Apple claims that iCloud encrypt everything on a device and Apple don't have an access to my photos. They are claiming it in their docs, for example, https://machinelearning.apple.com/2017/11/16/face-detection.html

... Every photo and video sent to iCloud Photo Library is encrypted on the device before it is sent to cloud storage, and can only be decrypted by devices that are registered with the iCloud account. ...

When you try to login to iCloud Web App with two-factor authentication enabled it seems that Web App do Diffie-Hellman key exchange and it looks that it is implemented securely

But then in Chrome Developer Tools, there are direct links the photos (unencrypted) that work even in a different browser. It looks like there are some encryption keys in links.

So, Apple lie about their encryption and they have all the keys? Then why no one cares?