First of all, the in-app purchasing is specifically designed to not warn you when a purchase is made, and to make the purchases as subtle as possible.
Just yesterday there was news elsewhere that with iOS 7.1 (which allows a 15 minute period without password entry), when you enter your password now, a dialog will appear telling you about it, with an OK button and a button that takes you to "Settings" where you can turn that feature off.
Just assuming that your friend had a fully legal collection, I would think that all he needs to do is ask the media companies for a new copy.
On iTunes, the average song is 8 MB for $0.99. 20 TB would by 2.5 million songs. I actually doubt that the test guys at Apple who are responsible for testing iTunes have a 2.5 million song library.
(Of course HD videos are a lot bigger; they can easily be 3GB or 4GB, so that would only be let's say 5,000 to 10,000 videos purchased, at say $9.99 on average).
How about if Apple just didn't sue the entire planet for rounded corners and touching the thing you want. You know, just have those bogus patents in a portfolio and only bringing it out when someone threatens to sue them.
How about if people posting on Slashdot would educate themselves and figure out the difference between patent and design patent, and wouldn't repeat the same old nonsense again and again? And if you were told that Samsung has design patents on phones with rounded corners, would you (a) not believe it, (b) check it out on Google and still not believe it, or (c) shut the fuck up?
PS. What do you think would Samsung do if LG, HTC, Lenovo and so on copied their phone designs? Do you think they would roll over, or would they pull out their design patents on "oddly shaped corners"?
Apple ripped off the design of the LG Prada. They were lucky they didn't get sued for that.
LG is a huge company with plenty of money for lawyers, and Apple is a huge target with deep pockets. So claiming that Apple was "lucky" to not get sued is pure idiocy. There are two, and only two, rational explanations: (A) Apple paid LG for a license so anything they ripped off was perfectly legal. (B) LG's lawyers concluded that your claim that Apple ripped off anything from the LG Prada is so wrong that there is not a chance to succeed in a lawsuit. I personally think that we would have heard if (A) was true, and that there wasn't more than some superficial similarity, and that the development timelines clearly showed there was no copying involved.
You're not allowed to patent an obvious advancement.
If it was so obvious, why didn't anyone use it before iOS demonstrated it? Many, many things are obvious _after_ you see them, but not at all obvious _before_ you see them.
But then, on Slashdot Apple is evil and Google is good, therefore all Apple patents are evil and Apple is even more evil for enforcing evil patents, while Google patents are all good and Google is good for its defensive use of good patents (like in its failed attempt to blackmail Microsoft for four billion dollars), and likewise Samsung is good for trying to use FRAND patents for blackmail (even though the EU threatened them with a 13 billion dollar fine).
It's as simple as: Power down device, remove battery, remove SIM, do not re-connect to wifi hotspots. All of which can be done by anybody in less than 45 seconds. If the battery is non-removable? Power down, remove SIM, don't use wifi. Find my phone and remote wipe are pretty much a big hilarous joke if the theif know how to handle phones.
Except when they try to use a phone like you use a phone - for making phone calls - it will be wiped. Or if you connect it to WiFi - it will be wiped. Once it's locked it's locked. And you can't reset it. So yes, you can steal an iPhone and keep it forever without it being found or wiped, but you cannot actually use it.
Nope, Starting with the iPhone 3GS, the flash is encrypted. The encryption key used is encrypted with a per-device key that's known only by the device (and I guess, Apple). If you do a remote wipe, the encrypted key is deleted (making the data inaccessible), and a new key is created. The device then encrypts that key with the device key and puts it in flash.
There's one key built into the CPU which isn't known to Apple and cannot be extracted. On top of that, every file is actually encrypted with a per-file key, so even if you managed to crack one file, it wouldn't help you with others.
With an iPhone? It's only 1,000 possible PINs for that lock. If you've got the hardware, take your time fingerhacking the pin. For Android, depending on ROM, the pin can get insanely long and you're pretty much boned.
Bad maths and wilful ignorance. The default is 10,000 possible PINs. In addition there are the following options, available to anyone without any hacks: 1. Use a longer PIN, say 6 or 13 digits. 2. Use an alphanumeric passcode of any length. 3. Automatically wipe the phone after ten unsuccessful attempts. Always turned on is a growing time delay between attempts.
Well, there was huge discussion a week ago how to defeat it. Take a stolen iPhone, wait for your mum to die, take iPhone, death certificate and will to the Apple Store... and damn, they still don't unlock it for you!
I think you need to review you understanding of X.509. If your client trusts a Certificate Authority then it trusts certificates issued by that CA. This allows anyone who can intercept the network traffic to conduct Man In The Middle attacks. Read up on it on Wikipedia.
... and if you use the school's WiFi then of course they can intercept the network traffic. What I'm not quite sure about... Let's say I try to get an https connection to Amazon. I will eventually receive a certificate that claims to be an Amazon certificate, signed by a Verisign root certificate, and my computer trusts that root certificate. If there was a man-in-the-middle attack performed by the school, can anyone confirm that I would see a certificate claiming to be an Amazon certificate, signed by the school's root certificate?
Apple has to stand their ground here, otherwise they would be promoting murder. Who wouldn't kill their grandma to get an iPad?
If your cynical like that... A slightly less cynical scenario: Thief steals an iPad but finds it is locked. Now by bad luck the thief's mother dies and leaves him everything in her will. The thief goes to Apple with the stolen iPad, claiming it belonged to his dead mother.
So having a will, a death certificate, a solicitor, and willing to personally meet with Apple is now simple and convenient?
It has entered this thread quite late, but there is a big problem: If the old lady hadn't died, and had forgotten her Apple Id and password and went to the Apple Store, Apple wouldn't just reset the iPad. They would want some serious proof that it is really hers, and that she isn't trading in stolen iPads. That's the point of "Find my iDevice". Making it hard for crooks to access stolen iPads, which is unfortunate if the legal user forgets his password.
Now even with will, death certificate, and solicitors, the heirs can at most prove that they have the rights to the iPad that the mother used to have. But that might still mean no rights at all, if the iPad was stolen. They'd still have to proof that their mother was the legitimate owner in the first place.
So Apple were able to tell you the plaintext password? That implies they don't even hash it properly. They should have been able to reset it, but not tell you what it was. Rather alarming is true.
On the internet, everyone is a successful lawyer. As you said, rather alarming if true.
It's deeply embroiled in the Apple culture. Steve Jobs had a daughter from sex with a lower-level Apple employee, who he refused to acknowledge through her entire childhood. He had the nerve, though, to name the Lisa after her. Jerk was heavily into Zen. But also dug Lawyers-n-stuff.
The "lower-level Apple employee" was his girlfriend before Apple started, and they worked together building the first 50 Apple computers in Jobs Sr's garage. "through her entire childhood" is perfectly wrong. Why you comment "had the nerve" on naming a computer after his daughter is plainly beyond me. In the end, you can find some info about her, and it doesn't seem she ever complained about his behaviour.
But no matter what you say, that was Jobs' private life, and not "embroiled in the Apple culture".
They don't need to remote-unlock it, just do a fucking password reset. It should take them all of 30 seconds once they've received the legal papers.
This is an anti-theft device that is supposed to stop the cleverest thieves from using your iPad, so I doubt it is a matter of 30 seconds. Two possibilities at the extreme range, since the ability to unlock such a device must never, ever fall into the hands of criminals: 1. Apple cannot even unlock the device, but "unlocks" it by replacing it with a refurbished device, eating the cost. 2. Apple can only unlock the device in a cellar in Cupertino with a dozen locks and no internet connection.
I can't speak for data ownership for the others but at least Google has its Inactive Account Manager [google.com] which lets you "will" your data to someone else. You can also, at any time, download all your photos, video, and other content using Google Takeout [google.com].
Which doesn't help you if you don't have the username and password. If the sons had the Apple Id and Password, there would be no problem. Let me summarise what actually happens:
1. If you use a passcode (4 digit PIN or more) and forget it, nobody can access the data on your device anymore. However, you may be able to reset the device.
2. If you haven't turned no theft protection ("Find my iDevice") you can always wipe the device, So you just have a new, empty device. If "Find my iDevice" is turned on then you need the AppleId + Password to wipe the device.
3. If you wiped the device, have AppleId + Password, and used the free iCloud backup, then all the data can be restored from the cloud.
It seems that "Find my iPad" was turned on and they don't have AppleId + Password.
What, do you have, like, comprehension issues? The _owner_ has not given consent to the device being locked. The _owner_ is alive, having inherited the device from a dead relative.
The owner _did_ give her consent. There is a new owner, who wants to revoke that consent, but it's too late. Apple had consent when the anti-theft measures were turned on. And turning them off doesn't take just consent, but also a password.
Even if Apple can unlock that data and eventually does so, think about how that might look to some people, who would NOT want their heirs/family/descendants to have the means to rummage through their personal data. You see this happen all the time--families of the deceased try to weasel their way into secrets and intimate histories of those who died. If all it might take is some lawyers and potentially dubious documentation to get around a dead person's privacy, then I would think twice about leaving any personal data behind.
I don't actually know if Apple can unlock an iOS 7 device without wiping it. The data stored on it is always encrypted with your passcode. Most likely you would just get a wiped iPad back, and for access to data you need to know the relevant ids and passwords. It's even possible that Apple cannot actually unlock the device, and gives you a new one - which would be _really_ safe and would make them very hesitant to do this.
Apple should have no skin in this game, they don't own any part of it.
Apple would be (rightfully) slaughtered if they had policies that made it easy for every crook to get a stolen iPad unlocked. So yes, they absolutely have the right to care about this.
Why was that marked insightful? You don't put the VIN number for the cars you own in your will either, nor do you put the serial numbers from each electrical appliance, watch or other worldly possessions. Why is it suddenly that this is on the family to prove for this particular type of device, A Will is a legal document, if Apple thinks the item might be stolen then it is on Apple to prove it, not the family.
That doesn't make sense. If you want Apple to do anything, then it is obviously up to you to demonstrate why Apple should to it. If Apple is asked to unlock your stolen device, do you think the thief should be able to say "it's up to Apple to prove it's stolen, not up to me to prove it isn't"?
Let's say you buy stuff from Amazon. Amazon has a certificate signed by Verisign. Your computer gets the certificate and examines it. What it finds: The certificate claims to be from Amazon, and says you should trust it because it is signed by Verisign. The Verisign certificate is trusted because it shipped as part of the OS. Now you get the man-in-the-middle attack: Your company creates a fake Amazon certificate and signs it. Your computer sees the certificate claims to be from Amazon, and says you should trust it because it is signed by your company. Your company's certificate is trusted because they added it to the OS of your work computer. If you click on the certificate, it will say it is an Amazon certificate, and your company's certificate is the root certificate.
I very, very much hope that Verisign (as the employer of Verisign employees) would be very careful with this.
I detest Apple but I think they have a point here. If you buy an iPad, you get ownership and the right to transfer the ownership of that iPad. However, when you buy an app, you buy a personal right to use the app. This right is not transferable. If it was, there would be a lively secondary market in apps. The fact that the owner dies does not make the apps transferable either. I assume the will only mentions transference of ownership of the iPad (which is valid) and maybe the apps (which is invalid). If the will doesn't mention other data, they will need a court order. Apple just wants to protect itself but as usual does it in their own arrogant and insensitive way.
What you are saying is quite likely wrong, and definitely irrelevant. The problem is that the kids don't have moms password. If you yourself forget your iPad password, do you think Apple should be required to unlock the iPad for you? If you use full disk encryption and forget your password, Apple is actually not capable of unlocking it. If you use a secure passcode on your iPad, Apple is actually not capable of breaking that either (they can break a four digit passcode, but only if the iPad is taken to Cupertino). As far as purchased software is concerned, I'd be quite sure that it passes on to my heirs, because there is no sale involved. They just take over my role as legitimate owner.
If Apple can't plan for a common contingency like this in their security model, then they shouldn't choose to be in control of other people's property.
They aren't in control. The user is in control. It's an anti-theft protection that the user has to turn on themselves. Once they do that, they mustn't forget the password. Or leave it in a will. Like if you don't write the number of your secret Swiss bank account.
If the vendor then chose to deny me access and insist I get a court order, I'd be unhappy, angry and deeply disappointed. And I very certainly would never use that vendor again, and I'd warn everybody I could to stay away from that vendor.
So your mum or dad went to the storage facility. They were worried that someone could break in and steal their stuff, or that someone could trick the storage facility into handing over their stuff. The storage facility offered this security feature: They took a photo of mum and dad, gave them a key, and promised that 100% nobody would get the things except if they match one of the photos and have the key.
Slashdot Mirror
First of all, the in-app purchasing is specifically designed to not warn you when a purchase is made, and to make the purchases as subtle as possible.
Just yesterday there was news elsewhere that with iOS 7.1 (which allows a 15 minute period without password entry), when you enter your password now, a dialog will appear telling you about it, with an OK button and a button that takes you to "Settings" where you can turn that feature off.
Just assuming that your friend had a fully legal collection, I would think that all he needs to do is ask the media companies for a new copy.
On iTunes, the average song is 8 MB for $0.99. 20 TB would by 2.5 million songs. I actually doubt that the test guys at Apple who are responsible for testing iTunes have a 2.5 million song library.
(Of course HD videos are a lot bigger; they can easily be 3GB or 4GB, so that would only be let's say 5,000 to 10,000 videos purchased, at say $9.99 on average).
How about if Apple just didn't sue the entire planet for rounded corners and touching the thing you want. You know, just have those bogus patents in a portfolio and only bringing it out when someone threatens to sue them.
How about if people posting on Slashdot would educate themselves and figure out the difference between patent and design patent, and wouldn't repeat the same old nonsense again and again? And if you were told that Samsung has design patents on phones with rounded corners, would you (a) not believe it, (b) check it out on Google and still not believe it, or (c) shut the fuck up?
PS. What do you think would Samsung do if LG, HTC, Lenovo and so on copied their phone designs? Do you think they would roll over, or would they pull out their design patents on "oddly shaped corners"?
Apple ripped off the design of the LG Prada. They were lucky they didn't get sued for that.
LG is a huge company with plenty of money for lawyers, and Apple is a huge target with deep pockets. So claiming that Apple was "lucky" to not get sued is pure idiocy. There are two, and only two, rational explanations: (A) Apple paid LG for a license so anything they ripped off was perfectly legal. (B) LG's lawyers concluded that your claim that Apple ripped off anything from the LG Prada is so wrong that there is not a chance to succeed in a lawsuit. I personally think that we would have heard if (A) was true, and that there wasn't more than some superficial similarity, and that the development timelines clearly showed there was no copying involved.
You're not allowed to patent an obvious advancement.
If it was so obvious, why didn't anyone use it before iOS demonstrated it? Many, many things are obvious _after_ you see them, but not at all obvious _before_ you see them.
But then, on Slashdot Apple is evil and Google is good, therefore all Apple patents are evil and Apple is even more evil for enforcing evil patents, while Google patents are all good and Google is good for its defensive use of good patents (like in its failed attempt to blackmail Microsoft for four billion dollars), and likewise Samsung is good for trying to use FRAND patents for blackmail (even though the EU threatened them with a 13 billion dollar fine).
It's as simple as: Power down device, remove battery, remove SIM, do not re-connect to wifi hotspots. All of which can be done by anybody in less than 45 seconds. If the battery is non-removable? Power down, remove SIM, don't use wifi. Find my phone and remote wipe are pretty much a big hilarous joke if the theif know how to handle phones.
Except when they try to use a phone like you use a phone - for making phone calls - it will be wiped. Or if you connect it to WiFi - it will be wiped. Once it's locked it's locked. And you can't reset it. So yes, you can steal an iPhone and keep it forever without it being found or wiped, but you cannot actually use it.
Nope, Starting with the iPhone 3GS, the flash is encrypted. The encryption key used is encrypted with a per-device key that's known only by the device (and I guess, Apple). If you do a remote wipe, the encrypted key is deleted (making the data inaccessible), and a new key is created. The device then encrypts that key with the device key and puts it in flash.
There's one key built into the CPU which isn't known to Apple and cannot be extracted. On top of that, every file is actually encrypted with a per-file key, so even if you managed to crack one file, it wouldn't help you with others.
With an iPhone? It's only 1,000 possible PINs for that lock. If you've got the hardware, take your time fingerhacking the pin. For Android, depending on ROM, the pin can get insanely long and you're pretty much boned.
Bad maths and wilful ignorance. The default is 10,000 possible PINs. In addition there are the following options, available to anyone without any hacks: 1. Use a longer PIN, say 6 or 13 digits. 2. Use an alphanumeric passcode of any length. 3. Automatically wipe the phone after ten unsuccessful attempts. Always turned on is a growing time delay between attempts.
Well, there was huge discussion a week ago how to defeat it. Take a stolen iPhone, wait for your mum to die, take iPhone, death certificate and will to the Apple Store... and damn, they still don't unlock it for you!
I think you need to review you understanding of X.509. If your client trusts a Certificate Authority then it trusts certificates issued by that CA. This allows anyone who can intercept the network traffic to conduct Man In The Middle attacks. Read up on it on Wikipedia.
... and if you use the school's WiFi then of course they can intercept the network traffic. What I'm not quite sure about... Let's say I try to get an https connection to Amazon. I will eventually receive a certificate that claims to be an Amazon certificate, signed by a Verisign root certificate, and my computer trusts that root certificate. If there was a man-in-the-middle attack performed by the school, can anyone confirm that I would see a certificate claiming to be an Amazon certificate, signed by the school's root certificate?
Apple has to stand their ground here, otherwise they would be promoting murder. Who wouldn't kill their grandma to get an iPad?
If your cynical like that... A slightly less cynical scenario: Thief steals an iPad but finds it is locked. Now by bad luck the thief's mother dies and leaves him everything in her will. The thief goes to Apple with the stolen iPad, claiming it belonged to his dead mother.
So having a will, a death certificate, a solicitor, and willing to personally meet with Apple is now simple and convenient?
It has entered this thread quite late, but there is a big problem: If the old lady hadn't died, and had forgotten her Apple Id and password and went to the Apple Store, Apple wouldn't just reset the iPad. They would want some serious proof that it is really hers, and that she isn't trading in stolen iPads. That's the point of "Find my iDevice". Making it hard for crooks to access stolen iPads, which is unfortunate if the legal user forgets his password.
Now even with will, death certificate, and solicitors, the heirs can at most prove that they have the rights to the iPad that the mother used to have. But that might still mean no rights at all, if the iPad was stolen. They'd still have to proof that their mother was the legitimate owner in the first place.
So Apple were able to tell you the plaintext password? That implies they don't even hash it properly. They should have been able to reset it, but not tell you what it was. Rather alarming is true.
On the internet, everyone is a successful lawyer. As you said, rather alarming if true.
Yet when governments demand that data be provided, all the fuss goes away and gives it easily.
Nobody, including Apple, can extract data from an iPad with a ten digit passcode.
It's deeply embroiled in the Apple culture. Steve Jobs had a daughter from sex with a lower-level Apple employee, who he refused to acknowledge through her entire childhood. He had the nerve, though, to name the Lisa after her. Jerk was heavily into Zen. But also dug Lawyers-n-stuff.
The "lower-level Apple employee" was his girlfriend before Apple started, and they worked together building the first 50 Apple computers in Jobs Sr's garage. "through her entire childhood" is perfectly wrong. Why you comment "had the nerve" on naming a computer after his daughter is plainly beyond me. In the end, you can find some info about her, and it doesn't seem she ever complained about his behaviour.
But no matter what you say, that was Jobs' private life, and not "embroiled in the Apple culture".
They don't need to remote-unlock it, just do a fucking password reset. It should take them all of 30 seconds once they've received the legal papers.
This is an anti-theft device that is supposed to stop the cleverest thieves from using your iPad, so I doubt it is a matter of 30 seconds. Two possibilities at the extreme range, since the ability to unlock such a device must never, ever fall into the hands of criminals: 1. Apple cannot even unlock the device, but "unlocks" it by replacing it with a refurbished device, eating the cost. 2. Apple can only unlock the device in a cellar in Cupertino with a dozen locks and no internet connection.
I can't speak for data ownership for the others but at least Google has its Inactive Account Manager [google.com] which lets you "will" your data to someone else. You can also, at any time, download all your photos, video, and other content using Google Takeout [google.com].
Which doesn't help you if you don't have the username and password. If the sons had the Apple Id and Password, there would be no problem. Let me summarise what actually happens:
1. If you use a passcode (4 digit PIN or more) and forget it, nobody can access the data on your device anymore. However, you may be able to reset the device.
2. If you haven't turned no theft protection ("Find my iDevice") you can always wipe the device, So you just have a new, empty device. If "Find my iDevice" is turned on then you need the AppleId + Password to wipe the device.
3. If you wiped the device, have AppleId + Password, and used the free iCloud backup, then all the data can be restored from the cloud.
It seems that "Find my iPad" was turned on and they don't have AppleId + Password.
What, do you have, like, comprehension issues? The _owner_ has not given consent to the device being locked. The _owner_ is alive, having inherited the device from a dead relative.
The owner _did_ give her consent. There is a new owner, who wants to revoke that consent, but it's too late. Apple had consent when the anti-theft measures were turned on. And turning them off doesn't take just consent, but also a password.
Even if Apple can unlock that data and eventually does so, think about how that might look to some people, who would NOT want their heirs/family/descendants to have the means to rummage through their personal data. You see this happen all the time--families of the deceased try to weasel their way into secrets and intimate histories of those who died. If all it might take is some lawyers and potentially dubious documentation to get around a dead person's privacy, then I would think twice about leaving any personal data behind.
I don't actually know if Apple can unlock an iOS 7 device without wiping it. The data stored on it is always encrypted with your passcode. Most likely you would just get a wiped iPad back, and for access to data you need to know the relevant ids and passwords. It's even possible that Apple cannot actually unlock the device, and gives you a new one - which would be _really_ safe and would make them very hesitant to do this.
Apple should have no skin in this game, they don't own any part of it.
Apple would be (rightfully) slaughtered if they had policies that made it easy for every crook to get a stolen iPad unlocked. So yes, they absolutely have the right to care about this.
Why was that marked insightful? You don't put the VIN number for the cars you own in your will either, nor do you put the serial numbers from each electrical appliance, watch or other worldly possessions. Why is it suddenly that this is on the family to prove for this particular type of device, A Will is a legal document, if Apple thinks the item might be stolen then it is on Apple to prove it, not the family.
That doesn't make sense. If you want Apple to do anything, then it is obviously up to you to demonstrate why Apple should to it. If Apple is asked to unlock your stolen device, do you think the thief should be able to say "it's up to Apple to prove it's stolen, not up to me to prove it isn't"?
I would like to ask a stupid question.
Let's say you buy stuff from Amazon. Amazon has a certificate signed by Verisign. Your computer gets the certificate and examines it. What it finds: The certificate claims to be from Amazon, and says you should trust it because it is signed by Verisign. The Verisign certificate is trusted because it shipped as part of the OS. Now you get the man-in-the-middle attack: Your company creates a fake Amazon certificate and signs it. Your computer sees the certificate claims to be from Amazon, and says you should trust it because it is signed by your company. Your company's certificate is trusted because they added it to the OS of your work computer. If you click on the certificate, it will say it is an Amazon certificate, and your company's certificate is the root certificate.
I very, very much hope that Verisign (as the employer of Verisign employees) would be very careful with this.
I detest Apple but I think they have a point here. If you buy an iPad, you get ownership and the right to transfer the ownership of that iPad. However, when you buy an app, you buy a personal right to use the app. This right is not transferable. If it was, there would be a lively secondary market in apps. The fact that the owner dies does not make the apps transferable either. I assume the will only mentions transference of ownership of the iPad (which is valid) and maybe the apps (which is invalid). If the will doesn't mention other data, they will need a court order. Apple just wants to protect itself but as usual does it in their own arrogant and insensitive way.
What you are saying is quite likely wrong, and definitely irrelevant. The problem is that the kids don't have moms password. If you yourself forget your iPad password, do you think Apple should be required to unlock the iPad for you? If you use full disk encryption and forget your password, Apple is actually not capable of unlocking it. If you use a secure passcode on your iPad, Apple is actually not capable of breaking that either (they can break a four digit passcode, but only if the iPad is taken to Cupertino). As far as purchased software is concerned, I'd be quite sure that it passes on to my heirs, because there is no sale involved. They just take over my role as legitimate owner.
If Apple can't plan for a common contingency like this in their security model, then they shouldn't choose to be in control of other people's property.
They aren't in control. The user is in control. It's an anti-theft protection that the user has to turn on themselves. Once they do that, they mustn't forget the password. Or leave it in a will. Like if you don't write the number of your secret Swiss bank account.
If the vendor then chose to deny me access and insist I get a court order, I'd be unhappy, angry and deeply disappointed. And I very certainly would never use that vendor again, and I'd warn everybody I could to stay away from that vendor.
So your mum or dad went to the storage facility. They were worried that someone could break in and steal their stuff, or that someone could trick the storage facility into handing over their stuff. The storage facility offered this security feature: They took a photo of mum and dad, gave them a key, and promised that 100% nobody would get the things except if they match one of the photos and have the key.