[dkonofalski]

But isn't the repair being harder a net-benefit for the consumer? It's not like the repair is arbitrarily harder. It's harder because the repairs in question deal with the TouchID sensor and the SSD, like you said. I wouldn't want someone being able to access my data just by replacing a component on the computer that then bypassed all the security systems present on the computer. It's the same situation as when replaced displays on iPhones were causing issues because repair shops weren't moving over the TouchID sensor. The cost of that security is that I need to have my data backed up but that's a best practice anyways for anyone that values their data.

[kmeisthax]

"You should have had a backup" is not an acceptable excuse for not having a data recovery mechanism. Furthermore, full disk encryption is not bypassable in the way you suggest. Your login password is (supposed to be) the key material for the encryption, which is stored off-device, preferably in your head. In other disk encryption systems that are not locked to a particular encryption chip, if you take the disk out of the machine and plug it into another machine, it won't be readable unless you have that password.

Furthermore, most people do not make this calculation in their head of "Okay, anything I put behind the T2 is Apple's property now so I'd better have unencrypted backups". They just buy the computer that works and says that it keeps thieves and snoops out of their data. Everything we're talking about with backups comes as a post-purchase surprise, usually AFTER the data is already lost.

[dkonofalski]

>Your login password is (supposed to be) the key material for the encryption, which is stored off-device, preferably in your head.

This is referencing the Touch Bar repair which means that the user has encrypted their drive with Touch ID. The only reason any repair would be harder is because the Touch ID sensor is paired to the secure enclave. The same goes for the SSD. Without the key, as you stated, you shouldn't be able to access the data so I don't see how that's any different than "having a data recovery mechanism". A data recovery mechanism shouldn't exist if you don't have the proper keys.