Sounds like you didn't fully read the article. Nothing is said about stolen property.
> Responsible recyclers and refurbishers wipe the data from used devices before selling them on. In these cases, the data is wiped, but cannot be assigned to a new user, making them effectively worthless. Instead of finding these machines a second home, Bumstead and others are dismantling them and selling the parts. These computers often end up at recycling centers after corporations go out of business or buy all new machines.
Apple has an easy path to reset an Apple Silicon device by the original owner so it can be sold and used by another. I know because I've done it. But if it is stolen, game over.
Yeah, extra work for overworked IT departments. I'm sure they'll be happy to add extra work they dont have to do.
Ive worked with second hand devices for a long time. Ive had many come through that have activation/MDM/etc locks and have tried calling the IT dept they came from and all but about one time they pretty much just laughed at me or just played dumb about it entirely. Apple and other vendors were no help in this as they just tell you to contact the original owner.
The only actual step is to click "Erase All Content and Settings", aka. wipe the machine, which is what every sane IT department should do when decommissioning a device. Assuming they're using any kind of MDM solution, they can do it with one click through their MDM.
The IT department has no idea what kind of password that user was using, and they have no idea what kind of valuable data is on that machine. If that user's password was just "password" (or sticky-noted next to the trackpad), that IT department is going to get in serious trouble once all that proprietary data ends up in the wrong hands, if they didn't wipe the machine before handing it off to a third party.
If wiping the machine before getting rid of it is "extra work", then that IT department isn't doing their jobs to begin with. I'm certain such IT departments exist, but that's not enough of a reason to make theft easier.
That is not enough. You have to remove the device from your iCloud account too.
Source: just wiped and sent back a MacBook Air to my old workspace. My colleague finished the macOS setup and logged in with their iCloud account. After resetting it again (to re-do the setup in the way they wanted) it was locked to my account. So not even installing macOS and logging in to iCloud will bind the machine to you.
Imagine doing that with a machine you bought second hand and the original owner can’t be reached anymore.
No, that button is enough. That button did not exist on older versions, so you definitely did not click it if it did not work. If you're running the version of macOS that was released over a year ago (Monterey) or running Ventura (released more recently), then the button will exist.
"Activation Lock is disabled when you use the Erase All Content and Settings feature."
Apple confirms that the feature works exactly as I said and exactly as users expect. I've used it myself, and it does work.
Users running software that is several major versions out of date will have a more difficult experience, since that button did not exist, and they would have to first remove Activation Lock before going into Recovery Mode to manually format the Mac. Those are the remaining steps that were linked several comments up from here: https://news.ycombinator.com/item?id=34505523
Apple has made the process as easy as it possible can be now, identical to the process used to factory reset an iPhone.
Well, apparently it’s possible to “hold it wrong” then.
I’d argue if you can wipe it (which requires your iCloud account approval), install it as someone else, login with that new iCloud account, then reset it and it suddenly reverts back to the previous owner, something is wrong or very unintuitive.
The problem on Mac it seems is that there are two official ways to do it. One proper way (the “Erase All Content and Settings”) and one other way (the way we did it, boot into recovery and format it, then go through setup with another iCloud account which apparently just temporarily lets another user use the machine). On iPhone there is no user accessible recovery mode so that can’t happen there.
>and one other way (the way we did it, boot into recovery and format it, then go through setup with another iCloud account which apparently just temporarily lets another user use the machine).
If you go through recovery, you can delete the content, but when you go to reinstall, you will be prompted for the credentials for the user tied to it.
Meaning, you can delete, but you can't reinstall without being prompted for authorization by the account that currently 'owns' that computer.
Going into macOS Recovery is not an official way to transfer ownership. It can be used to reinstall the OS or delete the data volume on the disk. But it does not change anything on the hardware security chip, which is what Activation Lock uses.
I've worked with some of these responsible recyclers before. Everyone knows the deal.
If you want IT asset disposition, it'll nominally cost you -- for pickup and processing, and optional value-adds like secure data destruction certificates. If the assets have remarket value, that can begin to subsidize the cost, easily zeroing it out, or even returning profit to the IT department. Recyclers are happy to pay IT departments to pick up their old Apple equipment -- and they know to ask ahead of time, "are these activation locked?"
These recyclers often have vertical integration on the refurbishing side, running an Amazon eCommerce department so they can directly capture that remarket value. And once they've got that going, their bottleneck to growth is how much material they can bring in -- which is never enough.
So the recyclers and refurbishers invariably need to buy material from other recyclers. There's an entire economy around selling pallet-fulls of used, minimally-inspected or completely "as is", Apple and PC equipment. Specialized invite-only communities exist for selling this material in bulk, with lots of overseas actors in on the game. Every R2 recycler is involved here, along with lots of actors from India and China in particular.
Having seen inside that sausage factory, fraud and theft is a legitimate problem. There's more than a fair share of "don't ask questions". More than a fair share of "yup we're definitely R2 certified, winkwink". More than a fair share of wining and dining the R2 auditors to get that certificate under the table in the first place.
I'm gonna go with the GP comment here -- the system is working as intended. Industrialized theft of this sort is much more eminently solvable through technological means than through overstretched law enforcement, especially when a non-negligible amount of material comes from overseas.
It's on the IT departments to figure out if they have enough time to activation-unlock their assets before disposition. Do they want to pay the recycler to pick up all that material, or do they want to sell the material and pad their budget?
A quick look at the Jamf documentation suggests it's pretty easy to mass unlock these devices, so I'm not buying that it's that much of a strain.
>Yeah, extra work for overworked IT departments. I'm sure they'll be happy to add extra work they dont have to do.
But at the benefit of less-burdened security teams, and greatly enhanced peace of mind for users and info-sensitive organizations? You can argue it's taking something highly risky like security and shifting those man hours to something not as threatening.
> With new apple machines there is no possibility of this.
It isn't necessary to destroy the physical media anymore, so that reduction in e-waste is fine with me. Just properly erase the device by clicking the button in settings.
But security is about more than what you do at the end of a machine’s ownership, it’s all the things you have to consider while the machine is out in the world with very sensitive information on it. And now those security departments have much less to worry about because of this security architecture in the chip.
As the sibling commenter points out, this should also result in less waste as those drives do not need to be destroyed if the device is properly unlocked.
What information would be recoverable without the storage device? ROM dumps? I doubt the majority of these computers are running any super secret firmware and if they are I assume there would be extra precautions taken when its EoL.
I'm talking about machines in active use that are out in the world, with their owners -- security teams have much less to worry about than they used to, as the modern Apple security architecture takes much of the burden off them.
And there is a perfectly secure way of having FileVault always on by default, and by rotating the keys, you are effectively "destroying" all the data on them anyway, with the bonus of not physically harming anything.
Unless, cryptography itself is broken... which would bring much wider-scale problems than destroying information on old drives anyway.
I rather IT is forced to properly reset laptops even if takes longer because there has been too many incidents of data leaks when IT doesn't take time to properly remove data before donating laptops.
Hardware lifecycle process may vary but it still needs to be accounted for.
The activation lock removal is hardly an obscure hack, this is a process failure. Good on Apple for making these machines take their secrets to the grave.
For IT departments there is a way to request a reset from apple if you have apple enterprise support and can prove that the device is yours. It has to be in DEP or you have to send them an invoice.
Hmm, I've seen recyclers with stacks of these machines (including new M1 Max's) that they say they have to throw out because they can't do this. I wonder if you are missing something.
We're not missing something, the recyclers are. The original owner just has to use their Apple ID to disassociate the device. The problem is, that step isn't happening, and the juggling of devices from reseller to reseller results in the original "owner" becoming lost.
Juggling of devices from reseller to reseller sounds like laundering stolen goods to me.
If it’s a legitimate sale, the original recycler will require the seller to wipe/unlock the device or they will only give a steeply discounted price. If the seller is going to get hundreds/thousands less by not wiping the device, they will do it.
Thus, the only problem for recyclers is recycling stolen laptops.
If the IT staff have been laid off already, there is no one left to wipe the devices. You can't really expect the bankruptcy administrators to know this (yet).
If the problem is the "throwing out" part, they can just give it to Apple for recycling. Then it won’t be e-waste anymore. Or to the police and let them deal with it.
If the problem is the financial part, just go back to the person they bought it and get the money back.
If they're taking a risk and buying it legally from, for example, a police auction, or from someone who "might have forgotten to contact the owner": it's a risk.
If it was acquired illegally, I can't say they deserve a solution to their problem.
Nobody is entitled to get money in exchange for potentially stolen goods or items acquired without due diligence.
I'm not sure I understand your comment here? Are you referring to the end of your MacBooks' life, or the beginning? It's somewhat ambiguous.
Assuming you are referring to end of life process:
Apple's kit sold as refurb is done from their incoming returns — faulty, or otherwise unwanted, systems.
Everything sent to them as a trade-in isn't handled by Apple at all: it's contracted out to third-party companies. (This likely applies to their recycling programme also, but I've not looked into it)
At least: these things certainly used to be the case — and there have been a whole bunch of articles online that support this, over the years. I would love to see evidence to the contrary if things have changed?
— But like I said: I'm not sure I understand your comment, so maybe my points here are irrelevant.
I'm glad they have that process outlined, but dang if it couldn't use a little streamlining. Individually sign out of iTunes(step 4), and iCloud(5), and iMessage(6)? They couldn't add something to the OS that does all three for you? And the later steps (erasing disk[8], reinstalling MacOS[8], and resetting NVRAM[9]) don't somehow already break those sessions?
If you're using macOS Monterey or later on a Mac with Apple silicon or a Mac with the Apple T2 Security Chip, use Erase All Content and Settings instead of the remaining steps in this article. For any other Mac or macOS, continue to step 3.
Most of these steps don't affect activation lock - removing activation lock is as simple as disabling Find My, which can also be done by signing out of iCloud. Removing from iCloud.com (Find My) is also sufficient.
Nothing else is needed to disable activation lock.
No, if you reinstall macos without removing the machine from your apple account it will lock down just like a factory reset iPhone and require you to login to the original account.
The article says that some corporations do not care and do not cooperate after unloading the machine to recyclers. (Including schools - which makes a bit more sense, one can assume school computer for pupils does not have any security-critical information, apart from maybe network config etc).
Strangely, if you follow steps 1 and 2 then you miss step 3, which is to back up or transfer your files. Why would the owner of an Apple Silicon machine not want to do this?
> If you're using macOS Monterey or later on a Mac with Apple silicon or a Mac with the Apple T2 Security Chip, use Erase All Content and Settings instead of the remaining steps in this article.
So, it is literally a two step process for any Mac released since the end of 2017, and the first step is just an optional reminder to cancel or transfer your AppleCare coverage if you have any.
So, one real step. Wow, so hard.
> assuming that the seller is even aware
The buyer should make the seller aware of the problem, because it is in the buyer's interest not to end up with scrap.
But, regardless, why would the seller not want to wipe their computer first? The seller will inevitably hit the button mentioned in the help article simply because that's the only obvious way to wipe the computer to anyone who isn't super technical. This is a problem that practically solves itself for devices that aren't stolen.
>> The buyer should make the seller aware of the problem, because it is in the buyer's interest not to end up with scrap.
How does this assume anything about the owner/seller?
It’s entirely on the buyer to make sure they’re getting what they want out of a transaction (as long as the seller is not misrepresenting the product), and activation lock has been a thing for like a decade on Apple devices, so it should be widely known. If they make major purchases without even doing the bare minimum of due diligence, they will have a bad time regardless of activation lock. I’ve seen people buy ancient MacBooks off eBay that can’t run the software they need, simply because they didn’t do the research. That isn’t the seller’s fault.
If the seller is misrepresenting the product as having the activation lock removed when it isn’t, that becomes a legal issue. On platforms like eBay, they will happily side with the buyer and refund them in cases like that. For B2B stuff, that’s why lawyers exist.
it's a single step if you don't have applecare and applecare just makes it harder, because you need to cancel it.
it's just a two button process with big fat red buttons and you need to enter you password.
> Responsible recyclers and refurbishers wipe the data from used devices before selling them on. In these cases, the data is wiped, but cannot be assigned to a new user, making them effectively worthless.
I'm sorry but this is bullshit too.
I have sold my fair share of old Apple devices via so-called "responsible recyclers and refurbishers".
When submitting the form on the website, they all have statements in BIG RED CAPITAL LETTERS saying "please logout from Apple iCloud before sending us your device".
Most of them also have terms and conditions saying they won't pay out and/or will return devices where activation lock is still enabled.
Yes. And what is argued is that they should talk about stolen property. Because if they got the laptops legitimately they should ask the original owners to unlock them. If they can't or won't then something is suspicious. The laptops being stolen is the leading suspicion.
Are we intentionally forgetting the part about how these are recycled machines? Sometimes the business doing the recycling doesnt have direct contact with the owners, often businesses are pawning off months old machines and dont know the last user who had the machine, theres so many scenarios where its not fair to say 'just contact the previous owner' - this grey area just leads to waste, and the only one at fault is Apple
> Sometimes the business doing the recycling doesnt have direct contact with the owners,
Did the owners just push the laptop under the door and run away? At the point where they receive the laptop they can say: "If the laptop is locked it will cost you $X to dispose it here. If it is unlocked we pay you $Y."
Set X and Y appropriately and people who can will unlock them.
No, what we're saying is we only have the business's word on that, and that isn't worth very much. There are tons of shady recyclers who look the other way at laptops that "fell off the back of a truck", and I'm very confident that's what's happening here, and you (and Vice) are falling for it. The bit about multiple thousands of business laptops getting junked is a total ragebait distraction, because any business of that size has MDM enabled. What they're really complaining about is individual laptops whose provenance is unknown, and at best they don't care where they came from, at worst they're active participants in the theft rings.
>Sometimes the business doing the recycling doesnt have direct contact with the owners,
Then how do they know that they're not dealing in stolen goods? If they can't establish a chain of custody to a legitimate owner, then they're being irresponsible.
Properly wiping FMM is, in my experience, beyond most owners, especially of they aren't mainly on mac and thus might no longer have access to apple id they used.
In fact, there was a period of time when depending on latest os version and hw version, the steps changed.
The one time I bought a mac personally, the reseller tried to follow the correct procedure... But they used an outdated one. Contacting previous owner led to threats of litigation for phone call mobbing.
Any Macs made in the past 5 years require exactly one step: clicking "Erase All Content and Settings", which is exactly the button anyone would push when trying to wipe a machine before giving it to someone else.
Things may have been more complicated before that, but Apple has made it as easy as it possibly can be now without telling thieves to just start grabbing every Mac they see.
Not past 5 years - MBP 2018 with Catalina didn't unlock when using that. It's possible that it was a bug, but after previous owner nearly threatened lawsuit for "phone mobbing" (I wasn't the first person trying to call them to remove it from FMM) I kinda gave up. Needed to use the machine right away and broken FMM belonging to locked-out Apple ID didn't stop me from that.
Yes, past 5 years. That’s what the Apple documentation says, since it says it applies to any Mac that was T2 or newer. That doesn’t mean that it would have worked this way 5 years ago. Software improvements with macOS have definitely made the process simpler than it used to be.
"Erase All Content and Settings" did not exist in macOS Catalina. Back then, you had to manually reboot into recovery and reinstall the OS that way, which unfortunately did nothing for Activation Lock, and was a confusingly advanced procedure to expect end users to perform in the first place.
Now, someone just has to go into settings and click that button and macOS will handle everything. It's exactly like wiping an iPhone, including using the same button name. Apple has done what they can to make this as user friendly as it can be now.
Guess this is a good reason for repairers/resellers or buyers to ensure activation status on any Apple device they get their hands on. Easy for repairers/resellers to ensure since they tend to be directly in contact with the company and make it policy. For general buyers, they have to be proactive before making any purchases over an Apple device. As it's easier to contact the seller in question while they are actively selling vs hoping they'll respond post-sale.
The refurbished probably shouldn’t purchase those machines then if it’s a known issue. There’s a tradeoff here, and needing the owner to run a command to reset the machine seems preferable to having them be valuable if stolen
Sure, but in terms of how a non-technical user feels, I suspect that "it's still there, but trust me that nobody can access it" isn't as comforting as it just not being there at all. Thus an incentive exists.
This still sounds great! If thieves know they can't get more than scrap value for a MacBook, they will more likely search out other targets (like PCs) to make their drug money.
Smart recycling centers and refurbished, like Apple, don’t take possession of MacBooks with Activation Lock turned on. Legitimate people can easily turn it off.
> Responsible recyclers and refurbishers wipe the data from used devices before selling them on. In these cases, the data is wiped, but cannot be assigned to a new user, making them effectively worthless. Instead of finding these machines a second home, Bumstead and others are dismantling them and selling the parts. These computers often end up at recycling centers after corporations go out of business or buy all new machines.