[aruss]

Former crypto PhD student here. Here's the formal definition. FHE means that, given an encryption Enc(x) of plaintext x, you can compute Enc(f(x)). Note that without the decryption key, Enc(f(x)) is just as "useless" as Enc(x) (i.e., it looks totally random). FHE would be useful if you wanted Google to filter all of your emails for spam, but didn't want them reading your emails. Google would receive Enc(email) and compute Enc(isSpam(email)) and then forward Enc(email) and Enc(isSpam(email)) to your email client, which would then decrypt both and either send `email` to spam or not. Note that in this scenario, Google learns nothing about `email`, not even if it is spam or not.

Here's what iO means: given two different circuits C_0 and C_1 that both compute a function f, the obfuscations iO(C_0) and iO(C_1) are indistinguishable (to a polytime adversary). In the email example, you could have a circuit C that computes isSpam over encrypted emails, but with a decrypted result. That is, C(Enc(email)) = isSpam(email). But note that this leaks information to Google, and the security definition of iO does NOT guarantee that Google does not learn anything about your secret key (the obfuscation might not hide the secret key at all).

Definitionally, they're very, very different things and have very different security guarantees. The weird thing about iO is that the security definition doesn't immediately appear to actually secure much, so it doesn't seem very useful. However, it turns out that iO is an incredibly powerful primitive because it can be combined with other things like pseudorandom generators to build up a lot of other primitives. For example, you can combine secret-key encryption and iO to get public-key encryption in a very elegant way.