Comment by dogma1138
1 month ago
The main threat model here is a stolen/lost device or an unscrupulous repair shop not a government agency with a warrant.
You also do not have to backup keys in the cloud, however for most users it’s the best solution since for them data recovery in case of a hardware failure is more important than resiliency against state level adversaries.
I am an Apple ecosystem lifetime participant. I have recovery and legacy contacts. What I would love is for those contacts to have the encryption key(s) for my data shared with them so they can provide me with recovery options if needed, but Apple cannot.
Certainly, nation state actors could pursue those people to obtain access to key material, but that is a different hill to climb than simply sending requests to Apple, especially for contacts outside of the jurisdiction or nation state reach. Perhaps Shamir's secret sharing would be a component of such an option (you need X out of Y trusted contacts to recover, 2 out of 3 for easy mode, 3 out of 5 for hard mode).