I can't agree with this one. I enjoy Apple products and consider them to be of high quality, but they should not be the star example for user privacy. iCloud backups are turned on by default, which means they have access to the private key, and they considered adding a client-side detection system for "child pornography". From the standpoint of E2EE, enough is enough with the "gray area" in privacy systems. Either you don't fiddle/introspect with the content that goes through your communication medium, or you do.

>they should not be the star example for user privacy

They are not perfect, but I can't see anyone who does better overall.

>iCloud backups are turned on by default

I believe it is good default, as 90%+ of their users (would) care more about accidental data loss than privacy. When that changes, Apple will change the default.

>client-side detection system for "child pornography"

Yes, that's a very controversial move. But they made it client-side because it's more private than server-side.

> I believe it is good default, as 90%+ of their users (would) care more about accidental data loss than privacy.

I think you're right about the numbers, but I don't understand why that justifies the default. Why even have a default? Why not just ask users what they want? It's not a hard question, and it even has the benefit of helping inform users about the feature.

> Yes, that's a very controversial move. But they made it client-side because it's more private than server-side.

So? Either it respects privacy or it doesn't in this kind of discussion. Lauding them for violating your privacy but not as much as they could otherwise is like lauding a mugger for only taking half of the cash in your wallet. Yeah it could have been worse, but that doesn't change the nature of their actions.