This is a very entertaining and educational article, giving insights into the methods used by thiefs to try and get access to your phone data.

I don’t like Apple but it’s great that their security is so good when it comes to this.

  • @[email protected]
    link
    fedilink
    English
    175 months ago

    Your post details how it isn’t possible for IT professionals to wipe a Mac without the consent of the owner’s account. How is that security theater?

    • @[email protected]
      link
      fedilink
      English
      11
      edit-2
      5 months ago

      You missed the part where I had to give my password to another human.

      Also, I wasn’t the owner, they are. Also, again, it makes zero sense to not allow me to sign it out remotely.

      Nothing is secure about a system designed so poorly you have to give out your password. That should never be needed.

      Not to mention, I never wanted or needed to sign in. I was just nagged to do so 100 times so I relented. Nothing about that means I own the device.

      • Fushuan [he/him]
        link
        fedilink
        English
        85 months ago

        I’m with you that you should be able to log out remotely, but this is more of a failure in the IT department. You should have been given a PC with the apple ID already introduced, with your company mail and some password. How would they even access your PC remotely for security udpwtes if they didn’t have access to your appeal id? Right, they didn’t. So they gave a computer they didn’t have remote access to, not properly configured, and then forced you to either move or give private information.

        • @[email protected]
          link
          fedilink
          English
          75 months ago

          You are absolutely incorrect. They had remote access and I watched them use it in various ways. When troubleshooting issues they would login and move my mouse and use a virtual keyboard. They could install software remotely on a schedule.

          Not sure why you’re under the impression that an apple account is required for remote management. There’s probably >5 different popular third party software solutions for that

          The apple sign in is an extraneous unneeded piece that once they annoy you into it, it then becomes considered a sign of ownership, which I never considered, because why would I?

          You are right that IT should’ve had a way of dealing with it better, but in their defense this may have been an anti-feature (asking a user to login to iCloud, a service they’ve never used once, is not a feature) added in an update, after they issued the laptop. It’s a small company, so I don’t fault them on it as much as the trillion dollar company with the goal of inflating their iCloud metrics by forcing users to login to it.

          • Fushuan [he/him]
            link
            fedilink
            English
            25 months ago

            Oh, I assumed that you would be forced to type your password or have enough rights to install stuff in a computer, be it in person or remotely, so I assumed that whatever 3rd party program they used required to have enough access, and that apple would use the apple id as a master password, given that it’s what is being used to lock down the device itself.

            Well, yet another issue with apple lol, why add a ownership id if it’s not even what gives root access. Lmao.

            • @[email protected]
              link
              fedilink
              English
              35 months ago

              Nah the iCloud crap is literally just another account. Up until the moment you login to it, then it silently ties the device to that account for “security” purposes. I kept emailing the IT guy back saying I don’t know what I can do, I can see a list of devices here and that laptop has been removed from it.

              After him asking me for help repeatedly I felt I had to just give up, give him the password on a slack call, then immediately reset it once he’d done what he needed.

              • Fushuan [he/him]
                link
                fedilink
                English
                35 months ago

                Apple issue then, quite the anti feature. In any case, I hope the IT team learns from it and they create a company ID or several company IDs so this doesn’t happen again haha.

        • @[email protected]
          link
          fedilink
          English
          45 months ago

          I don’t have the type of position where that would be needed or considered appropriate. Why should I need to anyhow? A lot of people are missing the point here. Logging into a service (especially one I didn’t want or need but was harassed into doing it) should not unexpectedly be considered proof of ownership.

          The scenario wasn’t that during os setup I was asked to login. And I wasn’t prompted with a warning that this could happen. What happened was every time I opened system settings for months it wanted me to login to iCloud and no matter how many times I refused it just kept asking.

          • @[email protected]
            link
            fedilink
            English
            115 months ago

            Nah - you’re complaining that you “were forced into handing your password to someone else” when there were at least six ways you could have avoided that:

            • you gone to the computer,
            • they send the computer to you,
            • you remote in to the computer,
            • you tell them “suck it, you should have blocked iCloud sign-in with MDM” or, as others mentioned,
            • you sign out before handing the computer back or, my favourite,
            • don’t sign in to personal accounts on work devices even if they bug you to.

            Finally, we release devices like this all the time through our ABM account. It takes 5 days maximum. Your IT team led you up the garden path.

            • @[email protected]
              link
              fedilink
              English
              55 months ago

              You are bending over backwards to justify absolute garbage practices. I am aware there were literally other ways around this. I was more referring to being forced into a situation where I’d even need to consider this.

              Yes, I shouldn’t have used my personal account… however I also should have never expected doing so to tell apple “I own this shit please make sure no one else can use it ever without my permission”. Logging into iCloud should mean “I want to use iCloud”, which btw I NEVER wanted to do. Every time I opened system settings the piece of shit insisted I login to it. That alone is a problem. But I’m sure you’ll justify that one too.

            • Natanael
              link
              fedilink
              English
              3
              edit-2
              5 months ago

              It was a small company, as he said elsewhere, negating your first 4 options, and the last two of blaming the user are equally stupid because Apple can fix this and doesn’t want to. Not everybody has an MDM tool which can set up ownership right for Apple devices - and they should not have to

              It’s shameful that you have a bunch of upvotes and he’s getting downvotes

      • @[email protected]
        link
        fedilink
        English
        25 months ago

        my account

        I wasn’t the owner

        You are the owner. For Apple, your IT department is the thief.

        • Natanael
          link
          fedilink
          English
          25 months ago

          You should finish reading the part where the company owned the device.

          • @[email protected]
            link
            fedilink
            English
            25 months ago

            The owner of the account owns the device. It’s a standard on all smartphones and tablets for the past 10 years.

    • Fushuan [he/him]
      link
      fedilink
      English
      45 months ago

      It’s more about the fact that they didn’t have a webpage in their apple account where they could remotely log out, and the IT department had the physical computer so they had to either move to the department or give the department their personal password, which is bogus. Being able to remotely log out of the computer doesn’t seem to be that big of an ask.

      I get thay the computer should remain locked if there’s no internet, but once the computer gain connectivity it should unlock if it was logged out in the user page.

      • @[email protected]
        link
        fedilink
        English
        25 months ago

        I see what you’re saying. I agree that users should be able to remove device locks remotely. You can with iPhones. Hopefully that moves to all devices.

        I still prefer this to not having the lock at all.

    • Natanael
      link
      fedilink
      English
      25 months ago

      IT was the owner and obviously consented to their own actions.

      You didn’t read the post.

      You pretty much MUST use paid mobile device management tools to set up and administer company owned Apple hardware, and those tools are notoriously annoying and often just bad

        • Natanael
          link
          fedilink
          English
          15 months ago

          Read again - for most other devices there are cheap and often some free administration tools that small businesses can use. And for many devices they can just reinstall them. But for Apple devices pretty much everything is expensive or very limited.