Is there a way of finding out what has been accessed on my MacBook Pro whilst in the possession of an apple authorised service centre?

The only way to have protected yourself completely would have been to enable File Vault -- dicey in Snow Leopard at best, move all your sensitive data to a password protected disk image, or zero out the drive, after making sure you have a bootable clone in good working order on an external drive.

The latter, zeroing the drive, is what I would have done. When you got it back, you would simply have restored the empty drive to the clone.

Basically, if you gave them the Admin password anything that was done and logged could be un-logged.

If they were a bit dumb but thought they were clever and used Terminal to copy your files (always possible, as techies love to do things in Terminal just because they can... 😉 ), you might be able to see what they did so long as they didn't clear the .bash_history file.

You can check that by opening Terminal.app and simply pressing the up arrow key. Keep pressing it and it will take you through the history of commands that are in the bash.history file. If you want to see all those commands at once just paste this into Terminal

cat < .bash_history

and press 'return'.

Look for anything that begins with 'cp' (copy), for example!

Of course, if they did use Terminal and they were smart, they would have deleted or edited the .bash_history file anyway, so if you find nothing in there it doesn't mean they didn't do anything.

If they weren't dumb and trying to be clever and just went and copied stuff straight through Finder like any normal person would, there is no log for UI actions that will show you that, I'm afraid.

You could also open Terminal and enter "last" no quotation marks.

I am paranoid that some untrusted technician is going to make a copy of my music (11,000 tracks) or share some of my personal information (scanned copies of my birth certificate, passport, certificates, photos, etc.) on the web.

If you put your info into the computer and hand it to another, you have to assume they will copy everything.

Why are you putting scanned copies of valuable identity information into a computer than can be hacked, stolen, lost or compromised by a dirty tech?

Have you lost your mind?

Is there a way of finding out what activity has taken place whilst they've had it in their possession?

No. The tech would just deny it if he did, or tell the truth which the answer would be "NO" in either case.

The employer won't ask that sort of questions without solid proof, less they make a enemy of the employee and/or risk being sued for defamation of character.

It's not like they bother to have a team of people watching over his shoulder that he doesn't stick a USB thumb drive of your data into his pocket to take home.

I am paranoid that some untrusted technician is going to make a copy of my music (11,000 tracks)

If it's iTunes music, it has your personal ID embedded into the song files. Most IT techs know this though.

I appreciate any advice you guys can offer.

Too late now, all you can do is not worry about it.

Take your personal info out of the machine and if you need it, burn cd/dvd copies, a few USB thumb drives, Iron Keys or self encrypting external storage drives with key and/or keypad.

WZZZ wrote:

The only way to have protected yourself completely would have been to enable File Vault

Filevault is cracked, also the password has to be given up to fix the machine so that renders Filevault useless.

Only way is to keep valuable data off the computer.

zero out the drive, after making sure you have a bootable clone in good working order on an external drive.

Having a bootable clone is always wise, however if there is a hardware problem the machine won't boot from the internal drive, thus a zero erase can't occur to ease the data.

Again Filevault is useless, the tech needs the password. So the only course of action is to remove the hard drive from the machine (provided it's a user serviceable part) and have Apple put in a new one when they fix it, or don't keep data on the machine that you don't want anyone to have or look at, because one has to assume they will.

I try not too when I fix people's machines, however sometimes I have to check something works, like PDF's in browsers, or that their photo's got imported etc., or they complain that this or that doesn't work.

I try to give a seamless experience, get hem right back to where they were before their problems, I tell them I can opt not to do this, but then they would have to fix those problems themselves if they don't want me looking at their nudie shots. 😝

Filevault is cracked

Can you elaborate? I'm finding that hard to swallow.

In case of sudden failure and no possibility of zeroing the drive, I keep all the really sensitive stuff in a password protected disk image. Obviously, that still leaves some personal stuff, like emails, photos, documents etc -- not the ideal, but I can live with that. It's 99.99 very boring that only a complete moron without a life would be interested in looking at.

softwater wrote:

Can you elaborate? I'm finding that hard to swallow.

Google is your friend.

Not good enough. I've seen hacking competitions where teams from expert labs say they've found a way to make a guess at the password under very artificial and highly specific conditions. That's not 'cracking Filevault'.

Unless you can refer to something more specific, I think you're a bit off-base there.

And not just one clone ... two.

seventy one wrote:

And not just one clone ... two.

Yep, at least two backups at all times.