Comment by parl_match

> This has nothing to do with local whole-disk encryption like FileVault or BitLocker.

Wrong. When you set up a Mac laptop, it gives you the option to escrow keys. ADP disables that and ADP also prevents key escrow for iDevice backups.

This is changed in Tahoe, but that's a really important callout that you need to make (and that you aren't making)

> In Apple's case, even when the user enables iCloud FileVault key backup, that key is still end-to-end encrypted and Apple cannot access it.

This is not true for older but relevant versions of macos. It was changed in Tahoe.

With ADP enabled (which the vast majority of users do not have), this is completely incorrect. This is still factually wrong, and dangerously misleading.