Scripting News for 1/1/2008

It’s a security issue, folks 

In 1980, I signed a deal with a company to market a product I was developing. The contract required me to turn over the source code, which I did. One day I went to a meeting at the office of the company, and there on the product manager’s desk, next to a door that opened to the outside, was a floppy labeled “Dave Winer’s source code” in big letters.

If you own a Mac you may soon find out what that felt like.

It’s amazing to me that the tech blogosphere doesn’t treat Apple’s policy re broken hard disks as the huge gaping security hole that it is.

Think about it. We worry about bad people getting their hands on little pieces of data that, when added together, give them the power to be us in banking and credit transactions.

Think about what you would do if your laptop was stolen.

Well, if you own a Mac and its hard disk goes bad, and you make the mistake of bringing it to Apple for service, you will turn over all that data to Apple. Not “may” or “might” but “will.” What Apple in turn does with that data is none of your affair. They don’t sign anything or offer any guarantees that they won’t sell the disk to a data miner. Think it can’t happen or that it’s unlikely? I don’t gain much comfort from your feeling of security.

I’ve been writing about this issue since December 22. Usually when I write something critical of Apple, the results are mixed. Some people are supportive, but far more people attack. This time the ratio is very different. Almost everyone who has commented gets that there’s a huge problem here.

Some say that other vendors do this too. That gives me less comfort, not more. That means there’s no escaping this crazy way of treating user’s confidentiality. Ultimately it hurts the vendors because people can’t use their computers for things the manufacturers say we can.

Further, it’s got to be an issue for the banks, brokerage firms, credit agencies. If you are a newspaper and you employ reporters and they use a computer, how exactly are you guarding the confidentiality of your sources? If you’re a confidential source, don’t you have an interest when the reporter gives their computer manufacturer all their data to do with as they please?

Imagine what you would do if it turned out there was a bug in a Netgear or Linksys router that allowed, under special circumstances, a mailicous person to gain access to the full content of your hard disk at any time. Would you have a problem with that?

This is worse than Microsoft’s neglect of malware that got me to stop using their computers. In that case it was Microsoft being neglegent. This time Apple itself is the source of the problem. It’s as if they planted a virus in their operating system that entitled them, under special circumstances, completely out of your control, to gain access to everything on your disk, with as much time as they want, with no way for you to prevent or even detect the intrusion.

See also: My letter to Steve Jobs.

Re yesterday’s post, Apple does not have a store in Shanghai. I assume the customer is sincere, he thought he was at an Apple-owned store. Here’s a picture of the place he probably went to. BTW, I’m 100-percent sure that the store in Emeryville is owned by Apple. You can find it on Apple’s store website.

Cole: “Apple sent me my new hard drive and instructions stating that I had to send the old one back within 10 days to avoid being charged $250.”

Chuck Shotton says that Apple used to return failed drives with sensitive data for an additional cost.

One response to this post.

  1. Posted by Diego on January 1, 2008 at 2:23 pm

    I agree and sympathise with your situation. They should not take your drive. It’s yours, plain and simple. Although, didn’t you did say you signed a form handing over the drive to them? Although at the time this was not pointed out to you? They should tell people, in plain English, well before they sign what the implications of signing the form are.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: