If you have advanced data protection enabled, Apple claims:
“No one else can access your end-to-end encrypted data — not even Apple — and this data remains secure even in the case of a data breach in the cloud.”
> For users that have enabled Advanced Data Protection, iCloud stores content for email, contacts, and calendars that the customer has elected to maintain in the account while the customer’s account remains active. This data may be provided, as it exists in the customer’s account, in response to a search warrant issued upon a showing of probable cause, or customer consent.
> Apple does not receive or retain encryption keys for customer’s end-to-end encrypted data. Advanced Data Protection uses end-to-end encryption, and Apple cannot decrypt certain iCloud content, including Photos, iCloud Drive, Backup, Notes, and Safari Bookmarks
Don't know if the problem is on my end but your link goes to a 20 page document. If this is not a mistake you should quote the actual section and text you are referrimg to.
>>Do you think Tim Cook gave that gold bar to Trump for nothing?
Not in US - THANKS for this hint: I googled it! Wow!!! The both do bribery (offering&accepting) in front of the recording camera in a government building!!
Yes, I know this sounds conspiratorial, but I think the whole Liquid Ass thing was a rush to put some other software in Apple products to appease the Trump admin.
For example, it is new in Tahoe that they store your filevault encryption key in your icloud keychain without telling you.
Last time I onboarded a Mac (a few months ago), it would very explicitly ask if you want to enable support for remote FileVault unlocking.
That said, they could also roll out a small patch to a specific device to extract the keys. When you really want to be safe (and since you can be a called a 'left extremist' for moving your car out of the way, that now includes a lot of people), probably use Linux with LUKS.
Sure, but every company doesn't make it as difficult as possible to set up a new encrypted computer without uploading a copy of your your encryption key to their servers.
Except you’re not coerced (near enough forced?) to use an account password managed by MS on Apple. Until MS themselves publish, for home users, how to set up without an MS account, I’m considering it forced.
iCloud login is still optional on macOS. Can't download stuff from the App Store and I think some continuity things require iCloud, but otherwise pretty solid.
If you have advanced data protection enabled, Apple claims: “No one else can access your end-to-end encrypted data — not even Apple — and this data remains secure even in the case of a data breach in the cloud.”
https://support.apple.com/en-us/102651
Please read this section of Apple's own document before you talk about their "advanced data protection".
The following information may be available from iCloud if a user has enabled Advanced Data Protection for iCloud:
https://www.apple.com/legal/privacy/law-enforcement-guidelin...
Do you think Tim Cook gave that gold bar to Trump for nothing?
> For users that have enabled Advanced Data Protection, iCloud stores content for email, contacts, and calendars that the customer has elected to maintain in the account while the customer’s account remains active. This data may be provided, as it exists in the customer’s account, in response to a search warrant issued upon a showing of probable cause, or customer consent.
> Apple does not receive or retain encryption keys for customer’s end-to-end encrypted data. Advanced Data Protection uses end-to-end encryption, and Apple cannot decrypt certain iCloud content, including Photos, iCloud Drive, Backup, Notes, and Safari Bookmarks
>Please read this section of Apple's own document
Don't know if the problem is on my end but your link goes to a 20 page document. If this is not a mistake you should quote the actual section and text you are referrimg to.
>>Do you think Tim Cook gave that gold bar to Trump for nothing?
Not in US - THANKS for this hint: I googled it! Wow!!! The both do bribery (offering&accepting) in front of the recording camera in a government building!!
Relly "impressive" :-X
Yeah, the problem is whether they already bent over for Trump admin or not yet.
Yes, I know this sounds conspiratorial, but I think the whole Liquid Ass thing was a rush to put some other software in Apple products to appease the Trump admin.
For example, it is new in Tahoe that they store your filevault encryption key in your icloud keychain without telling you.
https://sixcolors.com/post/2025/09/filevault-on-macos-tahoe-...
6 replies →
Last time I onboarded a Mac (a few months ago), it would very explicitly ask if you want to enable support for remote FileVault unlocking.
That said, they could also roll out a small patch to a specific device to extract the keys. When you really want to be safe (and since you can be a called a 'left extremist' for moving your car out of the way, that now includes a lot of people), probably use Linux with LUKS.
Any American company will hand over data stored on their server (that they have access to) in response to a warrant.
Apple provides an optional encryption level (ADP) where they don't have a copy of your encryption key.
When Apple doesn't have the encryption key, they can't decrypt your data, so they can't provide a copy of the decrypted data in response to a warrant.
They explain the trade off during device setup: If Apple doesn't have a copy of the key, they can't help you if you should lose your copy of the key.
Any company in any country will hand over data in response to a warrant. There is no country with a higher standard of protection than a warrant.
Sure, but every company doesn't make it as difficult as possible to set up a new encrypted computer without uploading a copy of your your encryption key to their servers.
That's a Microsoft thing.
Except you’re not coerced (near enough forced?) to use an account password managed by MS on Apple. Until MS themselves publish, for home users, how to set up without an MS account, I’m considering it forced.
iCloud login is still optional on macOS. Can't download stuff from the App Store and I think some continuity things require iCloud, but otherwise pretty solid.