But reading horror stories like this is is why I only use the very bare minimum of any of these cloud services. Keep local copies of everything. For developer accounts, I always create them under a separate email so they're not tied to my personal. At least it can minimize the damage somewhat.
It sucks that I have to take all these extra precautions though. It's definitely made me develop a do not trust any big corp mindset.
It's also the buying of gift cards that can get Apple accounts locked: https://old.reddit.com/r/apple/comments/r8b1lu/apple_will_pe...
If enough of these horror stories are publicized, people will learn to never buy/redeem Apple gift cards because of the real possibility of account bans.
- Don't give Apple gift cards to family and friends: You're potentially ruining the recipient's digital life if they redeem it.
- Don't buy Apple gift cards: You risk ruining your own digital life.
If you've been given an Apple gc for Christmas -- and you have paranoia of the risks -- don't buy anything online that's tied to your Apple ID. Instead, go to the physical Apple store to redeem it. And don't buy an iPhone with it because that will eventually get assigned to an Apple ID. Instead, get a non-AppleID item such as the $249 ISSEY MIYAKE knit sock.
I have thousands of credit-card reward points that could be traded in for Apple gift cards but I don't do it because Apple's over-aggressive fraud tracking means Apple's store currency is too dangerous to use.
my sweet summer child, neither rain nor sleet nor cash nor dark of night will stay your postal carrier from zer's appointed rounds, but winter is coming... do you want to still receive your mail?
Otherwise? Yeah. Gift / prepaid credit cards are a horrible scam, because they tend to have a percentage or, worse, flat fee to activate. $4 extra on a $50 card as a gift means you just paid 8 percent just to GET the card.
To add context, your reddit post also mentioned: >, I purchased eleven Apple Gift cards from [...], and apple.com, and added the amounts to my Apple account.
I'm not saying the following applies to you but one can buy Apple Gift Cards using their Apple ID. After adding gift cards to the ecommerce shopping bag on Apple.com, it offers the option : "Check out with your Apple Account"
So Apple would know the exact AppleID at the time-of-sale instead of waiting until redemption. If for some reason Apple's fraud detection system doesn't like the transaction (e.g. unusual ip address from Mexico instead of USA, or too many high-value cards in a certain time period, or other black-box opaque heuristic) ... then the buyer puts their Apple account at risk.
Fraud prevention heuristics are insanely aggresive these days...
Last week, I bought a Netflix subscription and 5 days later, Netflix cancelled the membership for no apparent reason. I got on a customer support chat with Netflix and the agent said it was cancelled because of the credit-card #. It didn't pass their fraud prevention system and to try using another card. At least Netflix automatically refunded the entire amount back to me -- whereas Apple keeps the gift card balance for itself after locking accounts.
In another incident, I used a Chase credit-card at a physical Apple store to buy 2 iPhones on 2 separate receipts. The first iPhone sale was a success. The 2nd iPhone transaction just 1 minute later was denied and Chase locked the entire account. I had to call Chase customer service and recite the make & model of a car I had 20 years ago to prove my identity for them to re-activate the credit card!
So they constantly congratulate themselves for not going to the nearest city, look down upon people who spend time in cities, warn us that we're at risk of the bad things happening, and never miss an opportunity to talk about how bad cities are in conversations.
Now replace big cities with big tech and that's exactly how a lot of these Hacker News comments read.
* My liberal relatives won't own guns because they keep hearing stories about how guns are deadly, even though I own guns and nobody's died yet
* My friend's kid won't pet puppies because he heard they bite sometimes
* My aunt in Moscow didn't want to vote for Putin because he's "authoritarian", but my life is going great
How do you distinguish between things that are actually bad vs overreactions? Maybe it's just based on individual risk tolerance? I don't see the need to put my digital life in the hands of some unresponsive corporation, but the risk is worth it to you and we just have to agree to disagree?
I just pay Apple with my credit card when I want to buy something. Is this some kind of weird credit card rewards churning thing? Are you unbanked? I don’t understand why you’d voluntarily add unnecessary extra steps.
A credit card offers far more protections to consumers than a gift card.
Given the amount of false positives, Apple should have an appeal process for innocent users to regain access to their accounts. It would be nice if this applied to all big tech companies, losing an email address can make other accounts difficult or impossible to access.
I do this all the time and I've done it for years.
I once bought thousands of dollars of Apple gift cards, $500 at a time, by redeeming credit card reward points that could be spent like cash at a couple of select retail stores for 2X their points value.
It's a common practice. The edge cases are scary when you see them reported on Reddit, but they really are rare and generally get resolved after follow up (however inconvenient).
Some people go to extremes to do things like buy Apple gift cards at stores that give them a small discount on gas purchases or something. I'm not nearly extreme enough to do that entire process, though. Having the money loaded on to a Gift Card is inherently risky and I need some significant upside before I'll do it.
I was looking forward to getting $160 gift card for my old iPhone 11 but after reading all this I think I’ll just leave it in a drawer.
https://www.reddit.com/r/CreditCards/comments/1hb6rnj/rumors...
You'd think so. Yet, the stories of PayPal locking up payouts to surprised people keep coming every year - and people still use them.
At least in Europe, PayPal is a regulated bank which means you can hand the case over to the authorities and they can and will help you out.
Do the bank regulators in Europe typically help effectively when PayPal freezes an account?
[1] https://www.onlinehaendler-news.de/recht/urteile-entscheidun...
[2] https://www.sbs-legal.de/blog/update-sbs-legal-erwirkt-zwei-...
[3] https://www.test.de/Leserfall-Wenn-Paypal-ein-Kundenkonto-ei...
Commenters here talk about PayPal account closures as if everyone who uses the service will eventually lose their money. Now we're talking about gift cards as if everyone using gift cards will have their account locked.
These stories, while frustrating and sad, are rare occurrences. The majority of people who use these services will not have any experience like these stories you read.
To be honest, I think the average person is probably better at estimating their risk of using these services than a lot of these HN commenters.
It's easier to just eat something else, and not from the jar, than take an unnecessary risk, even if that risk is unlikely.
This captures the Hacker News style misjudgment of risk very well.
First, none of these issues are equivalent to eating cyanide in any way, shape, or form. The extreme melodrama of upgrading "someone's PayPal account was erroneously locked" to literally being poisoned to death is emblematic of the misjudgment of risk going on.
Second, eating M&Ms is a silly analogy because it's so easy to dismiss. Obviously nobody needs to eat a couple M&Ms, but someone who is running a business needs a way to collect money if they want to get paid. Using a mainstream service keeps your overall conversion rate higher and prevents losing customers who don't want to sign up for something new.
Third, the level of risk is not X in 1000. These cases you hear about in headlines are more like 1 in 10,000 or 1 in 100,000. This is what I referred to by Hacker News frequently misjudging the scale of these services because they only see these negative stories posted.
Finally, this is the key point that everyone misses when they say "Just don't use any Apple products" and other dismissive comments:
> It's easier to just eat something else, and not from the jar, than take an unnecessary risk, even if that risk is unlikely.
It's very obviously not easier to build a life where you avoid anything that might have a small risk. Building your entire life around not taking very unlikely risks is irrational. I know it brings some people comfort to feel like they've avoided some risk they saw in headlines, but claiming that nothing is given up or that it's easier to choose an alternative is blatantly false.
If you're a business, yes, PayPal locking your account and freezing your funds forever, which is what they do, is tantamount to legal grievous injury or death. This happens with enough regularity that I know multiple people that this has happened to, and the risk is enough for me to never rely on PayPal or its partners for my income.
You seem to understand this with the following:
> Obviously nobody needs to eat a couple M&Ms, but someone who is running a business needs a way to collect money if they want to get paid.
--
> Third, the level of risk is not X in 1000. These cases you hear about in headlines are more like 1 in 10,000 or 1 in 100,000. This is what I referred to by Hacker News frequently misjudging the scale of these services because they only see these negative stories posted.
I used a variable X so you could make it sufficiently large enough that you don't have to rely on the multiplier to understand the analogy.
> It's very obviously not easier to build a life where you avoid anything that might have a small risk. Building your entire life around not taking very unlikely risks is irrational.
I've lived my entire life without relying on an Apple account, and the few instances that I used one, I hit that risk myself[1] and now have an expensive paper weight instead of a tablet, and a bunch of app purchases I can never use again.
This isn't some hypothetical, it's something that's literally happened to me and people I know. The lesson I learned is not to rely on Apple or PayPal, and believe it or not, that's really, really easy to do.
The most money I have ever had on my PayPal account was 100 bucks from a reversed transaction (like, double booking of a hotel room or wrong item sent), otherwise it's just a gateway. It would be annoying if my PayPal account was locked, because I use it a lot to order pizza online and a few small purchases. I could just use my credit card or something else but it's more clicks. And I know a lot of people who do it like this. The only thing lost is convenience. No past purchases, no digital identities.
Maybe you meant the merchants who really amass thousands but I suppose they are a small minority of active users.
It's quite easy to build up a few hundred or thousand USD worth. It feels just enough like a bank account that you think you're safe. Then...well, the internet is full of PayPal horror stories, I won't bore you with my own.
You have a fee for transferring from PayPal to your bank account?
It’s always been free for me, as long as I don’t opt for the instant transfer option.
Never once encountered a fee.
Might be related to your country's local laws?
the number of people commenting like “well I don’t do/use/…” is mind-boggling
Neither the people creating the legislations nor the people at Apple responsible for these flows care very much about collateral damage.
That said, if buying and redeeming gift cards are such an indicator of fraud that people are legitimately afraid of getting their accounts permanently locked, why doesn't Apple just stop selling them?
If you are trying to be a bad person you could weaponize that approach. You do not like person x, send them some Apple gift cards... :o
99.999% chance they happily redeem them and go about their lives.
These stories, while frustrating, are clearly edge cases. Yes I know you can find more if you search social media, but I don’t think a lot of these HN commenters realize the volume of gift cards Apple sells and redeems without problem every day.
Does the iPhone require an Apple ID? I don't even log into my Google account with my Android device. If the phone requires an Apple ID, then obviously I'm not buying one.
In the EU, the requirement to support alternative app stores would probably mostly fix that, but those of you in the US are kinda…
"and we ban you for buying or redeeming them"
is just top tier comedy honestly.
As soon as I heard the first one of these stories about a guy getting google broad-spectrum banned because a junkbot AI thought his completely normal youtube comment was a nazi rant or whatever else it hallucinated - I bailed on the whole shebang. Hosting your own stuff is, if you're a reader of this site, easy enough and cheap enough there's little reason not to.
One commonality among the stories in that thread from people who had problems was either switching their App Store country or using their App Store account primarily from a different country than the setting.
And in fact, a prohibition is never a solution, it is a reduction in solution options
And this advice takes into account exactly zero aspects of the particular problems a given person may have to solve, besides “problems with Apple”, in a world where most people have “problems with X” for each of the few large ecosystems.
Freedom of choice would mean for N choices, being able to make, well, N indepointed choices. N may be a very large number given how many things people do.
For an ideal world of compatible modular technologies, N choices is easy.
But our technology world is highly non-modular, centralized at many levels, and full of incompatibilities and dependencies of various kinds and costs. Including important dependencies involving the choices of other people we interact with, or very specific tools or resources.
So no, “Don’t buy Apple” is not better advice, it is just bad random generic advice, without knowing a lot more about any particular situation.
Like what someone writes books about.
Apple's ToS should be readily indicative of anyone using any of their products that Apple's perspective is that you don't own anything and they can do whatever they want with anything you do with their products. As the author points out you clearly don't own free access to what you've purchased.
The last thing I'll say is that it is fantastic advice to not purchase Apple in 2025. You can only be certain that this won't happen if you avoid them. I actually own a MPB, with receipts from purchase, that I had to purchase a bypass for when the device was enrolled in MDM by a family member that Apple has MDM locked and refuses to remove from iCloud.
Avoid Apple, that's the best advice. If you can't avoid Apple, minimize your footprint and make sure you're a good boy or girl else Tim Cook will steal from you and hide behind some bullshit first line support tar pit and an army of lawyers if you do happen to decide to threaten them.
But, at least with Google you can use hardware without the binding software requirement. You can use an Android device with GrapheneOS and have the phone entirely de-Googled, yet still use Android apps.
If the implication was that there's no other option outside of Apple and Google then that is unfortunate.
If I want to participate it modern life, where I live, I need an Android (Google blessed) or Apple device.
Many of us have expensive professional software tools that require Mac or Windows.
So it wouldn't be "slightly inconvenient". It would be the end of our professional work in those domains.
The alternative to Apple is…Google? How is that in any way better other than not being Apple? Sure, there are de-Googlefied versions of Android and today they work . But Google is actively working on ending the ability of those alternative operating systems to work.
As an example of one.
Banks requiring device attestation may be a pain in the ass, but it’s not a “requirement”; they (for now) still have websites and, usually, a physical branch.
Other examples probably exist.
Some banks are even app-only.
IRL events where you have to open the app at the gate.
Probably no charging for your EV.
No bus tickets. No Uber. No scooters. No food delivery. More tedious flying / immigration. No Tinder (requires live face verification on your phone) Some modern cars you are going to have troubles.
Impossible to setup a lot of smart appliances (like home WiFi routers). Many examples.
It’s like: can you live without a bank card ? Probably but not everywhere and you will not be able to go to all shops.
Essentially it’s great if you plan to stay at home. Becomes a great problem once you want to interact with anyone further than 1 meter from you.
Expect this to be the norm going forward due to hardware attestation being normalized on phones.
(1) Unbanked population in Uganda or india don't have options. Funnily, it's become the same with everyone, banked or unbanked, in the USA. The USA a third world dictatorship now, so expect that and more. Please vote for the orange buffoon a third time! He will most surely try to get on a third term.
(2) No bank in the EU requires a smartphone; it's banned by law (you know, law that protects people, the type you lost). "Banks" that are app-only are not banks but financial casinos. No bus driver in the EU can refuse small coins. In some countries they cannot refuse that you get on the bus without paying. No shop in the EU can refuse cash. No EV charging requires any app; you can pay right at the charging station with a credit card. Uber is not a universal right but a trinket. Same with tinder/food delivery and all the impoverishing tech for the disowned.
Enjoy the USA.
If you want to use the Tesla supercharger network (one of, if not, the largest in Europe, so rather useful), you need the app. https://www.reddit.com/r/Polestar/comments/1hrzidy/do_i_need...
In Northern Europe it's very common not to have cash at all or to have it rejected. In Estonia, you can choose to login to services using... your mobile phone OR (if you are lucky and this is supported) a physical ID card reader, so realistically you want to have a mobile phone. Some services don't even have alternative. It's more like a German / Swiss thing to have cash everywhere.
They may not require one, but good luck getting transactions done without one. My EU bank branches are now only open 3 hours a day, and to approve an online transaction without the app means phoning the bank during business hours…
This is the first I’ve heard of Apple locking someone out of their account for no reason. Google does it all the time. So, yeah, can’t leave Apple over this.
I mean that is a problem in itself :D
To say nothing of the fact that well-adjusted humans need to communicate with friends and family, and many times that also practically requires being on these platforms as well.
E-stim addicts will rationalize their slavery to a small rock in their pocket and sing grand songs about how it’s a curse but they need it. Like all addicts, they are not capable of rationally assessing the utility of the dependence object, and they’ll start carting out all sorts of silly things and gesturing vaguely “See this washing machine? Yep, it needs the rock, that’s why I keep my rock on me and charged at all times”
Time is the most precious thing in life, you’ll never be able to buy it back so you may want to reconsider long-term.
And I really meant to write "not seen as well-adjusted" above... wasn't trying to say that anyone actually is or not.
I know you think it's rude, my apologies and I wasn't trying to be... just pointing out that people are still going to think it's weird and "not normal" to go to such "extremes" that most people don't, no matter how right they are.
Plus nothing ensures the bank you switch to won't up their "defenses" in a week.
At least around here, I can walk into a bank, sign a few papers, then that bank coordinates with my old bank to transfer all my direct debits, move all my money and notify all my periodic creditors (employer, social security, tax office...). Peer-to-peer payments (like splitting bills with friends) are usually done by alias (phone number or email) on our instant payment scheme, not by IBAN, and my new bank will take care of rerouting that too. And if for whatever reason someone has my old IBAN and tries to send me money in the future, they'll get a rejection and will just have to ask me for my new one, no big deal.
As for "in a week", come on, you're just being intentionally annoying. Obviously there's no guarantee. If they don't have root detection now, after everyone has had it for a decade, there's probably a reason and they won't implement it any time soon. And if you're just supremely unlucky and they actually do it right after you switch, oh well, you wasted and afternoon. Definitely less time wasted than trying all the million different root hiding techniques that probably don't work anymore.
Think of it like a car key. You wouldn’t have a crusade against car keys right ?
Which is good, right? One less thing to lose.
Can you name one?
And the workaround is always far more work than I want to do, for virtually no upside for me.
Having all your emails on Gmail and used for external services (bank, insurances, etc) is a different story though. I prefer to pay my email provider, at least they will care a bit more than they do for a free account...
Stay as far away from BigIT as you can. Linux or BSD are there for many good reasons. This is another one.
I proved them who I am, that the new payment method (virtual card from a well-known organization) is mine, everything.
After lots of back-forth I've been informed their decision is final.
I HAVE NOT BREACHED TOS. I wish I has a major law company behind me to force them to admit that.
Very happy it was my almost unused account, heavily went down with my purchases in mt main account (in my usual country of residence) as well.
And yes, I use login-with-companyName as sparingly as possible. We are not the users, we're beggars.
It happened - fake again. Now the customer support flow is: you upload images of the product (max. three), and the system approves the verification or rejects it, and then you have a way to contact customer care. System rejected. The trick is - they do not know why the rejection happened, they are not able to tell me, they are confirming the images are very clear and crisp, but they can't do anything to help me because the system leaves them with zero options to move forward - in fact, there is no further escalation matrix either. Nada!
The bank (credit card issuer) refused to raise the chargeback because "but the merchant 'delivered' the item". But it was fake, so? No, no, it "delivered" - that is what counts, so you have to sort it out with the merchant. But they are refusing any further help. You have to sort it out with them. And so on... in a loop.
Can I take them to court? Sure. It may take weeks, months, and maybe years, and even then, in the end (if I win), the court may just instruct them to refund and possibly (possibly!) compensate a trivial amount for legal expenses, which is never even remotely close to the actual legal expenses in this country's courts.
Just stonewalled. It almost feels Kafkaesque.
No option to contest the receipt....until the "would you recommend a friend visit amazon Go" survey popped up. I responded negatively, then the "why?" question had a "My receipt was incorrect" option.
Suddenly I was able to go through the "contest receipt" workflow.
100% completely automated.
(Fwiw, i never bought anything from Amazon again after receiving one fake item. If i want to gamble I'll pay Aliexpress prices)
That’s simply the actual cost of living in your jurisdiction.
I don’t think any large retailer or bank on Earth guarantees there will be a viable escalation pathway for all possible combination of scenarios either.
Maybe a very high end private bank but even that’s iffy.
So, when my mom passed, our family had to deal with DB. I have never, ever hand such a bad experience with a bank. The bank overseas was so courteous and efficient that I asked if I could open a bank account with them but I couldn't since I don't live in the country, just a frequent visitor. The IRS and government were easy. The will was as easy as it gets. Do things by the book, you'll be fine.
The NY DB office, to which I would have to go frequently and sit in some luxurious waiting room with nice art, was insane. My lawyer and accountant could not understand how they could repeatedly ask for the same information, deny they had received it, ask for information that literally the US government does not give out to anyone and on and on and on. And no there was nothing shady or shifty about my parents' lives. My lawyer started sending meaner and meaner letters to them, the kind that talk about making my client whole and litigation.
And yet, a few years later it turned out that same bank was often in the news for, among other things catering to Jeffrey Epstein. Who knows, maybe he spent his last hours complaining about them too. I could only hope he had that experience to add to his all-too-brief punishment. Actually, I have often wondered if we got raked over the coals because they had genuinely fishy clients and thus all the clients, especially the ones overseas, were on some kind of government watch list.
Of course it'd have been nicer to tell them to fuck off, but living without Amazon would simply be far too inconvenient.
I'm just always a little surprised to read things like "i couldn't live without Amazon," and i wonder if there are no other alternatives for two day shipping on other countries or what it is that keeps people stuck on Amazon instead of using other next-day deliveries
I'm in Austria (not Australia) and local retail prices are infamous for being 25% to 100% higher than in neighboring Germany for the same stuff because of cartel behavior of local retail industry.
Buying from amazon Germany means I can get the same prices as Germans (with +1% extra for higher Austrian VAT) for the same goods.
I'd love to give up Amazon in favor of local stores but local cartels are just as bad or even worse.
So to fix the Amazon problem you need to fix the competition problem first, which is caused by players other than Amazon too.
But still, most people go to the shop to buy toilet paper. Once you get used to Amazon, it just saves so much time and effort. The prices aren't bad either, I just checked toilet paper on amazon.com and 30 rolls of good quality amazonbasics toilet paper costs $0.22 more than the equivalent kirkland product on costco.com
You can order almost everything you need in the same app, whenever you feel like it. Just a couple of clicks, no need to fill in delivery information or anything.
The only part where YMMV is receiving the parcels obviously.
There’s a corner store about a two minute walk from my front door, I’m certain their toilet paper is more expensive than Amazon’s, but I can have it right now if I want, and I’m not dealing with the stupid interface asking me if I want “18-count (345 sheet, 9 pack)” or the “XL 27 count (256 sheet, 5 pack)” version of the same product.
Sure, for every individual item there might be a better better local option. I'd have to spend time finding that, then go through the terrible order process and hope their delivery service isn't utter shit. Oh, and yeah, half the time they'll probably block my order because I'm using a non-european card.
Just being able to use Amazon for almost everything starting from bottled water and toilet paper saves me immense amounts of time. I can generally trust that the stuff I order reliably arrives at the concierge, which isn't a given.
And FWIW, most of the time I've shopped around, Amazon has been cheaper or essentially the same price. Doesn't really matter to me, but it is a plus. I'd happily pay more for a more convenient service, but in this case it seems I'm usually paying less.
In addition, I always suggest people to:
- Not use big tech's cloud services - ever
- But if you must, do not use many cloud services from just one provider (i.e no Google everything, no iCloud everything) i.e stop using "one account gateways".
- Needless to say, it's time you had a domain and start paying for mail hosting (at least for critical stuff - you can actually buy a very cheap plan; and use that gmail/live-hotmail/yahoo/iCloud/whatever everywhere else) [0]
- Keep an offline (but safe) copy of your "most" important data [1] and ways to remember (i.e cryptic hints) for your "most" important passwords
- Gain some experience in fighting in consumer courts/forums (depending upon your country) - start early, start with e-com companies. A lot many times we don't put up a fight because we have never done it before and we give up always because every time it's a first time. Apple and Google make a mockery of consumers everywhere because we have allowed them to. In fact sometimes when we talk of lack of accessible support at Google and Apple (yes, Apple) we speak in a disdainful appreciation or awe :)
[0] Some might disagree but disabling (or dev/nulling in a way) mail@, hi@, contact@, sales@ etc on your domain (esp. if you have catch-all enabled) goes a long way in terms of avoiding spam
[1] It's also very important to have a tiered approach to data storage and backup strategies. There should be a very, very, very small subset of your personal data, including some of your photos and videos, that is really, really small in storage footprint that you can back up/sync to multiple locations and actually pay the full price for it at storage costs via your own setup, preferably using FOSS tools (which are becoming too good these days) out there.
“You’re giving these companies your data and then dare to be angry when you lose it? Just get a degree in computer science and host it yourself!!1! I am very smart”
1. You don’t need too much time to set this up.
2. All this doesn’t have to be in one sitting - with meds and coffee that keeps you awake through the sleeping hours
3. In fact it’s better if you do this over the weeks, months, years. For me it took years and I am still kind of doing it. Once in a while, here and there.
4. I am not very smart. If I was I’d have just ignored your comment.
Those are the steps the commenter suggests you take to use these services safely.
It’s not that these steps are reasonable.
At the very least “civilians” need to be informed, and warned.
The question is: will you roll over and die without a fight for your rights?
At least you have time you are spending on HN that could be devoted to learning to fight. The fewer people that fight, the faster your rights disappear.
- Have a local backup (simple giving the storage prices)
- Pay for one email provider (less chance to ignore you)
- For important services (bank, etc.) always register also a telephone number / second email if possible (there is a low chance that both primary and secondary thing will be blocked at the same time)
At the same time, AML solutions tend to be a closely guarded black box which simply tells you to block a customer, finding out why is pretty difficult.
To add more to the problem, some anti money Landry solutions are … AI powered.
For a good reason! You, as a rule, really don't want to tell the customer why you're blocking them. What will happen in the end is that you will be facing federal charges for assisting the money launderers because you kept telling them what they're doing wrong.
> This is the same failure mode of all security-through-obscurity. Secrecy means that bad guys are privy to defects in systems, while the people who those systems are supposed to defend are in the dark, and can have their defenses weaponized against them.
This concept is used to argue that obscurity shouldn’t be used at all as a defense mechanism, when really all it means is it shouldn’t be your only line of defense.
Obscuring aspects of a system can contribute to its overall functioning: it’s a filter for the laziest of adversaries, and it creates an imperative for more motivated ones to probe and explore to understand the obfuscation, creating signal and therefore opportunities to notice their behavior and intervene.
I think for anyone who has dealt firsthand with mitigating online fraud, hackers, spam, trolls, cheating etc, the idea of having completely transparent defense mechanisms is pretty much ludicrous.
Yes, in many countries they are, but I don't think the laws are dictating Apple to completely turn off the accounts, but instead dictate that Apple should take measures against it.
They could disable those gift card features + Apple wallet/pay if they suspect fraud, and if no one complains within a month, then disable the entire account, rather than start with disabling the account. Would give them space/time to investigate, and wouldn't be a huge pain in the ass when the inevitable false-positives happen, like in this case.
You misunderstand the nature of financial regulation. The laws on things like money laundering are intentionally vague, they say things like "Apple should take measures against it". And financial regulators will not come out and say (especially in writing) that you MUST do any particular thing (like ban customers entirely on suspicion).
What they WILL do is ask probing questions, frown a lot, and make suggestions. Which the company had better take seriously. Because the financial regulators have the ability to simply close down your business, and if you cross enough of the unclear lines they will do so.
So instead they censor the company from telling you the reason, because everyone whose account is locked is guilty of Terrorism, obviously, and the people actually committing fraud would be unable to discern that they've tripped the detection system from the fact that their account is locked unless you told them that was why. Certainly not because it would make people unsympathetic to what the government is doing.
You misunderstand how business regulation works in free countries. Financial regulators can't just "simply close down your business" however they want, unless you live in a country that is primarily authoritarian.
Again, I'm not saying closing down accounts isn't easier than turning of functionality, but companies could chose the "harder route" if they did care about the users themselves. Alas, most companies priority remains "make more money above all".
And don't think for a second the US federal government couldn't do a huge amount of damage to anyone it feels like by way of its financial regulators. In general it's better for the US government if Apple continues to exist, though.
Maybe that's true where you live, but it's definitely not true all over the world, many economies have a free economy yet companies exist for public benefit, not shareholder value generation. It's out there, wouldn't be impossible to implement where you live either.
> And don't think for a second the US federal government couldn't do a huge amount of damage to anyone it feels like by way of its financial regulators
Right, I agree. But I also qualified my statement to not be valid in authoritarian countries, so maybe not the greatest example to use.
I really don't believe you, honestly, unless you're talking only about little mom and pop shops. and what other country would have more regulatory influence on Apple than the US?
Particular airline like United makes your life hell, or even behaves sloppily and heavily inconvenienced you? You not only hate them, you actively go out of your way to tell your friends, family, and anyone who asks your opinion that you hate them. And why you hate them. (Lost one/only bag, for longer than an entire trip, over ten years ago.) And go out of your way, even at higher cost, to avoid them. (Have never flown United afterwards.)
Aside: We know this can be done competently; see Japan. They’ll even fail sometimes, but I suspect that nearly-always, someone from the airline would be delivering the bag personally after they obsessively located it, as opposed to the “meh” attitude US carriers take.
On the other hand, some company like Valve: for an out-of-warranty product (just time, current-model Steam Deck) that was purchased outside the country and gray-market imported (consumer level, just carried out to another country)… and which they don’t sell in your country… they demurred a bit then agreed to ship a replacement part to the original purchaser. At zero cost. Dealing with product issues isn’t fun, but we all know issues arise sometimes, and they killed the “delight the customer” goal.
Some companies still care, and I’d argue that treating your customers like crap while attempting to extract maximum “short term value” doesn’t actually work. Not in the long term, and in the short term, well… it depends on your definition of “short term”. One bad incident can go viral and wreck your quarterly earnings.
The cards were to family members that I normally send gift cards to at Christmas, and the activity was counted as "sus" even though I was asked to validate my card number and expiration date before being allowed to make the purchase.
On that note[1] is a good read (Cmd+F: "suspicious activity report"), although this specific case is about gift cards, but the AML/T&S etc. space is remarkably similar.
[1] https://www.bitsaboutmoney.com/archive/debanking-and-debunki...
(edit) Ah, right, anti-money-laundering, found it in your last sentence.
I've been reading about Lovecraft's Old Ones. Apparently they have no ill will towards humans. They just sometimes cause harm without realizing it, while going about their business.
I'm not sure if I like that take because of how horrifying it is, but I found it very interesting that harm can be caused so nonchalantly by more powerful entities, since humans already view themselves as the most powerful entity.
Most likely stolen cards. Stolen credit cards are used to purchase gift cards which are then resold to unsuspecting buyers. Think of it as stolen money laundering.
A lot of things are clicking into place for me in this thread.
A very usual scenario is that the scammer pretends to be a technician doing some remote support and for example pretends to provide some refund. Then they pretend that they've mistakenly sent out e.g. 10x the amount and they ask for the difference back, claiming that their job is on the line.
Crypto would work, but since they target old and tech-illiterate people, the easiest way is usually to ask the victim to go to a store, buy gift cards and read out the codes.
Google kitboga (a known scam baiter) for the videos.
They’re great entertainment pieces, and almost a commentary on the state of the world through the lens of microeconomics, with both sides behaving in a way they think is best for them.
For the baiters, they get engagement and, sometimes, the feeling of revenge for a scam visited upon an elderly relative; for the scammer, maybe it’s worse, as we know some people are trafficked into places then forced to scam people (or maybe they just want money). Still, kinda paints the world in a sad light.
Of course Support should be able to resolve this if proves are given
Whats coming?
Gift cards are often used for money laundering or scams, because they allow to transfer monetary value in small increments and without tracking: there's no link between the person who bought a gift card (anonymously with cash) and a person who used its code to put money onto an account.
AML = Anti Money Laundering
Their mega high risk - high value gift cards are effective for laundering stolen/fraudulent credit cards. Buy a $500 gift card with a stolen CC and sell it on FB marketplace for $400 - you’re up $400, the buyer saves $100, Apple get paid by the retailer and the CC company are (likely) on the hook.
Of course the actual solution here is _don’t sell high value gift cards_, or require the Apple ID email at time of purchase/activation of the card
Not in all situations. Because of various cross promotions between car insurance, supermarket and airlines, by using gift cards for groceries I get an effective ~9% discount every time. That really adds up over a year.
For Apple and others, you can use secondary gift card market to get some discounts too, if you wanna risk it.
I regularly see people in line at the supermarket, buying gift cards. I notice, because it’s a discrete workflow, that stands out.
I doubt they are all feeding scammers.
I think that charities often solicit gift cards.
It's the same premise as buying someone any gift instead of just giving them the money so they can buy whatever they want.
Edit to add: kids often don't have bank accounts, i mostly received gift cards as a child, from relatives who wouldn't want to mail cash and couldn't give me cash in person. On a dark note, giving a kid a gift card to a toy store makes it harder for the parents to steal it for themselves.
The whole practice originates from "gift certificates" where you'd maybe go to your favorite spa and get a gift certificate to give someone, so that the spa treatment is the gift you're giving, but the recipient redeems it whenever they want. That just got abstracted to non-service gifts as well, with the same idea ("treat yourself to a new video game, whichever and whenever you feel like it" -- that's the gift, facilitated by the card)
Additionally the inverse is true. Sometimes kids choices are restrained, and they really would like to do a thing they are not allowed to, and gift cards offered them away to do that. Case in point: my tween figured out that we don’t let him buy in game currency for any the games that we do let him play, however, when a relative gives him a gift card, we let him redeem it, making gift cards incredibly popular gifts.
GCs are valuable to brands because they are marketing tools. Recipients are prompted to go to the merchant to spend money, and they usually spend about 40% more than the face value of the card.
Also, GCs are valuable to merchants for breakage. This is when a card (or partial balance) goes unused. Starbucks, as an imperfect example, recognizes about 10% of their total outstanding GC balance as revenue every year, due to breakage. This amounts to hundreds of millions of dollars.
I've never had my $100 GC be worth $104 a year later, but for the issuer it is. They just keep the $4.
Maybe it is more accurate this way?
The GC face value is a liability on the books though. It's treated as debt when doing cash calculations.
They actually do want you to use the cards though. The overspend is more valuable to them than the other disposition possibilities. Recognized revenue is always the best outcome. The interest/appreciation is the same for the merchant, whether on float or on revenue, but revenue is better for reports.
More broadly: All benefits of the cards definitely accrue to the merchant. There's absolutely nothing valuable to consumers about the deal!
If they had to reimburse you for the cost of all your lost files, then we'd see the real impact on finances.
Gift cards are used by phishers. In our institution, we routinely get personalized spam mails (in the name of the corresponding group lead of the recipient, sent via GMail -- this is not low-effort) that ask whether they are available and, when (accidentally) responding, ask for Apple gift cards.
> Hey, it’s me, your CEO. I’m in a meeting with our big customer and I need an urgent favor. Thanks! You’re a life saver.
> - Mr. CEO
If I need to guess, gift cards are sold online in money laundering schemes, also on some platforms they are used to let you buy apps from a lower priced country
Enough that I am very wary of buying or redeeming gift cards now, especially more than one in a row.
Apparently there's some sort of scam with gift cards, which must affect any platform which allows them, and legit uses often get flagged by automated systems.
If they are so much trouble for Amazon/Apple I wonder why not disallow gift cards, instead of randomly banning users?
I remember I went through some automated process which asked me for some account details, and after a few hours (fewer than one day, I remember as much) my account was unlocked. It was scary!
What I remember puzzled me is that it was only two low-value cards. I would have understood the system being triggered by a lot of low value transactions, or a few large ones... but these were few and low value! Go figure.
Sorry I don't remember more details. All I know is it made me scared of gift cards.
And some of them don't even have that!
After nearly 30 years as a loyal customer
I've heard others say this (and was a "loyal advocate" of Windows for around 2 decades myself), but the reality is they simply do not care. You are merely a single user out of several billion.
Many of the reps I’ve spoken to have suggested strange things
That almost sounds like some sort of AI, not a human. But if I were in your situation I'd be inclined to print out that response as evidence, and then actually go there physically to see what happens.
macOS doesn't require this. My Apple account has a handful of apps purchased over the years, and that's it. I could've bought them directly from the vendors, but the store makes it easier to update.
Technically true but I tried using a mac without creating an Apple ID and gave up. You can't access the store without it so you are locked out of Mac apps that aren't installed by default, and all apps that only distribute through the store now.
I think you’re missing the point here, which is we need regulations to protect consumers against big tech.
Of course this is not for average people, but neither is making backups.
I’ve had Clone Hero running badly on an ancient MacBook for my drums, so I decided to swap it out for an M1 Mini that was collecting dust on a shelf. I did a full erase, but I couldn’t get past its activation lock. At all.
This is a piece of hardware I purchased on my credit card, for my company, (luckily) linked to a phone number I control and an email address on a domain I can control, but Apple in their infinite wisdom are still locking me out of my own hardware because I don’t know the password the last employee used on the computer! I don’t want any data off it, thats gone, I just want the computer I spent money on to actually be usable!
I initiated a “recovery” process to unlock it (at Apples discretion?) and they’ve sent me an automated email saying the initial checks are passed and they will contact me again in 7 calendar days. Kafka-esque doesnt even begin to describe it. So for the next week I have to whistle Dixie!
I’ve been a massive Apple fanboy since I swore off Windows a couple of decades ago, giving them a decent high 6 figure spend over that time and influencing countless others to buy Apple devices. Well that very much ended this week & going forwards without Apple will be painful, but the message they sent me couldn’t have been any louder & clearer. The writing has been slowly creeping on to the wall for the last few years, between buckling to UK government pressure, the CSAM photo scanning nonsense, the absolute UI abomination of this new glass crap, this was my final straw.
I’m also going to be relaying their “message” very clearly and loudly now to any friend or family member considering another Apple device.
A few years passed, and a couple of weeks ago my phone broke, so I wanted to use that one until I bought a new one. It turned out that Apple had permanently deactivated the iCloud account on that phone. I could make calls, but I couldn’t install or update any apps, even though I still controlled the email address that was used to create the Apple account. Not that 5S is very useful these days but still.
I've unlocked some old Thinkpads that were similarly left locked with a BIOS password by departed employees, officially not possible, but actually possible if you reflash the BIOS and EC ROMs.
I was looking for the flashing hardware around here, but i should probably peek on AliExpress :)
If you need to recover the EC, then I believe anything that can work as a generic JTAG device, like an FX2LP dongle (~$5 or less, and useful for other things like a logic analyser) will also be needed.
It’s almost certainly not, it’s just humans being human and going off script. I worked in a place where we dealt with an enormous number of customer service requests, and one of our measured support metrics was “how often do the agents deviate from what they’re allowed to offer”.
AIs are RLHF'd to have a corporate-pleasing interface w.r.t. metrics.
What changed your outlook? Did you get burned by Microsoft?
It always seemed to me the people who deride Linux's desktop GUI are those who actually never bothered to use it, especially not seriously in the past decade.
My Member of Parliament represents about 130,000 people, does regular door knocking to talk to people, and has a staffed office a few km away the I can walk into anytime I want.
None of that applies to a multinational corporation.
In my Parliament MPs seem to represent primarily the interests of their donors, not those of their country, not even constituents. It still better than it used to be, the corr...., er lobbying is not as blatant, but its still obvious.
Seeing the MP? Yeah. Maybe if someone lives in the "unsafe seat" area and the MP is trying to get reelected:)
And don't tell me to "vote with my wallet". We're talking about Big Tech, not your next door kebab shop.
And yes. Don’t give them money. Buy something else. We are not short on phone or laptop brands.
Even if in the T&Cs say Apple can do this, which it probably does, now they would have to prove it in front of a judge.
If Apple doesn’t show up, they’ll lose and the filer will get a default judgement, for which they hopefully asked/made the case for $10k. I’m sure they can arrange to have it enforced against a local Apple Store to seize not product, but operational working assets, if they’re creative a bit. If Apple has anyone competent in Legal they won’t let it get that far, though.
Then again, if they do show up, they’ll pay a lawyer well more than an hour of time, probably by a lot, and still have to argue against a likely well-prepared person, with proof of purchase, etc., (legitimate) sob story of lost time, digital assets, and the like, and likely won’t endear themselves to the court.
And of course for a business, an actual court filing (or arbitration if it gets forced on them, with competent counsel) could be even worse.
I thought about filing a claim for enough to cover my time in small claims court, but decided not to. I didn't track my time super well because initially I though it was my fault, but, by far, the huge deterrent is the "what if".
What happens if I take Google to small claims court for damages to a domain I've been using for 20 years? I have that domain tied to a legacy Google Workspace account which was a huge mistake. It's been tied to my email for at least 15 years and, even worse, I've never owned an Android phone that hasn't been tied to that Workspace account.
I don't depend on cloud services for much, but if I want to prepare for retaliation I'd have to migrate my email somewhere else and be ready to deal with family members that have their phones connected to the Workspace account. Who's been duped into photo "backup"? Who's been duped into using Google Docs? How many Play purchases do they have? And, the big one, who's been duped into using sign-in with Google?
Google, Apple, Microsoft all make choosing what's best for the consumer very high friction compared to choices that trap users and give all the power to big tech. Even though I constantly help my family members try to understand why the don't want to get locked into those services they always get deceived into using them. The number of family members unwittingly duped into uploading all their data to OneDrive is in the range of 100%.
Apple, Google, and Microsoft need to be broken into 10 or 20 companies each. Excel should be it's own company. Phone OSes and app stores should be different companies. OneDrive should be it's own company and to compete with Dropbox with zero Windows integration. The web browsers should be separate companies. The AI divisions should be separate companies. Split them up with a wood chipper IMO.
The safe browsing scam is the biggest fraud ever because providers can't opt out of it when it "accidentally" detriments independent or self-hosted solutions.
That's a big ask.
Justice is dead when nearly everybody just makes backroom deals with no admissions of guilt and nondisclosure of terms if they even defend themselves at all.
A person who is capable of defending themselves owes it to those who aren't as able; if even the most resourced people won't defend themselves, what chance to the rest of us have?
I am surprised that with such a pedigree, the author doesn't already have contacts at Apple they could reach out to for that personal touch.
At that point, it doesn’t matter how many friends you have on the inside, unless you’ve got one that’s ignorant of the law or willing to risk the penalties.
If you don't have root access to the machine your data is on, it's not your data.
If he doesn’t think like that, then why does he act like it?
I'm more curious how/why the author ended up with a $500 gift card. That's a large amount, and the author never shares how this was obtained, which seems like a key missing detail. Did the author buy the gift card for himself (why?) or did someone give him a very large gift (why not mention that?)
If you receive them as a gift, use them only in a situation unconnected with your cloud ID, such as to pay for new hardware at an Apple store.
The author mentions a big store (names it similar to Walmart for US based readers).
I would assume this was an accepted form of "return a product without a receipt" or "we want to accept your complain about this product we sold going crazy 1 day after it's warranty but we cannot give you cash back" etc
I don't want to speculate more, but one of the use cases for them is for people that choose to not use cards online (or even don't have credit cards at all) to be able to buy digital goods with cash.
Either way, if we're questioning buying/using the gift card, we're blaming the victim
People are fast to pull out pitchforks in response to outrage-bait posts like this, but (generally speaking) a nontrivial percentage of such posts are intentionally omitting details which can help explain the other side's actions.
Also I genuinely wasn't familiar with this specific use-case for gift cards. At least in the US, you can buy general-purpose prepaid debit cards for this type of thing instead, or use various services which generate virtual cards e.g. privacy.com. To me that seems infinitely more normal than buying a large-value "gift card" for yourself, but I'm admittedly not familiar with the options in other countries.
2. I didn't see the prepaid cards in stores outside the US, so they are probably not that popular outside.
Sometimes you also want to shift your spending, like if you spend 500 USD this month at this store, you'll get some good % cashback. So you end up buying a gift card that you know you'll definitely use next month.
I think this is irrelevant, TBH.
Even if it feels sus, remember that AI is trained on what it sees: even the posts here will make it more and more effective at “writing like a human”.
As for the OP, the claims to exist and have published books, etc. are relatively easily publicly verifiable.
No, $500 isn’t a large amount, doubly so anymore. I consistently have to try to re-anchor, but $100 is the new $20 (sadly).
I never claimed the author doesn't exist.
$500 is objectively a large amount for a gift card. Off-the-shelf gift cards with predetermined amounts are almost always substantially less than this.
The author has been a professional writer since long before LLMs were invented: https://hey.paris/books-and-events/books/
LLMs were trained on books like the ones written by the author, which is why AI writing "smells" like professional writing. The reason that AI is notorious for using em dashes, for example, is that professional authors use em dashes, whereas amateur writers tend not to use em dashes.
It's becoming absurd that we're now accusing professional writers of being AI.
If this isn't AI writing, why say "The “New Account” Trap" with then further sub-headers "The Legal Catch", "The Technical Trap", "The Developer Risk"... I have done a lot of copyreading in my life and humans simply didn't write this way prior to recent years.
Regardless of whether AI wrote that line he published it and we can safely assume it is what he thinks.
There's the further detail of multiple commenters here saying their various contacts at Apple all cannot solve this particular case, which seems odd.
Now that said, given the OP is a published author, it's more likely he is trustworthy on that basis, but personally I still get a "something doesn't add up here" vibe from all this. Entirely likely I'm wrong though, who knows.
Aren’t LLMs evidence that humans did write this way? They’re literally trained to copy humans on vast swaths of human written content. What evidence do you have to back up your claim?
The problem is they were trained on everything, yet the common style for a blog post previously differed from the common style of a technical book, which differed from the common style of a throwaway Reddit post, etc.
There's a weird baseline assumption of AI outputting "good" or "professional" style, but this simply isn't the case. Good writing doesn't repeat the same basic phrasing for every section header, and insert tons of unnecessary headers in the first place.
Repeating your thesis three times in slightly different words was taught in school. Using outline style and headings to make your points clear was taught in school. People have been writing like this for a long time.
If your argument depends on your subjective idea of “good writing”, that may explain why you think AI & blog styles are changing; they are changing. That still doesn’t suggest that LLMs veer from what they see.
All that aside, as other people have mentioned already, whether someone is using AI is irrelevant, and believing you can detect it and accusing people of using AI quickly becoming a lazy trope, and often incorrect to boot.
That’s a subjective statement, but generally speaking, not true. If it were, LLMs would produce unintelligible text & images. The way neural networks function is fundamentally to produce data that is statistically similar to the training data. Context, prompts, and training data are what drive the style. Whatever trends you believe you’re seeing in AI can be explained by context, prompts, and training data, and isn’t an inherent part of AI.
Extra fingers are known as hallucination, so if it’s a different phenomenon, then nobody knows what you’re talking about, and you are saying your analogy to fingers doesn’t work. In the case of images, the tokens are pixels, while in the case of LLMs, the tokens are approximately syllables. Finger hallucinations are lack of larger structural understanding, but they statistically mimic the inputs and are not examples of frequency differences.
Your accusation on the other hand is based on far-fetched speculation.
If this is a published author known to write books before LLMs, why automatically decide "humans don't write like this". He's human and he does write like this!
I know. I just mentioned them as another silly but common reason why people unjustly accuse professional writers of being AI.
> I have done a lot of copyreading in my life and humans simply didn't write this way prior to recent years.
What would you have written instead?
In cases where it makes sense to divide an article into sections, the phrasing should be varied so that they aren't mostly of the same format ("The Blahbity Blah", in the case of what AI commonly spews out).
This is fairly basic writing advice!
To be clear, I'm not accusing his books as being written like this or using AI. I'm simply responding to the writing style of this article. For me, it reduces the trustworthiness of the claims in the article, especially combined with the key missing detail of why/how exactly such a large gift card was being purchased.
It's unlikely that the article had the benefit of professional, external editing, unlike the books. Moreover, it's likely that this article was written in a relatively short amount of time, so maybe give the author a break that it's not formatted the way you would prefer if you were copyediting? I think you're just nitpicking here. It's a blog post, not a book.
Look at the last line of the article: "No permission granted to any AI/LLM/ML-powered system (or similar)." The author has also written several previous articles that appear to be anti-AI: https://hey.paris/posts/govai/ https://hey.paris/posts/cba/ https://hey.paris/posts/genai/
So again, I think it's ridiculous to claim that the article was written by AI.
The post https://hey.paris/posts/cba/ has five bold "And..." headers, which is even worse than "The..." headers.
Would AI do that? The more plausible explanation is that the writer just has a somewhat annoying blogging style, or lack of style.
We're clearly not going to agree here, but I just ask that as you read various articles over the next few weeks, please pay attention to headers especially of the form "The ___ Trap", "The ___ Problem", "The ___ Solution".
No, I'm going to try very hard to forget that I ever engaged in this discussion. I think your evidence is minimal at best, your argument self-contradictory at worst. The issue is not even whether you and I agree but whether it's justifiable to make a public accusation of AI authorship. Unless there's an open-and-shut case—which is definitely not the case here—it's best to err on the side of not making such accusations, and I think this approach is recommended by the HN guidelines.
I would also note that your empirical claim is inaccurate. A number of the headers are just "The [noun]". In fact, there's a correspondence between the headers and subheaders, where the subheaders follow the pattern of the main header:
> The Situation • The Trigger • The Consequence • The Damage
> The "New Account" Trap • The Legal Catch • The Technical Trap • The Developer Risk
This correspondence could be considered evidence of intention, a human mind behind the words, perhaps even a clever mind.
By the way, the liberal use of headers and subheaders may feel superfluous to you, but it's reminiscent of textbook writing, which is the author's specialty.
As for the section headers, my general point was that AI output includes an excessive number of these, and they are often generally of the form "The [noun phrase]". Many times there's an adjective in there, but not always. If you think this is good writing then you're welcome to your opinion, but most writing instructors feel otherwise.
Textbooks don't contain section headers every few paragraphs.
The issue isn't whether AI is good or bad or neither or both. The issue is whether the author used AI or not. And you were actually the one who suggested that the author's alleged use of AI made the article less trustworthy. The only reason you mentioned it was to malign the author; you would never say, for example, "The author obviously used a spellchecker, which affects how trustworthy I find the article."
> If you think this is good writing then you're welcome to your opinion
I didn't say it's good writing. To the contrary, I said, "the writer just has a somewhat annoying blogging style, or lack of style."
The debate was never about the author's style but rather about the author's identity, i.e., human or machine.
> Textbooks don't contain section headers every few paragraphs.
Of course they do. I just pulled some off my shelves to look.
Not all textbooks do, but some definitely do.
After going through my technical bookshelf I can't find a single example that follows this header/bullet style. And meanwhile I have seen countless posts that are known to be AI-assisted which do.
Apparently we exist in different realities, and are never going to agree on this, so there is no point in discussing further.
Yes they absolutely do. What are you even talking about?
The difference is that using em dashes is good, whereas the cringe headings should die in a fire whether they’re written by an LLM or a human.
"The card was purchased from a major brick-and-mortar retailer (Australians, think Woolworths scale; Americans, think Walmart scale)" There's not much of a reason to assume someone else unaffiliated with the author bought this card, he mentions talking to the vendor and getting a replacement which means he has the receipt
It certainly implies the author bought the card for himself, yes; but that seems rather unusual to me, especially in such a high amount.
Why would you purchase a $500 gift card for yourself to "keep a subscription without worrying about it" as opposed to just paying the small monthly amount? Honest question, I literally don't understand that motivation at all. In my mind a gift card is more problematic than a normal credit card in this scenario since it eventually runs out.
Second question: why did you create an HN account just to write this comment?
Asides from the promotional bonuses that other users have mentioned, if you have an Apple Family Sharing group you can only use a single credit card tied to the main account for any payments to Apple, but individual accounts will draw down from their Apple Account balance before using that credit card - so gift cards let individuals pay for their own Apple things (subscriptions or otherwise).
there is a number of services that I pay for with either their gift cards or generic gift cards
I mean that. Exec level. This story and that this specific person cannot get it fixed indicates absolute failure.
I have a feeling that this guy also doesn't get why this happened to him and that he himself contributed towards it with the work of his life.
We all depend heavily on cloud storage and sso . Everything works fine until you are locked out .
And using them isn’t fully voluntary. They are necessary for collaboration . You end up using what your team uses .
You can try to be that “own cloud” snob but it only works if you live in a basement
Every normal person has content in Google , iCloud , OneDrive , Dropbox and maybe more. That’s 4+ single points of failure
You’re just not imaginative enough if you think you’re safe .
OPs only recourse is an insider or a lawyer
It is totally normal in today’s world to depend on cloud services and reasonably difficult to do without it. In China: no WeChat you are practically dead. Here try to join meetings without account, try to send a message on WhatsApp without account, etc… a lot can go wrong very fast. What if you used your Apple account as SSO to other services ?
You see this a lot in the Apple "community". Apple can _never_ do wrong. Apple can _never_ make a mistake. Apple's choices are _always_ the best choices.
I don't understand why people put corporations on pedestals.
edit: about the same role as Greek or Roman gods.
sure i am dependent to cloud services as much as he is, much to my own chagrin, but at least i have all my data backed up??
One of 20 of your services could lock you out tomorrow and that means you’re blocked from coworkers and family
Team builds service. Service depends on first party identity/authentication because it's easier.
... Fast forward 20 years, and no one at platform company even understands the dependency graph from a customer perspective anymore. Especially in the case of rare events like account locks.
Consequently, those customers face a sudden Kafkaesque maze of edge cases that don't line up, as the customer service processes people are funneled through are literally incapable of solving the problem.
Which means the entire "normal" customer support apparatus is unavailable to them. (The same apparatus companies aggressive shove all support through)
This is why there should be regulatory requirements for identity platforms mandating the ability to speak to a human who's empowered to fix your issue + an option for customer-choice decision arbitration + continuous random sample audits with penalties for falling below KPIs (timeliness, correctness, etc).
It should literally be illegal for a company to have their banning system 'oops' and then pretend they don't know you.
Because it's only going to get worse as more AI / probably correct methods infuse account security functions.
I have once for iCloud... and the impression I got was that they must think close to 100% of the population on Earth are potential scoundrels for them to put in so many clauses and escape hatches.
I don’t think it’s possible to fully read any modern TOS from a bigco and not get an inkling of that.
The real issue is why are people signing up to TOS they haven’t fully read, and if they have… why are they signing up for something that directly spells out they are possible scoundrels who need to be dominated.
It’s like some kind of mass self humilitation ritual.
It takes a public scandal, and all.
A direct, on the record, formal agreement to be an inferior.
And then people wonder why they get humilitated and mistreated in complex edge cases.
The sad news is when important people get locked out they can call dedicated support . This case was of someone who wasn’t celebrity enough to have that access
Our shared powerlessness should bring us in communion with others, but the technocracy/corpocracy wants to rip that apart and make us dependent on them for profit.
Good insight - that people dunk on the author as a cope to help the dunker feel less powerless
They should be tripping over themselves of "How can we fix our corporate incentives to actually deal with customer problems". Not "lol OP, sux"
saying "get a lawyer" or "file a complaint" is constructive. saying " it's your fault for not backing up" or "that's what you get by using cloud" is just judgmental. Neither are practical solutions, regardless. Even with perfect backups it would have happened. And for 99% of social people, it's impossible not to cloud.
Your own wrongdoing. Always use a site-specific auth method, i.e. by email. And a separate email for each site.
(Use a catch-all to have different email addresses for different sites, because when one gets hacked, then the damage is limited.)
Hopefully, domain registrars are less prone to locking people out compared to Apple, given cause of the lockout is caused by Apple itself.
Reminds me of the time Namecheap stopped doing business with Russian accounts, even then they still gave some time for them to transfer their domains.
Eg: Dynadot decided what my birthdate is a secure pin two years ago. No combination of it works and I'm not even sure if I'm not shadowbanned for the attempts.
"But I use my addresses on my own domain" ok your domain registrar, then.
So you can use different email addresses for different accounts while having only one Gmail account.
The funniest part was that for one it work great for the signup part, but they used a third party tool for licences that broke because of my e-mail. For another, only the js code was verifying the e-mail, and I could push it by removing the validation. When the owner had to validate my account, they got a message that the e-mail was incorrect when they tried to submit the form. They called me and had a great discussion about web apps security. We had a good time.
I would point out that it kind of prevents you from checking if your email is in a leak database as you need to test each aliases you used.
You need to send them an email to cancel. When I tried they said “you need to cancel from the same email you signed up with.” :/
I like using company initials & random numbers @ my domain .tld
Yes, those companies should absolutely be forbidden to behave like this, and punished heavily when they do. But until it happens (which doesn't look like it will), your data is your responsibility.
Well, i don't. I have my local file storage. Contacts and Calendar get synched, thats it. These get lcal backups, but aren't important so or so.
It's also not at all appropriate to claim people are "developmentally challenged" simply because they don't feel comfortable backing up their own data regularly to an external device. As such I have also flagged your comment.
Sure, it is not directly their fault, when they are treated badly by big tech. Though of course they could have been more careful, and rely less on big tech and cloud. We can all learn from this example, like many others before this one.
The solutions self-hosting storage for non-technical people are terrible. Presumably there's no market for selling a solution that gives individuals data sovereignty. I would guess the margin isn't there and a recurring subscription for something you own is probably unpalatable to a lot of consumers. So this is what we get.
To register on some websites you may sometimes receive: “please use real email from gmail/outlook/etc”.
When you have a business meeting with a customer: “oh just install Jitsi on your mobile phone” is the best way to lose a sale.
Or no way to pay train tickets because you cannot install the app because your Apple / Play Store account is locked.
I've rarely seen (if ever?) a website so stupid and user hostile, to claim that there are no other "real" e-mail service providers out there, other than gmail, outlook, or a maybe a few others. There are services, which reject things like tempmail, that much I have seen, definitely.
Jitsi Meet runs in the browser. Does it not on a mobile phone? Perhaps there is something to this one, if it is the case, that customers in some areas don't even own any working machines any longer and only have phones.
Train tickets, at least where I am from and living, one can always buy, by going to a service center, or online via browser. I never had to use an app to buy train tickets. Even when traveling in China, which is arguably much further in terms of digitization than Germany, I was able to buy train tickets via a website comfortably, upon which the ticket was registered to my passport.
But I get it, there can be such examples.
Though I don't think this really matches the "depend on the cloud" thing. It's more like depending on services, that make use of "the cloud", and not directly using cloud services oneself.
(side-note, with Jitsi, it feels like I have a fireplace log in the hands when I use it)
I think Samsung rejected non-"Big Emails", but pretty sure we can find exceptions both ways.
Fun stuff I found while searching: > https://transportation.ucsc.edu/buses-shuttles/dvs/ > > The Disability Van Service (DVS) is a shared-ride service that provides on-campus wheelchair ramp–equipped transportation for those unable to use the regular Campus Transit system due to disability > > If you are a visitor, please use a Gmail address to complete the form or email dvs@ucsc.edu if that is not possible
and then, the form is behind... a Google login wall
Theres no turnkey solution (of course not, it is prohibitively complex to architect one), but the bits and pieces are there, built on tried and tested software. For example, SMB and rsync and their clients, are practically enough to do backups.
That said, it does make your writing seem very odd. A little bit like the people, who apparently don't know what the shift key does, or how to trigger capital letters on their phones or something, and write only in lowercase letters.
Just because your phone does something silly, and it is not you doing it intentionally, that doesn't mean, that other people will not get a weird impression from you writing like that. In a way, you are letting your phone change the impression others are getting from your writing. And that impression is for many people that they wonder, whether you know the conventions of writing.
Now, like I said, you don't have to care about this. But if you want your texts to not come across like teenager written texts or low effort texts, it would be a good idea to fix your phone's silly settings, so that it doesn't do that to your writing.
If missing, these spaces are automatically added which various autocorrect features of localised OSes or otherwise.
If you are launching a startup, it’s very worthy to push your product on the HN homepage.
I wonder what is his case.
Any lawyer can file a complaint in small claims . OP has paid for a service and has a contract
TOS is binding to both parties .
WTF is this about? So you think anyone proficient in hardware/software lives in a basement? This kind of derogatory statement does not belong on HN.
It’s the snobby part that I’m critical of
Not an average or "normal" computer user? Granted. Not a normal person? No.
It only means that the content is not valuable for them. I know people who created Google Account only because the phone required them to and they do not even remember the password or username, and do not use Gmail (why use email when there is Telegram). If they lose the phone, they would just probably make a new account.
If you were an investor or trader, managing millions of dollars, would you keep the only copy of critical information in a cloud? I don't think so if you are a reasonable person. Would you keep the only copy of a cryptowallet key in a cloud?
Seeing how Microsoft is doing, they’re going to learn this lesson sooner or later.
I don't think the idea that they could lose access to their accounts occurs to most people. I've done enough business continuity and disaster recovery work with small business to be confident in saying it doesn't occur to small business owners. I'm not sure why individuals would be any different.
It's very hard to put yourself in the mindset of a non-technical person.
Most people do not store anything valuable in the cloud anyway. The only problem is that they won't be able to login into Windows if MS bans the account, and they won't be able to install apps if Google bans their account along with phone serial number.
"It just works" was practically a mantra for Steve Jobs, now we turn around and blame users for thinking that it will work
Backup sounds nice and is necessary but is always out of date and recovery is totally impractical .
Many/most of the assets like indexes , references & creds can’t be reasonably backed up and recovered .
I once had to help a relative sue a bank who had closed his account after he refused to answer their very intrusive questions (they wanted to know details about distant relatives living in another country). They also refused to return his money (tens of thousands) and refused to explain why. No amount of complaining or escalating made any difference, although we did manage to get a nice recording of an employee saying that he thought the bank was in the wrong.
It took me issuing court proceedings, plus several more months of negotiating with their lawyer, before they finally settled out of court. Even then they tried to not pay the court fee, and they tried to get us to sign an NDA (I refused to budge on both). Altogether, it took 6 months to get the money.
Similar to how people in this thread are talking about mitigating reliance on cloud providers (e.g. with offline backups), I now do not trust any bank. I avoid being in a position where any one bank can ruin my life. That means having multiple accounts and spreading my money around.
Luckily for me I have a legal background so when a corp (big or small) does this sort of thing to me I don't hesitate to sue them. In almost all cases this causes them to "wake up" and start taking your issue seriously, in a way that the front line customer support reps never do. I recommend this to the author of the original post.
It's my understanding that banks really don't want your money once they've closed an account, they want you to take it back.
Bigger banks, at least in the US, usually do this.
It baffles me how much this community is opposed to Bitcoin (and fails to delimit it from the rest of the crypto-scams on going) when, for me, it is existential. When you go through 1-2 experiences of bank-freezing and you realize your life is literally at stake here, the abstract debates about energy consumption or speculative bubbles feel like they come from completely misinformed individuals.
It's like watching someone on a rail track arguing not knowing what is about to hit them.
iCloud literally encourages users to opt for storing originals only in the cloud. It's marketed as such, it nags you about this every now and then, and iCloud is the preinstalled default cloud storage on every iPhone. Consider non-techies dealing with this too.
Convenience is a hell of a drug.
Concerning all those 'bricked' devices it would be really nice to get some more details concerning the 'block'.
Can you use your iPhone to call someone, can you use your MacBook overall? Login, use Apple Passwords(!), looking at photos within photos app and so on...
Or are all those devices completely locked?
If they’re shared, surely someone else can still access them?
To me this is the biggest problem. Just like a bank can decide to close your account at any time, it's reasonable that Apple (or any business) could do the same. But they can't keep your stuff.
You can say "don't be naive and assume your cloud data is safe", but in today's world that's like saying "don't keep your money in a bank". The reason I pay for iCloud storage is because it's supposed to be safe (safer than my local HDD going bust or getting lost).
While I agree that entering a dark alley shouldn't result in ill effects, if ill effects happen in said dark alley it is still worth the discussion to remind people to stay out of dark alleys in today's day and age (or until the root problem, whatever it is, is improved).
Pretending that it is OK to enter dark alleys and forcing blame elsewhere will continue to have people unwittingly enter dark alleys.
This is not a dark alley. It's the main street. It's the world we live in. iPhone has more than half the market share in the US and well over a billion users worldwide. Moreover, Apple, Google, and Microsoft collectively monopolize consumer operating systems on both mobile and desktop. Try going into a retail store and buying a computing device that is not running iOS, Android, macOS, or Windows. That's the reality for most people.
The dark alleys are the non-mainstream options that hardly anyone knows about.
I don't know why some people have made "convenience" into a dirty word. Almost everything we do is for convenience. You could live in a remote log cabin with no electricity and grow/hunt your own food, separating yourself from most of society, but that wouldn't be convenient or pleasant.
Individual consumers have very little power over the market. There's a collective action problem, which is why governments and regulation exist... or should exist. The way I see it, the root problem is a massive failure by (corrupt) governments to protect consumer rights.
Perhaps the root problem is that we've blown too far past Dunbar's number to be able to deal with the societies we live in. All of these systems we've contrived to mitigate the trust problem are full of holes.
As for convenience, that carries a tradeoff. All of the technology and all of the revolutions we've had (agricultural, industrial, information technology) have come with these tradeoffs. Even the log cabin has downsides compared to the nomadic hunter-gatherer lifestyle.
I think the US government did start that way. Maybe not "corrupt" as such, but the United States was founded by plutocrats and was clearly designed to protect the minority of plutocrats against mass democracy.
> Even the log cabin has downsides compared to the nomadic hunter-gatherer lifestyle.
Yes, but I'd say the nomadic hunter-gatherer lifestyle has even greater downsides, and our current state of convenience is in many ways a vast improvement over the precarious existence of our distant ancestors.
The real solution is to have a neutral, efficient and formal process under supervision of regulators to have such case escalated and handled.
I already see all the tech-bros coming: “you see it was not an issue, they reinstated the account after you posted” while ignoring there are silent victims.
Not only does no one read it but it seems like they are intentionally designed to be difficult to read.
They are written by lawyers for lawyers, not for common people to read.
Of course, that doesn't help in the US with its vicious Supreme Court endorsing the most blatant abuses under cover of binding aritration.
There should be laws to protect people, instead of blaming victims.
This leaves you with just about zero cloud storage solutions that you can use.
Yes, yes, you can rsync your files to your NAS. Now explain that to your non tech-savvy neighbors.
We really need laws for this sort of thing. They should have included it in the DMA for gatekeepers.
There was a time when I accidentally deleted some photos of which I had only one copy. I blamed myself for being stupid not having a copy but also money was tight for additional drives.
Then there is this: depending on a service provider and then blaming them for something like this. The problem is that now you are losing trust in service providers (of which there should be little to begin with) and on top of that you are also blaming yourself for depending on them. However you have to create a trust model where your fault allows you to have a service helping you with it while a fault at the service provider will allow you to restore data from your end too, getting the best of both worlds.
MacOS and Windows / Google with always logged in systems that lock you out completely at their will is an example of how your devices are not owned by you to begin with and then trusting them with your data as well means your digital life is basically owned by them completely.
Now imagine that there are no humans to solve this but endless LLM bots that respond with generic responses because the LLM has never seen a problem like this. I want to point out that owning your data and hardware is really important if you depend on it and your business especially does.
In a complex modern society, we can’t all be expected to have backup plans to the Nth degree.
Is it possible to bore for my own water supply, install solar+inverter/battery backup for electricity, get a medical degree to treat my own wounds? Sure but most would say it’s not reasonable.
It’s why we have regulations and ombudsmans for healthcare, transport, finance, water provider, electricity providers, communications providers etc.
Oddly missing from that list is critical technical infrastructure providers like Microsoft, Apple and Google.
This is why I suggested to have a dual model. Leveraging the cloud and services is really a good choice as long as you have backup systems running independently as well. Your backups may not be as powerful and full fledged as the main provider but in case of emergencies like these, you still own your data and hardware and don’t panic.
In this example a weekly backup of iCloud to a drive connected to a pi with rsync could be a simple solution. 6tb is not even that much given that 500$ gift cards are being used by the author. The backup is not great but it is easy to see why it’s also necessary to own your data.
Regulations exist because it’s impossible for any one person to handle everything that needs to be handled.
Uh, the guy writes programming books for a living.
But since he's all-in Apple he could just use Time Machine to some sort of NAS and get a more streamlined version of the above.
Just because you know objective-c doesn’t mean you know a damn thing about raspberry pis, backup programs, NASes, or anything else. It doesn’t mean you know or want to manage your own network infrastructure. They’re a Mac app programmer, not a Linux professional, not a micro-computer professional, not a network engineer, not a sys admin.
Time Machine wouldn’t work here, because it needs the files locally and he’s already stated he doesn’t have a 6tb drive.
> he’s already stated he doesn’t have a 6tb drive
Someone who uses a $500 gift card to renew subscriptions could afford one
Which is not an unreasonable thing at all considering it's literally marketed as a storage solution for your photos, and a top of that even encourages users to store originals only in the cloud.
A simple usb hard drive will actually do, no need for a NAS. The only action required to implement proposed solution is to check "Keep all data on this Mac" in both photos and iCloud Drive settings. And to be extra cautious add a second backup drive from another vendor (to be extra extra cautious don't use Time Machine for the second drive).
For the specific case of thoses that don't have a big enough internal drive they might need to store data on an external drive. But if you do have 6TB of pictures you normally should ask yourself if a RAID1 or RAID6 is not warranted at this stage.
In conclusion it's not a binary decision there is lot of room between "I solely rely on the cloud" and "never trust the cloud".
Bad analogy. A better one would be having a torch in case of power cuts (done that) having some extra food in the house in case the grocery delivery fails, having some basic medical supplies in the house, having mobile internet connection in case your broadband fails etc.
Having backups of your stuff is an emergency fallback
I’m feeling attacked. Here I was thinking my lifelong work of self sufficiency for my family was completely reasonable until you came along. Thanks a lot!
You don't have to self-host everything in your basement, and you don't have to hand your entire digital life to Google or Apple either. Mail, CalDAV/CardDAV, Immich, Nextcloud, OpenCloud, OpenTalk, web hosting, Kubernetes, simple VMs.. whatever ... fully managed, run by local or independent providers or by the company behind projects, without Big Tech lock-in. If chosen wisely, you can migrate, take over, or bring it in-house when you want. Just spend a few bucks and do some company research. Same as you would when choosing craftsmen, lawyers or something else.
For example, that's actually how we operate as a company for some of our customers and even a few single persons: we provide SaaS AND setup documentation. Customers can transparently take over at any time. We even help separate domains, credentials, and administration from us. Convenience without captivity. I am sure there are hundreds of shops like ours, providing comparable services for people in their wider neighborhood.
[Quote]
Yes they do still get activated at the checkout. But when you go to redeem, the code is missing the last digit or two so it doesn't work. People take the unactivated gift card, tamper with it to get inside carefully so it's not detectable, scratch and get the code, remove the last digit or two, replace the scratch off layer, put the unactivated gift card back on the shelf. Then after you activate the gift card at the checkout, they redeem it.
[/Quote]
From this discussion
ACCC (Australian Competition and Consumer Commission): The primary enforcer of gift card laws, ensuring businesses comply with the three-year minimum expiry, clear terms, and fair practices.
An even more egregious case is the corporate credit card. The company dictates its use exclusively for business expenses, yet pushes all the liability onto the employee. The business gets a massive, interest-free credit line with absolutely no risk. The company gets the float, and the employee gets the bill and the potential credit damage if anything goes wrong.
</rant>
Gift cards are the best proof against the existence of the homo economicus, that's for sure.
We should probably normalize Chinese Red envelopes because honestly I'd take a nice envelope with a hand written note and some crisp bills over the annoying gift cards (https://en.wikipedia.org/wiki/Red_envelope)
Even if you like their services, who knows what they'll do when they have access to your credit card information directly. I can completely understand why someone would pay for their services with gift cards bought from a well-known, respectable store instead.
In fact, it is far worse than paying with a credit card directly in terms of risk. At least, when something goes wrong (which rarely ever happens), the bank has your back. On the other hand, I have seen too many cases where people find their gift card codes invalid.
Not really helpful when your account is the important thing though, you can't do a chargeback without your account getting banned.
In fact, the NSW Civil Administrative Tribunal explicitly requires the Tribunal’s explicit permission for a person to be represented by somebody else, including a lawyer.
But tribunal's decision is binding on the commercial entity, should it be found at fault and incurs penalties for avoidance or non-compliance with the decision.
Sure, but if it's a corporation, who is going to represent the corporation besides a lawyer? In the US, some states explicitly do not allow a lawyer and require a different officer of the company represent them, but plenty do allow lawyers.
If Paris is taking Apple to the tribunal, there's no single human equivalent to Paris on Apple's side. This seems like the exact sort of situation where a lawyer is approved to represent somebody else.
Stripe terms allow them to hold the funds until 'investigation' is concluded but while held, they have the right to invest the funds and keep the profit.
Under common law, lawyers (in the US sense) are not required on either side in the case of handling a dispute or a small claim.
Specifically in Australia, the company would have a complaint department, and the case would be dealt with by a complaint officer, not a lawyer.
If the scope of the case exceeds the tribunal's authority, the case is handled in the state's district court or in a federal court for cross-jurisdictional matters. The official title of the person representing the defendant (e.g. a company) in a courtroom is the barrister, but the case documentation and legal advice are provided by a solicitor.
We send an in-house lawyer to represent us at every mediation and hearing.
Every complaint that goes to an official body is dealt with by the lawyers at that point. Only if they complain directly to us does our “complaints department” handle it.
In many legal jurisdictions, a 'demand letter' holds weight. These can be served by courier, with proof of delivery as valid. One aspect of such a letter is a hard, specific time by which you will start legal action, along with associated additional costs.
You have two paths after the letter. The first is small claims court, or normal court. In many places, small claims court does not allow lawyers, and the judge will even have to explain any confusing terms.
Which means the playing is leveled, including reduced or no disclosure requirements, and legal cost assignments. Where I am, it's $100 to file.
The goal is to force a fix, at threat of legal consequences.
I am sending an email.
You would be better off in the US. Trust me, nothing creates bigger fuzz than complaining to financial authorities.
Apple Pty Ltd, PO Box A2629, Sydney South NSW 1235
Regulatory agencies can forward complaints to other authorities and act based on them even if they can't resolve the particular issue for the complainant.
2. Last time there was a post where this happened to someone, I looked into what you can do if you're locked out of your Apple ID or Google Account.
I know people will say "just self host", but all of the self-hosting solutions are not friendly to families or non-tech people. Telling my extended family to tailscale into my server to look at family photos from vacation is a total non-starter. All of the self-hosted solutions are also just way less smooth to use than the built-in integration iCloud or Google Drive gives with devices.
That said, there are straightforward options to deal with this (at least the data part), if you plan ahead. The high level strategy is to setup backups that let you get _a copy_ of your data not tied to any login you don't control. It's a bummer to have to go through these hoops, but again pragmatically, I'm stuck using these services to participate in modern life.
For Google Drive, you can rclone your data to a computer of your choice to get a copy of your data not tied to Google Account. It will even convert G-Suite files to Microsoft Office format, so you have a copy of the data offline.
For Google Photos, I'm not aware of a great way to get the data - rclone only gets low quality copies of photos. I'm an Apple user, so I didn't dive too deep here, perhaps the HN hivemind knows.
For iCloud and Apple Photos, you have a lot of options. You can use Parachute backup or the PhotoSync App to get a copy of your data not tied to your Apple ID. If you have a mac, you can also setup your mac to download everything offline, and do time machine backups - they are not tied to your Apple ID.
I will also add Synology NASes have a super, super easy to setup way to do all of this stuff (HyperBackup plus Synology Photos app) that's borderline worth the cost of admission on it's own, even with Synology's recent turn to the dark side. If you have non-technical family, you should strongly consider pointing them in this direction, if you can use a smartphone you can probably get this working.
The built-in integrations (iCloud, Google Drive) are smooth right up until you’re locked out or forced into changes you can't control. Obviously.
There is a middle ground though: managed service providers (per-service). You don't have to self-host everything in your basement, and you don't have to hand your entire digital life to Google or Apple either.
All of the options outside of the big ones (iCloud, Google Drive, OneDrive) seem vastly more fiddly and difficult to share with non-technical people. e.x. sharing a budget spreadsheet with my wife, shared photo albums, and so on.
If there are other options out there that work as well as iCloud or Google Drive, I'd love to learn about them.
The best I've been able to land on is making a local copy of the data under my absolute control, while using one of the top tier providers for my "live" copy.
I kind of self hosted for decades on a virtual server until I couldn’t keep up with it. So much stuff broke something in the stack, bringing the server down. Often, I had to initiate a full lock down on everything before going up again, consuming a day’s effort or two.
It's hard to believe EU governments are actually considering mandating iOS and Android as gateways to access government services. It's a level of ignorance that's unfathomable.
This story is also exactly why I invest precious time running a Linux machine in the basement that rclones my cloud drives locally, as well as having full local copies of my webmail contents.
While I agree in principle, it's not so bad. If you get hit with an account ban, you just get another device to work with the government.
There's a good reason behind this approach, even though I don't think the benefits outweigh the downsides. These apps are supposed to be the phone equivalent of the NFC chips inside of passports and ID cards, which have all kinds of encryption and verification inside of them. They have to be protected against malicious data extraction, manipulation, and other fakery.
Phones do have the ability to do that, even free ones, and even regular desktops and laptops. How they do it kind of depends on the implementation (whether you call it a "secure element", a "TPM", or a "trusted execution environment"), but they all come down to "hardware proof shows that this digital signature is not extractable or alterable". The data isn't supposed to be something you can access, like a password, but something you can only do signed reads from, like the physical ID chips.
In iOS, that part runs entirely on dedicated hardware which will refuse to run non-Apple code, which is probably the best approach. On Android, there are more options and many phones run a software version of that concept in a dedicated separate virtual machine to save cost on physical hardware. The security of that virtual mechanism relies squarely on the early boot process having been verified not to be altered by malware. That's what the Google verification library is for in this case.
This approach can work just as well on other hardware with dedicated TPMs (although a lot of free software enthusiasts will tell you those are evil contraptions designed by Microsoft to turn your unborn children into little versions of Clippy) or dedicated encryption modules. However, you'd need a common enough, accessible API for those to function. That's actually quite easy on Windows and macOS, but Linux TPM support is rather woeful at the moment, especially with how uncommon things like secure boot (even self-signed secure boot) are.
In practice, nobody is going to buy a special sort of yubikey to log into their government's tax portal. Dragging people into basic multi-factor security has been a challenge that lasted decades.
However, pretty much all citizens already have phones capable of top-of-the-line security verification. Developing a free app is a lot easier than implementing cross-platform HSM support for a novel authentication mechanism.
All of this comes at the cost of having to run vendor-approved software. That's a huge problem for a lot of HN visitors, but those people form a sliver of a fraction of the population. I'm willing to bet the EU's digital access is inhibited more by the amount of old people without cell phones than the number of people who care about free software.
I personally feel like outsourcing this kind of trust to closed source implementations of vendor blobs is a terrible idea, but it's hard to find an accessible alternative that provides even the lax security properties those blobs provide.
Something I do find lacking in discussions about these technologies is how much the EU is relying specifically on American vendors here. America has been shown to be an unreliable ally that will gladly force the EU's hand with whatever mechanism comes to mind for extremely arbitrary reasons. There is a distinct lack of European alternatives when it comes to accessible secure computing, and I'd rather see the EU invest in local alternatives than go all-in on the security promises from Apple and Google.
That lack of specificity, to me, is why Apple has been able to implement malicious compliance. At the same time the lack of specifics risks companies leaving the EU market in its entirety due to regulatory unclarity with high fines.
https://ec.europa.eu/commission/presscorner/detail/en/ip_24_...
How are people handling this these days? If i wanted to ensure a full backup of everything on my iCloud to a NAS, what's the best way these days? Seems like they make it difficult by design..
What I’m not sure about is how to backup things like iMessages, Notes, and my Contacts. Every time I’ve looked, it appears the only options are random GitHub scripts that have reverse engineered the iMessage database.
The reason is simple: photos require much more processing and focus on performance. In addition, photos take up much more space, so while my Nextcloud instance runs on an SSD, the photos reside on an HDD, mostly in sleep mode.
I don't have a solution for iCloud Drive, as there wasn't a keep offline setting last time I checked. So use it only ephemerally.
There is a keep all files offline setting for iCloud Drive (turn off "Optimize Mac Storage" in Systems Settings).
#!/bin/sh rsync --iconv=utf-8-mac,utf-8 -avh --delete-after --partial --progress /Volumes/myExternalDrive/Photos\ Library.photoslibrary myuser@mylinuxmachine.local:"/srv/myExternalDriveBackup/"
(note: tested with brew rsync, IIRC the default rsync is outdated on macOS)
Somewhere in the directory structure is a folder /originals/ which has all the actual files.
Note that this is only a last resort backup. Restoring the library as a whole requires a Mac with a compatible OS version. Restoring without a Mac would only get you the originals, so only the out-of-camera files (jpg, heic, raw), with no edits or metadata changes from Apple Photos applied (Apple Photos doesn't touch the EXIF data). You'd probably also lose the video part of all live photos, as the live video files stored as separate files and not part of the .heic files. They're there, but not very usable.
An alternative to this workflow is to export all photos (with edits applied) from the Photos app, but honestly I'm not sure if that even works and how long it would take for multi-TB libraries.
You could put Immich data on a LUKS volume I suppose, but then you have to fiddle with your server every time it reboots.
I did PhotoSync for a while, but now I just set up my Mac to download my whole photos library, and do Time Machine backups of my Mac. This gets two copies of the data not tied to my Apple ID (the one on my Mac's local disk, and the one on my NAS on the time machine volume).
Google and MS don’t charge as much as Apple for storage, and you probably need you need to pay beyond the free limits, but it’s not a huge expense.
Once your installed Google Photos and One Drive on your iPhone, just tell the apps to sync all your photos all the time!
Now I appreciate that isn’t for everyone.
But it works, is reliable, and requires no technical knowledge of running your own service.
The other thing to do is setup a Mac that synchs all your iCloud data, One Drive documents and Google Drive.
Then back up that device with Backblaze.
This gets expensive as a Mac with decent levels of storage isn’t cheap!
I live in fear everyday or my primary Apple and Google accounts getting locked!
I’ve had accounts since day one of iTools and very shortly after Gmail launched….
If you take all of your photos from your phone, you don’t need your Mac at all. Google Photos will sync directly.
I wouldn’t use BackBlaze (the $7 a month service). It doesn’t support NAS at all and it has to phone home every 30 days or it will erase anything that is stored on external drive.
I would use an app that backs up to their B2 service.
I personally just use my personal AWS account to back up my Plex media and just use the AWS s3 sync command using the AWS CLI and store everything in S3 Deep Archive. It’s less than $2 a month for 2TB.
What would be the egress fee to get your data back in case of disaster?
Glacier is meant for in case of emergency break glass. You would use lifecycle policies on S3 to go from fast/more expensive storage for like the first 90 days and then have it automatically go to Glacier.
Yes I know it’s more complicated and nuanced. I’m purposefully yada yada yada’ing
Wasabi is much cheaper than AWS as well.
Finally the best solution for backing up your iCloud Photos is definitely Immich. Set it up on your own NAS or a VPS, back up to that, and then back up that server to an S3 storage using rsync or restic. I’ll note that I still backup to Backblaze because its so dang cheap.
I spent months trying to find the best setup a few months ago and this is by far the cheapest.
But still, this shouldn’t be required for normal people. They should get what they pay for.
It’s actually more nuanced. It will back up files on a USB attached drive. If it doesn’t see the drive attached for 30 days, it will erase the backup.
If you have your computer off for more than 30 days and you bring your computer back on and the USB drive isn’t attached when it connects to BackBlaze, it will erase it.
Yeah I’m not going to trust my storage to Wasabi.
AWS S3 Glacier Deep Archive is $1 a month.
Only if you’re backing up nothing and using non-encrypted files and making sure you don’t delete anything (rsync with delete turned off). I tested this not even three months ago. I hit $30 with only 3 tb of data with deep archive while wasabi AND backblaze cost less than that. No need to even trust a single provider. If you’re never changing your files AND you don’t care about encrypting them then yes GDA is fine and pretty cheap. Otherwise wasabi and backblaze get more done for less cost.
I am definitely a fan of B2.
I wasn’t talking about B2 though, I was talking about Backblaze personal, which you can run on a NAS with a docker container.
It copy Photos, iCloud files and my mails once every days to S3 with incremental backups.
It requires to have a full copy locally.
Works great!
It is not hard to configure once, with the proper folders and settings.
yeah that's the thing. When my iPhotos library exceeded 1TB I lost the ability to store the full local copies. Since then, iCloud itself has been the sole source.
Looks like there's some decent, reasonably priced apps to handle this like https://apps.apple.com/us/app/parachute-backup/id6748614170?... (no affiliation)
I wonder if it can calculate (estimate) how big of an external disk I'll need. My wife and I each have 40-50k photos and a few thousand videos in iCloud Photos.
Even doing this yearly can save the immense sadness of lost memories. And of course, this works for emails, and everything else.
If you encrypt it, make sure you use a method not tied to any external service, or the machine you're on. I don't use Apple, yet I suspect that an encrypted external backup might be tied to your Apple ID, or some such, because that's how the world flies today.
I wouldn't bother to encrypt, it's just family photos and I wouldn't want to complicate restores. Especially if it was my wife who eventually needed to use it.
Weirdly, that number is different than Immich’s estimate of my photo library (95 GB vs 150 GB), but perhaps good enough to get you in the ballpark.
seems pretty high touch. A lot of hoop-jumping if you don't have a mac in the middle
How do we know using such a tool won’t trigger an account lockout? How ironic would that be.
Been running it for a couple years without issue. But yes your milage may vary.
I do have a Mac so it didn’t seem difficult to me, but I accept it will be for those that don’t.
:)
I’m being dismissed by I run a rather large homelab and I still want my photos iCloud like, where end devices decrypt and run ML. Immich is a Google Photos clone where you give it everything and some server does all the magic.
You could even set it up so that it could only backup over tailscale or wireguard through a tunneled connection so ALL of your traffic is e2e.
Syncthing is wonderful, and does a great job of syncing between an Android phone's photos/videos and a laptop. And if you have regular automated backups of the laptop, you'll have backups of the photos/videos too.
For an iPhone, perhaps you could use iTunes to sync to a computer and back up that computer.
(One of these days I’ll setup my NAS to backup offsite fo a #3 backup).
I know that others with Macbooks sync their whole library to their Macbook and then Time Machine to a NAS as their copy #2. Is this vulnerable to the problem in TFA?
I will also never have an electronic ID. We (Switzerland) were dumb enough to vote yes for it but we are giving away our freedoms eventually.
We need regulations to ensure vendor cannot lock in users and cannot threaten them. Everything should work like if you have your own domain and use email. If your provider go nuts, move your hosting and change your MX and point your local copy to it.
This should not be reserved to some nerd like me, it should be an universal right.
It is already late, but it can be reversed. We need for more sotires like this one to errupt, so people understand.
I personally prefer this to sending a copy of your ID and a video with my face to someone verifying service provider that verifies my identity for a bank or some website.
What's the link with the rest though? Your government already knows you, whether your id has your information printed with ink or stored on a chip.
Belgium has had electronic id for decades now and I fail to see how it has taken away any freedom, but it has enabled people to get their official documents online without having to make appointments in person in most cases.
With things like age verification becoming mandatory just about everywhere and actual privacy-conscious digital age verification being very difficult, there's definitely a risk towards abuse and badly designed authorization mechanisms (although the EU's open source backend and frontends should make it easy for other countries if they do actually care about privacy).
Yes, ideally a trusted intermediary would do something like… read your digital ID (which stiLL doesn’t guarantee it’s you providing it, up to a point), examine a birthdate, and sign an attestation to a liquor store that “this user is 21 or older” without you ever having to fork over your name, address, or biometric details.
The will to enforce such measures, at least in the US, seems low.
[0]https://support.google.com/googleplay/android-developer/answ...
[1]https://www.digitaltrends.com/phones/google-play-store-wants...
[2]https://digital-strategy.ec.europa.eu/en/factpages/blueprint...
But it also requires id in France, even for people who don't have an eid. Or in the US, and most likely just about everywhere in the world.
I don't see how this is related in any way to having a chip on an id document.
Exactly, for all the victim blaming in other comments, try to explain 3-2-1 backup to non-technical people and you'll be met with glazed eyes.
Sadly I think it's going to take more people losing their irreplaceable data and for the network effect of having it happen to someone close to actually see any change.
There's a surge of people losing their Google accounts with hackers abusing parental controls at the moment, although I suspect a lot of those people will just move to Microsoft or Apple thinking they're safer until they get burnt there too.
As more non-deterministic AI is built into abuse systems it's inevitable that there'll be more false positives, couple that with impossible to access human support to override the decisions, it's a risky time to trust your irreplaceable data with anyone but yourself.
You could do everything right and still get locked out.
It's not really about winning the claim. It's about getting them to acknowledge you and hopefully resolve it before the court case comes up. That is, you want them to "settle" by restoring your account.
IANAL and YMMV.
(With the exception of some services like their credit card, but you can opt out of that more easily than any other arbitration clause I've seen.)
I've had to do it before, also for a gift-card-related problem (different from yours), and I was contacted by a member of the Apple executive escalations team a couple days later.
I imagine it could be helpful to other people in the same situation.
I did read about part of the product development org having a standup about trending social media cases, and prioritizing followup on items that were under public scrutiny.
Believe me, I have no desire to defend Apple. Their behavior absolutely sucks. I just want a good resolution for the author of this blog post.
I can understand this happening if it was a freshly created account topped up with a sus gift card but it’s unacceptable that the first action is to completely block an account with history.
Even more concerning is the nonchalant support response to “go create a new one” with emojis. C’mon Apple — this is just a terrible way to respond to this situation.
If the only way to get your digital property back is a public plea to your Lord, that's called feudalism. Everyone should be treated fairly, not only those who can get their public pleas heard.
Just like landlord can't just lock you out of your house, with all your property inside, but has to go trough legal process, we need to have legislation and regulation for the same with digital property.
Given how invested you are in the Apple ecosystem I can’t fathom why you would go get an Apple Gift Card from a store to do this kind of transaction, though. It wouldn’t even cross my mind to do it that way.
You can even use this to get an effective discount on hardware, as you can use your Apple account balance to buy from Apple.
Obviously I'm not claiming it was OP's mistake, that wouldn't make me any better than the guy who was telling people "you're holding it wrong™".
We are obviously not going to get a fuller idea about this situation from a blog post, and while I won't assume that the author has done anything wrong, there have been similar stories in the past where the affected individual was deliberately withholding the whole, much more illegal, story.
Presuming his innocence: What could have happened here is that the gift card he's purchased has been marked as part of a scam operation. Apple gift cards are frequently used for "tax bill" and "police fine" scams in Australia (where they are sold there is often signage informing people of that.) So potentially this person is accidentally roped into that.
Also it's not entirely unheard of to purchase gift cards for long-time users (who would normally just use their linked credit card), as the cards are often sold in the retail space with a 10% discount, or can be redeemed as rewards through points/loyalty schemes.
With all that said, at this point if he's not getting anywhere, he should approach a lawyer, as they'd be able to petition on his behalf (whether that is to Apple or to the state of Tasmania.)
One day he was bricked from his accounts because he ran afoul of Apple’s ToS. The problem then was I couldn’t feel sure that he hadn’t actually done something which a reasonable person would say should result in account closure.
Paris’s case is much more strange, because it feels more likely to be a false-positive.
There is no legal right to have an account with Apple or Google, and I’m not sure I want there to be. But so much of our lives are built on these services and these stories erode our trust that the services themselves can handle the responsibility of adjudicating acceptable use. We need our digital accounts to be robust in the very long-term, even when there are bad actors who want to do all manner of bad things. And we need to feel confident that a properly empowered human reviewed the case and can articulate the reasons for a ban. When we charge a person with a crime, we tell them what the crime was and give them due process to fight it. I’m not sure I want the courts to decide these questions but we need some more due process when it comes to account termination.
There shouldn’t be a legal right to an account, but there absolutely should be a legal right to sit down with someone from the company to plead your case, understand why the account was locked, and at least be given the opportunity to gather your things if they decide not give you a second chance.
If you get evicted from an apartment they don’t just change the locks and keep all your stuff…
You could make it so costs for arbitration could be paid up front by the person appealing and then if the account deletion was deemed wrong the company refunds said user. Could probably apply to monetisation on YouTube that I see withdrawn for very dubious reasons too.
We need a constitutional amendment that prevents binding arbitration agreements, which removes judicial review from public accessibility.
There absolutely should be a legal right to pursue this through the courts (which require a response from the company, to avoid default judgment).
----
My main PiHole blocks all of *.google.* & *.apple.* for many reasons. My exploration into PiHoles began a decade ago, after Google pulled a similar response-less account termination (without explanation). This left me unable to update a blog (with several million annual impressions), with no recourse [0].
[0] Unlike OP's situation, I was able to download most of my writing/photos, only because they were public-facing (website).
People running scams that will shamelessly and relentlessly pull any string at their disposal to keep their account running.
- that Apple *can* always *just* disable their account
- that Apple regularly *does* do that
- that Apple does not care about them at all
We need more stories like this hitting the mainstream news until even a non-technical person's reaction to this is "well, what did you expect?"
You should approach a lawyer to petition Apple and the Tasmanian police on your behalf.
I have fresh experience of setting up Azure/M365 and AppleDev for my startup. Those things are scary as f*uck, in many perspectives:
(1) Dark patterns everywhere (click this checkbox and we'll buy you a license, oops +xxxxx €/$ per year just came; get one-month trial for O365 to get bizaccount, select 1 license, see that there is 25 licenses (~ 4k €/$) to be renewed if I don't cancel).
(2) Microtransactions everywhere (e.g. Azure VM SSD I/O: every read/write operations costs), DDOS and 10/100 k€ bill coming. Everything "scales", especially bills. And no billing caps, of course.
(3) Codesign with Microsoft: I have option to wait weeks for freight ship to ship USB cert token (if it ever survives past toll/postal service after that), or use AzureKeyVault, but that is officially only for companies that has taxes/accounting for 3 years of operation. So no startup can use that by this requirement to codesign?!
(4) AppleDev (and kind of Azure/MS too) requires DUNS number, which takes 6 weeks to get in normal case. Apple's 5 bizday route doesn't exist anymore (at least not for non-US-based companies). Or just use D&B magic link from Grok and get it immediately in 5 mins.
(5) If you base your business on Azure/M365 and AppleDev and be obidient and compliant (as I am doing/being, because I'm building real legit and long-term company, not some hussle project), it still doesn't matter, because they can just can decide by human/ML to shut your business operations and means of living. And getting answers like in the title's article's screenshots with those emojis are just the most non-human interaction that there can be done for affecting so devastatingly to someone's life/business.
These are the most disgusting things that I know of.
I'm curious about the apple's passwords app. Where you able to use it? What about passkeys?
At the Apple Store, the employees suggestion (a more senior one, who was consulted) was to buy a gift card for the computer’s cost (~$1500) and pay at the online store with that. I didn’t do it because buying “virtual stuff” for that amount seemed crazy (this was a huge amount of money for me, at the time).
It makes me so mad, that's insane!
"I understand, relieved face"
Literal psychopath reply.
Since then I have been removing myself from the ecosystem - my email is from hey, file sync on Dropbox, obsidian for notes, whatsapp for messages. Sometimes it doesn’t feel as joined up, mostly it is way better.
Moved to framework computers + omarchy last month and am not looking back.
If you are buying large amounts of gift cards and then redeeming them, it is critical that your purchasing patterns do not look suspicious, such as buying more things that a normal user might need: multiple iphone wallets, multiple iPhones, or similar items.
How many account lockouts must occur before we accept that digital life built on permission rather than ownership is inherently fragile?
Mine was the same, and that's all it took. Nothing was lost, as the account itself remained the same.
Perhaps between the scammer redeeming it and the poster then trying to redeem by entering the same code, the scammer’s account was flagged and then the OP’s account terminated along with the scammer for using the same code (even though the OP had done nothing wrong).
Why in the world do we let tech companies adjudicate our service relations?
She told me to email Tim Cook directly (his email is entirely guessable).
I did this and within a day or two my access was restored.
This does not seem strange to me and could be a course of action. When I moved my domains off Google because of this type of "banned without recourse" possibility, I found a registrar that had a physical address, small office, and people listed on the company website (porkbun) so in the worse case I could fly to the office and straighten things out.
No mention of even going to an Apple store. Maybe the nearest one is very far away from him?
Maybe now we will start seeing a reversion to the people in it for the passion.
You assumed wrong. Honestly that was never case, but maybe it was better 15 years ago
Hackaday is a content aggregator site that usually has more content on these topics - https://hackaday.com
Or there are still some good old blogs out there with RSS feeds http://www.righto.com/ http://oldvcr.blogspot.com/ https://blog.ret2.io/
https://skogsbrus.xyz/dont-put-all-your-apples-in-one-basket...
In the past people have emailed Tim Cook directly - his email id is fairly easy to find.
Edit: "I have escalated this through my many friends in WWDR and SRE at Apple, with no success."
This doesn't bode well.
WWDR stands for World-Wide Developer Relations and SRE stands for Site Reliability Engineering.
My own experience with big tech account bans was much milder, so I learned my lesson without much pain. I got a "free Azure credit to learn cloud computing" email from MS, redeemed the credit, created a VM, started clicking around the settings and got locked out. Raised a support ticket, asked what I did wrong, told my account was flagged for suspicious activity. I asked what I did wrong again and got a reply that my case had been reviewed by a human and that my Azure account wouldn't be reactivated. Thankfully, my primary MS account didn't get banned for that.
Conclusion #1: it's frankly insane that a big tech company can fully terminate your account with no means of recourse. People like to mock the EU and its lawfare, but I think it is the best candidate to force the tech firms to implement some sort of firewall between their various services, so they can't terminate your access without prior notice or without compensation.
Conclusion #2: those who are reading this, don't put all your eggs into one basket and teach your friends and relatives to do so as well. That is, if you have to use the services of various big tech companies, spread them around. Have a boring account with one company that you use for free stuff, a boring account with another company that you use for paid services (if you can purchase services X and Y from two different companies, do so), a boring account with a third company that you use for getting paid, a fourth account that you use for shitposting and getting into arguments with internet strangers.
Break that discipline and you are exposing yourself to this danger.
Time to say bye to Apple and Google for good...
Any company or entity ought not to be allowed to wield power over our lives, like locking someone out arbitrarily, let alone via some asinine, half-baked algorithm.
If this situation somehow escalates until they have to take action, they will already have made so much money that is not a blip.
They don’t care. You as an individual customer means absolutely nothing.
The thing is, that account was just used for dev. things for the US company, which builds/sells software for the US federal government (among the other US entities).
It would not be very wise to do fraud.
I've started on my de-appleification plan in earnest this year:
Not too keen on passkeys without an easy way to backup.
Same goes with sign in with Google and Apple.
That is why I prefer OTP all the time, easier to backup and restore.
Why do people still do this, why??!? This is not an ignorant user! The author (and victim) has written several books about Apple tech, how do they not know that these "platforms" cannot be trusted with anything -- especially data that isn't backed up somewhere else!
Companies don't care about people, and the bigger they are the more evil they behave. They need to be treated like hostile business partners because that's what they are. They're only after money and absolutely nothing else.
This is not some radical leftist manifesto, it's the plain reality. And it's not new either. It's always been like this.
Centralization of power in unaccountable organizations has always been a recipe for disaster.
I could suggest some slogans:
"Apple. Not even once."
"Friends don't let friends use Apple."
But I think this is a problem that merits more than slogans.
No appeal, no reasons given, no possible way to create another account.
Just. Banned.
The companies need to be big enough to provide the amazing services they do, but once they are large enough they will never care about individuals.
My internal model of large companies is that they are intelligent, psychopathic aliens. The people in them are like cells in our body, important for the function, but with no agency, and they are not who you are dealing with.
You're dealing with the company, and it's an inhuman, psychopathic alien.
That‘s always the most kafkaesque part of these problems and should be illegal
Of course, this is absolutely silly and beyond absurd, for bad actors share information of forums, can deduce fairly easily, and even have help from people on staff.
Such actors typically know about detection and flagging methods within days of implementation. There's literally zero benefit to secrecy. None. Security through obscurity can be a beneficial additional layer, but it simply never helps here.
We really should pass a law requiring full disclosure of the precise method of banning. I can even see a 'trial' period, where accounts activated (and used!) for 3 months receive this benefit, but new accounts, or new + dormant accounts do not.
This should likely be coupled with mandated full refunds of phones or computers, as an example.
Note that this isn't a 'free' account we're talking about here. An Apple account, or a Google account is required to use an iphone or pixel in its default config, and all the features it entails. These accounts aren't free, they're part of purchase cost, and core-required.
(Even if it's a, for example, Samsung phone? It comes pre-installed, with uninstallable Google Play cruft, as part of an agreement with Samsung. Same conditions need apply here)
And Google will now be throwing up massive "OMG! You're going to install an app that isn't from the Play Store?!" warnings to anyone that tries, including requiring some degree of technical skill to do so.
https://news.ycombinator.com/item?id=45908938
You can nitpick this, but the truth is my comments are about the average user, and from that perspective, factually accurate.
it is very likely illegal to tell him. it was triggered by the use of a gift card, and therefore very likely to be AML, and in many places (I am not sure about Australia specifically) it is illegal to provide information in the circumstances.
That seems like a dangerous loophole.
Imagine being banned from all online activities without any reason given.
Google and Apple can and will delete your content at any time for any reason and there is no appeals court.
Am I missing something? My current perspective is that not only am I free of all the hassle that comes with building for a closed ecosystem, such as managing a developer account and using proprietary tools, it also comes with much harder distribution. I can put up a website with no wait time and everybody on planet earth can use it right away. So much nicer than having to go through all the hoops and limitations of an app store.
Honest question: Am I missing something? What would I get in return if I invested all the work to build for iOS or Mac?
- Shared clipboard across devices - Shared documents - Shared browser - Shared passwords - Free, quality office suite - Interoperable devices (use iPhone as camera on Mac, for example) - Payments across different devices (use clock to pay, for example, shared with your iPhone)
All of this with just one account without any third-party service.
And billion of things more, probably, I'm not a full Apple head.
And when I hang out with people who ARE in Apple's ecosystem, to me it seems they struggle more to get things done than me.
Why would I want a shared clipboard across multiple devices?
I guess you've never had to type something first on your laptop to paste in a phone app, or vice versa.
Or open a link from a phone messaging app in your laptop browser.
The overhead of starting it and typing "laptop.tekmol" into the browser on both machines is only a few seconds.
That seems mich saner to me than to constantly have some interaction between the two devices going on.
Normal people just message themselves on tg or wherever you send and receive messages.
Geeks use KDE Connect.
Whatt you do is weird.
There are so many companies that control access to every part of your life. Your argument is meaningless because it applies to _everything_.
A trustless society is not one that anyone should want to be a part of. Regulations exist for a reason.
All the things you mentioned (registrars, ISPs, registries, etc) have multiple alternative providers you can choose from. Get cut off from GCP, move to AWS. Get banned in Germany, VPS in Sweden. Domain registration revoked, get another domain.
Lose your Apple ID, and you're locked out of the entire Apple ecosystem, permanently, period.
Even if a US federal court ordered that you could never again legally access the internet, that would only be valid within the US, and you could legally and freely access it by going to any other country.
So in fact, rather than everything being equivalent to Apple's singular control, almost nothing is equivalent (really, only another company with a similarly closed ecosystem).
Your logic makes no sense since you can easily switch to Google or whatever other smartphone providers there are (China has a bunch).
But of course those providers can also cut you off, so what I said still applies.
I've managed to reset the password, but I must answer a security question to log in. I mean, I answered those security questions probably a decade ago and I do not know what they are anymore. You can reset your security questions, but to do that you need to use an iPhone (last one I owned was a 4) that is still logged in, or, answer a security question. Which is as we established, the problem.
So every couple of months I log in, try a few other possible answers, get them wrong, and get locked out for a bit.
Anyway, I need to get this fixed my march, due to apple being the formula one streamer in my country now, so I have to actually solve the problem of logging in to my apple account. Or, I guess, making another random email just so I can watch f1. Sigh.
But if anyone knows how to reset security questions, I'd love to know. I would way rather pay apple actual money than go back to torrenting the races.
Re: "mac.com isn't doing email anymore", all the original mac.com email addresses still work fine. Apple has played around with various domains (mac.com/me.com/icloud.com) over their decades of bumbling with online services but they made them all interchangeable for older users, mails to the original @mac.com emails still go through. Even originally made aliases (they allowed 5 with iTools) still work. Not sure what your issue was on that one.
Finally yeah, ""security"" questions are one of those horrible legacy anti-patterns that I will cheer to see finally be dead and buried. If you try to answer them honestly probably anyone can learn it with a bit of online searching, if you go for more obscure stuff they're easy to forget defeating the purpose. It's really best just to treat them as extra passwords, use random alphanumeric values and keep them in your password manager same as the password. Apple has also fumbled around with recovery over the years, at one point you had options to have a manual recovery key you could save but I think that's dead and can't set it up after already forgetting. Maybe if you go in person to a store with physical ID and evidence, if you had payment associated with the account and have that credit card for example that might do it.
If you have nothing of value tied to the account though probably no reason not to just abandon it.
youremail+anystring@gmail.com will always redirect to youremail@gmail.com Before making a random email address, try using youremail+f1@gmail.com or something similar.
On a device: Settings > (iCloud user) > Sign-in & Security -> (+) {{name}}@gmail.com
If that doesn't work, then use the dot trick.. y.ourname@gmail.com = yourname@gmail.com.
you can in the meantime, and for the future, try compartmentalizing services you use. the old saying of "all eggs in one basket" applies here as well.
VPS, hard drives, etc. are cheap and keep you more in control of your own data than you're with big tech.
Is your advise to avoid all Apple hardware?
Or buy backup hardware none of which will run MacOS / iOS, so you still couldn't access things like your Apple Developer account, or any shared documents?
The stories of online-only service failures are legion. And yet if you can get face to face support, even one person can do so much. The gap is infuriating.
I didn’t notice, do you have a Brick and Mortar Apple Store you can visit? I can’t help thinking this as I read the post.
Of course this is not a physical hardware issue. Where a store employee could just hand you, say, a new phone. This is on the level of getting a slot on Tim Cook’s day planner, though I imagine the person with the ability to fix this is an underling many levels down Cook on the org chart.
Unfortunately I still don't know a service I can use that will allow me to sync my current MP3s / what I have in Apple Music, and export it if I need it. There's really an issue of owning data and being able to take it elsewhere :/
I'm relatively happy with Tidal, but there are definitely a number of moments with it that make me sigh and internally say "see, this is why Spotify is winning". so much of it would be easy to change too, they just don't do it.
I've got Spotify as a native app in my 2024 ev and it's strange in that it starts songs like 1 second in, all the time. very unclear how that happens other than a software bug.
...and then nothing. No sorry, no "here's what went wrong", no blog post to address the angry masses, no recognition, reconciliation, or reformation. Just things working again and silence.
Well, it can always be you.
On a meta note, Fuck Apple, I'm so glad I didn't pursue an iOS developer career 10 years ago.
This is the kind of thing they need to be sued on a massive scale for to solve but it's too rare and too expensive for anything to ever happen to them for it.
On the other hand, great learning case on putting eggs in one basket and on "own nothing and be happy".
Incidentally, the guy's .paris domain name may be next unless you are a resident or have a business related to the region of of Ile-de-France
I mean, isn't writing what you said you do for a living?
Absolutely horrible black mark on Apple.
I'll be buying an external HDD to download all my photos / iCloud docs to. I've been too trusting.
I know this might sound cynical... But the author should really understand that Apple gives less than zero fcks about them. Apple is known (and, weirdly, loved) for being tyrannical in this sense. Apple is known for their "my way or the highway" approach to anything, without much explanation and with self-attributed "we're always right" attitude.
> The Damage: I effectively have over $30,000 worth of previously-active “bricked" hardware. My iPhone, iPad, Watch, and Macs cannot sync, update, or function properly. I have lost access to thousands of dollars in purchased software and media.
And that's why people complain about Apple's walled garden. Given the size of the damage I'd look into getting a lawyer involved, and possibly try and get Apple to court (in coerce them into being reasonable).
Frankly, I'm taking note of the archived page (https://archive.is/jrsLV) that I will reference to anybody that will ask why not to trust Apple in the future. Note that Google is also known for having a similar approach (there is no way to get support if something like this happens UNLESS you happen to know somebody inside google). Amazon on the other hand has made customer support one of its defining traits.
Btw if you are doing any decent amount of tech stuff, you should REALLY get off walled gardens and at the very least have an on-premise backup solution (an off-the-shelf nas with spinning disks could be a good starter solution).
Even though I:
- had my recovery password
- re-confirmed the email
- re-confirmed my phone
They just kept telling me "we'll contact you in two weeks", and kept not following.
Then after the 4th recovery they sent me my recovery link on email (in any case weeks later).
Worst of all? Their privacy and security they keep repeating like propaganda are beyond bogus. Sure, they de-logged me from all of my accounts, that I appreciate, but I had 0 issues accessing all of the contents on my hard drive if I was a thief with a simple script in recovery mode I could still access everything. Where's the security? Propaganda only non-technical normies believe and then repeat.
I'm never ever buying Apple products ever in my life, I've got MBPs that my clients send me, but that's it.
If this doesn’t get fixed, I’m going to have to rethink a lot of my digital life, including my company’s.
They feel convenient, but they will keep changing their TOS to disadvantage you further and further as time goes on.
Everything you upload is scanned into their AI to create a profile about you that they can then exploit (once again, to your disadvantage). They do it despite regulations against it (Who's to say what they're complying with, deep in their complex data centers? Who's gonna even check? And how?) This is why online services that take control of your data are such gold mines (subscription fees, analytics, profiling, etc). They get you coming and going.
And of course, the account terminations: The earthquakes and "natural disasters" of the online world that destroy lives with no consequence or care.
When your data is not in your sole possession, you own nothing.
Don´t check in to Hotel Cupertino or soon you'll be singing along:
Mirrors on the ceiling
The pink champagne on ice, and she said
"We are all just prisoners here
Of our own device"
And in the master's chambers
They gathered for the feast
They stab it with their steely knives
But they just can't kill the beast
Last thing I remember, I was
Running for the door
I had to find the passage back
To the place I was before
"Relax," said the night man
"We are programmed to receive
You can check out any time you like
But you can never leave"You can have free services, you can have paid services but they ALL absolutely have to be answerable to the consumer
Speaking of which, the guy's .paris domain name may be next unless he is a resident of Ile-de-France etc.......
Seriously can we fucking have any products that work, in the 21st century
Or is the answer just "lol automation is cheaper"
>I live on the land of the muwinina people. Sovereignty was never ceded.
Take this shit off your website.
I just want to keep using my stuff, and getting on with the fun things I get to work on. I don't have a strong attachment to Apple, I have a strong attachment to the familiar productivity I normally have.
Reconsider at least that part. You can work with and use their products (as I do at work with the GSuite or AWS) but I will never recommend or evangelize for them or rely on them with things I care about.
I don't know what the solution is, but I think part of it is deliberately divorcing yourself from the big players as much as you can, which isn't much for some people, and encouraging government efforts to break them up and pull down garden walls whenever the opportunity arises.
This is what government is for even if we've forgotten it in some places.
Let's just hope more people read the story.
I will empathize with you then and with your inability to empathize with the fact that people are different. Some people don't want to admit to themselves that this world is a wolf eat sheep world, trust that if you're a law abiding citizen, you shouldn't expect to be unfairly treated. Some people have more priorities and no time to dwell on harshness. They also would love it if everything just worked and you didn't need to spend 2 months of your life to configure things and always have to DIY everything.
They're not like me and I accept that. I will never use Apple & Google Cloud for my personal things. But I will empathize for those who get unfair treatement from these companies.
The whole meaning of a society is that we look out for each other, these big corpos have lost the plot, but I will not.
It is supposed to be : I buy a service from you, I did nothing wrong, please treat me fairly and do actually deliver on what I paid for.
That we don't trust them isn't how it's supposed to be, I wish I didn't have to do all of these things I do to keep away from big corpos, but this isn't how it is supposed to be. We're supposed to have the ability to trust each other in a society.
Apple is clearly in the wrong, and I'm certain that there are thousands of similar cases that are less public. The author is one of the best-positioned people to know and understand that. I'm sure they'll also get their account back, unlike many others.
(I can empathize with the difficult decision they'll face after that: do they continue to promote Apple, or try to reinvent their career somehow?)
"Looking out for each other", in this case, implies telling the people you care about to have backups, and helping them set up. I do that, a lot. I'd try to also help with this plea, if I had any pull with Apple.
I don't understand the sections of your comment with the word "supposed" in them. Supposed by who, and on what basis? What paid-for service are Apple not delivering? I assume they don't charge the author anymore.
PS: My plan is to wait for Apple to release a folding iPhone to move back!
https://account.apple.com/account/manage/section/subscriptio...