62 comments

[ 2.2 ms ] story [ 58.3 ms ] thread
It's almost a rhetorical question, isn't it? Clearly, from both the original post, and this reporting, they are NOT safe to redeem.

In addition, it just re-emphasizes how tied we all are to these "digital lives". I used to do it without a blink, but now think twice before clicking "Login with Google/Apple".

Every time a read a story like this, I feel an atavistic desire to self-host eveything. But I've had my Google account for 20 years now; the die is cast.
Related: there is a known scam where someone will ask for payment by things like Ebay gift cards. To "prove you have the card", you are asked to read off just the last few digits of the card - which unbeknownst to the intended victim is actually all that is needed to redeem the card.

You can reliably reconstruct a SSN that is missing the first digits, if you know where the person lived when they filed for it, but that's not the same thing.

Why Ebay built this idiotic weakness into their cards is beyond me.

Gift cards: it's a steal, so just say no. I want to say if you get one from your sister-in-law give it back but now I'm afraid she'll face terrible consequences from cashing it out.

... note an update on this story: Paris got his account unblocked today, thanks to the story being covered here and throughout the blogosphere. It's a good outcome but not a path open to most people:

https://hey.paris/posts/appleid/

I'm glad that got resolved for Paris, but what the hell is a normal person supposed to do. Not every one has that kind of public reach to get a satisfactory resolution. First he had understand what happened technically, then he needed a public platform to tell people about it, then that writing needed to get reposted by others, than PR needed to get involved. Not something that's going to happen for a normal user.

Apple, Google, and the big players are not a trustworthy place to entrust precious data. Increasingly, Apple and Google aren't very much different as they are both in the advertisement business: the great misaligner of incentives.

Genuine question: if your Apple account is locked, and you're unable to create a new one, is your iPhone still usable?
This fiasco stirs up a lot of different topics for me, none of which seem like they are likely to be resolved anytime soon.

First, with so much importance placed on an Apple/iCloud account in our current era it's not good that they can be shutdown so trivially. Someone can be shut out from using Messages, Apple Wallet, Digital Identification (depending on where they live) and all their subscriptions and media purchases without any recourse, in an instant. It's not hard to imagine someone being put into a pretty bad situation as a result of this with just a little bad luck and bad timing. It's easy to point out that you shouldn't be overly reliant on these technologies but I think it's more important that there be ways to safe guard people from this scenario. Apple should do more to handle these scenarios given the importance of an account now.

Second, there are other recent events that point out the failure modes and gaps that Apple (and Google?) need to address. There apparently is no way to cleanly divide purchases in a Divorce or separation, even if the person was fleeing an abusive situation. There's also no way to leave a "family" account even as an adult or how to assign children to multiple families. Again we can trot out the easy "Just don't use these things, use FOSS, Nextcloud, etc..." but I think Apple should do more to address these types of scenarios regardless of what people choose to use.

Apple have a solution. Have separate accounts and buy everything twice.
If CloudFlare can do public post-mortems then so can Apple.
> Update 18 December 2025: We’re back! A lovely man from Singapore, working for Apple Executive Relations, who has been calling me every so often for a couple of days, has let me know it’s all fixed. It looks like the gift card I tried to redeem, which did not work for me, and did not credit my account, was already redeemed in some way (sounds like classic gift card tampering), and my account was caught by that. Obviously it’s unacceptable that this can happen, and I’m still trying to get more information out of him, but at least things are now mostly working.

It’s great that it has been resolved, but I’m still baffled by a number of things:

1) Why would redeeming a bad gift card result in a complete shut-down of the account? 2) Why is it seemingly impossible to get any support now unless you drum up a ton of press? 3) Should companies be restricted from growing too large where they can’t support their customers?

In my personal and professional experience, banks are the only companies that seem to actually know how to handle these issues appropriately when it comes to fraud or access. Rather than move to outright banning the account, there are intermediate steps that can be taken. Personal example, my Facebook account was recently banned because a hacker accessed my account uploaded a bad ID when FB requested an ID verification. Despite the request coming from a country I have never visited and would likely be on any high-risk list, my 20 year old account was banned literally overnight without having any recourse. There’s no number or even any email to use. Maybe I can see if the Register will write it up… (I do have all the info from my Facebook account download to show how it was compromised, and any internal support should have been able to see the same… if they cared.)

4. Why locking account bricks any device? It should work without registering anywhere.
The real problem is that companies do not offer any accessible, powerful, and intelligent customer support. Even if they have real humans to talk to, they simply follow a script. Those agents do not have the ability to investigate a situation or the power to use their discretion to take meaningful action.

We should impose, by law, the following rules on all companies that offer accounts to their customers.

1. If they block/ban/close/suspend a customer account they must provide habeas corpus. Explain to the customer the policies that were violated that resulted in their account being terminated. Additionally they should be required to show the customer the evidence that led the company to make the decision.

2. They company must provide an accessible live human appeals process. The human they appeal to must have the discretionary power to investigate and make a common sense decision even if it contradicts policy. This process currently only exists for people who are capable of making a lot of noise in public. How many people lose their accounts and suffer harm because they are incapable of getting attention in public? It needs to be available to all customers with a simple phone call or email. It must also be required to make a decision very quickly, 24 or 48 hours at most.

3. In the rare case that the company still makes an unjust decision, there must be a quick and accessible legal remedy. Establish some kind of small claims court where it is cheap and easy to file without a lawyer, and where cases can be heard and decided on short notice.

I experienced something similar recently. There’s something going on with gift cards at Apple. It’s a bit fishy. As in they don’t want you to use it so they can report higher holiday season sales. Or they’re experiencing a huge uptick in scams involving the cards. I started wondering if the system they use is actually secure from a cryptographical pov.

My lessons were:

1) if you’re going to accrue gift cards for hardware purchases, use a separate Apple ID. Do not use that ID for anything else and especially not as family organizer.

2) save paper trails for all your gift cards. That’s your only way out of this.

3) be prepared to be treated like a scammer by Apple Support. They will even question where you got the devices you traded in at the store. Some support staff will basically say you stole them without any evidence.

Recent customer service experiences:

- HN banned me for being a robot! (I'm not)

dang unblocked me 1 hour 4 minutes after an email (thanks dang!)

- A Marriott hotel clerk booked me a duplicate room instead of using my third party paid reservation

After 45 minutes on the phone on hold and arguing with robots, I got a person who hung up on me in the middle of investigating the issue, I issued a credit card chargeback because I wasn't going through that again

- Comcast billed me $200+ weeks after I closed my account

After 30 minutes going around and circles with their AI phone operator who kept directing me to the broken online portal which said nothing I gave up and issued a credit card chargeback, I'm presently ignoring the advances of a debt collector

- A Kraken withdrawl of $16k worth of BTC has been "On Hold" for 28 days now

Their email support stopped responding 15 days ago. I have filed complaints with the CFTC and my attorney general.

- My Corporate Amex was flagged for fraud (which is fine) I was on the phone for an hour and a half with customer service who could not figure out how to unblock the card, they wouldn't admit to me out loud but it was pretty obvious their fraud systems were down in the middle of the night and the phone people could do nothing

I hung up on them and paid for my corporate travel with my own card which of course caused stupid headaches later. I hate AmEx now.

---

The best customer service? A free online forum that I can't possibly ever give any money.

I've been using all of my macs for years now without Apple IDs. I use them only reluctantly on iOS devices to install apps, and don't use iCloud (it's a privacy nightmare).

Relying on Apple to remain benevolent when the incentives are so misaligned is a fool's errand.

So it still took four days after they were contacted by "someone from Executive Relations"? Well, that's disappointing.
I don’t want to minimize the pain people experience here, but it’s worth calling out just how hard this problem is for retailers and issuers.

Gift cards are the #1 fraud vector in payments ... because it lets stolen cards be converted into a cash-like equivalent with zero traceability.

So fraud/risk system are highly sensitive to gift cards.

It's not an excuse, but I see in this thread people minimizing the problem at hand - so I just wanted to call that out.

Why not just ban the user from using gift cards then, instead of banning their entire account between 30 different products under the same company umbrella?

They don’t need to fix insecurity of gift cards, they just need better access controls. Yet they have no incentive right now to tackle that.

> > There is one way the Apple community could exert some leverage over Apple. Since innocently redeeming a compromised Apple Gift Card can have serious negative consequences, we should all avoid buying Apple Gift Cards and spread the word as widely as possible that they could essentially be malware.

It's December holidays time, but I assume that most Apple gift cards that would be purchased for the holidays already have been, so...

Maybe people should also be urged to demand to return any Apple gift cards already bought. Arm people with a copy of the news story. If retailers resist, then regulators can get involved.

The vast majority of people have no problem using them or else we'd be reading more posts similar to that one
The lack of "real, comment sense human support" from giant tech corporations is terrifying - and something that only regulation can fix. These tech companies have increasingly taken over our lives - getting locked out of a 20-year-old Google or Apple account could legitimately ruin your life - or at the very least - make it incredibly difficult for 6-12 months as you work to recover every account linked to it and migrate to something else.

One problem is that even if you can reach a real human - they have to follow a script and have strict limits on the problem solving they can do. If something falls outside of the normal support algorithm they are stuck.

What do you do if you're an average Joe without a popular tech blog and connections to the Apple community? How many people has this happened to that have just given up entirely?

Scary, scary world.

Would checking the Apple gift card balance first be a useful precaution? Would it have saved Paris all this hassle?

Seems like this might be a necessary step if checking the balance would reveal there's something wrong with the card. Would be frustrating to see the $500 card is worthless but better than risking the bureaucratic hell.

I feel like all these articles are writing about the wrong thing. Yeah, it sucks that the guy's account got banned, and yeah, maybe we can't trust gift cards.

But the truly troublesome issue is how an entire ecosystem of (very expensive) hardware is allowed to be tied to an identity controlled by a giant black box of a corporation.

What I mean is: you can spend thousands and thousands on devices and configure them to be almost invaluable to your everyday life, but you are ultimately completely beholden to Apple. You require their ongoing permission to continue using those devices. You are completely at their mercy.

And sure, you can argue that people willingly sign up for that kind of agreement when they make the decision to purchase Apple/Google products but that's also missing the point. Phones are now essential utilities. Accessing vital services sometimes requires an iOS or Android device.

Permitting giant, uncontactable, merciless tech corporations to control the digital lives of virtually everyone on the planet is absolute insanity.

The scenario described in the OP's article should simply never be allowed to happen.

As the age old saying goes: do not redeem it!
Best example I've yet seen of Betteridge's law.
regardless of the resolution of Paris' case, at this point I doubt sincerely I will ever willingly purchase an Apple gift card. To be frank, most gift cards are persona non grata for myself and ~all discerning consumers I know