> And yes they can see your stuff. We know this because law enforcement gets access to it all the time.
What law enforcement typically gets access to is iCloud Backups, which is not end-to-end encrypted by default (but can be) and is not a mandatory feature. iCloud backups do not contain your keychain.
> The keychain is just another keystore
Nobody has said anything else? But Apple does not hold the key to decrypt it.
Did they announce this change? It's a pretty major UI departure. In particular, if you have one Apple device and loose it, the 2022 article implies you can recover your keychain, but the 2023 article says you're completely screwed.
A lot of people rely on iCloud backup. It seems like there should be a device-wide toggle that lets you choose between the two behaviors for things like passwords, health data, and all the other E2E apps.
The escrow is only an additional layer of security - your device still has to decrypt the downloaded keychain contents using your password AFTER proving to escrow that you're allowed to download the encrypted keychain using device or SMS 2FA or an iCloud security code.
> They are the other end where the traffic is decrypted
Only for certain types of data, with certain settings. That does not include the keychain.
https://support.apple.com/en-us/102651
> And yes they can see your stuff. We know this because law enforcement gets access to it all the time.
What law enforcement typically gets access to is iCloud Backups, which is not end-to-end encrypted by default (but can be) and is not a mandatory feature. iCloud backups do not contain your keychain.
> The keychain is just another keystore
Nobody has said anything else? But Apple does not hold the key to decrypt it.