Tony Padgett uses FileVault in macOS to encrypt his startup volume. However, it occurred to him that because he routinely updates a bootable clone of that drive, his clone remains unprotected at rest.
After cloning my internal drive to an external, I can take that external clone, plug it into another Mac, and see and read the contents.
This “hole” is not very obvious to the average person. I somehow assumed because FileVaut has encrypted my iMac, an encrypted version of it was being cloned the external drive.
I agree! I understood this because of extensive testing of FileVault, but it’s certainly not immediately obvious if you don’t know how a seemingly identical clone is managed at a low level by macOS.