[threeseed]

What happens if that service is down. Or if a state actor decides to DDOS it to cause havoc.

Of course since this process needs to access networking stack etc it's going to be trivial to bypass if the device is jailbroken. Which means that users buying stolen phones need to be informed not to upgrade the OS otherwise their device is bricked. E-waste implications would be staggering.

[dns_snek]

Nothing happens if the service is down. They could just as easily DDoS other Apple services, most of them would cause actual havoc if they were down - iMessage, iCloud, Apple Pay, Sign in with Apple, etc.

If the device is jailbroken then all bets are off regardless? If you can bypass the theft database check, you can bypass the current parts pairing check, too.

> E-waste implications would be staggering.

Is that meant to support your argument? That's the status quo.

[threeseed]

If the service is down then how would the validation happen. Or if you just allow stolen components to be accepted whilst the phone is unvalidated then state security services will just DDOS the service. They would love to be able to swap out a screen and gain access to the password for journalists, dissidents etc.

And you can't bypass the current pairing check since it is happening before the OS is launched.

[dns_snek]

I'm sorry but that's just a fairytale. Nobody is going to go through a 10 step process that hinges on someone's phone being stolen and returned without their knowledge while successfully pulling off a DDoS attack against one of the most powerful corporations on the planet that's already facing constant cyber threats.

Extremely relevant: https://xkcd.com/538/

They'll just use a 0-day exploit or a $5 wrench.