Entirely possible to require users set up restoration methods in order to enable it.
For example, security keys, physically recording a seed phrase by writing it down or using a more durable approach, etc.
Can require multiple options to enable it and do occasional reminders.
Conversation
Enabling it by default would make it easy to lose data but offering the option with the requirement to set up recovery methods is a different story.
When adding a new device, it can ask for one of the recovery methods for pairing + making sure they still have them available.
1
An option, totally agree 🙂
My point is that probably most people wouldn’t want to loose all their data if they lost their password. Even worse, turn on something like this without understanding it, loosing their secret, then blaming Apple.
1
Most people may not want that, but a lot of people would want to use the option. That's how it works with Bitcoin wallets where people can manage/store their own keys and use backup solutions like cryptosteel.com/product/crypto rather than just writing down the seed phase on paper.
1
1
The backup feature in GrapheneOS uses a BIP39 seed phrase like a Bitcoin wallet so it's compatible with those storage mechanisms. It asks the user to write it down / record it and then asks it to be entered, demonstrating they did actually back it up. Up to them beyond that.
1
1
Security keys an are a option where people don't actually have to manually write it down. It only costs a few dollars to produce those and they could be bundled with other products. Nice having at least one physical backup that's not digital though.
1
1
And continuing with Bitcoin as an example, it's true that a lot of people simply trust exchanges to hold onto their money. It's possible that even most Bitcoin users do that.
However, a LOT of people do own / control their own keys and the seed phrase approach works really well.
2
2
Don’t disagree with any of this.
My only point is that it’s a design trade off Apple are making; not a simple choice that therefore implies they are after your data. 1/2
2
Another thing to account for is that iCloud these days can be used to _share_ data; that fundamentally can’t be done with complete encryption.
So if you turned on this feature you would have to turn off the sharing features and stuff starts getting complex quickly!
1
It can be done by using public key encryption under the hood. Each user can have a public key based on the seed for their end-to-end encryption and then other users can share data with them. Can be done efficiently by having per-file key normally encrypted with only your own key.
2
When you share it with people, under the hood your device can encrypt the key for that file with the public key of each person you want to be able to access it and share it with them. They're already doing this for iMessage end-to-end encryption. It's pretty much the same thing.