Anyone ever get privacy concerns with Apple Store iMac repairs?

[jordanz]

Fully aware how paranoid and naive this may come across... But I've never had an all-in-one computer before, and I've luckily never needed anything fixed by Apple. Now that I've ordered my first iMac (27"/i7/512/M395X) I'm wondering what the procedure is should anything go wrong?

1. Do you ever have to give the Apple geniuses your OS username/password as part of the repair process? Or can they test if the machine works without this? Let's be honest, I'm sure these guys go through heaps of computers a day and couldn't care less what was on it - but still, surely I'm not alone in being uncomfortable with that still for some reason.

2. Do you take any data privacy precautions just for this purpose? FileVault relevant here? I also read some throwaway comments on here about people putting their user directory / OS install on an external SSD just for this reason. So they can unplug the drive and take the iMac to Apple for repair with no worries. However with these new internal 1800mb/s+ SSD speeds there's no way I'm not taking advantage of the internal SSD...

Anything else worth knowing? If you've gone through the repair process, share a similar concern, or feel like reminding me how paranoid I'm being, feel free to chime in.

 

[Chytin]

You just tell us, should we be paranoid as well? I mean, what are you trying to hide on your Mac?

 

[garyleecn]

You just tell us, should we be paranoid as well? I mean, what are you trying to hide on your Mac?

have you been using keychain/icloud keychain? all it takes is your user password (which you probably gave apple store) to unravel ALL your saved passwords. EVERY SINGLE ONE, from wifi password to your web logins..

 

[jordanz]

have you been using keychain/icloud keychain? all it takes is your user password (which you probably gave apple store) to unravel ALL your saved passwords. EVERY SINGLE ONE, from wifi password to your web logins..

Yup, this. Not to mention iMessages, emails, Paypal/bank logins etc.

I believe Tim Cook when he says privacy is very important at Apple. But Tim Cook isn't the one opening up my machine. Call me crazy but the idea of my passwords / iMessages / files just sitting in some kid's hands for a week bugs me.

 

[ravinder08]

Nothing to worry about IMO. Unless you got something depraved or illegal to hide?

 

[jordanz]

Yup you caught me...

No disrespect - but I think that's a slightly ignorant attitude to take. Was reading an old thread and this came to mind:

Trust no-one with your private data. What's often seemingly innocuous information to you, is a minefield to the wrong person

I honestly have no idea what to expect though, which is why I was asking. Would anyone like to please comment on my original questions? Thanks !

 

[redheeler]

1. Do you ever have to give the Apple geniuses your OS username/password as part of the repair process? Or can they test if the machine works without this?

Not from my experience, they can boot into a separate OS in-store. They might ask you to log in to check settings or anything software-related.

2. Do you take any data privacy precautions just for this purpose? FileVault relevant here?

Yes, I've enabled FileVault encryption. Nothing more needs to be done.

 

[maflynn]

Its my data and I choose not to let others see what I have. I don't have anything embarrassing but I do have personal stuff, including my taxes, and financial information.

The last time I sent my computer in for repair to apple (It was many many moons ago), I wiped the drive (Yes I had a backup), set up an account and then let them have at it. When I got it back, I restored the backup.

 

[Toydoll]

Nothing to worry about IMO. Unless you got something depraved or illegal to hide?

Do we still say that mantra in 2015?

Why would you even say that?
Is it ok if I put up a live camera in your bedroom? You're not doing anything illegal, are you?
I know it's not the same, but the principle very much is!

 

[panzer06]

No, I never, ever provide my username/password to service personnel. Heck, I never gave my spouse/children login information to my systems/devices.

If it must be serviced I clone the internal drive to one of my backup devices and do the internet restore. That way they can have access to a completely clean system to test what they need to.

When it returns I just clone back to the internal (tho some systems just boot from TB drives so the internal drive still has the original load)

I'm not particularly paranoid nor do I have much of anything I want to keep hidden. I just feel no one needs my login when they have their own computers and certainly service personnel can just use the standard load to test. Such an approach does preclude all application compatibility testing but I can do that myself.

 

[ravinder08]

Do we still say that mantra in 2015?

Why would you even say that?
Is it ok if I put up a live camera in your bedroom? You're not doing anything illegal, are you?
I know it's not the same, but the principle very much is!

How is that the same thing??

 

[Toydoll]

How is that the same thing??

Like I said, they're not the same thing, but they are based on the same principles.

You, more or less said:
-If you're not doing anything illegal then you shouldn't worry about other people searching through your computer.

Then I said:
-If you're not doing anything illegal then you shouldn't worry about having a camera in your bedroom.

Heck, if you put the camera there I'll even promise not to watch it (just like the technicians promise not to go through your computer). Would you do it?


And again; yes, this is a silly comparison, but surely you understand why it's relevant?

 

[FSMBP]

Nothing to worry about IMO. Unless you got something depraved or illegal to hide?

How are access to all my messages/financial documents/pictures/projects nothing to worry about it exactly? They are not illegal but sensitive data. That's the reason why we have passwords to begin with lol.

 

[26139]

A valid concern, but my thinking is this: had someone been exposed by an Apple Store employee, wouldn't we have all heard about it by now? The computers are all repaired in a fairly open area (accessible by employees), so it would be hard to screw with someone's stuff unknowingly.

Apple was always very careful with passwords and such when I worked there, only Geniuses were allowed to access that information.

You could always lock down you primary account and create a different admin account. That should solve the problem of protecting your data while still giving them full OS access.

 

[hfg]

Although I have never had to test this ... I always create a dummy "Admin" account with a separate password to give service personnel if required, rather than my user account. You need to do this while the computer is fully operational, of course, as a hardware failure could prevent transferring your data and clean installing, or creating the service account after the fact.

 

[26139]

Although I have never had to test this ... I always create a dummy "Admin" account with a separate password to give service personnel if required, rather than my user account. You need to do this while the computer is fully operational, of course, as a hardware failure could prevent transferring your data and clean installing, or creating the service account after the fact.

Great idea to do anyway, so you can log into the dummy, "clean" admin account to troubleshoot errors that may be happening only in your main account.

 

[panzer06]

Great idea to do anyway, so you can log into the dummy, "clean" admin account to troubleshoot errors that may be happening only in your main account.

A valid concern, but my thinking is this: had someone been exposed by an Apple Store employee, wouldn't we have all heard about it by now? The computers are all repaired in a fairly open area (accessible by employees), so it would be hard to screw with someone's stuff unknowingly.

Apple was always very careful with passwords and such when I worked there, only Geniuses were allowed to access that information.

You could always lock down you primary account and create a different admin account. That should solve the problem of protecting your data while still giving them full OS access.

Wouldn't service personnel access to any admin account allow access to your data unless that vault feature is activated?

Just seems cleaner to not have your data on the drive at all prior to sending off or leaving it at an Apple Store.

 

[Weaselboy]

Wouldn't service personnel access to any admin account allow access to your data unless that vault feature is activated?

Yes exactly... if they have access to any admin account on the machine, they can access your data.

Why take the chance. Just erase and do a clean install and set Apple up with a test admin account for their usage. Then restore from your backup when you get the machine back.

I don't think this is being paranoid, it is just common sense.

 

[fob]

Hello Edison Chen

 

[Chytin]

Yup, this. Not to mention iMessages, emails, Paypal/bank logins etc.

I believe Tim Cook when he says privacy is very important at Apple. But Tim Cook isn't the one opening up my machine. Call me crazy but the idea of my passwords / iMessages / files just sitting in some kid's hands for a week bugs me.

If this concerns you, don't use iCloud Keychain. Important passwords should live in your brains. You should not let a device or service remember it for you. Convenience comes at a price.

 

[Chytin]

How are access to all my messages/financial documents/pictures/projects nothing to worry about it exactly? They are not illegal but sensitive data. That's the reason why we have passwords to begin with lol.

If you worry about sensitive data, you can lock them in folders, store on an external, password protected, drive.
If you have such data, you should do your homework. I mean, come on, is this really your first steps in the digital world?

This mantra is as true as it was in the nineties and will be in the foreseeable future.

 

[jordanz]

If this concerns you, don't use iCloud Keychain.

It doesn't concern me at all, because I don't give my computer password out! Even if my phone or computer gets stolen, they don't have my password/passcode so using keychain isn't the issue.

If you worry about sensitive data, you can lock them in folders, store on an external, password protected, drive. If you have such data, you should do your homework. I mean, come on, is this really your first steps in the digital world?

Again, I think you're missing the point. You just suggested a password protected drive, but we're talking here about the unique situation where if we are required to give Apple our password and trust them with our digital life, how we can try to minimize any privacy concerns. Or do you believe that every single Apple store employee is an angel sent from above we can trust to always do the right thing?


Overall there's been some good advice in this thread, thank you @Weaselboy @maflynn @panzer06 (and @Toydoll for that quality comparison ) It seems like cloning the drive, doing a clean install & restoring after Apple's done is the best way to go. Kind of annoying - but I do feel the need, and it's not like it's going to happen often. Mostly just glad to see I'm not alone with this!

 

[OLDCODGER]

Although a little paranoia is healthy, I'm much more ornery. I don't use the cloud, or keychain, and all data is on an ext drive.

I do this ... because.. MYOB.

 

[FSMBP]

If you worry about sensitive data, you can lock them in folders, store on an external, password protected, drive.
If you have such data, you should do your homework. I mean, come on, is this really your first steps in the digital world?

This mantra is as true as it was in the nineties and will be in the foreseeable future.

The login password is the lock. My point was it's not a good move to provide someone your login password, especially a retail employee.

And no need to be so unnecessarily condescending. You're the reason people can't have civil conversations on MacRumors.

 

[maflynn]

I have worked at computer stores way back in the day and I've seen technicians dig through the drive. None of them did anything nefarious but they were snooping. This was many years ago when the computer industry was still relatively young. Still that left an impression on me and I opted to take a very conservative approach when sending my computer in for repair as I mentioned