[grishka]

> After he evaluated the Time Capsule's contents, Bryant notified Apple about his findings, and the company's London security office eventually asked him to ship the Time Capsule back.

> Bryant again reported his findings to Apple and returned the Mac Mini to them.

Why the hell did he do that?! It's, like, the worst thing one can possibly do with these kinds of devices. Just publish stuff that doesn't have anyone's personal data in it. That'll make the world better in the end.

[tomcam]

Because he didn’t want the heavy hand of Apple’s legal department ruining his life

[grishka]

First of all, he could release it anonymously. Second, what law or contract would he be breaking anyway? An NDA with Apple that he never signed? Sure there is a person who breached an NDA in relation to the proprietary information contained in these devices, but that person is whomever was tasked with decommissioning them before resale.

[toast0]

I'm sure there's plenty of copyright violation in uploading a dump.

It's definitely fixed in tangible form, so it's just a matter of what qualifies, but lots of things do.

[katbyte]

You do realize some people have morals?

Why WOULD he release it at all?

[grishka]

Morals towards faceless corporations that would do anything and everything to keep their profits growing indefinitely? No, I don't realize why anyone would have those.

[jjtheblunt]

That's a plainly depraved attitude.

I worked several years within Apple in one core engineering roll, in a sizeable team, and being ethical and moral was a _huge_ part of the engineering culture (at least), both when Steve Jobs was there and after.

[kome]

you were working there, he wasn't

[grishka]

Engineering culture maybe. But I take issue with the management and its goals.

As a long time an app developer (mostly Android, but I've seen my iOS coworkers deal with Apple, and I released one somewhat popular Mac app while refusing to get a developer account), I find it very disrespectful how Apple tries its best to forcibly insert itself between the users and the developers and then acts like they totally played an important role in forming that relationship. Then there's the fact that the app store policies ruin the internet as a whole. Because Apple, in its infinite wisdom, not only reviews apps on their technical merits, but if the app is for an online service, it also reviews service itself. They would totally reject a client app for something that they don't like ToS of.

Speaking of the Mac app I made, Apple is making it harder with every macOS release to run apps from "unidentified" developers. No good technical reason for that. No good technical reason for taking away the "all developers" option from the security settings either (I know that it still can be set with a terminal command). A system can be made reasonably secure without the whole security model being centralized around one self-appointed unquestionably trusted party yet Apple chose the centralized approach.

The whole EU DMA thing... I don't even know where to start. This "core technology fee" is absolutely ridiculous. The fact that every binary that is to be "sideloaded" has to go through Apple is also ridiculous. It's pretty clear what the EU regulators meant with this act, yet Apple keeps trying to work around it to keep as much of its rent-seeking as possible. All while acting like a kicked puppy.

Then there's their stance on adversarial interoperability, see Beeper.

Then there's also this whole parts pairing thing on iOS devices. Again, no good technical reason. Maybe it's to prevent stolen iPhones used for parts, but stolen iPhones are still used for parts. I'm a software guy, but for lots more complaints about artificially created hardware-related problems see Louis Rossmann: https://www.youtube.com/@rossmanngroup

[PradeetPatel]

Seconded, there's no tangible nor financial benefit to him for releasing the information to the world. Also: how would publishing the data "make the world a better place"?

At the same time it'll incur a non trivial amount of reputational and professional risk.

[grishka]

> Also: how would publishing the data "make the world a better place"?

For example, schematics of Apple devices would help people fix them on a deeper level than Apple wants (Apple doesn't do board-level repair, one 3-cent component fails and you're getting your entire motherboard replaced). Diagnostic software would help with that too. Documentation about any artificial limitations Apple imposes on these devices for its own profit, like part pairing, would make these limitations easier to bypass. Documentation about software or proprietary network protocols would help with adversarial interoperability. Even documentation on manufacturing techniques might be useful for someone building hardware — if not to copy, then to learn from it.

[katbyte]

Your really reaching here, repair folk already know this stuff

[userbinator]

Instead, Apple's legal department will now ruin someone else's life --- one of its own employees, most likely.

[notinmykernel]

IMO, it's a personal philosophy. Similar to why hackers choose to report vulnerabilities to bug bounties vs. release findings on sites like Hack Forums.

We all know companies are predatory, and in many cases companies (looking right at you Google and Microsoft) continue to refuse to pay people for discovering, documenting and reporting high-severity vulnerabilities. That doesn't mean we as individuals forfeit our principles and become just as corrupt as the "faceless corporate entities."

[grishka]

For vulnerabilities I can at least understand that — most of them can be used nefariously, and you also get a shitton of money if you report it. Publishing some company's trade secrets, though, would only hurt their bottom line, which isn't necessarily even a bad thing for a company that has orders of magnitude more money than it knows what to do with.

[egorfine]

> That'll make the world better in the end

citation needed.