alt Hacker NewsApple has locked my Apple ID, and I have no recourse. A plea for help
Comments
To paraphrase an old saying: Live by Big Tech, die by Big Tech.
After nearly 30 years as a loyal customer
I've heard others say this (and was a "loyal advocate" of Windows for around 2 decades myself), but the reality is they simply do not care. You are merely a single user out of several billion.
Many of the reps I’ve spoken to have suggested strange things
That almost sounds like some sort of AI, not a human. But if I were in your situation I'd be inclined to print out that response as evidence, and then actually go there physically to see what happens.
The untapped answer is litigation. Call a lawyer and file against Apple. It may take several business days, and cost $$$$ but it will absolutely light a fire at Apple and get the attention of many-a-human. And if they ignore it, well, maybe a class action lawsuit awaits.
> I am not a casual user. I have literally written the book on Apple development (taking over the Learning Cocoa with Objective-C series, which Apple themselves used to write, for O’Reilly Media, and then 20+ books following that). I help run the longest-running Apple developer event not run by Apple themselves, /dev/world. I have effectively been an evangelist for this company’s technology for my entire professional life. We had an app on the App Store on Day 1 in every sense of the world.
I am surprised that with such a pedigree, the author doesn't already have contacts at Apple they could reach out to for that personal touch.
This is one of the worst stories I’ve seen yet. It sounds like they were “all in” on Apple with zero backups, which shows some questionable judgment, but still, this sort of thing shouldn’t be possible any more than a bank deciding to take all your money with no recourse. (They can close your account, but they can’t keep your money.) Maybe hosts should be required to mail you a hard drive with your data on it when they close your account. Regardless, never assume cloud data is in safe hands.
I back up regularly using Google Takeout and similar tools, but I don’t think it’s fair to shame this author . Even if you have backups , your recent and essential content and credentials will be locked out . 1% of your content is the most important
We all depend heavily on cloud storage and sso . Everything works fine until you are locked out .
And using them isn’t fully voluntary. They are necessary for collaboration . You end up using what your team uses .
You can try to be that “own cloud” snob but it only works if you live in a basement
Every normal person has content in Google , iCloud , OneDrive , Dropbox and maybe more. That’s 4+ single points of failure
You’re just not imaginative enough if you think you’re safe .
OPs only recourse is an insider or a lawyer
My 2 cents:
There was a time when I accidentally deleted some photos of which I had only one copy. I blamed myself for being stupid not having a copy but also money was tight for additional drives.
Then there is this: depending on a service provider and then blaming them for something like this. The problem is that now you are losing trust in service providers (of which there should be little to begin with) and on top of that you are also blaming yourself for depending on them. However you have to create a trust model where your fault allows you to have a service helping you with it while a fault at the service provider will allow you to restore data from your end too, getting the best of both worlds.
MacOS and Windows / Google with always logged in systems that lock you out completely at their will is an example of how your devices are not owned by you to begin with and then trusting them with your data as well means your digital life is basically owned by them completely.
Now imagine that there are no humans to solve this but endless LLM bots that respond with generic responses because the LLM has never seen a problem like this. I want to point out that owning your data and hardware is really important if you depend on it and your business especially does.
Here is how the gift card scam works (in Australia)
[Quote]
Yes they do still get activated at the checkout. But when you go to redeem, the code is missing the last digit or two so it doesn't work. People take the unactivated gift card, tamper with it to get inside carefully so it's not detectable, scratch and get the code, remove the last digit or two, replace the scratch off layer, put the unactivated gift card back on the shelf. Then after you activate the gift card at the checkout, they redeem it.
[/Quote]
From this discussion
Since your money is gone, I would file a complaint here:
ACCC (Australian Competition and Consumer Commission): The primary enforcer of gift card laws, ensuring businesses comply with the three-year minimum expiry, clear terms, and fair practices.
I don't get the mostly black/white "Self-host" vs. "Mega-Corp" discussions as there is a middle ground: smaller managed service providers (even: per-service).
You don't have to self-host everything in your basement, and you don't have to hand your entire digital life to Google or Apple either. Mail, CalDAV/CardDAV, Immich, Nextcloud, OpenCloud, OpenTalk, web hosting, Kubernetes, simple VMs.. whatever ... fully managed, run by local or independent providers or by the company behind projects, without Big Tech lock-in. If chosen wisely, you can migrate, take over, or bring it in-house when you want. Just spend a few bucks and do some company research. Same as you would when choosing craftsmen, lawyers or something else.
For example, that's actually how we operate as a company for some of our customers and even a few single persons: we provide SaaS AND setup documentation. Customers can transparently take over at any time. We even help separate domains, credentials, and administration from us. Convenience without captivity. I am sure there are hundreds of shops like ours, providing comparable services for people in their wider neighborhood.
1. This is a total nightmare, the author has my deepest sympathy.
2. Last time there was a post where this happened to someone, I looked into what you can do if you're locked out of your Apple ID or Google Account.
I know people will say "just self host", but all of the self-hosting solutions are not friendly to families or non-tech people. Telling my extended family to tailscale into my server to look at family photos from vacation is a total non-starter. All of the self-hosted solutions are also just way less smooth to use than the built-in integration iCloud or Google Drive gives with devices.
That said, there are straightforward options to deal with this (at least the data part), if you plan ahead. The high level strategy is to setup backups that let you get _a copy_ of your data not tied to any login you don't control. It's a bummer to have to go through these hoops, but again pragmatically, I'm stuck using these services to participate in modern life.
For Google Drive, you can rclone your data to a computer of your choice to get a copy of your data not tied to Google Account. It will even convert G-Suite files to Microsoft Office format, so you have a copy of the data offline.
For Google Photos, I'm not aware of a great way to get the data - rclone only gets low quality copies of photos. I'm an Apple user, so I didn't dive too deep here, perhaps the HN hivemind knows.
For iCloud and Apple Photos, you have a lot of options. You can use Parachute backup or the PhotoSync App to get a copy of your data not tied to your Apple ID. If you have a mac, you can also setup your mac to download everything offline, and do time machine backups - they are not tied to your Apple ID.
I will also add Synology NASes have a super, super easy to setup way to do all of this stuff (HyperBackup plus Synology Photos app) that's borderline worth the cost of admission on it's own, even with Synology's recent turn to the dark side. If you have non-technical family, you should strongly consider pointing them in this direction, if you can use a smartphone you can probably get this working.
I'm not the biggest advocate of the EU DMA, but account and device access is one item we should actually be regulating very heavily, where potential penalties for (suspected) abuse or incompliance must be much more granular than full-on account bans.
It's hard to believe EU governments are actually considering mandating iOS and Android as gateways to access government services. It's a level of ignorance that's unfathomable.
This story is also exactly why I invest precious time running a Linux machine in the basement that rclones my cloud drives locally, as well as having full local copies of my webmail contents.
Wow. This is a cautionary tale. I don't think I'd be as devastated as this poor chap, but as it grew I realize I've allowed my iCloud photo library to become a single copy.
How are people handling this these days? If i wanted to ensure a full backup of everything on my iCloud to a NAS, what's the best way these days? Seems like they make it difficult by design..
I treat apple ID and google ID like throwaway accounts. I would never trust anything valuable to either. The problem is that it is very hard for "usual people" to do that.
I will also never have an electronic ID. We (Switzerland) were dumb enough to vote yes for it but we are giving away our freedoms eventually.
We need regulations to ensure vendor cannot lock in users and cannot threaten them. Everything should work like if you have your own domain and use email. If your provider go nuts, move your hosting and change your MX and point your local copy to it.
This should not be reserved to some nerd like me, it should be an universal right.
It is already late, but it can be reversed. We need for more sotires like this one to errupt, so people understand.
Send this in an e-mail to [email protected]. He has a team that reads for stuff like this and can magically fix issues.
I've had to do it before, also for a gift-card-related problem (different from yours), and I was contacted by a member of the Apple executive escalations team a couple days later.
This just makes me extremely concerned for the iCloud transition I’ve been making. It shouldn’t be this easy to perform a user-disruptive action from the support/ops side. I would think they’d have visibility to some sort of “reputation” metric, given the age/purchase history etc even if anonymized.
I can understand this happening if it was a freshly created account topped up with a sus gift card but it’s unacceptable that the first action is to completely block an account with history.
Even more concerning is the nonchalant support response to “go create a new one” with emojis. C’mon Apple — this is just a terrible way to respond to this situation.
You may want to consider filling a small claims lawsuit against Apple for the maximum amount of damages your state permits in small claims.
It's not really about winning the claim. It's about getting them to acknowledge you and hopefully resolve it before the court case comes up. That is, you want them to "settle" by restoring your account.
IANAL and YMMV.
If I were the person at Apple in charge of this kind of matter, I would ignore this case, just as I do for other regular people. Everyone should be equally not cared for by Apple. That's how Apple sucks in a way I can accept myself still using their product.
Dustin Curtis wrote about a similar incident at https://dcurt.is/apple-card-can-disable-your-icloud-account
Slightly different issue involving the Apple credit card, but it’s just as insane that there’s no separation between the different parts of Apple.
For that reason I will never have an Apple Card, and I guess I won’t be redeeming Apple gift cards with my Apple ID.
Last time I had this problem, I got it fixed after applying for and accepting a job at Apple.
This is horrible and a big reason why I refuse to go “all in” on Apple, Google, or Microsoft (among other reasons). Apple is the one I’m closest to given my hardware, though.
Given how invested you are in the Apple ecosystem I can’t fathom why you would go get an Apple Gift Card from a store to do this kind of transaction, though. It wouldn’t even cross my mind to do it that way.
This seems to happen quite often. Not just with Apple, but also with Google. In spite of this obviously insane behaviour, EU governments want to rely on Apple and Google for smartphone-based electronic government IDs.
Same experience with Google. I was setting up SSO for a new web application and set off some AI flag on a sub domain for our company website. For 2 weeks every visitor saw a warning that out site was a phishing scam. Nightmare. With no recourse. No number to call. No person to talk to. No actual explanation of the error (I still don't know exactly what I got wrong). I just took it down, waited, and prayed.
Apple clearly has a problem. In recent months there have been a number of reports online of people getting locked out of their Apple ID/iCloud, the appeal getting denied, and Apple refusing to disclose why or reverse it. Generally those reports don’t relate to gift cards or developer accounts.
My grandfather’s Apple account was blacklisted too but I was less sympathetic to him because he genuinely sends spam email from his personal account (it’s politically motivated).
One day he was bricked from his accounts because he ran afoul of Apple’s ToS. The problem then was I couldn’t feel sure that he hadn’t actually done something which a reasonable person would say should result in account closure.
Paris’s case is much more strange, because it feels more likely to be a false-positive.
There is no legal right to have an account with Apple or Google, and I’m not sure I want there to be. But so much of our lives are built on these services and these stories erode our trust that the services themselves can handle the responsibility of adjudicating acceptable use. We need our digital accounts to be robust in the very long-term, even when there are bad actors who want to do all manner of bad things. And we need to feel confident that a properly empowered human reviewed the case and can articulate the reasons for a ban. When we charge a person with a crime, we tell them what the crime was and give them due process to fight it. I’m not sure I want the courts to decide these questions but we need some more due process when it comes to account termination.
It sounds like the gift card # is included as part of a police investigation (as you already know scams often use gift cards as payment) - which would explain Apple's inability to help you or provide information (because they would be required by the state not to.)
You should approach a lawyer to petition Apple and the Tasmanian police on your behalf.
There have been so many cases of Apple, Google, etc. doing this that it's hard to have any sympathy for them at this point. If it was some grandma who didn't know better that would be another story, but the author was surely aware
- that Apple *can* always *just* disable their account
- that Apple regularly *does* do that
- that Apple does not care about them at all
We need more stories like this hitting the mainstream news until even a non-technical person's reaction to this is "well, what did you expect?"
Out of curiosity, why did you buy and redeem such a large gift card instead of paying directly? And was this a form of payment that was unusual in light of your account history?
Take it to your state or territory tribunal ASAP. You might be able to take it to the courts and get temporary injunctive relief.
I wish people would understand how common this is. There's no customer service line you can call when some overseas moderation farm worker spends 0.8 seconds looking at something and taps the hotkey for one of the reasons in their terms of service that they deem an account should be permanently wiped for. Have some recourse. Buy a NAS that will do automatic backups of all your cloud accounts. Long ago I lost a decade of Gmail and GDrive because I posted a PNG file of a credit‑card form that said "This post only viewable with Google+ Gold." You need to be treating these accounts as ephemeral.
There is part of me that sort of wishes this would happen to me. I wonder if getting locked out of my cloud identities + bricking all my devices would actually be a great blessing in disguise from the Machine?
This sucks Paris. What hope does the normal joe have to get a fair shake if you can't even get this resolved? The layers of click through contracts, opaque terms, LLM customer service, un-empowered customer service, and arbitration agreements make this a crazy relationship we get into with big tech. If we have a problem like this, we should be able to talk to a person at the company that can resolve this right without threatening a lawsuit. It's nuts.
I'm curious about the apple's passwords app. Where you able to use it? What about passkeys?
I imagine that every "should have known better" respondent on this thread has internalized their abuse.
Why in the world do we let tech companies adjudicate our service relations?
This happened to me really early on when my original Apple ID had an invalid format, as it was an ID made prior to the current version of Apple ID everyone uses, and Apple refused to port what I owned to the ID that I was forced to generate to sign into my newer device. My old ID had software no longer available in App Store, so this wasn’t just a matter of needing to repurchase apps- they were taking away my ability to use applications I bought from them. Since then, I’ve been incredibly wary of losing my Apple ID. I have a lot of respect for Apple, but I would bet that it’s easier to deal with ID related problems for someone with Q level clearance in the U.S. government or even a non-existent Men In Black ID problem than to resolve a problem with an Apple ID. They probably would tell the almighty to get a new ID.
if you pay for service you should receive some guarantees it is your money, it is crazy that there is no cool-off period where you get banned like this even by mistake or by Apple deciding they do not want to offer a service anymore and allow you to take out your stuff before fully shutting down.
This happened to me as well with a secondary iCloud account, and I still have no idea what triggered the ban. Apple support said they couldn't reverse it. The account was on an old iPhone, and after the ban, it became impossible to log out, rendering the device e-waste overnight. I at least didn't have any valuable data in icloud. But that experience prompted me to stop using Apple products or any other device that requires an online account to function. Fortunately, since recent AMD APUs are quite capable, I sold my MacBook M2 Max and have happily returned to using x86_64 Linux. No more Apple in my life, ever.
My son was just scammed out of $1000 using some gift card scam. Typically these gift cards cannot be revoked once issued and anyone using the gift cards (like the people who scammed my son) would be able to reap the rewards without any consequences. I’m hopeful that Apple has found a way to track fraudulent Apple Gift cards and are now locking people’s Apple ID who use them. I suspect there’s more to the story than is being shared. What’s the provenance of the original gift card? Could it have been obtained through some not 100% above board means?
I probably shouldn't be surprised, but… so, you are saying, Apple can remotely brick YOUR device? For any reason, let alone "because of a mistake"? Heh, and I was considering to buy my first iPhone. I mean, seriously, I can only shrug at the fact that anybody accepts these terms at all.
Big tech giants locking unsuspecting users out of their digital lives is nothing new. What would it take for our society to stop relying on these closed, walled gardens for critical stuff?
How many account lockouts must occur before we accept that digital life built on permission rather than ownership is inherently fragile?
I upvoted this for visibility but if you put your entire digital life in the hands of any of these tech companies and store all your shit in the cloud with no local backups, you are at least as blameworthy as they are. I’m less surprised that Apple would do this than I am that somebody who is clearly tech savvy could be this stupid about tech.
My partner was locked out by Apple last year during a password/device change gone awry. Two weeks and we finally got through to someone competent who fixed it. At one point it looked as though we would lose many of the videos of our son growing up.
Since then I have been removing myself from the ecosystem - my email is from hey, file sync on Dropbox, obsidian for notes, whatsapp for messages. Sometimes it doesn’t feel as joined up, mostly it is way better.
Moved to framework computers + omarchy last month and am not looking back.
Shouldn't these huge platform guys be mandated to offer data transfer-out service?
I've shared your post with a friend at Apple.
In the past people have emailed Tim Cook directly - his email id is fairly easy to find.
Edit: "I have escalated this through my many friends in WWDR and SRE at Apple, with no success."
This doesn't bode well.
I just want to point that buying gift cards in order to participate in gift-card arbitrage violates both apple rules and payment provider rules.
If you are buying large amounts of gift cards and then redeeming them, it is critical that your purchasing patterns do not look suspicious, such as buying more things that a normal user might need: multiple iphone wallets, multiple iPhones, or similar items.
I had this happen to me once while traveling, and then by random chance I ran into a former Apple Store employee at a hostel.
She told me to email Tim Cook directly (his email is entirely guessable).
I did this and within a day or two my access was restored.
"Many of the reps I’ve spoken to have suggested strange things, one of the strangest was telling me that I could physically go to Apple’s Australian HQ at Level 3, 20 Martin Place, Sydney, and plead my case."
This does not seem strange to me and could be a course of action. When I moved my domains off Google because of this type of "banned without recourse" possibility, I found a registrar that had a physical address, small office, and people listed on the company website (porkbun) so in the worse case I could fly to the office and straighten things out.
No mention of even going to an Apple store. Maybe the nearest one is very far away from him?
Remember, companies get away with these over the top behaviours cause it costs them nothing to have one less customer.
If this situation somehow escalates until they have to take action, they will already have made so much money that is not a blip.
They don’t care. You as an individual customer means absolutely nothing.
It's just insane that a gift card redemption can trigger this. What's the rationale? It would make more sense if they just locked the person out of redeeming gift cards or something, not the entire account.
But reading horror stories like this is is why I only use the very bare minimum of any of these cloud services. Keep local copies of everything. For developer accounts, I always create them under a separate email so they're not tied to my personal. At least it can minimize the damage somewhat.
It sucks that I have to take all these extra precautions though. It's definitely made me develop a do not trust any big corp mindset.