Genius! Apple Bribes Woman over Naked Pic Theft

Apple is under fire for its hypocrisy in promising privacy, while also authorizing repair technicians who allegedly stole naked pictures and video from a woman’s iPhone. To make matters worse, court filings also allege they took control of her Facebook account and posted the sensitive media to her wall for all her friends to see.

And also for its hypocrisy preventing unauthorized right to repair: Apple does this on the spurious basis that it improves customers’ privacy. Which, of course, does no such thing—self evidently.

And Apple tried to bury the story, by bribing the victim in a secret settlement under NDA, according to the court filings. How hypocritical is that? In today’s SB Blogwatch, we count the ways.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Linkin P!nk.

Three Times a Hypocrite

In some excellent investigative journalism, James Titcomb reports—“Apple pays millions to woman after explicit photos posted online”:

Negative media publicity
Technicians posted … private photos and video from her iPhone after she sent it to Apple for repair, according to legal documents. … The tech giant agreed a settlement with the 21-year-old after two employees at a repair facility uploaded the images from a phone she had sent to Apple to be fixed, resulting in “severe emotional distress.”

The unnamed victim, a university student in Oregon, sent her phone to Apple after it had stopped working. While it was being fixed, the two technicians posted “10 photos of her in various stages of undress and a sex video” [to] her Facebook account, in a way that suggested she had uploaded them herself.

Lawyers for the victim … had demanded $5m … had threatened to sue for invasion of privacy and infliction of emotional distress, and had warned of the “negative media publicity.” … The settlement included a confidentiality provision that prevented her from discussing the case.

Apple, as well as trade groups representing the company, have argued against “right to repair” laws … claiming that this would jeopardise safety or privacy. The company told a US committee in 2019 that its oversight of iPhone repairs ensures a “safe and reliable repair.”

How could this happen? Jon Fingas clarifies—“The techs were employed by a contractor, but it’s still a huge privacy lapse”:

Trust was clearly broken
Apple has made privacy a selling point for years, but that respect apparently didn’t extend to some contracted technicians. … Two iPhone repair techs at a Pegatron facility in Sacramento, California posted her explicit photos and a video online in 2016.

While the incident happened on Pegatron’s watch, Apple paid the settlement and received compensation from Pegatron. The breach only came to light during a fight between Pegatron and insurers that refused to cover the payment.

Apple reportedly conducted an “exhaustive” investigation that led to both the settlement and firing the two technicians. At the same time, it demanded confidentiality over concerns that publicity could lead to “substantial business harm.”

This isn’t the kind of revelation Apple wants given its privacy focus. … It suggests that the company’s protocols needed tightening. … Customers trust repair facilities to respect their privacy, and that trust was clearly broken.

But still, the buck stops with Apple, right? Matthew Hughes agrees, saying it pours cold water over Cupertino’s insistence that third-party fixes violate privacy”:

Egregious violation
This incident, which occurred at the facilities of an authorised contractor, has undercut that argument somewhat. It follows a similar incident in November 2019, where a Genius Bar employee texted himself an explicit image taken from an iPhone he was repairing. After the victim complained, the employee was fired.

In a statement … the iGiant said: “We take the privacy and security of our customers’ data extremely seriously and have a number of protocols in place to ensure data is protected throughout the repair process. When we learned of this egregious violation … we took immediate action and have since continued to strengthen our vendor protocols.”

What we need now is a neat précis. Kyle Wiens—@kwiens—has a good go:

Uploading your nudes
Apple: Only we are qualified to repair your iPhone. Independent repair will undermine our security model.

Also Apple: Our depot repair technicians are uploading your nudes to your facebook account.

Did “Jane Doe” do the right thing? kossTKR emphasizes they’re, like, not victim blaming, but:

It’s weird that people are so lax
I’ve experienced that repair shops ask “and your password and username is?”, many times when handing over my laptop — and I’m always like, “What, no I’m not giving you my password,” resulting in them looking surprised.

Who on earth gives their passwords? … I find it absurd to give away the keys to your bank, search history, personal notes, images, whatever — it’s beyond private and personal besides being economically dangerous and very bad job security wise.

Not blaming regular people though, but it’s weird that people are so lax about giving the keys to absolutely everything.

Are you sure you’re not victim blaming? In a bid to head off internet sociopaths, Throatwarbler Mangrove lays down the law:

Public humiliation
We don’t know the nature of the required repair, so it may not have been possible for the student to remove the intimate material. And in any case, the fact that she did not in no way implies that it was appropriate for repair shop staff to:
a) go rooting around on her hard drive, and
b) post the material to Facebook.

Furthermore, the fact that she has a Facebook account in no way makes her a lesser person deserving of scorn, ridicule, or public humiliation, no matter what … Apple fanbois and other assorted neckbeards … think.

Good luck with that. solipsism stops short of saying she’s stupid (but only just):

Those things tend to go hand in hand
If she was using a PIN on her device would you think that she’s the kind of person that would be able to perform a complex repair or be proactive enough to search out different options to fix her device? In my experience those things tend to go hand in hand.

My recommendation is always to back up the device and erase it—if you can—before giving it to any shop, regardless of how secure you think your passcode is.

But what the heck were those techs thinking? And with which parts of their anatomies? boleary-gl thinks the next step forward:

Posting it to her own Facebook
I wonder how many times this has happened and they didn’t find out about it. Posting it to her own Facebook made it pretty obvious.

Meanwhile, we’ve got Woodnag: [You’re fired—Ed.]

Don’t worry
Don’t worry, it won’t happen again because Apple said it will “continue to strengthen our vendor protocols,” which means … signs saying don’t do it, with bigger letters.

And Finally:

P!nk Park

Previously in And Finally


You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites … so you don’t have to. Hate mail may be directed to @RiCHi or [email protected]. Ask your doctor before reading. Your mileage may vary. E&OE. 30.

Image sauce: Steven Mnuchin (public domain)

Featured eBook
The Dangers of Open Source Software and Best Practices for Securing Code

The Dangers of Open Source Software and Best Practices for Securing Code

More and more organizations are incorporating open source software into their development pipelines. After all, embracing open source products such as operating systems, code libraries, software and applications can reduce costs, introduce additional flexibility and help to accelerate delivery. Yet, open source software can introduce additional concerns into the development process—namely, security. Sponsorships Available Unlike ... Read More
Security Boulevard

Richi Jennings

Richi Jennings is a foolish independent industry analyst, editor, and content strategist. A former developer and marketer, he’s also written or edited for Computerworld, Microsoft, Cisco, Micro Focus, HashiCorp, Ferris Research, Osterman Research, Orthogonal Thinking, Native Trust, Elgan Media, Petri, Cyren, Agari, Webroot, HP, HPE, NetApp on Forbes and CIO.com. Bizarrely, his ridiculous work has even won awards from the American Society of Business Publication Editors, ABM/Jesse H. Neal, and B2B Magazine.

richi has 400 posts and counting.See all posts by richi