There is actually evidence (iOS 15 beta), that they added option to recover your backup from recovery keys. This strongly suggests that E2EE is coming.
> the user's iCloud [edit: photos, not all of iCloud] is encrypted at rest against Apple accessing it.
This is false. They present a web interface showing the photos. The UI isn’t locally generated entirely using JavaScript to decrypt the data. They only way this can happen is if Apple has the decryption keys.
iCloud Photo Library has never been private. Apple has always been able to view your photos.
How can the photos be encrypted at rest where Apple can't access them? If I buy a new iPhone all of my iCloud photos show up on it. That means that Apple can access them somehow.
While photos aren’t end to end encrypted (at least today), the fact that they show up on a new phone isn’t proof that if non-encryption. E.g. keychain passwords and iMessage messages are end to end encrypted (except in iCloud backups) but show up when you buy a new phone.
(Caveat that if you have iCloud backup enabled - which it is by default, the backups aren't end-to-end encrypted. This feature is basically on the convenience side of convenience vs privacy / security - too many consumers would irretrievably lose their data if iCloud backup weren't enabled by default)
Someone was worried about how they handle the keys. They have solution for that already: https://blog.cryptographyengineering.com/2016/08/13/is-apple...