I fully accept the premise that a theft prevention system will limit the users ability to do certain tasks. My point was that this feature should also have blocked the factory reset from happening in the first place. That way, your data is still there, but access is conditional on you having the right keys, and there are no surprises.
Well, one could solve that just as well with a device that is fully open to the owner and still pointless to steal. By handing out a per-device master reset key that the owner doesn't need for regular operation and thus doesn't have with the device when and where someone might want to steal it.
My primary concern with "anti-theft" features is that in a lot of cases they cause e-waste due to people forgetting their accounts/passwords, or giving away their devices without "properly" resetting it, often both at the same time, causing the receiver to not be able to use it at all.
The article says nothing about it but I hope people realize that there has to be a feature to securely wipe and reset the device.
Trying to prevent theft that way is a fundamentally flawed approach. It's in the end all about controlling the phone you brought to prevent you from using it in any way they don't like or using it longer then they like (by repairing it).
Theft will happen anyway. You can even sell permanently-locked/bricked devices to people which doesn't look to closely at the sellers description. Sure you will need to sell them for cheap, but that's all.
That idea is like saying all cars must be always tracked, always link up with the drivers phone and be remote-controllable by there manufacturer to prevent theft.
Sure it would prevent theft, maybe, until people find ways to brake it. But it's still totally unreasonable with a lot of hidden cost to it.
E.g. in case of apple laptops the cost is losing a lot of small independent companies as well as any way to properly repair an Apple laptop. (Apple doe NOT provide proper repairs they at best replace whole components often the whole main board because it's one component when many damages tend to be similar because people use their devices similar and often are reasonable fixable with a bit of not-easy-but-not-very-hard-either soldering).
EDIT: And most important! The theft constraint can be archived to a reasonable degree WITHOUT locking out third party repair. A example (through not applicable to mac in this case) is how I setup my laptop with a custom EFI platform key/certificate and a BIOS password so to reuse it after theft people have to replace the BIOS chip soldered onto the motherboard (it has no publicly known master key or reset pin). Apple can archive similar things so that theft is more costy but third party repairs are still mostly unconstrained.
Yes, I know what FDE is good for. But it doesn't prevent or deter anyone from stealing the device, as Activation Lock does. FDE has no utility in reducing the value of a stolen device, because they can be simply reset to factory settings.
I don't not agree with your sentiment, but responding with "How is that good?" to “the finder/thief just can't factory reset it and use it” seems like you’re not actually responding to what they said.
allowing this would open the possibility of thefts forcing the victims to respond in a specific way thus opening a possibility of violence along with theft.
so no to that. the solution to work as deterrent should be final: stolen device = brick device, no other possibility.
in the case of solving theft of devices we have to choose the price we want to pay. all solutions are based on various ways to deter the theft. there is no solution to stop the action of theft once started. thus all solutions have a price that could range from false positives (like legit owners being locked out) to waste like theft happens because they dont know that they cannot unlock it without destroying the device.
Exactly. This brew-ha-ha is nothing. This is an anti-theft feature. Hard to argue against features designed to reduce the potential for someone to target it for theft.
As someone who has had both a smartphone and a laptop stolen, I would have loved to know that aside from my frustration with the insurance company that the thief walked away with 2 worthless bricks.
And no, right to repair should not ban user-initiated device activation locks.
> This is a good thing - you want this to happen if your device is stolen
How does the device know it's been stolen? It can't possibly tell the difference between "snatched on the bus and in the black market tech's lab" and "oh lol whups I forgot how to used my fingers".
Provide a "my device was stolen" service for the user to initiate lockouts instead (and report the theft to the relevant authorities with location tracking data) imo.
It also presumably further discourages theft since it negatively impacts the ability to “part out” stolen devices to work around activation locks. Basically once the owner remotely locks the stolen device, it becomes almost worthless until it’s back in the owner’s possession.
I disagree, it sounds like if you steal a device, the best you can do is part it out because of the activation lock. That raises the barrier to entry (must be able to part out the device or add a middle man), lowers the margin per device , making the endeavor much less attractive overall. I'd be willing to wager this reduces stolen devices in aggregate.
I didn't make that argument at all, so it's pretty annoying that you've cornered me into arguing it. I really don't respect when people do this.
I never, ever argued against "actions to stop it". I argued against this action. I never argued that my anecdata that my phone has never been stolen means that all action against theft are unnecessary, but I believe it is good cause for me to want a phone that doesn't have excuse-driven anti-consumer anti-repair garbage built into it to "prevent theft" that has never been my problem.
I am, however, arguing that this is not how we should be dealing with problems like this. It, in fact, should be illegal.
Why should onus be on legitimate refurbishers and resellers to prove that the device is not stolen (extremely hard) rather than on the victim to report the device as stolen within a 30-90 day grace period (trivial)? After this grace period the device would wipe the data encryption keys and unlock itself.
A simple solution that protects both sides, it just so happens to conflict with Apple's earnings goals.
I think the main reason for using activation lock is to make stolen products worthless. If there's a way to use stolen devices, then they'll be worthwhile to steal.
I wouldn’t be surprised if activation lock causes _more_ theft. If stolen devices are worth less due to activation lock, thieves need to steal more phones to make up the lost profits.
Also, the data on a phone is almost always far more valuable than the phone itself. If a thief steals my phone, it’s much better for me if they erase it. But they can’t do that, so my stolen phone with all my data just sits there one exploit away from being exposed.
Activation lock only serves to benefit the manufacturer as they get to sell more phones. It doesn’t benefit the consumer at all.
But is it worth it if we create more electronic waste because of it? I somewhat like the idea of the activation lock system, because it makes the devices unattractive for stealing it. On the other hand it creates more unnecessary waste (at least they way Apple implemented it).
A way to unlock them should be provided. Report the serial to apple, they try to inform the owner by mail and/or push and after a 30 days grace period it should be unlocked. Another benefit of such a system is that it might even help to locate stolen devices.
reply