> they say that iMessage is end-to-end encrypted, and then the second you have an iCloud backup that's completely broken.
It’s not completely broken. For average users, erring on the side of being able to restore from backup is the best choice. For people who need more security, that’s what Advanced Data Protection is for. You have the choice of which option suits you best; I think the default is appropriate for typical users.
> Apple is also the company that tried to introduce client-side content scanning of user photos.
What happened was they put a huge amount of effort into building a system that goes as far as it possibly can to implement CSAM detection that could work on E2E encrypted photo libraries while maintaining as much privacy as possible.
The design of the feature demonstrates they put a lot of effort into privacy – competitors just scan everything that’s uploaded to them, while Apple went above and beyond to do something a lot more difficult. The entire point of it was to detect without Apple having to have access to your photo library. There’s no point to design a system like that if they weren’t prioritising privacy – they could just scan on the server like everybody else if privacy isn’t a priority.
And what happened – everybody freaked out anyway, so they cancelled the feature. It’s an example that supports my point. Apple respond to incentives.
Personally, I wish they hadn’t cancelled the feature. Virtually everybody complaining about it didn’t understand how it worked and thought it worked in a completely different way.
I sense that you're arguing in good faith, but your first argument is very strange.
The purpose of end-to-end encryption is that the messages cannot be read even by Apple. This is a feature that they advertise in their webpage about iMessage security.
All I'm saying is that a bunch of people believe that iMessage supports end-to-end encryption and at the same time know that their messages are encrypted by a key that Apple holds and can decrypt them with via iCloud backup.
That's quite literally marketing a privacy-centric product and having the reality (for the vast majority of users using the defaults) be substantially different than what was promised.
To put it even more starkly, Apple advertises that they can't read your messages, and yet they can.
- iMessage supporting E2E encryption is a good thing.
- The right choice for the average user is to prefer recoverable backups.
- Recoverable backups undermine E2E encryption.
- Apple provides Advanced Data Protection which disables a bunch of things like recoverable iCloud backups in favour of more secure measures.
Apple deciding that ADP is not appropriate for the average user does not mean that “their promises are purely marketing”. They implemented it. It’s real. You can switch ADP on at any time. It’s just not the default, for good reason.
It’s not completely broken. For average users, erring on the side of being able to restore from backup is the best choice. For people who need more security, that’s what Advanced Data Protection is for. You have the choice of which option suits you best; I think the default is appropriate for typical users.
> Apple is also the company that tried to introduce client-side content scanning of user photos.
What happened was they put a huge amount of effort into building a system that goes as far as it possibly can to implement CSAM detection that could work on E2E encrypted photo libraries while maintaining as much privacy as possible.
The design of the feature demonstrates they put a lot of effort into privacy – competitors just scan everything that’s uploaded to them, while Apple went above and beyond to do something a lot more difficult. The entire point of it was to detect without Apple having to have access to your photo library. There’s no point to design a system like that if they weren’t prioritising privacy – they could just scan on the server like everybody else if privacy isn’t a priority.
And what happened – everybody freaked out anyway, so they cancelled the feature. It’s an example that supports my point. Apple respond to incentives.
Personally, I wish they hadn’t cancelled the feature. Virtually everybody complaining about it didn’t understand how it worked and thought it worked in a completely different way.