Apple paid millions to woman who got her nudes posted on her facebook by apple iphone repair contractors

[CerealExperimentsLain]

1 minute ago, Master Disaster said:

She was sending her phone in for repair, its kind of hard to pull your data off a broken phone....

...And what if... Her computer broke and she sent that in for repairs instead?

[HenrySalayne]

17 minutes ago, whm1974 said:

She could have moved Content to her Computer and onto a USB HDD and not have her personal stuff like that not getting exposed on Facebook. And don't use Facebook on phones. Computer only and login manually.

This is victim blaming 101 and blatantly wrong. You could apply the same logic and blame Apple for building a device which breaks down in the first place or doesn't require the user to completely encrypt all personal data. Which would make way more sense than blaming the user for using their device as they seem fit.

In this particular case, Apple didn't fulfil their promise. They advertise privacy and they failed to put in mechanisms or organisational principles to prevent a contractor from accessing and sharing private data. There is no doubt about who to blame.

[whm1974]

32 minutes ago, CerealExperimentsLain said:

Ah, there's the idea!  Just have no sensitive information on your phone.  No shopping apps, no banking apps, no apps for personal communication such as SMS, instant messaging, email, never store photos on the phone... If you do any of that for your phone, it's your own fault that officially licensed  apple techs could potentially access your information.

 

...Wait why are we owning smart phones again then?  This is about as reasonable as 'If you don't want to get robbed, just don't have money'.  And, I'd like to point out that your bank staff really could just steal all of your money. They have access to all your back account info and the systems that operate them. ...It's just that, ya know, they'd go to prison for it.

 

17 minutes ago, HenrySalayne said:

This is victim blaming 101 and blatantly wrong. You could apply the same logic and blame Apple for building a device which breaks down in the first place or doesn't require the user to completely encrypt all personal data. Which would make way more sense than blaming the user for using their device as they seem fit.

In this particular case, Apple didn't fulfil their promise. They advertise privacy and they failed to put in mechanisms or organisational principles to prevent a contractor from accessing and sharing private data. There is no doubt about who to blame.

I am merely pointing out that there are easy steps to take to keep people from finding anything when they look. And Folks are indeed Nosy.

 

You and I might respect other People's Privacy because We value our Own. But We are also well aware that not Everyone does.

[CerealExperimentsLain]

1 minute ago, whm1974 said:

You and I might respect other People's Privacy because We value our Own. But We are also well aware that not Everyone does.

Psst... That's why the made it illegal.

[whm1974]

4 minutes ago, CerealExperimentsLain said:

Psst... That's why the made it illegal.

"It's not Illegal if you don't get caught". While I certainly don't think this way, Criminals do.

[Andreas Lilja]

Millions?

 

Any contractors want to share my nudes?

[dalekphalm]

16 hours ago, whm1974 said:

She could have moved Content to her Computer and onto a USB HDD and not have her personal stuff like that not getting exposed on Facebook. And don't use Facebook on phones. Computer only and login manually.

This is about the least helpful reply. As others have said, this is just victim blaming.

 

Not having Facebook on your phone, and manual logins only, is not practical. Most people are simply not going to do that.

16 hours ago, HenrySalayne said:

This is victim blaming 101 and blatantly wrong. You could apply the same logic and blame Apple for building a device which breaks down in the first place or doesn't require the user to completely encrypt all personal data. Which would make way more sense than blaming the user for using their device as they seem fit.

In this particular case, Apple didn't fulfil their promise. They advertise privacy and they failed to put in mechanisms or organisational principles to prevent a contractor from accessing and sharing private data. There is no doubt about who to blame.

I mostly agree with this statement. Apple holds some blame for allowing the situation to happen, but the vast majority of blame lies solely on the contractor employees who violated this woman's privacy. The next largest share of blame rests on their employers (Pegatron, I gather). Apple will likely need to bolster their internal contractor privacy provisions even further to combat this.

[whm1974]

2 minutes ago, dalekphalm said:

This is about the least helpful reply. As others have said, this is just victim blaming.

Some stuff One shouldn't do on a portable device... Or move such content off said device and store that elsewhere.

[dalekphalm]

58 minutes ago, whm1974 said:

Some stuff One shouldn't do on a portable device... Or move such content off said device and store that elsewhere.

Like what? Her taking nude selfies is a non-problem. There's literally nothing wrong with a consenting adult taking nude pictures of themselves, and sending those images to another consenting adult (or just keeping them).

 

It's no different from her banking app on her phone. Both are private. She wouldn't want either to be released to the public. But having a banking app on your phone is incredibly useful and practical in modern society.

 

There were already rules against what happened. The people in question broke those rules anyway. We should punish those responsible and work to prevent or minimize such reoccurrences. Not punish or try and shame the victim.

[whm1974]

1 minute ago, dalekphalm said:

Like what? Her taking nude selfies is a non-problem. There's literally nothing wrong with a consenting adult taking nude pictures of themselves, and sending those images to another consenting adult (or just keeping them).

 

It's no different from her banking app on her phone. Both are private. She wouldn't want either to be released to the public. But having a banking app on your phone is incredibly useful and practical in modern society.

 

There were already rules against what happened. The people in question broke those rules anyway. We should punish those responsible and work to prevent or minimize such reoccurrences. Not punish or try and shame the victim.

I have nothing against a Woman taking nude pics of themselves at all. And yes we should punish those responsible.

[dalekphalm]

19 minutes ago, whm1974 said:

I have nothing against a Woman taking nude pics of themselves at all. And yes we should punish those responsible.

We are in agreement about that.

 

Basically there should be no problem with her storing nudes on her phone. The fact that someone in a trusted position abused access to her device and posted them onto her own Facebook is the problem. It could have been anything. A scan of a receipt for medicine she hasn't disclosed publicly. A letter she wrote herself that was never meant for public consumption, etc.

[SolarNova]

18 hours ago, CerealExperimentsLain said:

Ah, there's the idea!  Just have no sensitive information on your phone.  No shopping apps, no banking apps, no apps for personal communication such as SMS, instant messaging, email, never store photos on the phone... If you do any of that for your phone, it's your own fault that officially licensed  apple techs could potentially access your information.

 

...Wait why are we owning smart phones again then?  This is about as reasonable as 'If you don't want to get robbed, just don't have money'.  And, I'd like to point out that your bank staff really could just steal all of your money. They have access to all your back account info and the systems that operate them. ...It's just that, ya know, they'd go to prison for it.

There is a difference though.

 

Currency of some form has always been needed for trade. So that "if u dont want to be robbed, just dont have money" example is terrible.

In addition,, the 'mobile phone' of today is 'new' in the grand scheme of things, it wasnt needed in the 90's for example, and it isnt 'needed' today.

 

Anecdotally, i have a 'Mobile', i use use it as a 'phone' and for 'texting' , thats it, both of which never include sensitive info.

If i want to phone my bank up, i do it from my home phone, if i want to do online banking ,or purchasing anything online, i use my secure PC, and if i need to send sensitive info electronically i use encrypted email. All things that were done before mobiles became what they are today.

 

Modern 'mobiles' are a convenience, not a necessity, and for that convenience u sacrifice security, when u sacrifice security u sacrifice privacy.  A problem is that certain people dont realize this, so they dont think twice about leaving sensitive 'stuff' on their phones. Phones can be lost, can be left unlocked, can be cracked, can be disassembled to get to raw data etc. Conversely if u want digital data to be secure, u can leave it on a secure PC in your secure home, its as secure, nay more so, as physical photo's and documents.

 

Now is this an excuse to say "well she deserved it its her fault" no ofc not. But having such sensitive 'stuff' on a mobile is a contributing factor and shouldnt be dismissed to so lightly.

[CerealExperimentsLain]

8 minutes ago, SolarNova said:

Conversely if u want digital data to be secure, u can leave it on a secure PC in your secure home, its as secure, nay more so, as physical photo's and documents.

Unless... The computer breaks and one has to send it to a computer shop to repair...  Exactly like the subject of this story did with their computer...

 

Or are we now going to move the bar to 'Everyone should be able to repair their own electronics'?

[SolarNova]

11 minutes ago, CerealExperimentsLain said:

Unless... The computer breaks and one has to send it to a computer shop to repair...  Exactly like the subject of this story did with their computer...

 

Or are we now going to move the bar to 'Everyone should be able to repair their own electronics'?

While i agree with ur overall point (it 'can' happen  to a PC aswell), there is a distinct difference between repairing electronics, and maintaining a PC, and certainly between a Mobile and PC.

Electronics repair is ..electronics repair ..board level. A specialist skill.

Mobile repair unfortunately falls into this category due to ..well we all know about 'right to repair' vs mobile companies.

 

PC's on the other hand are made to be modular and maintainable by the user. Sure a motherboard could fail, which could be repaired on the board level, but realistically u'd just by a new one and replace it. Obviously not every one can do that, but a lot more can vs repairing a mobile. Most people will know at least 1 person who can swap out a component or do basic troubleshooting on a PC. and should it be necessary can be done at home in front of the owner.

 

So the 2 situations are;

ur phone stops working, ur only option is u send it away for repair and trust those involved not to do whats happened here.

the other, your PC stops working, its a PC not a mobile, u ask a friend for help and the PC gets fixed at home, in front of u...or hire a PC tech to repair in home ..or send it away.

 

Sure, the owner could send it away for repair like the mobile, but unlike the mobile they at least have the choice to a)repair it themselves, b) get a friend to help/home technician, or c) send it away.

 

One is inherently more susceptible to situations involved here than the other. Thus one is less secure than the other. That was the point i was making in the part u quoted.

[whm1974]

20 minutes ago, CerealExperimentsLain said:

Unless... The computer breaks and one has to send it to a computer shop to repair...  Exactly like the subject of this story did with their computer...

 

Or are we now going to move the bar to 'Everyone should be able to repair their own electronics'?

The Owner of said PC should be able to do Basic Checks. Those who Build PCs do have a leg up over those that buy Prebuilts.

[Master Disaster]

37 minutes ago, SolarNova said:

Now is this an excuse to say "well she deserved it its her fault" no ofc not. But having such sensitive 'stuff' on a mobile is a contributing factor and shouldnt be dismissed to so lightly.

It shouldn't need to be dismissed at all since she literally did nothing wrong. Its not a crime to take nudes of yourself, store them or send them to another consenting adult.

 

Having a car is just a convenience and not essential to survival, doesn't give others the right to break into it and steal your stuff and by your logic anybody who has ever had anything stolen from them that's not essential to living is partly to blame for having such an item in the first place.

 

That entire logic tree is fundamentally flawed.

[Master Disaster]

10 minutes ago, SolarNova said:

While i agree with ur overall point (it 'can' happen  to a PC aswell), there is a distinct difference between repairing electronics, and maintaining a PC, and certainly between a Mobile and PC.

Electronics repair is ..electronics repair ..board level. A specialist skill.

Mobile repair unfortunately falls into this category due to ..well we all know about 'right to repair' vs mobile companies.

 

PC's on the other hand are made to be modular and maintainable by the user. Sure a motherboard could fail, which could be repaired on the board level, but realistically u'd just by a new one and replace it. Obviously not every one can do that, but a lot more can vs repairing a mobile. Most people will know at least 1 person who can swap out a component or do basic troubleshooting on a PC. and should it be necessary can be done at home in front of the owner.

 

So the 2 situations are;

ur phone stops working, ur only option is u send it away for repair and trust those involved not to do whats happened here.

the other, your PC stops working, its a PC not a mobile, u ask a friend for help and the PC gets fixed at home, in front of u...or hire a PC tech to repair in home ..or send it away.

 

Sure, the owner could send it away for repair like the mobile, but unlike the mobile they at least have the choice to a)repair it themselves, b) get a friend to help/home technician, or c) send it away.

 

One is inherently more susceptible to situations involved here than the other. Thus one is less secure than the other. That was the point i was making in the part u quoted.

The problem is your assumption that everyone has the same knowledge and understanding of a PC as you do which is incorrect, otherwise PC repair shops would have no reason to exist at all.

[SolarNova]

2 hours ago, Master Disaster said:

It shouldn't need to be dismissed at all since she literally did nothing wrong. Its not a crime to take nudes of yourself, store them or send them to another consenting adult.

 

Having a car is just a convenience and not essential to survival, doesn't give others the right to break into it and steal your stuff and by your logic anybody who has ever had anything stolen from them that's not essential to living is partly to blame for having such an item in the first place.

 

That entire logic tree is fundamentally flawed.

It is indeed, if i were arguing the point ur making. I wasnt. I didnt say she shouldn't have a mobile ,or that its ok for people to steal personal data, or that taking nudes is a crime etc. I was pointing out that that it isnt smart to leave sensitive data on a mobile. You CAN do it.. its ur choice ..its not smart if u care at all about security and privacy however.

Pointing that out isnt victim blaming, its pointing out that if she hadnt had left such private stuff on an device prone to such failures and repair requirements, the situation could have been avoided. The situation isnt her fault, but it could have been avoided.

2 hours ago, Master Disaster said:

The problem is your assumption that everyone has the same knowledge and understanding of a PC as you do which is incorrect, otherwise PC repair shops would have no reason to exist at all.

I specifically made a point to avoid such comments ..see below.

2 hours ago, SolarNova said:

Most people will know at least 1 person who can swap out a component or do basic troubleshooting on a PC. and should it be necessary can be done at home in front of the owner.

 

2 hours ago, SolarNova said:

or hire a PC tech to repair in home

 

2 hours ago, SolarNova said:

b) get a friend to help/home technician

 

[CerealExperimentsLain]

1 hour ago, Master Disaster said:

The problem is your assumption that everyone has the same knowledge and understanding of a PC as you do which is incorrect, otherwise PC repair shops would have no reason to exist at all.

Every time I see someone say 'Well, anyone can fix a computer if they just want to learn and google a few things.' I think that while I make my own scratch pizza every Friday Night but if I suggested that people who order their own pizza are 'clearly too stupid to make some bread and put toppings on it, the ancient Egyptians could make bread, why can't you do that?  What's wrong with you???????  I guess you just like setting your money on fire and giving it to Big Pizza!' I'd be the asshole...

 

...Weird, right?  Geez, it's almost like... Not everyone in the world has the same skillsets and time to invest in those skillsets so they instead use money to simply pay someone else to use their skillsets to do it for them...

[Pixian]

On 6/7/2021 at 5:26 PM, SorryClaire said:

Arent they technically still criminally liable for data breach?

Yes, I believe that also breaches some privacy laws.

[Master Disaster]

2 hours ago, SolarNova said:

It is indeed, if i were arguing the point ur making. I wasnt. I didnt say she shouldn't have a mobile ,or that its ok for people to steal personal data, or that taking nudes is a crime etc. I was pointing out that that it isnt smart to leave sensitive data on a mobile. You CAN do it.. its ur choice ..its not smart if u care at all about security and privacy however.

Pointing that out isnt victim blaming, its pointing out that if she hadnt had left such private stuff on an device prone to such failures and repair requirements, the situation could have been avoided. The situation isnt her fault, but it could have been avoided.

Fair enough, you do have a valid point but there is a reasonable expectation from a customer that an Apple employee isn't going to post her private info on the internet and that must be a valid opinion since, you know, doing that is illegal pretty much everywhere on Earth.

2 hours ago, SolarNova said:

I specifically made a point to avoid such comments ..see below.

For the vast majority of people this isn't an option and in the Apple ecosystem its almost always not an option. People who know nothing about PCs tend to buy from OEMs, OEM PCs tend to come with a warranty and stickers that must be broken to access the internals alongside giant warnings about losing their warranty if they open the device up inside the warranty period. In the case of OEM systems they MIGHT offer basic over the phone support but in most cases the policy is "send it back, we will fix it and wipe it in the process, no backup option available", in the case of Dell they usually end the conversation by trying to sell you a warranty extension on your extended warranty that you already paid for.

 

Apple straight up refuse to look at anything that has been opened by the user and go out of their way to make the device unrepairable, even by themselves.

 

Prey do tell how 89 year old Granny Smith gets her pics off the soldered SSD on her Macbook Air before sending it back to Apple to be repaired?

[HenrySalayne]

6 hours ago, dalekphalm said:

the vast majority of blame lies solely on the contractor employees who violated this woman's privacy.

Yes, but they could only do it because the environment allowed it.

Why is it possible to connect costumer devices to local computers or the internet?

Apple most likely knows if someone is using encryption on their phone because an Apple ID is a requirement. There could be a flag requiring special processing of these devices.

Why is there no four eyes principle with an equal representation of women and men?

 

If you hand out costumer devices freely to every employee and they can do whatever they like with it, this was guaranteed to happen sooner or later.

 

 

[dalekphalm]

13 minutes ago, HenrySalayne said:

Yes, but they could only do it because the environment allowed it.

Of course. The question is, is that environment required to do the necessary work? Douchebag people who will break rules work for basically every company.

13 minutes ago, HenrySalayne said:

Why is it possible to connect costumer devices to local computers or the internet?

That would highly depend on the nature of the repair. Some repairs may require the internet.

13 minutes ago, HenrySalayne said:

Apple most likely knows if someone is using encryption on their phone because an Apple ID is a requirement. There could be a flag requiring special processing of these devices.

Perhaps so. As I said, Apple may well introduce additional measures to combat this.

13 minutes ago, HenrySalayne said:

Why is there no four eyes principle with an equal representation of women and men?

...What? What does this have to do with literally anything? Both men and women are capable of committing crimes, stealing personal private data, etc.

13 minutes ago, HenrySalayne said:

If you hand out costumer devices freely to every employee and they can do whatever they like with it, this was guaranteed to happen sooner or later.

Sure but I don't think that's what happened. As far as I can tell, the people who stole the data were the ones working on the repair.

 

The vast majority of Apple employees would have had zero access to this device. Hell even the vast majority of Pegatron employees likely did not have access to the device.

[SolarNova]

50 minutes ago, Master Disaster said:

For the vast majority of people this isn't an option and in the Apple ecosystem its almost always not an option. People who know nothing about PCs tend to buy from OEMs, OEM PCs tend to come with a warranty and stickers that must be broken to access the internals alongside giant warnings about losing their warranty if they open the device up inside the warranty period. In the case of OEM systems they MIGHT offer basic over the phone support but in most cases the policy is "send it back, we will fix it and wipe it in the process, no backup option available", in the case of Dell they usually end the conversation by trying to sell you a warranty extension on your extended warranty that you already paid for.

 

Apple straight up refuse to look at anything that has been opened by the user and go out of their way to make the device unrepairable, even by themselves.

 

Prey do tell how 89 year old Granny Smith gets her pics off the soldered SSD on her Macbook Air before sending it back to Apple to be repaired?

Totally agree here.

 

Just like 'mobiles', Apple laptops, and most laptops in general, cannot be fixed at home when 'hardware' fails and need to be sent away.

 

However, i did specifically say 'PC', and pritty much all PC's , even those terrible OEM Dell ones, can be maintained at home (to some extent) so long as you know som1 who has an understanding of PC maintenance, which in the case of '89 year old Granny Smith', would likely be 'Grandson/Great Grandson Tom'.

 

Again just to keep on point, my point with this line of discussion is that a Mobile is inherently less secure due to its very nature vs that of a PC.

 

Anyhow, lets not get to far off topic

[orbitalbuzzsaw]

Why is this not in news