Another reason to hate #Apple We're seeing more 2018+ MacBook Pro/Air donations — but Apple's T2 chip means even after iCloud sign-out and reset, the firmware stays locked to the original account.

@nicolas17 @yama @codemonkeymike @paulywill this, most modern machines use NVRAM for variable store. You can't reset it by just yoinking the power.

Not sure how it's done on T2-based x86 (assuming T2 acts as ROT), x86 itself isn't fused so firmware isn't tamper-protected but it could be done by T2 (from what I remember, T2 emulates SPI to the x86 host and actual x86 UEFI lives in dedicated portion of an "SSD".

T2 should be vulnerable to checkra1n though, so it should be possible to fool the ROT and at least modify NVRAM variables to change security policy but it would require some research.

@josephcox I thought it was obvious? Anyone who ever looked at iOS or Android logs knows that every single notification you ever received is stored in the logs, and are transferred to new devices if you use migration assistant or encrypted backup.

It's a valid and big attack vector, that's why I personally have notifications enabled to just tell me which app it is and why i'm getting a notification, no other context. Especially since push notifications are handled by Google/Apple's servers so if you can MITM it, you can collect a lot of sensitive data.