> Lot of arrogant people here who think they are safe and better than anybody and blame OP.

You see this a lot in the Apple "community". Apple can _never_ do wrong. Apple can _never_ make a mistake. Apple's choices are _always_ the best choices.

I don't understand why people put corporations on pedestals.

Corporations play the role of gods in our society.

edit: about the same role as Greek or Roman gods.

Equal chance of them replying to your prayers and offerings

miracles happen

Source?

Because their TC is $400,000 and they need it to justify their Bay Area mortgage. Come on, folks, follow the money.

Commentators here presumably work in the industry, possibly even for 'the big companies' (I'd say FAANG but any big, life-depending, big-architecture corp, but you know what I mean, basically)

They should be tripping over themselves of "How can we fix our corporate incentives to actually deal with customer problems". Not "lol OP, sux"

Crazy how the industry with the biggest margins has the worst contempt for their customers

That’s part of where the margins come from.

Very true. And account integrity check pointing is stochastic and more aggressive so at any time there are people being locked out .

One of 20 of your services could lock you out tomorrow and that means you’re blocked from coworkers and family

The root issue/risk is from cascading service dependencies, and I'm 99% sure this is done unintentionally at Apple et al.

Team builds service. Service depends on first party identity/authentication because it's easier.

... Fast forward 20 years, and no one at platform company even understands the dependency graph from a customer perspective anymore. Especially in the case of rare events like account locks.

Consequently, those customers face a sudden Kafkaesque maze of edge cases that don't line up, as the customer service processes people are funneled through are literally incapable of solving the problem.

Which means the entire "normal" customer support apparatus is unavailable to them. (The same apparatus companies aggressive shove all support through)

This is why there should be regulatory requirements for identity platforms mandating the ability to speak to a human who's empowered to fix your issue + an option for customer-choice decision arbitration + continuous random sample audits with penalties for falling below KPIs (timeliness, correctness, etc).

It should literally be illegal for a company to have their banning system 'oops' and then pretend they don't know you.

Because it's only going to get worse as more AI / probably correct methods infuse account security functions.

Honestly it seems like nobody under this entire post has actually fully read the TOS for any Apple service.

I have once for iCloud... and the impression I got was that they must think close to 100% of the population on Earth are potential scoundrels for them to put in so many clauses and escape hatches.

I don’t think it’s possible to fully read any modern TOS from a bigco and not get an inkling of that.

The real issue is why are people signing up to TOS they haven’t fully read, and if they have… why are they signing up for something that directly spells out they are possible scoundrels who need to be dominated.

It’s like some kind of mass self humilitation ritual.

At Apple’s scale, the likelihood of someone pulling any weird or shady nonsense that can be imagined is not potential, it’s eventual.

Wasn’t them finally implementing competent (if overly annoying) iCloud MFA the result of this kind of thing, with social engineering/photo leaks from celebrities or something?

It takes a public scandal, and all.

Even so, on the record subordinating yourself to a superior entity by definition… must turn the end user into an inferior.

A direct, on the record, formal agreement to be an inferior.

And then people wonder why they get humilitated and mistreated in complex edge cases.

it's not just about cloud service dependency, or his loyalty to Apple, or things like that. for important data you _have_ to have backups, 3-2-1 rule and all that. the fact he put all the eggs in Apple's bucket is beyond me.

sure i am dependent to cloud services as much as he is, much to my own chagrin, but at least i have all my data backed up??

I’ve interpreted it as a sort of head-in-sand coping mechanism for those low-likelihood, high-consequence events people feel powerless over. It’s less distressing to be powerless if you decide that the real issue was a fault by the victim and not a powerlessness you have in common with the victim.

You’re right that nearly all responses are emotional , to maintain internal consistency. Even purchasing large gift cards is a common discounting approach when paying for cloud .

The sad news is when important people get locked out they can call dedicated support . This case was of someone who wasn’t celebrity enough to have that access

Oh I doubt it was his fault. I had something similar happen setting up a phone for a neighbor. Apple decided it was fraudulent after I added her address to the account. It was now dead with no recourse. At least I didn’t spend much on a used phone. Picked up an android and said it’s time to adapt.

I love your comment and I could not just upvote it because it is true with so many things. The technocracy/corpocracy is trying to sell you things that mnake you believe you can have power over everything, even your life. Anyone who "fails" at anything, it is all your fault. I have literally been told my mental illness, and my current homelessness, is my fault because I did not do the right thing. The power and control people think they have over their lives is a paper thin delusion.

Our shared powerlessness should bring us in communion with others, but the technocracy/corpocracy wants to rip that apart and make us dependent on them for profit.

Hoping housing happens—you deserve it.

Surprised at the downvotes to your excellent comment.

Good insight - that people dunk on the author as a cope to help the dunker feel less powerless

Meta-critical or self-critical comments on hackernews get downvoted . It’s about 1.5 ° above Reddit

It is possible to suggest preventative/corrective action without blaming OP. I find it kind of sad that you can't make helpful suggestions (to future potential victims) without someone saying you're "victim blaming."

you're right there's a fine line. I interpreted the tone of most as judgmental / critical.

saying "get a lawyer" or "file a complaint" is constructive. saying " it's your fault for not backing up" or "that's what you get by using cloud" is just judgmental. Neither are practical solutions, regardless. Even with perfect backups it would have happened. And for 99% of social people, it's impossible not to cloud.

Using a separate email address for each site is smart, but creating a separate email account for each site is going to be very tedious, and I imagine Google, Yahoo, etc are going to stop you very quickly after you've opened 20+ accounts with the same phone number.

(Use a catch-all to have different email addresses for different sites, because when one gets hacked, then the damage is limited.)

Using your own domain that you control for emails also comes with the advantage of easily moving providers, should there be any issues.

Hopefully, domain registrars are less prone to locking people out compared to Apple, given cause of the lockout is caused by Apple itself.

Reminds me of the time Namecheap stopped doing business with Russian accounts, even then they still gave some time for them to transfer their domains.

Only if you are not locked out of the registrar. Then your only hope is what nobody would squat your domain when it lapses.

Eg: Dynadot decided what my birthdate is a secure pin two years ago. No combination of it works and I'm not even sure if I'm not shadowbanned for the attempts.

Proton allows you to alias. But a lot of places prevent aliases, which is silly. I shouldn't have to give an email to demo your chatbot.

Then proton becomes your single point of failure.

"But I use my addresses on my own domain" ok your domain registrar, then.

https://sidebox.net is a nice way to do this as long as the site doesn't restrict to mainstream email domains

Google allows email suffices a la my account+anything@gmail.com.

So you can use different email addresses for different accounts while having only one Gmail account.

I tried this for a little while but quickly stopped as a critical mass of websites broke when I tried using it to sign in. Special characters in your email address is an edge case that produces inconsistent results even within a single product

YMMV, I think I only tried to sign up on 3 websites where it was not working. You can fallback to the original email address in those case.

The funniest part was that for one it work great for the signup part, but they used a third party tool for licences that broke because of my e-mail. For another, only the js code was verifying the e-mail, and I could push it by removing the validation. When the owner had to validate my account, they got a message that the e-mail was incorrect when they tried to submit the form. They called me and had a great discussion about web apps security. We had a good time.

I would point out that it kind of prevents you from checking if your email is in a leak database as you need to test each aliases you used.

Little trick: You can also randomly insert dots in your email address, a bit more stealth and compatible with more sites :)

This has worked for me for nearly 20 years (when I made the account I didn’t know that the dots are ignored). The only time it’s been a problem was with one company whose system stripped the dots out.

You need to send them an email to cancel. When I tried they said “you need to cancel from the same email you signed up with.” :/

This can become unmanageable if you sign up for more than a few things.

2^(username characters - 1) possibilities, but I would hate to try and keep track of which combinations I've used, or what binary sequence I'm up to.

I like using company initials & random numbers @ my domain .tld