unfounded claims are unfounded.
Sometimes devices break, sometimes they last for 20 years and keep on humming.
Also for the record, I'm also a Linux, Windows, and FreeBSD user running on HP, Dell, Lenovo, SuperMicro, Framework, System76 and DIY machines.
My experience indicates premium components usually (but not always) last longer than more economical alternatives.
That said, if I never had to use a Microsoft product again, I'd be fine with that.
The only time I’ve had to use support is when I’ve broken an iPhone screen to have it replaced.
I have used lots of HPs, Dells, Lenovos. They do last, until they don't and you have to reinstall everything from scratch because the hardware is different.
I did run mine pretty hard, and my HPs, Lenovos and Dells did go into warranty pretty regularly. I never saw it as purchasing a laptop as much as purchasing the guarantee of a laptop.
Apple got me because it would reasonably copy one laptop onto the next.
Apple used to make their devices to be too thin, and they could not thermally handle themselves. Especially 2017-2019 Macbook pros. Before then, most were pretty reliable. Hoping the new ones are.
Surface people, HP people, or Thinkpad people have all had to contact support at times as well. Is it more or is it less than Apple, is the question (and isn’t answered)
Every Apple user I know has had to contact Apple support due to an issue with their Apple device. Even the guy in this thread who claims never to have dealt with Apple support before had a comment in another Apple thread talking about their experience with Apple support. It was apparently great, but that's the problem. Apple service is great because almost every Apple user will have to interact with it because of a problem with their device.
HP, Surface, and Lenovo support can suck because so few people need to contact support for issues with their devices that it's not important to those companies to focus on support.
That is such an absurd statement. You’re even italicising “every” (twice!) as if you’re really convinced it is true.
Hate is severely blinding you to reason. They’re just consumer electronics brands, they’re not eating your children. Calm down and think for a moment about your assertion. Maybe talk to some people outside of your circle.
As for laptops I guess you are joking, I've yet to meet a single big corporation in Europe where macbooks are even allowed on premises, unless its some web app testing team or similar.
Some folks live in great echo chambers, I agree this site is a massive one for Apple. That's a simple fact, comments here confirm this. Which is fine on its own, but its not balanced truth you often find here.
Of course, I do sync my entire photo library with both Google (preserves the Livephotos) and Amazon (does not preserve livephotos), because I once lost an entire photo library due to a fuckup combined with an Apple bug. And I use non-Apple services for music and video.
Maybe just don't put all your eggs in one basket to the extent you can.
Apple's whole premium marketing shtick feels gone. Not only has the halo-effect worn off now that everyone owns an iPhone, but they're portioning up their own operating system to endless service integration and nonsense software offerings. Who the hell is paying for Apple Arcade? What about Apple Music Voice? Does anyone still pay for Apple Fitness+ without having forgot to unsubscribe? The whole thing reeks of Microsoft trying to market Groove Music and Onedrive to an audience of confused senior citizens and barely-literate pre-teen gamers.
Their hardware revenue is threatened, their software revenue is headed towards the toilet, and their latest product category is a non-starter. If you aren't preparing to see the worst of what Apple is capable of, I advise you get ready (and perhaps an alternative smartphone you feel comfortable using).
But again, I am a Linux fan (NixOS actually), despite it sucking ass in the user department
https://news.ycombinator.com/threads?id=pmarreck#40183776
On my return everything went smoothly through my laptop. Scary though.
My conclusion - have two physical phones + laptop all synced, plus hardcopy of important pswds etc.
Data is easier to protect by offline and online back-ups, but your online identity is hard.
My conclusion: Eliminate what little remaining usages of their services I have.
Doing that with iCloud and Google would be a colossal pain. This event has me thinking more seriously about self-hosting a few more things.
This. I never used the Apple's Cloud offerings to backup things - and I stopped using any Apple devices since the BatteryGate. I semi-degooglify my Android(s), and never use the "Google-*" (contacts, calendar, etc.). I block them with NoRoot Firewall and disable them, and use other apps for those services. I sync with my Oulook (2013) and my backup is with Carbonite. I do have to jump through a couple of hoops, but considering that I don't live under the threat of 'death' by Apple or Google to hold me hostage with my data/etc, the little effort is well worth it.
I try not to, but every year I log in and check and there is data stored in their cloud that I specifically tried not to have stored there.
Well, if you used Google 2FA, the Authy app exists, and allows you to securely store 2FA in the cloud (as long as you remember your Authy credentials).
If you don't, then yes, your physical phone essentially becomes a dongle and if you lose it, you're screwed. Perhaps they don't educate users enough about this, but that's the fact
For Google/Apple/etc., I'm either not paying them at all (in which case they have very little incentive to help me off someone goes wrong), or I am, but for a basket of services. The identity portion of those services is probably not what that company is focusing on providing, and any weirdness with any other service in that basket could cause me to lose my access to the identity bits, often without recourse.
And keep in mind that being a domain name registrar is a low margin business (typically they're only grossing a few bucks per domain per year, before accounting for any other expenses like staffing and systems), so you're not gonna get great support.
(My Google account is dead even though I have the username, password and recovery email which forwards to me since I don't have the phone number)
I believe they are advocating for minimizing risk by not deeply integrating with capricious cloud providers.
However the big problem is I am frequently banned from emailing gmail or office365. Never Apple for some reason. So I can read email but I can’t that well send it. But I don’t really care much, mostly people have to tell me out of band to check my email if they have sent me email. My email sessions are mostly a review of current spam practices and questionable emails from firms I have done business with.
(And to be fair to apple here - they didn’t do anything wrong here, strong end-to-end security inherently means allowing these states. Otherwise the cops could order apple to unlock it too, and apple wouldn’t have a moral ground to object if they’re regularly performing the task in other circumstances. Otherwise people could social-engineer apple support to unlock a stolen device, or their partners. To a certain mindset, google and apple not having any real support is a strength because there’s no way to social-engineer your way past the actual security. But people want both the idea of E2E security and the convenience of being able to remotely un-register a laptop from someone else's account...)
Anyway, that failure mode wouldn’t exist if they were logged in to their account, and e2e encryption makes that a very low-risk thing overall.
Apple can’t see where to it devices are anyway, without doing a song-and-dance to authorize the session on a pre-authed device. Airtags and iphones have a rolling hardware identifier for bluetooth and wifi based on a cryptographically strong pseudorandom sequence, and apple can't correlate the identifiers back to an actual device without a pre-authed device relaying the sequence from your account. Etc etc.
Apple have actually done the legwork to make sure they can't see anything (or be forced to reveal anything) if you don't want them to (by enabling E2E), and that actually does drive a lot of "user-unfriendly decisions". And sure, android people will say "that's awfully convenient", but, the end state is still a lot stronger than any other major offering regardless of why you think they're doing it.
Losing your entire online identity because you didn’t pay on time is an absolute show stopper for an enormous number of people.
Most people are not tech people. They do not know or car, or even care to know, about the details and importance of maintaining and protecting an online identity. They won’t remember to update payment details until things start failing. They won’t check their email frequently enough to notice before this happens. They will ignore text messages, either assuming they’re scams, spam, or unimportant.
People also have a mobile phone number with a plan they have to pay for. I don’t see why a domain should be any different, and it isn’t actually that different in my country.
Another 25% had their bank balance go below zero in the past year. And that number is worse than it sounds, because it doesn't include people who have selected to have transactions fail instead of put their balance below zero. https://www.consumerfinance.gov/data-research/research-repor...
The biggest impediment is probably that most people aren’t willing to pay (say) $10 per month for a domain and email hosting like they do for streaming services, because they’re used to email being free. So they remain at the mercy of the big providers.
But I can at least encourage the HN crowd here to move to independent services and to use their own domain.
This was in 2008, so the software ecosystem lock-in strategy was already well-established back then.
You could always edit artwork in iTunes. Indeed, you could import albums from your own CDs and not even use the iTunes Music Store at all.
From the guidelines:
> Be kind. Don't be snarky. Converse curiously; don't cross-examine. Edit out swipes.
> When disagreeing, please reply to the argument instead of calling names. "That is idiotic; 1 + 1 is 2, not 3" can be shortened to "1 + 1 is 2, not 3."
> Please don't fulminate. Please don't sneer, including at the rest of the community.
https://news.ycombinator.com/newsguidelines.html
Storing them seems problematic, but it really isn't: They're just random-looking 8-digit numbers and nobody but you needs to know that they belong to your Google account.
Or, KISS. If you're happy with the idea that the SIM card controls the key to the castle, as it seems that you are, then: Put a backup code in a contact in your SIM card. (It is kind of a lost art these days, but SIM cards are still data storage devices here in 2024.)
[1]: https://support.google.com/accounts/answer/1187538?hl=en&co=...
Did you have 2fa enabled by any chance? I have 2fa via TOTP on my accounts and while they offer using a signed in phone as a verification option, using TOTP was always an option, and I was never locked out of my account.
>Despite having the original sim in the new phone.
That would only help if google had some way of tying the installed sim to your account. Given the privacy implications and the technical difficulties, I wouldn't be outraged at the fact it didn't take your sim into consideration.
[1] https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh...
And then say, Meta decides to ask for login verification on your other device, and you lose that account because you always logged to it through a browswer in private mode, so no device actually has an active session. Happened to my wife the other day.
IT "Security" is reaching new heights of being bullshit. You can't win, and asking people to buy multiple devices and keep them continuously in sync is a bit much, and not even a guarantee of safety anyway, as next week Google or Amazon will hit you with some next weird trap to keep you "sekhure".
You likely don't need to buy multiple devices. I log in from random countries/VPNs all the time and never have issues, but I do have 2fa enabled. If your account only has a password and there was a suspicious sign in attempt, it's reasonable for them to ask for additional verification somehow because you could be a victim of a credential stuffing attack. It's hard for companies to win here. Either people complain about their accounts getting randomly locked because they were on vacation in Romania and tried signing in on a new device, or the companies get grilled by the media for "failing to proactively protect their users' data" or whatever.
Maybe the companies can't win, but they also have themselves to blame. They shouldn't have convinced people to entrust their only copies of data with them. Your vacation photos should not depend on someone's cloud platform. Half of your entire offline life shouldn't depend on Google not randomly locking you out of GMail. But here we are, and I'll keep calling those "security updates" bullshit because they don't care about long tail, and they don't care about hazards they create for most of their users.
I abandoned my facebook account when they asked for my driver's license scan, a few weeks later suddenly they didn't need it after all. My BIL recently wanted me to check sout omething he had setup on facebook and I found I could "login" by clicking one of the "what are people doing" spam emails they send. I've never used it on this PC before and have no idea what the password even is anymore. Super secure.
Unless you explicitly logged out, they likely to see the opposite picture, i.e. numerous "valid" sessions (as opposed to active) that haven't been used for varying lengths of time because you logged in, but from their perspective, you never logged out. You just cleared your cookies which means the session is still "valid", even if it's inaccessible to you because the session cookies have been cleared from your device.
I don't know if they take any of this into account but as you've pointed out, assuming that the rightful owner of the account must have access to a different session is a huge assumption to make.
2. Save those backup codes.
3. Be able to get those backup codes in some worst case scenario.
I have had to start from scratch before but never have been locked out.
The fact that we are stuck with a pair of global apathetic undemocratic identity providers is absurd. And one of the reasons why that "shattered dream of passkeys" is on the front page. At least that dream got shattered, it would be worse if it went through.
So if you don't tie all your contacts, sync and backup to your google account, you can have a phone that they won't lock you out of.
Why do you need more than a single phone plus a hardcopy of your Google recovery codes (assuming you know your Google account password)?
Society was collectively sold this deal where if you entrust everything to a trillion-dollar company, you'll be treated well and this sort of thing wouldn't happen. Yet it appears to be happening, and the trillion-dollar company that has the resources to deal with this so far isn't being very helpful, and it's falling to the consumer to take insane amounts of proactive measures to not have their digital lives fucked up when the exact deal was that you wouldn't have to, but of course now the party line will be "well you were obviously stupid to believe the trillion-dollar company's trillion-dollar marketing, then."
And I'm annoyed as one of the people who did not buy into it.
Because, as I can tell from a similar experience to GP's, they also won't save you if the authentication infrastructure decides you're not who you say you are.
- I have my recovery codes
- I have access to my recovery email address
- I have access to a TOTP token
I would hope this is sufficient to persuade Google's authentication infrastructure to let me in.
An Apple or Google account is far too important to people's lives to let them hide behind the "we're a private company and can do whatever we want" canard. They do need to have the right to ban spammers or people using YouTube or Drive to infringe copyrights but just randomly shutting off somebody's email or somebody's ability to make video calls should be against the law. The same would also apply to a text chat company like Slack or Discord banning somebody's work account for no reason. Certain tech companies have government-like levels of power over people's lives so they need to be restricted in how they can treat users like the government is restricted in how it can treat citizens.
Some people use iCloud for email, calendar and storage so for them I imagine losing access to Apple ID would be just as bad.
But even the more permissive laws have many exceptions, like not applying to perishable goods, underwear, lipstick, etc. and it's heavily tilted for unused products or very light us that doesn't affect the value of the product when re-sold.
When the product doesn't work like in the case of this Apple situation, it's not even a question. As long as the hardware is not damaged and everything is return, "the law" completely sides with the consumer.
Likelihood should affect your behavior in the same way it affects whether it actually happens and it did.
"Fool me once..."
That's similar to the odds of dying in a non-Boeing plane ride. Even if the odds were one in a million, that's about the odds of being struck by lightning over a lifetime.
I'd think someone returning a phone over this was regretting the switch for other reasons. It's fine to keep using Android.
- unauthorized access related to the lockouts and support requests you already described
- unauthorized activity related to something else you didn’t mention (even if unfounded)
- some other unrelated but specific violation of TOS or other cited rules (even if unfounded)
- zero additional information, perhaps reiterating some previous finding (even if unfounded)
I’m giving you the benefit of the doubt, but I agree with another commenter that it sounds like something is missing from your story. Details like these might help us understand how your experience fits the pattern of accounts in the article.
They didn't tell me what was wrong, as supposedly the support is not allowed to disclose that. All they were repeating is that after a confirmation of which account it is, they will put in an unblock request. It's supposed to send you either a confirmation (which i got the first time), or a denial message. I never got a single one of the latter. A few calls later, the system prohibited putting any new requests in, with no option to override, "supposedly".
I'm not sure if you've ever worked in tech, but a good early takeaway is that billions of dollars does not necessarily buy billion-dollar code.
Sounds like you have been scammed. Maybe just try to get your money back?
A real way to hit these kinds of companies selling defective products is to coordinate simultaneous small claims courts cases around the world.
I mean, yes each claimant gets 0.53 cents (applied to their next purchase), but don't the sued companies still shell out millions?
This is bizarre and fucked up even from Apple's standard. Did you get to know anything about it - what happened? Did those legal notices seem to be automated? Any inkling what could have triggered it (False alarm? And Apple is known to hide its incompetence in this manners)?
After filling out an online form you receive in a year or so, then waiting another three, you'll get a check in the mail for $2. Justice! Hooray!
The only people class action lawsuits benefit are the lawyers.
[0] https://appleinsider.com/articles/24/01/06/apple-finally-sen...
I am wondering if your account was collateral damage of an automated system detecting misbehavior of the apps.
You (and others like you) need to meticulously record and assess the financial damage the lockout does to you.
J/K. But since it's Apple, nothing is far off.
Getting cut off from one of these places can have a huge impact on people. They happen without warning and often without explanation.
I think they ought to be forced to be more open around the process and how to get help in general.
For Apple I have usually managed to get a hold of some support. Often not helpful but at least somebody.
With Google and Facebook I have never been able to find anyone.
Sameting that is demonstrated on this site frequently when someone will post a plea for someone who knows people at Google who they can't contact on their behalf. Since they can't get hold of anyone themselves.
(Yes I am sure its covered in the EULA several times that there is close to no support)
(For Google Workplace it is usually possible to get a hold of someone.)
This is why I've always rejected the concept of vendor "ecosystems" and cloud-first SaaS solutions for my personal computing. I've also designed my life so it's not dependent on having uninterrupted access to Facebook or Gmail.
That's because you aren't the "customer", you're the product. The people paying the bills for Google and Facebook are the actual customers.
With Apple it's supposed to work differently - the user is the customer.
Google, not so much. I've yet to find someone to unlock my Google account, even though I've slowly been working my way through their phone and email directory. [it seems everyone has access to the internal phone/email directory? and people sure want to hand you off to someone else to fix your problem..]
Recently when setting up GrapheneOS (android OS distro), my login to google play services was delayed by 24 hours for 'security concerns', after authenticating via youtube app. (Try to go OSS? Here's a 24 hour ban).
It's funny because the forced youtube app authentication itself is not a security measure, it's a dark pattern to force the youtube app to be installed and opened. Logging in by phone or email quietly doesn't work anymore, the SSO messages never reach their destination. I find it hard to believe that this is not representative of google's perverse incentives.
Consistently disgusting, rapacious company.
In the other hand, if Apple suddenly found out that a good chunk of encrypted volumes weren’t actually encrypted / the key was recoverable by an offline attacker, this would also explain the facts.
But the lack of explanation from Apple is troubling.
And what command line tool are you referencing?
On iOS or macOS? Was a consent dialog presented before the update was installed?
Afterwards I wondered if it was just storing the recovery key I already had in iCloud or if it had generated a new recovery key and my saved one was invalid.
I checked my recovery key ("sudo fdesetup validaterecovery") and it was no longer valid. A bit of Googling failed to turn up a way to get a copy of the recovery key that was in iCloud, and I decided I'd rather have a recovery key I store myself in case I need to recover when I cannot get online so I switched it back.
Switching back is easy. You just turn off FileVault, then turn it back on and choose to manage the new recovery key yourself.
https://news.ycombinator.com/item?id=38043574
Understanding what the problem is is essentially impossible. Going to a physical store doesn't help, calling their customer service has them telling you to go to www.apple.com/support (???), and writing for support has them rotate you through 4 different, and decreasingly useful, representatives.
The last response I got I was told the issue had to be handled by yet a different representative and it would take an "indefinite amount of time". Which may be a nice way of them saying it's never going to happen.
It really is demoralizing when you realize there is nothing you can do really, even in cases when you have done nothing wrong.
Not impressed to say the least.
We gave up and re-built it as a web app. The thing that convinced me was the realization: When was the last time you installed/used a non-game App on the app store that, by your assessment, has less than 1 million users? I looked down my list of installed apps and realized that indie apps are kinda dead anyway. And our web app has been pretty successful.
I gave up in the end. But I will have to sort it out before I can release the Mac version of my current project.
The DUNS stuff was pretty funny. All flows related to getting an ID have a big "Are you doing Apple dev stuff?" button. It's like Apple outsourced support to them. Apple's DUNS lookup tool saw my business and the correct DUNS number, but trying to register with it got an error...eventually dissipated after a couple weeks. Same story for registering an account in the first place: it refused to register james@tld.com, where tld is a Google Workspace account, with no discernable error. Again, dissipated after 3 weeks, thankfully.
Apple is crazy. My iPad with the authenticator broke, and even though I filled endless forms, verified emails and phone number they just keep sending me emails I was gonna be called by support at a date 3 weeks away.
Got no call, restarted the procedure. Got called in January, and it was an automatic voicemail or something..
I literally couldn't use my work machine (had a backup desktop to use).
Needless to say, except for the MBP I sadly need for work I'm not giving apple a dime for my life.
https://reportfraud.ftc.gov/
My experience, on the phone and via Message, has been uniformly garbage for years.
It used to be that you could go to the Apple Store and the "Geniuses" or their management would make it right.
What the hell happened??
I admit I had to interface twice in my life with apple support (this was the second).
But the first my iPod stopped working, and they just mailed me a new one without even asking a question or taking back the broken one.
I hope legislation will force Apple to step up and be more transparent / helpful.
https://skogsbrus.xyz/dont-put-all-your-apples-in-one-basket...
> got my Macbook Pro from work and signed in to my Apple ID on it.
Wouldn't this result in unintentional data sharing from the work device to your personal devices? (and vice versa)
As an Apple noob at the time, I assumed that if my MDM-managed device prompted me to log in with my Apple ID, that it of course would be an allowed action.
With regards to data being shared, the only thing I noticed was wifi passwords and peripherals pairing (apple keyboard).
Never mix work and personal. It isn't worth it.
Logging in takes control of your device out of your hands.
https://news.ycombinator.com/item?id=28554400
They had one of the cheapest registration costs. And so ended up with a high concentration of spammers compared to older established tld’s like dot com. Using the tld for legitimate purposes is really challenging due to the high number of systems that flat out blacklist it.
xyz has been accomodating to scammers ever since its inception. After a decade I think we can say that it is on purpose.
The problem stems from nefarious groups getting a hold of email addresses and running distributed dictionary attacks.
Apple’s response is to prevent all logins (including valid ones) from accounts that are under attack.
Unlocking the account involves calling Apple, they’re not going to tell you why the account was locked.
zero issues since.
> The problem stems from nefarious groups getting a hold of email addresses and running distributed dictionary attacks.
years back my email was leaked by a website that i never visited. apparently someone signed up using my email address and the website never verified the email.
in the meantime more and more people used the same email address [0] to signup everywhere (it’s not the same person, i checked).
[0] gmail ignores dots in usernames: https://support.google.com/mail/answer/7436150?hl=en#:~:text....
at this point my emails should be random hashes@random hash domain
For example I give custom email addresses to every service I sign up for, then I can see who they on-sold that information to, or if the email address turns up in database hack.
The only thing to be mindful about with this approach is to choose a service that gives you a fair bit of control over how to manage that incoming email. Such as being able to bounce or block specific email addresses including the use of wildcards, because I notice some hacking groups will try permutations based on the original email address.
Does account sign-in also ignore dots? If not, if sign-in is sensitive, there's a path to somewhat better safety: Start incrementally moving all daily email to variants containing added dot characters.
I use [REDACTED] as a provider and I create an email address/account (if possible) per company/domain I interact with (e.g.: personal_github@domain.tld or amazon_personal@domain.tld). This produces two results:
1. No shared credentials across any space.
2. Any junk emails to these addresses immediately tells me who's sold it (or been hacked) and I delete the account[s] and relevant email aliases and get on with my day.
Some services, like Firefox, are starting to offer a form of "hide my email address" but this doesn't solve the problem of using <fistnamelastname@somepopularhostingservice.tld> as the same login id across a lot of services. If that was dumped somewhere, it is probably a strong bet someone has used that as their login, elsewhere.
I don't know if there's another viable solution - but this reduction of possible login ids to one unique id per site is the only way I know how to (possibly) prevent myself from being an easy dictionary attack target.
Edit: formatting
Citation requested.
Got a message on her phone (settings notification). She had to change her password through the settings app.
Called Apple just to check and they said they weren’t seeing any weird activity. That they did see the password was changed, but no weird login or attempted logins.
So, in my sample of 1, that wasn’t the case.
Yet did not give a cause for the lockout?
Are Google accounts similarly vulnerable to such attacks?
In the app we have released, we use an email (we don’t care which one, as long as it can receive email) as the login ID.
The main reason is to limit the data we require be stored on the server.
We only have one required PID item: the login ID. The user also enters a display name, but that can be anything, and does not need to be unique.
Since we need the email anyway, we would need to have it stored separately, so this means only one PID item is stored. We also afford Sign in with Apple, which allows the user to obfuscate their email.
Not having the information is the best way to ensure it doesn’t leak.
However the issue with using something like a gmail or hotmail account is that instead of targeting Apple's servers, they just target Google and Microsoft's instead.
That's a requirement of the app, and why we need to store emails.
Can only advise that you should have recovery contacts and a recovery key set up in case something goes wrong.
The email addresses ending in @icloud.com are scraped from a master list and the attack is directed to apple, while the custom domains are ignored because there is work involved in figuring out where those are hosted.
iCloud lets the user generate secondary email addresses, it’s better to use that and keep the login email address secret.
Seems like a dangerous advice for a regular person who can just go to Apple and get stuff back?
Regular person can’t even remember their email address so a good point though.
I ask because Apple's docs helpfully say
> If you decide to stop using a recovery key, follow the steps above on your device and turn off recovery key. When you do, you can use account recovery to regain access to your Apple ID.
But the "steps above" only describe how to turn it on, not off.
Edit: thank you.
My Apple ID uses a unique password, I keep a recovery key, I don't have its login credentials saved anywhere, and it's a dev account; so I have my LLC's DUNS number attached to it. My devices are the only ones listed in my settings portal.
I have no idea why I get these notifications, lol.
Perhaps so that someone who found your iphone unlocked can't just keep using it and your iCloud in perpetuity?
Yeah, that's what I tried to guess too. Like, maybe those are sent periodically?
Could be there's some heuristics like "logged in from a different city" or such, too.
Or a device on your network is or was compromised and used as a channel to attack others on the internet.
Or your ISP has given you a public address where the last owner was abusing it.. or perhaps the whole ISP block has been added to a shitlist.
(Please don’t reply to this with your anecdotes about the time you had a bad experience at the Apple Store. I’m not saying they’re perfect. But these situations in the OP are rare.)
That said, not everyone needing support has access to a Genius Bar, and not every Genius Bar employee knows every possible answer to every possible question.
But, to claim they chose to be insulting is just mistaken.
Someone made an absurd statement to you about Apple, so you have spent the last fourteen years trying to avoid conversations with people who like Apple products?
It's not rare to read comments to the effect of:
"Why are you, a single person, doubting the decision a trillion dollar company? Certainly they know best".
edit: Algolia for the win. Quick search [1] returned this pearl from 7 days ago [2]:
> What would you have them do? Sacrifice a trillion dollar business in token protest? You’re just a keyboard warrior with no point at all who would make the same choice and justify it the same way you imagine I do if you were ever in the position they are.
[1] https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
[2] https://news.ycombinator.com/item?id=40098425
This example demonstrated to me that Apple is a religion, after many other examples. Try reading Apple's blogs, it's crazy.
I recommend not trying to talk to extremists in any area. Your life will be much better.
I have no idea how to untangle this dependency chain. I'm using registrar in my country, so if everything goes wrong, I can just contact them with my ID and hopefully fix things up, but I'd prefer to have 100% reliable e-mail in the first place.
You have to depend on someone somewhere. Just make that dependency less of an issue should anything show stopping happen.
Personally I’d like to see some legislation around identity providers and service levels and account retention.
And my email is on Fastmail under a custom domain. They have good support so far
Anyone who published papers which included their academic email address will want it to persist forever. Paper publishing happens to be a special priority for many educational institutions.
I had read Apple is switching the name AppleID to be Apple Account or something similar at WWDC. Me thinks they are quietly pushing code that somehow is causing this for people.
Maybe it’s an age of account issue or some other commonality.
I signed up for an at me account twenty years ago and still use that as my living and haven’t had issues. Maybe icloud.com users?
This morning, as a precaution, I changed all my important passwords.
Good to know it wasn't just me.
there are caveats to passkeys thou.
But none the less, I liked my old password and had to change to something else.
So... anyone with just your iCloud email address can get you locked out?? That's not what I would call secure...
I noticed because I got a prompt on my phone, which requested I allow (or disallow) the access.
Since I'm pretty good about password hygiene and security, I of course changed my password immediately and force-signed out all my devices.
That being said: if someone has a password list and is using a bot to scan them all; Apple will of course lock-out sign-in attempts.
Not to say what they're doing is right, there's better ways to handle it. But if I were to apply very recent anecdotal data to this even then this is a meaningful conclusion I could draw.
Of course?? That would be insane. Password-guessing bots are all over the place. Apple should not allow them to cause lockouts.
> taking drastic measures is their only option.
Less drastic would be to come clean and say the lockouts are by Apple themselves.
On the third hand it is an apple leak, they've been given a sample list by whoever is ransoming them so they've enacted overly strict heuristics that apply to everyone.
That being.....?
Its a common problem that can cause denial of service to users, but failure to do anything can lead to account compromise.
> failure to do anything can lead to account compromise.
Only on negligently managed accounts, right?
What's convenient may also be a bigger security gap and impact than many ppl realize.
The recent threads about PalmOS phones seem timely in hindsight. With Palm devices, you installed apps yourself with a sync cable to your computer, and there was no convenient app store, no one could lock you out of your smart phone and your life. Maybe that's an option that should come back. iTunes used to backup and sync just fine.
If there's no real acknowledgement or detailed coming out about this, it's very possible it's a cybersecurity incident of some kind that is serious enough. And it's not just an Apple thing. This has or will happen with every digital identity provider.
There's no one to really pick the phone or answer an email at google or apple when it comes to your digital identity that they want to be holders and providers of.. At least with the government there's a DMV or registry to go to.
I have had iPhones for more than a decade, and I never leveraged any "feature" of having an Apple ID on any of them.
I've never bought an app or spent money on one, and I don't use iCloud, so the Apple ID for me is literally just a gateway to downloading free apps that I can always redownload with another one.
You can't even wipe the hard drive and reinstall macOS without access to the associated Apple ID. This is a good measure to dissuade thieves from wanting to steal Apple devices, but it is a terrible measure from the point of view of a user who has lost their ID.
I said "if your device".
**IF**
Is it difficult to understand?
If it isn't associated (with "find my" turned on) there's no issue. If it is, and you lose your apple ID, you are SOL. Turning on "find my" with an associated apple ID is the same as making Apple the only entity that can truly control and own your computer. You can no longer reinstall macOS without your apple ID if there's an issue.
In fact 98% of the revenue on apps come from free apps.
Without being signed into an AppleID you cannot install free apps either. And if you install then sign out, you're also blocked from updating the free apps.
This started a Kafkaesque process where the Apple site for reporting your phone lost and initiating a claim with AIG failed to work because the phone had been lost for more than 3 months. Support was useless, they pointed the finger at AIG. AIG pointed the finger right back. Several escalations further and 6 months later, we still have no replacement phone.
I'll never, ever get Applecare again.
"IX. DUTIES IN THE EVENT OF LOSS You must report the Loss promptly to Our Authorized Representative not later than sixty (60) days from the Date of Loss. If You do not report the Loss within sixty (60) days, You will have forfeited Your claim."
https://www.apple.com/legal/sales-support/applecare/applecar...
This does look more like a glitch on their side though...
Reminder for any iOS user that needs instant iCloud Photos backups (instead of manual monthly), get a Mac Mini, enable the Photos app, disable optimize for storage and keep it on to keep your memories safe. Always check the recently deleted folder on the Mac every month since iCloud by design is a two-way sync and not a backup, unlike most clouds that are one-way upload (doesn't touch your local files).
Cold storage backup every month using the photos on the Mac should be easier as well.
To overcome this limitation, I developed a MacOS app that creates a full backup of your Photos library. You can safely store this backup on any external storage like a NAS, network drive, internal disk, or external disk. Check it out here: https://ibeni.net
Compared to the "iCloud Photos Downloader," which scrapes data from iCloud, my app uses the official Apple Photokit APIs to back up your photos. This method is more reliable and efficient.
Apple will let you talk to a human I guess but you have to make an appointment. Google I have no idea.
In particular, an attempt to normalize the data to stave off reporting biases you get when reading the comments section in HN, Reddit, etc.
It feels like medical conditions… without statistics, there’s just too many of them to be fearful of. Not that this issue isn’t worth criticism and discussion. But I can’t tell if I really ought to care personally right now or not. Life’s just a wee bit too short to act on every report.
Apple HomeKit has completely busted for me. I've done hard resets of all TVs + HomePods 4 times, tried 5GHz and 2.2GHz....no difference. It's Apple's problem - clearly with either their latest OS versions and/or their cloud. I just had to replace a TV remote that didn't even last a year.
Anyone want to buy a MBP, iPhone 8, iPhone 12, iPad, 5 HomePods and an Apple TV...? :)
Even if that were the cause of many issues, it seems like a really simple fix to adjust the selection algorithm. So why haven't Apple done it?
Any dependencies on 3rd parties can be broken at any time without recourse be that Steam, Amazon, Google, Facebook, Apple, or less obvious services on smart devices.
Difficult to avoid though for some cases like streaming. Fortunately I had a backup of my playlists. Still annoying. I wonder if those kinds of things happen with spotify as well. Because once your subscription ends you're only relegated to a free account, not deleted.
Sounds like a lie everything disappeared after 3 months
Maybe if I subscribed again, there still would be something. But I won't.
The support person on the phone also told me that everything gets deleted once the subscription ends, even when it's by mistake. Which seems to have been the case with me.
It is staggering that a company this big has nonexistent support and I think given the decline in their quality over the years, this will become a bigger and bigger problem. Unfortunately for most people the alternative is Windows, where Microsoft is abusing their monopolistic market power to shove ads and their services everyhwere.
We really need new antitrust laws to break up these companies and support fair competition, and we also need regulations to reign in the biggest technology companies.
1. They get a lot of dumb questions. If you want a “talk to an engineer” bug report, you really need to prove competency to the support staff. Obviously be nice because they’re not the source of your problems they’re just trying to do their job.
2. Chat staff aren’t able to do much, phone staff have more power and insight. Chat staff can’t see your account, can’t issue pity refunds, can’t make choices outside of the generic script. You should call during US business hours if you’re trying to call the US support. Best case scenario is finding a college student.
3. They’re required to have you follow the generic published help scripts first. If you pull up the webpage and directly tell staff you followed each step - then read them the steps for proof you know them - they’ll often be able to just to the “custom help” portion.
4. If you make any reference to the TOS/Laws/etc they will mark your account as troubled and you will never get service again. You get legal canned responses only. They seem you not a valuable customer anymore. Don’t reference warranty law, definitely don’t threaten to sue, etc.
5. They can see how many apple products you have registered, how much you spend, etc and the customer service agent can decide how generous to be. If you only own a 5yo iPhone, and you’re contacting support claiming the screen magically broke in your sleep they won’t help. If you’ve upgraded every iPhone in your house every year for a decade, they might be nice when it “magically breaks on its own”.
6. They have minimal training outside of the above mentioned docs. Again, the phone staff has better training. They have common devices in front of them, and if you can get someone sympathetic on the phone, they might try to reproduce it live. That’s the golden ticket to a bug report.
This is problematic. They'll be happy to parrot out whatever TOS section you violated if you get banned under TOS, but completely stonewall you if you bring it up?
In situations like these, I draw analogy to a hypothetical legal system that does the same thing. Imagine that you are defending yourself in a court of law, and you bring up a specific legal code in your defense. The court then brickwalls you and assumes you are a bad actor, and you get thrown in jail. I know the analogy isn't perfect, but none are.
I really doubt that calls are disabled since it's "just" appleids, but the irony is still amusing. Landlines still have some uses after all!
The idea that a sales person in an Apple store is taking 20 minutes or more off the floor to provide some random caller tech support when they don't have any of the tooling around it, can't see your account, very little if any access to support databases, let alone account manipulation, is laughable. Apple does a lot of things. This isn't one of them.
From user pov, this is frustrating.
I can't see how this can be solved.
super weird, somethings going on
It's a shame it's even legal to discriminate people's browsers based on shady stats and not actual abuse.
I've logged into years-dormant Gmail accounts, from small towns in Mexico on a $2usd Mexican SIM and google has not even batted an eye.
It's not like people are encouraged to keep their valuable data with these companies, only to lose the ai-fraud-detection lottery.
Now when trying to configure a Recovery Key from my 2021 iPad Pro I’m told that I can’t do that from ‘this new device’ of mine. ¯\_(ツ)_/¯
And when I try it from my iPhone I have to wait an hour because of Stolen Device Protection. Apparently I’m not at a ‘familiar location’. I’m at home. I work from home. This phone is in this house for 99% of the time.
Not amazing is it.
And tech companies again demonstrate that they are "all about the user" by providing no clarity, acknowledgement, or empathy around the issue. It's depressing.
Perhaps this is real talent in tech: to make things seem rather than be, and to build ways to avoid service and accountability unless it leads to max profit.
I shouldn't be surprised each time this happens, but optimistically I still am.
I use a gmail email as my login
To set up your iPhone, you have to log into your Apple account. Macs don't care as much.
If you use "Log In With Apple" then you'll lose that. And if you've decided to use the terrible Passkeys idea, you're locked out of that too.
(1) AppStore This is especially relevant on iPhones and iPads where this is the only way to practically access software and updates.
(2) iCloud Data sync and backup. Some iPhone/iPad software might insist on this to work.
(3) Subscriptions, purchases through Apple Music, software, movies, TV shows, Fitness, etc.
(4) ID for other services Using ApplelD to log into other services. Some don't allow for any other way of signing in.
Any Japanese users out there?
I mean, ffs, the only 2fa option for an Apple ID is SMS auth. Just not a serious company when it comes to actual services.
When your identity provider has total control over your life, and you signed away your right to sue for damages, this is what happens.
[1] https://www.apple.com/support/systemstatus/
Unfortunately it's in Italian, basically if you don't accept windows (and office) tos you can be refunded, almost nobody knows this except some Linux users. However, if you follow the steps (such as not accepting the tos) you're basically guaranteed a refund or to win the legal dispute
Rejected the TOC. Made a meticulous image report that showed careful unboxing and setup.
There was a line in the TOC that (from very vague memory) disallowed using the OS for a.o. nuclear power mgmt. I did work in energy back then (but mostly webdev), so I could not rule this useage out. Send it along to Redmond and got a prompt reply from som e salesman for some kind of "industrial licence" for insane amounts. A few back and forths later, I got a measly €20 Euro's back. They put the rest down to admin fees, and OEM discounts.
Anyway. It ran SUSE and (k)ubuntu perfectly.
I guess it's much easier nowadays. But I buy my laptops preinstalled nowadays. Open the lid, answer five or six questions, restore my backups (/etc, .files, ~), reinstall the packages from packages.txt, reboot and continue working.
what's that? well some anonymous group saw login.gov, realized the value of the data, and lobbied that it should be open to free capital markets to explore, not the government!
so now if you want to even talk to the irs or veteran service, you need to go to that privately owned id.me site, do a video call, scan all the documents they ask for (even ones without visible anti counterfeit mechanics like your typewritter filled ssn card).
and the best part? right after you create your account, you land on a coupon clipping page that is a facsimile of the garbage pamphlet the usps is forced to shove daily in yout physical mailbox! and among the links on that page are links to Whitepapers about how advertisers can benefit from buying user data from them because it includes gov affiliation like vetetan, taxpayer, etc and bank information!
My experience status pages (with Azure) is that they are a PR/legal mouthpiece. They only change once something becomes newsworthy.
https://en.wikipedia.org/wiki/Goodhart%27s_law
Goodhart's law is an adage often stated as, "When a measure becomes a target, it ceases to be a good measure".
As for not suing them, I suspect that wouldn’t wash if you were deprived of property due to a software issue.
what's a few thousand people per month losing all access to their data, if that is not even a blip on their revenue or revenue protections?
if you're going to buy a new iphone, you're going to buy a new iphone. it doesn't matter the slightest if you read some nerds complaining something broke one theirs that same week.
but if you're close to a monopoly, numbers go up with market size increase. you can lose ((market size Delta) - 1) until your bonus motivated employees have to care.
Error: 'normal' undefined.
;)
For most people, losing their iCloud or Google accounts would be devastating.
I always joke that I'd rather lose all my documents and credit cards than lose my main e-mail account. And only tech savvy folks understand that it is not, in fact, a joke.
The reality is that if you go to any family BBQ and start going on about the importance of self-hosting, I - someone that’s been working with computers my whole life - am going to roll my eyes and not be all that interested in the conversation, let alone anyone else there (chances are they don’t want to talk about computers at all).
The reality is that these open-source / self-hosted solutions are, the vast majority of the time, harder to use and maintain. There are few things that sound less appealing to me than dealing with the realities of helping my family and friends with using any of that stuff.
This is all just some nerd’s out of touch pipe dream.
Yes, though only because it's a lot of trouble to set up today.
If it were completely commoditizated -- imagine one more button when setting up a new phone ("Choose where your data resides: Apple, Google, Facebook, Self hosted") and it was completely transparent then it would be used much more, especially if that's complemented by one of the nerds setting up e.g. a neighborhood sync server and everybody around knowing it and using it.
So yes, you are not wrong but the situation can change dramatically if ergonomics are improved. Which sadly most of the nerds never work on.
As for waiting, yeah, sad story, but most of us don't want to be on the computer for 16-18h a day anymore. I implore any of the more privileged programmers -- people with job security, $200K+ annual salary, a lot of social safety nets -- to open their eyes and stop fucking around with the one millionth LISP interpreter and just start making non-corporate-controlled tech already.
In other words, if you built one nice Golang / Rust program and only update the server once every 3 months, you can go quite far without touching it too much. Likely 3-5 years.
I will agree that nerds work far too much on pointless pursuits.
I've had great luck convincing even church ladies in their 60s to use both just by explaining that "end-to-end encryption" means that only the sender and recipient can read the messages, not big tech companies and advertisers.
My dad is often defeated on how to set up or use basic features of his smartphone, let alone on how to migrate stuff from one ecosystem to another, which let's be real, is purposely designed to be as friction inducing as possible.
Like others say, it's fairly easy to escape, just keep backups outside iCloud. Also, it's probably best to use a password manager that is not iCloud Keychain.
I’m not terribly partisan when it comes to platforms, I own and actively use an M1 Mac Mini, Dell Precision running Windows, and a Kubuntu box. I understand the assertion that software ecosystems tend to be a featured player in tactics aimed to fix users on a particular device or platform, and I think there’s plenty of evidence that this is broadly the case. But I wouldn’t use iCloud as a particularly good example of it, Apple’s clearly not banking on their cloud storage to drive its revenue.
I don't use Safari but if I did any of its bookmarks/history are easy to import into other browsers.
The issue is rather, that most people rely on these convenient services 100% and dont (want to) think about what happens in a bad case scenario.
I’d say email providers are an even bigger problem though. Good luck getting your accounts back if you lose access to your own email account. I don’t know that iCloud mail is particularly popular, but the risk really applies to any provider.
(I have tested this - always have an exit strategy)
I have an unhealthy habit of switching between FOSS and Apple a few times a year (don't ask) and generally it is pretty easy. The most annoying thing to me is Photos export, especially if you don't have access to a Mac. You can't download your whole library from the online environment, there's a 1000 image limit per shot.
edit: Also I have not found a good way to export from Apple Notes so I have a habit of typing into .md files from the terminal.
edit2: Gave it a search and tried Exporter. Duh. Works great!
Actually an anecdote on switching, my father in law bought an iPhone in a pawn shop. It was logged in with someone else’s iCloud account. He just used that until he dropped dead. We had no idea until I had to clean his phone out. My mother doesn’t even know what iCloud is. Literally total ignorance must be the default for everyone these days.
I’ve done the random switch thing as well as a test case. But to Microsoft. It took me a day to export all photos from Photos.app and into OneDrive and that was with a Mac (105Gb). And of course you lose all the edits you did if you export the originals.
Example: I can live in this nice comfy condo for a sky high fee (Apple) or I can live in a rickety old shed I have to keep fixing for free so I don’t have to pay the ground rent (Linux).
I’d rather live in the condo even if the lease runs out one day.
It's not: "I’d rather live in the condo even if the lease runs out one day"
It's more like: "I’d rather live in the condo even if the realtor arbitrarily locks me out, even though I did pay for it"
The key point of their analogy is that buying another condo isn't a good solution to someone locking you out of the one you paid for, just like buying a new phone isn't a good solution to Apple locking you out of your phone that you paid for.
Your complaint with their analogy seems to boil down to "they used an analogy", without actually addressing the point above. Try to focus on the point instead.
This has always been BS. I've switched from Apple to PC to Linux back to PC to Apple back to PC and then Android etc etc. It's actually quite simple. At the moment I'm using Apple stuff, but there's nothing holding me here other than just me being here.
They may not even own a laptop with sufficient storage to download all their photos to. If all they have is one, maybe two, phones with limited storage they're totally fucked. Just like Google & Apple designed it.
And it's not like these services make it easy to bulk download/upload your photos, either.
Suppose Walmart has a monopoly in California and Target has a monopoly in Florida. Anybody in California can shop at Target, they just have to go to Florida. "I've switched from California to Florida and then back, it's actually quite simple."
But if you're in California and you need some batteries, even if flying to Florida to buy them from Target is possible, even if you used to live in Florida and might move back there next year, even if you have the money to buy the $300 plane ticket, it's still prohibitively expensive to do it solely to avoid a $5 markup on batteries. Then the two stores don't really have to compete, and you get stuck paying the monopoly price for everything. That's what it means to be locked in.
You buy different stuff, copy your data across and sell the original stuff.
That’s not lock in. It is if there is no other stuff to buy.
You buy a different house, move your stuff across and sell the original house. How is it a crappy analogy?
The issue is that the cost of moving removes your choice from individual decisions because they all have to be made together. If you want iMessage then you have to sell your Android and get an iPhone. If you want F-Droid then you have to sell your iPhone and get an Android. What if you want both? This isn't because the free software community would be unwilling to set up a store/repository for iOS, it isn't because no Android messaging app would be willing to interoperate with iMessage, it's because you're locked in to one platform or the other at any given time and have to make all your choices together.
Someone who wants to provide an app store that charges lower fees would have to convince everyone to switch to their platform instead of only convincing people to switch to their store.
The reason they make it that way instead of being able to choose what you run on your device independent of the kind of device is in order to lock you in.
Pepperidge farm remembers.
Anecdotes of bad hardware are everywhere, given that the majority of hardware are cheaper thus more prevalent. But a comparison of all possible hardware with the same price points? Not feasible, so it's all just feels.
The software, now, that's a very different story. I really wish I could run Linux on this thing.
Anecdotally, after over a decade of professional computer use:
- No laptop as light as an MBP that I've been exposed to comes close to the weight-to-stiffness ratio of that case
- No laptop out there has a trackpad that feels anywhere close to the MBP, that I've seen. It's a combination of palm rejection, latency, fineness of controls, and correct handling of multi-fingered gestures, with the actual glass of the trackpad being nice too.
- Most other laptops out there don't ship with as good a display. Granted, the MBP displays aren't P3 calibrated or anything, but the colour reproduction is great, and the HiDPI clarity is excellent. Font rendering in particular is outstanding.
That's just to name a few headline features. Is it possible to buy/build a laptop with those similar qualities? Hard to say. Trackpad drivers in particular tend to be tricky, and Windows precision drivers are the closest I've seen to Apple's trackpad feel, but those will typically fall apart on material feel.
I doubt that you'd be able to make or buy a daily driver that feels as good while spending a reasonable amount of money, and you'd likely spend a good amount of time sourcing parts.
I've had the opportunity to use three other laptop types during my career: two reasonably recent (at the time I had them) Lenovo Thinkpads, a Framework (briefly), and a recentish Dell Latitude.
The Thinkpads stand out, but fall short on the display and trackpad points; otherwise they had a reasonably rigid keyboard compared to the MBP. The Framework was fine, honestly. The modularity is excellent, but the deck flex on the first-gen model was way more than I'm used to, and the display colours were deeply meh. The Latitude was bulky, but I mitigated that and other issues by just running it closed-lid and plugging it into a display, mouse, and keyboard.
Ultimate irony.
Unfortunately “can’t phone home” === break.
If you have questions about it, I will do my best to clarify.
But we pay the markup because it Just Works.
Well it doesn’t just workes anymore.
But the “quarantine” semi-visible file mode is a pretty good example IMHO.
https://stackoverflow.com/questions/68505425/cannot-interact...
For the majority of users.