| ▲ | tokyobreakfast 3 hours ago |
| This is almost certainly users who elect to store their BitLocker keys in OneDrive. Don't think Apple wouldn't do the same. If you don't want other people to have access to your keys, don't give your keys to other people. |
|
| ▲ | piccirello 3 hours ago | parent | next [-] |
| In Apple's case, starting with macOS Tahoe, Filevault saves your recovery key to your iCloud Keychain [0]. iCloud Keychain is end-to-end encrypted, and so Apple doesn't have access to the key. As a US company, it's certainly true that given a court order Apple would have to provide these keys to law enforcement. That's why getting the architecture right is so important. Also check out iCloud Advanced Data Protection for similar protections over the rest of your iCloud data. [0] https://sixcolors.com/post/2025/09/filevault-on-macos-tahoe-... |
|
| ▲ | eddyg 3 hours ago | parent | prev | next [-] |
| You shouldn't include Apple in this. As of macOS Tahoe, the FileVault key you (optionally) escrow with Apple is stored in the iCloud Keychain, which is cryptographically secured by HSM-backed, rate-limited protections. You can (and should) watch https://www.youtube.com/watch?v=BLGFriOKz6U&t=1993s for all the details about how iCloud is protected. |
| |
| ▲ | bigyabai 31 minutes ago | parent [-] | | You can (and should) read Mr. Fart's Favorite Colors as a response, explaining how "perfect" security becomes the enemy of principled security: https://medium.com/@blakeross/mr-fart-s-favorite-colors-3177... Unbreakable phones are coming. We’ll have to decide who controls the cockpit: The captain? Or the cabin?
The security in iOS is not to designed make you safer, in the same way that cockpit security doesn't protect economy class from rogue pilots or business-class terrorists. Apple made this decision years ago, they're right there in Slide 5 of the Snowden PRISM disclosure. Today, Tim stands tall next to POTUS. Any preconceived principle that Apple might have once clung to is forfeit next to their financial reliance on American protectionism: https://www.cnbc.com/2025/09/05/trump-threatens-trade-probe-... |
|
|
| ▲ | giobox 3 hours ago | parent | prev | next [-] |
| > Don't think Apple wouldn't do the same. Of course Apple offers a similar feature. I know lots of people here are going to argue you should never share the key with a third party, but if Apple and Microsoft didn't offer key escrow they would be inundated with requests from ordinary users to unlock computers they have lost the key for. The average user does not understand the security model and is rarely going to store a recovery key at all, let alone safely. > https://support.apple.com/en-om/guide/mac-help/mh35881/mac Apple will escrow the key to allow decryption of the drive with your iCloud account if you want, much like Microsoft will optionally escrow your BitLocker drive encryption key with the equivalent Microsoft account feature. If I recall correctly it's the default option for FileVault on a new Mac too. |
| |
| ▲ | ezfe 3 hours ago | parent | next [-] | | Apple's solution is iCloud Keychain which is E2E encrypted, so would not be revealed with a court order. | | |
| ▲ | 3 hours ago | parent | next [-] | | [deleted] | |
| ▲ | tokyobreakfast 3 hours ago | parent | prev | next [-] | | What is your proof they don't have a duplicate key that also unlocks it? A firm handshake from Tim? | | |
| ▲ | eddyg 3 hours ago | parent | next [-] | | You should watch the whole BlackHat talk (from 2016!) from Apple's Head of Security Engineering and Architecture, but especially this part: https://www.youtube.com/watch?v=BLGFriOKz6U&t=1993s | |
| ▲ | otterley 3 hours ago | parent | prev [-] | | If they say they don't, and they do, then that's fraud, and they could be held liable for any damages that result. And, if word got out that they were defrauding customers, that would result in serious reputational damage to Apple (who uses their security practices as an industry differentiator) and possibly a significant customer shift away from them. They don't want that. | | |
| ▲ | direwolf20 2 hours ago | parent | next [-] | | The government would never prosecute a company for fraud where that fraud consists of cooperating with the government after promising to a suspected criminal that they wouldn't. | | |
| ▲ | otterley 2 hours ago | parent [-] | | That's not the scenario I was thinking of. There are other possibilities here, like providing a decryption key (even if by accident) to a criminal who's stolen a business's laptop, or if a business had made contractual promises to their customers, based on Apple's promises to them. The actions would be private (civil) ones, not criminal fraud prosecution. Besides, Apple's lawyers aren't stupid enough to forget to carve out a law-enforcement demand exception. |
| |
| ▲ | tokyobreakfast 3 hours ago | parent | prev [-] | | Absent the source code, it's incredibly difficult to disprove when the only proof you have is good vibes. | | |
| ▲ | otterley 2 hours ago | parent [-] | | There are many things you can't prove or disprove in this world. That's where trust and reputation comes in - to fill the uncertainty gap. | | |
|
|
| |
| ▲ | jcalvinowens 3 hours ago | parent | prev [-] | | > Apple's solution is iCloud Keychain which is E2E encrypted, so would not be revealed with a court order. Nope. For this threat model, E2E is a complete joke when both E's are controlled by the third party. Apple could be compelled by the government to insert code in the client to upload your decrypted data to another endpoint they control, and you'd never know. | | |
| ▲ | dcrazy 2 hours ago | parent | next [-] | | That was tested in the San Bernardino shooter case. Apple stood up and the FBI backed down. | | | |
| ▲ | ezfe an hour ago | parent | prev [-] | | Yeah and Microsoft could insert code to upload the bitlocker keys. What's your point? Even linux could do that if they were compelled to. | | |
| ▲ | jcalvinowens an hour ago | parent [-] | | > Even linux could do that if they were compelled to. An open source project absolutely cannot do that without your consent if you build your client from the source. That's my point. | | |
| ▲ | ezfe 25 minutes ago | parent [-] | | Wait I'm sorry do you build linux from source and review all code changes? | | |
| ▲ | jcalvinowens 13 minutes ago | parent [-] | | You missed the important part: > For this threat model We're talking about a hypothetical scenario where a state actor getting the information encrypted by the E2E encryption puts your life or freedom in danger. If that's you, yes, you absolutely shouldn't trust US corporations, and you should absolutely be auditing the source code. I seriously doubt that's you though, and it's certainly not me. The sub-title from the original forbes article (linked in the first paragraph of TFA): > But companies like Apple and Meta set up their systems so such a privacy violation isn’t possible. ...is completely utterly false. |
|
|
|
|
| |
| ▲ | tokyobreakfast 3 hours ago | parent | prev [-] | | That's what I said. I admit the double-negative grammar is a bit confusing. |
|
|
| ▲ | teejmya 3 hours ago | parent | prev | next [-] |
| > Don't think Apple wouldn't do the same. Except for that time they didn't. https://www.apple.com/customer-letter/ |
|
| ▲ | malfist 3 hours ago | parent | prev | next [-] |
| It is the default setting on windows 11 to share your key with microsoft. |
| |
| ▲ | raverbashing 3 hours ago | parent [-] | | It's also the "default" in Windows 11 to require a recovery bitlocker key every time you do a minor modification to the "bios" like changing the boot order |
|
|
| ▲ | parineum 3 hours ago | parent | prev | next [-] |
| Both Microsoft and Apple (I think Apple does) have the option to encrypt those keys with the user's password where they are storing them. |
|
| ▲ | paulpauper 3 hours ago | parent | prev [-] |
| Just use open source encryption |
