When you have Apple managing your keychain, your passwords stored in that, your passkeys stored in that, them filling in your MFA info by reading your email and SMS on every device, supplying your primary email account and all your throwaway addresses, and possibly trying to tie you into their OAuth or whatever for a third party, you are fucked if something goes trivially wrong.
It's a death by thousand cuts that's finally starting to come together:
- Remote attestation like Play "integrity"
- Hardware backed DRM like Widevine
- No full access to filesystem on Android, and no access to filesystem at all on iOS
- No ability to run your own programs at all on iOS without Apple's permission.
- "Secure" boot on Android and iOS that do not allow running your own software
Ever wondered why Windows 11 have a TPM requirement? No, it's not just planned obsolescence.
If they get their way, user-owned computers running free software will never be usable again, and we'll lose the final escape hatch slowing down the enshittification of computers. The only hope we have is that they turn up the temperature a little too quickly that normies would catch on before it gets far enough.
Cryptography is only safe against someone who doesn't come and beat the password out of you if they want it. In my case, only my laptop is encrypted so if I lose it when I'm out it's useless.
That said, I think that it's better to use alternative approach. Use unencrypted signed system partition which presents login screen. After user typed their username and password, only user home gets decrypted. This scheme does not require TPM and only uses secure boot to ensure that system partition has not been altered. I think that macOS uses similar approach.
Already I use BSD on an older laptop probably 40% of the time. Linux on my main system is there due to a hardware device issue BSD still have a minor problem with it. But for me right now, Linux seems to be heading in a wrong direction.