Comments
panteragstk t1_j6ow37y wrote
Dude. You have no idea how many companies don't properly manage things. It's astonishing how backward so many company IT departments are.
DasDunXel t1_j6p1yor wrote
Bingo. It doesn't take much time to release a Mac from your DEP & MDM. There are several used Mac buyback companies and if you are doing 2-4 year rotation. You can easily get $50-500 depending on a lot of things.
Easiest option? Set a flat price on a make/model and offer the employees a buy back of their own device as is. You be surprised how many people will buy a 3+ year old MacBook pro for $400-600 USD. And how many people take better care of their work laptop during those 3+ years of service knowing they could eventually own it personally.
LethalMindNinja t1_j6pguz3 wrote
The idea of letting an employee know there will be a buyback option and a pre decided price on their work laptop is actually a genius way to encourage them to take care of it better.
Shavethatmonkey t1_j6naks1 wrote
Boeing wasn't using one a couple years ago.
redvelvetcake42 t1_j6pav99 wrote
Just left a company with over 9000 devices total and they had JUST implemented an MDM per my recommendation on 2022. It's a multi billion dollar company. Execs still don't get it.
pm_me_your_buttbulge t1_j6pdo71 wrote
> And I find it hard do believe that a company managing 3000 Macs doesn’t use an MDM.
Oh my sweet summer child. Companies still rely on some Windows machines that are older than some people who can fucking vote.
Companies can be cheap and unless they absolutely need to manage 3k Macs with MDM then there's no need to invest the money in that effort.
You may be fooled into thinking "it doesn't take much to manage.." - until it's about 30 minutes worth of effort to go from beginning to push out to all devices and have it installed - it does take "much". Installing profiles alone takes a fair amount of work.
I've had IT managers keep excel fucking spreadsheets of users passwords in plain text.
If you find it "hard to believe a company managing 3k Macs doesn't use MDM" then you have not worked in the tech field long enough to see just how lazy or cheap companies can be.
I've worked from extremely intelligent and efficient companies to those I wouldn't feel comfortable with HR having any personal information from me.
Power_Stone t1_j6npa9f wrote
A lot of these PCs are normal consumer computers that were improperly wiped when sold or stolen devices with activation lock. Either way its still e-waste and a huge issue.
Mission_Banana6187 t1_j6mym2g wrote
But they are all terrible and don’t work half the time.
igooverland t1_j6n8s3u wrote
We manage almost one thousand Macs and haven’t had any issues with Jamf on managing activation lock.
Mission_Banana6187 t1_j6n9mjm wrote
My experience is exclusively with iPads. I've found that it's much easier to include erasing in our offboarding process, or to send proof of purchase to Apple for remote unlock.
igooverland t1_j6n9zxn wrote
We manage iPads and iPhones as well and it also works quite well for us.
Mission_Banana6187 t1_j6ne9s7 wrote
Have you seen any improvement with Jamf over the last couple years? I stopped using any MDM two or three years ago. I just found that I had about a 50% success rate pushing an unlock command to a supervised iPad. Supervision itself wouldn't take sometimes, but that might've been me not keeping my Apple accounts straight. Also things like apps not installing, or the device wigging out when installing apps right after installing the profile. I'd love it if I could go back to using something like Jamf, but with the cost and managing certificates and such it seemed like far more trouble than it was worth.
igooverland t1_j6njmfz wrote
In my two and a half years at this job I recall sending a device back to Apple for unlocking only once, and it was due to human error. They accidentally deleted the device from Jamf before unlocking it.
Our devices come from our vendor already pre-enrolled with Apple DEP. So we just have to boot them and run the new account set-up and after that Jamf takes over and enables all the settings and installs all the apps.
LowJolly7311 t1_j6na2x6 wrote
As an Apple MDM expert, this is a ridiculous statement.
i_dont_know t1_j6n9f6a wrote
I primarily use Mosyle, and I find it works very well. And I work with other companies as an IT consultant that have no major problems with Jamf.
Youvebeeneloned t1_j6olki5 wrote
Bullshit.
Have used Intune, JAMF, Apples own MDM server, and MUNKI... if they "dont work" you are 100000% doing it wrong, which over the last 25 years of IT work with a good 16 years of that being endpoint management with a particular focus on MacOS to AD integration and management... without a doubt it is almost always people who dont know the tools and not the tools not working.
Which is hilarious given how much Apple stupid proofs things like enrollment, offboarding, MDM management etc.
Hell its not like its "new tech" the features that eventually morphed into Activation Lock have existed within the MacOS and iOS since 2012... targeted explicitly towards Enterprise management.
WurzelGummidge t1_j6m3izw wrote
The cynic in me suggests that this is a feature, not a bug. Apple would far rather sell new machines than facilitate the second hand market.
lietu t1_j6m4ga8 wrote
Is it really cynical to believe that Apple is only doing what Apple has demonstrated they want to and are willing to do over and over again?
KingNathan90 t1_j6mbp2v wrote
And the more they're allowed to get away with, the bolder other companies will become.
typesett t1_j6ntti7 wrote
they also demonstrated making laptops that can last more than a decade
my current home computer was purchased in 2011 i believe and i have trouble justifying an upgrade even now
i think what is 1000000% real is there is a tax on their best selling products. mac minis and Airs are decent priced when compared to premium PC options
roast these companies for shit they actually do not the sterotype. it's 2023 people, be smarter about how you perceive the world
themindisall1113 t1_j6nzusd wrote
my 2010 macbook pro still humming.
DMarquesPT t1_j6mo1ve wrote
How so? The IT managers at these companies can easily disable activation lock when resetting the MacBooks, thus allowing them to be resold or donated to be used by others.
It’s not Apple’s fault that they didn’t do their jobs properly
terrymr t1_j6n7zsq wrote
Or these machines were sold to the recycler to be destroyed for security reasons.
objective_opinions t1_j6nc16l wrote
This seems like what is happening here. The owner of these computers specifically wants them destroyed. I think that’s heinous and stupid. But it’s their property
DMarquesPT t1_j6ngtl6 wrote
Yeah, that’s the real issue here. Erasing the encryption keys will safeguard their deleted data on disk, there’s no reason to perpetuate the myth
medievalmachine t1_j6mqtwc wrote
The article says that the process for enterprises isn't the same, so.
Gundea t1_j6mw9gh wrote
Enterprises can absolutely remove activation lock on managed MacBooks, otherwise I wouldn’t have been able to buy my old work MacBook.
medievalmachine t1_j6n1rsn wrote
Oh sure they can. Is it based on individual two factor authentication though, so a laptop for someone who was dismissed can’t be unlocked? I would assume that’s the issue for the M1 and newer laptops with fingerprint scanners. Can’t invite fired employees back to unlock, or remote employees, not worth the cost. They should resell them, but most won’t and in fact will pay to get rid of them securely, and to avoid corruption of an in-house team handling merchandise, basically.
objective_opinions t1_j6n3tia wrote
No. It’s not. Enterprise MDM activation lock and personal activation lock are two different things. This is really blown out of proportion. Apple added a much needed feature. And there is documentation of it. A lot of documentation. And people and companies are either choosing not to turn off the lock are too lazy or too stupid.
[deleted] t1_j6mxiwp wrote
[deleted]
BamBam-BamBam t1_j6nxj54 wrote
I think it's a user education issue and kills the market for stolen Macs.
vanhalenbr t1_j6pain2 wrote
Why Apple would force resell if they offer plenary of MDM solutions? If the company had a proper MDM or read the documentation they just could erase the machine with one click and had it ready to resell.
Looks like also the owner of the machines wanted it destroyed but the recycler wanted to do something dodgy.
ReyvCna t1_j6musjz wrote
So I read the article and it says that companies sends the machines to be erased and destroyed but the recycler wants to resell them.
This sounds like activation lock is working as intended and the issue is that companies want to waste stuff by destroying them instead of reselling it.
HaiKarate t1_j6n58d1 wrote
From the large enterprise IT departments I've seen, cleaning up old laptops that aren't being re-used by the enterprise is a very, very low priority. Like, I've seen walls of old laptops, stacked and waiting to be cleaned. The value of the laptops has been depreciated, and reselling them for pennies on the dollar is hardly worth the effort for a company making billions of dollars per year.
MartinSchou t1_j6nz81l wrote
> From the large enterprise IT departments I've seen, cleaning up old laptops that aren't being re-used by the enterprise is a very, very low priority
That's a political choice. If there was a direct cost associated with scrapping electronics rather than reusing it, there would be an immediate cost-benefit analysis done.
For example, if there was a $100 deposit on all electronics sold in US stores that would be refunded when a refurbishing company refurbished the product, a company can immediately see a return on investment of company time. It will immediately be worth it to have an IT person spend the 5 minutes it would take to get the device ready for refurbishment. Hell, if the company is large enough, it would be worth it to have someone employed to do only that.
It would also incentivise private individuals to dispose of their devices responsibly, because who wouldn't want $100 just for handing in eWaste?
pensivebunny t1_j6nljgb wrote
This, at least ours have big restrictions on reselling since they were paid for using government grants- we can’t just resell to the public, so if another department doesn’t need them, they just sit around in drawers for a few years until they get scrapped. Eventually some are listed on auction sites, but at that point they’re worth so little- even $500 isn’t enough to justify the time spent wiping, listing, etc. and potential liability if any financial/HIPPA info is left behind.
Once AppleCare wears off our machines are replaced anyway. We’re allowed to just keep our old ones, especially for international travel (computers can be searched at borders, this way we only load what’s essential and if it’s stolen it’s not a big deal).
ShawnyMcKnight t1_j6mzcwb wrote
Exactly, if I sent it to be destroyed I would want just that.
Red__M_M t1_j6nhnh4 wrote
I work in healthcare and laptops are almost always intentionally destroyed not repurposed. A laptop can contain absurd amounts of personally identifiable data and if it is lost then the fine for violating the Health Insurance Portability and Accountability Act (HIPAA) can quickly exceed $1M. It starts at $100 PER RECORD! Now imagine a nurse that sees 10 patients per day for 5 years. Or how about a person doing claims review on 100 claims per day? Then there is me who processes millions of records all the time.
Since a loss of information could be so costly, it is much easier to just destroy laptops than to try to format them. One of my former employers would take old hard drives and run a government format on them. Next they would erase them (again) with a strong magnet. Then they would shred the devices in house. Then they would give the shreds to a secure documents destruction company who I think would melt things down. Admittedly that was a bit over the top, but my point is that hardware destruction is the norm in healthcare.
pm_me_your_buttbulge t1_j6pfz5b wrote
SSD's don't delete like an HDD. Recovery, without modifying the settings of the SSD, is non-trivial. One dd if=/dev/urandom of=/dev/sd0 and you are not recovering that data. I've yet to find a recovery company capable of getting any useful data even when given the location of a text file and all they had to do was tell me what was in the file and nothing else.
It's become a phobia for quite some time now because of the laws.
It turns out the theory that some with an electron microscope could extra several layers of data was very wrong but people took it as gospel. Turns out it's an order of magnitude more difficult.
Most recovery is done from a 'they deleted the file and turned the machine off' type situation. Meaning no actual wiping occurred more than pointers to the file.
Specifically, for SSD's, it depends on the trim setting on your drive.
But even for HDD's, one solid dd wipe to full and there is not going to be any data recovery.
Now if you're talking hard drive made before the late 90's then some things can get weird and a few other factors may come into play but most of those hard drives are long dead now but even then it's still extremely difficult to recover data that's been zero'ed.
> but my point is that hardware destruction is the norm in healthcare.
It's also the norm in the federal government for similar reasons.
frosty_pickle t1_j6p42sn wrote
Having benefited from some data recovery companies in the past, sometimes data that’s erased is still there. That being said a there are some thorough formatting procedures which do a damn good job of cleaning everything out. But if your it department is overwhelmed with other things and information security is vital then a shredder does a pretty good job.
DMarquesPT t1_j6mnv5a wrote
This is not Apple’s fault. In order for Activation Lock to be an effective security measure and theft deterrent, it must be strict. If it could just be bypassed, then thieves would know how to do it.
The IT managers of these companies can easily unlock the devices when wiping them so they can be resold, donated and generally used by others. They’re the ones at fault here
Shavethatmonkey t1_j6nasvj wrote
As I said in another thread we had a pile of Macs at work that had activation lock issues and Apple had refused to help. We bought them on the corporate account through the Apple store and they still would do nothing to unlock them. It was ridiculous.
vanhalenbr t1_j6pb5ii wrote
Ridiculous is the company not using proper MDM and blame others for their mistakes.
DMarquesPT t1_j6ngdr5 wrote
That’s definitely not good. Supposedly they’ll unlock them if you provide proof of purchase but I never dealt with that so I take it it’s not as simple as it sounds.
Of course, if you’re a legitimate owner (as in, there’s no chance they were stolen and resold) you should be able to unlock them.
HaiKarate t1_j6n6x6h wrote
A more reasonable policy would be for Apple to make the Activation Lock time-limited (like, for 6 months or a year) UNLESS the owner reports the device as stolen. If the device was reported as stolen then Apple can make the Activation Lock permanent.
major_glory_v2 t1_j6p8oub wrote
This is a great idea imo! Dunno why you're getting downvoted - The number of people who lose access to old email accounts or have family members die or are gifted apple stuff and don't know the original apple id is just going to keep growing and apple don't give a single fuck about the waste created.
ACCount82 t1_j6n1nat wrote
This is definitely Apple's fault. They made a lock that turns a functional device into e-waste and cannot be removed.
If they gave a shit about environment, they would make this lock removable - with removal wiping all encryption keys, essentially destroying all the data on the device. But that's Apple - they only care about three things, and those things are: control, PR and profits.
DMarquesPT t1_j6n325r wrote
What do you mean “cannot be removed?”
What you’re describing is exactly what happens when the user clicks “erase all content and settings”: it wipes the encryption keys, removes activation lock and resets the device to factory settings.
Is your argument that anyone should be able to do this when they stumble upon a locked Apple device? How would it prevent theft then, if the thieves could simply wipe the device and set it up as their own or resell it?
The responsibility is on the original owner to wipe the device properly and remove activation lock if they intend to resell it or donate it.
I don’t understand how Apple is responsible for IT managers not doing their jobs properly
Aperron t1_j6n4c3m wrote
You clearly aren’t familiar with how much perfectly usable material people (both individuals and organizations) discard at recycling depots that aren’t going to go through the hassle of even a single mouse click for something that in their mind is trash and they’re throwing in the garbage. Working LCD televisions, 5 year old computers, appliances replaced because they didn’t like the color anymore etc.
In the past when drives were removable these places would typically pull them and either destroy and replace or run the disks through automated DOD multi pass erasing machines, do a fresh install of the OS and throw it out in the thrift store portion of the depot for $50-100 to cover the overhead of doing so.
Occasionally you’d get the odd stray machine with a bios lock that could be a parts donor for one of the other pallet load of the same machine that got banged up in the process of being thrown away, no big deal.
Now it’s getting to be a majority of devices coming in that are encumbered by some sort of lock, cloud service login or similar (like those sonos speakers that the company encouraged people to software brick and drop off at their local recycler). This is not unintentional on the part of the manufacturers.
DMarquesPT t1_j6n6i0m wrote
I am perfectly familiar with that, I just don’t get the argument that activation lock (a useful security feature that has effectively reduced theft due to its reputation) shouldn’t exist because some users or orgs can’t be bothered to deactivate it.
Just recently I bought a couple outgoing iMacs from work, including a model with a T2 security chip, and IT obviously went through “the trouble” of resetting the device to factory settings and removing the lock. It’s not that hard, and leaves the device perfectly capable of being used by others.
Aperron t1_j6n7hwv wrote
That’s all well and good, but doesn’t change the fact that these perfectly reusable devices are already accumulating and will continue to accumulate in ever increasing mass quantities at recycling depots across the country where there is no possibility to do the ecologically and socially responsible thing and ensure they get a second life as a usable device for someone who isn’t suited to buy brand new.
Rendering mass quantities of usable equipment as at best a token fraction of its raw input material cannot be allowed to be classified as a sustainable practice. Any sustainability labels or accreditations need to be removed from both Apple and any enterprises that demand destruction of depreciated assets if that is to continue. Cut the greenwashing, call it what it is.
Willing_Definition71 t1_j6ndcnb wrote
Its not Apples choice, stop pretending it is
Aperron t1_j6ndvun wrote
Apple created the software mechanism in question, where it didn’t exist before and changed the status quo from one where it was trivial to salvage anything physically intact entering the waste stream for reuse to one where it was in many or most cases impossible.
That’s not even getting into Apples lobbying efforts at the individual state level to implement “sustainable “ ewaste disposal programs where the primary focus was physically destroying any usable hardware as quickly as reasonably possible after being discarded.
Willing_Definition71 t1_j6ne6rg wrote
Sorry you don't understand corporate security, but no amount of talking yourself in circle will make your view popular
Apple devices are more recyclable than most on the market
Aperron t1_j6own56 wrote
Recovering some raw materials from a usable item is not recycling. How hard is that to understand. Recycling when conducted properly has a primary goal of salvage and return to use for the original intended purpose of an item. Recovery of raw material is the absolute worst case last resort in recycling.
Shredding up a bunch of 5 year old computers that are the product of a considerable amount of human labor, energy, raw materials and transportation activities when they still have years of serviceable life remaining is not recycling, and it is not sustainable. Full stop.
Any circumstances making that a common outcome need to be challenged and mitigated. Both on the part of manufacturers and the original end users or purchasing institutions.
DMarquesPT t1_j6nfzc0 wrote
I’ve bought plenty of used Apple devices over the years. That’s how I could afford my first iPhone and iPad as a student.
The only reason they’re accumulating is because the previous owners didn’t do their due diligence before getting rid of the devices. Removing activation lock when wiping a device is not hard.
The worst part of this is misled corporate owners who believe the myth that they have the destroy the computers/drives “for security reasons” when erasing the encryption keys does the job of safeguarding their deleted data on disk.
ACCount82 t1_j6n48d3 wrote
>Is your argument that anyone should be able to do this when they stumble upon a locked Apple device? How would it prevent theft then, if the thieves could simply wipe the device and set it up as their own or resell it?
Exactly that. It's not Apple's job to police for theft. And they definitely shouldn't be doing it if they do it so poorly it turns thousands of devices into e-waste.
DMarquesPT t1_j6n551p wrote
It’s not Apple turning devices into e-waste, it’s users who left their credentials on a computer before disposing or selling it.
If they give you (the original user) a way to unlock it and you just choose to ignore it, how is that on them?
Apple devices are targeted for theft more than probably any other brand in the world due to high resale value. Activation Lock being a PITA makes them potentially worthless to would-be thieves.
It’s only an effective deterrent if it can’t be bypassed by anyone but the original user. Otherwise those bypasses can be exploited.
ACCount82 t1_j6n5ptt wrote
It's definitely Apple turning devices into e-waste, because they designed a system that has its sole purpose in turning devices into e-waste. Then they included it in every new device with no obvious way to disable it, and no way to bypass it.
If they have done literally nothing, we wouldn't have this problem and we wouldn't be having this conversation.
DMarquesPT t1_j6n778r wrote
When you erase an Apple device it says right there “remove activation lock”. Isn’t that an obvious way to disable it?
If they had done literally nothing, their devices and users would keep getting targeted for theft (obviously they still are, but to a lesser extent)
MartinSchou t1_j6nxu7q wrote
> It's not Apple's job to police for theft.
They aren't policing theft. They are deterring theft.
MaoWasaLoser t1_j6o4qhh wrote
> If they gave a shit about environment, they would make this lock removable
It is removable.
Why do so many people on reddit spend their time hating on Apple for shit they don't even do? It's fucking weird man.
Any modern MDM solution will allow you to remove the activation lock before wiping the device.
tristanjones t1_j6n3cz1 wrote
No they didn't. You can wipe the machine and reset it.
ACCount82 t1_j6n44c2 wrote
If you have the original Apple ID that was used to set up this machine. You don't have the original Apple ID that was used to set up this machine.
tristanjones t1_j6n767x wrote
Yes you are responsible to keep track of your keys. This is true for hundreds of services, and essentially all technical services. This is on a companies IT to properly manage their property. No one else
gurenkagurenda t1_j6n60k5 wrote
The way they’ve done it is an actual deterrent to theft, and what you’re describing wouldn’t be. I agree that there’s a trade off with sustainability, and maybe it’s the wrong trade off, but at least acknowledge that there’s value to the customer in the approach they’ve taken.
TbonerT t1_j6nghjo wrote
The activation lock doesn't change the physical properties of the device. You can still take it apart and recycle much of it.
ACCount82 t1_j6ni2zj wrote
Reduce, reuse, recycle. In that exact order.
A usable laptop can be wiped and resold, and could be used by someone in need of a laptop for years to come - reducing the need for new hardware, and reusing the old hardware. A laptop that was turned e-waste by an unremovable software lock can only be torn down and send into recycling, best case. Dumped into an e-waste graveyard in some hellhole country, worst case.
TbonerT t1_j6nuic0 wrote
That’s part of the sustainability, though. Large portions of it don’t make it to the 4th step: waste. It mostly resides in the 3Rs, which is better than most other companies can say.
BadLuckLottery t1_j6mr8qk wrote
> This is not Apple’s fault.
They decided to put their customer's property rights (and likely Apple's profits) above the sustainability of their product.
I'm not saying that's a "bad" tradeoff but it is a choice they made so it is arguably their "fault". Theft deterrents aren't a free lunch.
amanset t1_j6msmf1 wrote
The only choice was in IT managers not wiping and deactivating the lock.
Robot_Basilisk t1_j6n1p7u wrote
Did they choose that, or did their companies make the decision? It's easy to imagine an MBA telling an IT worker not to waste time on something that's not going to generate obvious, immediate value for the company even if it's the right thing to do.
Timbershoe t1_j6ng3zn wrote
If you read the article it states a major reason is they are given for secure disposal.
The resellers want to unlock them for resale, but can’t, which is exactly the reason the lock exists.
Robot_Basilisk t1_j6nwmn1 wrote
You didn't answer the question.
Timbershoe t1_j6nyp5z wrote
Seriously?
You could just read the article, but okay.
Some of the companies made the decision to withhold the activation lock, as they specifically and deliberately do not want the machine reused.
To answer your specific question, the article does not specify if that was the IT manager or the company as a whole. It’s a mystery that you’ll never get an answer to, and it’ll eat away at you until the day you die.
DMarquesPT t1_j6mzmhj wrote
This doesn’t make Apple products any less “sustainable”. Simply makes them more secure, but that security can easily be disabled by the original owner when reselling.
That’s like saying if someone sells a car without the key, the car is less sustainable because the new owner can’t use it without the key.
Maybe it never should have been sold without the key in the first place.
Aperron t1_j6n2zcm wrote
If keyless but otherwise drivable cars were piling up in storage lots the way apple devices have been since iPads started featuring activation lock have been at recycling depots, they wouldn’t start shredding all the cars up, they’d be changing out the ignition tumblers and coding new keys.
There’s no reason a server side mechanism at Apple can’t be put in place to release activation lock after notifying the registered email address and a waiting period passing with no response. As part of such an unlock, a secure erase of the storage would mean there are no security implications and usable hardware would be diverted from becoming needless waste.
SezitLykItiz t1_j6n77qk wrote
I can't believe you're serious right now. You're saying Apple should keep a database on when each computer was locked, and after a certain point automatically erase and unlock that computer.
For all we know the computer would have been in use the whole time and just not connected to the internet. I myself have a computer that's in my storage for one year and I don't want anyone touching it/erasing it. Yes I have back ups but I still dont want that.
Aperron t1_j6n7zr7 wrote
Apple already has a database matching devices with their iCloud email addresses that were used, that’s why it’s possible to log in and release the lock on your own devices.
All they need to do is have a web portal where a recycler can submit a list of serials for hardware they have, push an email or notification to the registered account and check if it’s been marked stolen using FindMy and allow an unlock and wipe if everything checks out after a set period of time.
SezitLykItiz t1_j6n8b2u wrote
The recycler can already do this without Apple's help.
Aperron t1_j6n8wzo wrote
No, they cannot. Sometimes they can even wipe the storage using the recovery boot menu, but as soon as the device contacts apple when connected to a network it’s going to prompt for iCloud credentials and not allow any further use without them.
You clearly have zero experience in this area, this is and has been a very well known issue with iPads entering the waste stream for a very long time, and everyone involved knew it was coming to computers as well when Apple announced the T2 chip and how it was going to be integrated with activation lock.
TbonerT t1_j6ngang wrote
A macbook can be stripped and the aluminum and battery recycled regardless of the activation lock.
BadLuckLottery t1_j6nlms4 wrote
Sure but re-use of electronics is way, way more efficient than recycle.
TbonerT t1_j6nuuim wrote
Yes, but don’t let perfect be the enemy of good.
bristow84 t1_j6myasn wrote
Alright, I'll give companies shit for things that are their fault but this one is not Apple's fault.
This is purely the fault of IT Departments that don't have proper policies and MDM in place for employees to prevent this from happening. It's also the fault of organizations that don't have proper offboarding procedures to remove these kinds of accounts from devices as well.
If companies are not stopping workers from entering their own personal iCloud details onto work devices, then all the devices ending up in landfills/being recycled are because of them, not Apple.
HaiKarate t1_j6n831n wrote
Wiping the drives of decommissioned laptops and PCs is an extremely LOW priority for large enterprise IT departments. Not only have those units been depreciated on their corporate taxes, but also spending hours cleaning them up to resell for pennies on the dollar is hardly worth it to a company making billions of dollars.
Apple has been dealing with corporate IT for over 4 decades and is fully aware of this process. Apple even has their own large enterprise IT department, and experiences this, too.
SomeRandomPerson66 t1_j6nhp9m wrote
I work for a company that's has about 350 employees. And IT has 8 employees including me. We repalce between 70 to 100 laptops every year around fall time. I haven been with the company for 2 years and seen it twice.
New laptop are ordered. Joined to our Microsoft intune program. Given to users. Old laptop taken from them.
Once the old laptops are backin the hands of IT. Remove/delete them from our Microsoft intune program, mark them as retired in our inventory system and toss them in a electronic relying bin that's picked up by a company and they wipe/provides certification of data distribution.
vanhalenbr t1_j6pazjl wrote
Apple MDM has a way to allow secure and quick wipe. Because if set the MDM to ecrypt data you can just erase the header and that’s it. Even if you recover the data it’s encrypted and the key is erased from the Secure Enclave
PropOnTop t1_j6m4tuh wrote
"How many of you out there would like a 2-year-old M1 MacBook?"
This man knows his audience.
redvitalijs t1_j6o70gl wrote
At this point let's just attach a dynamo to Louis Rossmann for infinite energy.
Neonlad t1_j6o3yv8 wrote
There is nothing new about this sort of thing. Anytime any hospital/government agency/ or company dealing with confidential information needs to decommission a device it is by procedure destroyed at a recycling plant as part of it’s lifespan in order to protect the data from being recovered and stolen.
Any time those devices are recirculated it is a breach of contract by the recycling company and puts the data at risk. This might sound like a waste, and it kind of is, but this is standard security practice and is the only way to be sure data is completely protected on an old device.
The only thing Apple is doing here is ensuring that these recycling companies can’t say they destroyed something and instead turn around and sell it, which is super common.
Source: I used to work at a grungy computer repair shop and we would be the ones buying these devices from the recycling companies, currently a Sr Sec Analyst so I’ve seen both sides of the coin.
Aperron t1_j6onpwi wrote
Sounds like a reason to require removable storage devices if total destruction of the storage media is the only acceptable means of security, or lose any sustainability accreditation as a manufacturer.
Enterprises requiring this as a condition of their device disposal policy should also lose any sustainability awards or accreditations as well because they aren’t really recycling anything, recovering a few grams of precious metal and some plastic that isn’t even usable to produce anything of quality is only very marginally better than throwing everything in a landfill.
Neonlad t1_j6oqn90 wrote
There is also the consideration of things stored in flash memory and processor and motherboard caches which while requiring pretty complex know how to get anything out of are still possible. It’s not just the hard drive.
These devices in theory are being recycled and I would say it’s easier to recycle Apple devices as they are made of mostly recycled materials already and most of that is aluminum which is very easy to recycle. Until you can find a way to ensure there is no way to discover data off an old device there is no other way than destruction.
The companies you are speaking of are mostly like I stated: government institutions working to protect state secrets, hospitals looking to protect patient records, financial institutions like your bank or insurance company protecting your financial info. A lot of this is done to protect people like you from getting their data stolen, it’s not just to protect themselves. Additionally many of the institutions I mentioned are bound to security standards set forth by government institutions as a minimum to prevent leaks so it’s not necessarily up to them, it’s just good practice in general although not every company employs device destruction and it’s not for every class of device.
tossawaynsfw9 t1_j6n9xia wrote
Can someone explain what this is?
Willing_Definition71 t1_j6ndq6s wrote
Companies / Users can lock an Apple device to ensure it can't be used if stolen (even if reset / formatted)
The recycling company was asked to destroy these devices by a company but they are complaining that they could sell them instead
If I were asking a company to destroy the hardware and read this, they would lose my buisness immediately
tossawaynsfw9 t1_j6nubzv wrote
It makes sense though, why are they destroying hardware this new? Just seems like an absolute waste.
I get it that it's for a security reason, but still.
Willing_Definition71 t1_j6nz8dh wrote
Only way to be sure you don't leak confidential data is to destroy the hardware, companies like this have been destroying hard drives for a long time, they hardly ever resell them, with new laptops there is no separate hard drive + there is other sensitive data outside of that.
They could organise to sell the computers without the motherboards to repair stores possibly, that way people with broken screens may be able to swap in a motherboard etc, but i doubt the recycler wants to do that work.
If the recycling company sold these locked computers instead of destroying them to a bad actor who sites on them hoping someone finds a way around this lock they would sued into non existance.
Chef_BoyarTom t1_j6nc54z wrote
I don't see the issue. Even if Apple refuses to do anything...... businesses can just refuse to buy Activation Locked Macs. If it's the owner selling their computer, they retailer can just show them how to unlock it. And if it's a thief, now they have no way to sell their stolen goods and no reason to keep stealing them.
bastardoperator t1_j6occxy wrote
No it doesn't. Just because you recovered a bunch of macbook pros and want to resell them doesn't mean we should forgo the security we've been afforded. I want my stolen macbook to be useless to thieves. If you're a recovery service make sure the previous owner unlocks them or they're going to the dump.
Ok_Marionberry_9932 t1_j6ml3am wrote
“To be fair to Apple”? No, how about fuck Apple for doing this. Seriously. Fuck Apple. They know exactly what they are doing.
SlowMotionPanic t1_j6mvjfg wrote
Complaining about this is no different than the people complaining about taking ownership of their Apple account keys and then being permanently locked out despite the numerous warnings.
These machines are supposed to be destroyed and parted out. Not resold as-is. Otherwise IT departments would remove the activation locks.
I, for one, want my enterprise laptop to be totally useless if someone swipes it at a hotel.
Do you also blame Apple for rendering iPhones inoperable if the actual owner reports them as stolen to dissuade theft and prevent data recovery?
WelpIGaveItSome t1_j6mb1ix wrote
Well this is exactly why mac based companies hammer it in to NEVER sign into your apple ID unless your someone important and 9.9 times out of 10, you aren’t.
Kandji and JAMF also have features that disable app store and the ability to sign into AppleID for this exact reason. This is probably a big problem at resellers but for most companies not as much.
Plus if this is a corporate laptop, your local apple store (or the tech) can just wipe the hard drive and bypass most of this anyways. I don’t see how activation lock is a problem as long as the user doesn’t treat their work Mac like a personal computer.
TraitorMacbeth t1_j6mjlfu wrote
Regular drive wipes don’t fix activation lock
WelpIGaveItSome t1_j6mmfbl wrote
This article says 2020 macs, if your scrubbing the hard drive properly M1’s allow bypass cause your reinstalling the computer.
Intel macs will give you a hassle which yeah your e-wasting them regardless cause butterfly clip keyboards suck
tomistruth t1_j6mc9q8 wrote
I am not familiar with that problem but have a company where employees use macs. Can you expand on what you said a bit? Does this affect all newer models? How are you installing apps if you don't sign with your appleid?
joeyicecream t1_j6mig17 wrote
If you register it with your Apple ID it’s going to require your Apple ID to unlock it.
Also he’s a bit wrong about this as well, if you send a remote wipe to a corporate Mac it’s going to be activation locked by whoever registered it initially.
WelpIGaveItSome t1_j6mmu8g wrote
Why would you remote wipe a mac? Either they send it back to their IT department for wiping or the laptop is being declared lost.
Hell you don’t remote wipe macs at all cause if the user isn’t an admin, incompetent or something going wrong with partitioning theres nothing anyone can do cause I can’t remote into the computer.
joeyicecream t1_j6mors6 wrote
Ok I was a bit wrong in my understanding of the issue. If you read the article it says that you wipe the Mac and then it twitters unlocking at the next setup. Big corps are wiping them and selling them off in large batches.
When the refurbishing company gets them and tries to set them up they’re unable to get past that step.
Even a step beyond that I prefer that hard drives are totally destroyed depending on what the device was used for.
WelpIGaveItSome t1_j6mmacy wrote
Depending on your MDM (Mobile Device management) environment or lack of thereof you can either grab the .dmg and install things manually or preload software on the mac through a process known as “imaging” since every company requires a specific set up for employee computers UNLESS your a small company where you don’t have a dedicated IT department then everything changes.
Now there are 2 popular MDM solutions for Mac (Windows is a different beast) which is either JAMF or Kandji which can help preload software onto the computer through “0 touch” which preassigns the admin account and allows the computer to download everything the user will need a base level or loading the MDM profile manually, which will be required at some point.
With these 2 MDM solutions you can also disable app store cause you should never be signing into apple ID on company property unless your the CEO… which at that point i don’t care.
Corporate IT works differently from local store side IT, a lot more back doors or direct connections to apple to solve these issues. And i can go into detail about Kandji and JAMF but I’m not JAMF certified and only demo’ed Kandji
stickmanmeyhem t1_j6nxn7z wrote
As long as the devices haven't been released from the Apple Business Manager account for the organization, IT can disable both User-Initiated (Locked to a user's personal Apple ID) and MDM-Initiated (Locked to the ABM Apple ID) Activation Lock. That's not a good reason to stop users from logging in to their personal Apple IDs on the devices. Most of my org's user-assigned macs/iPads allow the user to log in to their personal Apple ID, and I've never once had trouble disabling the Activation Lock--even if the device was wiped before disabling it.
i_dont_know t1_j6mwuwy wrote
This is more a problem with companies not properly managing their Macs with an MDM than an issue with Activation lock.
Jamf, Mosyle, Addigy, Intune, Meraki, etc all have the ability to release an activation lock when wiping a Mac.
And I find it hard do believe that a company managing 3000 Macs doesn’t use an MDM.