{"id":32804,"date":"2021-06-11T20:21:31","date_gmt":"2021-06-12T00:21:31","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=32804"},"modified":"2021-06-11T20:21:31","modified_gmt":"2021-06-12T00:21:31","slug":"settlement-for-applecare-privacy-invasion","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2021\/06\/11\/settlement-for-applecare-privacy-invasion\/","title":{"rendered":"Settlement for AppleCare Privacy Invasion"},"content":{"rendered":"

spencerdailey<\/a> (via Hacker News<\/a>):<\/p>\n

Back in 2018, I encountered what I’d consider the cardinal sin of opsec by an Apple store employee. He asked me to disable<\/em> my Mac’s password before I turned it in for a multi-day off-site repair. The casual manner in which he asked me led me to assume this was not the first time he had pushed this question, and that it was a common practice at this store (Barton Creek Mall in south Austin, for those who care).<\/p>\n

Apple customers already place a great deal of trust in repair technicians who have <\/em>the user’s password, but disabling it for logging in means everyone who handles<\/em> or has physical access to the device could trivially steal data from it or install malware on it. A Mac going offsite gets handled by several intermediaries, not just the technicians.<\/p>\n<\/blockquote>\n\n

The only safe option is to make several backups and then erase the device before getting it repaired.<\/p>\n\n

Benjamin Mayo<\/a> (Hacker News<\/a>, also: MacRumors<\/a>):<\/p>\n

Apple has settled a case with a 21-year-old student after she sent her iPhone to a repair facility in 2016 only to find that employees had uploaded personal explicit images and videos to her Facebook account from the phone during the repair process.<\/p>\n

The student had sent in her iPhone to Apple to get repaired. The invasion of privacy ultimately took place at a repair center in California, run by Pegatron, an Apple contractor. The Telegraph <\/em>reports Apple paid out<\/a> millions in settlement compensation.<\/p><\/blockquote>\n\n

2016, meaning that this lawsuit was already well underway when Apple’s lobbyist recently argued<\/a> against independent repair shops on the grounds that its own repair service offered better privacy.<\/p>\n\n

Kevin Purdy<\/a>:<\/p>\n

This kind of arrangement isn’t unusual. In fact, large companies almost always outsource repair and servicing to third parties. But it is also not something they readily acknowledge when they’re arguing against right to repair laws. And for good reason. As it turns out: the incidence of misdeeds by employees at authorized service providers are actually pretty common – and certainly no less common than independent repair shops. In 2019, for example, an Apple Genius Bar employee was caught texting intimate photos of a customer to himself <\/a>under the guise of helping her with a repair. The same thing happened in 2016 at an Apple Store in Brisbane, Australia.<\/p>

Also, there is lots of evidence that, far from emphasizing quality of service, OEMs work to spend as little as possible on authorized repair. Note the 2019 ICE raid on a Texas-based Samsung authorized repair provider CVE Technology that discovered undocumented workers performing authorized repair on Samsung devices<\/a>.<\/p>

In fact, when asked directly at the 2019 FTC Nix the Fix symposium<\/a> whether there was any data to support industry’s contention that authorized repair is either higher quality or more secure than independent repair, Walter Alcorn of the Consumer Technology Association (CTA) admitted straight out that there was none.<\/p><\/blockquote>\n\n

Previously:<\/p>\n