[gonehome]

You're kind of arguing a straw man, sure it technically runs it on the phone (I don't dispute that), but only when upload to iCloud is enabled and the photo is being uploaded to iCloud. The latter bit matters (and what I meant by 'essentially'). Running the check on the phone on upload with these constraints is what would enable iCloud to be encrypted.

I don't think there's much point in discussing further, the main disagreement is already visible in the thread.

[echelon]

> only when upload to iCloud is enabled and the photo is being uploaded to iCloud

You have to trust Apple that this will always be the case.

Your model should be to trust no one. Don't take anyone at their word as it's subject to change at any time. Especially not a corporation which is easily manipulated governments (look how they bend to Russia and China).

It's entirely obtuse that this can be turned with product use. Product use that might be triggered at a distance by simply using the "blessed path". Most people won't even be aware this is happening. And that's beyond shameful.

This puts one foot in the door. There will be more. They'll be ramming everything through that they can to spy on you.

Companies should not be trusted with liberty and privacy. Not even Apple.

[gonehome]

> You have to trust Apple that this will always be the case.

You're right of course, but I'd argue this is true in either case. If you're using an iPhone you're trusting Apple is doing what they say they're doing and there's not much you can do about it.

> Your model should be to trust no one. Don't take anyone at their word as it's subject to change at any time. Especially not a corporation which is easily manipulated governments (look how they bend to Russia and China).

I actually agree with this general idea (I work on urbit fwiw), I just think in this case you already have to trust anyway. If they're going to lie and do something differently that's bad - I just think that's independent of this policy and the policy specifics matter.

As it is unencrypted iCloud is a worse state imo, but as I said elsewhere reasonable people can disagree with this. The specific policy as described though isn't worse - it's people's assumption that it increases risk of an abusive policy that is. My take is that that risk is there in either case and really independent of this policy.