When you need to drop off your tech devices for a repair, how confident are you that they won't be snooped on?
CBC's Marketplace took smartphones and laptops to repair stores across Ontario — including large chains Best Buy and Mobile Klinik — and found that in more than half of the documented cases, technicians accessed intimate photos and private information not relevant to the repair.
Marketplace dropped off devices at 20 stores, ranging from small independent shops to medium-sized chains to larger national chains, after installing monitoring software on the devices. In total, 16 stores were recorded. (At four stores, the tracking software didn't log anything, or the stores didn't appear to turn the devices on.)
Technicians at nine stores accessed private data, including one technician who not only viewed photos but copied them onto a USB key.
as a technician myself, I hate this. I truly don't understand why any tech would ever do any snooping. I fix dozens of devices a day, I need the password so I can test the new part and make sure everything is working as it should be after the repair. I'm far to busy and apathetic to give a shit what people have on their devices.
side note, for those of y'all with Samsung phones, there's a maintenance mode that will allow the tech to test everything after the repair but not access any data on your device.
Unsurprising. Most repair shops will ask for your PW to "test that the device works". If it is for a battery change, or screen fix or whatnot, refuse to give it! It is not required. They can confirm the fix just by accessing the lock screen itself.
Shitty people will do shitty things. That said, if you don't give your password, be prepared to have the technician test all sorts of stuff in front of you. The selfie camera, ear speaker, microphone, etc. sometimes are mounted on the screen. If there are problems, the tech will need to redo the repair. Not advocating for giving your pw, but be prepared for the process to be less convenient.
Edit: My bad, should have clarified I'm talking about phones exclusively. If you're worried about your computer, create a non-admin user and give them that password. If they had the skills to bypass that, they wouldn't be working at a repair shop.
If they had the skills to bypass that, they wouldn't be working at a repair shop.
What are you talking about? I worked at a geek squad back in college days and no one there needed your admin password to get into your computer. We'd just remove the password. The only reason we asked for your password was so you'd get your computer back with the password still on it, lol...
I'm more shocked that none of the techs found the monitoring software and assumed it was something malicious and disabled or removed it...
If someone has physical access to your device, they also have the ability to access your files without your password. Unless you are using sophisticated full disk encryption, but that makes it more time consuming to gain access.
I wish Android still had full-disk encryption. It was dropped in Android 10 for file-based encryption, but as far as I know the keys are just somewhere on the device. But I am not sure about that. Like 10%.
You almost always need to the password to test a phone thoroughly. You can see that the screen works on the lock screen, but what about the front facing camera, and secondary microphone that are attached to the screen and need to be transferred, or replaced if you do it like Apple. On newer iPhones the slightest defect can cause face id to not work. On laptops it depends. Sometimes live USBs don't have the right drivers to test all the hardware. When you assume things are simple you're usually wrong.
Weird that you'd mention the cameras, one of the only things you can access from the lock screen.
For everything but data recovery you can get by fine without a password. You aren't gonna have a hardware issue that makes Facebook slightly slower, your device won't turn on.
I've been in tech since 2007 and people are stupid and sometimes they leave "private" photos on the damn desktop. No offense to end users but don't leave your pornos out in the open...buy two USB drives and back it up to both and store in a closet or something. The end user is also at fault here imo. Many times IT people aren't looking for shit but people are stupid enough to leave it right in the open.
Why are you clicking and opening people's image or video files even if they're right on their desktop? I doubt that's part of the repair troubleshooting you are supposed to be doing. You shouldn't be clicking on their images or videos even if they are easily accessible.
if you are technical enough to replace a hard drive then when you buy a computer also buy an extra drive. day1 build your machine or recover to the new drive. keep original drive in case of repair need. it also helps to troubleshoot if your problem is hardware or software.
Haha holy shit, the Canada Computers statement that photos weren't accessed inappropriately & that the employee in question was disciplined, shortly followed by a picture of the technician outright copying only these files to the USB drive. These people are scum
This being so common is creepy, but I feel like I just read/heard about a case where some pedo was recently arrested because a tech found CSAM on his phone during a repair and reported him. I really value privacy, but in that one case I'm glad the tech got nosey. I'm a bit intoxicated right now and cannot remember where I heard about this, but probably some true crime podcast or YouTube channel. I'll update with a source if I remember.
The thing is, it's really hard to be consistent on beliefs, especially in cases like this where it might sound unfavorable.
If you say you're against surveillance and spying on devices, people will generally agree that's a good thing. But this is an example of privacy invasion, and is justified because they caught CSAM, so it must be good, right?
Well in the big picture of things, this would be setting a precedent. Where they can justify these things because they can find and stop these things. This tends to lead to the "think of the children!" fallacy. Legislators are actively using this argument to push anti-privacy measures like breaking encryption so they can stop this. So it unfortunately means, respect privacy, or allow these things to go unchecked.
Freedom comes at a price, and you gotta stay consistent even if it lets bad guys get away with things. You can justify a lot of fascism in the name of stopping the bad guys, since obviously it's not a good look to defend those actions.
Ehh. Your way sets really bad precedent that deprives all of us of freedoms in much more horrific ways than some retard getting caught with CSAM he should not have been having in the first place.
Freedom means more than that and to argue otherwise is to argue innocent people need to be sacrificed on your political altar to make you feel like you can be safe hiding shit. You never can no matter how free your country is.
It's one thing to merely stumble across someone's private content on a PC while working on it, and quite another to actively seek it out and make a copy like the guys in the article were caught doing.