So i'm not the only one, huh. Got myself an iPhone, downloaded 2 apps, went to bed, woke up to a complete lockout. They unblocked me through a phone support request, after 18 hours, and then hit me with a fresh ban, not even 24 hours later. Account got permabanned after like 5 more calls, where they just started sending me a legal notice instead.
The fact that your device can become a complete brick, because of an issue in their completely hands-off account management system, smells like a class action suit
> The fact that your device can become a complete brick, because of an issue in their completely hands-off account management system, smells like a class action suit
This is HN frontpage. It's on a big "Mac" website. The damage is done.
Many are going to write nonsense like: "Apple is still a $2 trillion company, so this obviously works for them" to which I'll respond with a simple question: Did it not work for Apple before these SNAFUs? Does it work better for Apple now, after fuck ups like that?
It's not normal behavior and they are losing customers over this.
We had an Apple "moment" in the family: around the 2012'ish MacBook Air era. Two at home and they worked fine, for about ten years. Then the battery issues, the keyboard issues, the trackpad issues. Eventually these MacBook Airs died a painful death.
I'm on Linux since the nineties (and, yup, I can get into my system with Apple or Microsoft forcing an online ID down my throat) but the Macs were convenient for the wife.
So we bought a MacBook Air M1. After 13 months or so the screen died alone, overnight: was working fine before closing the lid, was dead in the morning. There are threads with dozens of pages on that subject.
That's when I switched the wife to Ubuntu. Ubuntu, Linux Mint: she doesn't care. Heck, I probably could have her use Debian or Devuan (Debian without systemd).
Apple is done for us. It's over. We'll never ever buy a Mac again and I'll never ever recommend a Mac to anyone.
And I'm far from the only one thinking that way.
The damage is done.
Rationalize as much as you want, invoke AAPL's market cap as much as you want, and enjoy being locked out of of your devices without any recourse.
Everyone has a brand they're never buying again because of a few problems they had in the past. For every new brand they _are_ still buying, there are 10000 other people who are never buying _that_ one again because of a few problems they had in the past.
The only difference I've seen between Apple and my previous laptop brands is that their support techs are useful.
And unlike, say, Samsung Ultrabooks or even Microsoft Surfaces, Macs last a really long time. My kids are using my 2011 MacBook Air and 2009 iMac and they still work, even the battery still kinda hangs in. They've had a few rough years 2016-2019 with the butterfly keyboards but I don't know many current manufacturers with products as solid long term.
In my experience laptops from the competition are as durable when you pick up the professionnal line instead of the general consumers one. That will be Lenovo thinkpads, Dell latitude, HP elitebook, etc.
Lenovo has been tarnishing the think pad brand for several years now, pushing plastic junk that also has the thinkpad branding. It’s not enough to stick to thinkpad anymore, which thinkpad matters.
Ditto HP. Their machines are… not great to operate on (from a maintenance perspective), their hardware maintenance manuals are much lower quality than they used to be…
Only dell latitude hasn’t disappointed me yet, and I fix laptops as a hobby so I’ve worked on quite a few 2014-2019 machines.
Agreed. There are countless old models you can buy off eBay, drop in a new SSD and battery, install your distro of choice and keep using for several more years. Almost all models of that kind have a lot of serviceable parts, for example replacing the thermal paste is usually easy and makes the cooling better than it was brand new.
I haven't bought one myself simply because I have my own units that still work 10-15 years later. The screens mean they're dreadful as actual hands-on laptop experiences, but they're perfectly fine for home servers with built-in battery backup and management console.
My HP hybrid tablet, now over 15 years old, still works (when plugged in).
My dad's IBM Thinkpad, older than most people currently on this website, still works.
Apple people like to claim that Apples last longer than their competitors, but that simply isn't true. Most people, myself included, can't tell you what Dell or HP support is like because we've never had to use them. But every Apple user knows what Apple support is like, because every Apple user has had to use them.
I'm writing this on a 2013 MBP. This specific machine is slightly bent and endured being hit by a car. Those other laptops that you mentioned, that aren't made out of aluminum would be dead. I've also had a few Lenovo T410s (circa 2010). I would say the quality and spec of those T410s isn't up to par with MBPs of similar era. Their CPU fans fall apart. They tend to overheat. The hinge breaks- plastic. The display and audio quality is worse. Software support also sucks. At some point newer versions of Windows just don't have good support, the webcam from example doesn't work in modern Windows. On the Macs though you can still run fairly modern OS and everything works. I would totally take a 2010 MBP over a Lenovo Thinkpad of any type. (EDIT: from the same era)
I've also used top of the line Dell laptops over the years and a Lenovo Yoga.
Way way back I used to have a desktop color Macintosh of some sort (I forget the model, a 68k, maybe IIci ?) and as PCs were getting tossed in the landfill for years while the Mac kept going and running most new software.
I just bought my daughter a laptop and decided to go with the MacBook Air m2. Great value for money IMO. Not sure what's even close in terms of performance, build quality, battery life etc. This should easily last 10 years.
No. Those other laptops WOULDN'T be dead. They WOULDN'T be dented either. ThinkPads from that era had a maganisum alloy frame. They are hella rigid but the plastic shell gives enough bouce so they don't dent when dropped.
And macOS software support is awful. It's completely random and up to the whims of Apple with some models getting only 6 or 7 years support if you bought at launch.
As someone who used to manage a tech support department with a bunch of Dell and Lenovos for a large traveling sales team, I can assure you that they are not “hella rigid” and definitely will die and break when dropped from waist height.
Meanwhile I just disposed last year a 2008 MBP with a swollen battery and cracked case that I used daily as a secondary device on my desk (for about the last 7 years) until day I decided that it was more a liability because of the battery maybe deciding to explode soon than help.
I'm not talking about a dent. I'm talking about the entire (closed) MBP bent by a car driving into it. There is no way a ThinkPad plastics wouldn't have broken (and its frame bent). But I guess we can't perform this experiment. Plastic is just not as good a material - sorry. Not just is it not as strong when new it also doesn't have the same longevity.
The ThinkPads are pretty good vs. most laptops in terms of design and durability (going back to IBM). I still think the MacBooks are an overall better design. I owned 3 T410s for many years and repaired them and kept them going so I'm very familiar with their design (And all the things that broke or failed over those years). The laptop I'm using right now is a 2013 MBP (which has been my daily driver for a long time with zero issues) and I have a new 13" M3 MBP work laptop (a great laptop) and another 2012 MacBook right here with me.
I agree 6 year OS software support isn't good but the 2013 machine still got updates up to the end of last year (though can't run the very latest OS). That said, as long as applications run on the older OS it's not necessarily such a huge problem unless some critical security issues pops up.
It's all a matter of tradeoffs. Aluminum is nice but it doesn't protect the internal glass panel from shock damage and a $600 topcase replacement if you mess it up. Especially on the older Macs, that chassis adds to the weight and leaves them pretty fragile considering their tank-like exterior.
Speaking for myself, I'd rather have the plastic Thinkpad. Lenovo commits well to the OS I use (Linux) and I don't want to baby around a laptop that threatens to bankrupt me if I drop it on the Starbucks tile. In terms of longevity, I can do a hell of a lot more with a 10 year old Thinkpad than I can with a 10 year old Mac.
> Not sure what's even close in terms of performance, build quality, battery life etc. This should easily last 10 years.
Recently picked up a Lenovo Thinkbook with a Ryzen 5800u in it. Basically a Steam Deck in sheep's clothing, with a nice HDR 1440p display. I gave it to my brother, and I expect it to last just as long (if not further with community driver support).
The M2 is faster and more power efficient than the 5800u. The display is 2560 x 1664. I think the Air display is better and brighter. The speakers on the Apple laptops also tend to be better.
Not sure about drop resistance or cost of repairs. I've dropped MBPs and they were fine (anecdotal) and the MBP I'm using was literally hit by a car and was slightly bent as a result and still works.
The battery life of the air is supposedly 18 hours and having no fan is also nice. No laptop I previously used compares with my work MBP m3 for battery life or performance. The air weighs 2.7 lb. I don't know which specific Lenovo you got at but the Thinkbook 14 weighs 3.3lb.
That said, I did pick a 13" Lenovo Intel i7 about 5 years ago when I was looking for a laptop for my other daughter. That laptop is still going strong. It did die about a year after I bought it but was repaired under warranty (still a quality question though). But I think today Apple has pulled ahead and the prices on the m2 these days are good.
I've never had a good experience with Linux on laptops. The hardware support always seemed iffy. Power management also iffy. But I have to admit I haven't tried in a long while.
To put things bluntly, literally every classmate in law school using an Apple laptop had to get their laptop replace at least once due to the failure of the device caused by normal usage. My understanding from younger relatives is the same.
That HP hybrid? That was my laptop in law school. It still works, and it's great for drawing (though not as good as my Surface).
Their CPU fans fall apart. They tend to overheat. The hinge breaks- plastic. The display and audio quality is worse.
Apple laptops circa that era were notorious for heat issues, weak plastic, and poor displays. Their sound quality wasn't much better than a cheap PC laptop, unless you shelled out for a top-of-the line MBP..and of course a $2500+ laptop is going to be better than a $500 laptop.
Software support also sucks. At some point newer versions of Windows just don't have good support, the webcam from example doesn't work in modern Windows.
This is objectively false. I can still run software, and use hardware, from the 80s on my Windows 11 desktop. You can't even run 5-year old software on an Apple because Apple broke compatibility.
while the Mac kept going and running most new software.
This is objectively false. Older Macs can't runner new Apple OS software.
My 2013 MBP is running Big Sur latest release September 11, 2023. But yes, you can't upgrade past that. All the hardware and software works just fine.
My web cam on the T410 doesn't work under the Windows version it's running and hasn't worked for many years (and I've had a few of those, it's not just one bad hardware).
EDIT: The variability of hardware on Windows laptops is just so much larger. There's so many different motherboards, so many different peripherals, so many different GPUs. There's no way Microsoft is testing against all permutations of laptops from more than 10 years ago with their native drivers. Lenovo doesn't have modern drivers for the T410 either and I doubt other laptop companies release new drivers for their old laptops. I've owned and used for work many Windows laptops from various vendors. I've had 3 T410s I inherited and I spent a lot of time trying to keep them going including cannibalizing some of them for parts.
My web cam on the T410 doesn't work under the Windows version it's running and hasn't worked for many years
The T410 works in Windows 11, so if it's not working for you, it's a simple driver update.
But on the note of Apple just working, there is an entire frontpage thread about how Apple isn't "just working" for thousands of people whose Apple IDs have been locked out. And The Verge currently has a front-page post about their Apple editor discovering that Apple doesn't just work and in fact has quite piss-poor speakers (https://www.theverge.com/24139303/mac-mini-laptops-desktops).
I'm just about to retire my last of 3 T410s (its hinge is broken and it tends to freeze from overheating. I replaced the cpu fan on it 2 years ago). I tried all sorts of drivers. Some just don't work. Some work for like 10 minutes and stop working. Windows 11. Maybe there is some magical driver somewhere. Are you guessing or do you have a T410 with Windows 11 and you use the webcam regularly?
Yeah, I saw the Apple ID thread today. I thought Apple ID was optional. (e.g. I don't have an Apple ID for the MBP I'm using right now).
The article you linked to says: "My M2 Air had great speakers." It's the Mac Mini (not a laptop) that has poor speakers. Can't comment on that one.
EDIT: A by the way there is that I believe a T410 can actually have different components, i.e. some might have a camera from one vendor while others have a camera from another.
I’ve been an Apple user since the Core 2 Duo laptops. So something like 20 years. I’ve owned countless laptops, every other iPhone since launch, two iPads, two watches (a first gen and last year’s), two HomePods, a pair of AirPods Pro and Max, a Time Capsule, two Apple TVs, and… lord knows I’m missing multiple somethings.
The only time I’ve had to use support is when I’ve broken an iPhone screen to have it replaced.
My experience goes back to the early ‘90s. I’ll admit an intense hatred then and the occasional support call, but that was mainly because I was a network engineer in a publishing company and AppleTalk was a chatty POS protocol. Since maybe ‘00s managing many, many apple devices (not just my own), I’d bet I can count on both hands with a finger or two left over that I needed to call support. Personally, I have only used Apple devices since 2009 and have only engaged support on an Apple Watch back in 2019, which was my own damn fault for smacking it into a wall and swimming a mile right after bricking it.
After so many laptops, purchasing a new laptop is starts to feel like purchasing the death of a laptop.
I have used lots of HPs, Dells, Lenovos. They do last, until they don't and you have to reinstall everything from scratch because the hardware is different.
I did run mine pretty hard, and my HPs, Lenovos and Dells did go into warranty pretty regularly. I never saw it as purchasing a laptop as much as purchasing the guarantee of a laptop.
Apple got me because it would reasonably copy one laptop onto the next.
Apple used to make their devices to be too thin, and they could not thermally handle themselves. Especially 2017-2019 Macbook pros. Before then, most were pretty reliable. Hoping the new ones are.
I hope you can see that what you wrote can’t possibly be true.
Surface people, HP people, or Thinkpad people have all had to contact support at times as well. Is it more or is it less than Apple, is the question (and isn’t answered)
Every Apple user I know has had to contact Apple support due to an issue with their Apple device. Even the guy in this thread who claims never to have dealt with Apple support before had a comment in another Apple thread talking about their experience with Apple support. It was apparently great, but that's the problem. Apple service is great because almost every Apple user will have to interact with it because of a problem with their device.
HP, Surface, and Lenovo support can suck because so few people need to contact support for issues with their devices that it's not important to those companies to focus on support.
> Most people, myself included, can't tell you what Dell or HP support is like because we've never had to use them. But every Apple user knows what Apple support is like, because every Apple user has had to use them.
That is such an absurd statement. You’re even italicising “every” (twice!) as if you’re really convinced it is true.
Hate is severely blinding you to reason. They’re just consumer electronics brands, they’re not eating your children. Calm down and think for a moment about your assertion. Maybe talk to some people outside of your circle.
Dude Samsung can last a ton if you treat them normally, you are just confirming what OP was saying. One random example - I saw SGS II working 12 years with same battery, flawlessly. I am not even going into phones comparison, enough folks around who are not happy or migrating back to Androids for various reasons.
As for laptops I guess you are joking, I've yet to meet a single big corporation in Europe where macbooks are even allowed on premises, unless its some web app testing team or similar.
Some folks live in great echo chambers, I agree this site is a massive one for Apple. That's a simple fact, comments here confirm this. Which is fine on its own, but its not balanced truth you often find here.
Linux fan but hard pass on this. Apple's ecosystem integration across their devices (I have Apple Watch, an M1, an iPhone 15 Pro Max, a couple Apple TV's etc.) is unparalleled. And the iPhone camera is excellent for documenting my rapidly-growing, almost 3 year old kid. Also, Livephotos kick ass. Every single Android phone I've used is annoying AF and I hate having to fix issues with them when I'm at my in-laws' house (her dad insists on them for... some irrational reason).
Of course, I do sync my entire photo library with both Google (preserves the Livephotos) and Amazon (does not preserve livephotos), because I once lost an entire photo library due to a fuckup combined with an Apple bug. And I use non-Apple services for music and video.
Maybe just don't put all your eggs in one basket to the extent you can.
Sounds like the same shtick I heard from Windows 8 apologists in the past. "Yes, yes, Microsoft is a ghoulish company; but look at how my laptop connects to my Xbox!"
Apple's whole premium marketing shtick feels gone. Not only has the halo-effect worn off now that everyone owns an iPhone, but they're portioning up their own operating system to endless service integration and nonsense software offerings. Who the hell is paying for Apple Arcade? What about Apple Music Voice? Does anyone still pay for Apple Fitness+ without having forgot to unsubscribe? The whole thing reeks of Microsoft trying to market Groove Music and Onedrive to an audience of confused senior citizens and barely-literate pre-teen gamers.
Their hardware revenue is threatened, their software revenue is headed towards the toilet, and their latest product category is a non-starter. If you aren't preparing to see the worst of what Apple is capable of, I advise you get ready (and perhaps an alternative smartphone you feel comfortable using).
I can’t hear you over the 140 photos of my son I am airdropping to my sister at full resolution and way faster than they would be made available to her in any other fashion
But again, I am a Linux fan (NixOS actually), despite it sucking ass in the user department
As a counterpoint, I have 4 macs notebooks, 1 dating back to 2011 and they all still work, well the 2011 has to stay plugged in because the battery is basically useless at this point but it makes a not too bad NAS with linux running on it.
I bought an iPhone a couple of days ago, and was planning on using the weekend to finally migrate from my old Android phone. Luckily, I haven't even opened the box so I should be able to return it for a full refund. No way I'm spending over $1000 for this kind of experience.
Black swan events can happen to you. Recently I traveled to a European country from my base (Middle East). I normally take my phone and laptop with me and they are synced. I forgot the laptop charger and could not get one locally not at least for about a week and then dropped my phone and it got damaged. I bought another phone (Adroid) and tried to log in to by google accounts. It recognized the email and the pswd but then wanted verification from the original device! Despite having the original sim in the new phone.
On my return everything went smoothly through my laptop. Scary though.
My conclusion - have two physical phones + laptop all synced, plus hardcopy of important pswds etc.
Data is easier to protect by offline and online back-ups, but your online identity is hard.
> My conclusion: Eliminate what little remaining usages of their services I have.
This. I never used the Apple's Cloud offerings to backup things - and I stopped using any Apple devices since the BatteryGate. I semi-degooglify my Android(s), and never use the "Google-*" (contacts, calendar, etc.). I block them with NoRoot Firewall and disable them, and use other apps for those services. I sync with my Oulook (2013) and my backup is with Carbonite. I do have to jump through a couple of hoops, but considering that I don't live under the threat of 'death' by Apple or Google to hold me hostage with my data/etc, the little effort is well worth it.
Exactly. I recently had the same experience of being locked out when I lost my old device and had no recourse. My conclusion was the same and I've stopped relying on all Google services except Gmail.
Well, if you used Google 2FA, the Authy app exists, and allows you to securely store 2FA in the cloud (as long as you remember your Authy credentials).
If you don't, then yes, your physical phone essentially becomes a dongle and if you lose it, you're screwed. Perhaps they don't educate users enough about this, but that's the fact
Don't bind your online identity to Apple or Google or Microsoft, in particular not the email addresses you use for accounts. That at least limits the damage they can do.
Fundamentally it's going to be be bound to someone though. If you run your own domain to host your main email address, you're now bound to the registrar's login to manage that domain name, and also the cloud provider you're using to host the mail services (unless you run that off a machine you have physical access to).
Sure, but I'd much rather be bound to a domain registrar, where I'm paying them for a small, well-defined, self-contained service, where I have recourse if they do someone shady to me.
For Google/Apple/etc., I'm either not paying them at all (in which case they have very little incentive to help me off someone goes wrong), or I am, but for a basket of services. The identity portion of those services is probably not what that company is focusing on providing, and any weirdness with any other service in that basket could cause me to lose my access to the identity bits, often without recourse.
Yes, but you can choose a medium-sized, established registrar with a functioning human support desk, where you are the customer instead of the product driving hyperscale ad revenue. The hosting provider is not an issue, because you can switch very quickly to a different one if needed, and only have to change your DNS entry at the registrar, or whatever you use as your nameservers. Depending on your country’s jurisdiction, you also may have some legal rights to the domains you acquire under the country TLD and are not exclusively at the mercy of the registrar.
You're missing my point that you're still beholden to the domain name registrar that manages your domain name on your behalf. That account getting permanently locked out will have all the same bad consequences for your online life as your Google account getting locked out.
And keep in mind that being a domain name registrar is a low margin business (typically they're only grossing a few bucks per domain per year, before accounting for any other expenses like staffing and systems), so you're not gonna get great support.
My understandingis is that legally you own the domain and the registrar is only managing it on your behalf and they are required to transfer it to another registrar if they terminate you as a customer. As recently happened for russian users on namecheap for example.
This. My TOTP 2FA for Namecheap just stopped working one day, despite nothing changing. I was totally locked out. I got lucky and their support was helpful and we reset it after a few hours, but it made me realize that there is no way to be 100% safe.
(My Google account is dead even though I have the username, password and recovery email which forwards to me since I don't have the phone number)
At some level, every business has incentives to minimize what they provide you vs what you provide them. But even low margin businesses where you’re the customer are more likely to have incentives and structures built around paying attention to you than low margin per user businesses where users aren’t the customer but part of the product.
I host my own email service and several times have had the registrars get sold and once sold and then the purchasing registry discontinued the registry service, or maybe the secondary DNS. They generally have support that at least understands how DNS works, which I find surprisingly rare among tech folks.
However the big problem is I am frequently banned from emailing gmail or office365. Never Apple for some reason. So I can read email but I can’t that well send it. But I don’t really care much, mostly people have to tell me out of band to check my email if they have sent me email. My email sessions are mostly a review of current spam practices and questionable emails from firms I have done business with.
Registrars are beholden to the registry and ultimately to ICANN rules (for classic TLDs at least. They can't just fuck you over whenever they feel like in the same way that Google/Microsoft/Apple can with their services.
Some failure states are unique to people who exist in these weird edge-case states though. Like the person who had their luggage stolen, the person registered the laptop to their own account, then returned it still paired. And apple wouldn’t un-pair it from Find My even with a police report documenting it all, therefore it’s bricked.
(And to be fair to apple here - they didn’t do anything wrong here, strong end-to-end security inherently means allowing these states. Otherwise the cops could order apple to unlock it too, and apple wouldn’t have a moral ground to object if they’re regularly performing the task in other circumstances. Otherwise people could social-engineer apple support to unlock a stolen device, or their partners. To a certain mindset, google and apple not having any real support is a strength because there’s no way to social-engineer your way past the actual security. But people want both the idea of E2E security and the convenience of being able to remotely un-register a laptop from someone else's account...)
Anyway, that failure mode wouldn’t exist if they were logged in to their account, and e2e encryption makes that a very low-risk thing overall.
Apple can’t see where to it devices are anyway, without doing a song-and-dance to authorize the session on a pre-authed device. Airtags and iphones have a rolling hardware identifier for bluetooth and wifi based on a cryptographically strong pseudorandom sequence, and apple can't correlate the identifiers back to an actual device without a pre-authed device relaying the sequence from your account. Etc etc.
Apple have actually done the legwork to make sure they can't see anything (or be forced to reveal anything) if you don't want them to (by enabling E2E), and that actually does drive a lot of "user-unfriendly decisions". And sure, android people will say "that's awfully convenient", but, the end state is still a lot stronger than any other major offering regardless of why you think they're doing it.
Buying a domain is not difficult, nor is configuring it with a mail service like Fastmail. Yes, it’s slightly more involved than signing up at GMail, but it’s less complicated than doing your taxes (YMMV). The more people do it, the more helpful resources and service would appear for it. The problem is most people don’t care until they get unlucky and their account gets cancelled for inscrutable reasons. It would be better to have regulation that protects users.
The risk of an average person forgetting to update their credit card details and irrecoverably losing a personal domain is almost certainly thousands of times higher than them being accidentally and permanently locked out of a Google or iCloud account.
Where I live, the most common payment method for such services is direct debit from your bank account, where the details never change unless you switch banks; and in the rare event that you switch, you can make use of a service that banks are legally required to provide for transferring debit mandates to the new account. I bought my first domain about twenty years ago and never had to change anything regarding payment.
A lot of people live paycheck to paycheck. I’d wager even more people on average would lose their domains with this approach either by forgetting to or being unable to put the necessary funds in their account, and having the payment declined.
Losing your entire online identity because you didn’t pay on time is an absolute show stopper for an enormous number of people.
Most people are not tech people. They do not know or car, or even care to know, about the details and importance of maintaining and protecting an online identity. They won’t remember to update payment details until things start failing. They won’t check their email frequently enough to notice before this happens. They will ignore text messages, either assuming they’re scams, spam, or unimportant.
You’re in the US, presumably? Is it really that common there for people to overdraw their account to the extent that direct debit in the $10 range would fail? That would be a very rare occurrence here. And you wouldn’t immediately lose your domain just because the payment failed once. It would be a much longer process.
People also have a mobile phone number with a plan they have to pay for. I don’t see why a domain should be any different, and it isn’t actually that different in my country.
5% of American households have no bank account at all - either because fees are too high or because they have cashed bad checks or failed to pay bank fees in the past and are now refused an account.
Another 25% had their bank balance go below zero in the past year. And that number is worse than it sounds, because it doesn't include people who have selected to have transactions fail instead of put their balance below zero.
https://www.consumerfinance.gov/data-research/research-repor...
In the current state, the majority will need some help, similar to how they need some help when something goes wrong with their laptop. But as I said, if this would become a more widespread practice, more services would become available that make it easy and that help in case of trouble.
The biggest impediment is probably that most people aren’t willing to pay (say) $10 per month for a domain and email hosting like they do for streaming services, because they’re used to email being free. So they remain at the mercy of the big providers.
But I can at least encourage the HN crowd here to move to independent services and to use their own domain.
You’re first two sentences prove my point that this is not adoptable by most. Cell phones are ubiquitous and permeated all tiers of society. Hosting your own domain and email isn’t. I get the limitations but my point was that this isn’t practical by most for technical reasons. Ignoring the financial challenges of convincing people to spend money on something that has been free for their entire life.
You can use your own domain with Google at least, and I’m guessing Microsoft as well. It could be a good middle ground where you control your email and just let google,etc use it for the time being. It looks just like gmail but you can always get out if you have to.
I'm thinking of Microsoft Accounts on PCs and how you need to know how to jump through hoops to avoid them at OOBE. And about how this is about AppleIDs and losing them - it's my understanding that Apple is less aggressive about AppleIDs than Microsoft is about Microsoft accounts, but also, TFA. Google has similar levels of fuckery especially if you're on Chromebooks but Google's sin is nonexistent customer support. I wouldn't want my most important email address to be tied to any of these three, although I speak as a gmail-using hypocrite who plans to change that soon.
The thing that really bugs me about Google is you can make an account tied to an unrelated domain, but then they don't let you use that for a lot of things, so you're forced into a gmail account.
iTunes didn't even allow you to add your own album art. To do so you had to be signed in with Apple ID, so Apple could look up the album details on the iTunes store and set the image that way.
This was in 2008, so the software ecosystem lock-in strategy was already well-established back then.
> You're seriously doubling down on your ignorance instead of just admitting that you were wrong?
From the guidelines:
> Be kind. Don't be snarky. Converse curiously; don't cross-examine. Edit out swipes.
> When disagreeing, please reply to the argument instead of calling names. "That is idiotic; 1 + 1 is 2, not 3" can be shortened to "1 + 1 is 2, not 3."
> Please don't fulminate. Please don't sneer, including at the rest of the community.
I don't really care one way or the other if iTunes let people set custom album covers back in the day. That first comment by OP just stuck out like a sore thumb. The guidelines are there because they make HN nicer to participate in.
Or, keep a set of single-use backup codes for 2FA. Google offers this[1], though I don't know if Apple does or not.
Storing them seems problematic, but it really isn't: They're just random-looking 8-digit numbers and nobody but you needs to know that they belong to your Google account.
Or, KISS. If you're happy with the idea that the SIM card controls the key to the castle, as it seems that you are, then: Put a backup code in a contact in your SIM card. (It is kind of a lost art these days, but SIM cards are still data storage devices here in 2024.)
> It recognized the email and the pswd but then wanted verification from the original device!
Did you have 2fa enabled by any chance? I have 2fa via TOTP on my accounts and while they offer using a signed in phone as a verification option, using TOTP was always an option, and I was never locked out of my account.
>Despite having the original sim in the new phone.
That would only help if google had some way of tying the installed sim to your account. Given the privacy implications and the technical difficulties, I wouldn't be outraged at the fact it didn't take your sim into consideration.
Are you talking about a prompt like this[1]? If so, there should be a poorly named "more options" or "don't have your phone?" link that gives you the option to enter your TOTP code instead.
> My conclusion - have two physical phones + laptop all synced, plus hardcopy of important pswds etc.
And then say, Meta decides to ask for login verification on your other device, and you lose that account because you always logged to it through a browswer in private mode, so no device actually has an active session. Happened to my wife the other day.
IT "Security" is reaching new heights of being bullshit. You can't win, and asking people to buy multiple devices and keep them continuously in sync is a bit much, and not even a guarantee of safety anyway, as next week Google or Amazon will hit you with some next weird trap to keep you "sekhure".
I can easily imagine an AI algorithm noticing a user has two phones, and deciding that is out of the ordinary and suspicious, and locking you out of both.
>IT "Security" is reaching new heights of being bullshit. You can't win, and asking people to buy multiple devices and keep them continuously in sync is a bit much
You likely don't need to buy multiple devices. I log in from random countries/VPNs all the time and never have issues, but I do have 2fa enabled. If your account only has a password and there was a suspicious sign in attempt, it's reasonable for them to ask for additional verification somehow because you could be a victim of a credential stuffing attack. It's hard for companies to win here. Either people complain about their accounts getting randomly locked because they were on vacation in Romania and tried signing in on a new device, or the companies get grilled by the media for "failing to proactively protect their users' data" or whatever.
I would agree with you if there actually was anything different in a suspicious way about those logins. There weren't. Same devices, same ISP, same browsers, not even an OS update in between. Just one day, few days ago, out of the blue, Facebook decided to pop up a conformation request, offering no alternative to confirming from "another device", and that's with them knowing (or at least having that information available) that there are no live sessions of that account (the whole browser in private mode thing).
Maybe the companies can't win, but they also have themselves to blame. They shouldn't have convinced people to entrust their only copies of data with them. Your vacation photos should not depend on someone's cloud platform. Half of your entire offline life shouldn't depend on Google not randomly locking you out of GMail. But here we are, and I'll keep calling those "security updates" bullshit because they don't care about long tail, and they don't care about hazards they create for most of their users.
My experience with Meta is it is just a PII fishing expedition masquerading as a security check.
I abandoned my facebook account when they asked for my driver's license scan, a few weeks later suddenly they didn't need it after all. My BIL recently wanted me to check sout omething he had setup on facebook and I found I could "login" by clicking one of the "what are people doing" spam emails they send. I've never used it on this PC before and have no idea what the password even is anymore. Super secure.
> and that's with them knowing (or at least having that information available) that there are no live sessions of that account (the whole browser in private mode thing).
Unless you explicitly logged out, they likely to see the opposite picture, i.e. numerous "valid" sessions (as opposed to active) that haven't been used for varying lengths of time because you logged in, but from their perspective, you never logged out. You just cleared your cookies which means the session is still "valid", even if it's inaccessible to you because the session cookies have been cleared from your device.
I don't know if they take any of this into account but as you've pointed out, assuming that the rightful owner of the account must have access to a different session is a huge assumption to make.
4 - Discover that those backup codes are useless because the service provider will refuse to acknowledge them when you travel.
The fact that we are stuck with a pair of global apathetic undemocratic identity providers is absurd. And one of the reasons why that "shattered dream of passkeys" is on the front page. At least that dream got shattered, it would be worse if it went through.
This is standard Google behavior. Logging into Google on any new device always asks me to confirm it on one of the other devices that are logged in (i.e. phones, tablets). Suppose it's some kind of 2FA.
I understand the security concept of it. Luckily my trip was short. As I also use wechat to communicate with some Chinese friends, my experience was different. First it send me an OTP on the new phone, then asked for two friends to send a number to the phone. Luckily I had the phone number of one and I managed to restore and to be honest having humans in the pipeline was a plus. Negative this had to be done over 5 minutes otherwise you back to square one.
In case one phone doesn't work or is lost or stolen or broken, I guess. Plus buying a second phone is great for the economy!
Society was collectively sold this deal where if you entrust everything to a trillion-dollar company, you'll be treated well and this sort of thing wouldn't happen. Yet it appears to be happening, and the trillion-dollar company that has the resources to deal with this so far isn't being very helpful, and it's falling to the consumer to take insane amounts of proactive measures to not have their digital lives fucked up when the exact deal was that you wouldn't have to, but of course now the party line will be "well you were obviously stupid to believe the trillion-dollar company's trillion-dollar marketing, then."
And I'm annoyed as one of the people who did not buy into it.
Even more damaging is the lie that modern tech continues to sell people: that they're too stupid to use computing technology, and all the restrictions of the platform (relative to real computers) are actually for their benefit and not the corporation's.
And, almost everything is a "computer" nowadays, from your phone to your car to your refrigerator, but only the OG computer is even remotely "fixable" to the average consumer. All the others, you're hamstrung and forced to go through official channels for subpar, marked-up service because if you try to do anything yourself they'll brick your device and maybe sue you for good measure.
I think the modern definition of computer is something with a screen and keyboard. While you’re right that almost everything has a chip in it, calling your fridge a computer is disingenuous.
> Why do you need more than a single phone plus a hardcopy of your Google recovery codes
Because, as I can tell from a similar experience to GP's, they also won't save you if the authentication infrastructure decides you're not who you say you are.
Google has done the exact same thing in the past, deleting Google accounts without warning (which is arguably worse because not only can you not access your phone backups but your email, calendar, drive, etc. is gone too).
Companies that wrongfully ban or delete email or phone accounts need to be civilly liable and this civil liability needs to supersede any arbitration agreement or terms of service agreement.
An Apple or Google account is far too important to people's lives to let them hide behind the "we're a private company and can do whatever we want" canard. They do need to have the right to ban spammers or people using YouTube or Drive to infringe copyrights but just randomly shutting off somebody's email or somebody's ability to make video calls should be against the law. The same would also apply to a text chat company like Slack or Discord banning somebody's work account for no reason. Certain tech companies have government-like levels of power over people's lives so they need to be restricted in how they can treat users like the government is restricted in how it can treat citizens.
Yeah, and to stress the point: this is not "can't send vacation pictures to my grandma" bad, this is "might lose my company/my job and my house" bad, as everything else in life treats one's email (and increasingly, app 2FA) as infallible backup.
Interesting, is that in the US? I’ve never heard of that being required by law in the UK. I think it’s just an Apple thing here. I mean we obviously have laws about refunds etc but I don’t think we have any law saying you can open any product and start using it and then return it even if you have no complaint with it.
There is no uniform law. In the EU most countries have this type of laws but they all vary in the duration and scope. In the US is more or less similar as it varies by state and many don't have any laws regarding this.
But even the more permissive laws have many exceptions, like not applying to perishable goods, underwear, lipstick, etc. and it's heavily tilted for unused products or very light us that doesn't affect the value of the product when re-sold.
When the product doesn't work like in the case of this Apple situation, it's not even a question. As long as the hardware is not damaged and everything is return, "the law" completely sides with the consumer.
One in a thousand wouldn't yield anything. Because it's such an unusual experience (just a few of these happening around the same time would create a news cycle), one in ten million is probably closer since there are around a billion active Apple accounts.
That's similar to the odds of dying in a non-Boeing plane ride. Even if the odds were one in a million, that's about the odds of being struck by lightning over a lifetime.
I'd think someone returning a phone over this was regretting the switch for other reasons. It's fine to keep using Android.
This is a reasonable point of view I guess. But there's not really a reliable way for the consumer to get the real probability. If it happened to me, it's likely enough to consider. Maybe there's a hidden variable about my usage pattern that makes it more likely. Since it's totally opaque, there's no way to know.
Sure, if actually happens to someone, they're rightfully not risking it again. If for no other reason, it'd be likely that a fresh account would be detected and associated with the old one. Plus, whatever unusual situation of yours triggered the ban, such as border crossing or how you route your Internet traffic, would probably still apply. (I'm not saying someone is doing the wrong thing if those things are the case for them.)
I’m curious, would you be willing to share the gist of the legal notice(s)? Even just broad strokes categorization of what they claim, perhaps…
- unauthorized access related to the lockouts and support requests you already described
- unauthorized activity related to something else you didn’t mention (even if unfounded)
- some other unrelated but specific violation of TOS or other cited rules (even if unfounded)
- zero additional information, perhaps reiterating some previous finding (even if unfounded)
I’m giving you the benefit of the doubt, but I agree with another commenter that it sounds like something is missing from your story. Details like these might help us understand how your experience fits the pattern of accounts in the article.
Something seems missing from your story. They banned you for downloading two apps, or was something else involved? Or you still have no idea why they banned you in the first place? Just curious.
I wish that were the case, but I've really just gotten the bare necessities in messaging apps, and called it a day. Didn't have time to set anything up that night.
They didn't tell me what was wrong, as supposedly the support is not allowed to disclose that. All they were repeating is that after a confirmation of which account it is, they will put in an unblock request. It's supposed to send you either a confirmation (which i got the first time), or a denial message. I never got a single one of the latter. A few calls later, the system prohibited putting any new requests in, with no option to override, "supposedly".
Of course there is much missing from his story, these tech corps keep the victims of their incompetence in the dark so not even the victims know the full story.
This happened to me yesterday although I was able to quickly unlock my account on my MacBook pro. I spent a while making sure it wasn't an attempt by a backdoor to access my password. Felt very suspicious!
> they just started sending me a legal notice instead
This is bizarre and fucked up even from Apple's standard. Did you get to know anything about it - what happened? Did those legal notices seem to be automated? Any inkling what could have triggered it (False alarm? And Apple is known to hide its incompetence in this manners)?
Can't be that hard to justify in some way for a filing. The industrials and big commercial guys do this all. the. time. I even bet there's bunches of SLA templates out there with the right litigious lingo to ease the filing.
Have you checked their terms and condition? There might be a clause that says - since you are using their devices you forfeit claim to your own backyard ;-)
Bought a brand new MacBook last year and set up a fresh iCloud account to go with it. Problem was for the First and Last Name I entered some variant of Unknown User / Unknown Account (for privacy..) and chose a username “[email protected]”. Everything was fine but 24 hours later, I could no longer sign into the account. It was saying my password was incorrect! I was 100% sure this password was right so wtf? In a panic, try to remove the account from my brand new device and can’t! You have to sign in normally to remove an account in settings. Obviously I called Apple support and a high quality American sounding woman took my call. She said my account appeared like it had been deleted, like when a user deletes their own account. She placed me on hold and found out what’s going on. Apparently “engineering” had my account DELETED. My only guess is they didn’t like my user name / mailbox name and suspected I was a fake person. Anyways the lady was able to get my account temporarily reinstated right there on the spot and I was able to login and delete that toxic account off my Mac. I made a new account and everything’s working fine. Needless to say I was very impressed with how they handled my situation, within 20 mins no less.
Wrong. That description was meant to provide context to the story. Vs the alternative: getting some foreign oversees call center agent who doesn’t speak English as a first language and doesn’t truly care about my account, as many companies use. When I said quality, I meant professional and helpful at the same time as an employee. Her being female was of no consequence and that’s your own projection.
I was impressed simply by the timely resolution of their engineering issue.
No I wasn’t impressed by that part Lol it actually terrified me badly because the Mac is still the single most important tech item I own, imagine if it was a $1600 Googlebook and locked on a brand new Google account. Who do you call? Anyways I accept partial fault for registering a sketchy mailbox name and using a name such as Unknown Name. But then again, perhaps it’s possible for a legal person to have that name so theoretically it could be legitimate. Not sure if any jurisdiction would allow a person to make their name that.
I was thinking about something related yesterday.
It is amazing how big "Internet Silos"
Google, Facebook, etc provide close to no
customer support services and that we "users" have
accepted this.
Getting cut off from one of these places can have a
huge impact on people.
They happen without warning and often without explanation.
I think they ought to be forced to be more open around
the process and how to get help in general.
For Apple I have usually managed to get a hold of some support.
Often not helpful but at least somebody.
With Google and Facebook I have never been able to find anyone.
Sameting that is demonstrated on this site frequently
when someone will post a plea for someone who knows people
at Google who they can't contact on their behalf.
Since they can't get hold of anyone themselves.
(Yes I am sure its covered in the EULA several times that
there is close to no support)
(For Google Workplace it is usually possible to get a hold of someone.)
> Google, Facebook, etc provide close to no customer support services and that we "users" have accepted this.
This is why I've always rejected the concept of vendor "ecosystems" and cloud-first SaaS solutions for my personal computing. I've also designed my life so it's not dependent on having uninterrupted access to Facebook or Gmail.
> I was thinking about something related yesterday. It is amazing how big "Internet Silos" Google, Facebook, etc provide close to no customer support services and that we "users" have accepted this.
That's because you aren't the "customer", you're the product. The people paying the bills for Google and Facebook are the actual customers.
With Apple it's supposed to work differently - the user is the customer.
That doesn't really make sense as I pay for GCP and Google Enterprise. They specifically refer to me as a customer and in a roundabout way I pay for their bills. Your statement, while a neat adage, doesn't reflect the complexity of it all.
Facebook is easy to get back in if you have several thousand to spend. There are plenty of insiders selling their services to get your account unlocked.
Google, not so much. I've yet to find someone to unlock my Google account, even though I've slowly been working my way through their phone and email directory. [it seems everyone has access to the internal phone/email directory? and people sure want to hand you off to someone else to fix your problem..]
These corporations are actively hostile to users and it's insane that anyone trusts or interacts with them.
Recently when setting up GrapheneOS (android OS distro), my login to google play services was delayed by 24 hours for 'security concerns', after authenticating via youtube app. (Try to go OSS? Here's a 24 hour ban).
It's funny because the forced youtube app authentication itself is not a security measure, it's a dark pattern to force the youtube app to be installed and opened. Logging in by phone or email quietly doesn't work anymore, the SSO messages never reach their destination. I find it hard to believe that this is not representative of google's perverse incentives.
The thing that scared me recently was two updates that gave me new encryption keys. At first I trusted apple and wrote down the new key. But I became suspicious after the second update and checked online. It seems like it's happening to others, so I used the recommended command-line tool to verify my new encryption key and it didn't verify. Apparently it works after disabling and enabling encryption, but
I'm just keeping it disabled for now.
This also spooked me. I’m a former security professional—there are few good reasons Apple should be doing this, and it smells of a targeted attack. If I had a zero-day exploit to steal your data, this is what it would look like.
In the other hand, if Apple suddenly found out that a good chunk of encrypted volumes weren’t actually encrypted / the key was recoverable by an offline attacker, this would also explain the facts.
But the lack of explanation from Apple is troubling.
Yeah, I’m one of the people affected by this and it has happened to me on multiple machines on multiple updates and I have no idea what’s happening. Of course the keys do not actually work like for everyone else, which is even worse from a consumer UX standpoint (if I didn’t knew better I’d just throw away the old key…)
It's on my todo list to backup and wipe that machine at some point. It's a desktop machine, not a laptop, and I don't save the recovery key to my iCloud, so I don't see how this could be a security threat. But something smells fishy.
Oh sorry, I would edit the comment but it's locked, I realize now it's not that clear. This is about FileVault encryption on Mac and the recovery key. I think the command was `fdesetup validaterecovery`.
I'm not him, but for me it was MacOS. After the update was installed and the system rebooted it presented a dialog asking if I wanted to be able to use iCloud for recovery if I forgot my Mac login password. I let it set that up.
Afterwards I wondered if it was just storing the recovery key I already had in iCloud or if it had generated a new recovery key and my saved one was invalid.
I checked my recovery key ("sudo fdesetup validaterecovery") and it was no longer valid. A bit of Googling failed to turn up a way to get a copy of the recovery key that was in iCloud, and I decided I'd rather have a recovery key I store myself in case I need to recover when I cannot get online so I switched it back.
Switching back is easy. You just turn off FileVault, then turn it back on and choose to manage the new recovery key yourself.
On the first update when it showed me the message, I trusted it and wrote down the new key and threw the original piece of paper into the trash. Then the second time it showed up, I became suspicious and did a quick google search and then ran the command tool just to confirm that the new backup key validates, but it didn't. My hunch is that it was still using the original key I had set up myself, but I couldn't confirm since I had tossed it.
Oh wow, thanks for the heads up! Turns out my recovery key was also invalid... That's something Apple really should have notified people about. These kinds of slip ups without notifying users is terrible.
Only tangentially related, but I have been trying to enroll for Apple's developer program for almost 3 months now.
Understanding what the problem is is essentially impossible. Going to a physical store doesn't help, calling their customer service has them telling you to go to www.apple.com/support (???), and writing for support has them rotate you through 4 different, and decreasingly useful, representatives.
The last response I got I was told the issue had to be handled by yet a different representative and it would take an "indefinite amount of time". Which may be a nice way of them saying it's never going to happen.
It really is demoralizing when you realize there is nothing you can do really, even in cases when you have done nothing wrong.
A friend and I spent a month or so building an iOS app we were hoping to release and monetize, but we're also entirely unable to get a developer account created. Corporate entity, DUNS number, American, extremely boring people, and just a generic "Error creating developer account" on the signup form. Apple's support was hopeless in helping.
We gave up and re-built it as a web app. The thing that convinced me was the realization: When was the last time you installed/used a non-game App on the app store that, by your assessment, has less than 1 million users? I looked down my list of installed apps and realized that indie apps are kinda dead anyway. And our web app has been pretty successful.
Just curious, with the web app, how has the experience been for your Apple users vis a vis the Androids? Are you seeing some reduction in expected footfall because of your web app decision?
I had similar issues, and I wish I could remember what solved it. It was something stupidly dumb like I had to log out and log back in on my phone or something. There have a couple of different edge case bugs that prevent people from signing up, and Apple customer support is useless on this.
Same here. It was something trivial with the form that I fussed around with until it worked, or maybe I didn't have iCloud enabled at all and the form didn't alert me about it.
I've had a similar problem trying to renew my Apple developer account. Had it for over 10 years. I had an email a few weeks ago telling me it could not automatically renew (same bank details that worked fine last year). Nothing I could do on their website would make it work. I got hold of someone on their online chat who directed me to the Apple developer forums.
I gave up in the end. But I will have to sort it out before I can release the Mac version of my current project.
That's a funny take. I guess Apple is going to pay my sick leave, then? Buy me the hardware I need to do my "work for them"? No? Weird, guess I'm not working for them at all in any way.
No, you're right, it's actually worse than if you worked for them. Lmao. Really the worst of all worlds. You're dead in the water with out their platform, without their grace, or with all of those things, but their incompetent auth platform.
You could reframe that easily by saying that without Apple making the hardware and services exist, there would be nothing to run your app on. It’s a symbiotic relationship: devs need Apple and Apple needs devs.
I'm not sure what your point is, but I 100% agree with you. Apple is awful, and you have to be downright masochistic to develop for their platforms. Thinking you're their employee when you develop for their platform is laughable.
This requires a Dun & Bradstreet DUNS ID number, which isn’t the most difficult thing in the world to obtain, but also isn’t trivial, especially if you don’t actually have any formal business documents.
Yeah, can say from recent experience this just adds _more_ steps and opportunities to ghost for a couple weeks, get another vague email, ghost for a couple weeks...took me about 3 months to get it all going.
The DUNS stuff was pretty funny. All flows related to getting an ID have a big "Are you doing Apple dev stuff?" button. It's like Apple outsourced support to them. Apple's DUNS lookup tool saw my business and the correct DUNS number, but trying to register with it got an error...eventually dissipated after a couple weeks. Same story for registering an account in the first place: it refused to register [email protected], where tld is a Google Workspace account, with no discernable error. Again, dissipated after 3 weeks, thankfully.
Been locked for almost 3 months between November 2022 and January 2023.
Apple is crazy. My iPad with the authenticator broke, and even though I filled endless forms, verified emails and phone number they just keep sending me emails I was gonna be called by support at a date 3 weeks away.
Got no call, restarted the procedure. Got called in January, and it was an automatic voicemail or something..
I literally couldn't use my work machine (had a backup desktop to use).
Needless to say, except for the MBP I sadly need for work I'm not giving apple a dime for my life.
With risk of being spammy, this is probably the most relevant discussion I've seen so far on HN w.r.t my experience of being locked out from my Apple ID.
I hope legislation will force Apple to step up and be more transparent / helpful.
In hindsight, yes that was a bad move (especially considering that my work laptop is still locked to my banned ID…)
As an Apple noob at the time, I assumed that if my MDM-managed device prompted me to log in with my Apple ID, that it of course would be an allowed action.
With regards to data being shared, the only thing I noticed was wifi passwords and peripherals pairing (apple keyboard).
This is why I don't sign in or enable 'find my' on any of my devices. Apple even has a backdoor which bypasses the encryption, allowing them to wipe a device in store.
Logging in takes control of your device out of your hands.
You don't have a requirement to have an email account to login to Windows. MS is pushing it hard, (deceptive trend in big software) but the user can still push back.
I don't know if its still true today, but last time I setup a macOS machine (2020), it didn't require, but pushed, an Apple ID. My Pixel phone I setup this February also didn't require, but pushed, a Google account. I think iOS did require an AppleID, though.
macOS doesn't require Apple ID, although you wouldn't be able to use the app store without it (but pretty much everything worth installing is available as direct downloads anyway). This is similar to the current state of affairs with Win11, except that the latter very aggressively pushes you to use your online email/password as Windows login, whereas macOS insists on having a local account even if you do also set up Apple ID.
Don’t want to sound like I’m victim blaming the author. But I can tell you exactly the issue with their account: registering with an email on a self hosted .xyz domain. Using sketchy tld’s is just asking for this kind of trouble.
Nothing sketchy about self hosting your email. Sure, that is what the big tech cartel wants you to think so you're forced to let them handle your correspondence "for your own safety". Don't believe their lies.
Issue isn’t self hosting email, it’s self hosting it at .xyz.
They had one of the cheapest registration costs. And so ended up with a high concentration of spammers compared to older established tld’s like dot com. Using the tld for legitimate purposes is really challenging due to the high number of systems that flat out blacklist it.
Making assumptions on someone's right to communicate based on their choice of email domain is discrimination, and only serves to drive people to their walled gardens.
I'm not the one making assumptions, it's thousands of independent hosts, and all big tech orgs (including specifically Apple in this case) who are making that assumption. I didn't say the assumption was right, just that it's trivial to avoid falling afoul of it by choosing to use a different TLD.
I babysit a few corporate mailfilters and have more spam from .xyz than from all other TLDs combined. I dont block on that (most get disappeared due to 'new domain') but that's the cohort all .xyz pages are sharing.
xyz has been accomodating to scammers ever since its inception. After a decade I think we can say that it is on purpose.
You end up fighting an uphill battle against every third party that blacklists .xyz, It’s not worth the fight just to use a cute tld and save a few dollars on registration cost.
i also did this: created an email address that i use exclusively on apple. it actually wasn’t hard at all.
zero issues since.
> The problem stems from nefarious groups getting a hold of email addresses and running distributed dictionary attacks.
years back my email was leaked by a website that i never visited. apparently someone signed up using my email address and the website never verified the email.
in the meantime more and more people used the same email address [0] to signup everywhere (it’s not the same person, i checked).
Another tip is to run a custom domain for email that just serves to redirect mail to your real email address. It's is a handy way of keeping track of how and who has leaked your information.
For example I give custom email addresses to every service I sign up for, then I can see who they on-sold that information to, or if the email address turns up in database hack.
The only thing to be mindful about with this approach is to choose a service that gives you a fair bit of control over how to manage that incoming email. Such as being able to bounce or block specific email addresses including the use of wildcards, because I notice some hacking groups will try permutations based on the original email address.
Does account sign-in also ignore dots? If not, if sign-in is sensitive, there's a path to somewhat better safety: Start incrementally moving all daily email to variants containing added dot characters.
> The problem stems from nefarious groups getting a hold of email addresses and running distributed dictionary attacks.
I use [REDACTED] as a provider and I create an email address/account (if possible) per company/domain I interact with (e.g.: [email protected] or [email protected]). This produces two results:
1. No shared credentials across any space.
2. Any junk emails to these addresses immediately tells me who's sold it (or been hacked) and I delete the account[s] and relevant email aliases and get on with my day.
Some services, like Firefox, are starting to offer a form of "hide my email address" but this doesn't solve the problem of using <[email protected]> as the same login id across a lot of services. If that was dumped somewhere, it is probably a strong bet someone has used that as their login, elsewhere.
I don't know if there's another viable solution - but this reduction of possible login ids to one unique id per site is the only way I know how to (possibly) prevent myself from being an easy dictionary attack target.
Got a message on her phone (settings notification). She had to change her password through the settings app.
Called Apple just to check and they said they weren’t seeing any weird activity. That they did see the password was changed, but no weird login or attempted logins.
"As a tip: Do something completely unintuitive, annoying and also you had to have started doing this years ago, and maybe apple won't lock you out. Fingers crossed!"
In the app we have released, we use an email (we don’t care which one, as long as it can receive email) as the login ID.
The main reason is to limit the data we require be stored on the server.
We only have one required PID item: the login ID. The user also enters a display name, but that can be anything, and does not need to be unique.
Since we need the email anyway, we would need to have it stored separately, so this means only one PID item is stored. We also afford Sign in with Apple, which allows the user to obfuscate their email.
Not having the information is the best way to ensure it doesn’t leak.
It's not fully arbitrary, but one can make an Apple ID from any email address or phone number (i.e. you can use a hotmail address if you like), both approaches dodge the issue mentioned since they're not obviously apple accounts.
However the issue with using something like a gmail or hotmail account is that instead of targeting Apple's servers, they just target Google and Microsoft's instead.
The fact that your device can become a complete brick, because of an issue in their completely hands-off account management system, smells like a class action suit
reply