It was deleted. Here is the OG Text:
"Ok so this just happened. Buckle up.
About a month ago my wife broke her pixel phone. It couldn't be turned on so we couldn't wipe it.
We contact Google and used the device care to get an RMA.
Today someone posted nude pictures of my wife and I to her social media accounts. They accessed her Google account and tried to lock us out. They used her PayPal to send someone $5 (a test probably).
How could this happen? Well Facebook and Instagram show logins from Texas. The old phone still showed on our find my phone app and it was in Texas. Guess where we sent the phone for RMA? The last ping from the old phone (which was today) was the same as the place we shipped it. The exact location down to the very building. Clearly they fixed the old phone and since it wasn't wiped, was still logged into her Google account.
I called Google and they basically said "woah that's fucked up we'll get back to you". We filed a police report but I don't expect they will do anything.
What are my options here for sueing Google? I know that sounds insane but this breach of trust and privacy is egregious. Hundreds of people have now seen my penis including our friends kids. It's really fucked up.
Any advice on what to do here?"
my big question is whether this phone is password enabled. also this stinks because i know the first comment is "well do a factory reset" but if the phone doesn't turn on, etc. then i don't believe that is possible (short of possibly ADP which is out of the reach of 99% of people)
I had an issue with my pixel and had to send it in. The phone got ran over by a car and was smashed. It could be turned on but I could not do a factory reset. I have financial and other private information on it. So the first thing I did was try to keep it on for days until the battery ran out to see if the hardware encryption would help secure the data. After that I still wasn't sure if the information was secure enough so I took a drill through it to destroy as many of the ICs that I could. My wife then pointed out that maybe this self destruction that I did would violate some terms and void the insurance even though the phone was useless after being run over by the car. So, in the end, I decided to just buy a new phone without doing a trade in or insurance claim. The $500 or so was worth not risking PI.
remember in many part of world $150 is like 1 month income. People might have privilege to destroy phone but 90% of people are simply going to repair it.
I hate posting "this" comments. But THIS so much THIS... Google has literally no support. Not even for their physical hardware. Never buy anything from them...
> If the phone doesn't turn on you can still queue up a wipe from Find My Device which would've prevented this.
That's assuming that a competent technician couldn't disable that feature. For example, it's hard to ensure that some software issue (eg: software/hardware interaction) has been resolved if you just wipe the device!
Huh? If it's not official software then it's not Google's problem and they don't care. If it is official software then it would still be there post-wipe and therefore it wouldn't be difficult at all to ensure that the issue has been resolved. Of course, that's all moot because wiping the device wouldn't be a step to take in the case of a driver (or other software) issue anyway.
> my big question is whether this phone is password enabled
I read all the comments before it was deleted. In one of the replies the OP stated the phone had a smashed screen and would not turn on*, but had no screen lock/password
*his words not mine, it is unclear if he knew the distinction between zero display output and not turning on
I hope they're smart enough to sue google for a several million dollars. I bet they could have their choice of quality lawyers to do this case for that 33% cut.
I've worked in these contract cellphone repair/refurbishment facilities many years ago, the big warehouses where telecoms and manufacturers send these warranty phones to be triaged and repaired, and let me tell you, something like this is not surprising at all. Most of the people there did good work, but all it takes is one. Personally I'd never send my phone in to repair, and I'm skittish about buying any refurbished phones.
Years ago I had some friends who worked in a local photo shop, and once I stopped by and they showed me around. This was in the days when 99% of the population developed film and made prints by dropping off the little canisters at such shops with an order form. It usually took a few days to get them back.
Everyone made assumptions that the process for developing photos was anonymous and private - you dropped off a canister, and picked up photos and negatives in a clean, sealed envelope a few days later.
How wrong we were.
The process was semi-automated using these gargantuan machines in a back room, but the staff usually looked at each frame as went through the process. They made extra copies of spicy ones which went straight into a special binder kept on a nearby shelf. This shop had two or three of these binders.
Some years later I was in another country and photographed violent demonstrations right outside the hostel where I was staying. When I went to pick up the photos, the staff made it clear that they had seen the images. They were supportive (they wanted to get the word out internationally) but what if copies had been sent to the local intelligence services instead?
Nowadays the tech is different, but when there are no barriers to viewing private information, we see similar types of behavior.
I didn't see the movie, but I recall the ads. The experiences I described were >10 years prior to 2002, so there was zero references for me to understand what was going on until my friends pulled back the curtain.
And it was an utter shock. Not only the fact that the photo shop employees had a window into our private lives and were saving copies for future reference, but what other people's private lives were like. "Spicy" ran the gamut from wife nudes to borderline Blue Velvet.
It was one of those 10-minute experiences that totally shifts one's understanding of the world.
I believe there child endangerment and copyright laws in place in the US that permit lab technicians to review film and turn over images to law enforcement or deny services for copyrighted material.
Keeping a spank bank isn't permitted but you should never assume your film will be private if it's being processed by a lab.
I had to buy dozens of old phones on eBay once for testing a new SMS product and I can tell you that most of the phones were not wiped and lots had naughty photos and videos still on them :|
I bought 2 "refurbished" Google Assistant smart speakers from Ebay over the last year or so. Bought of them came still logged in to their prior owner's Google accounts. All that was necessary on the part of the refurbishers was to spend a few seconds doing a factory reset (which was the first thing I did at my end), but even that was too much to ask, apparently.
I had a friend who worked in a place like this and he admitted that they regularly went through people's albums specifically to look for nudes/videos. Especially if it seemed to belong to a young woman. It was routine - to the point that looking for nudes became boring.
I read a history of the NSA recently [0], and what struck me is that every time the NSA's code-breaking techniques were invalidated, this was due to a US agent leaking secrets to adversaries. If the NSA cannot address every insider threat, why do we expect tech companies to be hermetically sealed?
NSA agents have to know some secrets, or they can't do their job. Repair techs at Google/Apple/etc do not need to know any secrets in order to do their job.
> Repair techs at Google/Apple/etc do not need to know any secrets in order to do their job.
Certainly not state secrets. But they do need to know trade secrets. For example: exact (official) replacement products, procedures, and documentation steps in order to ensure the device doesn't show up as "this is fraudulent or pirated or hacked or modified or whatever the fuck the copyright overlords demand can't be done".
Last time I sent a phone into repair, I wiped and reset it, presumably so that techs could test it properly (broken screen and digitizer). I wish I didn’t have to; but when you’re logged into everything, your bank is there too, and your phone is the second factor in a lot of things, damn it’s too much of a risk.
I wish phones could boot into some kind of field tech/diagnostics mode where all aspects of hardware could be tested as thoroughly as needed. Maybe there exists one and I’m just ignorant?
I’ve taken my iPhone to a couple of repair shops. They always ask for the pin code and I always refuse and say it’s a work phone. Very much hoping the secure enclave works and my data has not left the phone.
After reading far too many similar stories to this one, I've always made a fresh backup and completely wiped my phone before walking into the store. Any testing they need to do can be done on a factory default installation, and restoring from backup is relatively painless these days.
The official repair shops that Apple Repair will guide you to should never ask for the pin, afaik. There is that mode for diagnostics which you need to approve, but you don't need to provide the pin - just unlock the phone and press approve button yourself.
Even when I took my phone into a third party repair place for a new screen they required me to give them my passcode and disable Find My Phone. Seemed super unnecessary.
I used to work as a certified apple tech. Turning off find my iPhone is standard procedure for every repair. But techs are never supposed to ask for your passcode. Most diagnostics can be performed outside the OS, and those that can't are supposed to be performed in front of the client.
Even the Apple store does this when you take your phone for repair. I only did it once and they did a crap job anyways (screen replacement, and they got dust in the camera lens area somehow).
> About a month ago my wife broke her pixel phone. It couldn't be turned on so we couldn't wipe it.
That says it all. You can't expect them to try 24/7 until they get a confirmation. In addition, I doubt that they would have included the SIM card in the RMA, which means that the device would not be online through mobile, and there's no reason for the repair shop to connect the device to the WiFi as the first step, so that any erase-request can come through.
You either trust the RMA process or you burn your phone.
That's fine. Just put in one request to wipe it, and if/when the device comes online, it'll get wiped. If it doesn't come online, then the attacker is sophisticated enough to predict that, and used something else (USB) to pull files off the phone.
But since the old phone was still on OP's "Find My Phone" account, and was successfully pinging the service, clearly it had been connected to WiFi, so a queued remote wipe should have worked.
Sure, this won't catch all cases, but if you are unable to factory-reset a broken phone before sending it in, it would be useful to instruct the customer to queue a wipe online instead. Not perfect, but better than nothing.
I can't imagine it would. It isn't a contract, just a best practices guide. Apple and Google are still ultimately responsible for what their employees do on the job.
This should be a reminder to the rest of us that IT and technicians are humans with human vices, and a large fraction of them will look at anything they can find. For every nude that gets posted online a thousand are added to personal collections. Unless they have someone looking over their shoulder or are in a hurry, they will scroll your photos for anything juicy.
Modern Android actually does support disk encryption. And the Pixels even have TPMs that should (?) safeguard the key, preventing offline brute forcing the unlock pattern. I wonder what happened here that this did not work...
Someone else here mentioned that the the reddit comments (now deleted) said that the phone had no passcode on it, so anyone would be able to unlock it.
Ah, that's it then. I figured they would likely have a passcode, since the "someone steals my phone on public transport" threat vector is a pretty obvious one even for non-tech users. Unfortunately the thread got nuked before I got to read it more...
This week I was in a chat with the REAL support of a crypto currency.
Unable to help me with my problem at first (we eventually figured it out), they felt they hit a dead end and said: "ok, just send us your wallet.dat, we'll fix it".
I know those guy were the real deal. I knew they would not try to steal the money I had on this wallet, because it was so little it was not even worth the time.
Yet, the fact they asked that proves how much support can badly educate their users.
Of course, I didn't send my wallet, and found another solution since I'm tech saavy. But still...
I once got my screen replaced at one of the phone fix-it places. It's a decent sized chain, not just some rando. On the form you fill out during drop-off it asks you for your unlock code.
none since they can wipe the phone without a passcode. This is true for both iphone and android phones. I'm not familiar with off-brand OS phones though.
Would windows Bitlocker work too? My issue is that Veracrypt requires you to mount a drive, while Bitlocke provides protection over the whole drive (barring your adversaries being Microsoft and/or the NSA).
I just tried Bitlocker for the first time a few days ago. I enabled it, and next time I booted it up, it never asked for my password. It turns out it only protects the drive if it's removed from the computer.
I used to work at a att store. This is common. One particular incident involved a ring of workers at multiple stores who had a shared Dropbox they would upload anything they found to. Any time you hand your phone over to underpaid 20 year old guys you should be erasing everything sensitive
How do you disable your old phones especially those those that do not work (due to shattered screen mostly) before giving them up for recycling or buyback?
I am always worried someone will fix and misuse my old phone.
For the buyback program that you can use when you buy a pixel, Google requires that you factory reset the phone before sending it in, and threatens to not give you any money if you don't. Presumably to avoid exactly this (especially since it seems like it goes direct to a third party, that Google probably doesn't trust all that much).
Keep PIN protection enabled - the storage on modern phones is encrypted by default and it's usually not possible to recover data without having the original PIN (unless you set it to something obvious like 0000).
Both iPhones and Android will HEAVILY complain in your setup process if you refuse to secure them with a PIN or a password.
- keep it but mind the battery as it can expand over time
- fix it to the point where you can access then properly wipe the storage with given options on the OS
- if you're ultra paranoid, find software that'll write over the storage, like Dban (i don't have any in mind right now) but if you're already here you might as well destroy the storage physically (see below)
- look into tear down instructions and find where the storage is. Remove and destroy the storage.
There are different modes to boot up the device using power+volume up/down combinations.
Once in fastboot mode, you can connect to pc or another android device to boot to recovery and factory reset/wipe data. It won't be any three letter agency safe, but most data should be lost for any common tech person.
It might not be possible to wipe the data off the flash memory, due to how flash memory works. As you can only reset bits on the flash memory some amount of times, flash memory controllers try to avoid resetting bits and they try to distribute resets evenly on the memory (called wear leveling), so that it doesn't happen that parts of the memory are already worn out while other parts are healthy. So "deleting" and even "zeroing" flash memory might not do what you would expect. Instead of resetting the bits of the original content, it might put the zeros somewhere completely different.
And wipe commands that one can send to flash memory chips are sometimes broken too (they might be implemented as no-ops).
Edit: Also, even if you tell it to write zeros everywhere, it might not delete the content, because there is hidden extra memory on flash memory chips.
That may be true if you assume the threat is a state actor or TLA. That's not the case here. A USB based method for resetting a device would be perfectly acceptable to use before sending in a device for repair.
If you're worried about a state removing the flash chips to recover data from dead/used cells, you don't send your phone in for repair. You secure the data with a drill before disposing of it. That clearly wasn't the owner's concern. They wanted a method for securing the device, but couldn't due to the screen. This is in no way the owner's fault. I can't say I blame them wanting to have a working phone and not a very expensive paper weight.
A better method for securely erasing data from a phone before service is in everyone's best interests. The customer's data isn't at risk, the manufacturer has significantly reduced liability, and the vendor doing the work doesn't have to worry about employees doing something stupid like this and risking their contract with Google. You really just have to make the process of getting the data off the phone slightly more difficult to avoid casual theft (infringement? -- I don't know the right word here).
> A USB based method for resetting a device would be perfectly acceptable to use before sending in a device for repair.
I think that is true, but with one caveat, you should test if the resetting actually worked.
I once had an Android phone with "full encryption" enabled that, after resetting, still had all the user data on it. It was obviously not only not reset, it wasn't even encrypted in the first place.
I am sure a lot of mobile phones have problems like that, because I think that smartphone manufacturers don't care about quality too much, as long the issues are not immediately apparent to an average user.
But if you can't recover the data afterwards yourself, I would agree that you can normally send it to recycling or repair.
Thank you. My comments might sound very strict and total. But of course everyone has different threats that they care about, and repair shops are probably not too sophisticated.
This is FUD. Flash is fundamentally easier to wipe than hard disk drives. You’re just using a defective mental model for the process. While magnetic recording needs to be overwritten, flash memory does not. Flash has a dedicated erase command. Flash can only be written if it was erased. You can erase an entire flash device in a split second.
I guess it is true that you can erase an entire flash device in a split second.
But that doesn't help you if the erase command was not implemented correctly.
And I am sure that you cannot implement an erase command from within the operating system. It has to be implemented in the flash memory controller. So if your hardware manufacturer got it wrong, you can't fix it.
"Our results lead to three conclusions: First, built-in commands are effective, but manufacturers sometimes implement them incorrectly. [...]
We tested ATA commands for sanitizing an entire SSD, [...]. We find that while most implementations of the ATA commands are correct, others contain serious bugs that can, in some cases, result in all the data remaining intact on the drive."
No matter what protocol they are using to communicate, it is quite conceivable that the erase commands are not properly implemented. In fact, as the comment you're replying to pointed out, there have been many devices found historically which do not properly implement erase commands. Since you can't(*) bypass the flash controller and see what's actually in the flash, there is no way to verify whether or not the data has in fact been deleted.
Just encrypt your device. It's so damn simple.
(* Yes of course you can desolder the memory or hook up to it directly and bypass the flash controller that way, like the authors of the paper in GP, but that's far beyond the capabilities of even the average HNian)
No, I don't know how they communicate exactly. However, I imagine between the processor and flash memory proper there sits a flash memory controller (provided by the flash memory manufacturer) that speaks some protocol akin to ATA. That way manufacturers would be able to replace flash memory A by flash memory B with relative ease, because the abstraction of the protocol allows them to ignore how that specific flash memory is implemented exactly.
Is that wrong? Does the OS on smartphones generally have direct access to the flash memory proper?
Edit: I remembered another protocol that I would guess is used in smartphones for communication with the flash memory, namely UFS (which is also utilized with SD cards).
Edit 2: Note that it is irrelevant whether the protocol used is ATA, UFS, or something different.
If you don't plan to repair them, wouldn't it make more sense to fully destroy them and dispose of them? I feel like you'd get quite a bit a junk hanging around after a while.
a recent security research paper about android systems calling home stated that there are vendors whose factory reset in fact does not remove all user data from the phone.
In 2 of 2 of cases where I've used krazy-glue to try to fix something in an electronic gadget, the stuff wicked into a connector and ruined the device. So I dare say, if the phone isn't the waterproof type, just dribble some of that stuff in there e.g. through the SIM drawer slot and bye bye.
I usually terminate truly obsolete gadgets that could still contain recoverable login information etc. by physically destroying the motherboard, e.g. by drilling into it or prying off the flash chip. But for non-removable battery types that's iffy; what if you short out the battery and cause it to catch fire? I've just recently found a usable charge a 2012 vintage LiPo battery that came with a robot kit that hadn't been built in all those years.
These are the steps I take to repair my phone when it doesn't boot.
1. Remove phone case.
2. Desolder eMMC chip after looking it up which one it is online.
3. Put eMMC in old coffee grinder, grind away.
4. Buy new phone.
Flagged because the original post and its details were deleted. There's just a pointless conversation about whether you should contact a lawyer, which is literally the only thing this person should have done.
I understand your take, but I would rather see the HN community's take on it rather than Reddit's. There are Google and Apple insiders, actual lawyers, repair techs, and more here. Even tangential threads can be interesting.
We need to educate people on how to secure the data on their phones so that even the manufacturer cannot reach it. And if that is not possible for a particular device, that should be clearly understood so people can make an informed choice about what smartphone they use.
Can't just tell people 'do not put nudes on your phone' because while it's good advice, it misses the point.
And, of course, whoever does something like this should be strung up by their toenails in the public square.
The bizarre thing is that this is already HEAVILY done - both Android and iOS will give you multiple warnings if you fail to setup a screen lock (+ biometrics). Once those locks are in place, it's not really possible to access the data on device without knowing the PIN/Password, even when repairing.
Haven't they fought Apple on that in the past? AFAIK they still have to rely on exploits to get past the pin code. If that's not true I'd like to know.
Evil has always existed and will always exist. There is nothing we can do to get rid of all evil.
We do punish the evil behavior. And yet this still allegedly occurred. So perhaps the solution is making sure the evil behavior isn't possible in the first place? Just maybe?
> About a month ago my wife broke her pixel phone. It couldn't be turned on so
> we couldn't wipe it. We contact Google and used the device care to get an RMA.
Sometimes letting the battery drain completely will clear a hung phone (which is like the old "take the battery out for 5 minutes, then try it again" trick). Or the service center knew the magic buttons to press to get it to boot. Or the battery was bad. Or one of a million other reasons that a phone can fail in a way that makes it appear dead, but a service tech knows how to get it running.
That's what I think. Either no lock method, they're lying, or there's an unknown exploit or backdoor. Either way I'd be interested to know the outcome of this. As a Pixel user it's concerning.
That's the sort of confidence I get from the DMV, they require you to pay by check beacuse the person issuing IDs with all our personal information can't be trusted with nine dollars in cash.
My impression from the (now deleted) text is that the phone wasn't booting or in a state where it could be factory reset, at least not without considerable effort.
It is possible the victim made some bad choices. It does not make it fair for Google employees/contractors/whatever to violate their privacy and access their personal information, then post it online.
If the phone does not turn on,
I guess I could "wipe" it by opening it up and drilling through every chip I can find. Google would have harder time repairing it then but that's their problem ;-)
Bit of a shame that this will go viral and we’ll never know if Google would have properly handled this on their own. I’d like to think yes but it’s tough to believe the crook’s first attempt at this was also the first time they were caught.
That said, I’m wondering if Google didn’t farm out their repair work to a 3rd party, leading to this situation.
> That said, I’m wondering if Google didn’t farm out their repair work to a 3rd party, leading to this situation.
They almost certainly did, since a large portion of Google's offices are staffed by contractors as well. There is no way they're paying Google salaries and benefits to the guys handling RMA phones.
And that's part of the problem. You send the phone to Google, a company you (very mistakenly) trust, and they immediately hand it over to a lowest bidder shady shop. These services should definitely be letting you know your phone is actually going to AAABob's Phone Repair Shop, and not some magical Google factory center.
The link offers no proof, but that's somewhat understandable (I wouldn't want to dox myself either after such an event). If the claim is true, I hope they find an appropriate way of broadcasting it with credibility.
I'm sick of people, so I'm not going to read the inevitable comments that are going to come. Look, face it, some people like taking nude photos of themselves and they like sharing them with their partners. There is absolutely nothing wrong with this. It's not their fault if something like this happens. People should be able to feel secure in the tech that they use, in the companies that they entrust their information with. It's a fuckload of bullshit victim blaming and I see it every time the topic comes up. I'm sick of it.
Amazing how most of the replies of your comment and the other comments too are still victim blaming, not for taking or sharing the nudes but for being so naive to send a phone unwiped. There's no excuse for violating and exposing someone's private life like this, being tech unsavvy (or you know, not being able to wipe a dead phone) is absolutely not an excuse to shift the blame to the victim. We get it you're good, you're smart, you wouldn't have done such a stupid mistake... congrats, but honestly, who cares.
What's really amazing is how the reddit post says very clearly that they were unable to wipe it bc it was broken. The post was deleted but someone posted the text in a comment here.
I had an old phone that failed, I couldn't wipe it, so I pried it open, yanked the battery, and went after it with a hammer.
I have done the same with old or failed hard drives for decades.
The difference being, I didn't want these devices back. I never intended to use them again. This person obviously wanted an unbootable phone fixed, and the repair drones 'had fun with it'. Someone (Google) is going to have to pay damages, and also chase down and take down copies of those photos forever. What a mess.
I had a friend that worked at an independent film/photo processor back in the early 1970s. The walls in the process area were papered with printed nudes. Floor to ceiling. Of course, in the pre-digital era, those elicit copies never saw wide distribution, but they were there.
This feels like a limitation of our ability to have constructive conversations online.
Someone can be less than perfect and that can cause them to be victimized.
We should be able to talk about both aspects of this story, perhaps independently.
Some people want to discuss how the offender should be punished, and other people want to discuss how we can behave to prevent being victimized ourselves.
I don't think it's valid to argue that people discussing how to prevent victimization, are somehow "victim blaming".
There's nothing tonedeaf about exploring how the situation can be avoided in the future.
Obviously, the phone being borked is relevant, but in that case we need to ask what preemptive measures can be taken on a phone that isn't yet borked. It may be that the only answer right now is "don't keep nudes on your phone" then that's unfortunate and should be addressed.
There's a subset of people who get angry at any implication that people have agency they can use to make decisions to make their life less risky in these sorts of contexts. Fine, whatever, they're entitled to their world view.
What boggles the mind is the overlap this group appears to more or less be a subset of people who are up in arms anytime someone doesn't take steps to de-risk their life in any other context (like using an older car seat for your kid or not putting GFCI breakers into everything under the sun).
I am not. For you to interpret helpful advice as blame is some serious mental gymnastics. "If you need to send in your phone, you can do X and Y to protect yourself" does not assign blame to anyone.
> Someday you might be hacked. Is it your fault for using technology at all knowing you can be hacked?
Why are you so obsessed about assigning blame? Do you think everyone should ignore security best practices, since its not their fault if they get hacked?
Go ahead and set your HN password to "password", please. It wouldn't be your fault if you got hacked, so why would you care if I knew your password?
To actually answer your question, no. It would not be my fault if I got hacked. But I don't want to get hacked, so I take reasonable steps to avoid being hacked anyway. I am an adult with the responsibility and agency to take care of myself.
> I don't think it's valid to argue that people discussing how to prevent victimization, are somehow "victim blaming".
Weird also, that talking about preventative measures is only considered "victim blaming" when it comes to certain specific topics. If you say it's a good idea to wear a seat belt or helmet in your car or motorcycle, it's not victim blaming. If you say people ought to lock their doors at night, it's not victim blaming. We tell our kids not to get into strangers' cars--not victim blaming. What is it about this topic that always seems to set off the alarms?
I used to really over-share online, and reading stories like these over the years has helped a great deal to educate me about good online OpSec and privacy best practices. I have data sharing/storage habits to this very day that stem from good advice received from others.
> If you say it's a good idea to wear a seat belt or helmet in your car or motorcycle, it's not victim blaming.
(1) the purpose helmet is to protect you from accidents, not malicious actors. When you get hurt in a car accident, it is rarely because a criminal set out to deliberately hurt you.
(2) if you responded to an article about someone specific getting hurt in a car accident with "well they should have been wearing their seat belt", you probably wouldn’t be called out for victim blaming, but you probably would be called an asshole.
Thank you. There's a big difference between "it's your fault you were murdered because you were unarmed" and "carrying a gun would be one potential mitigation for the future", which I think is too often lost in discussions on social media.
I agree, but I also view it as the failure of Silicon Valley or even Tech industry to cater for majority of its users. The Tech unsavvy as you say. Both in terms of features and policy ( As in what is happening here ).
Thanks for posting this. I get why people do the victim-blaming thing; it lets them feel smart and superior, two feelings I have been known to enjoy.
But it's a fundamentally bad way to approach analyzing safety issues. For those who really want to dig in on the topic, I strongly recommend Dekker's "A Field Guide to Understanding 'Human Error'": https://www.amazon.com/gp/product/B00Q8XCSFI/ref=dbs_a_def_r...
It's nominally about examining airplane crashes. But he breaks down into great detail why the default analytical model is entirely inappropriate in ways that makes real safety improvement impossible. And it's the same set of analytical mistakes you see in a lot of blame-related behavior.
This has entered programming language design. It's not longer "educate the programmer so he doesn't make stupid mistakes", but "design the language so that stupid mistakes are detected by the compiler". Mechanical verification is far more reliable than hoping people don't make mistakes.
Yeah, the "you should wipe your phone!" and "you should never keep sensitive data on your device!" chorus seem to be missing the point entirely:
We can design devices and operating systems to be safe by default in the same way we are now designing programming languages to be safe by default. There's no reason why the data should have been recoverable from a bricked phone without the user's authentication.
We really can have our cake and eat it too - we can have devices that you can freely store nudes on without risking that some rando with a USB cord and physical access can just make off with the data, bricked device or otherwise!
The goal in the D programming language is to allow the programmer to do unsafe things (no way to implement malloc() in safe code!), but it is not by default and isn't going to happen by accident. The programmer will have to positively do something.
It's also done in a way that a programming manager can mechanically verify the absence of such code. Exceptions can be flagged for special review. Often there are safe ways of doing the equivalent.
Yep, and I think we should apply the same principles to consumer technology. You should be free to do unsafe things - but it should not be possible to accidentally do unsafe things.
It should be harder to have your photos be unencrypted on device, accessible via any USB connection, than it is to have them to be entirely inaccessible at rest.
I finally made a HN account, after many years of lurking, to show appreciation for wpietri's comment. Sidney Dekker transformed the way I think about techno-human systems and cybersecurity, and so much more than that. I don't know when I was introduced to his work on safety, but it may have been through this site, and it has changed my life and career for the better. I'm incredibly happy every day to see not only thoughtful comments on HN, but also learn about entirely new viewpoints through which I can grasp the day's events.
It's not just about feeling smart and superior, it also helps them feel invulnerable. People victim-blame smokers who get lung cancer because they don't want to think about the chance they might get it too.
You're not wrong, but you're missing how people become smokers. "Approximately 90 percent of all smokers start before age 18; the average age for a new smoker is 13." [1] A momentary error in childhood judgment (to the extent that isn't an oxymoron) quickly becomes an addition. "Inhaled smoke delivers nicotine to the brain within 20 seconds, which makes it very addictive—comparable to opioids, alcohol and cocaine." [2] Once they're hooked, it's very hard to quit [3], so it's often a life-long addiction. And that's before we even get into all tobacco companies have done to hook people.
So even as a life-long nonsmoker who absolutely hates smoking I think there's a lot of unnecessary victim-blaming for smokers.
Yeah this is yet another reason to want phones to have removable storage (micro sd card). So private photos can go onto the card instead of built-in storage, and you can remove the card if you have to send in the phone.
I don't take nudes but I tend to use my phone as an impromptu photocopier for stuff like bills and receipts, so the photos are full of private info such as account numbers. I worry about that sometimes. For photos that have to be treated with real security (typically the screen of recovery codes when enrolling a 2FA token), I use my old dedicated digital camera which has an SD card, no network connection, and never leaves my bedroom.
I feel like removable SD card is a tech person solution but ... kinda doesn't solve it for a lot of folks.
Most folks are just going to take nudes and not strategize much and expect them to remain private as part of the typical photo taking and sharing workflow.
> I feel like removable SD card is a tech person solution but...
As an older person, I find this observation very interesting.
Today, I would consider people in general to be much more technically knowledgeable compared to people 20+ years ago. And yet, 20 years ago, removable storage was quite common, and probably expected of most devices.
Do not confuse the ability to use a phone or laptop with technical knowledge. People know how to use apps, but all the technical stuff is abstracted away.
I'm pretty technical (As is nearly everyone on HN), and I have no idea where my photos are stored on my Android's file system. I have no idea where the APKs are for all my installed apps, or where their saved data sits.
I was surprised the other day that my photos weren't being stored locally on my iphone, but in the cloud. I finally found a setting that turned that "feature" off. Obviously, it had defaulted to "on".
But if _everything_ is always saved on the card, then you don't need the technical knowledge. Removing the card would leave the phone in a "factory clean" condition.
If everything is on the SD card (as in: it won't work w/o the card inserted), then it will have to come with a card pre-installed. In that case, the average user won't even realize there's a removable card. It's turtles all the way down.
The card could come separately from the phone in the same box. Phone boots up off the OS on internal storage, and the intro wizard says "Now insert your SD card, which is where your personal data will be stored." Done.
But if the phone doesn't come with a card pre-installed, people are going to complain that it doesn't work, or that they didn't know they had to purchase a card.
Unless it comes with a card, but the card is not inserted, so the user has to do it before booting up the phone
> Today, I would consider people in general to be much more technically knowledgeable compared to people 20+ years ago
Very few people know how apps actually store files on a mobile device and as people increasingly use phones / tablets instead of PCs their knowledge of PC file systems reduces. So for many people, copying photos from a phone (or cloud backup) to a computer could be quite a challenge.
Sounds like a design issue, no? If Apple implemented it, they'd call the feature "Secure Liferaft" or something equally silly, but I have no doubt in my mind that they could engineer a proper solution for it. Today's users go out of their way to hide files and folders, so why not give them a chance to do so the right way? The technology is there, all you need is a little marketing pizzazz and a 30 second ad spot with Billie Eilish in the background.
The majority of young people I know (in Brazil) doesn't know the concept of "file". So adding/keeping files in SD Cards is a task that requires some explanation.
I'm young-ish, but my general observation has been that my peers forget it was our grandparents and great grandparents that invented computers in the first place.
Admittedly, the technological world is nearly impossible to avoid exposure to these days, where it was entirely optional (or downright prohibitive) to be involved with in the past.
So in general, thank you older people for creating them, I have a lot of fun with them.
> I feel like removable SD card is a tech person solution but ... kinda doesn't solve it for a lot of folks.
What's so tech about removing a physical piece that has data? It's an action pretty much everyone can understand intuitively - "this is where your pictures are, if you remove it they stay yours".
But even I struggled at times to get those pictures then onto a given pc.
I know what a filesystem and a driver is, so I can make it work, if something is missing. A layperson usually cannot.
Partly on purpose, one might say. They are supposed to stay in their walled gardens, where you transfer everything over the approved cloud way and can be thankful, if their data is accepted in another garden.
The technical problem is that you would need files to be encrypted in case the phone gets stolen. Security mechanism like a pin obviously don't help if someone can just pull the card with the interesting data. Still, even the "worst" users are able to understand the concept.
No. We do NOT need fucking removable storage to fix this.
What we need, to fix this, is to enforce felony charges against the kind of fuckers who do this, and put them in prison for 20 years, and stop victim-blaming, and stop the insane medieval attitudes about nudity, and slap every single fucking person who espouses this kind of bullshit upside the head, daily, every single day, until society is finally purged of their bullshit, and we don't need anything. fucking. else.
This isn't a product design issue. It's a punish evil people issue.
In some places, people lose their lives if they do something bad. Yet, people still do bad things. I guess taking someone's life isn't enough of a punishment?
Laws discourage certain behaviours. It doesn't stop them.
Regarding victim blaming, obviously this person isn't to blame, but it seems that even suggestions to be cautious are seen as "victim blaming".
When you tell a kid to look to both sides when crossing the road even if it's green, you're not blaming them for a possible accident. It's just that sometimes people ignore traffic lights. And when you tell someone not to give their pin or send a device with sensitive content for repair, you're not blaming them. You're just telling them to be careful because sometimes stuff like this happens.
I get your anger here, but pure punitive measures won't solve this. This is easy to prove in that it hasn't solved any other sort of crime.
One, the correlation between "do a crime" and "do the time" is quite low. Look at the stats for sexual assault (0.25%), robbery (0.2%), and assault and battery (0.3%): https://www.rainn.org/statistics/criminal-justice-system
Even for murder, the US's clearance rate is only about half.
But even if the correlation were somehow perfect, it still wouldn't eliminate it. People just have a hard time believing in the consequences of actions until they experience them. I couldn't count the number of times I've gone through the "ooh fire pretty" -> " ow fire hot" loop in various ways.
So this is thing where we need defense in depth. We need solutions in criminal law and civil law and provider regulation and product design and user education and culture shifting. Each one of those will be fallible, but each one will bring the rate down. With enough work we can at least make the bad outcomes rare.
We don't punish out of some fantasy that it will "solve" crime. At least I hope we don't. I'm under no such delusions, I promise.
We punish in order to hopefully deter, in at least some cases, though. And sometimes, we punish because it's simply the right thing to do, because people deserve it. This is such a case. They busted into these phones; that was bad enough. Then they searched for the most personal and compromising stuff they could; that's crime #2. Then they posted it! That's three crimes. This sort of brazenness needs to be punished, at least occasionally, to show people and future offenders that we still have at least some semblance of a functioning justice system. That they can't just do whatever the heck they want and laugh about how it might affect people.
You were the one who said, "We do NOT need fucking removable storage to fix this," before going on to glory in punishment. If you now admit that punishment isn't enough, then presumably you now agree that we should do things beyond punishment to fix this.
Nobody said that. I certainly didn't mean or say that.
We do need the right Americans in prison, though. I can easily find tens of thousands of folks who need to be released. These fuckers, though, need to be incarcerated. Otherwise, why do we even have prisons?
How about make it so that the "hidden" photos on a phone require a security code/biometric to access? I've always been shocked that this isn't the case with iOS (don't know Android), it seems so obvious and simple.
It's proprietary but that's exactly what Samsung's "Secure Folder" is. Apps, contacts, files, photos ... That can't be listed or accessed without a secondary auth, protected by knox. I don't know about non samsung android phones.
It's fairly simple to use, and if you sometime give your phone to other people / kids / etc ... It quickly becomes absolutely necessary.
Need to remember to use the "secure folder" camera though, if you merely take the pic THEN move to secure folder, while it's super quick and easy it's usually too late as google photos, dropbox, whatever else will already have duped it.
> How about make it so that the "hidden" photos on a phone require a security code/biometric to access?
Pixel with the latest Android should have that ("Move to Locked Folder" [1]), though as with all security things it is annoying to use in a lot of ways. Doesn't work for SMS images or Whatsapp (Signal is much nicer on this front, but images on Signal get lost if a phone is bricked - the account backup/transfer method sucks a bit).
I have a bunch of old USB sticks, HDDs, phones, tablets, etc in my garage because I can't wipe them, but I can't possibly remember what data was stored on them over the years. Micro SD cards are great because they're teeny tiny.
Nothing nefarious. I'm just not very trusting with my data, and not going to just hand it over like that.
Modern Android versions are encrypted by default. Though given weak/no passwords by default I believe it only helps if you remember to factory reset first.
And if it's damaged a reset or wipe may be impossible for the end user.
I hear you, and agree wholeheartedly that there is "absolutely nothing wrong with this", but maybe if the topic keeps coming up, people should have less trust in the companies (and their respective flawed human supply chains) that keep our information.... and act accordingly. Unfortunately that's easier said than done these days.
Sure, but you probably wouldn’t ever hear someone say “maybe you should have had less trust” if Google employees snooped on your Drive account to steal financial records or something like that to use against you. Why do we tend to treat people like they’re asking for it when their nudes get compromised?
But you would. People here preach that every single day.
If you had highly sensitive info of a non-sexual nature on Google Drive that was going to have a massive negative impact on your life if it got leaked, half of this site would still be saying "that's awful, but you can't trust Google" if that happened.
> you probably wouldn’t ever hear someone say “maybe you should have had less trust”
No you would hear the exact same thing. My sensitive data on the cloud is all encrypted. Have you ever seen anyone suggesting to do backup on any cloud platform in any other way than encrypted? That's because the data is sensitive and you can't trust whoever store it for you.
> Why do we tend to treat people like they’re asking for it when their nudes get compromised?
We do that over anything that is sensitive. It's just that nowadays, people no longer consider much of their things sensitive... except nudity.
I agree entirely that we should be able to trust companies and I agree completely that the biggest issue is on them, but the thing is, we will never be able to trust them fully, there's just too much to handle. I'm not saying not to push the responsibility on them, for sure we need to do that or it's gonna be even worse, but we also need to remind people to consider their data security and how they handle it. Both are essentials if we want to lower the number of instance of theses happenings.
I'm curious, if I upload nude picture on my Google Drive and with the password "potato", and then my picture were published by someone that guessed my password. Wouldn't you suggest a stronger password? Still a victim, but still good to suggest ways to avoid it in the future.
Why do we tend to treat people like they’re asking for it when their nudes get compromised?
Because nudity is akin to sex and sexual ways, which are taboo in many societies. Upstanding citizens do not have nudes, in general. Especially women or nudes hinting at same-sex romance.
It isn't right, but it is.
Edit: I'm not saying I agree with this. But it doesn't take much to see folks putting others down for nudity. YMMV depending on where you live in the US. There is a reason most politicians (in the US) wouldn't get caught with nudes and I'm guessing that in some areas of the world, it would be even more detrimental to your life. It is the same line of thinking that punishes women for being "sluts" but are OK with men having a series of one night stands.
What's great about this is you don't need evidence. People just need to believe it. People at large have a large number of vices they do in private, but the moment our private lives are made public it is very common for others to point the finger and say how dare they do that, even when said person does the same thing.
I remember hearing a court case where a small video rental shop was accused of renting vulgar content by someone claiming that the community standards didn’t allow pornography. This was in an area that is predominantly religious. So it hinged on whether it was true or not that people viewed such material in private. The defense was able to find both rental and internet traffic data for the region demonstrating viewing porn was basically the norm for a large percentage of the community. The court found for the video store, but IIRC the legal costs still destroyed the business.
I don't think the parent was asserting that this is true, just that this is the general public sentiment in many societies (which I'd agree with, unfortunately).
Neither your very strict, seemingly religious-based and ethically dubious idea of an "upstanding citizen", nor anyone else's, should ever justify someone's reputation being irreparably compromised by a professional phone repair person / google employee on the job.
Anyway, your comment doesn't seem to have much purpose but to weirdly say "this isn't right, but it actually is right."
I'm not saying I agree with it, but it is an observation. I'm pro nudity, and think it should be normalized. And I'm atheist. And live in Norway, where nudity isn't as big of a deal. I lived the first 30 years of my life in the midwest US, though, in small to medium towns.
But come on, I'm sure you can find examples of folks putting down others for it. It isn't common for politicians to have nudes, at least not in the states. Melania trump had her nudes used against her (put as degrading her character): Janet Jackson had people outraged over a nipple. Facebook doesn't allow nipples. Heck, even further back, I remember folks in high school shaming a singing group (TLC?) for having nudes printed in another country (the cover wasn't even showing breasts as hands covered them).
I don't trust Apple to not snoop on my iPhone and macbook, share the data with law-enforcement, and maybe use it to sell ads. I do trust them to not log in to my bank and transfer all my money to Tim Cook.
How do you "act accordingly" when you want to partake in sharing digital private documents with your wife? In order to follow that advice, you'd have to stop using smart phones entirely, and that's not really feasible today.
Sure, it's lurid in this case because it was nudes, but this could have just as easily been identity theft or something more mundane but equally wrong for Google to access.
No, this is what we have laws for. What Google did is wrong and if the person responsible cannot be criminally prosecuted, we should seek legislative changes to enable prosecution in cases like this in the future. This is not merely a matter of individuals trusting Google too much. The individuals don't have much choice; that's where the law can step in.
Say I have a bedside table that needs repairs. I send it to a carpenter. If I am fool enough to leave my nude photos in the drawer then I should fully expect the carpenter to have seen them. I'm the fool, he's innocent.
If, however, he takes those photos and sends them to a tabloid, now he's the asshole.
Maybe stay with the carpenter and observe him so you can make sure the pictures are secure?
Might seem weird, but if you explain to the person doing the work that you have sensitive data on the device they'd probably understand the precautions.
Of course it's not necessarily easy. But you might as well make the request. If you are in that situation and you're concerned about sensitive data being leaked, then it is an option.
Some people no doubt engage in victim blaming, but I don't think that's what's generally going on here. For instance, I don't think anyone would disagree that the individuals that made those photos public should be prosecuted to the fullest extent of the law.
The world contains bad actors, and we should be having conversations about what are the reasonable steps people should take to protect themselves. The fact that this happened, and that it could easily happen again, suggests that we should take additional care with sensitive data on our phones. Maybe an app for encrypting sensitive photos and that requires a password to access?
Yes, people should feel safe in their tech. People should also feel safe in their homes, but most everyone still have locks, and many people additional layers of security.
There's a difference between victim blaming and protecting oneself against the world. The sad reality is that systems in society don't always work the way they're supposed to, whether that be companies being egregiously unprofessional when working on user's devices, or police showing up to an armed burglary long after the events have transpired and lives were harmed/lost.
People should be able to feel secure in the tech that they use, in the companies that they entrust their information with.
I can never tell whether I'm paranoid, or worried for good reasons, but cases like these + mass leaks which happen occasionally are basically the reason why I don't have this secure feeling at all for anything which isn't on an offline device which is in my hands or device-side encypted then put online (but to a lesser extent). And I'm afraid nothing is ever going to be able to fix that feeling anymore, it just seems to late for that, and I feel like people who do feel secure lost touch with reality somewhat.
I still get that feeling for the most part with open source self-hosted stuff and devices running as open as possible software. Could someone hack my up-to-date linux server behind my VPN? Yeah. But it feels a lot less likely than any other device. If it's not an open source OS with a good track record, I feel like every key stroke, swipe, or picture is spied on.
On devices I trust less, like my android phone, I feel better than default (but not perfectly comfortable) about open source encryption software and the stuff stored there.
Well said, A basic consumer shouldn't be expected to be aware of OPSEC for repairing a broken phone(which in this case seems to be the reason for not wiping data as well).
This also brings an important aspect of repairability, I've been paying for extended warranty and discount on battery replacement for years to an android manufacturer and when the time arrived(during lockdown) they wanted my device sent to the repair-center as there was no policy to send the parts to the consumer's place.
Although I don't believe for a moment that Apple is pro-repair now, I hope them sending parts directly to the consumer would be followed by android manufacturers as well.
Comments like that ruin threads for me too, but pre-empting them as you have just draws attention to the sewage, so I don't think it helps.
Unless I missed something, I believe that you currently have the only top-level comment to mention victim blaming. There's one other, but it's dead, which means the HN "immune system" (as dang calls it) worked.
That's not always an option -- my last android phone died with a reboot loop. It was several years old so I opted to discard and replace it (after opening it up and snapping the main circuit board in half), but if it was newer and I wanted warranty service, I'd have no choice but to send it in for repair, unwiped. In theory, device encryption would protect my data unless the service center has some way around it.
> That's not always an option -- my last android phone died with a reboot loop.
You're not wrong, but for future reference, there is a way to stop such a reboot loop; I did it just yesterday with my wife's phone. (Of course, it was a Pixel, so it might not be on every phone.) You do it by holding power and down volume until it says "Command not found", then you hold power and volume up until you get a menu. One of the items should be "Power off". Another one is "Factory reset" or something like it.
Once my wife's phone was off, I left it off for a couple of hours to let it cool. Then I booted it again, and all was well.
I spent days going through every blog post I could find for tips on how to fix it, including booting to recovery mode -- it would reboot as I scrolled through the recovery menu and even when I got as far as trying to do the factory reset, it would reboot before it even started the reset. I let it reboot itself until it ran out of battery and waited a day after that to let it completely drain. Even tried putting it in the freezer.
Don't take digital photos that you don't want the world to see.
I don't like seeing "don't victim blame" taken as gospel. Blame isn't a simple binary thing. Every time a company is hacked we don't line up to defend their shoddy security practices even though they are a victim.
This is a dangerous argument. There’s been a lot of public statements from the big tech firms about how data on phones is encrypted and that the devices are safe.
Resorting to “do not do X if you don’t want Y to happen” is a cop out and demonstrates a fundamental failure of technology doing what it says on the box.
I've said in another comment that I am extremely interested to know the outcome of this since I am a Pixel owner. It is concerning but right now it's unverified.
This is a really bleak way to look at digital devices and their role in the world. Should you only write things you want the world to read on a computer, and for everything else, just use pen and paper?
Hackernews is full of people with the skill and position to actually influence what decisions the tech world makes.
It's much less forgivable for engineers and managers that work at Google, Apple, Facebook, Microsoft, etc to be cynical and say "yeah Tech is evil what can you do" compared to the average person, and this site is full of people who are in those positions.
Yes. Anything you write into your computer has the potential to be shared. The same way anything you write and send in the mail has the potential to be shared.
And yet, if GMail published email exchanges of a protected nature between someone and their lawyer, would you just throw up your hands and say, alas, digital communication is cursed?
Some digital activity should be considered private, and violating that privacy should have legal and social consequences.
I agree completely that you should be able to take nude photos of yourself, but I still wouldn't use a phone to do it -- my phone's pictures get backed up to the cloud automatically, and even if they didn't, the phone provider is probably the least likely risk that I face. I am probably more at risk from some rogue app that I installed on my phone.
When I have done this in the past, we did it the old fashioned way -- took the pics with a non-connected digital camera, printed the ones we liked, then kept the rest on an encrypted USB drive. Even this has the risk of leaking your photos to the cloud if your computer is set up for cloud backup.
Probably got too close to "victim blaming" for the crowd here.
Being able to trust your hardware/software is important, but also knowing why you can't (for now, maybe not ever) trust your hardware is also important - maybe more important.
> Look, face it, some people like taking nude photos of themselves and they like sharing them with their partners. There is absolutely nothing wrong with this.
It doesn't have to be "wrong" for it to be stupid, and trusting your private life to a device you literally do not own is. This isn't victim blaming, this is recognizing the fallacious logic that most people have when approaching this subject. Call it tech illiteracy if you want to be nice, but I'll just call it "dumb".
I imagine a lot of people sharing nude photos don't especially mind if they become public (I personally don't, I've had many partners who don't fear this). So they aren't "dumb" for taking a risk they are comfortable with. Nor are they dumb to expect the criminals to pay if they do become a victim. Both things can be true without anyone needing to be "dumb" as you seem so desperate to assume.
It's definitely the fault of some individual related to the service. BUT, you must be pretty stupid to send a device away that contains sensitive information.
And unfortunately, a lot of people in society don't expect this type of intrusion by a company they trust. But they should. And I don't think you can blame Google for any of this.
It is relevant because there's a massive deficit in basic infosec among the populations of the world. Why keep blaming big corporations when we need to get smarter ourselves?
Once you start throwing around terms like "basic infosec", I think you need to recognize that the vast majority of people in the world won't even know what that term means. And shouldn't have to. It's up to us (the more technically-minded people) to protect them by helping to drive change, both in legislation, and technical measures to make it so people don't need to trust these big corporations. That's our failure, though I certainly recognize that this is a difficult thing to do.
Of course the fault lies with the person who posted the images online. That person also violated state and federal laws. There is no doubt about that.
However, most people wouldn't knowingly leave nude images of their spouse on the car's back seat when getting the car serviced. In many ways this is similar.
Edit: For people who think I'm blaming the victim, I am not. I thought that was clear, since I blamed the thief/poster of the photos! This is in many ways similar to leaving photos in a car. That is not to say that the person with the phone is at fault, but that this also happens in many other cases. If this happened to me (which it has), I'd do something else instead of sending my phone for repair by an unknown person.
I don't know how broken the phone was, but it's possible for a phone to be so damaged that you can't wipe it's contents prior to sending it in for service.
I love car analogies (who doesn't), I think this is more like your car being on fire and asking a firefighter to put it out, while hoping they won't find and share any documents they find in the back seat.
Indeed, when my Pixel 1 abruptly failed it would not turn on at all. Not merely briefly, not a boot loop, it was truly a brick and there was no way to alter what was on it. I thought it was unfortunate that it happened a mere few months past the end of warranty, but at least that way I didn't send it back to Google. Instead, a local school got it for the students to disassemble in a technology course.
Now, I don't store nudes on my phone. That said, it was recently suggested to me, here on HN, to use a scanner app in lieu of a flatbed scanner for all my scanning needs (primarily documents around tax time). Not so sure that's a good idea versus this.
So what do you do when your car is on fire but there's also nude photos in the back seat? Asking genuinely, don't know what would be the best thing to do...
> The post said the phone wouldn't turn on, so how were they supposed to clean it up before sending it out?
I think you are asking the wrong question. It's more useful to ask how to initially safeguard the pictures instead of how to remove them after something broke. If the pictures were encrypted, then it doesn't matter who has possession of the phone.
What would reddit be without heavy handed moderators deleting interesting and relevant comment replies? You can read a lot more of the discussion here:
Somewhat related, but not long ago my Macbook had a bulging battery issue and the Apple just flat refused to service it under warranty because I would give them the credentials to unlock the bios. The "genius" told me "but you leave your keys when you drop your car at the garage!".
I had to send the computer across the country for corporate IT to wipe it before getting it serviced, for a battery replacement..
Post has been deleted. Can somebody explain what happened exactly? I have a hard time believing Google posted nudes on social media and stole money from him.
That, and I remember years ago, someone claimed their cryptocurrency was stolen while their Apple laptop was in for repairs (wallet unencrypted on the laptop).
Even worse: Never lend your google phones to friends. If they hard reset the phone before handing it back to you, Google will refuse to reactivate them. I exhausted every option with their support and am left with a $800 brick.
Your friend factory reset the phone and put their own password on it? To be fair to Google, they should refuse - if they agreed to wipe someone else's account that would be a HUGE breach of protocol based just on your word. What would keep people from selling used phones and then calling Google to deactivate them? Or just calling Google and deactivating random phones?
If your "friend" refuses to log out and re-reset it then the correct thing to do here is to report it to your homeowners insurance. Your friend basically stole your phone. Insurance should pay for it and then they can go after your friend to get their money back.
Even if the poster had not deleted the text (I saw it before they deleted it, and the text is posted in this thread, however), that would not do anything to make it legit. It is just someone making a claim on the Internet.
It is good fodder for a security discussion, though. The merits will have to be decided in a court of law.
IIRC, my friend who works in Google Zürich uses a Android phone for work, because Google considers its own stuff to be sufficiently secure for their own trade secrets.
(Unrelated except to your tangent, but personally I will only buy GM cheddar, as GM bacterial rennet is the only way to make it vegetarian).
Which phone tho? I don't have anything compatible with iOS so those are unusable. So, I get android. And nearly the only phones w/o crap-ware are Pixel or other Google Flagship. Advice?
Are you being misleading on purpose, or was it just an accident?
The first phone to run on Android debuted from Google in 2008 and was universally recognized as a hilariously obvious copy of iOS and everything about the iPhone.
The early internal versions of Android bore absolutely no resemblance to what was finally released in 2008. There wasn't even a touchscreen at all, and they had a physical QWERTY Blackberry-esque keyboard. They magically changed after the iPhone was released. This is all quite well-documented.
Per the link: "The last ping from the old phone (which was today) was the same as the place we shipped it. The exact location down to the very building."
The phone was successfully RMA'ed a month ago, which presumably would include Google confirming possession.
> They had access to the Google account which is where the photos were.
like the photos were not on the device, but rather on some Google service, but the phone had remained logged in that account.
It should be possible in such cases to access the Goggle account with another device and change password (I believe, kicking out the broken phone login).
You can even log out particular devices on account.google.com (security tab → your devices). This is a weak protection, however, since they're probably cached on the phone.
I seriously think we're at a point where we just need to say "yes, we're blaming the victim", not because we actually are, or think it's the victims fault, but because engaging this line of questioning is a complete waste of time.
The person whose nudes were stolen and published did not deserve it and did not ask for it, but it's not productive to tell them (and society at large) that there was nothing they could have done to avoid or mitigate the situation. There are bad actors in this world and we all do things tens or even hundreds of times a day to minimize their impact.
I don't know how you read blame out of it honestly. I am not blaming anyone aside from the one that uploaded the pictures, I though that was understood.
The recommendation to not ever send a device with secret information to maintenance and repair still applies. As I said perhaps the device never reached Google. That is probably relevant for liability, perhaps the delivery service is at fault.
It doesn't even have to be a malicious actor, the repair process could expose such images to the technician in some cases.
There's a big difference offering that advice in a areas with a crime problem before anything is stolen than telling a person they should have hidden something after the theft. At that point you aren't being helpful.
You’re right, everyone has a need for privacy, and there is almost always private info on devices people use. So why is “advice” to avoid repair and eat the costs considered a tenable solution?
The “advice” would also apply if you ever logged into your bank or bought anything, if you ever read your email, if you have any secret keys or certificates for authentication of anything, if you ever visited a web site or searched for something you wouldn’t want someone else to see, if you have a list of contacts, if you have any personally identifiable information, if you ever worked on something considered confidential by your employer, etc., etc., etc.
I agree, but I’m confused; I didn’t make an or proposition, and you followed that statement with one. We can realistically deal with privacy problems using laws, and we cannot realistically ever expect people to never repair devices that have private information on them. Right?
There’s also an unfortunate environmental downside to suggesting that people avoid repair.
Sorry, I’m lost about what your point is. What “or” are you still referring to? You seem to be trying to correct something, and I have no idea what it is.
You defended the specific idea of avoiding repair. If we’re talking about other “precautions”, I’m not sure what you mean because you haven’t made it clear.
My point, I guess, is that “advice” about taking “precautions” really does boil down to victim blaming. There are no reasonable precautions that the general public can take when sending a device in for repair; private information will be available to the person with physical access to the device.
We already have some laws protecting against privacy violations, and the issue in this article is likely covered by some of them. The remaining solution is for Google or Google’s subcontractor to be held accountable and pay damages, which is exactly what is needed to address privacy problems at the social level: consequences for breach.
Otherwise, I don’t see how your suggestion to take “precautions” is helpful or realistic.
As far as in: you did not expect that?Yes, you can also blame the victim in that regard.
However the number of mistakes along the way is ridiculous: taking nudes in the first place, not wiping/backing-up your data regularly, not using 2fa, etc.
These would not be an issue if you would never send your device back to google."Don't be evil" as a motto is just a facade, it's well-known throughout history that if you want to do something evil or bad, you do it in plain sight, especially when the entire globe knows about you.
Unless people don't get "hit" by the reality: google is not the saviour of humanity and it has many flaws, many of which >can't< be avoided statistically speaking, considering the amount of employees and people they effectively manage, then no lesson will be learned.
Prudence is certainly a choice one can make, but in no way should it be recommended or required.
Google is supposed to be trusted with the world's emails, photos, and other Android data backups. If it is necessary to take precautions against Google misusing data, then that cuts to the heart of their business model, and is a material threat to consumers that they should be informed about.
> Prudence is certainly a choice one can make, but in no way should it be recommended or required.
risk = probability X severity.
If something is a big deal to you, take precautions, even if it's unlikely, because the severity is high. This is why we take huge precaution with nuclear plants, because the likelyhood of an accident is low, but the severity is high.
If you have nude on your phone, severity is high. The probability that googles will mess with you is low, but it's good advice to tell you to protect yourself.
> If you have nude on your phone, severity is high.
Incorrect, for societal reasons.
For women, the severity of nudes being stolen is very high, regardless of social stature. The majority of nudes published without consent are of women, and the majority of 'revenge porn' nudes published explicitly to demean are of women, and the majority of societal outrage excluding public figures is directed at women. The long-term impacts of nudes being published without consent never fade, and is nearly as likely to result in loss of employment and social stature years later.
For men, the severity of nudes being stolen directly correlates with whether they perceive their career or social stature to be at risk if nudes are stolen are shared, as in the majority of cases men are blackmailed for payment before stolen nudes are published. The long-term impacts of nudes being published without consent fades rapidly for private individuals, hinges on their career and social profiles rather than being effectively universal across their gender, and is often disregarded altogether.
For public figures, the employment and societal circumstances vary wildly, and the overall risk of permanent harm to men increases considerably; however, the risk of permanent harm to women decreases only slightly, and typically only for women who already publish nudity of their own accord, and thus have already factored in the societal harm of doing so.
My time is limited, so here's one contributing citation only:
This is the key; arguing about who to blame will not change the fact that any device which stores or could access unencrypted personal data might be accessed by someone unauthorized.
I don't see a contradiction here. It's terrible that Google allowed this to happen, and the individuals responsible should be held to account. Also, it is a good idea to be very protective of nude photos. I found the original comment useful for thinking about how I could avoid this situation personally.
Not to tell adults after their privacy has been violated.
Do you really find it a useful comment? Was it not an immediately obvious conclusion that none of this would have happened if they had just fired their phone into outer space rather than hope to have their warranty honored?
I actually did find it useful. Yes its obvious that destroying a phone would prevent photos leaking, but it didn't occur to me that this might be a good default position for me to take when considering sending in my phone for repairs, as horrific as that is. I would probably have just trusted google/apple too.
It's only a problem if you don't live in the real world. The real world is filled with learned behaviors that keep us from expiring quickly like a lazy squirrel on the road.
Where do you see blame in this comment? I see advice so others can learn from this unfortunate incident. Hell, she doesn't even use the phrase "should have".
I really wish the masses had never heard the term "victim blaming". 95% of the time i see it used, it's nonsensical pearl-clutching insisting that no one can ever take steps to protect themselves.
The blame is pervasive through the entire comment. If you can't see that, you need to reboot, install updates, and look again. It was a very brief comment and its ENTIRE CONTENT was a criticism of the victim's conduct and a suggestion about how the victim should alter said conduct (and sacrifice a lot of money) to avoid Bad Things, rather than the right fucking answer here, which is to put everyone involved with this in jail for 20 years and the publicize that Google is being evil again.
The comment's advice isn't especially intuitive, and as such it's not at all blameworthy to have failed to follow it; I'd likely have done the same thing the victims did. On top of that, they didn't say what the victims "should have" done, and left out the subject of "should". This is easily interpreted as broader advice, instead of criticism of the victims' actions.
The comment is completely consistent with the interpretation: "it's unintuitive and thus understandable that the victims didn't do this, but one should eat the cost of devices with unremovable sensitive data instead of sending it anywhere".
> If you can't see that, you need to reboot, install updates, and look again
I think I'm good with the version I'm running. Apparently it allows me to have enough going on in my life that I don't have the desperate impulse to get a dose of morning outrage from interpreting everything in the least charitable light.
There's a few things that make this pretty unlikely. Google doesn't triage or repair the phones themselves, they contract it out just like everyone else. And the people they contract it out to almost certainly have procedures in place which are meant to ensure that neither the devices themselves nor the data on them get out.
I'm not saying it's false, but I would definitely take it with a grain of salt.
That said, before you send any devices in for repair, you should wipe them to the best of your ability. Also, you should set a secure password (PIN, pattern, etc) - even if you set your device to not lock, you can encrypt/require password on startup, which would prevent the repairperson from seeing the photos much less posting them.
T-Mobile for example had a major device theft issue with their mailed in device place for the upgrade program they used to run. No surprise, the process was to unlock phone, turn of find my iphone and send in the phone WITHOUT TRACKING to this random low bidder.
This was early in program, you couldn't turn device in at store (I tried). So I filmed myself mailing the device, because without a tracking number on the pre-printed label and an unlocked phone - 100% for sure these were getting jacked along the way.
If you use a brain dead process like this, you have to be bulletproof every step (mail pickup, sort, deliver, warehouse workers handing $1K+ devices etc).
Of course, the phone was reported as never having been received. Tired of the runaround and with the video I had I simply said, fair enough, I will persue this legally and part of that is going to be asking how many complaints you've received like mine (phone reported not turned in). Bamm, 2 days later I had my money.
Thankfully they then let you turn in at a store and I think started sticking at least tracking numbers on things so they'd have SOME sense of what was supposed to be coming in.
Gonna reply here since 4 different people decided to say the same thing without actually reading my post.
I never said it wasn't possible. But getting the lynching party out is a bit premature. Just because someone says something on the Internet does not make it true. Bet y'all still think Trump is still gonna magically become president and kill the elite pedophile cannibal cabal, huh?
Never said the processes they have in place were perfect. But being smart enough to exploit a hole in the process, and dumb enough to then make illegal posts on social media with location and all - are kinda at odds with each other.
Until you can show me any evidence that this case is real - which, of course, you can't for the next ~years because the only place that evidence should show up is in court - you can take your "False." and stick it somewhere.
> And the people they contract it out to almost certainly have procedures in place which are meant to ensure that neither the devices themselves nor the data on them get out.
I think your impression of what phone repair places are like may not match reality. The industry is far more ad-hoc and margin chasing than the rows of immaculate benches staffed by well paid professionals in a brightly lit facility like they might show in a brochure.
I haven't personally worked in one of the big contract places but have close friends who did. I think your impression of these places as being simply "phone repair places" may not match reality, to be quite honest.
In addition a few months ago the exact thing happened to one of the subcontractors that apple uses for phone repairs[0] (as has been mentioned elsewhere in these comments). Unless you think the "procedures" that googles subcontractors have are better than those of these other subcontractors who did exactly this, it's clearly possible.
> There's a few things that make this pretty unlikely. Google doesn't triage or repair the phones themselves, they contract it out just like everyone else. And the people they contract it out to almost certainly have procedures in place which are meant to ensure that neither the devices themselves nor the data on them get out.
Snowden and Manning smuggled out top secret information; it seems a bit much to assume that the low bidder on a phone repair contract has leak-proof security.
Not here to victim blame, but just point out some things to help others in the future.
1. Use a password and encryption
2. If you can still turn on the device, wipe it before you send it off for an RMA.
3. If you can't access the device, login to your account online and remove access to it. You should do this even after you wipe it.
4. Save everything sensitive on removable storage medium by default.
These guys sent it in for RMA because it couldn't be turned on
Also the photos were in the google account so none of this advice would have mattered anyway aside from the advice #4 about not doing it, which is moot. They and many people probably auto backup all photos on the device to the google account. Not sure if there is a way to distinguish which photos are too sensitive for online backup with that service.
It would have mattered because you can deauthorize a device from your Google account on a computer, like a phone and if they are saved locally as well you can remove SD card before sending it back. The only thing I'm unsure of is if thumbnails are saved in a standard image format but those should get removed as well during the notification that the device has stopped syncing, but if mobile data is turned off it may cache a few low res thumbnails.
I'm not saying it has one, again the point was for people RMA'ing devices in the future to help prevent issues like this. A startup password with encryption could have helped prevent this.
IIRC, in the Reddit comments, the OP said the phone was not locked with a passcode at all, which is presumably how the bad guys got access to basically everything.
About a month ago my wife broke her pixel phone. It couldn't be turned on so we couldn't wipe it.
We contact Google and used the device care to get an RMA.
Today someone posted nude pictures of my wife and I to her social media accounts. They accessed her Google account and tried to lock us out. They used her PayPal to send someone $5 (a test probably).
How could this happen? Well Facebook and Instagram show logins from Texas. The old phone still showed on our find my phone app and it was in Texas. Guess where we sent the phone for RMA? The last ping from the old phone (which was today) was the same as the place we shipped it. The exact location down to the very building. Clearly they fixed the old phone and since it wasn't wiped, was still logged into her Google account.
I called Google and they basically said "woah that's fucked up we'll get back to you". We filed a police report but I don't expect they will do anything.
What are my options here for sueing Google? I know that sounds insane but this breach of trust and privacy is egregious. Hundreds of people have now seen my penis including our friends kids. It's really fucked up.
Any advice on what to do here?"
my big question is whether this phone is password enabled. also this stinks because i know the first comment is "well do a factory reset" but if the phone doesn't turn on, etc. then i don't believe that is possible (short of possibly ADP which is out of the reach of 99% of people)