Because of an incident happened a few days ago, I'll have to bring my MacBook Pro to an Apple Store to get it repaired.
Problem:
Even though automatic logins are disabled, and to access the computer it is necessary to type username password, the hard drive is not encrypted with file vault. The computer does not switch on, so I can't do anything to enable it now.
Of course, this means that connecting the hard drive to another computer will make its contents fully accessible. This is my fault for not enabling file vault, I know.
In any case, I am mentally assessing what kind of sensible data is present on the drive.
I do not store logins and passwords in plain text files (I keep them encrypted with a specific application), but my default browser has cookies to automatically login into a number of services.
The Apple Mail app, also, has automatic access to my email accounts, although I believe that those login details are stored in OS X Keychain, which should be protected by the user's password.
Question
Does anyone know to what extent my data is exposed? What I should mostly worry about? What would be available to an attacker?
Also, does anyone have information about the policies of Apple support with the data on mac computers?
Best Answer
Your data is fully exposed, unless you have specifically encrypted files using a passphrase not stored on your hard drive.
Passwords and Secure Notes stored in the Keychain are encrypted on disk. If you have configured your Mac to require a password on boot, this password is usually also used as your Keychain Password. If this password is sufficiently hard to guess, your Keychain data should be safe.
As you note, your browser's session cookies (those that are are still valid) could potentially be exploited.
You can read Apples official document on keeping your data secure during hardware repair here:
http://support.apple.com/kb/ht3294
Regarding Apple's policy - you can read their Service Terms here:
http://images.apple.com/legal/sales-support/terms/repair/generalservice/Service_Terms_English.pdf
Apple writes that they are not responsible for loss, recovery, or compromise of your data.
That being said, I'm pretty sure that Apple's guidelines for their service technicians make it clear that they are not allowed to, for example, copy of all your images on to a USB pendrive and bring that home with them after work. Depending on your location that would most probably also be illegal. That doesn't mean it can't happen though.