Data has always been encrypted by a key, which Apple held in a HSM (hardware security module, a special “black box” for encryption keys in this case). Previously Apple could take those keys, decrypt your data, and hand it to law enforcement. A hacker, too, could sign into your account and access everything if they found a vulnerability.
Now, if you opt-in to this, the key will be deleted from the HSM and stored on your devices only. New keys will be used for newly added data, but the old data will be encrypted with the same key (imagine the computational load of suddenly re-encrypting all those files, not to mention that you’d need to temporarily give Apple the new key or re-do it all locally). You will always need your Apple ID password (or a recovery key/“contact”) to decrypt your data now, and Apple won’t have the key to decrypt your data and give to law enforcement, nor will hackers be able to access it if they find a vulnerability in iCloud.
If you trust Apple not to implement a backdoor, you no longer need to trust them in any other regard to keep this data private.
Exit: upon further reading, it seems the encryption key is stored on your device, and you’ll need one of the recovery methods if you lose all your devices. This is much better as it means a weak iCloud password cannot be used to compromise your key.
Now, if you opt-in to this, the key will be deleted from the HSM and stored on your devices only. New keys will be used for newly added data, but the old data will be encrypted with the same key (imagine the computational load of suddenly re-encrypting all those files, not to mention that you’d need to temporarily give Apple the new key or re-do it all locally). You will always need your Apple ID password (or a recovery key/“contact”) to decrypt your data now, and Apple won’t have the key to decrypt your data and give to law enforcement, nor will hackers be able to access it if they find a vulnerability in iCloud.
If you trust Apple not to implement a backdoor, you no longer need to trust them in any other regard to keep this data private.
Exit: upon further reading, it seems the encryption key is stored on your device, and you’ll need one of the recovery methods if you lose all your devices. This is much better as it means a weak iCloud password cannot be used to compromise your key.