[wonderbore]

It’s really painful to see all of these encryption holes in every product we use daily. Apple claims privacy, yet your whole phone sits unencrypted on their server ready to be served to anyone who asks (assuming you back up your phone to iCloud)

[lrvick]

End to end encryption is only useful when the software on each end is open source and deterministically built/distributed by third parties with accountability.

Even Signal or Google/Apple could ship a bad Signal app update to targeted devices to dump convos if ordered. If you use Matrix with a client from an F-Droid build or a reproducible build from debian etc, then the Matrix developers literally could not comply with orders to obtain your plaintext content.

[woodruffw]

My understanding is that iCloud backups are encrypted[1].

[1]: https://support.apple.com/en-us/HT202303

[wonderbore]

Encrypted but they have the keys so they can serve it to anyone who asks. That’s why “end-to-end” is subsequently mentioned as an “additional” step for certain data. It should all be end-to-end like iCloud Keychain is, at least on demand.