After Mojave, did Apple start 'stealing' decryption keys?

[0286338]

This has been a bone of contention of mine for several years now. I will try to be brief, and I really do not want this to become a discussion about whether Apple can be "trusted" or not. I need an answer to this based on facts only. (Trust, but verify. I am trying to do the Verify part here.)

For years I have upgraded as late as possible, I am not inclined to jump on every shiny new thing, operating systems especially. I have used Macs for many years. I HAVE to use a Mac for my business stuff, and I do use it for personal stuff too, although I am inches away (after years of talking about it) to make the jump to Linux and finally feel like I actually own my machine (and data, perhaps) again.

I began encrypting my hard drives at least a few years back. I was on Mojave until this week, and now finding out it's no longer supported I decided I really must move to Catalina. But I have been here before, and what happens is the reason I have never installed it and still don't really want to.

For years I would power on my machine and be prompted with the 'Enter Disk Encryption Password' prompt. I would then type my long password, the disk unlocks, and THEN i get the user login screens. The two processes are SEPARATE. And that is precisely how I want to KEEP them. But it seems Apple doesn't want me to.

When you upgrade to Catalina, Apple INSISTS that you enter your decryption key for the internal drive, it does that AFTER i have already unlocked it and can see it is unlocked. So it doesn't need unlocking, the OS wants my key, plain and simple. That concerns me.

I have reasonable suspicions that this data is 'somehow' being stored by Apple. I do not want this. I don't care if some think it's 'safe' with Apple, it's just a point of principle for me. I want to be the ONLY PERSON on earth with knowledge of the key to unlock my drives/data. (I don't use iCloud in any way, as you may have guessed).

I know the usual explanations and what Apple say, and how they use cryptographic techniques (VEK and KEK or some other clever sounding stuff) to 'wrap layers' around the disk password. Well, I don't want any 'layers', my 'layer' is knowing it. I don't need nannying, I want my password to stay in my head and nowhere else. Catalina appears to make that impossible.

Apple makes user accounts able to unlock the disk. I do not want this. Is there a workaround? Or maybe I have already found one, I'd be grateful if someone could comment on this idea...

I cloned (CCC) my internal drive (running Mojave). I then fitted a new SSD in my imac, and cloned it back. I then upgraded to Catalina. During that process it then tries to link the user password to the disk password enabling user unlocks of the disk. But what if I were to clone again after upgrading Catalina (so let's say Apple now have some record of my disk unlock password) and then boot from that clone, format the internal again (APFS Encrypted with a brand NEW disk password), and clone the booted clone drive back to the internal. Would that prevent Catalina being able to let users unlock the disk?

Any comments or thoughts on the technicalities of this would be very much appreciated.

TLDR: I 'think' Apple could have ways (if they wanted to) to decipher my disk encryption key, since Catalina forces me to enter it to tie it with user logins. Can I avoid this possibility, whether it's a realistic concern or not?

PS I note every thread I have found online about this is usually from people saying "why is it asking for my disk password?". Obviously to those people it's an inconvenience, and without exception every single time, the advice is 'turn off FileVault then turn it back on'. To which they are happily sorted, no more disk password. But what just happened? Didn't they just expose their data to Apple and use Apple's proprietary little system for encrypting it all again WITH knowledge of that password?!

Phew. Thanks!

 

[barbu]

Why do you think they “have” your key? The first login is to unlock the boot loader. At that point, your system can then try to mount the encrypted disk. That’s why you get the prompt after the login.
I think you went a little paranoid on the whole thing. Apple can’t “decipher” your key.

 

[aj8690]

Why do you think they “have” your key? The first login is to unlock the boot loader. At that point, your system can then try to mount the encrypted disk. That’s why you get the prompt after the login.
I think you went a little paranoid on the whole thing. Apple can’t “decipher” your key.

More than a little...

 

[Runs For Fun]

I have reasonable suspicions that this data is 'somehow' being stored by Apple.

No one can really help you with such a vague statement. Anything specific that is making you think this? I think you’re being a bit over paranoid on this one.

 

[0286338]

No paranoia here. An irrational fear that Apple may want to store my decryption keys and any other data they can? That's not just 'not irrational', Apple openly explains that is what it aims to do, for my benefit 'of course'. Apple has stated many times that they want to 'help' users prevent data loss in the event they lose their passwords. The whole FBI v Apple thing, leading to Apple deciding not to E2E encrypt icloud backups, and so it goes on. I am NOT complaining about these decisions by Apple, just pointing out why it is not irrational for me to believe Apple would 'like' to store my passwords along with all other data they try daily to persuade me to upload my data to icloud. They are a business, they want grow, fair enough.

If I havent provided enough information to answer the question, that's my fault. But calling me paranoid is hardly an answer. I did ask some questions, but let's simplify it with a few below, maybe those who think I am paranoid can answer. As I said above, I WANT to believe my concerns are unfounded, but I do not automatically trust anyone, least of all a multi billion dollar company, so I need a bit more than blind faith.

1. Why does OSX no longer allow cloning to pre-encrypted drives? I just tried to clone my internal drive from a backup drive, with Catalina installed. Carbon Copy Cloner says its not possible to make a bootable clone. This was always possibly before Catalina. I did it regularly for years.

2. Why is FileVault the ONLY option for encrypting a drive now, when DiskUtility formatting as APFS Encrypted worked perfectly for many years?

3. Why does Apple INSIST (I have NO choice in the matter) that I GIVE the OS (if not Apple themselves) my drive encryption password?

Why do you think they “have” your key? The first login is to unlock the boot loader. At that point, your system can then try to mount the encrypted disk. That’s why you get the prompt after the login.
I think you went a little paranoid on the whole thing. Apple can’t “decipher” your key.

I dont know if they do, but I am concerned they might. Why? Because I am FORCED to enter it. When doing so reduces my security. And other reasons I can't go into here and now but examples of Apple working with government to hand over private iphone or icloud data without the user's knowledge. It happens, it really does. Ok, i only know of that happening to criminals, and I dont much care. but it tells me there is a DAMN good reason for Apple to do it, to comply with warrants, to earn money (they are a business, and govts pay well when asking for information they need), hell maybe to have power, it certainly went to Zuckerberg's head didn't it. I am not here to guess at such things, but I dont think its unreasonable to be at least slightly concerned about my disk password being at risk when I am FORCED to enter it AFTER the disk has been unlocked, when Catalina is setting itself up, and when I have never needed to before.

"The first login is to unlock the boot loader. At that point, your system can then try to mount the encrypted disk. That’s why you get the prompt after the login." - I really didnt understand any of that, could you explain again please? The first 'login' is not a login as such, no username. Its a DISK UNLOCK process, so the drive can be mounted and read from. Once that's done the OS then loads the accounts and asks me to choose a user and enter its password to log into the user. I have had that for years and very happy with it. I dont want the user accounts on my machine to automatically unlock my disk. I am sure I am not alone in that desire but everyone gives in, and I may have to as well soon. But I wanted to ask the question in case anyone knows a way around this.

I just want what I have always had, and what is the MOST secure approach possible. A disk encryption key which is stored nowhere, neither online nor offline, and the same for my username and password. I am capable of remembering, and I want to have that responsibility. Why wont Apple let me? I believe it COULD be because, this way, they have forced a billion odd customers to hand over their disk encryption keys, and boy could that pack some power and capital whether commercially, politically, or otherwise. I do not know this the case, far from it, but am I dumb enough to believe its not possible? No chance. Big companies lie routinely and always will. I dont care to find out, I just want to find a way to prevent catalina getting my disk encryption password and letting users unlock the disk. In the days of Apple of old, that would neither be impossible, nor scoffed at as a request. How things change.

"Apple can’t “decipher” your key." - Really? Are you sure about that? I am not, and I know you cant be either. Its an opinion. It doesnt help me. I want to make sure they cant, not because I believe they can, but because I KNOW they can NOT if they dont have it and if my OS doesnt have it. I do not think I am going to get robbed in the street, but I still dont carry my cash in my top pocket on full view, why would I? Same goes for my disk key. I dont NEED it to be anywhere but my head, but my OS wants it. And it wants it so it can 'generate a Recovery Key'. Have you looked into what that actually means? It means my key can be deciphered, without the actual key itself. So Apple can't decipher my key huh? OK, its my OS doing it (some may say), and not Apple Cupertino. Fine, but have you seen the processes which run in Macs routinely, every minute? Have you looked into them all like photoanalysisd and a hundred others? They do things most of us would be surprised (some shocked) to learn. Could one of those send that recovery key to apple, tied to my machine serial number? Anyone who says that is 'impossible' is utterly ignorant, or lying. It is entirely 'possible'. Do I Think they are doing it? No, probably not, but they COULD. So again, why would/should I take that chance? And more to the point, maybe they COULD when ordered to by warrant or otherwise? Its so silly to guess at this stuff and its probably all moot anyway. The POINT is that I want to secure myself from everyone, INCLUDING APPLE, unlike most users who are understandably happy to trust apple but distrust everyone else.


Specifics were asked for, so here's a very specific question which should summarise where I am here....

4. Please could someone explain to me HOW it is more secure (rather than less, as I suggest) to have a disk encryption key AND a recovery key AND users/passwords which can all unlock my encrypted drive, versus ONE very long and very secure encryption password which lives in my head and nowhere else. Please, please, explain that one to me. I want maximum security, I thought Apple (and it's loyal followers) regularly boast about Apple's strong lean towards security for users. So you will hopefully agree with me, I should wish to have the most secure way to protect my drive, right? So kindly explain why Apple doesn't want me to have that security and wants me to REDUCE my security by handing the key to my OS (lets assume it doesnt get sent to Apple in the many hundreds of system processes which OSX phones home for a thousand times a minute). I am all ears. Pray tell. Security professionals particularly welcome! I have read such BS about these 'wrappers' around the disk key that I find it amazing people actually swallow it, but they do more than that, they parrot it about like it actually means anything. Its like convincing everyone that having one door key to your home in your pocket is somehow less secure than having that plus another copied and hidden under the flowerpot! Do we really need to start talking 'attack vectors' to understand how having 2+ ways to unlock my disk can NEVER be as secure as having only ONE way?!

 

[0286338]

P.S. I'd be grateful for someone with real knowledge of the technical ins and outs explaining to me how the key generation works and how it CAN be done without my security being reduced as a result (versus the old way of password to unlock disk, then login). Anyone with that level of knowledge would be very much appreciated chiming in here with specifics. I came to this forum because it seemed to have the best balance of actual knowledge combined with some degree of impartiality, i.e. without too much of the Apple fandom found on Apple forums (which itself is sometimes irrational as Apple can do no wrong in their eyes, and Apple have certainly done some wrongs, who hasn't?!)

I DO want to understand how I am wrong, IF I am. But being called paranoid won't suffice for me to come to that conclusion, as it's simply not the case, and honestly only serves to make me wonder if I am actually correct in my concerns. Anyone with any background in security knows full well that trusting blindly is bad 'opsec' and in many ways irrational in itself.

 

[chabig]

I think Apple can answer all of your questions.

Apple Platform Security

Learn how security is implemented in Apple hardware, software, apps, and services.

support.apple.com

 

[0286338]

Unfortunately Apple are as willing to even attempt answering them as you appear to be.

 

[Slartibart]

Take the time and have a read of at least some information in the link @chabig provided.

Many of your questions are answered there: wether it’s the documented security changes which prevent CC to clone an encrypted boot volume; the differences between FileVault, Data Protection, Data Vault; which functions serve passwords on a Mac with the Apple T2 Security Chip; how to prevent setting the initial password for the very first user on a Mac results in that user being granted a automatically secure token for FileVault; etc..

Related: your backup and additional settings e.g. iCloud recovery, firmware password, keychain, etc. impact on the whole process.
The link provided explains e.g. advanced options such as the ability to prompt for the firmware password at every boot, 2FA, … -
a general caveat applies here: the differences for Intel with/without T2 or AS hardware.

If after a nice and relaxed read - maybe of some additional info - you still feel¹ that Apple or whoever will be able to access your data - outside of what Apple discloses related to e.g. which data is stored on iCloud with encryption keys it possesses , you probably should migrate to a system which you qualify as secure.

¹but maybe the application of the Laplace principle is the better choice here?

 

[Fishrrman]

"paranoia strikes deep.
Into your life, it will creep..."

 

[0286338]

Take the time and have a read of at least some information in the link @chabig provided.

Many of your questions are answered there: wether it’s the documented security changes which prevent CC to clone an encrypted boot volume; the differences between FileVault, Data Protection, Data Vault; which functions serve passwords on a Mac with the Apple T2 Security Chip; how to prevent setting the initial password for the very first user on a Mac results in that user being granted a automatically secure token for FileVault; etc..

Related: your backup and additional settings e.g. iCloud recovery, firmware password, keychain, etc. impact on the whole process.
The link provided explains e.g. advanced options such as the ability to prompt for the firmware password at every boot, 2FA, … -
a general caveat applies here: the differences for Intel with/without T2 or AS hardware.

If after a nice and relaxed read - maybe of some additional info - you still feel¹ that Apple or whoever will be able to access your data - outside of what Apple discloses related to e.g. which data is stored on iCloud with encryption keys it possesses , you probably should migrate to a system which you qualify as secure.

¹but maybe the application of the Laplace principle is the better choice here?

Thanks for your reply.
I have read Apple's documentation more than a few times. Without wasting time finding my bookmarks ( on a NON bootable backup drive currently!!) I do not trust everything Apple says. They captured the attention (and money) of everyone with multi million pound marketing programs, sometimes with just one word on a 50 foot bill board in Time Square; "PRIVACY" alongside the Apple Logo. One look at the background processes running in Macs, or various past examples of Apple dishonesty (they are better than Google, Facebook etc, thats for sure, but they are far from perfect) gives me ample reason to seek 3rd party explanations, if I can. That's what this thread is for. I could as the Apple fanatics on Apple Forums, but I have that T Shirt already, nobody can CONSIDER Apple doing anything untoward, underhanded, or dishonest. That makes someone a very unreliable witness or source for information.

If I could move away from Apple completely, I would. It is not an option for my work unfortunately.

Maybe I could ask you a direct question, just for your opinion as you sound knowledgeable: Do you think there is any TECHNICALLY POSSIBLE WAY (ignoring ethics/trust issues) that Apple (Catalina onwards) COULD be gaining access to a means to unlock my disk, if say it were physically taken to them with a warrant?

 

[0286338]

"paranoia strikes deep.
Into your life, it will creep..."

Ha, fun. Useless to the conversation, insulting, but fun. Thanks.

PS Paranoia is an irrational fear. My concerns are not irrational. They may not be correct, hence the thread. But Apple has given more than ample reason to have a rational reason not to auto-believe everything they say and auto-trust everything they do.

Here's another glib soundbite for you... Trust. But Verify.

 

[Slartibart]

Maybe I could ask you a direct question, just for your opinion as you sound knowledgeable: Do you think there is any TECHNICALLY POSSIBLE WAY (ignoring ethics/trust issues) that Apple (Catalina onwards) COULD be gaining access to a means to unlock my disk, if say it were physically taken to them with a warrant?

A healthy “keep your data safe”-best practise implies apparently a lot more things - but if this here is restricted just to the system provided encryption using FileVault 2 with non-trivial alphanumeric passwords and secure management of local recovery keys or a FileVaultMaster.keychain for backup restores - my answer to your question would be:

I do not know.

But personally I strongly doubt it. All empirical data available to me does not support your suspicions.

Please refer to Google to see under which conditions - AND IF!!! - in the past a law enforcement agency obtained access to user data through Apple ordered by a court.

There are much easier intrusion vectors. ????


EDIT: if you have important data to keep secure contact a professional.

 

[chabig]

I do not trust everything Apple says.

It sounds like your mind is made up.

 

[0286338]

All points accepted and gratefully received. Your last comment in particular, thank you.

I have heard the five dollar wrench point a million times, I completely agree. I won't go into the counter points to the one it appears to make, namely that 'if they want you, they're gonna get you, so why bother worrying about complex stuff when simpler means exist'. It's a very valid point and one i take into account myself and often pass on to others for the same reason you presumably invoked it here. That said, it doesn't actually negate my question at all, if only for curiosity's sake.

Whilst I am FAR from convinced my suspicions are well-founded, never mind a real threat at all, I get quite sick of the general reactions. High level security analysts don't get laughed at when they test stuff, no not just from hackers and criminals, but from government intrusions and big corporate ones too. One look at Facebook or Google and what they do behind the scenes without most people's knowledge is sufficient testament to that. Hell, just browsing almost any website in the world gives Facebook shadow profile information on us, browser and keyboard fingerprints etc, even if we don't have an account with them (and thus can't request deletion of such data). Google is the same or worse.

I don't think Apple are a patch on those, not even in the same league, but they are also not perfect (find me a billion dollar company that is!), so it's not unreasonable to QUESTION. Not where I come from anyway. I am not here to convince anyone that my suspicions are correct, far from it, on the contrary I am here to try to get it out of my mind, as I have had YEARS of wondering as with each Apple OSX update there are more intrusions on privacy, more calls home via system processes, more coercion (you can read 'persuasion' if you prefer) to stay within the Apple ecosystem, apple pay, icloud, itunes store.... , and so on. It's a valid question, even if it's not a valid concern. I WANT to be satisfactorily convinced I can forget all about it. I probably can. But here's the rub, the thing that keeps me wondering...

Almost nobody can say that it's not possible. that suggests it is. If it is, as per your final sentence, I just may take some extra precautions. That is very different to me saying I think it is actually happening. I can rarely get this through to anyone, as they are usually so Apple-obsessed that they just get offended by the very suggestion/question, as if they have a 5% stake in the company when they dont, they fund the company! There is so much partisanship its very hard to ask such questions. Bear in mind I have been a full time daily apple user for 15-20 years, and still have 3 macs on my desk rigtht now, and will NEVER use Windows for the reasons I left that in the first place. I recommend Macs to people almost every week, they are fantastic machines, although not a patch on what they once were in my opinion. They are also very secure out of the box, and made easier with FileVault etc. I still have to wonder why they don't leave me the option of encrypting drives myself and storing my key myself, and not allowing user accounts to unlock the disk, and so on. T

I am WELL versed in all the FBI v Apple issues, the mass shootings, Sayed Farook and the iPhone 5 which the FBI ended up getting hacked by Cellebrite while Apple continued 'fighting' it. That made GREAT PR didn't it. What freedom fighters Apple are, yeah, right. However, as the two FBI sources confirmed shortly after that debacle : 'The FBI get along very well with Apple outside of this case' (paraphrased). Apple get thousands of secret warrants served on them too, the details of which they dont divulge (of course) but they confirm they get them. They comply I am sure, how could they not.

Committed to user privacy huh. So why do they partner with the most anti-privacy organisation earth to get as many of their customers hooked on their dragnet surveillance systems as possible (Google)? Not a very privacy-focussed decision that, a profit one, at the expense of millions of people's privacy. https://www.macrumors.com/2020/10/25/google-apple-search-default-8-12-billion/

With Apple working SO closely with government and very willingly so (I know for a fact they do, past personal experience, not quite as closely as Facebook (the new real intelligence services) but very closely indeed with regular data exchanges) - wouldn't it have been a good ruse to make this huge media furore about Apple fighting for user privacy rights, what a GREAT advert, which equally would serve the government every bit as much. Imagine if Apple had handed it over, how fast could their business have fallen through the floor? And how would that have helped intelligence agencies who rely on the data Apple gives them (whether willingly or in secret FISA and other warrants, which in turn relies on millions of people believing the 'privacy' promises and marketing by Apple about the security of their messenger (*which they can read), their icloud backups (which they can access) and so on?

These people are smart as hell, well-resourced, and determined to achieve their goals, be it profit, power, crimefighting, counter terrorism, re-election, or just plain spying on their citizens for their religious/politicial beliefs (among other things.) It goes on. We all know it does, yes thankfully not as much as it could, but it goes on. One could look at the decisions surrounding icloud encryption in transit (or lack thereof) to counter the suggestion that their court battle proves they are all about user privacy rights. Or one could read not just what the author had to say here, but Apple's curious responses which can only be read as an admission of failures (or being caught) without so much as an apology to their loyal fans - https://sneak.berlin/20201112/your-computer-isnt-yours/

Then there's the amount of data Apple sneaks out of the OS about user activity such as real IP and bypassing VPNs (now why would a privacy-focussed company want to spend money coding to undo a user's clear desire for privacy?) Or data about what apps are being installed, used, when and where, etc. Their extreme profit desires are clear for all to see https://www.macrumors.com/2021/11/17/apple-developer-settlement-preliminary-approval/

In short, the fact Apple is world renowned for 'fighting' a handful of warrants to decrypt/obtain user data, does not convince me that they are doing exactly that very thing the rest of the time. I dont rate them alongside the Facebooks of the world but I dont use those services at all. I DO use Apple, so my concerns about them, whilst being smaller, are very important to me to allay.

I am yet to find someone who can say Apple's Catalina forcing of user passwords unlocking drives, and preventing previously encrypted drives being used as a system disk, can NOT provide apple a means to unlock my disks. As such I think I will take the necessary action to prevent that. I will conclude with the point that not one byte of my data, if it were accessed by Apple, would cause me a single problem, certainly not legally. It's a point of principle. Apple are not perfect and have told lies and acted dishonestly on occasion. I bought into the marketing crap about Apple being all about privacy. I was a fool. That certainly doesnt add any weight to my suggestion about disk encryption passwords being stored by them, but it doesnt do much to allay it either.

I will be reading some research papers on the encryption/decryption process used by FileVault to let user passwords unlock disks. I am hopeful that will help me lose some of my discomfort. Thanks again.

 

[0286338]

It sounds like your mind is made up.

Then listen more carefully.

All I said was "I dont trust everything Apple says." By your response, am I right in thinking you do? Are you aware they are humans at Apple? Ones you have never met. So Angels do exist then, great! Do you find it unreasonable of me to say I dont trust 'everything' they say? Take some time to think about that perhaps. Is this a God, or a massive rich corporation we are talking about?

 

[Arctic Moose]

I haven’t read every word posted in the thread so I’ll apologize in advance if my contribution is redundant or irrelevant.

I cannot answer your specific questions, and I do have some of the same concerns.

However, the Apple ecosystem provides enough benefit that I would not consider switching.

For me, it isn’t practical to be religious about privacy, so I simply keep my extra sensitive data on an encrypted sparse image in my Documents folder, and do not allow the password in keychain.

This way it doesn’t matter if the image ends up in Backblaze, iCloud backup or on a disk that has been stolen (or seized) and decrypted.

Would I prefer that all my e-mail and photos were just as secure? Sure, but the tradeoffs aren’t worth it.

 

[Slartibart]

All points accepted and gratefully received. Your last comment in particular, thank you.

I have heard the five dollar wrench point a million times, I completely agree. I won't go into the counter points to the one it appears to make, namely that 'if they want you, they're gonna get you, so why bother worrying about complex stuff when simpler means exist'. It's a very valid point and one i take into account myself and often pass on to others for the same reason you presumably invoked it here. That said, it doesn't actually negate my question at all, if only for curiosity's sake.

Whilst I am FAR from convinced my suspicions are well-founded, never mind a real threat at all, I get quite sick of the general reactions. High level security analysts don't get laughed at when they test stuff, no not just from hackers and criminals, but from government intrusions and big corporate ones too. One look at Facebook or Google and what they do behind the scenes without most people's knowledge is sufficient testament to that. Hell, just browsing almost any website in the world gives Facebook shadow profile information on us, browser and keyboard fingerprints etc, even if we don't have an account with them (and thus can't request deletion of such data). Google is the same or worse.

I don't think Apple are a patch on those, not even in the same league, but they are also not perfect (find me a billion dollar company that is!), so it's not unreasonable to QUESTION. Not where I come from anyway. I am not here to convince anyone that my suspicions are correct, far from it, on the contrary I am here to try to get it out of my mind, as I have had YEARS of wondering as with each Apple OSX update there are more intrusions on privacy, more calls home via system processes, more coercion (you can read 'persuasion' if you prefer) to stay within the Apple ecosystem, apple pay, icloud, itunes store.... , and so on. It's a valid question, even if it's not a valid concern. I WANT to be satisfactorily convinced I can forget all about it. I probably can. But here's the rub, the thing that keeps me wondering...

Almost nobody can say that it's not possible. that suggests it is. If it is, as per your final sentence, I just may take some extra precautions. That is very different to me saying I think it is actually happening. I can rarely get this through to anyone, as they are usually so Apple-obsessed that they just get offended by the very suggestion/question, as if they have a 5% stake in the company when they dont, they fund the company! There is so much partisanship its very hard to ask such questions. Bear in mind I have been a full time daily apple user for 15-20 years, and still have 3 macs on my desk rigtht now, and will NEVER use Windows for the reasons I left that in the first place. I recommend Macs to people almost every week, they are fantastic machines, although not a patch on what they once were in my opinion. They are also very secure out of the box, and made easier with FileVault etc. I still have to wonder why they don't leave me the option of encrypting drives myself and storing my key myself, and not allowing user accounts to unlock the disk, and so on. T

I am WELL versed in all the FBI v Apple issues, the mass shootings, Sayed Farook and the iPhone 5 which the FBI ended up getting hacked by Cellebrite while Apple continued 'fighting' it. That made GREAT PR didn't it. What freedom fighters Apple are, yeah, right. However, as the two FBI sources confirmed shortly after that debacle : 'The FBI get along very well with Apple outside of this case' (paraphrased). Apple get thousands of secret warrants served on them too, the details of which they dont divulge (of course) but they confirm they get them. They comply I am sure, how could they not.

Committed to user privacy huh. So why do they partner with the most anti-privacy organisation earth to get as many of their customers hooked on their dragnet surveillance systems as possible (Google)? Not a very privacy-focussed decision that, a profit one, at the expense of millions of people's privacy. https://www.macrumors.com/2020/10/25/google-apple-search-default-8-12-billion/

With Apple working SO closely with government and very willingly so (I know for a fact they do, past personal experience, not quite as closely as Facebook (the new real intelligence services) but very closely indeed with regular data exchanges) - wouldn't it have been a good ruse to make this huge media furore about Apple fighting for user privacy rights, what a GREAT advert, which equally would serve the government every bit as much. Imagine if Apple had handed it over, how fast could their business have fallen through the floor? And how would that have helped intelligence agencies who rely on the data Apple gives them (whether willingly or in secret FISA and other warrants, which in turn relies on millions of people believing the 'privacy' promises and marketing by Apple about the security of their messenger (*which they can read), their icloud backups (which they can access) and so on?

These people are smart as hell, well-resourced, and determined to achieve their goals, be it profit, power, crimefighting, counter terrorism, re-election, or just plain spying on their citizens for their religious/politicial beliefs (among other things.) It goes on. We all know it does, yes thankfully not as much as it could, but it goes on. One could look at the decisions surrounding icloud encryption in transit (or lack thereof) to counter the suggestion that their court battle proves they are all about user privacy rights. Or one could read not just what the author had to say here, but Apple's curious responses which can only be read as an admission of failures (or being caught) without so much as an apology to their loyal fans - https://sneak.berlin/20201112/your-computer-isnt-yours/

Then there's the amount of data Apple sneaks out of the OS about user activity such as real IP and bypassing VPNs (now why would a privacy-focussed company want to spend money coding to undo a user's clear desire for privacy?) Or data about what apps are being installed, used, when and where, etc. Their extreme profit desires are clear for all to see https://www.macrumors.com/2021/11/17/apple-developer-settlement-preliminary-approval/

In short, the fact Apple is world renowned for 'fighting' a handful of warrants to decrypt/obtain user data, does not convince me that they are doing exactly that very thing the rest of the time. I dont rate them alongside the Facebooks of the world but I dont use those services at all. I DO use Apple, so my concerns about them, whilst being smaller, are very important to me to allay.

I am yet to find someone who can say Apple's Catalina forcing of user passwords unlocking drives, and preventing previously encrypted drives being used as a system disk, can NOT provide apple a means to unlock my disks. As such I think I will take the necessary action to prevent that. I will conclude with the point that not one byte of my data, if it were accessed by Apple, would cause me a single problem, certainly not legally. It's a point of principle. Apple are not perfect and have told lies and acted dishonestly on occasion. I bought into the marketing crap about Apple being all about privacy. I was a fool. That certainly doesnt add any weight to my suggestion about disk encryption passwords being stored by them, but it doesnt do much to allay it either.

I will be reading some research papers on the encryption/decryption process used by FileVault to let user passwords unlock disks. I am hopeful that will help me lose some of my discomfort. Thanks again.

you. should. read. the. information. provided. by. Apple.

if. you. do. not. understand. it. - and I apologize if I am completely off, but you give the impression that you do not understand most of it, because there are things you can actually check if you would - ask. a. professional.

look, everything you write is just vague and can be applied to basically everything - what fact makes you assume that there is a backdoor in whatever form?

I got a feeling? Remember… Laplace Principle?

But, as mentioned previously: lucky you, there is choice. change… from the top of my head to e.g. VeraCrypt.

nota bene: I will from here on use the “Ignore”-functionality gracefully provided by MR. 💃🏻👯‍♀️🕺

 

[0286338]

It's a shame you've gone to ignore mode, especially when your points have quite important answers, important to me anyway. In case you change your mind:

look, everything you write is just vague and can be applied to basically everything

Some of what I said was vague. Yes. The rest wasn't. I note you chose to avoid responding to the non-vague points, such as my point, with reference link from this very website, of Apple selling out User Privacy for 8-12 BILLION? Or of documented issues with Apple registering all user activity in relation to apps, bypassing VPNs, charging 30% to small companies trying to make a buck in the App Store from their development prowess.... - Not a whisper from you. Ok, just write it all off as 'vague', whatever gives you the easiest out. A smidgen intellectually lazy if you want my opinion, which of course you don't.

you. should. read. the. information. provided. by. Apple.

I. read. their. promises. to . respect. user. privacy. THEY. LIED.
I no longer read their statements in order to allay my fears of what THEY may be doing to me. If I suspect nefarious activity, I am hardly going to ask the potentially nefarious actor for their view on whether i am at risk to their nefariousness.

what fact makes you assume that there is a backdoor in whatever form?

I have not once said I assume there is a 'back door'

lucky you, there is choice. change… from the top of my head to e.g. VeraCrypt.

No, there is NOT a choice. If I want to upgrade to Catalina (since mojave is now open to security threats as no longer supported), I MUST. MUST. MUST let FileVault take over the encryption of my drives, and I MUST. MUST. MUST let my user accounts unlock my drive. Difficult as it was, I COULD choose not to allow that in Mojave and previous OS's, but not any more.

 

[0286338]

I haven’t read every word posted in the thread so I’ll apologize in advance if my contribution is redundant or irrelevant.

I cannot answer your specific questions, and I do have some of the same concerns.

However, the Apple ecosystem provides enough benefit that I would not consider switching.

For me, it isn’t practical to be religious about privacy, so I simply keep my extra sensitive data on an encrypted sparse image in my Documents folder, and do not allow the password in keychain.

This way it doesn’t matter if the image ends up in Backblaze, iCloud backup or on a disk that has been stolen (or seized) and decrypted.

Would I prefer that all my e-mail and photos were just as secure? Sure, but the tradeoffs aren’t worth it.

Thank you for that. I am not far off exactly where you are. I like Apple hardware, the software decreasingly so, but it's still pretty good. I hope you dont get called names for having anything but utterly unshakeable blind faith in the holiness of the God that is Apple.

 

[NoBoMac]

This is going nowhere.