
In which Apple destroys my daughter’s iPad forever - ingve
https://ericasadun.com/2018/05/22/in-which-apple-destroys-my-daughters-ipad-forever/
======
cannam
Oh, this is a painful topic.

A couple of years ago my son forgot the (3-digit!) PIN for his iPod touch. He
tried various possibilities, with the device responding with increasingly long
lockouts between attempts, until it locked him out permanently. I'm not an iOS
user and I had no idea it would do that. I am still angry that it did. It
wasn't associated with a Mac, so we couldn't unlock it that way.

He eventually shrugged and we ended up resetting the device, but he lost
various pictures and videos. He had iCloud backups of some things, but it
turned out he had been dismissing "your storage is full" warnings for some
time.

Then the next day he came home from school, plonked himself down on the sofa,
and without a moment's thought typed in the PIN he had forgotten. Of course it
didn't work, as we had reset the device by then.

It still makes me wince but at least, unlike in this story, the device could
be reset and reused and we didn't lose access to the iCloud backups that did
exist. And ours was just operator error, facilitated by an uncaring machine.

~~~
pdkl95
> forgot the ... PIN

Schneier on passwords[1]:

>> Simply, people can no longer remember passwords good enough to reliably
defend against dictionary attacks, and are much more secure if they choose a
password too complicated to remember and then write it down. We're all good at
securing small pieces of paper. I recommend that people write their passwords
down on a small piece of paper, and keep it with their other valuable small
pieces of paper: in their wallet.

Maybe not the wallet for a portable device's PIN; the wallet could easily be
included with the theft of the phone/pad/portable. However, it's still a good
idea to write down passwords (and maybe print out your private key in an OCR-
friendly font) and store them in the fire-safe or safe deposit box or whatever
you probably already use for important documents.

[1]
[https://www.schneier.com/blog/archives/2005/06/write_down_yo...](https://www.schneier.com/blog/archives/2005/06/write_down_your.html)

~~~
madaxe_again
I keep a few critical passwords in my wallet - but they’re encrypted - simple
OTP type cipher I can hand crank in a few minutes - but useless to anyone who
finds the scrap of paper covered in cryptic utterances.

------
gambiting
Tbf - I feel really sorry that this happened to him, but on the other hand, I
am extremely glad that a once-locked device can never be unlocked by anyone
without a purchase receipt. I'm sure it deters the theft of iPhones/iPads at
least a bit if they know the device will become completely useless once locked
out.

~~~
TekMol
I have carried around laptops and smartphones for decades now. Not a single
one was stolen. Even if one was stolen now, what's the average cost of 'Stuff
being stolen' over the years?

I had Laptops with me since the 90s. For over 20 years. If my iPad Pro gets
stolen now, that's $1000 over 20 years = $50/year. I don't mind.

I really would love if a Linux distribution would support the iPad so I know I
can do with it whatever I like forever.

~~~
madeofpalk
Same. I've never had a phone/laptop/tablet/etc stolen.

Yet, "The number of smartphones stolen dropped by 50% in London, 27% in San
Francisco and 16% in New York in 2014, according to an announcement by
officials in the three cities" since the introduction of these anti-theft
measures [https://www.theguardian.com/technology/2015/feb/11/london-
sm...](https://www.theguardian.com/technology/2015/feb/11/london-smartphone-
theft-drops-after-kill-switch-introduction-iphones)

~~~
stuaxo
I saw a slightly suspicious looking cyclist come going past me, with a mask on
... he grabbed the guy in front of me's phone and cycled off!

That was in a pretty nice bit of London.

I've managed to let my laptop get taken when I was really drunk at a pub too
<shrug>.

------
raverbashing
From an usability point of view, yes it sucks

From a security point of view, they're absolutely doing the correct thing,
though account lock-outs also allow for denial-of-service attacks

Maybe we need to not lock people out of their personal iPads forever (just
make the person wait 30s between attempts) and if you want stronger security
then you actually enable it (because people who want that are "smart enough"
to set it)

~~~
xHopen
I think Apple is doing the right thing. The error lays in the user, a) don't
rememebr my security questions .... eh well... B) Apple provides ways to
restore everything, two factor, email recovery etc etc, if you didn't take
care of your own security for 7 years, what are you crying about? Sometimes I
don't get users.

~~~
falsedan
Don't blame the user for poor product decisions.

~~~
xHopen
Yeah... because your email provider shuts down, and you keep using it for your
apple account id, that is totally the fault of Apple.

~~~
canuckintime
Apple doesn't provide a way to transfer email account IDs.

~~~
xHopen
.... I have done it, even I have transfered my account from one country to
another, which many other services like Sony Play station forbid. So before
saying something that is not true, double check.

------
dawnerd
I've actually been having problems recently with my account randomly being
locked. I suspect it's bots trying to brute force, but its silly apple would
lock my account instead of blocking the requests, especially since I have 2fa.
Really annoying resetting my password only to have it happen an hour later.
Tech support also has no idea why its happening.

Thing that I just noticed a few hours ago, their password change form has a
max of 32 characters and my last apple pass was 64. Wonder if they made a
change that broke something?

~~~
rorso
My kids iPad has been doing the same. It keeps saying we're locked out, and
not accepting the (correct) password, and we have to reset the password
constantly. No idea why it's happening. I've tried setting simpler passwords
(I use KeePass and generate 32char complex passwords by default), but it
doesn't help. I never thought of the fact that it could be someone brute
forcing it and locking us out, I just shrugged it off as being "typical new-
Apple". We're almost completely off Apple devices now because we have so so
many problems with them in the last couple years, after being a happy Apple
family since the Macintosh SE.

------
gempir
The site seems to be offline. Here is an archive.org mirror:
[https://web.archive.org/web/20180523090007/https://ericasadu...](https://web.archive.org/web/20180523090007/https://ericasadun.com/2018/05/22/in-
which-apple-destroys-my-daughters-ipad-forever/)

------
isomorphic
Convince the police or FBI you're a criminal or terrorist. They will unlock it
for free.

~~~
t_fatus
Convince them your daughter is a criminal, it's hers not yours.

------
mratzloff
Unfortunate, but perhaps a useful learning experience.

I disable iCloud on all of my Apple devices. Instead, I just make regular
backups myself and tolerate different recent content on each device until
synced with my Mac, which is backed up as well.

~~~
abalone
You don't have to disable iCloud to do regular local backups.

~~~
mratzloff
Sure, I'm aware.

------
zingmars
Next up: In which HN destroys my web server.

------
sgillen
Dealing with giant bueruecracy can be the most frustrating experience.
bureaucracy’s are ultimately made of people though and rules can be stretched,
broken, or changed. I hope some real human working at Apple sees this, has
some sort of power to change things, and is willing to step up to bat for OP’s
daughter.

~~~
panic
There could be thousands of other people in this situation, though. Overriding
the policy for one well-known blogger won't help those people.

~~~
sgillen
No but this blogger bringing attention to the issue and getting the rule
changed might.

------
ajaygupta2790
Not sure if its just me but there is a database connection error "Error
establishing a database connection" while opening the site.

~~~
askmike
That tends to happen when a website gets on the HN frontpage. Try refreshing,
eventually that worked for me.

~~~
nailer
You're just hitting the database with more requests. The only reason it'll
work is if the site owner fixes something or, if the capacity doesn't change,
your additional requests stop other users from accessing the DB. Just use a
cached version and stop hammering the site.

~~~
askmike
I'm not saying to hammer down the refresh button.

And yes there is a very good reason for it too work: in most scenarios the
amount of concurrent connections to the DB is at the limit. If you refresh
once a minute later you're really not that much of an impact while the PHP
instance might get the handle to the database needed to fetch the content. As
a matter of fact, it worked for me with this exact article.

~~~
nailer
> Try refreshing, eventually that worked

> I'm not saying to hammer down the refresh button.

OK.

> If you refresh once a minute later you're really not that much of an impact

If every user does this, the site now has 2x the amount of incoming requests.

~~~
askmike
Yep but twice the amount of incoming requests spread out over time.

When the site doesn't load I think it's fair to do either 1 of 2 things:

1\. Accept that you can't read the article.

2\. Have some kind of retry mechanism ( for example:
[https://aws.amazon.com/blogs/architecture/exponential-
backof...](https://aws.amazon.com/blogs/architecture/exponential-backoff-and-
jitter/) )

But I don't think trying once and complaining about it in a comment is making
anything better for anyone.

------
abalone
So the device is locked because Activation Lock (Find My iPad) was enabled.
But the root problem is the AppleID lockout.

 _> Apple will not unlock her iCloud account... even though she has never
forgotten her password._

This is news to me. Why on earth is she not able to get back in if she knows
the password? Did she perhaps enable 2FA when "modernizing" her AppleID and
lose access to the 2nd factor? That's the only thing that the Apple support
document on this mentions as a reason for requiring more than your
password.[1]

[1] [https://support.apple.com/en-us/HT204106](https://support.apple.com/en-
us/HT204106)

~~~
mrkstu
The article mentions they don't know the trigger, and neither does Apple, but
yes, once its locked, the password is useless, you need the correct answers to
your security question or you're screwed.

------
madaxe_again
Not forever, looking at the screenshot - “just” 45 years.

I hope he gets this resolved - otherwise his daughter will have one hell of a
digital time capsule to open in her late 50’s - assuming apple or anything
else still exists.

~~~
dbaupp
I don't think the author, Erica, uses "he".

~~~
rootlocus
Maybe he does. Haven't you learned not to assume anyone's gender?

~~~
acire
I'm amused but not offended by "he". Feel free to assume my gender.

------
b3lvedere
Destroyed? The account does not work anymore, but the device is doing exactly
as told.

However i agree any electronic device should have the ability to factory
reset. Software lock ins are terrible.

~~~
mantas
Functionality like this is pretty good to deter theft. If thieves can't easily
re-enable bricked devices, black market price is much lower, thus there's less
incentive to mug people carrying those devices.

~~~
vectorEQ
anti-theft should never impact user experience in such negative way. there are
different ways to let the user be in control of this anti-theft technology
which are much more user friendly and less prone to these kind of situations.

~~~
madeofpalk
There certainly is. Don't enable the PIN code.

Security, almost by definition, makes the user experience harder and worse.

~~~
cannam
Trouble is, a PIN code is useful as a very casual line of defence (threat
model: your brother picking up the device and messing with your stuff). It's
terrible that the obvious means to avoid that threat is also something that
could lose you access to your device entirely.

~~~
lathiat
That's actually not the case, the PIN doesn't lock out your iOS device. iCloud
Activation Lock does.

It requires that if you factory reset the device (without first disabling
icloud activation lock), you must authenticate with the same iCloud account it
was previously using to "unlock" it.

This is designed precisely to make stolen iOS devices (and logic boards)
worthless.

[https://support.apple.com/en-us/HT201365](https://support.apple.com/en-
us/HT201365)

------
Crontab
This is painful but I don't see this as an Apple problem.

~~~
rootlocus
> The other day, Apple locked her out of her iCloud account and her iPad. We
> don’t know why. The Apple support people don’t know why.

Sure seems like an Apple problem. I don't randomly get locked out of my
Windows / Linux laptop or Android tablet without reason from the hardware / OS
vendor.

------
jageen
I think this is the same person who post this,
[https://discussions.apple.com/thread/7138743](https://discussions.apple.com/thread/7138743)

^ For more info.

~~~
yoz-y
Probably not: the post is about an iPod whereas the article is about an iPad
Mini.

This issue is actually quite old and I am very surprised (and sad) that is has
re-surfaced.

~~~
jageen
I got your point, I just google search it to see if I found any help and see
this post so wrote it here as it is similar.

------
a_rahmanshah
Google cache version:
[https://webcache.googleusercontent.com/search?q=cache%3Ahttp...](https://webcache.googleusercontent.com/search?q=cache%3Ahttps%3A%2F%2Fericasadun.com%2F2018%2F05%2F22%2Fin-
which-apple-destroys-my-daughters-ipad-
forever%2F&oq=cache%3Ahttps%3A%2F%2Fericasadun.com%2F2018%2F05%2F22%2Fin-
which-apple-destroys-my-daughters-ipad-
forever%2F&aqs=chrome..69i57j69i58.5143j0j4&sourceid=chrome&ie=UTF-8)

~~~
acire
And archive.is: [http://archive.is/l834w](http://archive.is/l834w)

------
developer2
> She did not do anything to trigger the Apple ID issue.

I chalk this up to the child not wanting to admit they entered the wrong
passcode too many times. iOS devices "disable" themselves after enough failed
attempts. This is a good thing - you want this to happen if your device is
stolen. "Disabled" only means you need to prove ownership by either:

a) Connecting the iPad (via USB) to iTunes on a Mac or PC that is logged into
the same Apple ID account. This is the original method, from the era when
desktop iTunes was mandatory to setup and sync iOS devices.

b) Using "Find my iPad" to reset the device via the iCloud web interface. This
was added as an alternative when cloud sync/backup was added (ie: when owning
a second device running iTunes became optional).

Two critical points from the OP:

1\. Inability to provide the birth date and answers to security questions.

2\. Inability to access the email account associated with the Apple ID ("her
email provider deleted the account about 3-4 years ago").

These are only needed to perform password reset / account recovery for an
Apple ID - which tells me they _do not even know the Apple ID 's password_,
and cannot provide the information required to recover that Apple ID.

This person's situation is indistinguishable from a stolen device, by a thief
who cannot prove ownership of the Apple ID. I say: "working as intended".

~~~
Spare_account
You appear to know what you're talking about, but I don't think you've
factored this part into your theory:

> _The other day, Apple locked her out of her iCloud account and her iPad. We
> don’t know why. The Apple support people don’t know why. I think it may have
> to do with when I modernized my AppleID to use an email address, which is
> what the iTunes account on the iPad is registered to._

I think you're implying that Erica (the OP) needs to use iTunes linked to her
own Apple ID to recover this device?

And that the daughter's Apple ID may not be needed at all here?

~~~
developer2
I did in fact miss the purported locking of the Apple ID. It appears as though
accounts can be locked under certain circumstances[1].

So the Apple ID was locked, presumably due to many accidental or malicious
attempts to log in to the account. The account owner is then left having to
perform account recovery, which is where the security questions and access to
the email address's inbox come into play.

[1] [https://support.apple.com/en-us/HT204106](https://support.apple.com/en-
us/HT204106)

------
keepmesmall
The site is overloaded, archived copy:

[https://web.archive.org/web/20180523090007/https://ericasadu...](https://web.archive.org/web/20180523090007/https://ericasadun.com/2018/05/22/in-
which-apple-destroys-my-daughters-ipad-forever/)

------
gaius
_she made up a birthday and answers to the security questions. 8 years later,
she does not know that information and there’s no way for us to guess it._

Well that sucks, but the vendor did provide an account recovery mechanism
which they chose to circumvent.

~~~
gempir
I feel like Apple did nothing wrong here. If they parent/daughter chose to go
around every recovery mechanism Apple provided it's their own fault. Physical
possesion of a device should never equal direct access to all its data.

~~~
Spare_account
> _Physical possesion of a device should never equal direct access to all its
> data._

Apple appear to have extended this principle beyond the data and are
preventing use of the device entirely. It ought to be possible to wipe the
device and start from scratch with a new Apple account.

~~~
gaius
If a stolen device can be trivially reset there is no deterrent to stealing
them or to buying stolen property.

~~~
Spare_account
This case (OP's) is an example of when a device reset could be required
despite not having been stolen. What we're left with is the balancing act of
deciding whether this example is an acceptable price to pay to achieve the
deterrent effect you're describing.

And I'd also be interested to know if it really does have a deterrent effect.
Does anyone know if criminals really do avoid stealing iPads?

~~~
gaius
_when a device reset could be required despite not having been stolen_

For which you would use the security questions that they avoided doing for
spurious reasons...

~~~
Spare_account
We've entered a loop here, because you're referring to something they could
have done differently at the beginning, but we had been discussing the
situation that had been created by them going through the process they way
they actually did.

Yes, this could have been avoided by following Apple's procedures correctly.
But given that we didn't do that, this story has highlighted a case where we
can be prevented from using our device despite not having committed a crime.

There are presumably other cases where a similar could occur:

1) A mistake during the setup process. What if I enter the wrong birth date in
error. 2) Death of device owner. What if the person who inherits it doesn't
know the answers chosen.

I'm sure plenty of other cases exist.

Not being able to factory reset a device that you have in your physical
possession is not reasonable, in my opinion.

~~~
gaius
_Not being able to factory reset a device that you have in your physical
possession is not reasonable, in my opinion_

You have a car parked outside your house. You have no keys and no paperwork
proving ownership, nor is there a record of you in any central repository.
Should you be able to just claim it by virtue of physical proximity? I think
most people and most legal systems would say no.

------
KayL
Besides that, you couldn't empty the backups in the iTunes and start with a
new password easily (without a reset in iOS) which also sucks.

------
Zekio
looks like it is stuck in 1970 or so, according the number of minutes in the
image

Edit: 1972 to be exact

~~~
sgtmas2006
I wonder if you created a network with an SSID and password that matched the
original if it would pick it up and update the date? This is what I did with
my TV when I lost the remote, so I could add a phone as a remote.

~~~
nyreed
After reboot, all iDevice SSIDs and passwords are encrypted with the device
passcode.

This means the iPad can't automatically connect to known networks until the
passcode is entered.

~~~
sgtmas2006
Is this true for all versions? If it's a 2nd or 3rd hand-me-down iPad as
stated, chances are it's on a lower version.

I forgot that this was even a feature.

------
kapnobatairza
Maybe someone that works at Cellebrite might be willing to throw you a bone?

------
xHopen
Did you try to restore it using DFU mode?

------
le3dh4x0r
We did it guys. That server was smashed by the repellant hammer of hype.

------
t_fatus
And this one time, when I updated my iPod touch, and both WiFi and Bluetooth
stopped working.

~~~
t_fatus
I definitely don't think official software updates could be made not
reversible. And worst brick a perfectly fine device. Would love to hear from
the ppl downvoting too.

------
znpy
This is one of the reasons why you should just not buy Apple-branded stuff:
such things are designed to be remotely-lockable.

With an Android-based device this couldn't happen. Provided that you have a
backup of your data, you could just reflash the device, restore your backup
and start using the device again.

Just don't buy Apple stuff. Between people having assistance denied (example:
Linus Sebastian 5 k$ Mac Pro), people losing all of their music (there was one
guy whose bootleg records was remotely wiped on all his devices and replaced
with "originals" by Apple), and people like OP having their device turned in a
shiny brick...

This is really getting ridiculous.

~~~
TekMol
I find it surprising that Linux distributions still don't support iOS devices.
Considering how many of these devices are out there.

What is the main reason? That it is hard to root them?

~~~
znpy
> What is the main reason? That it is hard to root them?

Imho it's just not worth it. There are a lot of way cheaper phones/tablets
that you can get in order to run GNU/Linux.

Why would anybody bother ?

~~~
TekMol
I use an iPad Pro because it had the best form factor + weight + performance
combination I could find.

~~~
znpy
The subthread was about running GNU/Linux on Apple devices like the iPad Pro
you own, not about the device itself...

------
hungerstrike
Nobody in my house or in my parents house wanted to lock their iOS devices at
all...yet with every major update, Apple tries to trick us into re-enabling
touch/pin/etc security with dark UI patterns.

A _few_ times it actually worked when we weren't paying attention. Since I'm
quite positive that nobody at Apple actually cares about what customers want
or about their privacy and security, I'll just assume that this is more
theater. Alternatively, perhaps they found that people who use touch/pin
security are less likely to switch away from iOS or they buy more apps or
something else that affects their bottom line.

~~~
wilsonnb
Your assumption that nobody at Apple cares about the customer's privacy and
security is completely ridiculous.

The fact that they have a setting to wipe your device after 10 failed
pin/password attempts proves that they care about my security and privacy.
There's no other reason to include such a feature.

Not to mention the secure enclave in iOS devices (and the MacBook Pro and iMac
Pro, I think) or Apple's refusal of FBI requests to assist in unlocking
iPhones.

~~~
hungerstrike
Sure, there’s no such thing as security theater and nobody spends money or
effort putting on a show at all anywhere ever.

~~~
wilsonnb
Perhaps you could explain why you think those things are security theater.
Then your comment would have some actual substance.

~~~
hungerstrike
What substance did your comment have? You simply named some examples of
actions that Apple has taken which doesn’t prove anything at all to your point
since the very _definition of security theater is taking actions that make it
look like you care about security_.

The reason I think that they are theater is the same reason that any
corporation does things like that. It’s just like Googles bullshit “do no
evil” motto. _Apple has a long history of doing dramatic things for
attention._ Do you deny that?

So, what’s your reason? Do you take everything that any corporation does at
face value, or just Apple?

~~~
wilsonnb
The substance is that I actually use a security feature that Apple has
implemented and it makes my device more secure. That's my justification for
saying that Apple cares about security. If it was security theater, then the
feature they implement would be for show and not actually make me more secure.
I don't believe that's the case. Feel free to prove me wrong. That would count
as substance.

The burden is then on you to give a reason that you think that wiping my
device after 10 failed pin/password attempts is security theater and not just
security.

Apparently your reasoning is just that "Apple is a corporation and
corporations use security theater", which is a terrible argument. It assumes
that _all_ corporations do certain things without room for exceptions. It also
has nothing to do with the actions themselves.

> definition of security theater is taking actions that make it look like you
> care about security.

If the actions you take to make it look like you care about security also
happen to make you more secure, is it security theater? Can a company do
something that both makes them look good in the public eye _and_ be good for
their users? I think they can.

~~~
hungerstrike
> The substance is that I actually use a security feature that Apple has
> implemented and it makes my device more secure.

You're missing the point entirely. I said that Apple doesn't really care if
you're actually secure or not...and your response to that is essentially
"well, I feel safe". That says nothing about Apples motivations which is what
my assumption centers around.

> If the actions you take to make it look like you care about security also
> happen to make you more secure, is it security theater?

And? Again, you're not speaking to motivation at all, which are the target of
my assumptions. I can assume anything I want about Apples motivations based on
my view of their history and there isn't much you can do to prove or disprove
that, which makes your own complaint about my assumptions rather ridiculous.
It's a fucking opinion...get over it!

> Can a company do something that both makes them look good in the public eye
> and be good for their users? I think they can.

Apparently it's good for some users and not so good for others as in the case
of this posters story as well as my own.

