Comment by natch

10 hours ago

From Apple's document on Advanced Data Protection:

>With Advanced Data Protection enabled, Apple doesn't have the encryption keys needed to help you recover your end-to-end encrypted data.

Apple doesn't have the keys. Somebody else might. Somebody other than you. Also, I think they meant to say decryption keys, although they're probably just dumbing down terminology for the masses.

>If you ever lose access to your account, you’ll need to use one of your account recovery methods

"You'll need to use." Not "there is no way except to use."

>Note: Your account recovery methods are never shared with or known to Apple.

"shared with or known to Apple." Not "shared with or known to anyone else."

The encryption is there, I believe that. I just don't know how many copies of the keys there are. If the only key is with me, it would be super easy for Apple to just say that. I believe that they have said that in the past, but the wording has now changed to this hyper-specific "Apple does not have the key" stuff.

4 comments

natch

musicale 3 hours ago

As you suggest, the wording should be clarified to say that the key is never copied, is only stored on your device, is not accessible to others, etc.

systoll 1 hour ago

It does say
> It’s protected with the new key which is controlled solely by the user’s trusted devices
I think main thing they’re avoiding is an explicit guarantee that the key cannot be retrieved from your phone by a third party.
natch 2 hours ago

Maybe they are unable to make that clarification, if it would be false.