Comment by SubmindAlpha66
16 days ago
In fairness, the link is specifically for "Advanced Dat Protection for iCloud". This has nothing to do with local whole-disk encryption like FileVault or BitLocker.
In Apple's case, even when the user enables iCloud FileVault key backup, that key is still end-to-end encrypted and Apple cannot access it. As a matter of fact, while Apple regularly receives legal warrants for access, they are ineffective because Apple has no way to fulfill that request/requirement.
Microsoft has chosen to store the BitLocker key backups in a manner that maintains their (Microsoft's) access. But, this is a choice Microsoft has made its not an intrinsic requirement of a key escrow system. And in the end, it enables law enforcement to compel them to turn over these keys when a judge issues a warrant.
> This has nothing to do with local whole-disk encryption like FileVault or BitLocker.
Wrong. When you set up a Mac laptop, it gives you the option to escrow keys. ADP disables that and ADP also prevents key escrow for iDevice backups.
This is changed in Tahoe, but that's a really important callout that you need to make (and that you aren't making)
> In Apple's case, even when the user enables iCloud FileVault key backup, that key is still end-to-end encrypted and Apple cannot access it.
This is not true for older but relevant versions of macos. It was changed in Tahoe.
With ADP enabled (which the vast majority of users do not have), this is completely incorrect. This is still factually wrong, and dangerously misleading.