← Back to context

Comment by giobox

1 day ago

> Don't think Apple wouldn't do the same.

Of course Apple offers a similar feature. I know lots of people here are going to argue you should never share the key with a third party, but if Apple and Microsoft didn't offer key escrow they would be inundated with requests from ordinary users to unlock computers they have lost the key for. The average user does not understand the security model and is rarely going to store a recovery key at all, let alone safely.

> https://support.apple.com/en-om/guide/mac-help/mh35881/mac

Apple will escrow the key to allow decryption of the drive with your iCloud account if you want, much like Microsoft will optionally escrow your BitLocker drive encryption key with the equivalent Microsoft account feature. If I recall correctly it's the default option for FileVault on a new Mac too.

34 comments

giobox

Reply
ezfe  1 day ago

Apple's solution is iCloud Keychain which is E2E encrypted, so would not be revealed with a court order.

  • tokyobreakfast  1 day ago

    What is your proof they don't have a duplicate key that also unlocks it? A firm handshake from Tim?

    • otterley  1 day ago

      If they say they don't, and they do, then that's fraud, and they could be held liable for any damages that result. And, if word got out that they were defrauding customers, that would result in serious reputational damage to Apple (who uses their security practices as an industry differentiator) and possibly a significant customer shift away from them. They don't want that.

      15 replies →

  • jcalvinowens  1 day ago

    > Apple's solution is iCloud Keychain which is E2E encrypted, so would not be revealed with a court order.

    Nope. For this threat model, E2E is a complete joke when both E's are controlled by the third party. Apple could be compelled by the government to insert code in the client to upload your decrypted data to another endpoint they control, and you'd never know.