Comment by tokyobreakfast
1 day ago
This is almost certainly users who elect to store their BitLocker keys in OneDrive.
Don't think Apple wouldn't do the same.
If you don't want other people to have access to your keys, don't give your keys to other people.
In Apple's case, starting with macOS Tahoe, Filevault saves your recovery key to your iCloud Keychain [0]. iCloud Keychain is end-to-end encrypted, and so Apple doesn't have access to the key.
As a US company, it's certainly true that given a court order Apple would have to provide these keys to law enforcement. That's why getting the architecture right is so important. Also check out iCloud Advanced Data Protection for similar protections over the rest of your iCloud data.
[0] https://sixcolors.com/post/2025/09/filevault-on-macos-tahoe-...
You shouldn't include Apple in this.
As of macOS Tahoe, the FileVault key you (optionally) escrow with Apple is stored in the iCloud Keychain, which is cryptographically secured by HSM-backed, rate-limited protections.
You can (and should) watch https://www.youtube.com/watch?v=BLGFriOKz6U&t=1993s for all the details about how iCloud is protected.
You can (and should) read Mr. Fart's Favorite Colors as a response, explaining how "perfect" security becomes the enemy of principled security: https://medium.com/@blakeross/mr-fart-s-favorite-colors-3177...
The security in iOS is not to designed make you safer, in the same way that cockpit security doesn't protect economy class from rogue pilots or business-class terrorists. Apple made this decision years ago, they're right there in Slide 5 of the Snowden PRISM disclosure. Today, Tim stands tall next to POTUS. Any preconceived principle that Apple might have once clung to is forfeit next to their financial reliance on American protectionism: https://www.cnbc.com/2025/09/05/trump-threatens-trade-probe-...
> Don't think Apple wouldn't do the same.
Of course Apple offers a similar feature. I know lots of people here are going to argue you should never share the key with a third party, but if Apple and Microsoft didn't offer key escrow they would be inundated with requests from ordinary users to unlock computers they have lost the key for. The average user does not understand the security model and is rarely going to store a recovery key at all, let alone safely.
> https://support.apple.com/en-om/guide/mac-help/mh35881/mac
Apple will escrow the key to allow decryption of the drive with your iCloud account if you want, much like Microsoft will optionally escrow your BitLocker drive encryption key with the equivalent Microsoft account feature. If I recall correctly it's the default option for FileVault on a new Mac too.
Apple's solution is iCloud Keychain which is E2E encrypted, so would not be revealed with a court order.
What is your proof they don't have a duplicate key that also unlocks it? A firm handshake from Tim?
18 replies →
> Apple's solution is iCloud Keychain which is E2E encrypted, so would not be revealed with a court order.
Nope. For this threat model, E2E is a complete joke when both E's are controlled by the third party. Apple could be compelled by the government to insert code in the client to upload your decrypted data to another endpoint they control, and you'd never know.
11 replies →
That's what I said. I admit the double-negative grammar is a bit confusing.
> Don't think Apple wouldn't do the same.
Except for that time they didn't.
https://www.apple.com/customer-letter/
It is the default setting on windows 11 to share your key with microsoft.
It's also the "default" in Windows 11 to require a recovery bitlocker key every time you do a minor modification to the "bios" like changing the boot order
I was going to say: "Well Apple historically is an easy target of Pegasus" but that can only be used a few times before Apple figures out the exploit and fixes it. Its more expensive than just asking the Apple.
But given PRISM, I'm sure Apple will just give it up.
Both Microsoft and Apple (I think Apple does) have the option to encrypt those keys with the user's password where they are storing them.
Just use open source encryption