Bad hard drive? Don’t let Apple take your data!

Filed under Apple
Tagged as , ,

A very sad mac for security reasons

So the hard drive on my wife’s one year old MacBook has officially started to kick the bucket. Random crashes, slow performance and lots of errors like this in the system log:

disk0s2: 0xe0030005 (UNDEFINED).

Yup, we have bad blocks..all indicating imminent drive “FAIL”. I have AppleCare on the MacBook so I call them up and explained the situation. Surprisingly, they didn’t give me a hard time. In the past I have had problems with other computer manufacturers (ummm…Dell) in which I would have to argue with the guy/gal on the other end of the phone that the drive was “really bad” and I didn’t need to spend hours on the phone with them troubleshooting. So far so good with Apple right?

So I am finishing up the call and the tech is explaining how Apple will ship me a box to send the MacBook back to them for repair. Apparently, they don’t do self service hard drive swaps anymore. Weird since it’s easy to replace a hard drive on a MacBook. Anyway, the rest of the conversation went something like this…

Apple guy: “Sir, do you have a password set on your MacBook”?
Me: “Yes. Why do you need that?”
Apple guy: “The tech’s need it to replace your hard drive”
Me: “Huh? Why do you need my password to replace a bad hard drive? Just pull the old drive out and put the new one in.”
Apple guy: “Sorry sir. That’s the procedure.”
Me: “What if I don’t give you the password?”
Apple guy: “Then we can’t repair your laptop”
Me: “grrrr…fine…here is my password..ready? a-p-p-l-e-s-e-c-u-r-i-t-y-F-A-I-L”
Apple guy: “Thank you sir. You will have your shipment box in 24 hours.”

So for every bad hard drive that comes into the Apple repair center they log in to verify that the drive is bad? What do they do with all the drives like mine that are still functional but have bad blocks? Can Apple guarantee that there are no shady people working in the repair center wanting to steal my personal information? What happens to the data? The sad mac fact (note the “sad mac” picture above) is that no one knows!

I did some research on this and apparently Apple doesn’t care too much about your personal data. Dave Winer wrote about this extensively and notes the same problem. The Apple repair “terms and conditions” only states that your information is protected in accordance with the “Apple Customer Privacy Policy” and that you agree that Apple can use your data to perform the “service obligations”. Interesting to also note that on the Apple privacy web site under the AppleCare Repair Agreement it also states the following:

“You agree and understand that it is necessary for Apple to collect, process and use your data in order to perform the service and support obligations under the Plan. This may include the necessity to transfer your data to affiliated companies or service providers located in Europe, India, Japan, Canada, People’s Republic of China or the U.S.

Huh? People’s Republic of China? That’s nice. I couldn’t find any reference noting what Apple does with your personal “hard drive” data. They only mention your name, address, things you purchased, etc…

So what am I going to do about this? I’m going to completely wipe the drive (Darik’s Boot And Nuke is my favorite disk destruction utility) before sending it back to Apple just to see what happens. I have my doubts that they will actually log in to the MacBook to see if the drive is bad. Let’s see if I get the drive replaced or not…I’m betting it will be replaced, no problem.

Sure, Apple is not the only company doing this with hard drives. This is a problem that needs to be addressed by all computer vendors. What they do with your data should at least be disclosed in their repair and/or privacy policy (at a minimum). In the meantime, encrypt your sensitive data (TrueCrypt works well) and securely remove any data you don’t want people servicing your computer to see. I’ll keep you updated on the repair status… :-)

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • Digg
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

12 Comments

  1. CG says:

    that sucks. I have a dead ibook G4 in the basement, they arent so easy to replace the hard drive on.

    Anyway, with all that I’d just replace the drive myself and not have to worry where my data goes.

  2. Jane says:

    Hmm, they asked me the same question with my g3 iBook (a long, long time ago…and the model was known for the ridiculously faulty logic boards that needed replacement). I convinced the genius my problem (the faulty logic board) was irrelevant to anything on my drive. He just left the password field blank on the repair order and everything went fine. Of course this was all like..5 years ago? Times have changed.

    Anyway, the main part of my comment is that the hard drive is a user-serviceable part on the MacBook involving the removal of the battery and a couple of screws. Was there no possibility of going to the manufacturer for a warranty replacement?

    Lastly, the last time I went to the apple store, I wanted a battery replacement because my MacBook’s battery was failing. The genius was actually starting to get pissed off and explicitly made a point of telling me that I seemed to care a LOT about security because of how many times he had to flip my laptop around so I could type in a password to unlock this or that so he could check things in the space of half an hour. When he wasn’t complaining about that, we were talking about OS X development tools and why I liked objective-c. He was a very curious genius, seemed to know a lot, probably way underpaid and abused compared to the other jobs he could probably get with that kind of knowledge/experience.

    (and on a very tiny sidenote, if Apple’s policy on the data on hard drives seems lacking, what about all those times geek squad/best buy techs have been stealing porn from customers’ computers? hah.)

  3. Zach says:

    You’re certainly not alone in your experience and subsequent frustration. Oliver Day went through this as well and has a brief write-up:

    http://blogs.law.harvard.ed

  4. Most computer companies do they same thing. IBM/Lenova ask for passwords as well as do Dell. Thats why whenever I send my laptop in to get repaired, I remove the hard drive before I send it in. Of course, in this case, you kinda have to. :)

  5. Tom says:

    @CG yep…I had to replace a HDD on a iBook G4 and it was a pain in the ass. Good thing Apple is making it more easier to do it on your own. Since I have AppleCare, I pretty much paid for a new drive anyway…I’ll let them do it. :-)

    @Jane Yeah, I would have gone that route but I purchased AppleCare so I didn’t want to void the extended warranty that AppleCare provides.

    @Zach Thanks for the link. Glad I’m not alone!

    Quick update…I received an email from Apple tonight that they have received the MacBook and the repair status page shows "completed"…so far no problems with the wiped drive.

  6. Tom says:

    Well, we got the MacBook back from Apple. They swapped the drive out…no questions asked! They did load Tiger (10.4) back on it as well. Blasting the drive before sending it back to Apple worked…they either never booted the MacBook up or didn’t care if the drive couldn’t be read.

  7. Dave says:

    It looks like Apple is waffling again. They once had a DIY page that listed the memory, battery, and drive as user-replaceable items. One can still download the DIY instructions for r/r the drive (manuals.info.apple.com/en/MacBook_13inch_HardDrive_DIY.pdf) I had a drive fail during the ‘bad head’ era, and had to point out that this was a DIY part, after which they caved-in and sent the part. I then was able to ensure that the bad drive was REALLY unserviceable before sending it back. They are certainly not the Apple of a decade ago.

  8. jason says:

    If its user serviceable I think I’d bite and buy my own replacement.

    But in my macbook I use filevaule.. I suppose I could just create a new user, give them the password for that one and delete my filevault user. Should protect enough.

  9. mriner says:

    I am planning on sending my macbook pro in for replacement of the logic board (linear vertical line on screen top to bottom, one to two pixels wide), and my question is, is it sufficient to just turn on file-valut to encrypt my user file in order to protect my data? Will apple need the password for file-vault? Will they need my master password (which of course enables them to get into my encrypted user folder anyway)?

  10. Tom says:

    You could turn on file-vault…however, Apple may still wipe your hard drive (they note this in the repair agreement…even with a screen replacement. I suggest you not give your master password to apple and ensure you backup and remove any sensitive data from your Macbook before sending to Apple for repair.

  11. Robo says:

    The genus will always take the computer in the back away from the ‘noise’ of the shop so they can listen. They come back after a 15 minute ‘listen’ giving you a diagnosis.
    I had to once wrestle with a powerbook because I wanted to erase the hard drive before giving it in. I so don’t trust anything Apple do. At the moment the biggest financial gain apple make is through their hard and soft ware. For now. The biggest earner for them in the future is going to be personal information, selling it to governments when the national databases are compiled.

    You cannot be anonymous with apple, they make it impossible at every turn.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*