If you have advanced data protection enabled, Apple claims: “No one else can access your end-to-end encrypted data — not even Apple — and this data remains secure even in the case of a data breach in the cloud.”

https://support.apple.com/en-us/102651

>Please read this section of Apple's own document

Don't know if the problem is on my end but your link goes to a 20 page document. If this is not a mistake you should quote the actual section and text you are referrimg to.

> For users that have enabled Advanced Data Protection, iCloud stores content for email, contacts, and calendars that the customer has elected to maintain in the account while the customer’s account remains active. This data may be provided, as it exists in the customer’s account, in response to a search warrant issued upon a showing of probable cause, or customer consent.

> Apple does not receive or retain encryption keys for customer’s end-to-end encrypted data. Advanced Data Protection uses end-to-end encryption, and Apple cannot decrypt certain iCloud content, including Photos, iCloud Drive, Backup, Notes, and Safari Bookmarks

Yeah, the problem is whether they already bent over for Trump admin or not yet.

Yes, I know this sounds conspiratorial, but I think the whole Liquid Ass thing was a rush to put some other software in Apple products to appease the Trump admin.

For example, it is new in Tahoe that they store your filevault encryption key in your icloud keychain without telling you.

https://sixcolors.com/post/2025/09/filevault-on-macos-tahoe-...

Which is a very good thing.

iCloud is much more secure than most people realize because most people don’t take the 30 minutes to learn how it is architected.

You can (and should) watch https://www.youtube.com/watch?v=BLGFriOKz6U&t=1993s for all the details about how iCloud is protected, but especially the time-linked section. :)

I dont need to know anything about icloud to know this repy doesnt answer the "they didnt tell anyone" part which naturally makes me suspicious.

But iCloud Keychain is end-to-end encrypted using device-specific keys, so Apple cannot read items in your iCloud Keychain (modulo adding their own key as a device key, rolling out a backdoor, etc. but that applies to all proprietary software).

How is the data recovered if device is lost?

If you lose access to all devices in the circle of trust, the data is lost. If you're curious: https://support.apple.com/guide/security/secure-keychain-syn...

That doesn't sound very promising for someone who may have only one phone from Apple or just laptop.

My conspiration theory about Liquid Ass is their hardware for past 5 years was so good that they needed to make people finally upgrade it. My Air M1 16GB worked absolutely fine until it slowed down immensely on macOS 26.

Last time I onboarded a Mac (a few months ago), it would very explicitly ask if you want to enable support for remote FileVault unlocking.

That said, they could also roll out a small patch to a specific device to extract the keys. When you really want to be safe (and since you can be a called a 'left extremist' for moving your car out of the way, that now includes a lot of people), probably use Linux with LUKS.

Any American company will hand over data stored on their server (that they have access to) in response to a warrant.

Apple provides an optional encryption level (ADP) where they don't have a copy of your encryption key.

When Apple doesn't have the encryption key, they can't decrypt your data, so they can't provide a copy of the decrypted data in response to a warrant.

They explain the trade off during device setup: If Apple doesn't have a copy of the key, they can't help you if you should lose your copy of the key.

Any company in any country will hand over data in response to a warrant. There is no country with a higher standard of protection than a warrant.

Sure, but every company doesn't make it as difficult as possible to set up a new encrypted computer without uploading a copy of your your encryption key to their servers.

That's a Microsoft thing.

iCloud login is still optional on macOS. Can't download stuff from the App Store and I think some continuity things require iCloud, but otherwise pretty solid.

Except you’re not coerced (near enough forced?) to use an account password managed by MS on Apple. Until MS themselves publish, for home users, how to set up without an MS account, I’m considering it forced.