The other end of the conversation escrows the key on any messenger. Otherwise how would you read the message? Unless you consider Snapchat, but that's not End to End Encrypted.
And are you really sure that Signal or your preferred messengers don't also have Zero-Click exploits? After all, they aren't sandboxed to the degree iMessage is with BlastDoor.
>"BlastDoor is a great step, to be sure, but it's pretty lame to just slap sandboxing on iMessage and hope for the best. How about: "don't automatically run extremely complex and buggy parsing on data that strangers push to your phone?!"
This is false. Snapchat has "snaps" protected, but text messages and group messages are not end to end encrypted.
Also, Signal putting your escrow keys in iCloud? I don't think you know what you are talking about. You can set iMessage to not put your keys in iCloud like I said above by turning off iCloud Backup which makes it fully End-to-End with your own key on your device, just like Signal.
If you are worried about the other party having their conversations being backed up, tell them to disable iCloud Backup. If you are this worried about the privacy of your communications, hopefully the other party would be as well.
And Signal and any other E2E messenger is absolutely storing copies of your key on the recipient's phone, just like iMessage would. If it didn't, there'd be no way to verify that a message was sent from the same sender.
Signal doesn't need keys for the messages you previously received. You received a message from Jim, it's received, done, no need to retain keys to decrypt the message from Jim.
You might be thinking, "But what about the next message from Jim?" but that message is encrypted with a new key so the previous key isn't useful, your Signal works out what that key will be and remembers it until it receives a message from Jim.
It's a ratchet, you can go forwards but you can't go backwards, if I didn't keep the message Jim sent me last week then even though you've got the encrypted message, and I've still got a working key to receive new messages, we can't work back to decrypt the old message.
You might also be thinking, "There must be a long term identity key so that I can tell Jim and Steve apart?". Indeed there is. But Signal doesn't use this to sign messages since that's a huge security mistake, instead this long term identity key is used to sign a part of the initial keys other parties will use to communicate with you.
This design deliberately means you can't prove to anybody else, who sent you anything or what they sent. Sure, you can tell people. You can dish the dirt to your spouse, your friends, the Secret Police, but you can't prove any of it cryptographically.
You are trying to say that iMessage does not have forward secrecy.
That's true, and is a perfectly legitimate reason to use Signal.
I'm saying that the OP was dissing iMessage because of the Pegasus zero-click exploit, and was saying that switching to Signal gives zero guarantees of protecting you from that, because it likely has it's own zero-click exploits, especially because it doesn't attempt to sandbox unlike iMessage does with the flawed BlastDoor.
>You can set iMessage to not put your keys in iCloud like I said above by turning off iCloud Backup which makes it fully End-to-End
"Fully" smells like a weasel word here. Either it is E2EE or it isn't. iMesssage isn't by default from what you are saying and if it requires the other end to also turn off icloud backup before it is E2EE then I'd go as far as stating that it is a completely useless attempt to be E2EE. In fact I'd argue Apple is full of sh*t if they actually ever stared that it is E2EE (but I have no idea if they did).
Comparing Signal to such a mess is... well at a minimum it is disingenuous.
The messages are fully end-to-end encrypted, we know that, the EFF has stated as such. However, iCloud Backup means copies of your messages that arrived after the end-to-end process are backed up online. For most people who buy iPhones, having their messages not be permanently lost if their phone is stolen is a fair trade. If you don't want copies of your messages backed up after they arrived through the end-to-end encryption process, then turn it off.
And are you really sure that Signal or your preferred messengers don't also have Zero-Click exploits? After all, they aren't sandboxed to the degree iMessage is with BlastDoor.