About a month ago my wife broke her pixel phone. It couldn't be turned on so we couldn't wipe it.
We contact Google and used the device care to get an RMA.
Today someone posted nude pictures of my wife and I to her social media accounts. They accessed her Google account and tried to lock us out. They used her PayPal to send someone $5 (a test probably).
How could this happen? Well Facebook and Instagram show logins from Texas. The old phone still showed on our find my phone app and it was in Texas. Guess where we sent the phone for RMA? The last ping from the old phone (which was today) was the same as the place we shipped it. The exact location down to the very building. Clearly they fixed the old phone and since it wasn't wiped, was still logged into her Google account.
I called Google and they basically said "woah that's fucked up we'll get back to you". We filed a police report but I don't expect they will do anything.
What are my options here for sueing Google? I know that sounds insane but this breach of trust and privacy is egregious. Hundreds of people have now seen my penis including our friends kids. It's really fucked up.
Any advice on what to do here?"
my big question is whether this phone is password enabled. also this stinks because i know the first comment is "well do a factory reset" but if the phone doesn't turn on, etc. then i don't believe that is possible (short of possibly ADP which is out of the reach of 99% of people)
As someone on Twitter replied to a similar comment [0]: "Phones are cheap, just buy another" WOW the privilege.
[0] https://mobile.twitter.com/mojonojo3/status/1467453133538611...
If the phone doesn't turn on you can still queue up a wipe from Find My Device which would've prevented this.
And no, it was clearly not "password enabled".
That's assuming that a competent technician couldn't disable that feature. For example, it's hard to ensure that some software issue (eg: software/hardware interaction) has been resolved if you just wipe the device!
I read all the comments before it was deleted. In one of the replies the OP stated the phone had a smashed screen and would not turn on*, but had no screen lock/password
*his words not mine, it is unclear if he knew the distinction between zero display output and not turning on
Everyone made assumptions that the process for developing photos was anonymous and private - you dropped off a canister, and picked up photos and negatives in a clean, sealed envelope a few days later.
How wrong we were.
The process was semi-automated using these gargantuan machines in a back room, but the staff usually looked at each frame as went through the process. They made extra copies of spicy ones which went straight into a special binder kept on a nearby shelf. This shop had two or three of these binders.
Some years later I was in another country and photographed violent demonstrations right outside the hostel where I was staying. When I went to pick up the photos, the staff made it clear that they had seen the images. They were supportive (they wanted to get the word out internationally) but what if copies had been sent to the local intelligence services instead?
Nowadays the tech is different, but when there are no barriers to viewing private information, we see similar types of behavior.
Keeping a spank bank isn't permitted but you should never assume your film will be private if it's being processed by a lab.
[0] Code Warriors, Stephen Budiansky (https://www.penguinrandomhouse.com/books/236807/code-warrior...).
Certainly not state secrets. But they do need to know trade secrets. For example: exact (official) replacement products, procedures, and documentation steps in order to ensure the device doesn't show up as "this is fraudulent or pirated or hacked or modified or whatever the fuck the copyright overlords demand can't be done".
I wish phones could boot into some kind of field tech/diagnostics mode where all aspects of hardware could be tested as thoroughly as needed. Maybe there exists one and I’m just ignorant?
If the phone didn't even turn on enough to go into some DFU mode, I guess I'd be just as fucked.
Just had an idea to get a burner phone, fill it with my own nudes and give it to repair. Let the perverts have nightmares for a while.
That says it all. You can't expect them to try 24/7 until they get a confirmation. In addition, I doubt that they would have included the SIM card in the RMA, which means that the device would not be online through mobile, and there's no reason for the repair shop to connect the device to the WiFi as the first step, so that any erase-request can come through.
You either trust the RMA process or you burn your phone.
But since the old phone was still on OP's "Find My Phone" account, and was successfully pinging the service, clearly it had been connected to WiFi, so a queued remote wipe should have worked.
Sure, this won't catch all cases, but if you are unable to factory-reset a broken phone before sending it in, it would be useful to instruct the customer to queue a wipe online instead. Not perfect, but better than nothing.
Though, this apparently didn't save apple in at least one recent case: https://www.theverge.com/2021/6/7/22522560/apple-repair-mult...
I can't imagine it would. It isn't a contract, just a best practices guide. Apple and Google are still ultimately responsible for what their employees do on the job.
I'd assume it can be done on some device id basis, so 1) Check in phone 2) Initiate wipe 3) put in service tech queue
After that life lession, I always made sure to have a veracrypt partition for this stuff. But a separate, offline device is better of course.
I just used VeraCrypt instead.
I am always worried someone will fix and misuse my old phone.
Both iPhones and Android will HEAVILY complain in your setup process if you refuse to secure them with a PIN or a password.
- Queue up a wipe remotely which will take place as soon as the phone is turned on.
- keep it but mind the battery as it can expand over time
- fix it to the point where you can access then properly wipe the storage with given options on the OS
- if you're ultra paranoid, find software that'll write over the storage, like Dban (i don't have any in mind right now) but if you're already here you might as well destroy the storage physically (see below)
- look into tear down instructions and find where the storage is. Remove and destroy the storage.
Once in fastboot mode, you can connect to pc or another android device to boot to recovery and factory reset/wipe data. It won't be any three letter agency safe, but most data should be lost for any common tech person.
https://developer.android.com/studio/command-line/adb
My phone has a button combination to hold when powering on to get into a recovery mode, then you can wipe it with adb.
And wipe commands that one can send to flash memory chips are sometimes broken too (they might be implemented as no-ops).
Edit: Also, even if you tell it to write zeros everywhere, it might not delete the content, because there is hidden extra memory on flash memory chips.
I usually terminate truly obsolete gadgets that could still contain recoverable login information etc. by physically destroying the motherboard, e.g. by drilling into it or prying off the flash chip. But for non-removable battery types that's iffy; what if you short out the battery and cause it to catch fire? I've just recently found a usable charge a 2012 vintage LiPo battery that came with a robot kit that hadn't been built in all those years.
1. Remove phone case. 2. Desolder eMMC chip after looking it up which one it is online. 3. Put eMMC in old coffee grinder, grind away. 4. Buy new phone.
From a thread about a similar incident on Twitter: https://mobile.twitter.com/mojonojo3/status/1467453133538611...
Can't just tell people 'do not put nudes on your phone' because while it's good advice, it misses the point.
And, of course, whoever does something like this should be strung up by their toenails in the public square.
If that were possible, the FBI would shut it down.
We need to punish the evil behavior. Like you said in your last sentence.
We do punish the evil behavior. And yet this still allegedly occurred. So perhaps the solution is making sure the evil behavior isn't possible in the first place? Just maybe?
I personally didn't reset it when I sent my Pixel 3 to fix the charging port because my Pixel was fully encrypted.
All Pixels are encrypted by default as long as you have any kind of lock method enabled (PIN, password, shape...).
I don't really understand how this person got his files in cleartext and accessible.
> About a month ago my wife broke her pixel phone. It couldn't be turned on so
> we couldn't wipe it. We contact Google and used the device care to get an RMA.Edit: I mean how did they bypass the lock screen?
That said, I’m wondering if Google didn’t farm out their repair work to a 3rd party, leading to this situation.
They almost certainly did, since a large portion of Google's offices are staffed by contractors as well. There is no way they're paying Google salaries and benefits to the guys handling RMA phones.
And that's part of the problem. You send the phone to Google, a company you (very mistakenly) trust, and they immediately hand it over to a lowest bidder shady shop. These services should definitely be letting you know your phone is actually going to AAABob's Phone Repair Shop, and not some magical Google factory center.
Someone can be less than perfect and that can cause them to be victimized.
We should be able to talk about both aspects of this story, perhaps independently.
Some people want to discuss how the offender should be punished, and other people want to discuss how we can behave to prevent being victimized ourselves.
I don't think it's valid to argue that people discussing how to prevent victimization, are somehow "victim blaming".
But it's a fundamentally bad way to approach analyzing safety issues. For those who really want to dig in on the topic, I strongly recommend Dekker's "A Field Guide to Understanding 'Human Error'": https://www.amazon.com/gp/product/B00Q8XCSFI/ref=dbs_a_def_r...
It's nominally about examining airplane crashes. But he breaks down into great detail why the default analytical model is entirely inappropriate in ways that makes real safety improvement impossible. And it's the same set of analytical mistakes you see in a lot of blame-related behavior.
While, ironically, simultaneously demonstrating the opposite.
I don't take nudes but I tend to use my phone as an impromptu photocopier for stuff like bills and receipts, so the photos are full of private info such as account numbers. I worry about that sometimes. For photos that have to be treated with real security (typically the screen of recovery codes when enrolling a 2FA token), I use my old dedicated digital camera which has an SD card, no network connection, and never leaves my bedroom.
Most folks are just going to take nudes and not strategize much and expect them to remain private as part of the typical photo taking and sharing workflow.
What we need, to fix this, is to enforce felony charges against the kind of fuckers who do this, and put them in prison for 20 years, and stop victim-blaming, and stop the insane medieval attitudes about nudity, and slap every single fucking person who espouses this kind of bullshit upside the head, daily, every single day, until society is finally purged of their bullshit, and we don't need anything. fucking. else.
This isn't a product design issue. It's a punish evil people issue.
Nothing nefarious. I'm just not very trusting with my data, and not going to just hand it over like that.
I hear you, and agree wholeheartedly that there is "absolutely nothing wrong with this", but maybe if the topic keeps coming up, people should have less trust in the companies (and their respective flawed human supply chains) that keep our information.... and act accordingly. Unfortunately that's easier said than done these days.
Sure, it's lurid in this case because it was nudes, but this could have just as easily been identity theft or something more mundane but equally wrong for Google to access.
No, this is what we have laws for. What Google did is wrong and if the person responsible cannot be criminally prosecuted, we should seek legislative changes to enable prosecution in cases like this in the future. This is not merely a matter of individuals trusting Google too much. The individuals don't have much choice; that's where the law can step in.
Say I have a bedside table that needs repairs. I send it to a carpenter. If I am fool enough to leave my nude photos in the drawer then I should fully expect the carpenter to have seen them. I'm the fool, he's innocent.
If, however, he takes those photos and sends them to a tabloid, now he's the asshole.
Or in the phone case: if the phone/screen dies, how can you do anything with it before sending to repair?
The world contains bad actors, and we should be having conversations about what are the reasonable steps people should take to protect themselves. The fact that this happened, and that it could easily happen again, suggests that we should take additional care with sensitive data on our phones. Maybe an app for encrypting sensitive photos and that requires a password to access?
Yes, people should feel safe in their tech. People should also feel safe in their homes, but most everyone still have locks, and many people additional layers of security.
I can never tell whether I'm paranoid, or worried for good reasons, but cases like these + mass leaks which happen occasionally are basically the reason why I don't have this secure feeling at all for anything which isn't on an offline device which is in my hands or device-side encypted then put online (but to a lesser extent). And I'm afraid nothing is ever going to be able to fix that feeling anymore, it just seems to late for that, and I feel like people who do feel secure lost touch with reality somewhat.
On devices I trust less, like my android phone, I feel better than default (but not perfectly comfortable) about open source encryption software and the stuff stored there.
Still shouldn't have to feel that way.
This also brings an important aspect of repairability, I've been paying for extended warranty and discount on battery replacement for years to an android manufacturer and when the time arrived(during lockdown) they wanted my device sent to the repair-center as there was no policy to send the parts to the consumer's place.
Although I don't believe for a moment that Apple is pro-repair now, I hope them sending parts directly to the consumer would be followed by android manufacturers as well.
Unless I missed something, I believe that you currently have the only top-level comment to mention victim blaming. There's one other, but it's dead, which means the HN "immune system" (as dang calls it) worked.
I don't like seeing "don't victim blame" taken as gospel. Blame isn't a simple binary thing. Every time a company is hacked we don't line up to defend their shoddy security practices even though they are a victim.
Resorting to “do not do X if you don’t want Y to happen” is a cop out and demonstrates a fundamental failure of technology doing what it says on the box.
Gah, what a sad, terrible world we have built.
Look, face it, actions have consequences.
My money is on nope, however.
When I have done this in the past, we did it the old fashioned way -- took the pics with a non-connected digital camera, printed the ones we liked, then kept the rest on an encrypted USB drive. Even this has the risk of leaking your photos to the cloud if your computer is set up for cloud backup.
It doesn't have to be "wrong" for it to be stupid, and trusting your private life to a device you literally do not own is. This isn't victim blaming, this is recognizing the fallacious logic that most people have when approaching this subject. Call it tech illiteracy if you want to be nice, but I'll just call it "dumb".
And unfortunately, a lot of people in society don't expect this type of intrusion by a company they trust. But they should. And I don't think you can blame Google for any of this.
Irrelevant
However, most people wouldn't knowingly leave nude images of their spouse on the car's back seat when getting the car serviced. In many ways this is similar.
Edit: For people who think I'm blaming the victim, I am not. I thought that was clear, since I blamed the thief/poster of the photos! This is in many ways similar to leaving photos in a car. That is not to say that the person with the phone is at fault, but that this also happens in many other cases. If this happened to me (which it has), I'd do something else instead of sending my phone for repair by an unknown person.
I love car analogies (who doesn't), I think this is more like your car being on fire and asking a firefighter to put it out, while hoping they won't find and share any documents they find in the back seat.
Granted, this may be the best reason I've heard yet for why removing the option to have an SD card is bad...
https://www.reveddit.com/v/legaladvice/comments/r632w5/sent_...
I had to send the computer across the country for corporate IT to wipe it before getting it serviced, for a battery replacement..
This is one of the big reasons why.
Apple repair nude will get you there
If your "friend" refuses to log out and re-reset it then the correct thing to do here is to report it to your homeowners insurance. Your friend basically stole your phone. Insurance should pay for it and then they can go after your friend to get their money back.
It is good fodder for a security discussion, though. The merits will have to be decided in a court of law.
There's a few things that make this pretty unlikely. Google doesn't triage or repair the phones themselves, they contract it out just like everyone else. And the people they contract it out to almost certainly have procedures in place which are meant to ensure that neither the devices themselves nor the data on them get out.
I'm not saying it's false, but I would definitely take it with a grain of salt.
That said, before you send any devices in for repair, you should wipe them to the best of your ability. Also, you should set a secure password (PIN, pattern, etc) - even if you set your device to not lock, you can encrypt/require password on startup, which would prevent the repairperson from seeing the photos much less posting them.
T-Mobile for example had a major device theft issue with their mailed in device place for the upgrade program they used to run. No surprise, the process was to unlock phone, turn of find my iphone and send in the phone WITHOUT TRACKING to this random low bidder.
This was early in program, you couldn't turn device in at store (I tried). So I filmed myself mailing the device, because without a tracking number on the pre-printed label and an unlocked phone - 100% for sure these were getting jacked along the way.
If you use a brain dead process like this, you have to be bulletproof every step (mail pickup, sort, deliver, warehouse workers handing $1K+ devices etc).
Of course, the phone was reported as never having been received. Tired of the runaround and with the video I had I simply said, fair enough, I will persue this legally and part of that is going to be asking how many complaints you've received like mine (phone reported not turned in). Bamm, 2 days later I had my money.
Thankfully they then let you turn in at a store and I think started sticking at least tracking numbers on things so they'd have SOME sense of what was supposed to be coming in.
I never said it wasn't possible. But getting the lynching party out is a bit premature. Just because someone says something on the Internet does not make it true. Bet y'all still think Trump is still gonna magically become president and kill the elite pedophile cannibal cabal, huh?
Never said the processes they have in place were perfect. But being smart enough to exploit a hole in the process, and dumb enough to then make illegal posts on social media with location and all - are kinda at odds with each other.
Until you can show me any evidence that this case is real - which, of course, you can't for the next ~years because the only place that evidence should show up is in court - you can take your "False." and stick it somewhere.
I think your impression of what phone repair places are like may not match reality. The industry is far more ad-hoc and margin chasing than the rows of immaculate benches staffed by well paid professionals in a brightly lit facility like they might show in a brochure.
[0] https://www.theverge.com/2021/6/7/22522560/apple-repair-mult...
Snowden and Manning smuggled out top secret information; it seems a bit much to assume that the low bidder on a phone repair contract has leak-proof security.
1. Use a password and encryption 2. If you can still turn on the device, wipe it before you send it off for an RMA. 3. If you can't access the device, login to your account online and remove access to it. You should do this even after you wipe it. 4. Save everything sensitive on removable storage medium by default.
Also the photos were in the google account so none of this advice would have mattered anyway aside from the advice #4 about not doing it, which is moot. They and many people probably auto backup all photos on the device to the google account. Not sure if there is a way to distinguish which photos are too sensitive for online backup with that service.