Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the 'Some random thoughts on this...' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Some random thoughts on this...
Authored by: babbage on Aug 11, '06 11:07:52AM

The advice in this hint isn't bad, but it's more than a little paranoid, and it seems to overlook the fact that if someone else has physical access to your machine, they can more or less do anything they want with it -- mount in firewire target mode and browse the full filesystem, put the hard drive in another computer and browse it that way, etc. A lot of these steps are a lot of work that won't really get you around that problem.

That said, I wouldn't worry about it too much. The people doing these repairs are extremely busy, and generally won't have time (or interest) in poking around on your hard drive in the first place, unless they're trying to reproduce a problem. It's a bit like having to get undressed for the doctor at a physical exam -- it isn't a sexual thing for the doctor, they've seen it all before and are not really interested in you, they're just quickly checking for problems before moving on to the next patient.

Here's what I'd suggest instead:

  1. Always do a full backup before having anyone work on your computer. Even if the original symptoms don't suggest it'll be necessary, the technicians may decide the best solution is to erase or replace the hard drive, and you cannot depend on them contacting you before taking this step. Remember: their goal is to get through as many repairs per day as possible, and to get each repair turned around as quickly as possible. They are not going to be interested in playing phone tag with you to get an admin password when it would more expedient to just reset the password or wipe the hard drive, especially when you signed a form up front stating that the repair technicians are not responsible for data on the computer.
  2. Since you've already got a backup, if you're paranoid about people poking around, just erase the drive before the repair. That way there's no personal data to eavesdrop on. Better still, since many problems turn out to be software, you may find that an erase & install solves the issue you were having. And if it doesn't, you can use that as a data point in discussing the issue with technicians: "I'm seeing behavior X with my computer, and it keeps happening after I erased the hard drive, so I don't think it's software."
  3. If you're not paranoid about eavesdropping -- and again, I wouldn't be, these people are generally way too busy for that -- then a reasonable compromise between erasing the drive and doing nothing at all is to set up a test account with administrative priviliges, and provide the username & password for that account with the repair. This again gives you a data point to provide the technicians: "I'm seeing behavior X with my computer, and it keeps happening under a new, empty user account, so I don't think it's a user settings issue." (Just remember that this doesn't eliminate the need to do a backup first: it just saves you the hassle of erasing first, and may eliminate the hassle of having to restore things afterwards.)
  4. If you're not at all paranoid about eavesdropping -- and again, this probably isn't unreasonable most of the time, but know that you're taking a chance -- then just send the computer as is, along with your admin password. This has the benefit of being the least hassle, but again it doesn't eliminate the need to do a backup, and it does have the risk of someone snooping. I just happen to feel that risk is low. Nonzero, but low.
  5. If you're very paranoid about your data, and you have a backup, and you want a quick way to lock everything up that is likely to be robust against someone with physical access to the computer, consider turning on FileVault and turning off auto login. This would eliminate the need for most other steps -- clearing out Safari history, etc -- since your whole home directory becomes one encrypted disk image. To allow the technicians to do the repair, set up a second admin account for them to use. As long as they don't have your admin password, they will not be able to unlock the contents of your home directory. Just be aware that if they have to erase or replace the drive, you're going to have to restore from backup, but again that's true with every other option here.

As for the specific suggestions given, some thoughts:

  • Putting a sticker saying "call xxx-xxx-xxxx" instead of providing a password up front is clever, but probably futile. Again, these people don't have time to play phone tag with you, so if they can't get through to you on the first call, they'll probably just give up & erase the drive instead. Remember, these people are very busy and the repair facility may be an around-the-clock operation; a technician working on your machine at 3am probably won't feel it's appropriate to give you a call, and you probably don't want anyone calling you then anyway. Again, it's better to create a secondary admin account for them to use -- username & password both "test" or "apple" or something obvious like that.
  • Deauthorizing iTunes is excellent advice, and often forgotten.
  • Most of the application-specific advice -- turn off .Mac sync, delete keychains, wipe web browser settings, wipe Mail, etc -- become moot if you use FileVault.
  • Setting a firmware password is the ultimate in paranoia. There's good reasons to do this -- say, you don't want info on your laptop falling in to the wrong hands if stolen from the airport or coffee shop, etc -- but preventing technicians from doing their job probably isn't one of those good reasons. Again, it's like being paranoid about the doctor seeing you naked -- get over it, that isn't interesting to someone in that role. Either turn off the firmware password, or provide the password to the technician that's taking the repair notes. Don't think that setting such a password wil protect you -- there are easy ways to get around it if you have access to the machine, such as changing the RAM configuration (pull out a DIMM and the password restriction goes away) -- it just slows things down for the (generally honest) person that's trying to help you with your broken computer.
  • Installing antitheft software isn't a bad idea, but be aware that it's easy to circumvent, not least by just erasing the hard drive. If you're worried about this, something like Lojack for laptops might make more sense, but better still would just be to make a backup, make sure your serial number & machine configuration is documented at home, and contact your insurance company about a claim if it turns out the computer has been stolen. In all liklihood, if the computer is lost or stolen while in the possession of a repair facility, they will take responsiblity for providing your with a replacement for it, whether or not the legal release form you signed says they will do so or not. (Taking care of the customer in such a situation is just good business sense, so usually they'll do what they can to help you here, as long as you cooperate with their efforts to help you.)
  • On some computers it's easy to remove the hard drive before the repair. Don't be tempted by this. If the repair facility receives a computer that is missing major components, they won't be able to properly reproduce the symptoms & isolate the cause, and can either refuse the repair, or requote it at a much more expensive rate. Even if the problem is "obviously" not related to the hard drive or the data on it -- say, the computer isn't turning on at all, or none of the I/O ports work and the behavior is the same while booted from an external hard drive -- the repair facility will need to verify the symptoms on the whole system prior to the repair (to elliminate the possibility that the missing hard drive is causing the problem), and will need to verify that the symptoms are resolved after the repair is done (which won't be possible if you can't boot to a state where the system is working normally.) Again, if you cannot allow any risk of the data being eavesdropped, then you're better off erasing the drive before the repair.

Above all, keep in mind that these people are trying to help you, and if you make it difficult for them to do their job, either by being antagonistic about the data or the passwords or what have you, you're mainly just making it slower and harder for them to help you. Paranoia has a place, but keep things in perspective -- the main thing you want is to get back a working computer as quickly as possible, and the main thing the technicians want is to finish your repair as quickly as possible so that they can move on to the next customer.

(By the way, I've written all of this in an abstract way, as it should mostly all apply regardless of who you're having work on your computer -- Apple, CompUSA, Geek Squad, the independent shop in your town, whatever.)



[ Reply to This | # ]