I believe they also keep a copy of your recovery key. Apple touts privacy and security but most people I know that use Apple just repeat whatever they claim in their press releases, and have no clue if their device is actually secure.
For someone with luks2 in the username you sure have a lack of understanding about encryption.
Why would it be so hard to believe that your recovery key is hashed and salted like every other password? You can't view your key after creation, you have to regenerate it. Do I really need to pull out Wireshark to verify this for you?
Advanced data protection is explicitly removing Apple as a holder of your keys, it's not re encrypting anything, it's not new encryption. The entire process is just deleting the key that was already stored on their servers anyway. How would it be in Apple's interest to keep your recovery key after press releases and multiple warnings saying you're on your own for recovery.
Microsoft Windows has the option to upload your BitLocker recovery key to your Microsoft account. I was trying to understand why Apple needed to ping a server for a recovery key. Oh, look... they do have that feature afterall:
