A couple of years ago my son forgot the (3-digit!) PIN for his iPod touch. He tried various possibilities, with the device responding with increasingly long lockouts between attempts, until it locked him out permanently. I'm not an iOS user and I had no idea it would do that. I am still angry that it did. It wasn't associated with a Mac, so we couldn't unlock it that way.
He eventually shrugged and we ended up resetting the device, but he lost various pictures and videos. He had iCloud backups of some things, but it turned out he had been dismissing "your storage is full" warnings for some time.
Then the next day he came home from school, plonked himself down on the sofa, and without a moment's thought typed in the PIN he had forgotten. Of course it didn't work, as we had reset the device by then.
It still makes me wince but at least, unlike in this story, the device could be reset and reused and we didn't lose access to the iCloud backups that did exist. And ours was just operator error, facilitated by an uncaring machine.
>> Simply, people can no longer remember passwords good enough to reliably defend against dictionary attacks, and are much more secure if they choose a password too complicated to remember and then write it down. We're all good at securing small pieces of paper. I recommend that people write their passwords down on a small piece of paper, and keep it with their other valuable small pieces of paper: in their wallet.
Maybe not the wallet for a portable device's PIN; the wallet could easily be included with the theft of the phone/pad/portable. However, it's still a good idea to write down passwords (and maybe print out your private key in an OCR-friendly font) and store them in the fire-safe or safe deposit box or whatever you probably already use for important documents.
I keep a few critical passwords in my wallet - but they’re encrypted - simple OTP type cipher I can hand crank in a few minutes - but useless to anyone who finds the scrap of paper covered in cryptic utterances.
Then you don’t understand why this feature exists. The 3 digit pin will get hacked given enough time. The erase was to garantuee that your data is safe.
Then you don't understand that when the user is unaware of such feature and can't easily opt in/out, then it's an anti-feature, because sometimes not getting locked out from your own device is way more important than data being safe.
There are plenty of other operating systems and devices which allow for users to make the choice. For example, I know many people myself included who make the choice to keep their android device with no password at all.
Tbf - I feel really sorry that this happened to him, but on the other hand, I am extremely glad that a once-locked device can never be unlocked by anyone without a purchase receipt. I'm sure it deters the theft of iPhones/iPads at least a bit if they know the device will become completely useless once locked out.
Even if they know the username and password though? A thief shouldn't know your username and password, and if I have the username and password to a device, I expect to be able to get in.
I believe the OP uses the word "password" incorrectly; they're talking about the device passcode. The details provided in the post indicate they do not know the Apple ID's password, and are unable to perform account recovery (ie: password reset) which requires answers to security questions and/or access to the email address's inbox.
Edit: Another comment chain noted that the OP says the Apple ID was locked as well. It's possible they did know the account's password, but it looks like certain situations may require one to perform account recovery to unlock an account[1].
Right, well in that case I'm sorry that so many people here are misreading your post, and I agree it's ridiculous that you cannot gain access to the account. You've spelled it out plenty clearly so I figured they must have some additional knowledge about how the system works, but it sounds more like the situation is just so silly that people don't want to believe it.
It just seems to be easier and more likely to have tablet locked forever, especially for a child, this way then have it actually stolen. Also, a mean schoolmate can lock kids device forever if the kid is not looking.
Which sounds like a good reason not to password protect the device.
That's really only the case if the owner isn't able to show that they own the device, and hasn't set up a password recovery mechanism to demonstrate they own the account.
I do feel bad for them, but it's kind of a confluence of a lot of different mistakes that led to this point.
I would have hard time to find tickets for older devices (which are the ones kids use).
Locking your device forever is quite damaging action no matter what "poor decisions" lead to it. Especially when those poor decisions are quite natural if they have no idea this might happen.
I'm not sure it _is_ a poor product decision though.
There are a large number of hurdles between "I have a functioning device" and "I can no longer use my device". Passcodes, password resets, account ownership claims, device ownership claims. There's an extensive path of steps to follow which allow a legitimate user to regain access.
In this situation we have:
- Someone who has disabled their access, probably through entering the wrong password a few times
- No knowledge of the security details on the linked account
- No access to the email address associated with the account
- No proof of ownership of the device
In other words, from Apple's perspective, the user in question could easily be using a stolen device.
I'm curious though – what's the 'correct' product decision that should have been made here? Is it possible to build a system which is both secure and allows _any_ user to gain access to their device, no matter how many safeguards they have avoided?
Make it easy to regain access to a device under these sorts of circumstances and, instead of this story, you have one about how a thief was able to gain access to my stolen device even though they had almost none of the information they should have needed.
The more forgiving you are the more exposed you are to social engineering and other attempts to work around security systems.
Couldn't Apple make it be standard to provide a name and address when buying such a product? You could then for example take ti to your local apple store with some ID to get it unlocked.
I just don't see this as a poor product decision - the mechanism here is extremely simple - if you lock out your device completely, Apple will only ever unlock it for you if you can prove it's yours. How is it different to cars for example? If I lost both of my keys to my car, Mercedes would only produce a duplicate and re-program the ignition if I could prove that the car is indeed mine. I don't want someone to be able to just roll into the dealership and go "hey I just got this car, can you reprogram the ignition for me please thanks".
For cars, in the US, each state (to my knowledge) runs an ownership database, issues certificates of title, and compels buyers, sellers, and users of vehicles to update the database when ownership changes. Apple devices don't have a similar ownership database.
Nope, at least not on the devices equipped with the secure enclave. The device can still be sold for parts, but so far I don't think there is a technical solution to unlocking the system or even wiping it.
If everything were backed up to iCloud (it is by default), you can literally throw your device in the trash, get a new one, log in and the new device will look and act like the old device with all of your data in check.
The issue was that she had maxed out her icloud account and kept dismissing messages. The blame for that is shared between her parent not ponying up $10 a month for 2TB of storage that can be shared by the whole family and Apple's stingy free tier that only gives you 5Gb a month per account no matter how many devices you have.
I know that, its the hardware I care about, its not cheap. And what if you buy used? There no papers to prove you bought it to Apple. And the fact there's a way for Apple to reset it, but not me, is also highly annoying. To me, the risk of setting a pin is greater than my phone getting stolen or my data being exposed. Also, $10 a month is a rediculous price, a kid will fill up 2TB within a year and then managing what's in the cloud and whats on the device will be just as big a pain as doing your own backups, which would be extremely easy and cheap if Apple would expose the file system in a standard way (without requiring iTunes) over usb like a proper device thats not trying to sell you cloud storage.
Yes you can reset the device yourself. (https://support.apple.com/en-us/HT204306). The device will be locked to your account and you have to use your account credentials to use it.
In this case, you're talking about backing up what's on your device. No device has 2TB of data to backup.
If Apple exposed the file system unencrypted, that kind of defeats the whole purpose of encryption. How many people are really going to manually connect to a computer and backup?
What's the state of backing up Android? Can you just log in to a new Android phone and have all of your data - including app data restored?
So the cloud storage is only to back up what can fit on your devices? I think the cloud storage required to backup/transfer whatever device you purchased should be free especially at the premiums they charge for a few extra built-in GBs. Charging for proper backups, that would let users easily take/copy their files somewhere else, I'm all for.
Android exposes the file system when you explicitly allow it from the device. Obviously that doesn't help when you've locked yourself out, but that's why you do regular backups. iOS does the same thing, but only for the DCIM folder and it's not in a standard way, Linux requires special software to access it and that's usually broken for a while after iOS updates. I backup my family photos and video locally and in cold storage at $0.78 a month for 174 GB. The process would only take me 5 minutes of work a month if it wasn't for 1 or more iOS devices misbehaving every time I try.
I use Android but I'm not sure on the state of their backup, I don't have any Google Cloud stuff enabled. I backup up my entire phone once in a while if I have data I think I'll care about that isn't photo or video (which is rare in my case).
All this ranting is really only because it's very frustrating that I can't control my mobile devices like I can my PCs. Android is better than iOS in that regard, but far from perfect.
iCloud is used for more than just backing up your device. It can also be used like Dropbox.
You can backup your data on Android, but you can't just backup and restore the app data. Google tried that with apps that weren't built for it and it was an awful mess now it's opt-in and not all apps support it (https://www.howtogeek.com/140376/htg-explains-what-android-d...)
If my phone is dropped into a lake, I go into the Apple store and buy another one. My settings, apps, location of my apps on my home screen etc. will be just like I left it. Some apps rightfully choose for files not be backed up to iCloud. For instance it would make no sense for my podcasts to be backed up to iCloud.
As far as not having enough storage to backup your device - I agree. That's why I said Apple's free tier is "stingy".
Actually that is not true. They talk like it is a full incremental backup, but it is not. Apple will maintain a list of the apps you have installed. If that app is no longer available in the app store then you are out of luck. Sure pictures contacts and downloads are available, but settings within apps not so much. The move to iCloud over PC backups is great for Apple (the got my money for the 2TB plan, but only sorta good for consumers.
I have carried around laptops and smartphones for decades now. Not a single one was stolen. Even if one was stolen now, what's the average cost of 'Stuff being stolen' over the years?
I had Laptops with me since the 90s. For over 20 years. If my iPad Pro gets stolen now, that's $1000 over 20 years = $50/year. I don't mind.
I really would love if a Linux distribution would support the iPad so I know I can do with it whatever I like forever.
Same. I've never had a phone/laptop/tablet/etc stolen.
Yet, "The number of smartphones stolen dropped by 50% in London, 27% in San Francisco and 16% in New York in 2014, according to an announcement by officials in the three cities" since the introduction of these anti-theft measures
https://www.theguardian.com/technology/2015/feb/11/london-sm...
I am not sure if you ever happen to be in India (or any developing nation for that matter). I live in Bengaluru, the silicon valley of India. Recently my colleague's smartphone was stolen while he was commuting in a Public transport Bus. Few Months earlier, Another calling was talking over the phone and walking and it was snatched from him.
Bottomline: Devices are stolen always and It is heart wrecking when you know the most intimate device where you might have your intimate pics or your family's is in the hands of someone who's not ethical. What Apple doing here, MATTERS a lot!
Parent: >> I'm sure it deters the theft of iPhones/iPads at least a bit if they know the device will become completely useless once locked out.
>> Not a single one was stolen
The interesting question with the popularity of people having high values phones, tablets and laptops now, does the security measures of those devices keep the rate of theft low. If I were to correlate your statement (none stolen) with the theory (locking devices deters theft), it matches up. But, I get the feeling that isn't the point you wanted to make :)
have carried around laptops and smartphones for decades now. Not a single one was stolen
Good for you. Meanwhile in London a common crime is for moped riders to snatch phones out of people’s hands. Sometimes there’s a passenger on board who will also spray the victim with acid. Maybe you would mind that?
Yeah, please tells us more about your crime statistics in the states with this more "effective police", and how they're so much better than Europe/London...
I'm not living in the States, so I have no idea about the situation there, but Germany has very save cities. I'm sure you are able to input crime statistics Germany in your search engine of choice, if you are curious.
U.S. Embassy Berlin does not assume responsibility for the professional ability or integrity of the persons or firms appearing in this report. The American Citizens’ Services unit (ACS) cannot recommend a particular individual or location, and assumes no responsibility for the quality of service provided.
The U.S. Department of State has assessed Berlin as being a MEDIUM-threat location for crime directed at or affecting official U.S. government interests.
Please review OSAC’s Germany-specific page for original OSAC reporting, consular messages, and contact information, some of which may be available only to private-sector representatives with an OSAC password.
Crime Threats
Crime rates throughout Germany have been comparable to those in most first-world countries, and comparative analysis of crime data for the U.S. and Germany reveals only marginal differences. The Bundeskriminalamt’s (BKA) 2016 Police Crime Statistics for Germany indicated only minor changes in the number of the majority of recorded offenses with an increase of 0.7% overall. This resulted in reported crime being at its highest level since 2005. However, when discounting the “Aliens Act-related” crimes (which saw a 21.1% increase in 2016), a fall of 0.7% in recorded offences was registered. Significant increases were seen in violent crime (6.7%) including murder and attempted murder (14.3%), rape (12%), bodily injury (8.1%) and serious bodily injury (9.9%). Increases were also seen in drug offenses (7.1%) and weapons offenses (14.8%). Significant decreases were seen in burglaries (9.5%), shoplifting (3.3%) and economic crime (5.6%).
Some observers have suggested that official statistics may not always provide an accurate accounting of the level of crime, and not all crimes reported to the police are captured in the form of an actual police report. There have been reports of police dissuading victims from making formal reports citing little chance of capturing the suspect. Such a practice may create a disincentive to report criminal activity. Outspoken representatives of police unions have stated the number of crimes is often drastically under reported. In 2015, the head of the German Detective Union (Bund Deutscher Kriminalbeamter) accused politicians of “leaving the public in the dark as to the true level of criminality.” He claimed that only 75% of domestic burglaries were reported and that sex crimes and cybercrimes were under reported.
There have also been reports of crimes, in effect, being de-criminalized due to their frequency and impact on resources. One such report involved a community declaring petty crimes, such as shoplifting, would no longer be investigated by the authorities. To tackle high-profile criminal activities, such as violent crimes and burglaries, police have reallocated and/or increased resources in certain areas, resulting in less emphasis on investigating and detecting less serious crimes, such as fraud.
It is not uncommon for visiting Americans to be victims of purse snatching or pickpocketing in high traffic and tourist areas (in train stations, internet cafes, crowded restaurants, and outdoor market places), but violent crimes against Americans have been relatively infrequent. Carry a copy of your passport while maintaining the original in a safe location. While personal assaults do occur, there is no evidence that such crimes were driven by anti-American sentiment.
From a security point of view, they're absolutely doing the correct thing, though account lock-outs also allow for denial-of-service attacks
Maybe we need to not lock people out of their personal iPads forever (just make the person wait 30s between attempts) and if you want stronger security then you actually enable it (because people who want that are "smart enough" to set it)
I think Apple is doing the right thing. The error lays in the user, a) don't rememebr my security questions .... eh well...
B) Apple provides ways to restore everything, two factor, email recovery etc etc, if you didn't take care of your own security for 7 years, what are you crying about? Sometimes I don't get users.
.... I have done it, even I have transfered my account from one country to another, which many other services like Sony Play station forbid. So before saying something that is not true, double check.
I've actually been having problems recently with my account randomly being locked. I suspect it's bots trying to brute force, but its silly apple would lock my account instead of blocking the requests, especially since I have 2fa. Really annoying resetting my password only to have it happen an hour later. Tech support also has no idea why its happening.
Thing that I just noticed a few hours ago, their password change form has a max of 32 characters and my last apple pass was 64. Wonder if they made a change that broke something?
My kids iPad has been doing the same. It keeps saying we're locked out, and not accepting the (correct) password, and we have to reset the password constantly. No idea why it's happening. I've tried setting simpler passwords (I use KeePass and generate 32char complex passwords by default), but it doesn't help. I never thought of the fact that it could be someone brute forcing it and locking us out, I just shrugged it off as being "typical new-Apple". We're almost completely off Apple devices now because we have so so many problems with them in the last couple years, after being a happy Apple family since the Macintosh SE.
Unfortunate, but perhaps a useful learning experience.
I disable iCloud on all of my Apple devices. Instead, I just make regular backups myself and tolerate different recent content on each device until synced with my Mac, which is backed up as well.
Dealing with giant bueruecracy can be the most frustrating experience. bureaucracy’s are ultimately made of people though and rules can be stretched, broken, or changed. I hope some real human working at Apple sees this, has some sort of power to change things, and is willing to step up to bat for OP’s daughter.
You're just hitting the database with more requests. The only reason it'll work is if the site owner fixes something or, if the capacity doesn't change, your additional requests stop other users from accessing the DB. Just use a cached version and stop hammering the site.
And yes there is a very good reason for it too work: in most scenarios the amount of concurrent connections to the DB is at the limit. If you refresh once a minute later you're really not that much of an impact while the PHP instance might get the handle to the database needed to fetch the content. As a matter of fact, it worked for me with this exact article.
So the device is locked because Activation Lock (Find My iPad) was enabled. But the root problem is the AppleID lockout.
> Apple will not unlock her iCloud account... even though she has never forgotten her password.
This is news to me. Why on earth is she not able to get back in if she knows the password? Did she perhaps enable 2FA when "modernizing" her AppleID and lose access to the 2nd factor? That's the only thing that the Apple support document on this mentions as a reason for requiring more than your password.[1]
The article mentions they don't know the trigger, and neither does Apple, but yes, once its locked, the password is useless, you need the correct answers to your security question or you're screwed.
Not forever, looking at the screenshot - “just” 45 years.
I hope he gets this resolved - otherwise his daughter will have one hell of a digital time capsule to open in her late 50’s - assuming apple or anything else still exists.
The rightful owner of the software on device is Apple.
And they've coded the software this way, and are most likely to know about "45 (46, 48) years" effect so even if this behavior was unintentional - it's acceptable for them.
Functionality like this is pretty good to deter theft. If thieves can't easily re-enable bricked devices, black market price is much lower, thus there's less incentive to mug people carrying those devices.
anti-theft should never impact user experience in such negative way. there are different ways to let the user be in control of this anti-theft technology which are much more user friendly and less prone to these kind of situations.
Trouble is, a PIN code is useful as a very casual line of defence (threat model: your brother picking up the device and messing with your stuff). It's terrible that the obvious means to avoid that threat is also something that could lose you access to your device entirely.
That's actually not the case, the PIN doesn't lock out your iOS device. iCloud Activation Lock does.
It requires that if you factory reset the device (without first disabling icloud activation lock), you must authenticate with the same iCloud account it was previously using to "unlock" it.
This is designed precisely to make stolen iOS devices (and logic boards) worthless.
Growing up in relatively rough whereabouts, anti-theft IS user experience.
Of course, there must be a reasonable way for legitimate user to get his device back on. But reading the article, it looks like OP had quite a bad luck to loose all those recovery points :|
> The other day, Apple locked her out of her iCloud account and her iPad. We don’t know why. The Apple support people don’t know why.
Sure seems like an Apple problem. I don't randomly get locked out of my Windows / Linux laptop or Android tablet without reason from the hardware / OS vendor.
> She did not do anything to trigger the Apple ID issue.
I chalk this up to the child not wanting to admit they entered the wrong passcode too many times. iOS devices "disable" themselves after enough failed attempts. This is a good thing - you want this to happen if your device is stolen. "Disabled" only means you need to prove ownership by either:
a) Connecting the iPad (via USB) to iTunes on a Mac or PC that is logged into the same Apple ID account. This is the original method, from the era when desktop iTunes was mandatory to setup and sync iOS devices.
b) Using "Find my iPad" to reset the device via the iCloud web interface. This was added as an alternative when cloud sync/backup was added (ie: when owning a second device running iTunes became optional).
Two critical points from the OP:
1. Inability to provide the birth date and answers to security questions.
2. Inability to access the email account associated with the Apple ID ("her email provider deleted the account about 3-4 years ago").
These are only needed to perform password reset / account recovery for an Apple ID - which tells me they do not even know the Apple ID's password, and cannot provide the information required to recover that Apple ID.
This person's situation is indistinguishable from a stolen device, by a thief who cannot prove ownership of the Apple ID. I say: "working as intended".
You appear to know what you're talking about, but I don't think you've factored this part into your theory:
> The other day, Apple locked her out of her iCloud account and her iPad. We don’t know why. The Apple support people don’t know why. I think it may have to do with when I modernized my AppleID to use an email address, which is what the iTunes account on the iPad is registered to.
I think you're implying that Erica (the OP) needs to use iTunes linked to her own Apple ID to recover this device?
And that the daughter's Apple ID may not be needed at all here?
I did in fact miss the purported locking of the Apple ID. It appears as though accounts can be locked under certain circumstances[1].
So the Apple ID was locked, presumably due to many accidental or malicious attempts to log in to the account. The account owner is then left having to perform account recovery, which is where the security questions and access to the email address's inbox come into play.
> This is a good thing - you want this to happen if your device is stolen
How does the device know it's been stolen? It can't possibly tell the difference between "snatched on the bus and in the black market tech's lab" and "oh lol whups I forgot how to used my fingers".
Provide a "my device was stolen" service for the user to initiate lockouts instead (and report the theft to the relevant authorities with location tracking data) imo.
Unlocking a disabled device takes 2 minutes - connect it to iTunes. It's a minor inconvenience if you happen to disable your own device. The point is you have to prove ownership by unlocking it using the same Apple ID. This person is unable to log into their Apple ID account, and is unable to perform account recovery because they don't have the answers to the security questions, nor access to the inbox of the email address that would allow for a password reset.
They shouldn't need a password reset in this case as they have the correct username and password already. They seem to have been locked out for unknown reasons.
I feel like Apple did nothing wrong here. If they parent/daughter chose to go around every recovery mechanism Apple provided it's their own fault.
Physical possesion of a device should never equal direct access to all its data.
> Physical possesion of a device should never equal direct access to all its data.
Apple appear to have extended this principle beyond the data and are preventing use of the device entirely. It ought to be possible to wipe the device and start from scratch with a new Apple account.
This case (OP's) is an example of when a device reset could be required despite not having been stolen. What we're left with is the balancing act of deciding whether this example is an acceptable price to pay to achieve the deterrent effect you're describing.
And I'd also be interested to know if it really does have a deterrent effect. Does anyone know if criminals really do avoid stealing iPads?
We've entered a loop here, because you're referring to something they could have done differently at the beginning, but we had been discussing the situation that had been created by them going through the process they way they actually did.
Yes, this could have been avoided by following Apple's procedures correctly. But given that we didn't do that, this story has highlighted a case where we can be prevented from using our device despite not having committed a crime.
There are presumably other cases where a similar could occur:
1) A mistake during the setup process. What if I enter the wrong birth date in error.
2) Death of device owner. What if the person who inherits it doesn't know the answers chosen.
I'm sure plenty of other cases exist.
Not being able to factory reset a device that you have in your physical possession is not reasonable, in my opinion.
Not being able to factory reset a device that you have in your physical possession is not reasonable, in my opinion
You have a car parked outside your house. You have no keys and no paperwork proving ownership, nor is there a record of you in any central repository. Should you be able to just claim it by virtue of physical proximity? I think most people and most legal systems would say no.
I wonder if you created a network with an SSID and password that matched the original if it would pick it up and update the date? This is what I did with my TV when I lost the remote, so I could add a phone as a remote.
That’s pretty clever. I actually really enjoy hacks like these that you have to use to get other people’s technology to do what you want in a way the original creator never intended.
I definitely don't think official software updates could be made not reversible. And worst brick a perfectly fine device. Would love to hear from the ppl downvoting too.
This is one of the reasons why you should just not buy Apple-branded stuff: such things are designed to be remotely-lockable.
With an Android-based device this couldn't happen. Provided that you have a backup of your data, you could just reflash the device, restore your backup and start using the device again.
Just don't buy Apple stuff. Between people having assistance denied (example: Linus Sebastian 5 k$ Mac Pro), people losing all of their music (there was one guy whose bootleg records was remotely wiped on all his devices and replaced with "originals" by Apple), and people like OP having their device turned in a shiny brick...
To me, this is a perfect reason to buy an Apple-branded device - if my device is stolen/lost I want to be able to lock it permanently and forever with absolutely no way to restore it again. Android phones can almost always be overriden and just factory reset even if the system locks out completely. To me, that's a huge downside, not a bonus.
Yeah, Stallman's out there. But he's not wrong. It only takes a bit more time to show the abuses that he warns about.
I sit in a weird place where I admin and advocate for Windows and Linux. Feels wrong, but I introduced Linux into a bunch of windows admins. I felt that going the full kerb/ldap/radius/linOTP/shib stack would be too much to chew immediately. Steps :)
> Between people having assistance denied (example: Linus Sebastian 5 k$ Mac Pro),
Just a note, he wasn't 'denied assistance', Apple told them the computer was damaged beyond repair. Just like if you get your car into a serious crash it'll be written off, that's what Apple declared to his iMac Pro because he had physically damaged it so much.
No, he cracked the screen but also killed the power supply by shorting it somehow. From Apple's perspective, it's unknown the actual extent of the damage that they've caused to the machine, and the moment they repair it, they're accepting responsibility for it from then on.
When you buy an Apple product, some amount of the money you paid goes towards Apple paying engineers to figure out ways of preventing you doing things like running software they don't approve of on it.
Nobody in my house or in my parents house wanted to lock their iOS devices at all...yet with every major update, Apple tries to trick us into re-enabling touch/pin/etc security with dark UI patterns.
A few times it actually worked when we weren't paying attention. Since I'm quite positive that nobody at Apple actually cares about what customers want or about their privacy and security, I'll just assume that this is more theater. Alternatively, perhaps they found that people who use touch/pin security are less likely to switch away from iOS or they buy more apps or something else that affects their bottom line.
Your assumption that nobody at Apple cares about the customer's privacy and security is completely ridiculous.
The fact that they have a setting to wipe your device after 10 failed pin/password attempts proves that they care about my security and privacy. There's no other reason to include such a feature.
Not to mention the secure enclave in iOS devices (and the MacBook Pro and iMac Pro, I think) or Apple's refusal of FBI requests to assist in unlocking iPhones.
What substance did your comment have? You simply named some examples of actions that Apple has taken which doesn’t prove anything at all to your point since the very definition of security theater is taking actions that make it look like you care about security.
The reason I think that they are theater is the same reason that any corporation does things like that. It’s just like Googles bullshit “do no evil” motto. Apple has a long history of doing dramatic things for attention. Do you deny that?
So, what’s your reason? Do you take everything that any corporation does at face value, or just Apple?
The substance is that I actually use a security feature that Apple has implemented and it makes my device more secure. That's my justification for saying that Apple cares about security. If it was security theater, then the feature they implement would be for show and not actually make me more secure. I don't believe that's the case. Feel free to prove me wrong. That would count as substance.
The burden is then on you to give a reason that you think that wiping my device after 10 failed pin/password attempts is security theater and not just security.
Apparently your reasoning is just that "Apple is a corporation and corporations use security theater", which is a terrible argument. It assumes that all corporations do certain things without room for exceptions. It also has nothing to do with the actions themselves.
> definition of security theater is taking actions that make it look like you care about security.
If the actions you take to make it look like you care about security also happen to make you more secure, is it security theater? Can a company do something that both makes them look good in the public eye and be good for their users? I think they can.
> The substance is that I actually use a security feature that Apple has implemented and it makes my device more secure.
You're missing the point entirely. I said that Apple doesn't really care if you're actually secure or not...and your response to that is essentially "well, I feel safe". That says nothing about Apples motivations which is what my assumption centers around.
> If the actions you take to make it look like you care about security also happen to make you more secure, is it security theater?
And? Again, you're not speaking to motivation at all, which are the target of my assumptions. I can assume anything I want about Apples motivations based on my view of their history and there isn't much you can do to prove or disprove that, which makes your own complaint about my assumptions rather ridiculous. It's a fucking opinion...get over it!
> Can a company do something that both makes them look good in the public eye and be good for their users? I think they can.
Apparently it's good for some users and not so good for others as in the case of this posters story as well as my own.
A couple of years ago my son forgot the (3-digit!) PIN for his iPod touch. He tried various possibilities, with the device responding with increasingly long lockouts between attempts, until it locked him out permanently. I'm not an iOS user and I had no idea it would do that. I am still angry that it did. It wasn't associated with a Mac, so we couldn't unlock it that way.
He eventually shrugged and we ended up resetting the device, but he lost various pictures and videos. He had iCloud backups of some things, but it turned out he had been dismissing "your storage is full" warnings for some time.
Then the next day he came home from school, plonked himself down on the sofa, and without a moment's thought typed in the PIN he had forgotten. Of course it didn't work, as we had reset the device by then.
It still makes me wince but at least, unlike in this story, the device could be reset and reused and we didn't lose access to the iCloud backups that did exist. And ours was just operator error, facilitated by an uncaring machine.