[HN Gopher] Don't send your Google phone in for warranty repair/...
___________________________________________________________________
Don't send your Google phone in for warranty repair/replacement
Author : powera
Score : 128 points
Date : 2021-12-04 19:35 UTC (3 hours ago)
(HTM) web link (twitter.com)
(TXT) w3m dump (twitter.com)
| turbinerneiter wrote:
| They tell you to factory reset the phone before you send it in.
| adewinter wrote:
| She explains this very clearly:
| https://mobile.twitter.com/avantgame/status/1467242719273631...
| e40 wrote:
| She replied to someone saying this that the device wouldn't
| turn on. If that's true, how did they use her phone to break
| into her gmail?
| CryptoBanker wrote:
| She sent the phone in to be fixed. Obviously they fixed the
| phone?
| NavinF wrote:
| Right but after a reboot, all the data is encrypted until
| you enter your password
| hulitu wrote:
| Well, this should be common knowlwdge: don' t keep personal data
| on devices.
| nr2x wrote:
| I too remember using a rotary telephone.
| infotogivenm wrote:
| loll yea we'll all get right on that
| gao8a wrote:
| You don't use email on your phone?
| [deleted]
| jfrunyon wrote:
| Hmm. I wonder how this person got notifications even though their
| phone was offline to avoid being wiped. I also wonder why this
| person got notifications. Most services don't send you
| notifications just because you used a device which is already
| logged in.
|
| Complete and total duplicate of
| https://news.ycombinator.com/item?id=29404954 and again with
| absolutely no evidence even though there are apparently tons of
| evidence left by this person doing this with absolutely no
| cuation (security notifications left in trash etc).
| otterley wrote:
| Although I have no love for Google, claims like this that lack
| proof or evidence ought to be viewed with great skepticism.
| systemvoltage wrote:
| It's important to question the validity of it at the same time
| taking it seriously.
|
| I found odd that the victim is talking about class action
| lawsuit and accussing a man of "mansplaining" her (it could
| just have been a woman saying it). This is just toxic twitter
| behavior that takes innocuous comments from people and putting
| it in the bin of sexism, racism, or something that is
| accusatory in nature to gain a false sense of moral superiority
| over others.
| otterley wrote:
| I did notice some victim-blaming, which isn't right. But I do
| think that if you're going to accuse someone of serious
| malfeasance that might be a criminal act, a little more than
| a naked accusatory Tweet thread is needed.
| [deleted]
| giltron wrote:
| The exact comment was "Or maybe reset your phone before
| giving it to others (for any purpose)?"
|
| If my phone was account was hacked and someone said this to
| me directly, I would take it as a personal shot.
|
| Not sure why you are trying to detract of the alleged
| incident by trying to claim the victim is being "toxic".
| systemvoltage wrote:
| > "Or maybe reset your phone before giving it to others
| (for any purpose)?"
|
| Yeah that's not a nice thing to say as well. But I don't
| sense any sexist aspect in there. Personal shots can be
| ignored instead of adding more fuel to the fire.
|
| > Not sure why you are trying to detract of the alleged
| incident by trying to claim the victim is being "toxic".
|
| I don't think I was, just pointing out a couple of odd
| aspects of people going off on Twitter without proof. I did
| say we should take this seriously but also expect hard
| proof to back up their claims.
| giltron wrote:
| I believe tweets like this gets put on Twitter for
| several reasons:
|
| 1) Victim receives unsatisfactory response from Google
| (or no meaningful response from Google which I have
| personally experienced). They seek public attention to
| get Google to acknowledge the issue.
|
| ie. The victim followed the official steps for remotely
| wiping the phone (as it would not turn on) but appears
| that didn't work. https://mobile.twitter.com/avantgame/st
| atus/1467242719273631...
|
| 2) They are seeking public attention/support. They may be
| looking for others with similar experiences that might
| help.
|
| Helpful responses include steps they can take to protect
| themselves right now.
|
| 3) Smear Google - We can wait and see but I do not see an
| indication of this at this time.
| lvs wrote:
| If you follow the types of anecdotes posted on reddit of the
| trials and tribulations of Fi users seeking customer support
| for device replacement, empty phone shipments, etc., this
| report comes as absolutely no surprise. They are contracting
| out all these customer-facing services to the lowest bidder, in
| typical Google style.
| LorenPechtel wrote:
| But when you contract it out to the lowest bidder you get
| less careful background checking and less monitoring for
| abuse.
| otterley wrote:
| Sure, but that's not malfeasance or criminal trespass; that's
| just bad service.
| giltron wrote:
| The parent never said "criminal" charges against Google.
|
| Thats not just bad service. If the third party is an
| official agent of Google, then Google can be liable
| (monetary penalties). Now, proving that in practice is a
| question for the civil courts.
|
| Now, if I was looking for a new Android device and I saw
| all these reports, I would definitely think twice before
| purchasing a Google Pixel.
| jeroenhd wrote:
| I see no reason to doubt her story. When someone says
| "something bad happened to me" then "I don't think it did,
| prove it" is quite rude in my opinion.
|
| On the other hand, I also see no direct connection to Google.
| The victim also said in the comment chain:
|
| > also to be clear I have been on Google support and Pixel
| support dozens of time all week BEFORE the hack happened,
| asking them to investigate why my phone marked delivered by
| FedEx 'disappeared' at the warehouse. At any time someone could
| have offered me any security advice?!
|
| This could just as easily be a delivery driver or warehouse
| worker stealing the phone and putting fake info on the website.
| I don't think Google's workers would be dumb enough to do this
| to their customers' phones, my suspicion is that it went wrong
| somewhere in the supply chain.
|
| Either way, Google is responsible for their warranty and return
| policy. If the delivery driver stole her phone or if someone
| broke into the delivery warehouse, that's on Google picking bad
| logistics partners. If the repair company Google partners with
| is doing this, the problem is with Google. If someone over at
| Google itself is doing this than that's an even bigger problem.
|
| Either way, I hope the victim can get the help she needs and
| that Google finds the problem and prevents it from happening to
| anyone else. Not that I have high hopes for Google's support
| team taking this seriously...
| otterley wrote:
| To be clear, I'm not accusing the poster of being a liar. But
| remember that companies are made of people, and it's not fair
| to accuse them of doing something nefarious, or perhaps even
| criminal, without at least a modicum of evidence. Social
| media is a powerful tool for generating both influence and
| motivation; we are not well-served by stirring up angry mobs
| over naked accusations, especially over something that might
| even be a misunderstanding.
| Terry_Roll wrote:
| I dont have a phone because I have enough trouble keeping my life
| private from the govt, let alone anyone else in society. Its bad
| enough science stole my privacy!
|
| I find phones amusing because of all the trouble and strife they
| bring.
|
| There are pro's and cons for phones, I get it, but should I be
| that accessible to anyone who can dial the right number
| combination or use a war dialler?
| wffurr wrote:
| This comment fits in just as well with a phone from the 1870s
| as a phone from the 2020s. I can just imagine someone saying
| this about the neighbors' party line.
| systemvoltage wrote:
| Buried in the thread if it was Google Inc.:
|
| > yes it was the official Pixel warehouse, arranged directly by
| Google support.
| lvs wrote:
| Unless someone wants to leak internal information, there is no
| such thing in either case, as far as we know. These services
| are almost certainly contracted to third parties.
| dkersten wrote:
| So? If google arranged that on their behalf, its google's
| responsibility. Doesn't matter who they subcontract or
| delegate to.
| Gigachad wrote:
| That's still offical google as far as I'm concerned. It's
| under the control of google. The customer went through
| google.
|
| I would think different if they took it to some mall phone
| repair stall.
| awinter-py wrote:
| this is the second one of these that hit HN this week? other was
| a post deleted from reddit. seems like possible explanations here
| are:
|
| - standard 'loveint' at support depts (many companies with
| personal data have stories about abusing system access to look at
| personal info of SO / randos)
|
| - illicit group operating within or adjacent to goog doing some
| kind of espionage or ransom model
|
| - google-haters inventing or amplifying a pattern of behavior?
| (but with what motivation)
|
| - not obvious if the phones are passwordless, or if insiders are
| using a 'universal unlock' feature to decrypt pixel devices -- if
| the latter, is that a bigger story than the stalking?
|
| if this is only happening to passwordless phones, still an abuse
| of trust, but I'm okay with 'don't send passwordless phone to
| support' as a consumer best practice.
| pizza234 wrote:
| Some relevant information
| (https://twitter.com/avantgame/status/1467236223550779392):
|
| > someone else reported the same thing happened to them on
| Reddit recently, using the same RMA for a similar phone at the
| same Texas facility.
|
| Taking the story as true, it'd seem to be case 1.
|
| Taking the story as not true (case 3.), she's in a professional
| position where publicity wouldn't hurt.
|
| Her report looks questonable (not necessarily false):
|
| > They deleted Google security notifications in my backup email
| accounts.
|
| If the accounts were backup, and she's a security-conscious
| person as she claims in the same post, how did they do that?
| They were backup, so they couldn't use the main account to
| reset them. I can think of the accounts being opened in
| different browsers, but it doesn't seem a very plausible
| scenario.
| estaseuropano wrote:
| Jane is famous already with two NYT bestsellers. Why should
| she make up lies for attention?
|
| Really weird to immediately shoot/ad hominem the messenger
| tyingq wrote:
| "backup" could mean the main account...where the phone data
| is "backed up".
| [deleted]
| theturtletalks wrote:
| She said her phone would not turn on or she would've reset the
| phone before sending it in.
| emuneee wrote:
| As a Pixel user who has sent their device in for repair, how does
| the repair tech get past the device authentication and into the
| device? (I'm assuming the user had a device password/passcode
| set). If possible, this seems like a glaring security issue for
| Pixel users.
| trevyn wrote:
| Has Google at any time ever asked a user for the password to do
| a repair? I remember a physical Apple Store (real, Apple Inc.,
| in California) asking me for my password for a laptop hardware
| repair. They were OK with my declining to do so.
| [deleted]
| pstrateman wrote:
| They don't have a password.
| drozycki wrote:
| Her phone was protected with a passcode. Please do not spread
| misinformation
| https://twitter.com/avantgame/status/1467222753799393281
| spaghetti-guy wrote:
| According to the Google support site, all Pixels are encrypted by
| default. So, this shouldn't even be possible...unless perhaps
| there was no lock code on the device?
| pxeboot wrote:
| If a tech tries a random 4 digit passphrase on every device
| they work on, they are bound to get it right occasionally.
| lazide wrote:
| If something common/unimaginative like 4444 or 1111, I bet it
| would be something like 1 in 10.
| lvs wrote:
| Pattern unlock. Incredibly insecure.
| null_deref wrote:
| Why?
| gruez wrote:
| probably because there are a few "popular" patterns that
| many people use.
| cryptodan wrote:
| Google has the keys to the kingdom.
| nicce wrote:
| Maybe, but they don't give them for average repairman.
| gpm wrote:
| More useful takeaway is to have a secure password on your phone.
| Repair techs aren't able to do anything that a pickpocket
| couldn't...
___________________________________________________________________
(page generated 2021-12-04 23:01 UTC)