So this crazy thing happened recently with an old Mac I sold on Craigslist a few years ago. I noticed it was still showing up in my Find My iPhone app. Well, at first I didn’t realize it was that particular Mac. I just happened to notice there was a computer I didn’t recognize in Find My iPhone called “Michael’s iMac”.
I clicked in and saw a computer that wasn’t mine showing up on a map about 100 miles north of my house.
I vaguely remembered selling an iMac on Craigslist 3 years ago, and figured that was this one. Then I realized that meant for over 3 years, I had access to this person’s exact location . That’s insane to me.
How the hell did that happen?
I did a hard erase of the computer and reinstalled OS X factory fresh. The mistake I made was that before erasing the computer, I didn’t sign out of iCloud / Find My Mac . I figured erasing the computer would do that. It didn’t.
For whatever reason, this person didn’t need to sign into iCloud. So this meant that Apple still associated the computer hardware with my iCloud account. The computer wasn’t logged into my iCloud account, but was still associated with my account, so I still could track the computer’s location in real time.
The buyer won’t see or have access to any private iCloud data; the hardware is just associated with it. But the seller can’t disassociate it without the buyer’s help (and I didn’t have any way to contact them), so it’s a pain.
No, logging all devices out of iCloud doesn’t work. And no, this has nothing to do with if the computer is in your Support Profile .
The only options I had were Play Sound, Lock, and Erase.
The biggest privacy issue is for the buyer. If they don’t turn on Find My Mac with their own iCloud account, they leave a lot of power in the previous owner’s hands.
At any time in the past 3 years I could have tracked this computer’s exact location. Not a huge deal with an iMac, but if this was a laptop, I’d basically know where this person was at all times. Terrifying.
With two clicks, at any point, I could shut down this user’s computer and completely wipe it clean. They couldn’t stop it and would have no control. They’d lose everything.
This is what I ended up doing. It was the only way I could get in touch with the owner. So I remotely locked the computer and in the lock message, put my phone number.
The new owner texted and we got it resolved. As mentioned, it wasn’t that they were still logged into my iCloud account, it was that they never signed into their own iCloud account.
When Michael finally logged into his own iCloud account and turned on Find My Mac, the computer was nice enough to tell him my full name.
Not a huge deal, but for people who want to remain anonymous when selling a computer, this sucks.
Overall, this seems like a massive privacy / security flaw. Maybe Apple has patched this in a more recent OS X update. Again, I sold this computer 3 years ago. But just in case, if you sell a computer, turn off Find My Mac BEFORE wiping it. And if you buy a computer, immediately sign into iCloud so there’s no chance the seller can track you.