It's just insane that a gift card redemption can trigger this. What's the rationale? It would make more sense if they just locked the person out of redeeming gift cards or something, not the entire account.
But reading horror stories like this is is why I only use the very bare minimum of any of these cloud services. Keep local copies of everything. For developer accounts, I always create them under a separate email so they're not tied to my personal. At least it can minimize the damage somewhat.
It sucks that I have to take all these extra precautions though. It's definitely made me develop a do not trust any big corp mindset.
If enough of these horror stories are publicized, people will learn to never buy/redeem Apple gift cards because of the real possibility of account bans.
- Don't give Apple gift cards to family and friends: You're potentially ruining the recipient's digital life if they redeem it.
- Don't buy Apple gift cards: You risk ruining your own digital life.
If you've been given an Apple gc for Christmas -- and you have paranoia of the risks -- don't buy anything online that's tied to your Apple ID. Instead, go to the physical Apple store to redeem it. And don't buy an iPhone with it because that will eventually get assigned to an Apple ID. Instead, get a non-AppleID item such as the $249 ISSEY MIYAKE knit sock.
I have thousands of credit-card reward points that could be traded in for Apple gift cards but I don't do it because Apple's over-aggressive fraud tracking means Apple's store currency is too dangerous to use.
The "gift card" in general is an anachronism whose time has passed. They have got to go. If companies are going to consider use of gift cards as red flags (as they often are, due to their being key components in money laundering and scams), then society should just abandon them. They are worse in every way than a prepaid credit cards, and in most cases where you want to give someone a gift card, you should probably just give them cash.
I'm the author of that Reddit post. I should probably update it to clarify that I didn’t just purchase the gift cards, but also redeemed them. I don’t think it was purchasing them that triggered the lock on my Apple account. I mean, after all, how would they know what my Apple account is until they’re redeemed?
> If enough of these horror stories are publicized, people will learn to never buy/redeem Apple gift cards because of the real possibility of account bans.
If you are trying to be a bad person you could weaponize that approach. You do not like person x, send them some Apple gift cards... :o
It seems you haven't learned the whole lesson. You're close, though. If you're going to be skittish, there's a better and easier set of rules. Don't use anything that involves an Apple ID.
I skimmed some of the comments from that giant Reddit thread. A lot of people responded that they’ve been buying even more Apple gift cards without problem.
One commonality among the stories in that thread from people who had problems was either switching their App Store country or using their App Store account primarily from a different country than the setting.
As soon as I heard the first one of these stories about a guy getting google broad-spectrum banned because a junkbot AI thought his completely normal youtube comment was a nazi rant or whatever else it hallucinated - I bailed on the whole shebang. Hosting your own stuff is, if you're a reader of this site, easy enough and cheap enough there's little reason not to.
I am in a situation right now where Amazon delivered a fake product. Support suggested they can also try redelivery, and when I asked what if it happens again, they said it should not happen.
It happened - fake again. Now the customer support flow is: you upload images of the product (max. three), and the system approves the verification or rejects it, and then you have a way to contact customer care. System rejected. The trick is - they do not know why the rejection happened, they are not able to tell me, they are confirming the images are very clear and crisp, but they can't do anything to help me because the system leaves them with zero options to move forward - in fact, there is no further escalation matrix either. Nada!
The bank (credit card issuer) refused to raise the chargeback because "but the merchant 'delivered' the item". But it was fake, so? No, no, it "delivered" - that is what counts, so you have to sort it out with the merchant. But they are refusing any further help. You have to sort it out with them. And so on... in a loop.
Can I take them to court? Sure. It may take weeks, months, and maybe years, and even then, in the end (if I win), the court may just instruct them to refund and possibly (possibly!) compensate a trivial amount for legal expenses, which is never even remotely close to the actual legal expenses in this country's courts.
Amazon expects you hire a consultant that is a buddy with the manager responsible for closing your account, and bribe them through that engagement to re-enable your account. They started doing that a decade ago with the mass-banning of legitimate sellers.
Not only local copies but also at least own and use one device where you have your important data that is not on the same OS ecosystem as the other device(s) - also helps with things like 2FA, password manager, etc., if shit has hit the ceiling fan on the other device.
In addition, I always suggest people to:
- Not use big tech's cloud services - ever
- But if you must, do not use many cloud services from just one provider (i.e no Google everything, no iCloud everything) i.e stop using "one account gateways".
- Needless to say, it's time you had a domain and start paying for mail hosting (at least for critical stuff - you can actually buy a very cheap plan; and use that gmail/live-hotmail/yahoo/iCloud/whatever everywhere else) [0]
- Keep an offline (but safe) copy of your "most" important data [1] and ways to remember (i.e cryptic hints) for your "most" important passwords
- Gain some experience in fighting in consumer courts/forums (depending upon your country) - start early, start with e-com companies. A lot many times we don't put up a fight because we have never done it before and we give up always because every time it's a first time. Apple and Google make a mockery of consumers everywhere because we have allowed them to. In fact sometimes when we talk of lack of accessible support at Google and Apple (yes, Apple) we speak in a disdainful appreciation or awe :)
[0] Some might disagree but disabling (or dev/nulling in a way) mail@, hi@, contact@, sales@ etc on your domain (esp. if you have catch-all enabled) goes a long way in terms of avoiding spam
[1] It's also very important to have a tiered approach to data storage and backup strategies. There should be a very, very, very small subset of your personal data, including some of your photos and videos, that is really, really small in storage footprint that you can back up/sync to multiple locations and actually pay the full price for it at storage costs via your own setup, preferably using FOSS tools (which are becoming too good these days) out there.
How much free time do you think the average person has to learn and set all this up?
“You’re giving these companies your data and then dare to be angry when you lose it? Just get a degree in computer science and host it yourself!!1! I am very smart”
The list is a bit overkill for the normal person. I would suggest just:
- Have a local backup (simple giving the storage prices)
- Pay for one email provider (less chance to ignore you)
- For important services (bank, etc.) always register also a telephone number / second email if possible (there is a low chance that both primary and secondary thing will be blocked at the same time)
I don’t mean to defend this, but I know from experience that gift cards are frequently used for money laundring. The laws against that are very strict, incentivizing companies to overshoot and block false positives.
At the same time, AML solutions tend to be a closely guarded black box which simply tells you to block a customer, finding out why is pretty difficult.
To add more to the problem, some anti money Landry solutions are … AI powered.
>At the same time, AML solutions tend to be a closely guarded black box which simply tells you to block a customer, finding out why is pretty difficult.
For a good reason! You, as a rule, really don't want to tell the customer why you're blocking them. What will happen in the end is that you will be facing federal charges for assisting the money launderers because you kept telling them what they're doing wrong.
> The laws against that are very strict, incentivizing companies to overshoot and block false positives.
Yes, in many countries they are, but I don't think the laws are dictating Apple to completely turn off the accounts, but instead dictate that Apple should take measures against it.
They could disable those gift card features + Apple wallet/pay if they suspect fraud, and if no one complains within a month, then disable the entire account, rather than start with disabling the account. Would give them space/time to investigate, and wouldn't be a huge pain in the ass when the inevitable false-positives happen, like in this case.
Ironically, I had Amazon flag and undo some gift card purchases (of cards, not with cards) that I made for Christmas, while myself thinking about this category of problem, about why cards are a mechanism for scams rather than specifically money laundering.
The cards were to family members that I normally send gift cards to at Christmas, and the activity was counted as "sus" even though I was asked to validate my card number and expiration date before being allowed to make the purchase.
> The laws against that are very strict, incentivizing companies to overshoot and block false positives.
On that note[1] is a good read (Cmd+F: "suspicious activity report"), although this specific case is about gift cards, but the AML/T&S etc. space is remarkably similar.
Unfortunately, when you access multiple accounts from the same set of IP addresses and browser signatures, you can bet Google, Apple, Microsoft, and any other large company with that level of information collection has probably correlated all of those accounts to you. The company may lock them all if any one of them is suspected of "bad behavior".
Yeah I dont remember the details but I remember a developer at a studio causing their account to lock up when google shut down the previous studio he was working woth account
> It's definitely made me develop a do not trust any big corp mindset.
I've been reading about Lovecraft's Old Ones. Apparently they have no ill will towards humans. They just sometimes cause harm without realizing it, while going about their business.
I watched an interview with Elon Musk a few years ago (circa 2018?). I'm no fan of him but he was asked about AGI and he kinda just said matter of factly, AI can view humanity as we view anthills. We don't really care about anthills, but if they're in the way of us building a neighborhood in an area then goodbye anthill.
I'm not sure if I like that take because of how horrifying it is, but I found it very interesting that harm can be caused so nonchalantly by more powerful entities, since humans already view themselves as the most powerful entity.
Most likely stolen cards. Stolen credit cards are used to purchase gift cards which are then resold to unsuspecting buyers. Think of it as stolen money laundering.
Well from my view as European working in finance. Handling money for customers to pay (buy apps) likely requires an e money license (not sure about other states). And with this there is lot of things coming, like AML and what not.
So disabling the account might be due to regulations required for the e money license.
Of course Support should be able to resolve this if proves are given
Their mega high risk - high value gift cards are effective for laundering stolen/fraudulent credit cards. Buy a $500 gift card with a stolen CC and sell it on FB marketplace for $400 - you’re up $400, the buyer saves $100, Apple get paid by the retailer and the CC company are (likely) on the hook.
Of course the actual solution here is _don’t sell high value gift cards_, or require the Apple ID email at time of purchase/activation of the card
It would make more sense to stop offering gift cards, which make zero financial sense for the consumer, but why stop offering a lucrative product that people buy because they're bad at logic, when you can just shut down accounts and greatly inconvenience people at no cost to you?
> which make zero financial sense for the consumer
Not in all situations. Because of various cross promotions between car insurance, supermarket and airlines, by using gift cards for groceries I get an effective ~9% discount every time. That really adds up over a year.
For Apple and others, you can use secondary gift card market to get some discounts too, if you wanna risk it.
One practical reason gift cards exist is tax treatment. In the UK, small non-cash gifts to employees can be tax-free under the “trivial benefits” rules (each under £50, not cash or cash-equivalent). For owner-managed companies, directors have a £300 annual cap across such benefits. Cash or cash-redeemable vouchers don’t qualify and are taxed like salary.
I created a Google developer account with a separate email due to warnings like this. Then Google closed it because I left it idle too long and I didn't get the warning email. Sometimes you can't win.
Apple is perfectly happy to take money from criminals though. My grandmother bought some Apple gift cards from a supermarket which turned out to be fake. The cards on display had been replaced/modified in a way that upon purchasing them it activated another card held by the criminals. Apple refused to take responsibility and so did the supermarket. Gift cards are loved by scammers as a way to receive and launder money, they should be subject to much more scrutiny and have stronger AML mechanisms.
It genuinely makes me a little anxious whenever I come across people whose entire digital lives are dependent on a google/apple account. Just one misstep and it's all gone
it's really hard not to have at least one single point of failure. there's a case to be made that a single cloud account actually reduces the ways things can go wrong to just one point of failure, instead of a handful.
e.g. email on a custom domain. your domain registrar is now a spof AND your email provider for your domain is a spof. and that's just email.
There's obviously a middle ground and ways to have a strictly better personal data posture than before, but it's a multi faceted problem balancing usability, security, and resilience
Gift cards are used by phishers. In our institution, we routinely get personalized spam mails (in the name of the corresponding group lead of the recipient, sent via GMail -- this is not low-effort) that ask whether they are available and, when (accidentally) responding, ask for Apple gift cards.
The rationale is that an egregore called Apple, inc. is blindly fumbling ahead, unable to see the lives it is trampling.
Note that this has nothing to do with the actual well meaning (mostly - see leadership emails leaks) people forming the egregore.
The purpose of the company structure is isolating it from liabilities, and as the regulation which would force it to recognize the damage it did is mostly missing, thus the outcome.
from the reddit story: "In the past two months, I purchased eleven Apple Gift cards from Amazon, Target, and apple.com, and added the amounts to my Apple account. The gift card amounts ranged from $25 to $150 each, totalling $905."
This is literally a money laundering pattern
The question will be why isn't this person just adding the money to their account directly, where is this money coming from, why are they structuring it like this
I had similar trouble redeeming a gift card on Amazon. Twice. (thankfully they got resolved upon appeal).
Enough that I am very wary of buying or redeeming gift cards now, especially more than one in a row.
Apparently there's some sort of scam with gift cards, which must affect any platform which allows them, and legit uses often get flagged by automated systems.
If they are so much trouble for Amazon/Apple I wonder why not disallow gift cards, instead of randomly banning users?
Gift cards carry a surprisingly high fraud/AML risk.
If a code ends up being part of a stolen-card → resale → redemption chain (which is more common than people think), companies like Apple may actually have to lock the entire account.
So the trigger might not be arbitrary—it may just be a side effect of how risky gift-card-based payments are.
I spent a long time working in finance one way or another, including as a founder/director of a small e-money issuer, and I have at least from this time ASSUMED that gift cards carry a very inflated AML risk.
Plus I have no desire to carry scrip when I could have fungible cash or equivalent, so I would not buy a gift card. I have received a few.
No to excuse Apple but I think anti money laundering laws are at least partially to blame - they vary from country to country but typically impose penalties for not blocking suspicious activity at the same shielding from lawsuits for blocking innocent users. It's like lawmakers found a way to throw due process out of the window.
> It's just insane that a gift card redemption can trigger this. What's the rationale?
If I need to guess, gift cards are sold online in money laundering schemes, also on some platforms they are used to let you buy apps from a lower priced country
To paraphrase an old saying: Live by Big Tech, die by Big Tech.
After nearly 30 years as a loyal customer
I've heard others say this (and was a "loyal advocate" of Windows for around 2 decades myself), but the reality is they simply do not care. You are merely a single user out of several billion.
Many of the reps I’ve spoken to have suggested strange things
That almost sounds like some sort of AI, not a human. But if I were in your situation I'd be inclined to print out that response as evidence, and then actually go there physically to see what happens.
This is why I don't use an os that depends on cloud functionality built into the os for much of its fuctionality. It's really stupid IMHO to depend on a closed system like this to store data.
> This is why I don't use an os that depends on cloud functionality built into the os for much of its fuctionality.
macOS doesn't require this. My Apple account has a handful of apps purchased over the years, and that's it. I could've bought them directly from the vendors, but the store makes it easier to update.
I don’t think it is stupid but the golden rule is multiple backups. I personally believe 3 backups is the minimum. A physical one and 2 others. Either another physical copy stored at another location to protect against things like fire or 2 cloud backups to prevent situations like this. But I have only ever met one person who did this. His house burned to the ground and lost all data at his house but had back ups at his brother and on some cloud service and lost nothing. I was impressed as most people I know have zero back ups.
I think we must have passed peak Apple this week or something…
I’ve had Clone Hero running badly on an ancient MacBook for my drums, so I decided to swap it out for an M1 Mini that was collecting dust on a shelf. I did a full erase, but I couldn’t get past its activation lock. At all.
This is a piece of hardware I purchased on my credit card, for my company, (luckily) linked to a phone number I control and an email address on a domain I can control, but Apple in their infinite wisdom are still locking me out of my own hardware because I don’t know the password the last employee used on the computer! I don’t want any data off it, thats gone, I just want the computer I spent money on to actually be usable!
I initiated a “recovery” process to unlock it (at Apples discretion?) and they’ve sent me an automated email saying the initial checks are passed and they will contact me again in 7 calendar days. Kafka-esque doesnt even begin to describe it. So for the next week I have to whistle Dixie!
I’ve been a massive Apple fanboy since I swore off Windows a couple of decades ago, giving them a decent high 6 figure spend over that time and influencing countless others to buy Apple devices. Well that very much ended this week & going forwards without Apple will be painful, but the message they sent me couldn’t have been any louder & clearer. The writing has been slowly creeping on to the wall for the last few years, between buckling to UK government pressure, the CSAM photo scanning nonsense, the absolute UI abomination of this new glass crap, this was my final straw.
I’m also going to be relaying their “message” very clearly and loudly now to any friend or family member considering another Apple device.
This happened to me[1] a decade ago, now. Left Apple hardware on shelf for a year or two, Apple in the mean time did their iCloud migration or something, and my login account could no longer unlock the device. It's been effectively bricked since.
Not sure if the Chinese have figured out a way for the newer ARM-based ones yet (I realise it's already been several years since the M1 was released...) but I believe most of the older x86 ones have been cracked.
I've unlocked some old Thinkpads that were similarly left locked with a BIOS password by departed employees, officially not possible, but actually possible if you reflash the BIOS and EC ROMs.
This is what most corporations want, esp for remote employees. I had a work supplied laptop and I couldn’t access via my machine account password. I could login via MFA but I couldn’t reset my local password. They made me initiate the account recovery, wait 8 days, and then I could change the password. I suspect my employer’s account synchronization tools mangled my password or changed it to a password in flux.
In that light, they are fulfilling a use case with greater market value than your conundrum. Is it annoying? Sure. Is it a problem? Debatable. You didn’t recover the passwords on the machine when your employee left. Maybe it’s your problem? Will you get in? Likely and eventually.
I’ve talked to apple support reps in the past. It’s absolutely not surprising to hear that there’s confusion. ISTR some aren’t actually direct Apple employees, so they don’t have access to certain information.
> That almost sounds like some sort of AI, not a human
It’s almost certainly not, it’s just humans being human and going off script. I worked in a place where we dealt with an enormous number of customer service requests, and one of our measured support metrics was “how often do the agents deviate from what they’re allowed to offer”.
> I've heard others say this (and was a "loyal advocate" of Windows for around 2 decades myself), but the reality is they simply do not care. You are merely a single user out of several billion.
What changed your outlook? Did you get burned by Microsoft?
Why would my government care less about me than a multinational corporation with billions of customers that isn't headquartered or listed where I live?
My Member of Parliament represents about 130,000 people, does regular door knocking to talk to people, and has a staffed office a few km away the I can walk into anytime I want.
None of that applies to a multinational corporation.
This is one of the worst stories I’ve seen yet. It sounds like they were “all in” on Apple with zero backups, which shows some questionable judgment, but still, this sort of thing shouldn’t be possible any more than a bank deciding to take all your money with no recourse. (They can close your account, but they can’t keep your money.) Maybe hosts should be required to mail you a hard drive with your data on it when they close your account. Regardless, never assume cloud data is in safe hands.
> this sort of thing shouldn’t be possible any more than a bank deciding to take all your money with no recourse. (They can close your account, but they can’t keep your money.)
I once had to help a relative sue a bank who had closed his account after he refused to answer their very intrusive questions (they wanted to know details about distant relatives living in another country). They also refused to return his money (tens of thousands) and refused to explain why. No amount of complaining or escalating made any difference, although we did manage to get a nice recording of an employee saying that he thought the bank was in the wrong.
It took me issuing court proceedings, plus several more months of negotiating with their lawyer, before they finally settled out of court. Even then they tried to not pay the court fee, and they tried to get us to sign an NDA (I refused to budge on both). Altogether, it took 6 months to get the money.
Similar to how people in this thread are talking about mitigating reliance on cloud providers (e.g. with offline backups), I now do not trust any bank. I avoid being in a position where any one bank can ruin my life. That means having multiple accounts and spreading my money around.
Luckily for me I have a legal background so when a corp (big or small) does this sort of thing to me I don't hesitate to sue them. In almost all cases this causes them to "wake up" and start taking your issue seriously, in a way that the front line customer support reps never do. I recommend this to the author of the original post.
It baffles me how much this community is opposed to Bitcoin (and fails to delimit it from the rest of the crypto-scams on going) when, for me, it is existential. When you go through 1-2 experiences of bank-freezing and you realize your life is literally at stake here, the abstract debates about energy consumption or speculative bubbles feel like they come from completely misinformed individuals.
It's like watching someone on a rail track arguing not knowing what is about to hit them.
> It sounds like they were “all in” on Apple with zero backups, which shows some questionable judgment
iCloud literally encourages users to opt for storing originals only in the cloud. It's marketed as such, it nags you about this every now and then, and iCloud is the preinstalled default cloud storage on every iPhone. Consider non-techies dealing with this too.
I do have backups of most data, including photos, but there are things you can't backup like shared actively edited iWork documents, and things like that. I can rebuild from it, but it's still a shitshow and my very expensive devices are bricked.
Concerning all those 'bricked' devices it would be really nice to get some more details concerning the 'block'.
Can you use your iPhone to call someone, can you use your MacBook overall? Login, use Apple Passwords(!), looking at photos within photos app and so on...
> this sort of thing shouldn’t be possible any more than a bank deciding to take all your money with no recourse. (They can close your account, but they can’t keep your money.)
To me this is the biggest problem. Just like a bank can decide to close your account at any time, it's reasonable that Apple (or any business) could do the same. But they can't keep your stuff.
You can say "don't be naive and assume your cloud data is safe", but in today's world that's like saying "don't keep your money in a bank". The reason I pay for iCloud storage is because it's supposed to be safe (safer than my local HDD going bust or getting lost).
To what extent is the victim their own perpetrator? They allow the status quo to succeed by endorsing it. They voted for this with $30,000 of their own money, and they will likely vote again.
The untapped answer is litigation. Call a lawyer and file against Apple. It may take several business days, and cost $$$$ but it will absolutely light a fire at Apple and get the attention of many-a-human. And if they ignore it, well, maybe a class action lawsuit awaits.
I considered this a month or two ago when Google safe browsing was erroneously putting domains self hosting Immich on the block list. My family domain got put on the block list and it took me a few hours to figure out that I needed to sign up for Google Search Console just to figure out what sub-domain got flagged.
I thought about filing a claim for enough to cover my time in small claims court, but decided not to. I didn't track my time super well because initially I though it was my fault, but, by far, the huge deterrent is the "what if".
What happens if I take Google to small claims court for damages to a domain I've been using for 20 years? I have that domain tied to a legacy Google Workspace account which was a huge mistake. It's been tied to my email for at least 15 years and, even worse, I've never owned an Android phone that hasn't been tied to that Workspace account.
I don't depend on cloud services for much, but if I want to prepare for retaliation I'd have to migrate my email somewhere else and be ready to deal with family members that have their phones connected to the Workspace account. Who's been duped into photo "backup"? Who's been duped into using Google Docs? How many Play purchases do they have? And, the big one, who's been duped into using sign-in with Google?
Google, Apple, Microsoft all make choosing what's best for the consumer very high friction compared to choices that trap users and give all the power to big tech. Even though I constantly help my family members try to understand why the don't want to get locked into those services they always get deceived into using them. The number of family members unwittingly duped into uploading all their data to OneDrive is in the range of 100%.
Apple, Google, and Microsoft need to be broken into 10 or 20 companies each. Excel should be it's own company. Phone OSes and app stores should be different companies. OneDrive should be it's own company and to compete with Dropbox with zero Windows integration. The web browsers should be separate companies. The AI divisions should be separate companies. Split them up with a wood chipper IMO.
The safe browsing scam is the biggest fraud ever because providers can't opt out of it when it "accidentally" detriments independent or self-hosted solutions.
And, importantly, go through with the lawsuit. Figure out how to quantify damages to yourself by being deprived of access to your account so even if they restore access you can continue the suit.
> I am not a casual user. I have literally written the book on Apple development (taking over the Learning Cocoa with Objective-C series, which Apple themselves used to write, for O’Reilly Media, and then 20+ books following that). I help run the longest-running Apple developer event not run by Apple themselves, /dev/world. I have effectively been an evangelist for this company’s technology for my entire professional life. We had an app on the App Store on Day 1 in every sense of the world.
I am surprised that with such a pedigree, the author doesn't already have contacts at Apple they could reach out to for that personal touch.
From my experiences with people at Apple, everyone seems so siloed that it doesn't surprise me that they couldn't help him. It doesn't seem like they have the culture where you could just drop by the Apple fraud team and ask for help for a friend.
I went to Uni with this person (though I doubt they remember me.) They have a very high reputation. If anyone should be able to resolve this, it’s them — that they can’t, and they have to go public, is absolutely terrifying and should make Apple execs pay attention.
I mean that. Exec level. This story and that this specific person cannot get it fixed indicates absolute failure.
This reminds of a joke we have in Russia which roughly translates into English as follows: "Comrade Stalin, it has been a terrible mistake!" The phrase could belong to one of Stalin's own sycophants who unluckily for themselves got imprisoned and executed during the big purge in the 1930s. They didn't understand why it happened to them.
I have a feeling that this guy also doesn't get why this happened to him and that he himself contributed towards it with the work of his life.
There was a time when I accidentally deleted some photos of which I had only one copy. I blamed myself for being stupid not having a copy but also money was tight for additional drives.
Then there is this: depending on a service provider and then blaming them for something like this. The problem is that now you are losing trust in service providers (of which there should be little to begin with) and on top of that you are also blaming yourself for depending on them. However you have to create a trust model where your fault allows you to have a service helping you with it while a fault at the service provider will allow you to restore data from your end too, getting the best of both worlds.
MacOS and Windows / Google with always logged in systems that lock you out completely at their will is an example of how your devices are not owned by you to begin with and then trusting them with your data as well means your digital life is basically owned by them completely.
Now imagine that there are no humans to solve this but endless LLM bots that respond with generic responses because the LLM has never seen a problem like this. I want to point out that owning your data and hardware is really important if you depend on it and your business especially does.
I think this argument conflates “what’s possible” with “what’s reasonable”.
In a complex modern society, we can’t all be expected to have backup plans to the Nth degree.
Is it possible to bore for my own water supply, install solar+inverter/battery backup for electricity, get a medical degree to treat my own wounds? Sure but most would say it’s not reasonable.
It’s why we have regulations and ombudsmans for healthcare, transport, finance, water provider, electricity providers, communications providers etc.
Oddly missing from that list is critical technical infrastructure providers like Microsoft, Apple and Google.
I actually really like the idea of a Digital Services Provider Ombudsman, who you can go to if you feel like you've been wronged by a big tech corp. They have a "way in" that consumers potentially don't, and they have the capacity to levy fines in certain circumstances. I love this! What's preventing this from happening, other than no governmental pressure to make it happen? I might write to my MP...
> However you have to create a trust model where your fault allows you to have a service helping you with it while a fault at the service provider will allow you to restore data from your end too, getting the best of both worlds.
This is why I suggested to have a dual model. Leveraging the cloud and services is really a good choice as long as you have backup systems running independently as well. Your backups may not be as powerful and full fledged as the main provider but in case of emergencies like these, you still own your data and hardware and don’t panic.
In this example a weekly backup of iCloud to a drive connected to a pi with rsync could be a simple solution. 6tb is not even that much given that 500$ gift cards are being used by the author. The backup is not great but it is easy to see why it’s also necessary to own your data.
> Is it possible to bore for my own water supply, install solar+inverter/battery backup for electricity, get a medical degree to treat my own wounds? Sure but most would say it’s not reasonable.
Bad analogy. A better one would be having a torch in case of power cuts (done that) having some extra food in the house in case the grocery delivery fails, having some basic medical supplies in the house, having mobile internet connection in case your broadband fails etc.
Having backups of your stuff is an emergency fallback
> Is it possible to bore for my own water supply, install solar+inverter/battery backup for electricity, get a medical degree to treat my own wounds? Sure but most would say it’s not reasonable.
I’m feeling attacked. Here I was thinking my lifelong work of self sufficiency for my family was completely reasonable until you came along. Thanks a lot!
It’s also possible this person does have some personal or external backups of stuff like the photos, but they’re not going to mention it here as the existence of those doesn’t change the fact that they’ve been extremely wronged. It also won’t help with their developer account etc.
Here is how the gift card scam works (in Australia)
[Quote]
Yes they do still get activated at the checkout. But when you go to redeem, the code is missing the last digit or two so it doesn't work. People take the unactivated gift card, tamper with it to get inside carefully so it's not detectable, scratch and get the code, remove the last digit or two, replace the scratch off layer, put the unactivated gift card back on the shelf.
Then after you activate the gift card at the checkout, they redeem it.
This is why Target doesn't have the activation code on their gift cards anymore, you have to have it added with a sticker when it is being activated now, and then scratch it off.
I back up regularly using Google Takeout and similar tools, but I don’t think it’s fair to shame this author . Even if you have backups , your recent and essential content and credentials will be locked out . 1% of your content is the most important
We all depend heavily on cloud storage and sso . Everything works fine until you are locked out .
And using them isn’t fully voluntary. They are necessary for collaboration . You end up using what your team uses .
You can try to be that “own cloud” snob but it only works if you live in a basement
Every normal person has content in Google , iCloud , OneDrive , Dropbox and maybe more. That’s 4+ single points of failure
You’re just not imaginative enough if you think you’re safe .
Lot of arrogant people here who think they are safe and better than anybody and blame OP.
It is totally normal in today’s world to depend on cloud services and reasonably difficult to do without it. In China: no WeChat you are practically dead. Here try to join meetings without account, try to send a message on WhatsApp without account, etc… a lot can go wrong very fast. What if you used your Apple account as SSO to other services ?
> Lot of arrogant people here who think they are safe and better than anybody and blame OP.
You see this a lot in the Apple "community". Apple can _never_ do wrong. Apple can _never_ make a mistake. Apple's choices are _always_ the best choices.
I don't understand why people put corporations on pedestals.
Commentators here presumably work in the industry, possibly even for 'the big companies' (I'd say FAANG but any big, life-depending, big-architecture corp, but you know what I mean, basically)
They should be tripping over themselves of "How can we fix our corporate incentives to actually deal with customer problems". Not "lol OP, sux"
it's not just about cloud service dependency, or his loyalty to Apple, or things like that. for important data you _have_ to have backups, 3-2-1 rule and all that. the fact he put all the eggs in Apple's bucket is beyond me.
sure i am dependent to cloud services as much as he is, much to my own chagrin, but at least i have all my data backed up??
I’ve interpreted it as a sort of head-in-sand coping mechanism for those low-likelihood, high-consequence events people feel powerless over. It’s less distressing to be powerless if you decide that the real issue was a fault by the victim and not a powerlessness you have in common with the victim.
It is possible to suggest preventative/corrective action without blaming OP. I find it kind of sad that you can't make helpful suggestions (to future potential victims) without someone saying you're "victim blaming."
I have content on Google and Dropbox but I have live backups. It would be very annoying to be locked out of Google, but I would not lose any data. Anyone can have a NAS, you don't need a while basement or to live inside of one (??!?)
Yes, those companies should absolutely be forbidden to behave like this, and punished heavily when they do. But until it happens (which doesn't look like it will), your data is your responsibility.
You lose the Google content , since the export is lossy (docs , sheets, slides , etc) . And most of the value is collaborative . You’ll lose anything that you contribute to that’s not in your account . You’ll lose credentials (eg sso to third parties ), messaging access .
You’ll lose indexing and metadata , like Google Drive search , Google Photos search , thumbnails .
It’s a myth to assume the value is in the backup. Most of the value you have is in the access and the application
I am not depending on cloud storage at all. What do I need to upload onto some cloud? And when I need to sync between devices, or rather want to sync, then I have a Syncthing setup on my server running. No cloud. And copies on participating devices.
Sure, it is not directly their fault, when they are treated badly by big tech. Though of course they could have been more careful, and rely less on big tech and cloud. We can all learn from this example, like many others before this one.
How do you collaborate ? Do you have friends ? A job ? I’m not being rhetorical —- it’s very rare to have friends or a job and not have some ties to the cloud. Even my tiny HOA manages its record in the cloud
Presumably, as the GP said, you're not a normal person and you live in a basement. >sigh< (I'm with a lot of what the GP said but they didn't need to be insulting.)
The solutions self-hosting storage for non-technical people are terrible. Presumably there's no market for selling a solution that gives individuals data sovereignty. I would guess the margin isn't there and a recurring subscription for something you own is probably unpalatable to a lot of consumers. So this is what we get.
> Every normal person has content in Google , iCloud , OneDrive , Dropbox and maybe more.
So, fallacy aside, the abnormals would be...
a) people that don't tech, and
b) people that saw the writing on the wall years ago, and either didn't trust the system and didn'tget into it, or those that did for a while, and got tfo.
The legal Deparment runs most companies . They are the only way to get something bespoke done (like unlocking an account ). And companies are terrified of discovery.
Any lawyer can file a complaint in small claims . OP has paid for a service and has a contract
Not saying this in a derogatory way, but that pretty much means you are not a "normal" user but someone who is tech savvy enough to not rely on someone else's cloud.
> Every normal person has content in Google , iCloud , OneDrive , Dropbox and maybe more. That’s 4+ single points of failure
It only means that the content is not valuable for them. I know people who created Google Account only because the phone required them to and they do not even remember the password or username, and do not use Gmail (why use email when there is Telegram). If they lose the phone, they would just probably make a new account.
If you were an investor or trader, managing millions of dollars, would you keep the only copy of critical information in a cloud? I don't think so if you are a reasonable person. Would you keep the only copy of a cryptowallet key in a cloud?
> If you were an investor or trader, managing millions of dollars, would you keep the only copy of critical information in a cloud?
I don't think the idea that they could lose access to their accounts occurs to most people. I've done enough business continuity and disaster recovery work with small business to be confident in saying it doesn't occur to small business owners. I'm not sure why individuals would be any different.
It's very hard to put yourself in the mindset of a non-technical person.
Since your money is gone, I would file a complaint here:
ACCC (Australian Competition and Consumer Commission): The primary enforcer of gift card laws, ensuring businesses comply with the three-year minimum expiry, clear terms, and fair practices.
It's baffling that gift cards are so popular. You're essentially paying to decrease the value of your own money by restricting its use and adding an expiration date (and handing to someone as a gift as if it's a thoughtful alternative to cash).
An even more egregious case is the corporate credit card. The company dictates its use exclusively for business expenses, yet pushes all the liability onto the employee. The business gets a massive, interest-free credit line with absolutely no risk. The company gets the float, and the employee gets the bill and the potential credit damage if anything goes wrong.
Gift cards are great for companies you don't trust with (up-to-date) payment details. Amazon, Google, Apple, whatever evil megacorp you can think of, they all have made the news with stories like these, and they have proven time and again that they will stand by and defend their arbitrary decisions in court if they have to, because involving basic human intellect in the chain is too much of a fraud risk.
Even if you like their services, who knows what they'll do when they have access to your credit card information directly. I can completely understand why someone would pay for their services with gift cards bought from a well-known, respectable store instead.
It seems OP bought the gift card themselves as a means to top up their account balance (https://news.ycombinator.com/item?id=46252989). They basically used the gift card as an alternative payment option.
Book a date with TASCAT. I haven't used the Tasmanian one but in NSW it cost me a couple tens of dollars from memory and I got a response in days. Once the case lands with the _LAWYERS_ who are expensive, it'll get resolved.
Civil tribunals in Australia (an equivalent of small claim courts in other countries) do not involve lawyers in vast majority of cases and encourage self-representation instead.
In fact, the NSW Civil Administrative Tribunal explicitly requires the Tribunal’s explicit permission for a person to be represented by somebody else, including a lawyer.
But tribunal's decision is binding on the commercial entity, should it be found at fault and incurs penalties for avoidance or non-compliance with the decision.
There are escalative methods to employ in such situations.
In many legal jurisdictions, a 'demand letter' holds weight. These can be served by courier, with proof of delivery as valid. One aspect of such a letter is a hard, specific time by which you will start legal action, along with associated additional costs.
You have two paths after the letter. The first is small claims court, or normal court. In many places, small claims court does not allow lawyers, and the judge will even have to explain any confusing terms.
Which means the playing is leveled, including reduced or no disclosure requirements, and legal cost assignments. Where I am, it's $100 to file.
The goal is to force a fix, at threat of legal consequences.
It is saturday! Guy had a trouble during non-business times and advice to make a complaint to ACCC?
People who unlock accounts do not work on weekends, it is not front line of support who works all the time.
What happened with giving a chance to people (which is Apple consists of) to actually do something before complaining to 4 letter agency?
Also ACCC will not deal with such complaints. It says right on their home page.
I didn't see a timeline but there were indications that the author has been trying to resolve this for much longer than one day.
Regulatory agencies can forward complaints to other authorities and act based on them even if they can't resolve the particular issue for the complainant.
I'm not the biggest advocate of the EU DMA, but account and device access is one item we should actually be regulating very heavily, where potential penalties for (suspected) abuse or incompliance must be much more granular than full-on account bans.
It's hard to believe EU governments are actually considering mandating iOS and Android as gateways to access government services. It's a level of ignorance that's unfathomable.
This story is also exactly why I invest precious time running a Linux machine in the basement that rclones my cloud drives locally, as well as having full local copies of my webmail contents.
> It's hard to believe EU governments are actually considering mandating iOS and Android as gateways to access government services. It's a level of ignorance that's unfathomable.
While I agree in principle, it's not so bad. If you get hit with an account ban, you just get another device to work with the government.
> It's hard to believe EU governments are actually considering mandating iOS and Android as gateways to access government services. It's a level of ignorance that's unfathomable.
There's a good reason behind this approach, even though I don't think the benefits outweigh the downsides. These apps are supposed to be the phone equivalent of the NFC chips inside of passports and ID cards, which have all kinds of encryption and verification inside of them. They have to be protected against malicious data extraction, manipulation, and other fakery.
Phones do have the ability to do that, even free ones, and even regular desktops and laptops. How they do it kind of depends on the implementation (whether you call it a "secure element", a "TPM", or a "trusted execution environment"), but they all come down to "hardware proof shows that this digital signature is not extractable or alterable". The data isn't supposed to be something you can access, like a password, but something you can only do signed reads from, like the physical ID chips.
In iOS, that part runs entirely on dedicated hardware which will refuse to run non-Apple code, which is probably the best approach. On Android, there are more options and many phones run a software version of that concept in a dedicated separate virtual machine to save cost on physical hardware. The security of that virtual mechanism relies squarely on the early boot process having been verified not to be altered by malware. That's what the Google verification library is for in this case.
This approach can work just as well on other hardware with dedicated TPMs (although a lot of free software enthusiasts will tell you those are evil contraptions designed by Microsoft to turn your unborn children into little versions of Clippy) or dedicated encryption modules. However, you'd need a common enough, accessible API for those to function. That's actually quite easy on Windows and macOS, but Linux TPM support is rather woeful at the moment, especially with how uncommon things like secure boot (even self-signed secure boot) are.
In practice, nobody is going to buy a special sort of yubikey to log into their government's tax portal. Dragging people into basic multi-factor security has been a challenge that lasted decades.
However, pretty much all citizens already have phones capable of top-of-the-line security verification. Developing a free app is a lot easier than implementing cross-platform HSM support for a novel authentication mechanism.
All of this comes at the cost of having to run vendor-approved software. That's a huge problem for a lot of HN visitors, but those people form a sliver of a fraction of the population. I'm willing to bet the EU's digital access is inhibited more by the amount of old people without cell phones than the number of people who care about free software.
I personally feel like outsourcing this kind of trust to closed source implementations of vendor blobs is a terrible idea, but it's hard to find an accessible alternative that provides even the lax security properties those blobs provide.
Something I do find lacking in discussions about these technologies is how much the EU is relying specifically on American vendors here. America has been shown to be an unreliable ally that will gladly force the EU's hand with whatever mechanism comes to mind for extremely arbitrary reasons. There is a distinct lack of European alternatives when it comes to accessible secure computing, and I'd rather see the EU invest in local alternatives than go all-in on the security promises from Apple and Google.
We must have regulation, and I support that fully. It also seems healthy to me to have an independent view on the specifics of said regulations. I mostly agree with the vision and direction of the DMA, but in my opinion it lacks specificity and clear unacceptable boundaries.
That lack of specificity, to me, is why Apple has been able to implement malicious compliance. At the same time the lack of specifics risks companies leaving the EU market in its entirety due to regulatory unclarity with high fines.
I don't get the mostly black/white "Self-host" vs. "Mega-Corp" discussions as there is a middle ground: smaller managed service providers (even: per-service).
You don't have to self-host everything in your basement, and you don't have to hand your entire digital life to Google or Apple either. Mail, CalDAV/CardDAV, Immich, Nextcloud, OpenCloud, OpenTalk, web hosting, Kubernetes, simple VMs.. whatever ... fully managed, run by local or independent providers or by the company behind projects, without Big Tech lock-in. If chosen wisely, you can migrate, take over, or bring it in-house when you want. Just spend a few bucks and do some company research. Same as you would when choosing craftsmen, lawyers or something else.
For example, that's actually how we operate as a company for some of our customers and even a few single persons: we provide SaaS AND setup documentation. Customers can transparently take over at any time. We even help separate domains, credentials, and administration from us. Convenience without captivity. I am sure there are hundreds of shops like ours, providing comparable services for people in their wider neighborhood.
Upvoting this because I don't see this sentiment expressed too often on here. In fact, I often see the opposite. "Why would I pay $X*2 for this service when I can just pay $X to Google for the same thing?" Sometimes it takes a little more money to support these smaller managed service providers
maybe for the business target audience, but I doubt this can be a thing for the majority of users. They just want to get on with their day, not learn magic words to search for and relate to each other.
As for Apple fans, they specifically seek the vertical integration.
One day the engineers will try their best to fix things, but get stopped by management satisfied by high-nines logic. If anyone is falling through the cracks, it's bad customer support.
Wow. This is a cautionary tale. I don't think I'd be as devastated as this poor chap, but as it grew I realize I've allowed my iCloud photo library to become a single copy.
How are people handling this these days? If i wanted to ensure a full backup of everything on my iCloud to a NAS, what's the best way these days? Seems like they make it difficult by design..
I self host an Immich [1] instance to backup photos on my iPhone. It’s OSS and has a level of polish I’ve rarely seen in free software. Really, it’s shockingly good. The iOS app whisks my photo off to my home server several times per day.
What I’m not sure about is how to backup things like iMessages, Notes, and my Contacts. Every time I’ve looked, it appears the only options are random GitHub scripts that have reverse engineered the iMessage database.
The imessage db is literally just a sqlite db. If you have a Mac you can read the entire thing with an applescript. It’s really easy from what I remember from years ago
The issue with OneDrive is that it doesn’t store metadata like the photo location, its damn near useless. But I do pay for storage for Google Photos and iCloud.
If you take all of your photos from your phone, you don’t need your Mac at all. Google Photos will sync directly.
I wouldn’t use BackBlaze (the $7 a month service). It doesn’t support NAS at all and it has to phone home every 30 days or it will erase anything that is stored on external drive.
I would use an app that backs up to their B2 service.
I personally just use my personal AWS account to back up my Plex media and just use the AWS s3 sync command using the AWS CLI and store everything in S3 Deep Archive. It’s less than $2 a month for 2TB.
I run a separate Mac Mini that has the full iCloud Photos library on a massive external drive, set to "Download originals". I then rsync that filesystem to a separate Linux box. This works but you must not ever disconnect the external drive.
I don't have a solution for iCloud Drive, as there wasn't a keep offline setting last time I checked. So use it only ephemerally.
At least as of Sequoia, the Settings > iCloud > Drive > Optimize Mac Storage option enables iCloud Drive files to be stored offline. Likewise, right clicking any iCloud Drive files in the Finder includes a Keep Downloaded option. Since I minimally use iCloud Drive, in the past (older OSes) I also had Hazel make copies of iCloud Drive files so they were certain to be in backups.
Arq [1] has an option to "materialize" dataless files, basically forcing them to be locally available. The only issue is if it's a large file and it gets pushed off device often, you can burn a lot of bandwidth re-downloading it over and over again.
Time Machine backups to a samba share on the Linux box would get you both the Photos library database and the iCloud Drive stuff. It also means you don't need to bother with the external drive.
There is a keep all files offline setting for iCloud Drive (turn off "Optimize Mac Storage" in Systems Settings).
I'm not familiar with the "Photos Library.app", but I have an m4 mini with my photos in a Photo's Library. I'd love to know your script to rsync the photos into a separate drive/directory
yeah that's the thing. When my iPhotos library exceeded 1TB I lost the ability to store the full local copies. Since then, iCloud itself has been the sole source.
I'd like to give a special shoutout to the PhotoSync app. It has one killer feature that Immich does not (at least last time I looked): encryption at rest. I think someone breaking into my house and stealing my NAS is a real possibility (unlikely, but I'd give it higher odds that getting locked out of my account like what happened in the article), so this is super important to me.
You could put Immich data on a LUKS volume I suppose, but then you have to fiddle with your server every time it reboots.
I did PhotoSync for a while, but now I just set up my Mac to download my whole photos library, and do Time Machine backups of my Mac. This gets two copies of the data not tied to my Apple ID (the one on my Mac's local disk, and the one on my NAS on the time machine volume).
immich is an extremely polished, FOSS alternative to google/apple photos. It's an investment, but a 4 bay NAS running immich should do nicely. Additionally I backup snapshots to Backblaze B2 via restic which runs another $5/TB
I simply manually periodically download everything to disk/software raid. Really important/sentimental stuff like baby photos and videos I have on DVD with par2s.
Syncthing is wonderful, and does a great job of syncing between an Android phone's photos/videos and a laptop. And if you have regular automated backups of the laptop, you'll have backups of the photos/videos too.
For an iPhone, perhaps you could use iTunes to sync to a computer and back up that computer.
sushtrain seems like the best option for syncthing at the moment. its a bit more polished than mobius. neither of them sync in the background but i think i remember seeing someone using shortcuts to open the sushitrain app every now and again to wake it up so it would sync
Sync to Dropbox -> Dropbox hourly & monthly backups to my NAS using Bvckup2.
(One of these days I’ll setup my NAS to backup offsite fo a #3 backup).
I know that others with Macbooks sync their whole library to their Macbook and then Time Machine to a NAS as their copy #2. Is this vulnerable to the problem in TFA?
I treat apple ID and google ID like throwaway accounts. I would never trust anything valuable to either. The problem is that it is very hard for "usual people" to do that.
I will also never have an electronic ID. We (Switzerland) were dumb enough to vote yes for it but we are giving away our freedoms eventually.
We need regulations to ensure vendor cannot lock in users and cannot threaten them. Everything should work like if you have your own domain and use email. If your provider go nuts, move your hosting and change your MX and point your local copy to it.
This should not be reserved to some nerd like me, it should be an universal right.
It is already late, but it can be reversed. We need for more sotires like this one to errupt, so people understand.
The digital ID in Switzerland [1] is literally the best case scenario from a privacy standpoint. It is basically an ID that is stored on your phone that can send a signed copy of your data to someone verifying it. But instead of sharing all your data everytime it can also only share part of your data or only verify that you are above a certain age.
I personally prefer this to sending a copy of your ID and a video with my face to someone verifying service provider that verifies my identity for a bank or some website.
> I will also never have an electronic ID. We (Switzerland) were dumb enough to vote yes for it but we are giving away our freedoms eventually.
What's the link with the rest though? Your government already knows you, whether your id has your information printed with ink or stored on a chip.
Belgium has had electronic id for decades now and I fail to see how it has taken away any freedom, but it has enabled people to get their official documents online without having to make appointments in person in most cases.
I think the fear many people have is that digital ID will be required for non-government services as well. I can easily see that happen in the USA and Switzerland is the kind of weird that may also let that sort of thing happen.
With things like age verification becoming mandatory just about everywhere and actual privacy-conscious digital age verification being very difficult, there's definitely a risk towards abuse and badly designed authorization mechanisms (although the EU's open source backend and frontends should make it easy for other countries if they do actually care about privacy).
> The problem is that it is very hard for "usual people" to do that.
Exactly, for all the victim blaming in other comments, try to explain 3-2-1 backup to non-technical people and you'll be met with glazed eyes.
Sadly I think it's going to take more people losing their irreplaceable data and for the network effect of having it happen to someone close to actually see any change.
There's a surge of people losing their Google accounts with hackers abusing parental controls at the moment, although I suspect a lot of those people will just move to Microsoft or Apple thinking they're safer until they get burnt there too.
As more non-deterministic AI is built into abuse systems it's inevitable that there'll be more false positives, couple that with impossible to access human support to override the decisions, it's a risky time to trust your irreplaceable data with anyone but yourself.
You could do everything right and still get locked out.
Send this in an e-mail to tcook@apple.com. He has a team that reads for stuff like this and can magically fix issues.
I've had to do it before, also for a gift-card-related problem (different from yours), and I was contacted by a member of the Apple executive escalations team a couple days later.
I don't see stories anymore from this working. Back when it was under Jobs, there were more concessions from his team operating the account. And maybe in the early Cook years. Apple has trimmed a lot of fat.
I did read about part of the product development org having a standup about trending social media cases, and prioritizing followup on items that were under public scrutiny.
I have a friend who did this last year after he had a poor support experience with AppleCare for his Apple Watch and he got a call from Executive support early the next morning
Basically, I bought a physical Apple gift card via the Apple online store, and it was never delivered. UPS tracking (on Apple's own site) showed it never left the origin. I called to get it re-shipped, and they (in so many words) accused me of fraud, because apparently the gift card had been redeemed and drained.
Obviously someone either at Apple's gift card printing contractor or at UPS snatched it.
Apple's suggested "solution" was for me to issue a chargeback on my credit card -- yes, the vendor suggesting a chargeback. I refused, because the credit card in question was my Apple Card, and I have read elsewhere that doing something like this can lead to your Apple account getting locked.
The exec escalation was the only way I got it resolved. It was Kafkaesque.
I think one major lesson to take from this (and other physical gift card vulnerabilities, like people that go and peek at the numbers on unredeemed cards in stores and then wait for them to be loaded) is: don't use physical gift cards anymore.
This just makes me extremely concerned for the iCloud transition I’ve been making. It shouldn’t be this easy to perform a user-disruptive action from the support/ops side. I would think they’d have visibility to some sort of “reputation” metric, given the age/purchase history etc even if anonymized.
I can understand this happening if it was a freshly created account topped up with a sus gift card but it’s unacceptable that the first action is to completely block an account with history.
Even more concerning is the nonchalant support response to “go create a new one” with emojis. C’mon Apple — this is just a terrible way to respond to this situation.
A lot of fraud bans are just automated in my company. Apple probably outsources Customer service to the lowest salary places they could dump it to, and call it a day.
1. This is a total nightmare, the author has my deepest sympathy.
2. Last time there was a post where this happened to someone, I looked into what you can do if you're locked out of your Apple ID or Google Account.
I know people will say "just self host", but all of the self-hosting solutions are not friendly to families or non-tech people. Telling my extended family to tailscale into my server to look at family photos from vacation is a total non-starter. All of the self-hosted solutions are also just way less smooth to use than the built-in integration iCloud or Google Drive gives with devices.
That said, there are straightforward options to deal with this (at least the data part), if you plan ahead. The high level strategy is to setup backups that let you get _a copy_ of your data not tied to any login you don't control. It's a bummer to have to go through these hoops, but again pragmatically, I'm stuck using these services to participate in modern life.
For Google Drive, you can rclone your data to a computer of your choice to get a copy of your data not tied to Google Account. It will even convert G-Suite files to Microsoft Office format, so you have a copy of the data offline.
For Google Photos, I'm not aware of a great way to get the data - rclone only gets low quality copies of photos. I'm an Apple user, so I didn't dive too deep here, perhaps the HN hivemind knows.
For iCloud and Apple Photos, you have a lot of options. You can use Parachute backup or the PhotoSync App to get a copy of your data not tied to your Apple ID. If you have a mac, you can also setup your mac to download everything offline, and do time machine backups - they are not tied to your Apple ID.
I will also add Synology NASes have a super, super easy to setup way to do all of this stuff (HyperBackup plus Synology Photos app) that's borderline worth the cost of admission on it's own, even with Synology's recent turn to the dark side. If you have non-technical family, you should strongly consider pointing them in this direction, if you can use a smartphone you can probably get this working.
> All of the self-hosted solutions are also just way less smooth to use than the built-in integration iCloud or Google Drive gives with devices.
The built-in integrations (iCloud, Google Drive) are smooth right up until you’re locked out or forced into changes you can't control. Obviously.
There is a middle ground though: managed service providers (per-service). You don't have to self-host everything in your basement, and you don't have to hand your entire digital life to Google or Apple either.
All of the options outside of the big ones (iCloud, Google Drive, OneDrive) seem vastly more fiddly and difficult to share with non-technical people. e.x. sharing a budget spreadsheet with my wife, shared photo albums, and so on.
If there are other options out there that work as well as iCloud or Google Drive, I'd love to learn about them.
The best I've been able to land on is making a local copy of the data under my absolute control, while using one of the top tier providers for my "live" copy.
Can you give an example? I am looking for a way out.
I kind of self hosted for decades on a virtual server until I couldn’t keep up with it. So much stuff broke something in the stack, bringing the server down. Often, I had to initiate a full lock down on everything before going up again, consuming a day’s effort or two.
You may want to consider filling a small claims lawsuit against Apple for the maximum amount of damages your state permits in small claims.
It's not really about winning the claim. It's about getting them to acknowledge you and hopefully resolve it before the court case comes up. That is, you want them to "settle" by restoring your account.
The OP is in Australia, but I'd like to add some advice which would apply in the US: Apple is one of the few organizations which does not use an arbitration clause, which means suing in court really is an option.
(With the exception of some services like their credit card, but you can opt out of that more easily than any other arbitration clause I've seen.)
This seems to happen quite often. Not just with Apple, but also with Google. In spite of this obviously insane behaviour, EU governments want to rely on Apple and Google for smartphone-based electronic government IDs.
If I were the person at Apple in charge of this kind of matter, I would ignore this case, just as I do for other regular people. Everyone should be equally not cared for by Apple. That's how Apple sucks in a way I can accept myself still using their product.
If the only way to get your digital property back is a public plea to your Lord, that's called feudalism. Everyone should be treated fairly, not only those who can get their public pleas heard.
You just made it clear to me why I felt not resonated and a bit uncomfortable reading that article, despite I thought I should be. Because what I want to see is something straight like "fuck you Apple", not a begging and emphasis on how much the author has contributed to the megacorp.
It sounds like the gift card # is included as part of a police investigation (as you already know scams often use gift cards as payment) - which would explain Apple's inability to help you or provide information (because they would be required by the state not to.)
You should approach a lawyer to petition Apple and the Tasmanian police on your behalf.
This happened to me really early on when my original Apple ID had an invalid format, as it was an ID made prior to the current version of Apple ID everyone uses, and Apple refused to port what I owned to the ID that I was forced to generate to sign into my newer device. My old ID had software no longer available in App Store, so this wasn’t just a matter of needing to repurchase apps- they were taking away my ability to use applications I bought from them. Since then, I’ve been incredibly wary of losing my Apple ID. I have a lot of respect for Apple, but I would bet that it’s easier to deal with ID related problems for someone with Q level clearance in the U.S. government or even a non-existent Men In Black ID problem than to resolve a problem with an Apple ID. They probably would tell the almighty to get a new ID.
The broken logic is that it will expose why the account was flagged, and thus, allow 'bad actors' to better navigate and bypass such flags.
Of course, this is absolutely silly and beyond absurd, for bad actors share information of forums, can deduce fairly easily, and even have help from people on staff.
Such actors typically know about detection and flagging methods within days of implementation. There's literally zero benefit to secrecy. None. Security through obscurity can be a beneficial additional layer, but it simply never helps here.
We really should pass a law requiring full disclosure of the precise method of banning. I can even see a 'trial' period, where accounts activated (and used!) for 3 months receive this benefit, but new accounts, or new + dormant accounts do not.
This should likely be coupled with mandated full refunds of phones or computers, as an example.
Note that this isn't a 'free' account we're talking about here. An Apple account, or a Google account is required to use an iphone or pixel in its default config, and all the features it entails. These accounts aren't free, they're part of purchase cost, and core-required.
(Even if it's a, for example, Samsung phone? It comes pre-installed, with uninstallable Google Play cruft, as part of an agreement with Samsung. Same conditions need apply here)
> That‘s always the most kafkaesque part of these problems and should be illegal
it is very likely illegal to tell him. it was triggered by the use of a gift card, and therefore very likely to be AML, and in many places (I am not sure about Australia specifically) it is illegal to provide information in the circumstances.
Apple clearly has a problem. In recent months there have been a number of reports online of people getting locked out of their Apple ID/iCloud, the appeal getting denied, and Apple refusing to disclose why or reverse it. Generally those reports don’t relate to gift cards or developer accounts.
My father passed many moons ago, and the family wanted access to his icloud account and they did not have the password. This was a huge struggle. Finally, after weeks, we were able to reset the password, but only because we had access to the email he used. In retrospect, perhaps it is a good thing that Apple restricts access like this for privacy and security. But in this digital age there should be other mechanisms in scenarios like this. What if i wake up from a coma, and forgot all my passwords and have not recorded them physically anywhere ?
What's the difference between amnesiac you and regular me? If you can regain access to your account without knowing some information about it, so can I.
This is horrible and a big reason why I refuse to go “all in” on Apple, Google, or Microsoft (among other reasons). Apple is the one I’m closest to given my hardware, though.
Given how invested you are in the Apple ecosystem I can’t fathom why you would go get an Apple Gift Card from a store to do this kind of transaction, though. It wouldn’t even cross my mind to do it that way.
OP is in Australia. Most stores that sell gift cards have loyalty cards that give points for gift card purchases. And a few times a year they give bonus points (e.g. 10x) on gift cards, that can result in an equivilent 10-15% saving.
You can even use this to get an effective discount on hardware, as you can use your Apple account balance to buy from Apple.
Yeah it seems odd, and if Apple won't tell him or do anything, it might be because they can't: such as circumstances of an active police investigation.
We are obviously not going to get a fuller idea about this situation from a blog post, and while I won't assume that the author has done anything wrong, there have been similar stories in the past where the affected individual was deliberately withholding the whole, much more illegal, story.
Presuming his innocence: What could have happened here is that the gift card he's purchased has been marked as part of a scam operation. Apple gift cards are frequently used for "tax bill" and "police fine" scams in Australia (where they are sold there is often signage informing people of that.) So potentially this person is accidentally roped into that.
Also it's not entirely unheard of to purchase gift cards for long-time users (who would normally just use their linked credit card), as the cards are often sold in the retail space with a 10% discount, or can be redeemed as rewards through points/loyalty schemes.
With all that said, at this point if he's not getting anywhere, he should approach a lawyer, as they'd be able to petition on his behalf (whether that is to Apple or to the state of Tasmania.)
My son was just scammed out of $1000 using some gift card scam. Typically these gift cards cannot be revoked once issued and anyone using the gift cards (like the people who scammed my son) would be able to reap the rewards without any consequences. I’m hopeful that Apple has found a way to track fraudulent Apple Gift cards and are now locking people’s Apple ID who use them. I suspect there’s more to the story than is being shared. What’s the provenance of the original gift card? Could it have been obtained through some not 100% above board means?
From other comments explaining the kind of scams running at the moment, one possible scenario is that the card may have been taken, tampered with by a scammer (and the code recorded), and then placed back in the supermarket, with the scammer waiting until the OP purchased it and it was activated at the checkout.
Perhaps between the scammer redeeming it and the poster then trying to redeem by entering the same code, the scammer’s account was flagged and then the OP’s account terminated along with the scammer for using the same code (even though the OP had done nothing wrong).
Did the original poster claim that he bought it from Woolworths, or did someone else buy it? I question if the poster obtained the gift card from some path where the original purchaser may have been scammed.
Out of curiosity, why did you buy and redeem such a large gift card instead of paying directly? And was this a form of payment that was unusual in light of your account history?
I have similar questions. At the scale Apple operates I'm sure mistakes are made all the time, but often it feels like there is something missing when these types of stories pop up. I have had support from Apple before and they went out of their way to help me, supervisors doing research and calling me back for example. How Apple stonewalled here makes it seem like it was more than a single large gift card that caused the issue.
Back in 2015, I traveled to the US and wanted to buy a Macbook Pro at the Apple Store. The configuration I wanted wasn’t available in Apple Stores, and I couldn’t buy it online because at that point there was some limitation in the online store like they only took US credit cards, or something.
At the Apple Store, the employees suggestion (a more senior one, who was consulted) was to buy a gift card for the computer’s cost (~$1500) and pay at the online store with that. I didn’t do it because buying “virtual stuff” for that amount seemed crazy (this was a huge amount of money for me, at the time).
My grandfather’s Apple account was blacklisted too but I was less sympathetic to him because he genuinely sends spam email from his personal account (it’s politically motivated).
One day he was bricked from his accounts because he ran afoul of Apple’s ToS. The problem then was I couldn’t feel sure that he hadn’t actually done something which a reasonable person would say should result in account closure.
Paris’s case is much more strange, because it feels more likely to be a false-positive.
There is no legal right to have an account with Apple or Google, and I’m not sure I want there to be. But so much of our lives are built on these services and these stories erode our trust that the services themselves can handle the responsibility of adjudicating acceptable use. We need our digital accounts to be robust in the very long-term, even when there are bad actors who want to do all manner of bad things. And we need to feel confident that a properly empowered human reviewed the case and can articulate the reasons for a ban. When we charge a person with a crime, we tell them what the crime was and give them due process to fight it. I’m not sure I want the courts to decide these questions but we need some more due process when it comes to account termination.
> There is no legal right to have an account with Apple or Google, and I’m not sure I want there to be.
There shouldn’t be a legal right to an account, but there absolutely should be a legal right to sit down with someone from the company to plead your case, understand why the account was locked, and at least be given the opportunity to gather your things if they decide not give you a second chance.
If you get evicted from an apartment they don’t just change the locks and keep all your stuff…
There should be a legal right to a clear explanation and a mechanism of appealing these decisions with an external organisation. I think it’s unreasonable to expect that they should be able to delete users this casually with everything that is tied to your devices.
You could make it so costs for arbitration could be paid up front by the person appealing and then if the account deletion was deemed wrong the company refunds said user. Could probably apply to monetisation on YouTube that I see withdrawn for very dubious reasons too.
>arbitration could be paid up front by the person appealing
We need a constitutional amendment that prevents binding arbitration agreements, which removes judicial review from public accessibility.
There absolutely should be a legal right to pursue this through the courts (which require a response from the company, to avoid default judgment).
----
My main PiHole blocks all of *.google.* & *.apple.* for many reasons. My exploration into PiHoles began a decade ago, after Google pulled a similar response-less account termination (without explanation). This left me unable to update a blog (with several million annual impressions), with no recourse [0].
[0] Unlike OP's situation, I was able to download most of my writing/photos, only because they were public-facing (website).
We have these systems - they are called courts. The subject is in Australia and so am I, I can file a case up to around $100k USD for $150 in filing fees.
If Apple doesn't respond they will lose by default and possibly be held in contempt.
Same experience with Google. I was setting up SSO for a new web application and set off some AI flag on a sub domain for our company website. For 2 weeks every visitor saw a warning that out site was a phishing scam. Nightmare. With no recourse. No number to call. No person to talk to. No actual explanation of the error (I still don't know exactly what I got wrong). I just took it down, waited, and prayed.
Update 14 December 2025: Someone from Executive Relations at Apple says they’re looking into it. I hope this is true. They say they’ll call me back tomorrow, on 15 December 2025. In the mean time, it’s been covered by Daring Fireball, Apple Insider, Michael Tsai, and others, thanks folks! I’ve received 100s of emails of support, and will reply to you all in time, thank you. Finger’s crossed Apple calls back.
Second Update 14 December 2025: No luck so far, and not looking good. Anyone got a good lawyer to send them a letter and/or help me sue them? paris AT paris.id.au
Update 16 December 2025: The Register covered it. No luck yet.
I know this might sound cynical... But the author should really understand that Apple gives less than zero fcks about them. Apple is known (and, weirdly, loved) for being tyrannical in this sense. Apple is known for their "my way or the highway" approach to anything, without much explanation and with self-attributed "we're always right" attitude.
> The Damage: I effectively have over $30,000 worth of previously-active “bricked" hardware. My iPhone, iPad, Watch, and Macs cannot sync, update, or function properly. I have lost access to thousands of dollars in purchased software and media.
And that's why people complain about Apple's walled garden. Given the size of the damage I'd look into getting a lawyer involved, and possibly try and get Apple to court (in coerce them into being reasonable).
Frankly, I'm taking note of the archived page (https://archive.is/jrsLV) that I will reference to anybody that will ask why not to trust Apple in the future. Note that Google is also known for having a similar approach (there is no way to get support if something like this happens UNLESS you happen to know somebody inside google). Amazon on the other hand has made customer support one of its defining traits.
Btw if you are doing any decent amount of tech stuff, you should REALLY get off walled gardens and at the very least have an on-premise backup solution (an off-the-shelf nas with spinning disks could be a good starter solution).
Getting a special "notice me on social media (like HN)" fix won't actually fix the problem with using Apple's systems. It's just a temporary reprieve until some other aspect of their control of one's life breaks (by accident or indent).
Update 18 December 2025: We’re back! A lovely man from Singapore, working for Apple Executive Relations, who has been calling me every so often for a couple of days, has let me know it’s all fixed.
It looks like the gift card I tried to redeem, which did not work for me, and did not credit my account, was already redeemed in some way (sounds like classic gift card tampering), and my account was caught by that.
Obviously it’s unacceptable that this can happen, and I’m still trying to get more information out of him, but at least things are now mostly working.
Strangely, he did tell me to only ever buy gift cards from Apple themselves; I asked if that means Apple’s supply chain of Blackhawk Network, InComm, and other gift card vendors is insecure, and he was unwilling to comment.
This happened to me as well with a secondary iCloud account, and I still have no idea what triggered the ban. Apple support said they couldn't reverse it. The account was on an old iPhone, and after the ban, it became impossible to log out, rendering the device e-waste overnight. I at least didn't have any valuable data in icloud. But that experience prompted me to stop using Apple products or any other device that requires an online account to function. Fortunately, since recent AMD APUs are quite capable, I sold my MacBook M2 Max and have happily returned to using x86_64 Linux. No more Apple in my life, ever.
There is part of me that sort of wishes this would happen to me. I wonder if getting locked out of my cloud identities + bricking all my devices would actually be a great blessing in disguise from the Machine?
Off-topic and a stupid question: why does anything related to Apple attract so much attention on HN? As a newcomer, I assumed HN focused mostly on reverse engineering,retro computing, and deep technical topics.
Tech stopped being full of tech nerds when 10 weeks in a JavaScript boot camp and a few thousand lines of code in your personal GitHub would land you a $140k remote job.
Maybe now we will start seeing a reversion to the people in it for the passion.
I would not say your list is anything like complete, although those topics are often discussed here. Apple is a huge player in the general computing ecosystem, and probably a majority of front- and back-end developers these days work on macbooks, so it isn't surprising that the things they do resonate in this community.
Apple offers the most convenient computing experience available to mankind as of right now. That's why I care, at least. I love their products and services, but not so much when it fails (as in the authors case). That shit is scary.
HN hasn't focused on those topics in a long time, they rarely are on the front page. Skip the top 20 articles and you'll start to see some interesting content instead of all the VC & AI drivel.
Hackaday is a content aggregator site that usually has more content on these topics - https://hackaday.com
This sucks Paris. What hope does the normal joe have to get a fair shake if you can't even get this resolved? The layers of click through contracts, opaque terms, LLM customer service, un-empowered customer service, and arbitration agreements make this a crazy relationship we get into with big tech. If we have a problem like this, we should be able to talk to a person at the company that can resolve this right without threatening a lawsuit. It's nuts.
I'm curious about the apple's passwords app. Where you able to use it? What about passkeys?
While I can't help with extricating your data from the fruit factory's claws I do have a suggestion what to do next: get a 10-foot or 3 m pole and use it to distance yourself from them in the future. Self-host your data if possible, find a friend you trust who already self-hosts and see if you can hitch a ride, use some commercial service if necessary but don't allow yourself to get trapped within an 'ecosystem' again. If a company makes it extra hard to use things outside of their own control you should understand that they're not doing this for their users but to remain in control and maximise their chances of extracting as much from their captives as possible.
Don´t check in to Hotel Cupertino or soon you'll be singing along:
Mirrors on the ceiling
The pink champagne on ice, and she said
"We are all just prisoners here
Of our own device"
And in the master's chambers
They gathered for the feast
They stab it with their steely knives
But they just can't kill the beast
Last thing I remember, I was
Running for the door
I had to find the passage back
To the place I was before
"Relax," said the night man
"We are programmed to receive
You can check out any time you like
But you can never leave"
I upvoted this for visibility but if you put your entire digital life in the hands of any of these tech companies and store all your shit in the cloud with no local backups, you are at least as blameworthy as they are. I’m less surprised that Apple would do this than I am that somebody who is clearly tech savvy could be this stupid about tech.
This kind of thing happens more often than people think. You trade convenience for blind trust and sometimes that trust gets revoked without warning. Whether it's Apple, Google or whoever’s "ecosystem" you live in if you don’t own your keys and data, you’re just a tenant who forgot the landlord doesn’t take calls.
Big tech giants locking unsuspecting users out of their digital lives is nothing new. What would it take for our society to stop relying on these closed, walled gardens for critical stuff?
How many account lockouts must occur before we accept that digital life built on permission rather than ownership is inherently fragile?
if you pay for service you should receive some guarantees it is your money, it is crazy that there is no cool-off period where you get banned like this even by mistake or by Apple deciding they do not want to offer a service anymore and allow you to take out your stuff before fully shutting down.
While I understand the attraction of doing so, I’m not sure I like the implication in the post that the reason this needs to be reviewed is because of how loyal of a customer this person is, or the fact that they have written books on developing for Apple devices.
I hope you get it back. I always had the mindset that if I am a paying customer that this type of situation is very unlikely. But you are literally a massive paying customer and you got hit. The truth is you are just a nobody even as a customer who has dumped thousands of dollars as a loyal supporter. Showing up on HackerNews is a positive thing as the only way to get any traction in these situations is either be famous and complain or your story going viral and someone with power seeing your plea.
I worried about only having a physical copy of my family photos so started paying apple for some storage. This type of event worries me. Good reminder to have multiple backup solutions.
Oh yeah and it absolutely does away with bullshit of "If you're not paying you're the product" I'm sorry it doesn't work when these services, even free, are monopolies
You can have free services, you can have paid services but they ALL absolutely have to be answerable to the consumer
"Many of the reps I’ve spoken to have suggested strange things, one of the strangest was telling me that I could physically go to Apple’s Australian HQ at Level 3, 20 Martin Place, Sydney, and plead my case."
This does not seem strange to me and could be a course of action. When I moved my domains off Google because of this type of "banned without recourse" possibility, I found a registrar that had a physical address, small office, and people listed on the company website (porkbun) so in the worse case I could fly to the office and straighten things out.
No mention of even going to an Apple store. Maybe the nearest one is very far away from him?
I wish people would understand how common this is. There's no customer service line you can call when some overseas moderation farm worker spends 0.8 seconds looking at something and taps the hotkey for one of the reasons in their terms of service that they deem an account should be permanently wiped for. Have some recourse. Buy a NAS that will do automatic backups of all your cloud accounts. Long ago I lost a decade of Gmail and GDrive because I posted a PNG file of a credit‑card form that said "This post only viewable with Google+ Gold." You need to be treating these accounts as ephemeral.
It's one thing to lock someone's account so they can't make payments or whatever. It's another altogether to lock them out of accessing their own documents / photos / etc. That's just 100% unacceptable regardless of what triggered it. And even if they did have a valid reason to lock your account, at the very least it should be, "you have 7 days to download / clear out your documents".
Absolutely horrible black mark on Apple.
I'll be buying an external HDD to download all my photos / iCloud docs to. I've been too trusting.
There really should be a law around being able to access and review locked accounts. I've seen so many cases of people just losing their digital lives because of an automated system.
Regular old contract law will handle this fine. State a claim to a court and let Apple respond to it. It's not beyond the reach of the author to do this.
My partner was locked out by Apple last year during a password/device change gone awry. Two weeks and we finally got through to someone competent who fixed it. At one point it looked as though we would lose many of the videos of our son growing up.
Since then I have been removing myself from the ecosystem - my email is from hey, file sync on Dropbox, obsidian for notes, whatsapp for messages. Sometimes it doesn’t feel as joined up, mostly it is way better.
Moved to framework computers + omarchy last month and am not looking back.
Yup. They did the same thing to me a few years back. Not sure why. Had to re-apply as a developer with a different email address. I don't use Apple products anymore.
This kind of Kafkaesque behaviour is what I've come to expect from any kind of online services. It's also why I won't use anything that cannot be setup offline.
This is why I self host my blog. My email. This is why i try to stay away from the convenience of big tech. It is not the first time this happens and it will not be the last.
This is really sad that some people are in ways blaming it on the author. While I do advocate zero to almost zero usage of services by these OEMs or big corps, in today's world everything, or almost everything, is linked to your email and/or phone number and in turn with a computing device, which, for me, makes these OEMs essentially public service providers for a cost. Locking a user out literally casts that person out of today's society — communication, dating, groceries, transport, hell, in some cases maybe even health care and emergency services — you name it. So it's very ingenuous and unkind of us not to raise hell and shout for extreme accountability on these corps' part instead of reminding a victim of T&C and not having diversified the online services usage enough across providers.
Any company or entity ought not to be allowed to wield power over our lives, like locking someone out arbitrarily, let alone via some asinine, half-baked algorithm.
I think apple is a red herring here, it's the amount of legal power granted to the enforcement of money laundering laws and the lack of ability to push back against this
Musk/Jobs archetypes, though unpalatable at a personal level, are valuable in their willingness to burn themselves up to fight the "system" vs bureaucratic types who just fall in line and elevate what is a political issue into a Sacred Value
Does anyone know if in the USA you could simply use small claims court on every individual device and service to get likely default judgements against Apple and then when they are unlikely to pay up, get a judgement against Apple and make a big deal about strolling into a store or even HQ to take Cook’s own devices out of his office or maybe just seize his corporate jet and auction it off?
I just want to point that buying gift cards in order to participate in gift-card arbitrage violates both apple rules and payment provider rules.
If you are buying large amounts of gift cards and then redeeming them, it is critical that your purchasing patterns do not look suspicious, such as buying more things that a normal user might need: multiple iphone wallets, multiple iPhones, or similar items.
I hope OP can get his account unlocked. This is a good reminder for everyone else, backup your cloud data to a local drive. But thats just one part, the social / email OAUTH side of things, phone accounts etc..., terrible situation. It should be easy enough to walk in a HQ / office and show credible ID and get your account unlocked.
Wen thinking about risks from depending on the cloud, people fixate on the risk of losing data, when this kind of denial of access is a much more likely occurrence.
I've started on my de-appleification plan in earnest this year:
If local backups were not so hard...
It is sometimes impossible to back up an iPhone to a computer; yet seamless to backup to iCloud... Infer what you will. I am skeptical of over reliance and dependance on Apple more than ever. Unfortunately, interoperability is something we can wish for rather than expect.
I dump photos and videos I want to preserve into a WeChat/Whatsapp chat and use their desktop apps to download to an external HD. It’s a bit of trouble but still easier than doing this natively in Android or Iphone.
Nevertheless, the irony of this is overwhelming: a guy who spent his life promoting a company whose model is "we deeply control the products you use" gets burned by the fact they deeply control the products he's been using.
I do have an Apple ID, which was banned due to fraud and customer support couldn’t do anything about.
The thing is, that account was just used for dev. things for the US company, which builds/sells software for the US federal government (among the other US entities).
I used to have an eBay account, and at some point, despite not having used it for a year or so, I got an email saying I was permanently banned from eBay.
No appeal, no reasons given, no possible way to create another account.
Just. Banned.
The companies need to be big enough to provide the amazing services they do, but once they are large enough they will never care about individuals.
My internal model of large companies is that they are intelligent, psychopathic aliens. The people in them are like cells in our body, important for the function, but with no agency, and they are not who you are dealing with.
You're dealing with the company, and it's an inhuman, psychopathic alien.
PayPal permanently blocked my account and all of its connected cards and bank accounts after I sent them my passport for some verification (I don't remember why). It was because a lifetime ago I had opened my PayPal account as a minor.
Maybe events like this will be a wake up call to our community. Virtually everyone around me uses Apple everything - colleagues, friends, family. And they find it weird when I say I don't use Apple out of principle and I even have to justify it.
Congrats, you did this to yourself by willingly using proprietary software you have no control over and now you cry that you have no control. You did this to yourself.
I went back to an MacBook pro M5, after being away from Apple for a year or 5 (Lenovo etc).
I tried to re-enable my apple account but I had to wait 5(!) days to change the password. I ended up making another account.
It's a defence mechanism against account hijacking if someone has access to your phone number, linked to your account. Went through the same procedure to recover an account I haven't been using for a few years.
What I've learned from all these disaster stories: have backups for everythig. I have an iCloud+ subscription but also a OneDrive subscription, photos are sync'ed to both storages. On gmail, I set up fwd for all emails to another email address (non-Google related) just in case. Of course you can't do this for every service but do it for the ones you can.
On a meta note, Fuck Apple, I'm so glad I didn't pursue an iOS developer career 10 years ago.
I have had an apple id problem myself, for the past N years. Mine is an old mac.com account, which has my Gmail address as the backup email (and the primary one now that mac.com isn't doing email anymore). Because of this, I cannot sign up for a new account with my Gmail (it is tied to the older mac.com account).
I've managed to reset the password, but I must answer a security question to log in. I mean, I answered those security questions probably a decade ago and I do not know what they are anymore. You can reset your security questions, but to do that you need to use an iPhone (last one I owned was a 4) that is still logged in, or, answer a security question. Which is as we established, the problem.
So every couple of months I log in, try a few other possible answers, get them wrong, and get locked out for a bit.
Anyway, I need to get this fixed my march, due to apple being the formula one streamer in my country now, so I have to actually solve the problem of logging in to my apple account. Or, I guess, making another random email just so I can watch f1. Sigh.
But if anyone knows how to reset security questions, I'd love to know. I would way rather pay apple actual money than go back to torrenting the races.
It sounds like you unfortunately have gotten yourself kinda stuck, but I very much sympathize. I too have an account dating back to iTools, and for a long time it was a major frustration that I was stuck with that original email address as unchangeable for the Apple ID, unlike newer accounts. However, some time in the last, I dunno 3-5 years maybe? I can't remember now the exact time I noticed, but after over a decade of requests and fading hope Apple actually did allow me to change the email address for that Apple ID, which I shifted to my own domain. So for anyone else who hasn't checked in a long time, worth noting situation might be marginally better now.
Re: "mac.com isn't doing email anymore", all the original mac.com email addresses still work fine. Apple has played around with various domains (mac.com/me.com/icloud.com) over their decades of bumbling with online services but they made them all interchangeable for older users, mails to the original @mac.com emails still go through. Even originally made aliases (they allowed 5 with iTools) still work. Not sure what your issue was on that one.
Finally yeah, ""security"" questions are one of those horrible legacy anti-patterns that I will cheer to see finally be dead and buried. If you try to answer them honestly probably anyone can learn it with a bit of online searching, if you go for more obscure stuff they're easy to forget defeating the purpose. It's really best just to treat them as extra passwords, use random alphanumeric values and keep them in your password manager same as the password. Apple has also fumbled around with recovery over the years, at one point you had options to have a manual recovery key you could save but I think that's dead and can't set it up after already forgetting. Maybe if you go in person to a store with physical ID and evidence, if you had payment associated with the account and have that credit card for example that might do it.
If you have nothing of value tied to the account though probably no reason not to just abandon it.
youremail+anystring@gmail.com will always redirect to youremail@gmail.com Before making a random email address, try using youremail+f1@gmail.com or something similar.
As someone using Linux to build web applications, I wonder what about the Apple ecosystem could make it worth to have such a Damocles’ sword hanging over me my whole life.
Am I missing something? My current perspective is that not only am I free of all the hassle that comes with building for a closed ecosystem, such as managing a developer account and using proprietary tools, it also comes with much harder distribution. I can put up a website with no wait time and everybody on planet earth can use it right away. So much nicer than having to go through all the hoops and limitations of an app store.
Honest question: Am I missing something? What would I get in return if I invested all the work to build for iOS or Mac?
Plenty of things do work better as a native application. Packaging is a pain across the board nowadays. Apple is pretty good, you pay a yearly fee if you want your executable signed and notorized, but they make it very hard to run without that (for the lay person). Windows can run apps without them being signed but it gives you hell and the signing process is awful and expensive. Linux can be a packaging nightmare.
And that website is hosted somewhere, you’re using several layers of network providers, the registrar has control over your domain, the copper in the ground most likely has an easement controlling access to it so your internet provider literally can just cut off access to you whenever they want, if you publish your apps to a registry the registry controls your apps as well.
There are so many companies that control access to every part of your life. Your argument is meaningless because it applies to _everything_.
A trustless society is not one that anyone should want to be a part of. Regulations exist for a reason.
Not wanting centralization under one company does not equal advocating for "trustless society".
All the things you mentioned (registrars, ISPs, registries, etc) have multiple alternative providers you can choose from. Get cut off from GCP, move to AWS. Get banned in Germany, VPS in Sweden. Domain registration revoked, get another domain.
Lose your Apple ID, and you're locked out of the entire Apple ecosystem, permanently, period.
Even if a US federal court ordered that you could never again legally access the internet, that would only be valid within the US, and you could legally and freely access it by going to any other country.
So in fact, rather than everything being equivalent to Apple's singular control, almost nothing is equivalent (really, only another company with a similarly closed ecosystem).
If you're full in Apple ecosystem, like my GF, you get:
- Shared clipboard across devices
- Shared documents
- Shared browser
- Shared passwords
- Free, quality office suite
- Interoperable devices (use iPhone as camera on Mac, for example)
- Payments across different devices (use clock to pay, for example, shared with your iPhone)
All of this with just one account without any third-party service.
And billion of things more, probably, I'm not a full Apple head.
This sucks, I hope you can somehow reach Apple and get them to unfuck your account.
My own experience with big tech account bans was much milder, so I learned my lesson without much pain. I got a "free Azure credit to learn cloud computing" email from MS, redeemed the credit, created a VM, started clicking around the settings and got locked out. Raised a support ticket, asked what I did wrong, told my account was flagged for suspicious activity. I asked what I did wrong again and got a reply that my case had been reviewed by a human and that my Azure account wouldn't be reactivated. Thankfully, my primary MS account didn't get banned for that.
Conclusion #1: it's frankly insane that a big tech company can fully terminate your account with no means of recourse. People like to mock the EU and its lawfare, but I think it is the best candidate to force the tech firms to implement some sort of firewall between their various services, so they can't terminate your access without prior notice or without compensation.
Conclusion #2: those who are reading this, don't put all your eggs into one basket and teach your friends and relatives to do so as well. That is, if you have to use the services of various big tech companies, spread them around. Have a boring account with one company that you use for free stuff, a boring account with another company that you use for paid services (if you can purchase services X and Y from two different companies, do so), a boring account with a third company that you use for getting paid, a fourth account that you use for shitposting and getting into arguments with internet strangers.
There have been so many cases of Apple, Google, etc. doing this that it's hard to have any sympathy for them at this point. If it was some grandma who didn't know better that would be another story, but the author was surely aware
- that Apple *can* always *just* disable their account
- that Apple regularly *does* do that
- that Apple does not care about them at all
and they chose to bet their entire digital life on Apple's benevolence anyway. They lost that bet.
We need more stories like this hitting the mainstream news until even a non-technical person's reaction to this is "well, what did you expect?"
This is a good post and I wish all the best to the author that someone from Apple can help resolve this. I will personally never use iCloud ever again because of this.
These kinds of cases just triggers all the rage for me, be they true or not and whatever is the actual case.
I have fresh experience of setting up Azure/M365 and AppleDev for my startup. Those things are scary as f*uck, in many perspectives:
(1) Dark patterns everywhere (click this checkbox and we'll buy you a license, oops +xxxxx €/$ per year just came; get one-month trial for O365 to get bizaccount, select 1 license, see that there is 25 licenses (~ 4k €/$) to be renewed if I don't cancel).
(2) Microtransactions everywhere (e.g. Azure VM SSD I/O: every read/write operations costs), DDOS and 10/100 k€ bill coming. Everything "scales", especially bills. And no billing caps, of course.
(3) Codesign with Microsoft: I have option to wait weeks for freight ship to ship USB cert token (if it ever survives past toll/postal service after that), or use AzureKeyVault, but that is officially only for companies that has taxes/accounting for 3 years of operation. So no startup can use that by this requirement to codesign?!
(4) AppleDev (and kind of Azure/MS too) requires DUNS number, which takes 6 weeks to get in normal case. Apple's 5 bizday route doesn't exist anymore (at least not for non-US-based companies). Or just use D&B magic link from Grok and get it immediately in 5 mins.
(5) If you base your business on Azure/M365 and AppleDev and be obidient and compliant (as I am doing/being, because I'm building real legit and long-term company, not some hussle project), it still doesn't matter, because they can just can decide by human/ML to shut your business operations and means of living. And getting answers like in the title's article's screenshots with those emojis are just the most non-human interaction that there can be done for affecting so devastatingly to someone's life/business.
These are the most disgusting things that I know of.
It's really difficult to give up the convenience of cloud-based accounts. It would be nice for regulators to step up and protect consumers when it comes to this kind of thing.
I always knew Google and Facebook did this (let's make Oculus a Facebook requirement! oops now you're banned - genius, brilliant, all the people working there have an IQ of 600) but now the trifecta is complete
Seriously can we fucking have any products that work, in the 21st century
Yeah literally the exact same thing can happen on android and windows. The solution is regulation, not ridiculous solutions like telling billions of people to back up their own stuff.
Same story here. I'll never go back to Apple Music, even if only for streaming. I had hundreds of tracks and albums just demolished by something related to iTunes Match, didn't realize for months, and didn't have a solid backup system at the time.
oh man, I started with iTunes Match because that's the only service that I could use to backup all my MP3s, and now it's all messed up and so much music has just disappeared from my playlist... so sad.
Unfortunately I still don't know a service I can use that will allow me to sync my current MP3s / what I have in Apple Music, and export it if I need it. There's really an issue of owning data and being able to take it elsewhere :/
Why do people still do this, why??!? This is not an ignorant user! The author (and victim) has written several books about Apple tech, how do they not know that these "platforms" cannot be trusted with anything -- especially data that isn't backed up somewhere else!
Companies don't care about people, and the bigger they are the more evil they behave. They need to be treated like hostile business partners because that's what they are. They're only after money and absolutely nothing else.
This is not some radical leftist manifesto, it's the plain reality. And it's not new either. It's always been like this.
How do you that with Apple hardware that requires an AppleID to operate?
Is your advise to avoid all Apple hardware?
Or buy backup hardware none of which will run MacOS / iOS, so you still couldn't access things like your Apple Developer account, or any shared documents?
Have no apple hardware. If you need apple hardware for work use a work email and account and never use it for anything else other than work. Always pay apple with a work credit card.
I probably shouldn't be surprised, but… so, you are saying, Apple can remotely brick YOUR device? For any reason, let alone "because of a mistake"? Heh, and I was considering to buy my first iPhone. I mean, seriously, I can only shrug at the fact that anybody accepts these terms at all.
I would like to think you're wrong, but if they fix this, you're possibly right. My career is built on Apple technologies. I don't love that I'm captured by a vendor, but I have a lot of knowledge, and building to that level elsewhere is hard.
I just want to keep using my stuff, and getting on with the fun things I get to work on. I don't have a strong attachment to Apple, I have a strong attachment to the familiar productivity I normally have.
Even if you helped and this is fixed, consider the privileged situation you are in to even get this fixed. Most "normal" people would be doomed to lose their entire digital life. Evangelizing for a Megacorp is dooming more people into willing incompetence and dependency.
Reconsider at least that part. You can work with and use their products (as I do at work with the GSuite or AWS) but I will never recommend or evangelize for them or rely on them with things I care about.
Sounds like something triggered a suspicious activity report. Not sure if it also applies to the likes of Apple but they’re forbidden from revealing any information about what caused it, etc with the customer or anyone.
Perhaps the most annoying thing about this, certainly after getting traction on HN, is that his account will be reinstated....
...and then nothing. No sorry, no "here's what went wrong", no blog post to address the angry masses, no recognition, reconciliation, or reformation. Just things working again and silence.
About 11 months ago, this happened to my Apple account that I’ve used for over two decades, with purchases worth probably tens of thousands.
Apple Support told me these “decisions are taken in a higher department” and escalated me to tier 2, who insisted: “we’ve determined your account doesn’t meet the conditions to enable it.” Their suggestion was for me to create a new Apple account.
Then, three days later, my account was suddenly re-enabled; and it has worked perfectly ever since, as if nothing happened.
I hadn’t used gift cards in nearly a decade, so my guess (and this is pure speculation) is there must be other flags affecting older accounts.
The whole episode was utterly kafkaesque, and it’s made me much more cautious about relying too heavily on the whims of our private megacorp gatekeepers.
Companies like apple should be liable to pay many millions in damages for this kind of shit. The people should make it hurt so much for them that they think twice before doing it without having a clear and working appeal process where you are clearly explained what happened and guided through it.
You do not own your apple account, and you never did. I would take this as a chance to learn about digital sovereignty and self hosting where you control your own data so this never happens again.
Google and Apple can and will delete your content at any time for any reason and there is no appeals court.
The real, foundational problem here is that we have abandoned the principles that made the internet. We don't care about open protocols, we accept walled gardens. Every day those walls get a little higher until eventually someone wins and the only thing that exists is the garden.
I don't know what the solution is, but I think part of it is deliberately divorcing yourself from the big players as much as you can, which isn't much for some people, and encouraging government efforts to break them up and pull down garden walls whenever the opportunity arises.
This is what government is for even if we've forgotten it in some places.
The stories of online-only service failures are legion. And yet if you can get face to face support, even one person can do so much. The gap is infuriating.
I didn’t notice, do you have a Brick and Mortar Apple Store you can visit? I can’t help thinking this as I read the post.
Of course this is not a physical hardware issue. Where a store employee could just hand you, say, a new phone. This is on the level of getting a slot on Tim Cook’s day planner, though I imagine the person with the ability to fix this is an underling many levels down Cook on the org chart.
This is disgusting and unconscionable conduct by Apple. Your whole life is locked into your account (digital data and physical devices), and they either don't care or don't have the processes in place to fix it.
This is the kind of thing they need to be sued on a massive scale for to solve but it's too rare and too expensive for anything to ever happen to them for it.
That emoji in the last pic felt like passive aggressiveness. I don’t have anything to say but it’s why I never put my eggs in one basket, and essential stuff are always backed up, but if your job is developing in an apple eco system and this scenario happens, it’s basically like getting fired and banned from working ever again!
No idea if this has ever been tried, but a GDPR "subject access request" requires a company to hand over all the data they hold on you, which technically should include all your photos, media, messages and everything.
These online storage services like iCloud and Google Drive are, and always have been, a trap.
They feel convenient, but they will keep changing their TOS to disadvantage you further and further as time goes on.
Everything you upload is scanned into their AI to create a profile about you that they can then exploit (once again, to your disadvantage). They do it despite regulations against it (Who's to say what they're complying with, deep in their complex data centers? Who's gonna even check? And how?) This is why online services that take control of your data are such gold mines (subscription fees, analytics, profiling, etc). They get you coming and going.
And of course, the account terminations: The earthquakes and "natural disasters" of the online world that destroy lives with no consequence or care.
When your data is not in your sole possession, you own nothing.
This really sucks, I hope Apple sorts it out, I wonder what one can do to put pressure on Apple - I suspect you may need a lawyer to write them in order to get your issue escalated.
I don't like that people just shrug and say this is how all big tech is.
Apple charges a premium and built their brand name on customer service.
But they have stopped caring about the customer.
I was also a loyal Apple customer for 2 decades and used to recommend them to everyone.
Now I recommend them to no one.
I've switched my phone back to android a few years ago to avoid apple lock-in. I still use an ipad pro and several macs and peripherals, sets of airpods and apple tv and what not - then I wanted to buy the watch - and was told it cannot work with any of their tablets or computer and cannot be activated without an apple phone. OK apple.
One day my debit card expired while on long overseas travel, suddenly I was unable to install apps I already paid for on my mac and other devices, update any apps, or install free apps, I could not pay with a different card because those were in a different region and would have required a region switch locking me out of a lot of content and apps. So for several months I could not install many of my apps I bought on my other sevice or update or install free apps. OK Apple.
I also remember how the base config of Apple laptops were 8gb ram and 256gb SSD when all other decent ones were on 16 and 2tb - and remember apple is supposed to be a premium brand and they're supposed to not burn you with a default config. OK apple. Then they charge you 3 times more for the upgrade from 256gb ssd to 2tb than what 2tb costs retail. OK Apple.
I still love their tablets and laptops and even the mac mini. But I've already started to mentally prepare for a switch to Linux and maybe x86 or other hardware.
Apple cannot be trusted.
They are a fashion company and not a tech company any more. Jobs is dead.
Plan your exit, reduce your exposure, soon they will be so evil and dysfunctional that you will regret it.
Don't trust them with your most valuable data. Use other services. Use a diverse mix of providers, no apple exclusivity. If you tie your entire life to one cloud, especially Apple, you have set yourself up for future ruin.
Their software quality and reliability is also slowly slipping. Everything is being dumbed down. Their business processes are becoming a broken maze. Apple used to be a company that aimed to satisfy simultaneously the power user and the basic user, now they only care about optimising for the casual user mass market, power user is going to have an increasingly tough time with them. Remember it is now a fashion company, watch their keynotes and believe the vapid image they project.
I've been locked from my apple id for two *months*.
Even though I:
- had my recovery password
- re-confirmed the email
- re-confirmed my phone
They just kept telling me "we'll contact you in two weeks", and kept not following.
Then after the 4th recovery they sent me my recovery link on email (in any case weeks later).
Worst of all? Their privacy and security they keep repeating like propaganda are beyond bogus. Sure, they de-logged me from all of my accounts, that I appreciate, but I had 0 issues accessing all of the contents on my hard drive if I was a thief with a simple script in recovery mode I could still access everything. Where's the security? Propaganda only non-technical normies believe and then repeat.
I'm never ever buying Apple products ever in my life, I've got MBPs that my clients send me, but that's it.
Being a "loyal customer" to any giant corp is just making it extra convenient for them when they fuck you.. You need your stuff as files on a computer you actually control.
hopefully he’ll get resolution by bringing his case to the “media”. Still, for someone who heavily presents the argument that he’s a professional writer and even says “I am asking for a human at Apple to review this case.” , I find it odd that he tries to make his case via an obviously ai-written post.
I mean, isn't writing what you said you do for a living?
That applies for any device you buy, yes even if you plan on putting graphene on it. So you’re getting downvoted because your comments are pointless and disingenuous. Also, you can jailbreak an iphone so no it’s not bricked.
There are a few physical Google stores. They aren't really very helpful at anything, and even don't have phones in stock often.
I went to one, wanted a Pixel Fold in the spring, and was told "we'll get one". Some guy left to do so, and 20 minutes later I just walked out. Just as with everything else, when Google does it, it's half-assed.
I have spoken verbally to multiple members of Apple's support teams. Apologies if that was unclear. I didn't record this calls, as they did not permit me to.
Then continue that. It’s definitely a fraud detection lockout due to probably the retailer not properly registering the gift cards or something similar.
If you can’t iforgot.apple.com, then support is your only option. No one else has access. Only Apple Support.
You have a case number, keep calling every 12 hours asking for an update.
That's a bad-faith comparison, and it's making me wonder how old you are if you're conflating iCloud lockout with sexual assault.
Apple's EULA, which the OP agreed to, gives them the right to suspend services for whatever reason they want. You're only allowed to use the service by offering consent to be removed, thousands of services work that way.
OSS, and the fact that it doesn't have this weakness, is orthogonal to the "us vs them" dichotomy you're describing. Apple ID is flawed, do not trust it. Full stop.
I would love to feel sorry, but seems you’re technically capable of preventing this (unlike most people), just chose “convenience.”
Well, this is the downside of “convenience.”
If you manage to recover your belongings, I hope you stop preaching around how living in a normal apartment in society is good and everyone should accept the risk of home invasion instead of living in an underground bunker with biometric access controls and armed security.
living in an apartment sucks for security. You can't really own a gun and practice castle doctrine. Your landlord has a key to your home and can lock you out at any time, or can go through your mail.
There are other options like living in your own property, living in an RV, etc. that are better if you are worried about security.
If I was living in an apartment, I wouldn't be stashing all of my money under my mattress. I wouldn't run a business out of my apartment such that I would lose all of my equipment if I got evicted.
Similarly, I wouldn't do anything of importance on an apple computer. I wouldn't stash cryptocurrency on it, I wouldn't save my bank account details on it, I wouldn't run an important business that depends on their platforms. Because you're just renting and your lord can change the keys tomorrow.
I will empathize with you then and with your inability to empathize with the fact that people are different. Some people don't want to admit to themselves that this world is a wolf eat sheep world, trust that if you're a law abiding citizen, you shouldn't expect to be unfairly treated. Some people have more priorities and no time to dwell on harshness. They also would love it if everything just worked and you didn't need to spend 2 months of your life to configure things and always have to DIY everything.
They're not like me and I accept that. I will never use Apple & Google Cloud for my personal things. But I will empathize for those who get unfair treatement from these companies.
The whole meaning of a society is that we look out for each other, these big corpos have lost the plot, but I will not.
It is supposed to be : I buy a service from you, I did nothing wrong, please treat me fairly and do actually deliver on what I paid for.
That we don't trust them isn't how it's supposed to be, I wish I didn't have to do all of these things I do to keep away from big corpos, but this isn't how it is supposed to be. We're supposed to have the ability to trust each other in a society.
I qualified with "technically-inclined". You can't avoid seeing stories like this (about Apple and Google) on a monthly basis if you read tech websites. It is a known risk, which needs to be managed. Failing to manage it to this extent, while also writing tech books, is just baffling.
Apple is clearly in the wrong, and I'm certain that there are thousands of similar cases that are less public. The author is one of the best-positioned people to know and understand that. I'm sure they'll also get their account back, unlike many others.
(I can empathize with the difficult decision they'll face after that: do they continue to promote Apple, or try to reinvent their career somehow?)
"Looking out for each other", in this case, implies telling the people you care about to have backups, and helping them set up. I do that, a lot. I'd try to also help with this plea, if I had any pull with Apple.
I don't understand the sections of your comment with the word "supposed" in them. Supposed by who, and on what basis? What paid-for service are Apple not delivering? I assume they don't charge the author anymore.
If Apple engineers read this: I can't sign in into my iCloud account from my android phone, it just doesn't work, meaning I can't manage my subscription like HBO now that I switched to an android phone.
PS: My plan is to wait for Apple to release a folding iPhone to move back!
It's just insane that a gift card redemption can trigger this. What's the rationale? It would make more sense if they just locked the person out of redeeming gift cards or something, not the entire account.
But reading horror stories like this is is why I only use the very bare minimum of any of these cloud services. Keep local copies of everything. For developer accounts, I always create them under a separate email so they're not tied to my personal. At least it can minimize the damage somewhat.
It sucks that I have to take all these extra precautions though. It's definitely made me develop a do not trust any big corp mindset.
>It's just insane that a gift card redemption can trigger this.
It's also the buying of gift cards that can get Apple accounts locked: https://old.reddit.com/r/apple/comments/r8b1lu/apple_will_pe...
If enough of these horror stories are publicized, people will learn to never buy/redeem Apple gift cards because of the real possibility of account bans.
- Don't give Apple gift cards to family and friends: You're potentially ruining the recipient's digital life if they redeem it.
- Don't buy Apple gift cards: You risk ruining your own digital life.
If you've been given an Apple gc for Christmas -- and you have paranoia of the risks -- don't buy anything online that's tied to your Apple ID. Instead, go to the physical Apple store to redeem it. And don't buy an iPhone with it because that will eventually get assigned to an Apple ID. Instead, get a non-AppleID item such as the $249 ISSEY MIYAKE knit sock.
I have thousands of credit-card reward points that could be traded in for Apple gift cards but I don't do it because Apple's over-aggressive fraud tracking means Apple's store currency is too dangerous to use.
The "gift card" in general is an anachronism whose time has passed. They have got to go. If companies are going to consider use of gift cards as red flags (as they often are, due to their being key components in money laundering and scams), then society should just abandon them. They are worse in every way than a prepaid credit cards, and in most cases where you want to give someone a gift card, you should probably just give them cash.
12 replies →
I'm the author of that Reddit post. I should probably update it to clarify that I didn’t just purchase the gift cards, but also redeemed them. I don’t think it was purchasing them that triggered the lock on my Apple account. I mean, after all, how would they know what my Apple account is until they’re redeemed?
26 replies →
> If enough of these horror stories are publicized, people will learn to never buy/redeem Apple gift cards
You'd think so. Yet, the stories of PayPal locking up payouts to surprised people keep coming every year - and people still use them.
32 replies →
It’s against money laundering. Onerous regulations being interpreted highly defensively create these kind outcomes.
Neither the people creating the legislations nor the people at Apple responsible for these flows care very much about collateral damage.
3 replies →
> If enough of these horror stories are publicized, people will learn to never buy/redeem Apple gift cards because of the real possibility of account bans.
If you are trying to be a bad person you could weaponize that approach. You do not like person x, send them some Apple gift cards... :o
8 replies →
It seems you haven't learned the whole lesson. You're close, though. If you're going to be skittish, there's a better and easier set of rules. Don't use anything that involves an Apple ID.
3 replies →
I skimmed some of the comments from that giant Reddit thread. A lot of people responded that they’ve been buying even more Apple gift cards without problem.
One commonality among the stories in that thread from people who had problems was either switching their App Store country or using their App Store account primarily from a different country than the setting.
1 reply →
An even better advice: Don't buy Apple.
40 replies →
"we sell gift cards :)"
"and we ban you for buying or redeeming them"
is just top tier comedy honestly.
As soon as I heard the first one of these stories about a guy getting google broad-spectrum banned because a junkbot AI thought his completely normal youtube comment was a nazi rant or whatever else it hallucinated - I bailed on the whole shebang. Hosting your own stuff is, if you're a reader of this site, easy enough and cheap enough there's little reason not to.
> such as the $249 ISSEY MIYAKE knit sock
I mean that is a problem in itself :D
Why does Apple sell giftcards?
3 replies →
- Don't use Apple. Or Google.
32 replies →
I had Amazon close my old, almostt-unused account in Amazon-in-another-country because I dared to add a new payment method.
I proved them who I am, that the new payment method (virtual card from a well-known organization) is mine, everything.
After lots of back-forth I've been informed their decision is final.
I HAVE NOT BREACHED TOS. I wish I has a major law company behind me to force them to admit that.
Very happy it was my almost unused account, heavily went down with my purchases in mt main account (in my usual country of residence) as well.
And yes, I use login-with-companyName as sparingly as possible. We are not the users, we're beggars.
I am in a situation right now where Amazon delivered a fake product. Support suggested they can also try redelivery, and when I asked what if it happens again, they said it should not happen.
It happened - fake again. Now the customer support flow is: you upload images of the product (max. three), and the system approves the verification or rejects it, and then you have a way to contact customer care. System rejected. The trick is - they do not know why the rejection happened, they are not able to tell me, they are confirming the images are very clear and crisp, but they can't do anything to help me because the system leaves them with zero options to move forward - in fact, there is no further escalation matrix either. Nada!
The bank (credit card issuer) refused to raise the chargeback because "but the merchant 'delivered' the item". But it was fake, so? No, no, it "delivered" - that is what counts, so you have to sort it out with the merchant. But they are refusing any further help. You have to sort it out with them. And so on... in a loop.
Can I take them to court? Sure. It may take weeks, months, and maybe years, and even then, in the end (if I win), the court may just instruct them to refund and possibly (possibly!) compensate a trivial amount for legal expenses, which is never even remotely close to the actual legal expenses in this country's courts.
Just stonewalled. It almost feels Kafkaesque.
9 replies →
Amazon expects you hire a consultant that is a buddy with the manager responsible for closing your account, and bribe them through that engagement to re-enable your account. They started doing that a decade ago with the mass-banning of legitimate sellers.
Emailing jeff@amazon rapidly solved the problem for me when I was in the exactly same situation.
Of course it'd have been nicer to tell them to fuck off, but living without Amazon would simply be far too inconvenient.
15 replies →
Honestly, good riddance. Just abandon that company and everything they touch.
2 replies →
And yet you keep paying money to this company. That is on you.
Not only local copies but also at least own and use one device where you have your important data that is not on the same OS ecosystem as the other device(s) - also helps with things like 2FA, password manager, etc., if shit has hit the ceiling fan on the other device.
In addition, I always suggest people to:
- Not use big tech's cloud services - ever
- But if you must, do not use many cloud services from just one provider (i.e no Google everything, no iCloud everything) i.e stop using "one account gateways".
- Needless to say, it's time you had a domain and start paying for mail hosting (at least for critical stuff - you can actually buy a very cheap plan; and use that gmail/live-hotmail/yahoo/iCloud/whatever everywhere else) [0]
- Keep an offline (but safe) copy of your "most" important data [1] and ways to remember (i.e cryptic hints) for your "most" important passwords
- Gain some experience in fighting in consumer courts/forums (depending upon your country) - start early, start with e-com companies. A lot many times we don't put up a fight because we have never done it before and we give up always because every time it's a first time. Apple and Google make a mockery of consumers everywhere because we have allowed them to. In fact sometimes when we talk of lack of accessible support at Google and Apple (yes, Apple) we speak in a disdainful appreciation or awe :)
[0] Some might disagree but disabling (or dev/nulling in a way) mail@, hi@, contact@, sales@ etc on your domain (esp. if you have catch-all enabled) goes a long way in terms of avoiding spam
[1] It's also very important to have a tiered approach to data storage and backup strategies. There should be a very, very, very small subset of your personal data, including some of your photos and videos, that is really, really small in storage footprint that you can back up/sync to multiple locations and actually pay the full price for it at storage costs via your own setup, preferably using FOSS tools (which are becoming too good these days) out there.
How much free time do you think the average person has to learn and set all this up?
“You’re giving these companies your data and then dare to be angry when you lose it? Just get a degree in computer science and host it yourself!!1! I am very smart”
7 replies →
The list is a bit overkill for the normal person. I would suggest just:
- Have a local backup (simple giving the storage prices)
- Pay for one email provider (less chance to ignore you)
- For important services (bank, etc.) always register also a telephone number / second email if possible (there is a low chance that both primary and secondary thing will be blocked at the same time)
1 reply →
Cryptic hints only work while your memories remain intact, unexpected health issues can render them useless
1 reply →
At this point, are we relaying all emails to three or four locations for access to auth codes?
I don’t mean to defend this, but I know from experience that gift cards are frequently used for money laundring. The laws against that are very strict, incentivizing companies to overshoot and block false positives.
At the same time, AML solutions tend to be a closely guarded black box which simply tells you to block a customer, finding out why is pretty difficult.
To add more to the problem, some anti money Landry solutions are … AI powered.
>At the same time, AML solutions tend to be a closely guarded black box which simply tells you to block a customer, finding out why is pretty difficult.
For a good reason! You, as a rule, really don't want to tell the customer why you're blocking them. What will happen in the end is that you will be facing federal charges for assisting the money launderers because you kept telling them what they're doing wrong.
5 replies →
> The laws against that are very strict, incentivizing companies to overshoot and block false positives.
Yes, in many countries they are, but I don't think the laws are dictating Apple to completely turn off the accounts, but instead dictate that Apple should take measures against it.
They could disable those gift card features + Apple wallet/pay if they suspect fraud, and if no one complains within a month, then disable the entire account, rather than start with disabling the account. Would give them space/time to investigate, and wouldn't be a huge pain in the ass when the inevitable false-positives happen, like in this case.
12 replies →
Ironically, I had Amazon flag and undo some gift card purchases (of cards, not with cards) that I made for Christmas, while myself thinking about this category of problem, about why cards are a mechanism for scams rather than specifically money laundering.
The cards were to family members that I normally send gift cards to at Christmas, and the activity was counted as "sus" even though I was asked to validate my card number and expiration date before being allowed to make the purchase.
1 reply →
> The laws against that are very strict, incentivizing companies to overshoot and block false positives.
On that note[1] is a good read (Cmd+F: "suspicious activity report"), although this specific case is about gift cards, but the AML/T&S etc. space is remarkably similar.
[1] https://www.bitsaboutmoney.com/archive/debanking-and-debunki...
1 reply →
AML = ?
(edit) Ah, right, anti-money-laundering, found it in your last sentence.
1 reply →
Unfortunately, when you access multiple accounts from the same set of IP addresses and browser signatures, you can bet Google, Apple, Microsoft, and any other large company with that level of information collection has probably correlated all of those accounts to you. The company may lock them all if any one of them is suspected of "bad behavior".
Yeah I dont remember the details but I remember a developer at a studio causing their account to lock up when google shut down the previous studio he was working woth account
> It's definitely made me develop a do not trust any big corp mindset.
I've been reading about Lovecraft's Old Ones. Apparently they have no ill will towards humans. They just sometimes cause harm without realizing it, while going about their business.
I watched an interview with Elon Musk a few years ago (circa 2018?). I'm no fan of him but he was asked about AGI and he kinda just said matter of factly, AI can view humanity as we view anthills. We don't really care about anthills, but if they're in the way of us building a neighborhood in an area then goodbye anthill.
I'm not sure if I like that take because of how horrifying it is, but I found it very interesting that harm can be caused so nonchalantly by more powerful entities, since humans already view themselves as the most powerful entity.
4 replies →
> What's the rationale?
Most likely stolen cards. Stolen credit cards are used to purchase gift cards which are then resold to unsuspecting buyers. Think of it as stolen money laundering.
> It would make more sense if they just locked the person out of redeeming gift cards or something, not the entire account.
I always wondered why sites like g2a sell gift cards at a price higher than the gift card is actually worth.
A lot of things are clicking into place for me in this thread.
4 replies →
Well from my view as European working in finance. Handling money for customers to pay (buy apps) likely requires an e money license (not sure about other states). And with this there is lot of things coming, like AML and what not. So disabling the account might be due to regulations required for the e money license.
Of course Support should be able to resolve this if proves are given
That doesn't explain why an entire account is shut down, rather than just use of gift cards. Hammer to crack an egg, and just plain lazy/incompetent
1 reply →
> And with this there is lot of things coming, like AML and what not
Whats coming?
2 replies →
> what’s the rationale
Their mega high risk - high value gift cards are effective for laundering stolen/fraudulent credit cards. Buy a $500 gift card with a stolen CC and sell it on FB marketplace for $400 - you’re up $400, the buyer saves $100, Apple get paid by the retailer and the CC company are (likely) on the hook.
Of course the actual solution here is _don’t sell high value gift cards_, or require the Apple ID email at time of purchase/activation of the card
It would make more sense to stop offering gift cards, which make zero financial sense for the consumer, but why stop offering a lucrative product that people buy because they're bad at logic, when you can just shut down accounts and greatly inconvenience people at no cost to you?
> which make zero financial sense for the consumer
Not in all situations. Because of various cross promotions between car insurance, supermarket and airlines, by using gift cards for groceries I get an effective ~9% discount every time. That really adds up over a year.
For Apple and others, you can use secondary gift card market to get some discounts too, if you wanna risk it.
2 replies →
One practical reason gift cards exist is tax treatment. In the UK, small non-cash gifts to employees can be tax-free under the “trivial benefits” rules (each under £50, not cash or cash-equivalent). For owner-managed companies, directors have a £300 annual cap across such benefits. Cash or cash-redeemable vouchers don’t qualify and are taxed like salary.
Gift cards are huge in the B2B business as they are used a lot as gifts from companies to employees.
16 replies →
It’s a financial gimmick. The company realizes the income immediately while service is rendered later. This has positive impact on the finances.
5 replies →
I created a Google developer account with a separate email due to warnings like this. Then Google closed it because I left it idle too long and I didn't get the warning email. Sometimes you can't win.
Apple is perfectly happy to take money from criminals though. My grandmother bought some Apple gift cards from a supermarket which turned out to be fake. The cards on display had been replaced/modified in a way that upon purchasing them it activated another card held by the criminals. Apple refused to take responsibility and so did the supermarket. Gift cards are loved by scammers as a way to receive and launder money, they should be subject to much more scrutiny and have stronger AML mechanisms.
At what point in this transaction did Apple have your money to return?
It genuinely makes me a little anxious whenever I come across people whose entire digital lives are dependent on a google/apple account. Just one misstep and it's all gone
it's really hard not to have at least one single point of failure. there's a case to be made that a single cloud account actually reduces the ways things can go wrong to just one point of failure, instead of a handful.
e.g. email on a custom domain. your domain registrar is now a spof AND your email provider for your domain is a spof. and that's just email.
There's obviously a middle ground and ways to have a strictly better personal data posture than before, but it's a multi faceted problem balancing usability, security, and resilience
> What's the rationale?
Gift cards are used by phishers. In our institution, we routinely get personalized spam mails (in the name of the corresponding group lead of the recipient, sent via GMail -- this is not low-effort) that ask whether they are available and, when (accidentally) responding, ask for Apple gift cards.
My coworkers report these to me every single business day. They’re usually like:
> Hey, it’s me, your CEO. I’m in a meeting with our big customer and I need an urgent favor. Thanks! You’re a life saver.
> - Mr. CEO
The rationale is that an egregore called Apple, inc. is blindly fumbling ahead, unable to see the lives it is trampling.
Note that this has nothing to do with the actual well meaning (mostly - see leadership emails leaks) people forming the egregore.
The purpose of the company structure is isolating it from liabilities, and as the regulation which would force it to recognize the damage it did is mostly missing, thus the outcome.
See also https://www.ribbonfarm.com/2010/07/26/a-big-little-idea-call...
from the reddit story: "In the past two months, I purchased eleven Apple Gift cards from Amazon, Target, and apple.com, and added the amounts to my Apple account. The gift card amounts ranged from $25 to $150 each, totalling $905."
This is literally a money laundering pattern
The question will be why isn't this person just adding the money to their account directly, where is this money coming from, why are they structuring it like this
Whatever you’re quoting isn’t about me, the OP in this case…
I had similar trouble redeeming a gift card on Amazon. Twice. (thankfully they got resolved upon appeal).
Enough that I am very wary of buying or redeeming gift cards now, especially more than one in a row.
Apparently there's some sort of scam with gift cards, which must affect any platform which allows them, and legit uses often get flagged by automated systems.
If they are so much trouble for Amazon/Apple I wonder why not disallow gift cards, instead of randomly banning users?
Going through this at the moment. Was it a physical card? What evidence of purchase did they ask you to provide?
1 reply →
Gift cards carry a surprisingly high fraud/AML risk. If a code ends up being part of a stolen-card → resale → redemption chain (which is more common than people think), companies like Apple may actually have to lock the entire account. So the trigger might not be arbitrary—it may just be a side effect of how risky gift-card-based payments are.
I spent a long time working in finance one way or another, including as a founder/director of a small e-money issuer, and I have at least from this time ASSUMED that gift cards carry a very inflated AML risk.
Plus I have no desire to carry scrip when I could have fungible cash or equivalent, so I would not buy a gift card. I have received a few.
1 reply →
No to excuse Apple but I think anti money laundering laws are at least partially to blame - they vary from country to country but typically impose penalties for not blocking suspicious activity at the same shielding from lawsuits for blocking innocent users. It's like lawmakers found a way to throw due process out of the window.
Selling gift cards is like borrowing money at 0% interest. And because some people forget and never use them, it's negative interest.
> It's just insane that a gift card redemption can trigger this. What's the rationale?
If I need to guess, gift cards are sold online in money laundering schemes, also on some platforms they are used to let you buy apps from a lower priced country
The real problem is that all these big tech companies have a callcenter in India with agents who cannot do anything to actually fix problems.
And some of them don't even have that!
anything can trigger this. it is totally at the company's discretion
I mean it gets triggered every time I download a new app. This has been bugged for years.
Do not redeem /s
To paraphrase an old saying: Live by Big Tech, die by Big Tech.
After nearly 30 years as a loyal customer
I've heard others say this (and was a "loyal advocate" of Windows for around 2 decades myself), but the reality is they simply do not care. You are merely a single user out of several billion.
Many of the reps I’ve spoken to have suggested strange things
That almost sounds like some sort of AI, not a human. But if I were in your situation I'd be inclined to print out that response as evidence, and then actually go there physically to see what happens.
This is why I don't use an os that depends on cloud functionality built into the os for much of its fuctionality. It's really stupid IMHO to depend on a closed system like this to store data.
> This is why I don't use an os that depends on cloud functionality built into the os for much of its fuctionality.
macOS doesn't require this. My Apple account has a handful of apps purchased over the years, and that's it. I could've bought them directly from the vendors, but the store makes it easier to update.
12 replies →
I don’t think it is stupid but the golden rule is multiple backups. I personally believe 3 backups is the minimum. A physical one and 2 others. Either another physical copy stored at another location to protect against things like fire or 2 cloud backups to prevent situations like this. But I have only ever met one person who did this. His house burned to the ground and lost all data at his house but had back ups at his brother and on some cloud service and lost nothing. I was impressed as most people I know have zero back ups.
7 replies →
I think we must have passed peak Apple this week or something…
I’ve had Clone Hero running badly on an ancient MacBook for my drums, so I decided to swap it out for an M1 Mini that was collecting dust on a shelf. I did a full erase, but I couldn’t get past its activation lock. At all.
This is a piece of hardware I purchased on my credit card, for my company, (luckily) linked to a phone number I control and an email address on a domain I can control, but Apple in their infinite wisdom are still locking me out of my own hardware because I don’t know the password the last employee used on the computer! I don’t want any data off it, thats gone, I just want the computer I spent money on to actually be usable!
I initiated a “recovery” process to unlock it (at Apples discretion?) and they’ve sent me an automated email saying the initial checks are passed and they will contact me again in 7 calendar days. Kafka-esque doesnt even begin to describe it. So for the next week I have to whistle Dixie!
I’ve been a massive Apple fanboy since I swore off Windows a couple of decades ago, giving them a decent high 6 figure spend over that time and influencing countless others to buy Apple devices. Well that very much ended this week & going forwards without Apple will be painful, but the message they sent me couldn’t have been any louder & clearer. The writing has been slowly creeping on to the wall for the last few years, between buckling to UK government pressure, the CSAM photo scanning nonsense, the absolute UI abomination of this new glass crap, this was my final straw.
I’m also going to be relaying their “message” very clearly and loudly now to any friend or family member considering another Apple device.
This happened to me[1] a decade ago, now. Left Apple hardware on shelf for a year or two, Apple in the mean time did their iCloud migration or something, and my login account could no longer unlock the device. It's been effectively bricked since.
[1] https://news.ycombinator.com/item?id=26482635
1 reply →
Not sure if the Chinese have figured out a way for the newer ARM-based ones yet (I realise it's already been several years since the M1 was released...) but I believe most of the older x86 ones have been cracked.
I've unlocked some old Thinkpads that were similarly left locked with a BIOS password by departed employees, officially not possible, but actually possible if you reflash the BIOS and EC ROMs.
3 replies →
This is what most corporations want, esp for remote employees. I had a work supplied laptop and I couldn’t access via my machine account password. I could login via MFA but I couldn’t reset my local password. They made me initiate the account recovery, wait 8 days, and then I could change the password. I suspect my employer’s account synchronization tools mangled my password or changed it to a password in flux.
In that light, they are fulfilling a use case with greater market value than your conundrum. Is it annoying? Sure. Is it a problem? Debatable. You didn’t recover the passwords on the machine when your employee left. Maybe it’s your problem? Will you get in? Likely and eventually.
I’ve talked to apple support reps in the past. It’s absolutely not surprising to hear that there’s confusion. ISTR some aren’t actually direct Apple employees, so they don’t have access to certain information.
> That almost sounds like some sort of AI, not a human
It’s almost certainly not, it’s just humans being human and going off script. I worked in a place where we dealt with an enormous number of customer service requests, and one of our measured support metrics was “how often do the agents deviate from what they’re allowed to offer”.
> It’s almost certainly not
AIs are RLHF'd to have a corporate-pleasing interface w.r.t. metrics.
> I've heard others say this (and was a "loyal advocate" of Windows for around 2 decades myself), but the reality is they simply do not care. You are merely a single user out of several billion.
What changed your outlook? Did you get burned by Microsoft?
The gradual decline of quality, and increasing hostility towards the user once they went from software to services.
Probably they tried a real operating system.
6 replies →
with this same logic, you don't want to know how much your government and your country cares about you. odds are even a lot lower for them.
Why would my government care less about me than a multinational corporation with billions of customers that isn't headquartered or listed where I live?
My Member of Parliament represents about 130,000 people, does regular door knocking to talk to people, and has a staffed office a few km away the I can walk into anytime I want.
None of that applies to a multinational corporation.
5 replies →
oh, no, they will do a lot to make you pay taxes
1 reply →
This is one of the worst stories I’ve seen yet. It sounds like they were “all in” on Apple with zero backups, which shows some questionable judgment, but still, this sort of thing shouldn’t be possible any more than a bank deciding to take all your money with no recourse. (They can close your account, but they can’t keep your money.) Maybe hosts should be required to mail you a hard drive with your data on it when they close your account. Regardless, never assume cloud data is in safe hands.
> this sort of thing shouldn’t be possible any more than a bank deciding to take all your money with no recourse. (They can close your account, but they can’t keep your money.)
I once had to help a relative sue a bank who had closed his account after he refused to answer their very intrusive questions (they wanted to know details about distant relatives living in another country). They also refused to return his money (tens of thousands) and refused to explain why. No amount of complaining or escalating made any difference, although we did manage to get a nice recording of an employee saying that he thought the bank was in the wrong.
It took me issuing court proceedings, plus several more months of negotiating with their lawyer, before they finally settled out of court. Even then they tried to not pay the court fee, and they tried to get us to sign an NDA (I refused to budge on both). Altogether, it took 6 months to get the money.
Similar to how people in this thread are talking about mitigating reliance on cloud providers (e.g. with offline backups), I now do not trust any bank. I avoid being in a position where any one bank can ruin my life. That means having multiple accounts and spreading my money around.
Luckily for me I have a legal background so when a corp (big or small) does this sort of thing to me I don't hesitate to sue them. In almost all cases this causes them to "wake up" and start taking your issue seriously, in a way that the front line customer support reps never do. I recommend this to the author of the original post.
I'm curious how big the bank was and what country this is in?
It's my understanding that banks really don't want your money once they've closed an account, they want you to take it back.
Bigger banks, at least in the US, usually do this.
2 replies →
> I now do not trust any bank.
It baffles me how much this community is opposed to Bitcoin (and fails to delimit it from the rest of the crypto-scams on going) when, for me, it is existential. When you go through 1-2 experiences of bank-freezing and you realize your life is literally at stake here, the abstract debates about energy consumption or speculative bubbles feel like they come from completely misinformed individuals.
It's like watching someone on a rail track arguing not knowing what is about to hit them.
1 reply →
Which bank?
3 replies →
> It sounds like they were “all in” on Apple with zero backups, which shows some questionable judgment
iCloud literally encourages users to opt for storing originals only in the cloud. It's marketed as such, it nags you about this every now and then, and iCloud is the preinstalled default cloud storage on every iPhone. Consider non-techies dealing with this too.
> which shows some questionable judgment
Convenience is a hell of a drug.
When you are an Apple Developer, as the poster states - it goes deeper and more destructive.
I do have backups of most data, including photos, but there are things you can't backup like shared actively edited iWork documents, and things like that. I can rebuild from it, but it's still a shitshow and my very expensive devices are bricked.
What a nightmare - hope everything will end well.
Concerning all those 'bricked' devices it would be really nice to get some more details concerning the 'block'.
Can you use your iPhone to call someone, can you use your MacBook overall? Login, use Apple Passwords(!), looking at photos within photos app and so on...
Or are all those devices completely locked?
> there are things you can't backup like shared actively edited iWork documents
If they’re shared, surely someone else can still access them?
Apple (via Executive Relations) says they won't do anything. Guess I'm stuffed.
What's an iWord and why can't it be backed up?
4 replies →
> this sort of thing shouldn’t be possible any more than a bank deciding to take all your money with no recourse. (They can close your account, but they can’t keep your money.)
To me this is the biggest problem. Just like a bank can decide to close your account at any time, it's reasonable that Apple (or any business) could do the same. But they can't keep your stuff.
You can say "don't be naive and assume your cloud data is safe", but in today's world that's like saying "don't keep your money in a bank". The reason I pay for iCloud storage is because it's supposed to be safe (safer than my local HDD going bust or getting lost).
Great victim blaming there buddy.
To what extent is the victim their own perpetrator? They allow the status quo to succeed by endorsing it. They voted for this with $30,000 of their own money, and they will likely vote again.
17 replies →
read the TOS before agreeing
5 replies →
You can probably use a GDPR personal information request to get photos and data at least. Doesn't help with other stuff you've paid for though.
We really need laws for this sort of thing. They should have included it in the DMA for gatekeepers.
The untapped answer is litigation. Call a lawyer and file against Apple. It may take several business days, and cost $$$$ but it will absolutely light a fire at Apple and get the attention of many-a-human. And if they ignore it, well, maybe a class action lawsuit awaits.
My exact thoughts, if there is no number of email address you can call to get this sorted, that means the legal department’s number is.
Even if in the T&Cs say Apple can do this, which it probably does, now they would have to prove it in front of a judge.
In… 5 years, and the prejudice won’t accumulate because your claims will still be based on 5 years ago :/
2 replies →
I considered this a month or two ago when Google safe browsing was erroneously putting domains self hosting Immich on the block list. My family domain got put on the block list and it took me a few hours to figure out that I needed to sign up for Google Search Console just to figure out what sub-domain got flagged.
I thought about filing a claim for enough to cover my time in small claims court, but decided not to. I didn't track my time super well because initially I though it was my fault, but, by far, the huge deterrent is the "what if".
What happens if I take Google to small claims court for damages to a domain I've been using for 20 years? I have that domain tied to a legacy Google Workspace account which was a huge mistake. It's been tied to my email for at least 15 years and, even worse, I've never owned an Android phone that hasn't been tied to that Workspace account.
I don't depend on cloud services for much, but if I want to prepare for retaliation I'd have to migrate my email somewhere else and be ready to deal with family members that have their phones connected to the Workspace account. Who's been duped into photo "backup"? Who's been duped into using Google Docs? How many Play purchases do they have? And, the big one, who's been duped into using sign-in with Google?
Google, Apple, Microsoft all make choosing what's best for the consumer very high friction compared to choices that trap users and give all the power to big tech. Even though I constantly help my family members try to understand why the don't want to get locked into those services they always get deceived into using them. The number of family members unwittingly duped into uploading all their data to OneDrive is in the range of 100%.
Apple, Google, and Microsoft need to be broken into 10 or 20 companies each. Excel should be it's own company. Phone OSes and app stores should be different companies. OneDrive should be it's own company and to compete with Dropbox with zero Windows integration. The web browsers should be separate companies. The AI divisions should be separate companies. Split them up with a wood chipper IMO.
The safe browsing scam is the biggest fraud ever because providers can't opt out of it when it "accidentally" detriments independent or self-hosted solutions.
And, importantly, go through with the lawsuit. Figure out how to quantify damages to yourself by being deprived of access to your account so even if they restore access you can continue the suit.
>go through with the lawsuit
That's a big ask.
2 replies →
Lmao this will not work
Waiting for all the weeping and gnashing of teeth because holding companies accountable might mean programmers have to actually care.
> I am not a casual user. I have literally written the book on Apple development (taking over the Learning Cocoa with Objective-C series, which Apple themselves used to write, for O’Reilly Media, and then 20+ books following that). I help run the longest-running Apple developer event not run by Apple themselves, /dev/world. I have effectively been an evangelist for this company’s technology for my entire professional life. We had an app on the App Store on Day 1 in every sense of the world.
I am surprised that with such a pedigree, the author doesn't already have contacts at Apple they could reach out to for that personal touch.
> I have escalated this through my many friends in WWDR and SRE at Apple, with no success. Ouch. If he can't get it fixed, it's scary
From my experiences with people at Apple, everyone seems so siloed that it doesn't surprise me that they couldn't help him. It doesn't seem like they have the culture where you could just drop by the Apple fraud team and ask for help for a friend.
2 replies →
[flagged]
4 replies →
I am surprised that evangelists keep thinking they are safe from the evil of big corporations.
If you don't have root access to your machine, it's not your machine.
If you don't have root access to the machine your data is on, it's not your data.
11 replies →
There's no reason to presume that the author 'thinks' that.
59 replies →
I went to Uni with this person (though I doubt they remember me.) They have a very high reputation. If anyone should be able to resolve this, it’s them — that they can’t, and they have to go public, is absolutely terrifying and should make Apple execs pay attention.
I mean that. Exec level. This story and that this specific person cannot get it fixed indicates absolute failure.
This reminds of a joke we have in Russia which roughly translates into English as follows: "Comrade Stalin, it has been a terrible mistake!" The phrase could belong to one of Stalin's own sycophants who unluckily for themselves got imprisoned and executed during the big purge in the 1930s. They didn't understand why it happened to them.
I have a feeling that this guy also doesn't get why this happened to him and that he himself contributed towards it with the work of his life.
Indeed. The machine eating its enablers.
or the common sense to not store absolutely everything they own with one giant megacorp
Oh, yes, only "important" people deserve customer service. That is an appallingly elitist attitude.
Nobody said that.
My 2 cents:
There was a time when I accidentally deleted some photos of which I had only one copy. I blamed myself for being stupid not having a copy but also money was tight for additional drives.
Then there is this: depending on a service provider and then blaming them for something like this. The problem is that now you are losing trust in service providers (of which there should be little to begin with) and on top of that you are also blaming yourself for depending on them. However you have to create a trust model where your fault allows you to have a service helping you with it while a fault at the service provider will allow you to restore data from your end too, getting the best of both worlds.
MacOS and Windows / Google with always logged in systems that lock you out completely at their will is an example of how your devices are not owned by you to begin with and then trusting them with your data as well means your digital life is basically owned by them completely.
Now imagine that there are no humans to solve this but endless LLM bots that respond with generic responses because the LLM has never seen a problem like this. I want to point out that owning your data and hardware is really important if you depend on it and your business especially does.
I think this argument conflates “what’s possible” with “what’s reasonable”.
In a complex modern society, we can’t all be expected to have backup plans to the Nth degree.
Is it possible to bore for my own water supply, install solar+inverter/battery backup for electricity, get a medical degree to treat my own wounds? Sure but most would say it’s not reasonable.
It’s why we have regulations and ombudsmans for healthcare, transport, finance, water provider, electricity providers, communications providers etc.
Oddly missing from that list is critical technical infrastructure providers like Microsoft, Apple and Google.
I actually really like the idea of a Digital Services Provider Ombudsman, who you can go to if you feel like you've been wronged by a big tech corp. They have a "way in" that consumers potentially don't, and they have the capacity to levy fines in certain circumstances. I love this! What's preventing this from happening, other than no governmental pressure to make it happen? I might write to my MP...
1 reply →
> However you have to create a trust model where your fault allows you to have a service helping you with it while a fault at the service provider will allow you to restore data from your end too, getting the best of both worlds.
This is why I suggested to have a dual model. Leveraging the cloud and services is really a good choice as long as you have backup systems running independently as well. Your backups may not be as powerful and full fledged as the main provider but in case of emergencies like these, you still own your data and hardware and don’t panic.
In this example a weekly backup of iCloud to a drive connected to a pi with rsync could be a simple solution. 6tb is not even that much given that 500$ gift cards are being used by the author. The backup is not great but it is easy to see why it’s also necessary to own your data.
6 replies →
> Is it possible to bore for my own water supply, install solar+inverter/battery backup for electricity, get a medical degree to treat my own wounds? Sure but most would say it’s not reasonable.
Bad analogy. A better one would be having a torch in case of power cuts (done that) having some extra food in the house in case the grocery delivery fails, having some basic medical supplies in the house, having mobile internet connection in case your broadband fails etc.
Having backups of your stuff is an emergency fallback
1 reply →
> Is it possible to bore for my own water supply, install solar+inverter/battery backup for electricity, get a medical degree to treat my own wounds? Sure but most would say it’s not reasonable.
I’m feeling attacked. Here I was thinking my lifelong work of self sufficiency for my family was completely reasonable until you came along. Thanks a lot!
Best take in this whole thread
It’s also possible this person does have some personal or external backups of stuff like the photos, but they’re not going to mention it here as the existence of those doesn’t change the fact that they’ve been extremely wronged. It also won’t help with their developer account etc.
Here is how the gift card scam works (in Australia)
[Quote]
Yes they do still get activated at the checkout. But when you go to redeem, the code is missing the last digit or two so it doesn't work. People take the unactivated gift card, tamper with it to get inside carefully so it's not detectable, scratch and get the code, remove the last digit or two, replace the scratch off layer, put the unactivated gift card back on the shelf. Then after you activate the gift card at the checkout, they redeem it.
[/Quote]
From this discussion
https://www.ozbargain.com.au/node/937339
This is why Target doesn't have the activation code on their gift cards anymore, you have to have it added with a sticker when it is being activated now, and then scratch it off.
How does the scammer know when the card is activated? Do they just leave a script running, trying over and over to redeem the card until it works?
Yes, I think they just keep retrying the cards on a regular basis.
2 replies →
I back up regularly using Google Takeout and similar tools, but I don’t think it’s fair to shame this author . Even if you have backups , your recent and essential content and credentials will be locked out . 1% of your content is the most important
We all depend heavily on cloud storage and sso . Everything works fine until you are locked out .
And using them isn’t fully voluntary. They are necessary for collaboration . You end up using what your team uses .
You can try to be that “own cloud” snob but it only works if you live in a basement
Every normal person has content in Google , iCloud , OneDrive , Dropbox and maybe more. That’s 4+ single points of failure
You’re just not imaginative enough if you think you’re safe .
OPs only recourse is an insider or a lawyer
Lot of arrogant people here who think they are safe and better than anybody and blame OP.
It is totally normal in today’s world to depend on cloud services and reasonably difficult to do without it. In China: no WeChat you are practically dead. Here try to join meetings without account, try to send a message on WhatsApp without account, etc… a lot can go wrong very fast. What if you used your Apple account as SSO to other services ?
> Lot of arrogant people here who think they are safe and better than anybody and blame OP.
You see this a lot in the Apple "community". Apple can _never_ do wrong. Apple can _never_ make a mistake. Apple's choices are _always_ the best choices.
I don't understand why people put corporations on pedestals.
5 replies →
Commentators here presumably work in the industry, possibly even for 'the big companies' (I'd say FAANG but any big, life-depending, big-architecture corp, but you know what I mean, basically)
They should be tripping over themselves of "How can we fix our corporate incentives to actually deal with customer problems". Not "lol OP, sux"
2 replies →
Very true. And account integrity check pointing is stochastic and more aggressive so at any time there are people being locked out .
One of 20 of your services could lock you out tomorrow and that means you’re blocked from coworkers and family
12 replies →
it's not just about cloud service dependency, or his loyalty to Apple, or things like that. for important data you _have_ to have backups, 3-2-1 rule and all that. the fact he put all the eggs in Apple's bucket is beyond me.
sure i am dependent to cloud services as much as he is, much to my own chagrin, but at least i have all my data backed up??
I’ve interpreted it as a sort of head-in-sand coping mechanism for those low-likelihood, high-consequence events people feel powerless over. It’s less distressing to be powerless if you decide that the real issue was a fault by the victim and not a powerlessness you have in common with the victim.
6 replies →
It is possible to suggest preventative/corrective action without blaming OP. I find it kind of sad that you can't make helpful suggestions (to future potential victims) without someone saying you're "victim blaming."
1 reply →
> t. What if you used your Apple account as SSO to other services ?
Your own wrongdoing. Always use a site-specific auth method, i.e. by email. And a separate email for each site.
14 replies →
I have content on Google and Dropbox but I have live backups. It would be very annoying to be locked out of Google, but I would not lose any data. Anyone can have a NAS, you don't need a while basement or to live inside of one (??!?)
Yes, those companies should absolutely be forbidden to behave like this, and punished heavily when they do. But until it happens (which doesn't look like it will), your data is your responsibility.
You lose the Google content , since the export is lossy (docs , sheets, slides , etc) . And most of the value is collaborative . You’ll lose anything that you contribute to that’s not in your account . You’ll lose credentials (eg sso to third parties ), messaging access .
You’ll lose indexing and metadata , like Google Drive search , Google Photos search , thumbnails .
It’s a myth to assume the value is in the backup. Most of the value you have is in the access and the application
2 replies →
Yeah, the living in a basement comment was a strange rhetorical exaggeration, as if you have to be feeding and caring for your server 24/7, haha
3 replies →
What tools are you performing live backups with ? I can think of rclone running , but gdrive/icloud doesn’t send change lists
2 replies →
I am not depending on cloud storage at all. What do I need to upload onto some cloud? And when I need to sync between devices, or rather want to sync, then I have a Syncthing setup on my server running. No cloud. And copies on participating devices.
Sure, it is not directly their fault, when they are treated badly by big tech. Though of course they could have been more careful, and rely less on big tech and cloud. We can all learn from this example, like many others before this one.
How do you collaborate ? Do you have friends ? A job ? I’m not being rhetorical —- it’s very rare to have friends or a job and not have some ties to the cloud. Even my tiny HOA manages its record in the cloud
2 replies →
Presumably, as the GP said, you're not a normal person and you live in a basement. >sigh< (I'm with a lot of what the GP said but they didn't need to be insulting.)
The solutions self-hosting storage for non-technical people are terrible. Presumably there's no market for selling a solution that gives individuals data sovereignty. I would guess the margin isn't there and a recurring subscription for something you own is probably unpalatable to a lot of consumers. So this is what we get.
10 replies →
[flagged]
It could be a reasonable opinion, but unfortunate choice of words made it angry (and FWIW snobbish) towards wrong people.
apparently those living in basements are a protected class? English depends on idioms, you know.
> Every normal person has content in Google , iCloud , OneDrive , Dropbox and maybe more.
So, fallacy aside, the abnormals would be...
a) people that don't tech, and b) people that saw the writing on the wall years ago, and either didn't trust the system and didn'tget into it, or those that did for a while, and got tfo.
?
Off topic, but I'm curious. Why are you typing spaces before every period and comma?
Maybe iPhone is adding those ?
8 replies →
How precisely do you reckon a lawyer would help?
The legal Deparment runs most companies . They are the only way to get something bespoke done (like unlocking an account ). And companies are terrified of discovery.
Any lawyer can file a complaint in small claims . OP has paid for a service and has a contract
TOS is binding to both parties .
3 replies →
>You can try to be that “own cloud” snob but it only works if you live in a basement
WTF is this about? So you think anyone proficient in hardware/software lives in a basement? This kind of derogatory statement does not belong on HN.
Own cloud is a fun hobby. Exclusively owncloud is entirely impractical.
It’s the snobby part that I’m critical of
> Every normal person has content in Google , iCloud , OneDrive , Dropbox and maybe more. That’s 4+ single points of failure.
Well, i don't. I have my local file storage. Contacts and Calendar get synched, thats it. These get lcal backups, but aren't important so or so.
Not saying this in a derogatory way, but that pretty much means you are not a "normal" user but someone who is tech savvy enough to not rely on someone else's cloud.
9 replies →
Right, they said normal person.
How do you collaborate with your coworkers , customers and friends ? What industry are you in ?
Want to bet we can find holes in your solution too?
I get what you're saying but implying someone who doesn't use the cloud is not a "normal person" and lives in a basement is needlessly condescending.
Not an average or "normal" computer user? Granted. Not a normal person? No.
> Every normal person has content in Google , iCloud , OneDrive , Dropbox and maybe more. That’s 4+ single points of failure
It only means that the content is not valuable for them. I know people who created Google Account only because the phone required them to and they do not even remember the password or username, and do not use Gmail (why use email when there is Telegram). If they lose the phone, they would just probably make a new account.
If you were an investor or trader, managing millions of dollars, would you keep the only copy of critical information in a cloud? I don't think so if you are a reasonable person. Would you keep the only copy of a cryptowallet key in a cloud?
Plenty of huge businesses keep all their critical data in the cloud. If they were banned from Microsoft 365 they would instantly go out of business.
1 reply →
Average users have no idea what of their information is in the cloud or not. Even if they did, they have no idea of the implications.
> If you were an investor or trader, managing millions of dollars, would you keep the only copy of critical information in a cloud?
I don't think the idea that they could lose access to their accounts occurs to most people. I've done enough business continuity and disaster recovery work with small business to be confident in saying it doesn't occur to small business owners. I'm not sure why individuals would be any different.
It's very hard to put yourself in the mindset of a non-technical person.
2 replies →
Yes it happens constantly. I know many businesses who have their assets in the cloud .
Backup sounds nice and is necessary but is always out of date and recovery is totally impractical .
Many/most of the assets like indexes , references & creds can’t be reasonably backed up and recovered .
Since your money is gone, I would file a complaint here:
ACCC (Australian Competition and Consumer Commission): The primary enforcer of gift card laws, ensuring businesses comply with the three-year minimum expiry, clear terms, and fair practices.
It's baffling that gift cards are so popular. You're essentially paying to decrease the value of your own money by restricting its use and adding an expiration date (and handing to someone as a gift as if it's a thoughtful alternative to cash).
An even more egregious case is the corporate credit card. The company dictates its use exclusively for business expenses, yet pushes all the liability onto the employee. The business gets a massive, interest-free credit line with absolutely no risk. The company gets the float, and the employee gets the bill and the potential credit damage if anything goes wrong.
</rant>
I still don't get why my friends and family think gifting a less liquid form of money is better than just giving cash.
Gift cards are the best proof against the existence of the homo economicus, that's for sure.
5 replies →
Gift cards are great for companies you don't trust with (up-to-date) payment details. Amazon, Google, Apple, whatever evil megacorp you can think of, they all have made the news with stories like these, and they have proven time and again that they will stand by and defend their arbitrary decisions in court if they have to, because involving basic human intellect in the chain is too much of a fraud risk.
Even if you like their services, who knows what they'll do when they have access to your credit card information directly. I can completely understand why someone would pay for their services with gift cards bought from a well-known, respectable store instead.
2 replies →
It seems OP bought the gift card themselves as a means to top up their account balance (https://news.ycombinator.com/item?id=46252989). They basically used the gift card as an alternative payment option.
1 reply →
Book a date with TASCAT. I haven't used the Tasmanian one but in NSW it cost me a couple tens of dollars from memory and I got a response in days. Once the case lands with the _LAWYERS_ who are expensive, it'll get resolved.
Civil tribunals in Australia (an equivalent of small claim courts in other countries) do not involve lawyers in vast majority of cases and encourage self-representation instead.
In fact, the NSW Civil Administrative Tribunal explicitly requires the Tribunal’s explicit permission for a person to be represented by somebody else, including a lawyer.
But tribunal's decision is binding on the commercial entity, should it be found at fault and incurs penalties for avoidance or non-compliance with the decision.
5 replies →
https://tascat.tas.gov.au/
Absolutely, but that doesn't solve my immediate issue of my devices and accounts, but of course I will do that.
There are escalative methods to employ in such situations.
In many legal jurisdictions, a 'demand letter' holds weight. These can be served by courier, with proof of delivery as valid. One aspect of such a letter is a hard, specific time by which you will start legal action, along with associated additional costs.
You have two paths after the letter. The first is small claims court, or normal court. In many places, small claims court does not allow lawyers, and the judge will even have to explain any confusing terms.
Which means the playing is leveled, including reduced or no disclosure requirements, and legal cost assignments. Where I am, it's $100 to file.
The goal is to force a fix, at threat of legal consequences.
I am sending an email.
"Beat the Grass to Startle the Snake" (打草惊蛇)
You would be better off in the US. Trust me, nothing creates bigger fuzz than complaining to financial authorities.
1 reply →
It appears that the only way to reach Apple Customer Relations is by way of writing a formal letter to:
Apple Pty Ltd, PO Box A2629, Sydney South NSW 1235
It is saturday! Guy had a trouble during non-business times and advice to make a complaint to ACCC? People who unlock accounts do not work on weekends, it is not front line of support who works all the time. What happened with giving a chance to people (which is Apple consists of) to actually do something before complaining to 4 letter agency? Also ACCC will not deal with such complaints. It says right on their home page.
I didn't see a timeline but there were indications that the author has been trying to resolve this for much longer than one day.
Regulatory agencies can forward complaints to other authorities and act based on them even if they can't resolve the particular issue for the complainant.
I'm not the biggest advocate of the EU DMA, but account and device access is one item we should actually be regulating very heavily, where potential penalties for (suspected) abuse or incompliance must be much more granular than full-on account bans.
It's hard to believe EU governments are actually considering mandating iOS and Android as gateways to access government services. It's a level of ignorance that's unfathomable.
This story is also exactly why I invest precious time running a Linux machine in the basement that rclones my cloud drives locally, as well as having full local copies of my webmail contents.
> It's hard to believe EU governments are actually considering mandating iOS and Android as gateways to access government services. It's a level of ignorance that's unfathomable.
While I agree in principle, it's not so bad. If you get hit with an account ban, you just get another device to work with the government.
> It's hard to believe EU governments are actually considering mandating iOS and Android as gateways to access government services. It's a level of ignorance that's unfathomable.
There's a good reason behind this approach, even though I don't think the benefits outweigh the downsides. These apps are supposed to be the phone equivalent of the NFC chips inside of passports and ID cards, which have all kinds of encryption and verification inside of them. They have to be protected against malicious data extraction, manipulation, and other fakery.
Phones do have the ability to do that, even free ones, and even regular desktops and laptops. How they do it kind of depends on the implementation (whether you call it a "secure element", a "TPM", or a "trusted execution environment"), but they all come down to "hardware proof shows that this digital signature is not extractable or alterable". The data isn't supposed to be something you can access, like a password, but something you can only do signed reads from, like the physical ID chips.
In iOS, that part runs entirely on dedicated hardware which will refuse to run non-Apple code, which is probably the best approach. On Android, there are more options and many phones run a software version of that concept in a dedicated separate virtual machine to save cost on physical hardware. The security of that virtual mechanism relies squarely on the early boot process having been verified not to be altered by malware. That's what the Google verification library is for in this case.
This approach can work just as well on other hardware with dedicated TPMs (although a lot of free software enthusiasts will tell you those are evil contraptions designed by Microsoft to turn your unborn children into little versions of Clippy) or dedicated encryption modules. However, you'd need a common enough, accessible API for those to function. That's actually quite easy on Windows and macOS, but Linux TPM support is rather woeful at the moment, especially with how uncommon things like secure boot (even self-signed secure boot) are.
In practice, nobody is going to buy a special sort of yubikey to log into their government's tax portal. Dragging people into basic multi-factor security has been a challenge that lasted decades.
However, pretty much all citizens already have phones capable of top-of-the-line security verification. Developing a free app is a lot easier than implementing cross-platform HSM support for a novel authentication mechanism.
All of this comes at the cost of having to run vendor-approved software. That's a huge problem for a lot of HN visitors, but those people form a sliver of a fraction of the population. I'm willing to bet the EU's digital access is inhibited more by the amount of old people without cell phones than the number of people who care about free software.
I personally feel like outsourcing this kind of trust to closed source implementations of vendor blobs is a terrible idea, but it's hard to find an accessible alternative that provides even the lax security properties those blobs provide.
Something I do find lacking in discussions about these technologies is how much the EU is relying specifically on American vendors here. America has been shown to be an unreliable ally that will gladly force the EU's hand with whatever mechanism comes to mind for extremely arbitrary reasons. There is a distinct lack of European alternatives when it comes to accessible secure computing, and I'd rather see the EU invest in local alternatives than go all-in on the security promises from Apple and Google.
"I'm not a fan of regulating extremely huge companies, except for the way I'd regulate them."
We must have regulation, and I support that fully. It also seems healthy to me to have an independent view on the specifics of said regulations. I mostly agree with the vision and direction of the DMA, but in my opinion it lacks specificity and clear unacceptable boundaries.
That lack of specificity, to me, is why Apple has been able to implement malicious compliance. At the same time the lack of specifics risks companies leaving the EU market in its entirety due to regulatory unclarity with high fines.
1 reply →
Wow, imagine living in a world not being black and white. Crazy!
People make exceptions sometimes, what’s your point?
I don't get the mostly black/white "Self-host" vs. "Mega-Corp" discussions as there is a middle ground: smaller managed service providers (even: per-service).
You don't have to self-host everything in your basement, and you don't have to hand your entire digital life to Google or Apple either. Mail, CalDAV/CardDAV, Immich, Nextcloud, OpenCloud, OpenTalk, web hosting, Kubernetes, simple VMs.. whatever ... fully managed, run by local or independent providers or by the company behind projects, without Big Tech lock-in. If chosen wisely, you can migrate, take over, or bring it in-house when you want. Just spend a few bucks and do some company research. Same as you would when choosing craftsmen, lawyers or something else.
For example, that's actually how we operate as a company for some of our customers and even a few single persons: we provide SaaS AND setup documentation. Customers can transparently take over at any time. We even help separate domains, credentials, and administration from us. Convenience without captivity. I am sure there are hundreds of shops like ours, providing comparable services for people in their wider neighborhood.
Upvoting this because I don't see this sentiment expressed too often on here. In fact, I often see the opposite. "Why would I pay $X*2 for this service when I can just pay $X to Google for the same thing?" Sometimes it takes a little more money to support these smaller managed service providers
maybe for the business target audience, but I doubt this can be a thing for the majority of users. They just want to get on with their day, not learn magic words to search for and relate to each other.
As for Apple fans, they specifically seek the vertical integration.
I've shared your post with a friend at Apple.
In the past people have emailed Tim Cook directly - his email id is fairly easy to find.
Edit: "I have escalated this through my many friends in WWDR and SRE at Apple, with no success."
This doesn't bode well.
Mr. Fart warned us about this: https://medium.com/@blakeross/mr-fart-s-favorite-colors-3177...
One day the engineers will try their best to fix things, but get stopped by management satisfied by high-nines logic. If anyone is falling through the cracks, it's bad customer support.
This bodes poorly indeed.
This comment should be among the top voted contributions to this submission for everyone to see.
WWDR stands for World-Wide Developer Relations and SRE stands for Site Reliability Engineering.
Wow. This is a cautionary tale. I don't think I'd be as devastated as this poor chap, but as it grew I realize I've allowed my iCloud photo library to become a single copy.
How are people handling this these days? If i wanted to ensure a full backup of everything on my iCloud to a NAS, what's the best way these days? Seems like they make it difficult by design..
I self host an Immich [1] instance to backup photos on my iPhone. It’s OSS and has a level of polish I’ve rarely seen in free software. Really, it’s shockingly good. The iOS app whisks my photo off to my home server several times per day.
What I’m not sure about is how to backup things like iMessages, Notes, and my Contacts. Every time I’ve looked, it appears the only options are random GitHub scripts that have reverse engineered the iMessage database.
1. https://immich.app/
The imessage db is literally just a sqlite db. If you have a Mac you can read the entire thing with an applescript. It’s really easy from what I remember from years ago
I run a nextcloud [1] instance and use it for contacts, calendars, and reminders
1. https://nextcloud.com
1 reply →
What's wrong with `imessage-exporter`?
https://github.com/ReagentX/imessage-exporter
One rather counter intuitive way to “backup” your photos is to install Google Photos and One Drive on your iPhone!
Google and MS don’t charge as much as Apple for storage, and you probably need you need to pay beyond the free limits, but it’s not a huge expense.
Once your installed Google Photos and One Drive on your iPhone, just tell the apps to sync all your photos all the time!
Now I appreciate that isn’t for everyone.
But it works, is reliable, and requires no technical knowledge of running your own service.
The other thing to do is setup a Mac that synchs all your iCloud data, One Drive documents and Google Drive.
Then back up that device with Backblaze.
This gets expensive as a Mac with decent levels of storage isn’t cheap!
I live in fear everyday or my primary Apple and Google accounts getting locked!
I’ve had accounts since day one of iTools and very shortly after Gmail launched….
The issue with OneDrive is that it doesn’t store metadata like the photo location, its damn near useless. But I do pay for storage for Google Photos and iCloud.
If you take all of your photos from your phone, you don’t need your Mac at all. Google Photos will sync directly.
I wouldn’t use BackBlaze (the $7 a month service). It doesn’t support NAS at all and it has to phone home every 30 days or it will erase anything that is stored on external drive.
I would use an app that backs up to their B2 service.
I personally just use my personal AWS account to back up my Plex media and just use the AWS s3 sync command using the AWS CLI and store everything in S3 Deep Archive. It’s less than $2 a month for 2TB.
10 replies →
I run a separate Mac Mini that has the full iCloud Photos library on a massive external drive, set to "Download originals". I then rsync that filesystem to a separate Linux box. This works but you must not ever disconnect the external drive.
I don't have a solution for iCloud Drive, as there wasn't a keep offline setting last time I checked. So use it only ephemerally.
At least as of Sequoia, the Settings > iCloud > Drive > Optimize Mac Storage option enables iCloud Drive files to be stored offline. Likewise, right clicking any iCloud Drive files in the Finder includes a Keep Downloaded option. Since I minimally use iCloud Drive, in the past (older OSes) I also had Hazel make copies of iCloud Drive files so they were certain to be in backups.
Arq [1] has an option to "materialize" dataless files, basically forcing them to be locally available. The only issue is if it's a large file and it gets pushed off device often, you can burn a lot of bandwidth re-downloading it over and over again.
1. https://www.arqbackup.com
For iCloud Drive have a look at rclone. You can run it straight from your Linux machine
Time Machine backups to a samba share on the Linux box would get you both the Photos library database and the iCloud Drive stuff. It also means you don't need to bother with the external drive.
There is a keep all files offline setting for iCloud Drive (turn off "Optimize Mac Storage" in Systems Settings).
I'm not familiar with the "Photos Library.app", but I have an m4 mini with my photos in a Photo's Library. I'd love to know your script to rsync the photos into a separate drive/directory
1 reply →
I run Arq Backup automatically in the background.
It copy Photos, iCloud files and my mails once every days to S3 with incremental backups.
It requires to have a full copy locally.
Works great!
It is not hard to configure once, with the proper folders and settings.
> It requires to have a full copy locally.
yeah that's the thing. When my iPhotos library exceeded 1TB I lost the ability to store the full local copies. Since then, iCloud itself has been the sole source.
Looks like there's some decent, reasonably priced apps to handle this like https://apps.apple.com/us/app/parachute-backup/id6748614170?... (no affiliation)
9 replies →
I run a Synology NAS with a docker container that periodically downloads new iCloud Photos to a local directory.
this? https://github.com/boredazfcuk/docker-icloudpd
seems pretty high touch. A lot of hoop-jumping if you don't have a mac in the middle
3 replies →
I'd like to give a special shoutout to the PhotoSync app. It has one killer feature that Immich does not (at least last time I looked): encryption at rest. I think someone breaking into my house and stealing my NAS is a real possibility (unlikely, but I'd give it higher odds that getting locked out of my account like what happened in the article), so this is super important to me.
You could put Immich data on a LUKS volume I suppose, but then you have to fiddle with your server every time it reboots.
I did PhotoSync for a while, but now I just set up my Mac to download my whole photos library, and do Time Machine backups of my Mac. This gets two copies of the data not tied to my Apple ID (the one on my Mac's local disk, and the one on my NAS on the time machine volume).
immich is an extremely polished, FOSS alternative to google/apple photos. It's an investment, but a 4 bay NAS running immich should do nicely. Additionally I backup snapshots to Backblaze B2 via restic which runs another $5/TB
For me personally Immich is a non-starter because its not end-to-end encrypted.
6 replies →
I simply manually periodically download everything to disk/software raid. Really important/sentimental stuff like baby photos and videos I have on DVD with par2s.
> How are people handling this these days?
Syncthing is wonderful, and does a great job of syncing between an Android phone's photos/videos and a laptop. And if you have regular automated backups of the laptop, you'll have backups of the photos/videos too.
For an iPhone, perhaps you could use iTunes to sync to a computer and back up that computer.
sushtrain seems like the best option for syncthing at the moment. its a bit more polished than mobius. neither of them sync in the background but i think i remember seeing someone using shortcuts to open the sushitrain app every now and again to wake it up so it would sync
Sync to Dropbox -> Dropbox hourly & monthly backups to my NAS using Bvckup2.
(One of these days I’ll setup my NAS to backup offsite fo a #3 backup).
I know that others with Macbooks sync their whole library to their Macbook and then Time Machine to a NAS as their copy #2. Is this vulnerable to the problem in TFA?
I keep copies of any important stuff i need on my server, and in a few hard drives at my home. i don't use any "cloud".
Back in the iPhoto days I used to symlink the library to an external drive.
Not an iCloud user, but I use Immich on my NAS.
I treat apple ID and google ID like throwaway accounts. I would never trust anything valuable to either. The problem is that it is very hard for "usual people" to do that.
I will also never have an electronic ID. We (Switzerland) were dumb enough to vote yes for it but we are giving away our freedoms eventually.
We need regulations to ensure vendor cannot lock in users and cannot threaten them. Everything should work like if you have your own domain and use email. If your provider go nuts, move your hosting and change your MX and point your local copy to it.
This should not be reserved to some nerd like me, it should be an universal right.
It is already late, but it can be reversed. We need for more sotires like this one to errupt, so people understand.
The digital ID in Switzerland [1] is literally the best case scenario from a privacy standpoint. It is basically an ID that is stored on your phone that can send a signed copy of your data to someone verifying it. But instead of sharing all your data everytime it can also only share part of your data or only verify that you are above a certain age.
I personally prefer this to sending a copy of your ID and a video with my face to someone verifying service provider that verifies my identity for a bank or some website.
[1] https://www.eid.admin.ch/en/technology
> I will also never have an electronic ID. We (Switzerland) were dumb enough to vote yes for it but we are giving away our freedoms eventually.
What's the link with the rest though? Your government already knows you, whether your id has your information printed with ink or stored on a chip.
Belgium has had electronic id for decades now and I fail to see how it has taken away any freedom, but it has enabled people to get their official documents online without having to make appointments in person in most cases.
I think the fear many people have is that digital ID will be required for non-government services as well. I can easily see that happen in the USA and Switzerland is the kind of weird that may also let that sort of thing happen.
With things like age verification becoming mandatory just about everywhere and actual privacy-conscious digital age verification being very difficult, there's definitely a risk towards abuse and badly designed authorization mechanisms (although the EU's open source backend and frontends should make it easy for other countries if they do actually care about privacy).
2 replies →
Because it will be used by other services. Like google requiring one for you to use their services. That's the problem.
4 replies →
> The problem is that it is very hard for "usual people" to do that.
Exactly, for all the victim blaming in other comments, try to explain 3-2-1 backup to non-technical people and you'll be met with glazed eyes.
Sadly I think it's going to take more people losing their irreplaceable data and for the network effect of having it happen to someone close to actually see any change.
There's a surge of people losing their Google accounts with hackers abusing parental controls at the moment, although I suspect a lot of those people will just move to Microsoft or Apple thinking they're safer until they get burnt there too.
As more non-deterministic AI is built into abuse systems it's inevitable that there'll be more false positives, couple that with impossible to access human support to override the decisions, it's a risky time to trust your irreplaceable data with anyone but yourself.
You could do everything right and still get locked out.
I've added a few updates on the original post, but there's no fix yet: https://hey.paris/posts/appleid/
Feel free to chat to me on Bluesky (https://bsky.app/profile/hey.paris) or Mastodon (https://cloudisland.nz/@parisba) or email if you have ideas. I've received nearly 500 emails!
Send this in an e-mail to tcook@apple.com. He has a team that reads for stuff like this and can magically fix issues.
I've had to do it before, also for a gift-card-related problem (different from yours), and I was contacted by a member of the Apple executive escalations team a couple days later.
It's been done, a few days ago. Nothing yet, but here's hoping.
Good. Don't be afraid to follow up if they drag their feet. Be respectful but persistent. I'm sorry this is happening to you. It's a shitty feeling.
[flagged]
4 replies →
I don't see stories anymore from this working. Back when it was under Jobs, there were more concessions from his team operating the account. And maybe in the early Cook years. Apple has trimmed a lot of fat.
I did read about part of the product development org having a standup about trending social media cases, and prioritizing followup on items that were under public scrutiny.
Mine happened earlier this year, FWIW.
Believe me, I have no desire to defend Apple. Their behavior absolutely sucks. I just want a good resolution for the author of this blog post.
I have a friend who did this last year after he had a poor support experience with AppleCare for his Apple Watch and he got a call from Executive support early the next morning
1 reply →
Care you write it down somewhere and share it?
I imagine it could be helpful to other people in the same situation.
Basically, I bought a physical Apple gift card via the Apple online store, and it was never delivered. UPS tracking (on Apple's own site) showed it never left the origin. I called to get it re-shipped, and they (in so many words) accused me of fraud, because apparently the gift card had been redeemed and drained.
Obviously someone either at Apple's gift card printing contractor or at UPS snatched it.
Apple's suggested "solution" was for me to issue a chargeback on my credit card -- yes, the vendor suggesting a chargeback. I refused, because the credit card in question was my Apple Card, and I have read elsewhere that doing something like this can lead to your Apple account getting locked.
The exec escalation was the only way I got it resolved. It was Kafkaesque.
I think one major lesson to take from this (and other physical gift card vulnerabilities, like people that go and peek at the numbers on unredeemed cards in stores and then wait for them to be loaded) is: don't use physical gift cards anymore.
This just makes me extremely concerned for the iCloud transition I’ve been making. It shouldn’t be this easy to perform a user-disruptive action from the support/ops side. I would think they’d have visibility to some sort of “reputation” metric, given the age/purchase history etc even if anonymized.
I can understand this happening if it was a freshly created account topped up with a sus gift card but it’s unacceptable that the first action is to completely block an account with history.
Even more concerning is the nonchalant support response to “go create a new one” with emojis. C’mon Apple — this is just a terrible way to respond to this situation.
A lot of fraud bans are just automated in my company. Apple probably outsources Customer service to the lowest salary places they could dump it to, and call it a day.
1. This is a total nightmare, the author has my deepest sympathy.
2. Last time there was a post where this happened to someone, I looked into what you can do if you're locked out of your Apple ID or Google Account.
I know people will say "just self host", but all of the self-hosting solutions are not friendly to families or non-tech people. Telling my extended family to tailscale into my server to look at family photos from vacation is a total non-starter. All of the self-hosted solutions are also just way less smooth to use than the built-in integration iCloud or Google Drive gives with devices.
That said, there are straightforward options to deal with this (at least the data part), if you plan ahead. The high level strategy is to setup backups that let you get _a copy_ of your data not tied to any login you don't control. It's a bummer to have to go through these hoops, but again pragmatically, I'm stuck using these services to participate in modern life.
For Google Drive, you can rclone your data to a computer of your choice to get a copy of your data not tied to Google Account. It will even convert G-Suite files to Microsoft Office format, so you have a copy of the data offline.
For Google Photos, I'm not aware of a great way to get the data - rclone only gets low quality copies of photos. I'm an Apple user, so I didn't dive too deep here, perhaps the HN hivemind knows.
For iCloud and Apple Photos, you have a lot of options. You can use Parachute backup or the PhotoSync App to get a copy of your data not tied to your Apple ID. If you have a mac, you can also setup your mac to download everything offline, and do time machine backups - they are not tied to your Apple ID.
I will also add Synology NASes have a super, super easy to setup way to do all of this stuff (HyperBackup plus Synology Photos app) that's borderline worth the cost of admission on it's own, even with Synology's recent turn to the dark side. If you have non-technical family, you should strongly consider pointing them in this direction, if you can use a smartphone you can probably get this working.
> All of the self-hosted solutions are also just way less smooth to use than the built-in integration iCloud or Google Drive gives with devices.
The built-in integrations (iCloud, Google Drive) are smooth right up until you’re locked out or forced into changes you can't control. Obviously.
There is a middle ground though: managed service providers (per-service). You don't have to self-host everything in your basement, and you don't have to hand your entire digital life to Google or Apple either.
Any particular examples you have in mind?
All of the options outside of the big ones (iCloud, Google Drive, OneDrive) seem vastly more fiddly and difficult to share with non-technical people. e.x. sharing a budget spreadsheet with my wife, shared photo albums, and so on.
If there are other options out there that work as well as iCloud or Google Drive, I'd love to learn about them.
The best I've been able to land on is making a local copy of the data under my absolute control, while using one of the top tier providers for my "live" copy.
Can you give an example? I am looking for a way out.
I kind of self hosted for decades on a virtual server until I couldn’t keep up with it. So much stuff broke something in the stack, bringing the server down. Often, I had to initiate a full lock down on everything before going up again, consuming a day’s effort or two.
3 replies →
You may want to consider filling a small claims lawsuit against Apple for the maximum amount of damages your state permits in small claims.
It's not really about winning the claim. It's about getting them to acknowledge you and hopefully resolve it before the court case comes up. That is, you want them to "settle" by restoring your account.
IANAL and YMMV.
The OP is in Australia, but I'd like to add some advice which would apply in the US: Apple is one of the few organizations which does not use an arbitration clause, which means suing in court really is an option.
(With the exception of some services like their credit card, but you can opt out of that more easily than any other arbitration clause I've seen.)
Last time I had this problem, I got it fixed after applying for and accepting a job at Apple.
At what point during the process was the issue raised? Was it received well?
This seems to happen quite often. Not just with Apple, but also with Google. In spite of this obviously insane behaviour, EU governments want to rely on Apple and Google for smartphone-based electronic government IDs.
If I were the person at Apple in charge of this kind of matter, I would ignore this case, just as I do for other regular people. Everyone should be equally not cared for by Apple. That's how Apple sucks in a way I can accept myself still using their product.
Agreed.
If the only way to get your digital property back is a public plea to your Lord, that's called feudalism. Everyone should be treated fairly, not only those who can get their public pleas heard.
You just made it clear to me why I felt not resonated and a bit uncomfortable reading that article, despite I thought I should be. Because what I want to see is something straight like "fuck you Apple", not a begging and emphasis on how much the author has contributed to the megacorp.
1 reply →
Feudalism never left. The only change is that the majority of the serfs don’t work on land anymore, and we have the freedoms o switch lords easily.
It sounds like the gift card # is included as part of a police investigation (as you already know scams often use gift cards as payment) - which would explain Apple's inability to help you or provide information (because they would be required by the state not to.)
You should approach a lawyer to petition Apple and the Tasmanian police on your behalf.
This happened to me really early on when my original Apple ID had an invalid format, as it was an ID made prior to the current version of Apple ID everyone uses, and Apple refused to port what I owned to the ID that I was forced to generate to sign into my newer device. My old ID had software no longer available in App Store, so this wasn’t just a matter of needing to repurchase apps- they were taking away my ability to use applications I bought from them. Since then, I’ve been incredibly wary of losing my Apple ID. I have a lot of respect for Apple, but I would bet that it’s easier to deal with ID related problems for someone with Q level clearance in the U.S. government or even a non-existent Men In Black ID problem than to resolve a problem with an Apple ID. They probably would tell the almighty to get a new ID.
Far too late, but the solution was to change the identifier on your Apple ID from a username to an email address.
Mine was the same, and that's all it took. Nothing was lost, as the account itself remained the same.
> Support staff refused to tell me why the account was banned or provide specific details on the decision.
That‘s always the most kafkaesque part of these problems and should be illegal
The broken logic is that it will expose why the account was flagged, and thus, allow 'bad actors' to better navigate and bypass such flags.
Of course, this is absolutely silly and beyond absurd, for bad actors share information of forums, can deduce fairly easily, and even have help from people on staff.
Such actors typically know about detection and flagging methods within days of implementation. There's literally zero benefit to secrecy. None. Security through obscurity can be a beneficial additional layer, but it simply never helps here.
We really should pass a law requiring full disclosure of the precise method of banning. I can even see a 'trial' period, where accounts activated (and used!) for 3 months receive this benefit, but new accounts, or new + dormant accounts do not.
This should likely be coupled with mandated full refunds of phones or computers, as an example.
Note that this isn't a 'free' account we're talking about here. An Apple account, or a Google account is required to use an iphone or pixel in its default config, and all the features it entails. These accounts aren't free, they're part of purchase cost, and core-required.
(Even if it's a, for example, Samsung phone? It comes pre-installed, with uninstallable Google Play cruft, as part of an agreement with Samsung. Same conditions need apply here)
You can use an Android phone without a Google account.
7 replies →
> That‘s always the most kafkaesque part of these problems and should be illegal
it is very likely illegal to tell him. it was triggered by the use of a gift card, and therefore very likely to be AML, and in many places (I am not sure about Australia specifically) it is illegal to provide information in the circumstances.
Usually if you get punished they have to tell you the crime you committed.
That seems like a dangerous loophole.
Imagine being banned from all online activities without any reason given.
Apple clearly has a problem. In recent months there have been a number of reports online of people getting locked out of their Apple ID/iCloud, the appeal getting denied, and Apple refusing to disclose why or reverse it. Generally those reports don’t relate to gift cards or developer accounts.
My father passed many moons ago, and the family wanted access to his icloud account and they did not have the password. This was a huge struggle. Finally, after weeks, we were able to reset the password, but only because we had access to the email he used. In retrospect, perhaps it is a good thing that Apple restricts access like this for privacy and security. But in this digital age there should be other mechanisms in scenarios like this. What if i wake up from a coma, and forgot all my passwords and have not recorded them physically anywhere ?
What's the difference between amnesiac you and regular me? If you can regain access to your account without knowing some information about it, so can I.
This is horrible and a big reason why I refuse to go “all in” on Apple, Google, or Microsoft (among other reasons). Apple is the one I’m closest to given my hardware, though.
Given how invested you are in the Apple ecosystem I can’t fathom why you would go get an Apple Gift Card from a store to do this kind of transaction, though. It wouldn’t even cross my mind to do it that way.
OP is in Australia. Most stores that sell gift cards have loyalty cards that give points for gift card purchases. And a few times a year they give bonus points (e.g. 10x) on gift cards, that can result in an equivilent 10-15% saving.
You can even use this to get an effective discount on hardware, as you can use your Apple account balance to buy from Apple.
I can't wrap my head around that as well. Given OP's expertise and experience with technology, how was this option better than using a credit card.
Obviously I'm not claiming it was OP's mistake, that wouldn't make me any better than the guy who was telling people "you're holding it wrong™".
Yeah it seems odd, and if Apple won't tell him or do anything, it might be because they can't: such as circumstances of an active police investigation.
We are obviously not going to get a fuller idea about this situation from a blog post, and while I won't assume that the author has done anything wrong, there have been similar stories in the past where the affected individual was deliberately withholding the whole, much more illegal, story.
Presuming his innocence: What could have happened here is that the gift card he's purchased has been marked as part of a scam operation. Apple gift cards are frequently used for "tax bill" and "police fine" scams in Australia (where they are sold there is often signage informing people of that.) So potentially this person is accidentally roped into that.
Also it's not entirely unheard of to purchase gift cards for long-time users (who would normally just use their linked credit card), as the cards are often sold in the retail space with a 10% discount, or can be redeemed as rewards through points/loyalty schemes.
With all that said, at this point if he's not getting anywhere, he should approach a lawyer, as they'd be able to petition on his behalf (whether that is to Apple or to the state of Tasmania.)
My son was just scammed out of $1000 using some gift card scam. Typically these gift cards cannot be revoked once issued and anyone using the gift cards (like the people who scammed my son) would be able to reap the rewards without any consequences. I’m hopeful that Apple has found a way to track fraudulent Apple Gift cards and are now locking people’s Apple ID who use them. I suspect there’s more to the story than is being shared. What’s the provenance of the original gift card? Could it have been obtained through some not 100% above board means?
From other comments explaining the kind of scams running at the moment, one possible scenario is that the card may have been taken, tampered with by a scammer (and the code recorded), and then placed back in the supermarket, with the scammer waiting until the OP purchased it and it was activated at the checkout.
Perhaps between the scammer redeeming it and the poster then trying to redeem by entering the same code, the scammer’s account was flagged and then the OP’s account terminated along with the scammer for using the same code (even though the OP had done nothing wrong).
The card was purchased from a major brick-and-mortar retailer (Australians, think Woolworths scale; Americans, think Walmart scale)
Did the original poster claim that he bought it from Woolworths, or did someone else buy it? I question if the poster obtained the gift card from some path where the original purchaser may have been scammed.
The emojis in the support chat are insane.
Why in the hell were they using "relieved face" after telling OP to say goodbye to their 20yo account and create a new one to "solve" the issue?
It makes me so mad, that's insane!
https://unicode.org/emoji/charts/full-emoji-list.html#1f60c
"I've lost 25k+, my account and my documents"
"I understand, relieved face"
Literal psychopath reply.
Out of curiosity, why did you buy and redeem such a large gift card instead of paying directly? And was this a form of payment that was unusual in light of your account history?
It’s common in Australia for retailers to offer discounts or reward points for gift cards.
https://www.ozbargain.com.au/product/apple-gift-card
I have similar questions. At the scale Apple operates I'm sure mistakes are made all the time, but often it feels like there is something missing when these types of stories pop up. I have had support from Apple before and they went out of their way to help me, supervisors doing research and calling me back for example. How Apple stonewalled here makes it seem like it was more than a single large gift card that caused the issue.
Back in 2015, I traveled to the US and wanted to buy a Macbook Pro at the Apple Store. The configuration I wanted wasn’t available in Apple Stores, and I couldn’t buy it online because at that point there was some limitation in the online store like they only took US credit cards, or something.
At the Apple Store, the employees suggestion (a more senior one, who was consulted) was to buy a gift card for the computer’s cost (~$1500) and pay at the online store with that. I didn’t do it because buying “virtual stuff” for that amount seemed crazy (this was a huge amount of money for me, at the time).
FWIW, in my country credit cards make up about a third of payment volume - gift cards let people fund their Apple Account without a credit card.
It's trivial in some countries to get a 10–30% discount on gift cards.
I prefer to keep it topped up like that. It's been the same for 20 years.
These retailers have a problem with gift card fraud.
What’s the basis for your preference?
Take it to your state or territory tribunal ASAP. You might be able to take it to the courts and get temporary injunctive relief.
My grandfather’s Apple account was blacklisted too but I was less sympathetic to him because he genuinely sends spam email from his personal account (it’s politically motivated).
One day he was bricked from his accounts because he ran afoul of Apple’s ToS. The problem then was I couldn’t feel sure that he hadn’t actually done something which a reasonable person would say should result in account closure.
Paris’s case is much more strange, because it feels more likely to be a false-positive.
There is no legal right to have an account with Apple or Google, and I’m not sure I want there to be. But so much of our lives are built on these services and these stories erode our trust that the services themselves can handle the responsibility of adjudicating acceptable use. We need our digital accounts to be robust in the very long-term, even when there are bad actors who want to do all manner of bad things. And we need to feel confident that a properly empowered human reviewed the case and can articulate the reasons for a ban. When we charge a person with a crime, we tell them what the crime was and give them due process to fight it. I’m not sure I want the courts to decide these questions but we need some more due process when it comes to account termination.
> There is no legal right to have an account with Apple or Google, and I’m not sure I want there to be.
There shouldn’t be a legal right to an account, but there absolutely should be a legal right to sit down with someone from the company to plead your case, understand why the account was locked, and at least be given the opportunity to gather your things if they decide not give you a second chance.
If you get evicted from an apartment they don’t just change the locks and keep all your stuff…
There should be a legal right to a clear explanation and a mechanism of appealing these decisions with an external organisation. I think it’s unreasonable to expect that they should be able to delete users this casually with everything that is tied to your devices.
You could make it so costs for arbitration could be paid up front by the person appealing and then if the account deletion was deemed wrong the company refunds said user. Could probably apply to monetisation on YouTube that I see withdrawn for very dubious reasons too.
>arbitration could be paid up front by the person appealing
We need a constitutional amendment that prevents binding arbitration agreements, which removes judicial review from public accessibility.
There absolutely should be a legal right to pursue this through the courts (which require a response from the company, to avoid default judgment).
----
My main PiHole blocks all of *.google.* & *.apple.* for many reasons. My exploration into PiHoles began a decade ago, after Google pulled a similar response-less account termination (without explanation). This left me unable to update a blog (with several million annual impressions), with no recourse [0].
[0] Unlike OP's situation, I was able to download most of my writing/photos, only because they were public-facing (website).
We have these systems - they are called courts. The subject is in Australia and so am I, I can file a case up to around $100k USD for $150 in filing fees.
If Apple doesn't respond they will lose by default and possibly be held in contempt.
2 replies →
What sucks is that it's a group of probably like 2000 people who are causing all the insane bureaucracy around these digital accounts.
People running scams that will shamelessly and relentlessly pull any string at their disposal to keep their account running.
Same experience with Google. I was setting up SSO for a new web application and set off some AI flag on a sub domain for our company website. For 2 weeks every visitor saw a warning that out site was a phishing scam. Nightmare. With no recourse. No number to call. No person to talk to. No actual explanation of the error (I still don't know exactly what I got wrong). I just took it down, waited, and prayed.
Yikes it’s gotten here. Come on Apple!
Update 14 December 2025: Someone from Executive Relations at Apple says they’re looking into it. I hope this is true. They say they’ll call me back tomorrow, on 15 December 2025. In the mean time, it’s been covered by Daring Fireball, Apple Insider, Michael Tsai, and others, thanks folks! I’ve received 100s of emails of support, and will reply to you all in time, thank you. Finger’s crossed Apple calls back.
Second Update 14 December 2025: No luck so far, and not looking good. Anyone got a good lawyer to send them a letter and/or help me sue them? paris AT paris.id.au
Update 16 December 2025: The Register covered it. No luck yet.
Shouldn't these huge platform guys be mandated to offer data transfer-out service?
My thought. There should be a mandate to allow downloading all data on account closure from any service.
"After nearly 30 years as a loyal customer"
I know this might sound cynical... But the author should really understand that Apple gives less than zero fcks about them. Apple is known (and, weirdly, loved) for being tyrannical in this sense. Apple is known for their "my way or the highway" approach to anything, without much explanation and with self-attributed "we're always right" attitude.
> The Damage: I effectively have over $30,000 worth of previously-active “bricked" hardware. My iPhone, iPad, Watch, and Macs cannot sync, update, or function properly. I have lost access to thousands of dollars in purchased software and media.
And that's why people complain about Apple's walled garden. Given the size of the damage I'd look into getting a lawyer involved, and possibly try and get Apple to court (in coerce them into being reasonable).
Frankly, I'm taking note of the archived page (https://archive.is/jrsLV) that I will reference to anybody that will ask why not to trust Apple in the future. Note that Google is also known for having a similar approach (there is no way to get support if something like this happens UNLESS you happen to know somebody inside google). Amazon on the other hand has made customer support one of its defining traits.
Btw if you are doing any decent amount of tech stuff, you should REALLY get off walled gardens and at the very least have an on-premise backup solution (an off-the-shelf nas with spinning disks could be a good starter solution).
I imagine that every "should have known better" respondent on this thread has internalized their abuse.
Why in the world do we let tech companies adjudicate our service relations?
It's more of an 'is' thing rather than an 'ought'
Getting a special "notice me on social media (like HN)" fix won't actually fix the problem with using Apple's systems. It's just a temporary reprieve until some other aspect of their control of one's life breaks (by accident or indent).
Update posted at https://hey.paris/posts/appleid/:
This happened to me as well with a secondary iCloud account, and I still have no idea what triggered the ban. Apple support said they couldn't reverse it. The account was on an old iPhone, and after the ban, it became impossible to log out, rendering the device e-waste overnight. I at least didn't have any valuable data in icloud. But that experience prompted me to stop using Apple products or any other device that requires an online account to function. Fortunately, since recent AMD APUs are quite capable, I sold my MacBook M2 Max and have happily returned to using x86_64 Linux. No more Apple in my life, ever.
There is part of me that sort of wishes this would happen to me. I wonder if getting locked out of my cloud identities + bricking all my devices would actually be a great blessing in disguise from the Machine?
Off-topic and a stupid question: why does anything related to Apple attract so much attention on HN? As a newcomer, I assumed HN focused mostly on reverse engineering,retro computing, and deep technical topics.
Tech stopped being full of tech nerds when 10 weeks in a JavaScript boot camp and a few thousand lines of code in your personal GitHub would land you a $140k remote job.
Maybe now we will start seeing a reversion to the people in it for the passion.
Imagine what tech will look like when you don't even need the 10 weeks in a boot camp, just a subscription to Claude.
I would not say your list is anything like complete, although those topics are often discussed here. Apple is a huge player in the general computing ecosystem, and probably a majority of front- and back-end developers these days work on macbooks, so it isn't surprising that the things they do resonate in this community.
Apple offers the most convenient computing experience available to mankind as of right now. That's why I care, at least. I love their products and services, but not so much when it fails (as in the authors case). That shit is scary.
HN hasn't focused on those topics in a long time, they rarely are on the front page. Skip the top 20 articles and you'll start to see some interesting content instead of all the VC & AI drivel.
Hackaday is a content aggregator site that usually has more content on these topics - https://hackaday.com
Or there are still some good old blogs out there with RSS feeds http://www.righto.com/ http://oldvcr.blogspot.com/ https://blog.ret2.io/
>I assumed
You assumed wrong. Honestly that was never case, but maybe it was better 15 years ago
This sucks Paris. What hope does the normal joe have to get a fair shake if you can't even get this resolved? The layers of click through contracts, opaque terms, LLM customer service, un-empowered customer service, and arbitration agreements make this a crazy relationship we get into with big tech. If we have a problem like this, we should be able to talk to a person at the company that can resolve this right without threatening a lawsuit. It's nuts.
I'm curious about the apple's passwords app. Where you able to use it? What about passkeys?
While I can't help with extricating your data from the fruit factory's claws I do have a suggestion what to do next: get a 10-foot or 3 m pole and use it to distance yourself from them in the future. Self-host your data if possible, find a friend you trust who already self-hosts and see if you can hitch a ride, use some commercial service if necessary but don't allow yourself to get trapped within an 'ecosystem' again. If a company makes it extra hard to use things outside of their own control you should understand that they're not doing this for their users but to remain in control and maximise their chances of extracting as much from their captives as possible.
Don´t check in to Hotel Cupertino or soon you'll be singing along:
I upvoted this for visibility but if you put your entire digital life in the hands of any of these tech companies and store all your shit in the cloud with no local backups, you are at least as blameworthy as they are. I’m less surprised that Apple would do this than I am that somebody who is clearly tech savvy could be this stupid about tech.
If this person with all his Apple-centric work cannot get personal support from Apple, well then perhaps no one does get it anyway.
No way, if you have close ties to the Party, you'll get it, guaranteed.
This kind of thing happens more often than people think. You trade convenience for blind trust and sometimes that trust gets revoked without warning. Whether it's Apple, Google or whoever’s "ecosystem" you live in if you don’t own your keys and data, you’re just a tenant who forgot the landlord doesn’t take calls.
Big tech giants locking unsuspecting users out of their digital lives is nothing new. What would it take for our society to stop relying on these closed, walled gardens for critical stuff?
How many account lockouts must occur before we accept that digital life built on permission rather than ownership is inherently fragile?
if you pay for service you should receive some guarantees it is your money, it is crazy that there is no cool-off period where you get banned like this even by mistake or by Apple deciding they do not want to offer a service anymore and allow you to take out your stuff before fully shutting down.
This is the same guy who had $60,000 permanently locked in his Wise account 6 months ago, that is quite a run of bad luck. https://cloudisland.nz/@parisba/114504600921948939
And now some suspicion starts setting in. Granted, someone is going to have multiple runs of “bad luck”, statistically.
My condolences. I don't have any advice, but you may be able to learn something from my very similar experience.
https://skogsbrus.xyz/dont-put-all-your-apples-in-one-basket...
> I still love many of the products that Apple make...
The Stockholm syndrome is real.
Remember, companies get away with these over the top behaviours cause it costs them nothing to have one less customer.
If this situation somehow escalates until they have to take action, they will already have made so much money that is not a blip.
They don’t care. You as an individual customer means absolutely nothing.
While I understand the attraction of doing so, I’m not sure I like the implication in the post that the reason this needs to be reviewed is because of how loyal of a customer this person is, or the fact that they have written books on developing for Apple devices.
I hope you get it back. I always had the mindset that if I am a paying customer that this type of situation is very unlikely. But you are literally a massive paying customer and you got hit. The truth is you are just a nobody even as a customer who has dumped thousands of dollars as a loyal supporter. Showing up on HackerNews is a positive thing as the only way to get any traction in these situations is either be famous and complain or your story going viral and someone with power seeing your plea. I worried about only having a physical copy of my family photos so started paying apple for some storage. This type of event worries me. Good reminder to have multiple backup solutions.
Oh yeah and it absolutely does away with bullshit of "If you're not paying you're the product" I'm sorry it doesn't work when these services, even free, are monopolies
You can have free services, you can have paid services but they ALL absolutely have to be answerable to the consumer
"Many of the reps I’ve spoken to have suggested strange things, one of the strangest was telling me that I could physically go to Apple’s Australian HQ at Level 3, 20 Martin Place, Sydney, and plead my case."
This does not seem strange to me and could be a course of action. When I moved my domains off Google because of this type of "banned without recourse" possibility, I found a registrar that had a physical address, small office, and people listed on the company website (porkbun) so in the worse case I could fly to the office and straighten things out.
No mention of even going to an Apple store. Maybe the nearest one is very far away from him?
I wish people would understand how common this is. There's no customer service line you can call when some overseas moderation farm worker spends 0.8 seconds looking at something and taps the hotkey for one of the reasons in their terms of service that they deem an account should be permanently wiped for. Have some recourse. Buy a NAS that will do automatic backups of all your cloud accounts. Long ago I lost a decade of Gmail and GDrive because I posted a PNG file of a credit‑card form that said "This post only viewable with Google+ Gold." You need to be treating these accounts as ephemeral.
I had this happen to me once while traveling, and then by random chance I ran into a former Apple Store employee at a hostel.
She told me to email Tim Cook directly (his email is entirely guessable).
I did this and within a day or two my access was restored.
It's one thing to lock someone's account so they can't make payments or whatever. It's another altogether to lock them out of accessing their own documents / photos / etc. That's just 100% unacceptable regardless of what triggered it. And even if they did have a valid reason to lock your account, at the very least it should be, "you have 7 days to download / clear out your documents".
Absolutely horrible black mark on Apple.
I'll be buying an external HDD to download all my photos / iCloud docs to. I've been too trusting.
There really should be a law around being able to access and review locked accounts. I've seen so many cases of people just losing their digital lives because of an automated system.
Regular old contract law will handle this fine. State a claim to a court and let Apple respond to it. It's not beyond the reach of the author to do this.
My partner was locked out by Apple last year during a password/device change gone awry. Two weeks and we finally got through to someone competent who fixed it. At one point it looked as though we would lose many of the videos of our son growing up.
Since then I have been removing myself from the ecosystem - my email is from hey, file sync on Dropbox, obsidian for notes, whatsapp for messages. Sometimes it doesn’t feel as joined up, mostly it is way better.
Moved to framework computers + omarchy last month and am not looking back.
Dustin Curtis wrote about a similar incident at https://dcurt.is/apple-card-can-disable-your-icloud-account
Slightly different issue involving the Apple credit card, but it’s just as insane that there’s no separation between the different parts of Apple.
For that reason I will never have an Apple Card, and I guess I won’t be redeeming Apple gift cards with my Apple ID.
Yup. They did the same thing to me a few years back. Not sure why. Had to re-apply as a developer with a different email address. I don't use Apple products anymore.
This kind of Kafkaesque behaviour is what I've come to expect from any kind of online services. It's also why I won't use anything that cannot be setup offline.
This is why I self host my blog. My email. This is why i try to stay away from the convenience of big tech. It is not the first time this happens and it will not be the last.
This is really sad that some people are in ways blaming it on the author. While I do advocate zero to almost zero usage of services by these OEMs or big corps, in today's world everything, or almost everything, is linked to your email and/or phone number and in turn with a computing device, which, for me, makes these OEMs essentially public service providers for a cost. Locking a user out literally casts that person out of today's society — communication, dating, groceries, transport, hell, in some cases maybe even health care and emergency services — you name it. So it's very ingenuous and unkind of us not to raise hell and shout for extreme accountability on these corps' part instead of reminding a victim of T&C and not having diversified the online services usage enough across providers.
Any company or entity ought not to be allowed to wield power over our lives, like locking someone out arbitrarily, let alone via some asinine, half-baked algorithm.
I think apple is a red herring here, it's the amount of legal power granted to the enforcement of money laundering laws and the lack of ability to push back against this
Musk/Jobs archetypes, though unpalatable at a personal level, are valuable in their willingness to burn themselves up to fight the "system" vs bureaucratic types who just fall in line and elevate what is a political issue into a Sacred Value
Well, you keep literally selling your own life to one immense American corporation and that's how you are treated.
Time to say bye to Apple and Google for good...
Does anyone know if in the USA you could simply use small claims court on every individual device and service to get likely default judgements against Apple and then when they are unlikely to pay up, get a judgement against Apple and make a big deal about strolling into a store or even HQ to take Cook’s own devices out of his office or maybe just seize his corporate jet and auction it off?
I just want to point that buying gift cards in order to participate in gift-card arbitrage violates both apple rules and payment provider rules.
If you are buying large amounts of gift cards and then redeeming them, it is critical that your purchasing patterns do not look suspicious, such as buying more things that a normal user might need: multiple iphone wallets, multiple iPhones, or similar items.
That's probably why people should not live in the gated garden. Once they made a mistake, you will feel alien in the free world outside.
I hope OP can get his account unlocked. This is a good reminder for everyone else, backup your cloud data to a local drive. But thats just one part, the social / email OAUTH side of things, phone accounts etc..., terrible situation. It should be easy enough to walk in a HQ / office and show credible ID and get your account unlocked.
This should be illegal. What about normal people affected like this. He at least still stands a chance given his position.
Wen thinking about risks from depending on the cloud, people fixate on the risk of losing data, when this kind of denial of access is a much more likely occurrence.
I've started on my de-appleification plan in earnest this year:
https://blog.majid.info/quit-apple/
If local backups were not so hard... It is sometimes impossible to back up an iPhone to a computer; yet seamless to backup to iCloud... Infer what you will. I am skeptical of over reliance and dependance on Apple more than ever. Unfortunately, interoperability is something we can wish for rather than expect.
I dump photos and videos I want to preserve into a WeChat/Whatsapp chat and use their desktop apps to download to an external HD. It’s a bit of trouble but still easier than doing this natively in Android or Iphone.
Only depend on platforms as redundancy. Never as primary source.
Break that discipline and you are exposing yourself to this danger.
I deeply sympathise with the author.
Nevertheless, the irony of this is overwhelming: a guy who spent his life promoting a company whose model is "we deeply control the products you use" gets burned by the fact they deeply control the products he's been using.
I do have an Apple ID, which was banned due to fraud and customer support couldn’t do anything about.
The thing is, that account was just used for dev. things for the US company, which builds/sells software for the US federal government (among the other US entities).
It would not be very wise to do fraud.
I used to have an eBay account, and at some point, despite not having used it for a year or so, I got an email saying I was permanently banned from eBay.
No appeal, no reasons given, no possible way to create another account.
Just. Banned.
The companies need to be big enough to provide the amazing services they do, but once they are large enough they will never care about individuals.
My internal model of large companies is that they are intelligent, psychopathic aliens. The people in them are like cells in our body, important for the function, but with no agency, and they are not who you are dealing with.
You're dealing with the company, and it's an inhuman, psychopathic alien.
PayPal permanently blocked my account and all of its connected cards and bank accounts after I sent them my passport for some verification (I don't remember why). It was because a lifetime ago I had opened my PayPal account as a minor.
Richard Stallman warned us about this.
those who laughed at him are waxing poetic about local backups at the moment
Well, there are funny things about the guy, such as the video where he eats something from his foot.
https://www.youtube.com/watch?v=I25UeVXrEHQ
I don't feel sorry for a person that heard all these stories before and didn't say a word, and continued to promoted Apple crap.
"I have contacts in Apple, I'm better than all those losers". Well you were, until you were not.
Maybe events like this will be a wake up call to our community. Virtually everyone around me uses Apple everything - colleagues, friends, family. And they find it weird when I say I don't use Apple out of principle and I even have to justify it.
This is one reason I moved to a cloud photos provider (Ente) with an automated continuous export feature so that everything can go to my NAS.
Also because I know big tech has no real customer support.
It’s no comfort to OP though and I feel very sorry for them.
As you are in Australia you might get somewhere if you lodge a complaint with Consumer Affairs
https://www.accc.gov.au/
And there are also separate bodies for each state.
If Apple has the ability to do this, why don’t they just brick all devices in Russia?
Because they like their markets in China and the EU
How would that help them make money?
Congrats, you did this to yourself by willingly using proprietary software you have no control over and now you cry that you have no control. You did this to yourself.
I went back to an MacBook pro M5, after being away from Apple for a year or 5 (Lenovo etc). I tried to re-enable my apple account but I had to wait 5(!) days to change the password. I ended up making another account.
It's a defence mechanism against account hijacking if someone has access to your phone number, linked to your account. Went through the same procedure to recover an account I haven't been using for a few years.
What I've learned from all these disaster stories: have backups for everythig. I have an iCloud+ subscription but also a OneDrive subscription, photos are sync'ed to both storages. On gmail, I set up fwd for all emails to another email address (non-Google related) just in case. Of course you can't do this for every service but do it for the ones you can.
On a meta note, Fuck Apple, I'm so glad I didn't pursue an iOS developer career 10 years ago.
I have had an apple id problem myself, for the past N years. Mine is an old mac.com account, which has my Gmail address as the backup email (and the primary one now that mac.com isn't doing email anymore). Because of this, I cannot sign up for a new account with my Gmail (it is tied to the older mac.com account).
I've managed to reset the password, but I must answer a security question to log in. I mean, I answered those security questions probably a decade ago and I do not know what they are anymore. You can reset your security questions, but to do that you need to use an iPhone (last one I owned was a 4) that is still logged in, or, answer a security question. Which is as we established, the problem.
So every couple of months I log in, try a few other possible answers, get them wrong, and get locked out for a bit.
Anyway, I need to get this fixed my march, due to apple being the formula one streamer in my country now, so I have to actually solve the problem of logging in to my apple account. Or, I guess, making another random email just so I can watch f1. Sigh.
But if anyone knows how to reset security questions, I'd love to know. I would way rather pay apple actual money than go back to torrenting the races.
It sounds like you unfortunately have gotten yourself kinda stuck, but I very much sympathize. I too have an account dating back to iTools, and for a long time it was a major frustration that I was stuck with that original email address as unchangeable for the Apple ID, unlike newer accounts. However, some time in the last, I dunno 3-5 years maybe? I can't remember now the exact time I noticed, but after over a decade of requests and fading hope Apple actually did allow me to change the email address for that Apple ID, which I shifted to my own domain. So for anyone else who hasn't checked in a long time, worth noting situation might be marginally better now.
Re: "mac.com isn't doing email anymore", all the original mac.com email addresses still work fine. Apple has played around with various domains (mac.com/me.com/icloud.com) over their decades of bumbling with online services but they made them all interchangeable for older users, mails to the original @mac.com emails still go through. Even originally made aliases (they allowed 5 with iTools) still work. Not sure what your issue was on that one.
Finally yeah, ""security"" questions are one of those horrible legacy anti-patterns that I will cheer to see finally be dead and buried. If you try to answer them honestly probably anyone can learn it with a bit of online searching, if you go for more obscure stuff they're easy to forget defeating the purpose. It's really best just to treat them as extra passwords, use random alphanumeric values and keep them in your password manager same as the password. Apple has also fumbled around with recovery over the years, at one point you had options to have a manual recovery key you could save but I think that's dead and can't set it up after already forgetting. Maybe if you go in person to a store with physical ID and evidence, if you had payment associated with the account and have that credit card for example that might do it.
If you have nothing of value tied to the account though probably no reason not to just abandon it.
> making another random email
youremail+anystring@gmail.com will always redirect to youremail@gmail.com Before making a random email address, try using youremail+f1@gmail.com or something similar.
Also any dot in your email is ignored by gmail. a.b.c@gmail.com is equivalent to abc@gmail.com. You can try using your.email@gmail.com.
It doesn't sound like you use your old Apple account. Why don't you abandon it and use a new one?
Add and verify another primary email address.
On a device: Settings > (iCloud user) > Sign-in & Security -> (+) {{name}}@gmail.com
If that doesn't work, then use the dot trick.. y.ourname@gmail.com = yourname@gmail.com.
Just curious if the account owner is still able to access their passkeys stored on their Apple device at the moment.
Not too keen on passkeys without an easy way to backup.
Same goes with sign in with Google and Apple.
Same doubt here, a disaster even bigger (Maybe in Mac ?)
That is why I prefer OTP all the time, easier to backup and restore.
Buy two Yubikeys and save your passkeys there if you would
Do Yubikeys even work with iPhone? Besides, if the account is locked, how would that help? The issue isn't a forgotten passcode or passkey.
Yes they work with iPhone
His problem is fixed today; the gift card was already redeemed. Apple turned his Apple account back on.
As someone using Linux to build web applications, I wonder what about the Apple ecosystem could make it worth to have such a Damocles’ sword hanging over me my whole life.
Am I missing something? My current perspective is that not only am I free of all the hassle that comes with building for a closed ecosystem, such as managing a developer account and using proprietary tools, it also comes with much harder distribution. I can put up a website with no wait time and everybody on planet earth can use it right away. So much nicer than having to go through all the hoops and limitations of an app store.
Honest question: Am I missing something? What would I get in return if I invested all the work to build for iOS or Mac?
Plenty of things do work better as a native application. Packaging is a pain across the board nowadays. Apple is pretty good, you pay a yearly fee if you want your executable signed and notorized, but they make it very hard to run without that (for the lay person). Windows can run apps without them being signed but it gives you hell and the signing process is awful and expensive. Linux can be a packaging nightmare.
What works better as a native application?
And that website is hosted somewhere, you’re using several layers of network providers, the registrar has control over your domain, the copper in the ground most likely has an easement controlling access to it so your internet provider literally can just cut off access to you whenever they want, if you publish your apps to a registry the registry controls your apps as well.
There are so many companies that control access to every part of your life. Your argument is meaningless because it applies to _everything_.
A trustless society is not one that anyone should want to be a part of. Regulations exist for a reason.
Not wanting centralization under one company does not equal advocating for "trustless society".
All the things you mentioned (registrars, ISPs, registries, etc) have multiple alternative providers you can choose from. Get cut off from GCP, move to AWS. Get banned in Germany, VPS in Sweden. Domain registration revoked, get another domain.
Lose your Apple ID, and you're locked out of the entire Apple ecosystem, permanently, period.
Even if a US federal court ordered that you could never again legally access the internet, that would only be valid within the US, and you could legally and freely access it by going to any other country.
So in fact, rather than everything being equivalent to Apple's singular control, almost nothing is equivalent (really, only another company with a similarly closed ecosystem).
2 replies →
If you're full in Apple ecosystem, like my GF, you get:
- Shared clipboard across devices - Shared documents - Shared browser - Shared passwords - Free, quality office suite - Interoperable devices (use iPhone as camera on Mac, for example) - Payments across different devices (use clock to pay, for example, shared with your iPhone)
All of this with just one account without any third-party service.
And billion of things more, probably, I'm not a full Apple head.
Strange, I don't need any of that.
And when I hang out with people who ARE in Apple's ecosystem, to me it seems they struggle more to get things done than me.
Why would I want a shared clipboard across multiple devices?
3 replies →
This sucks, I hope you can somehow reach Apple and get them to unfuck your account.
My own experience with big tech account bans was much milder, so I learned my lesson without much pain. I got a "free Azure credit to learn cloud computing" email from MS, redeemed the credit, created a VM, started clicking around the settings and got locked out. Raised a support ticket, asked what I did wrong, told my account was flagged for suspicious activity. I asked what I did wrong again and got a reply that my case had been reviewed by a human and that my Azure account wouldn't be reactivated. Thankfully, my primary MS account didn't get banned for that.
Conclusion #1: it's frankly insane that a big tech company can fully terminate your account with no means of recourse. People like to mock the EU and its lawfare, but I think it is the best candidate to force the tech firms to implement some sort of firewall between their various services, so they can't terminate your access without prior notice or without compensation.
Conclusion #2: those who are reading this, don't put all your eggs into one basket and teach your friends and relatives to do so as well. That is, if you have to use the services of various big tech companies, spread them around. Have a boring account with one company that you use for free stuff, a boring account with another company that you use for paid services (if you can purchase services X and Y from two different companies, do so), a boring account with a third company that you use for getting paid, a fourth account that you use for shitposting and getting into arguments with internet strangers.
There have been so many cases of Apple, Google, etc. doing this that it's hard to have any sympathy for them at this point. If it was some grandma who didn't know better that would be another story, but the author was surely aware
and they chose to bet their entire digital life on Apple's benevolence anyway. They lost that bet.
We need more stories like this hitting the mainstream news until even a non-technical person's reaction to this is "well, what did you expect?"
Probably worth reading Doctorow's "Scroogled": https://craphound.com/scroogled.html
Centralization of power in unaccountable organizations has always been a recipe for disaster.
I could suggest some slogans:
"Apple. Not even once."
"Friends don't let friends use Apple."
But I think this is a problem that merits more than slogans.
This is a good post and I wish all the best to the author that someone from Apple can help resolve this. I will personally never use iCloud ever again because of this.
They'll probably reverse this soon, but it's an eye-opener for people who store their entire existence on 3rd party clouds. Nextcloud is your friend.
Could you do something like self hosting a MDM (say Fleet?) so you can kick the tainted Apple ID off your devices and get them back if this happens?
These kinds of cases just triggers all the rage for me, be they true or not and whatever is the actual case.
I have fresh experience of setting up Azure/M365 and AppleDev for my startup. Those things are scary as f*uck, in many perspectives:
(1) Dark patterns everywhere (click this checkbox and we'll buy you a license, oops +xxxxx €/$ per year just came; get one-month trial for O365 to get bizaccount, select 1 license, see that there is 25 licenses (~ 4k €/$) to be renewed if I don't cancel).
(2) Microtransactions everywhere (e.g. Azure VM SSD I/O: every read/write operations costs), DDOS and 10/100 k€ bill coming. Everything "scales", especially bills. And no billing caps, of course.
(3) Codesign with Microsoft: I have option to wait weeks for freight ship to ship USB cert token (if it ever survives past toll/postal service after that), or use AzureKeyVault, but that is officially only for companies that has taxes/accounting for 3 years of operation. So no startup can use that by this requirement to codesign?!
(4) AppleDev (and kind of Azure/MS too) requires DUNS number, which takes 6 weeks to get in normal case. Apple's 5 bizday route doesn't exist anymore (at least not for non-US-based companies). Or just use D&B magic link from Grok and get it immediately in 5 mins.
(5) If you base your business on Azure/M365 and AppleDev and be obidient and compliant (as I am doing/being, because I'm building real legit and long-term company, not some hussle project), it still doesn't matter, because they can just can decide by human/ML to shut your business operations and means of living. And getting answers like in the title's article's screenshots with those emojis are just the most non-human interaction that there can be done for affecting so devastatingly to someone's life/business.
These are the most disgusting things that I know of.
I hope he learns, does backups and switches to hardware without walled garden baked in, without the company being the real owner of your belongings.
It's really difficult to give up the convenience of cloud-based accounts. It would be nice for regulators to step up and protect consumers when it comes to this kind of thing.
Disabling iCloud seems like a gift. I wish I could just get rid of it all without any subsequent nagging every time I update/upgrade macOS.
I always knew Google and Facebook did this (let's make Oculus a Facebook requirement! oops now you're banned - genius, brilliant, all the people working there have an IQ of 600) but now the trifecta is complete
Seriously can we fucking have any products that work, in the 21st century
Or is the answer just "lol automation is cheaper"
Seems like we need to popularise proper guides on how to convert our iCloud storage using self-hosted solutions. It's a shame though.
Apple is no better than other Big Corps out there.
Has it been 12 months again already? That's about how often one of these stories come up. I guess some people don't learn.
Apple has over a billion users. Do you expect every single one of them to learn how to do backups, protect their purchase on iOS, etc.?
Yeah literally the exact same thing can happen on android and windows. The solution is regulation, not ridiculous solutions like telling billions of people to back up their own stuff.
4 replies →
I expect them to learn that it's better not to be an apple user.
If Apple doesn't have the sense to reply to this in a sensible manner then that company is in far worse shape than I thought.
lol prepare to be disappointed
I also got locked out of my Apple ID several years ago. I have the password but still can’t access it. I had to make a new one
Exactly for this reason I bought a NAS where I can backup all my photos that are normally saved directly into iCloud.
Given how Apple Music has completely fucked up my wife’s music collection, I can’t imagine them being able to unfuck your situation at all. So sorry.
Same story here. I'll never go back to Apple Music, even if only for streaming. I had hundreds of tracks and albums just demolished by something related to iTunes Match, didn't realize for months, and didn't have a solid backup system at the time.
oh man, I started with iTunes Match because that's the only service that I could use to backup all my MP3s, and now it's all messed up and so much music has just disappeared from my playlist... so sad.
Unfortunately I still don't know a service I can use that will allow me to sync my current MP3s / what I have in Apple Music, and export it if I need it. There's really an issue of owning data and being able to take it elsewhere :/
https://tidal.com ?
4 replies →
I’d look at Navidrome, Jellyfin or Plex. Spin one up and stream your music from that.
Most cases we see here do only lock the media side of accounts. It’s concerning this blocked the entire account.
> It holds terabytes of family photos
Why do people still do this, why??!? This is not an ignorant user! The author (and victim) has written several books about Apple tech, how do they not know that these "platforms" cannot be trusted with anything -- especially data that isn't backed up somewhere else!
Companies don't care about people, and the bigger they are the more evil they behave. They need to be treated like hostile business partners because that's what they are. They're only after money and absolutely nothing else.
This is not some radical leftist manifesto, it's the plain reality. And it's not new either. It's always been like this.
The modern trend of useless error messages, in cloud and no good way to talk to a human is really insidious
Just talk to a lawyer, have the lawyer send a letter, there is no need to bang head against CS for escalation
That "just" is doing a lot of heavy lifting. I'm not confident that this would prevent data loss and that it would act in a reasonable time scale.
Not necessarily, CS is just following some AML script here and will not deviate :)
parisidau, I hope you get your account back.
you can in the meantime, and for the future, try compartmentalizing services you use. the old saying of "all eggs in one basket" applies here as well.
VPS, hard drives, etc. are cheap and keep you more in control of your own data than you're with big tech.
How do you that with Apple hardware that requires an AppleID to operate?
Is your advise to avoid all Apple hardware?
Or buy backup hardware none of which will run MacOS / iOS, so you still couldn't access things like your Apple Developer account, or any shared documents?
Have no apple hardware. If you need apple hardware for work use a work email and account and never use it for anything else other than work. Always pay apple with a work credit card.
Are you not able to use them at all without an apple id? I have some older apple devices which I guess predate that
A while ago we fixed people by killing them. I see the same pattern with account banning.
I probably shouldn't be surprised, but… so, you are saying, Apple can remotely brick YOUR device? For any reason, let alone "because of a mistake"? Heh, and I was considering to buy my first iPhone. I mean, seriously, I can only shrug at the fact that anybody accepts these terms at all.
One lesson I'm taking away from this is never to buy or use Apple gift cards
Sue them. If you don't sue them, they’ll just keep doing it.
I never understand why people put all their important stuff in one company.
[flagged]
I would like to think you're wrong, but if they fix this, you're possibly right. My career is built on Apple technologies. I don't love that I'm captured by a vendor, but I have a lot of knowledge, and building to that level elsewhere is hard.
I just want to keep using my stuff, and getting on with the fun things I get to work on. I don't have a strong attachment to Apple, I have a strong attachment to the familiar productivity I normally have.
Even if you helped and this is fixed, consider the privileged situation you are in to even get this fixed. Most "normal" people would be doomed to lose their entire digital life. Evangelizing for a Megacorp is dooming more people into willing incompetence and dependency.
Reconsider at least that part. You can work with and use their products (as I do at work with the GSuite or AWS) but I will never recommend or evangelize for them or rely on them with things I care about.
1 reply →
[flagged]
[flagged]
2 replies →
Has OP tried emailing Tim Cook directly and pleading his case?
This type of stuff makes me want to buy gold and guns.
Sounds like something triggered a suspicious activity report. Not sure if it also applies to the likes of Apple but they’re forbidden from revealing any information about what caused it, etc with the customer or anyone.
Pretty infuriating to see those chatbot responses. (The emoji -- and the particular choice of emoji -- were a very clear tell.)
Perhaps the most annoying thing about this, certainly after getting traction on HN, is that his account will be reinstated....
...and then nothing. No sorry, no "here's what went wrong", no blog post to address the angry masses, no recognition, reconciliation, or reformation. Just things working again and silence.
About 11 months ago, this happened to my Apple account that I’ve used for over two decades, with purchases worth probably tens of thousands.
Apple Support told me these “decisions are taken in a higher department” and escalated me to tier 2, who insisted: “we’ve determined your account doesn’t meet the conditions to enable it.” Their suggestion was for me to create a new Apple account.
Then, three days later, my account was suddenly re-enabled; and it has worked perfectly ever since, as if nothing happened.
I hadn’t used gift cards in nearly a decade, so my guess (and this is pure speculation) is there must be other flags affecting older accounts.
The whole episode was utterly kafkaesque, and it’s made me much more cautious about relying too heavily on the whims of our private megacorp gatekeepers.
Companies like apple should be liable to pay many millions in damages for this kind of shit. The people should make it hurt so much for them that they think twice before doing it without having a clear and working appeal process where you are clearly explained what happened and guided through it.
You do not own your apple account, and you never did. I would take this as a chance to learn about digital sovereignty and self hosting where you control your own data so this never happens again.
Google and Apple can and will delete your content at any time for any reason and there is no appeals court.
The OP is Australian and I've been recently reading of this scam that they may have fell victim of: https://www.ozbargain.com.au/node/937339
The real, foundational problem here is that we have abandoned the principles that made the internet. We don't care about open protocols, we accept walled gardens. Every day those walls get a little higher until eventually someone wins and the only thing that exists is the garden.
I don't know what the solution is, but I think part of it is deliberately divorcing yourself from the big players as much as you can, which isn't much for some people, and encouraging government efforts to break them up and pull down garden walls whenever the opportunity arises.
This is what government is for even if we've forgotten it in some places.
True nightmare :( hope to get resolved
This person has read literally dozens of stories just like theirs and just shrugged and said "couldn't be me".
Well, it can always be you.
Definitely a problem with a lot of developers, though I'm not sure if it's only a matter of having higher than average SES.
A painful reminder that Apple's service is subject to terms.
Incidentally, the guy's .paris domain name may be next unless you are a resident or have a business related to the region of of Ile-de-France
Nightmare.
The stories of online-only service failures are legion. And yet if you can get face to face support, even one person can do so much. The gap is infuriating.
I didn’t notice, do you have a Brick and Mortar Apple Store you can visit? I can’t help thinking this as I read the post.
Of course this is not a physical hardware issue. Where a store employee could just hand you, say, a new phone. This is on the level of getting a slot on Tim Cook’s day planner, though I imagine the person with the ability to fix this is an underling many levels down Cook on the org chart.
As of data (photos, contacts, files etc.), you should have rights to request all that for download. GDPR etc that grants you that.
OP does not live in the EU.
Email Tim Cook (serious)
This is disgusting and unconscionable conduct by Apple. Your whole life is locked into your account (digital data and physical devices), and they either don't care or don't have the processes in place to fix it.
This is the kind of thing they need to be sued on a massive scale for to solve but it's too rare and too expensive for anything to ever happen to them for it.
That emoji in the last pic felt like passive aggressiveness. I don’t have anything to say but it’s why I never put my eggs in one basket, and essential stuff are always backed up, but if your job is developing in an apple eco system and this scenario happens, it’s basically like getting fired and banned from working ever again!
No idea if this has ever been tried, but a GDPR "subject access request" requires a company to hand over all the data they hold on you, which technically should include all your photos, media, messages and everything.
Come on Apple do the right thing here. Surely there are some people from Apple reading this in the comments
These online storage services like iCloud and Google Drive are, and always have been, a trap.
They feel convenient, but they will keep changing their TOS to disadvantage you further and further as time goes on.
Everything you upload is scanned into their AI to create a profile about you that they can then exploit (once again, to your disadvantage). They do it despite regulations against it (Who's to say what they're complying with, deep in their complex data centers? Who's gonna even check? And how?) This is why online services that take control of your data are such gold mines (subscription fees, analytics, profiling, etc). They get you coming and going.
And of course, the account terminations: The earthquakes and "natural disasters" of the online world that destroy lives with no consequence or care.
When your data is not in your sole possession, you own nothing.
How utterly indifferent one needs to be to have no "VIP" support line for cases like this.
On the other hand, great learning case on putting eggs in one basket and on "own nothing and be happy".
This really sucks, I hope Apple sorts it out, I wonder what one can do to put pressure on Apple - I suspect you may need a lawyer to write them in order to get your issue escalated.
I don't like that people just shrug and say this is how all big tech is.
Apple charges a premium and built their brand name on customer service.
But they have stopped caring about the customer.
I was also a loyal Apple customer for 2 decades and used to recommend them to everyone.
Now I recommend them to no one.
I've switched my phone back to android a few years ago to avoid apple lock-in. I still use an ipad pro and several macs and peripherals, sets of airpods and apple tv and what not - then I wanted to buy the watch - and was told it cannot work with any of their tablets or computer and cannot be activated without an apple phone. OK apple.
One day my debit card expired while on long overseas travel, suddenly I was unable to install apps I already paid for on my mac and other devices, update any apps, or install free apps, I could not pay with a different card because those were in a different region and would have required a region switch locking me out of a lot of content and apps. So for several months I could not install many of my apps I bought on my other sevice or update or install free apps. OK Apple.
I also remember how the base config of Apple laptops were 8gb ram and 256gb SSD when all other decent ones were on 16 and 2tb - and remember apple is supposed to be a premium brand and they're supposed to not burn you with a default config. OK apple. Then they charge you 3 times more for the upgrade from 256gb ssd to 2tb than what 2tb costs retail. OK Apple.
I still love their tablets and laptops and even the mac mini. But I've already started to mentally prepare for a switch to Linux and maybe x86 or other hardware.
Apple cannot be trusted. They are a fashion company and not a tech company any more. Jobs is dead.
Plan your exit, reduce your exposure, soon they will be so evil and dysfunctional that you will regret it.
Don't trust them with your most valuable data. Use other services. Use a diverse mix of providers, no apple exclusivity. If you tie your entire life to one cloud, especially Apple, you have set yourself up for future ruin.
Their software quality and reliability is also slowly slipping. Everything is being dumbed down. Their business processes are becoming a broken maze. Apple used to be a company that aimed to satisfy simultaneously the power user and the basic user, now they only care about optimising for the casual user mass market, power user is going to have an increasingly tough time with them. Remember it is now a fashion company, watch their keynotes and believe the vapid image they project.
I've been locked from my apple id for two *months*.
Even though I:
- had my recovery password
- re-confirmed the email
- re-confirmed my phone
They just kept telling me "we'll contact you in two weeks", and kept not following.
Then after the 4th recovery they sent me my recovery link on email (in any case weeks later).
Worst of all? Their privacy and security they keep repeating like propaganda are beyond bogus. Sure, they de-logged me from all of my accounts, that I appreciate, but I had 0 issues accessing all of the contents on my hard drive if I was a thief with a simple script in recovery mode I could still access everything. Where's the security? Propaganda only non-technical normies believe and then repeat.
I'm never ever buying Apple products ever in my life, I've got MBPs that my clients send me, but that's it.
You encrpyt your hard drive - so that needs a password.
So you need more than a simple script.
But someone else having your hardware has always bveen a risk.
Being a "loyal customer" to any giant corp is just making it extra convenient for them when they fuck you.. You need your stuff as files on a computer you actually control.
A painful reminder that Apple's service is subject to terms.
Speaking of which, the guy's .paris domain name may be next unless he is a resident of Ile-de-France etc.......
A good reminded to myself to do another GDPR request and download all my iCloud images to an external hard drive
I’d expect this crap from Google, but not Apple.
If this doesn’t get fixed, I’m going to have to rethink a lot of my digital life, including my company’s.
hopefully he’ll get resolution by bringing his case to the “media”. Still, for someone who heavily presents the argument that he’s a professional writer and even says “I am asking for a human at Apple to review this case.” , I find it odd that he tries to make his case via an obviously ai-written post.
I mean, isn't writing what you said you do for a living?
Now that this is on the Hacker News front page, surely Apple will be escalating this and provide a general solution, no?
Let's hope so...
It's Saturday. Executives might get phone calls to make it happen on a Sunday, but I wouldn't bet on it.
The emojis are so passive-aggressive it's actually crazy.
google locked my sister's account for some reason and we spent months trying to get it unlocked. no luck. fuckers.
“I never thought leopards would eat my face,”
[dead]
[dead]
[flagged]
Why? It's his website, he can put what he likes on it. Your rational is...?
you're mad that they're acknowledging stolen land?
Every nation in the world is on stolen land by that logic. This is pathetic virtue signalling
[flagged]
[flagged]
That applies for any device you buy, yes even if you plan on putting graphene on it. So you’re getting downvoted because your comments are pointless and disingenuous. Also, you can jailbreak an iphone so no it’s not bricked.
[flagged]
I live in Tasmania, a state of Australia that is 1) an island, and 2) has no Apple Stores.
"and yet didn't bother to swim to the nearest Apple store"
There are a few physical Google stores. They aren't really very helpful at anything, and even don't have phones in stock often.
I went to one, wanted a Pixel Fold in the spring, and was told "we'll get one". Some guy left to do so, and 20 minutes later I just walked out. Just as with everything else, when Google does it, it's half-assed.
Not everywhere has apple stores that you can “just walk in to”
Android phones are not inherently linked to a google account, atleast not in the same way an iPhone is.
You decided to turn a plea for help into a fanboy war?
[flagged]
I have spoken verbally to multiple members of Apple's support teams. Apologies if that was unclear. I didn't record this calls, as they did not permit me to.
Then continue that. It’s definitely a fraud detection lockout due to probably the retailer not properly registering the gift cards or something similar.
If you can’t iforgot.apple.com, then support is your only option. No one else has access. Only Apple Support.
You have a case number, keep calling every 12 hours asking for an update.
You don't need their permission to record the call if they are recording the call already.
[flagged]
>> I would love to feel sorry, but seems you're technically capable of preventing this (unlike most people), just chose "convenience."
> Looks like you've got it coming, sweetie, you knew what you were dressing when going to the neighborhood :wink-emoji:
God, I'm all for OSS and try to use it/promote it wherever I can, but it attracts the worst kind of smug, obnoxious motherf**ers imaginable.
How old are you?
That's a bad-faith comparison, and it's making me wonder how old you are if you're conflating iCloud lockout with sexual assault.
Apple's EULA, which the OP agreed to, gives them the right to suspend services for whatever reason they want. You're only allowed to use the service by offering consent to be removed, thousands of services work that way.
OSS, and the fact that it doesn't have this weakness, is orthogonal to the "us vs them" dichotomy you're describing. Apple ID is flawed, do not trust it. Full stop.
2 replies →
I would love to feel sorry, but seems you’re technically capable of preventing this (unlike most people), just chose “convenience.”
Well, this is the downside of “convenience.”
If you manage to recover your belongings, I hope you stop preaching around how living in a normal apartment in society is good and everyone should accept the risk of home invasion instead of living in an underground bunker with biometric access controls and armed security.
living in an apartment sucks for security. You can't really own a gun and practice castle doctrine. Your landlord has a key to your home and can lock you out at any time, or can go through your mail.
There are other options like living in your own property, living in an RV, etc. that are better if you are worried about security.
If I was living in an apartment, I wouldn't be stashing all of my money under my mattress. I wouldn't run a business out of my apartment such that I would lose all of my equipment if I got evicted.
Similarly, I wouldn't do anything of importance on an apple computer. I wouldn't stash cryptocurrency on it, I wouldn't save my bank account details on it, I wouldn't run an important business that depends on their platforms. Because you're just renting and your lord can change the keys tomorrow.
5 replies →
So, you think there's either an unsecured apartment or a bunker, huh?
How about: you live in that apartment (your Apple ID), but keep your important stuff somewhere else?
Or do you simply have all your money as cash at home?
It's hard to empathize with a technically-inclined person who uses cloud services for life-critical things.
Let's just hope more people read the story.
> It's hard to empathize
I will empathize with you then and with your inability to empathize with the fact that people are different. Some people don't want to admit to themselves that this world is a wolf eat sheep world, trust that if you're a law abiding citizen, you shouldn't expect to be unfairly treated. Some people have more priorities and no time to dwell on harshness. They also would love it if everything just worked and you didn't need to spend 2 months of your life to configure things and always have to DIY everything.
They're not like me and I accept that. I will never use Apple & Google Cloud for my personal things. But I will empathize for those who get unfair treatement from these companies.
The whole meaning of a society is that we look out for each other, these big corpos have lost the plot, but I will not.
It is supposed to be : I buy a service from you, I did nothing wrong, please treat me fairly and do actually deliver on what I paid for.
That we don't trust them isn't how it's supposed to be, I wish I didn't have to do all of these things I do to keep away from big corpos, but this isn't how it is supposed to be. We're supposed to have the ability to trust each other in a society.
I qualified with "technically-inclined". You can't avoid seeing stories like this (about Apple and Google) on a monthly basis if you read tech websites. It is a known risk, which needs to be managed. Failing to manage it to this extent, while also writing tech books, is just baffling.
Apple is clearly in the wrong, and I'm certain that there are thousands of similar cases that are less public. The author is one of the best-positioned people to know and understand that. I'm sure they'll also get their account back, unlike many others.
(I can empathize with the difficult decision they'll face after that: do they continue to promote Apple, or try to reinvent their career somehow?)
"Looking out for each other", in this case, implies telling the people you care about to have backups, and helping them set up. I do that, a lot. I'd try to also help with this plea, if I had any pull with Apple.
I don't understand the sections of your comment with the word "supposed" in them. Supposed by who, and on what basis? What paid-for service are Apple not delivering? I assume they don't charge the author anymore.
Do you also find it hard to emphasize with any kind of victim or only when it confirms your tech identity war beliefs?
You are so smart.
If Apple engineers read this: I can't sign in into my iCloud account from my android phone, it just doesn't work, meaning I can't manage my subscription like HBO now that I switched to an android phone.
PS: My plan is to wait for Apple to release a folding iPhone to move back!
You can manage Apple subscriptions using your web browser (no Mac/iPhone needed). The subscription management page is:
https://account.apple.com/account/manage/section/subscriptio...
That reads as rewarding them for taking your account hostage