> a fully self-sovereign life, with no dependence on trust or agents, is an unrealizable ideal
I agree with this part, but relying Apple is quite far from self-sovereignty compared to many other practical alternatives: not relying on external clouds, GrapheneOS, Linux. By relying on Apple, you not only pay a tax to essentially bribe them to not attack you (perhaps a viable strategy, not too different from taxes to governments), but more importantly you give up the ability to resist without serious compromises (can't have E2EE backups on your own cloud if they said so). This is akin to trying to be paying taxes to the government to get better police coverage, and they decide to ban locks, security cameras, and leaving the walled garden.
The problem with the current computing security paradigm is that it puts too much trust in entities that do not deserve it, because the entities are simply too powerful and do not suffer consequences when they break that trust.
Fair points, I can't say I disagree, and I'm aware of the trade-offs I'm making. (I was actually tempted to use the word "bribe" when describing the Apple Tax!)
There are a couple meaningful points of divergence in the ecosystem: Mac vs iOS (the former has some self-sovereignty, even if there are risks of backdoors/etc); and, cloud vs not (I mostly avoid cloud usage, iCloud or otherwise, and when I do use it, I treat all content as public).
I agree about the trust problem. Varoufakis might make some valid points re: "Technofeudalism", but then Bruce Schneier was making a similar analogy over a decade ago. I've heard cogent arguments, that early feudalism evolved from rational self-interest, that serfs were willing to trade some degree of autonomy for safety, and it does feel that many "normie" users (especially with iOS) are making a similar rational trade, even if it sets up an asymmetric power dynamic, and risk (inevitability?) of future betrayal.
I'm curious if you have any examples in mind for Apple, re: "do not suffer consequences when they break that trust". IMO, they've done okay at putting actions and costly signaling behind their privacy rhetoric, and I think they'd take some kind of market hit if they were to blatantly break that trust. But I'm curious if you think there are past instances in which that already happened, which maybe I've forgotten or am neglecting, or if it's a threat model of the future.
Their image scanning proposal? The recent UK E2EE backup thing?
For the first, although they eventually backtracked, proposing it alone should be ruinous they are actually a privacy-oriented company.
Although the second situation is forced by a government, it is still a self-inflicted problem where iCloud is the only way you can back up your stuff. Not being able to have encrypted backups is a serious QoL issue.
> I mostly avoid cloud usage, iCloud or otherwise, and when I do use it, I treat all content as public
This is also my attitude toward "the cloud" in general.
Someone with everything to lose if they break it. Most large companies do not. Perhaps smaller companies whose main selling point is privacy? Proton? Signal? I don't use either but they seem relatively plausible.
I agree with this part, but relying Apple is quite far from self-sovereignty compared to many other practical alternatives: not relying on external clouds, GrapheneOS, Linux. By relying on Apple, you not only pay a tax to essentially bribe them to not attack you (perhaps a viable strategy, not too different from taxes to governments), but more importantly you give up the ability to resist without serious compromises (can't have E2EE backups on your own cloud if they said so). This is akin to trying to be paying taxes to the government to get better police coverage, and they decide to ban locks, security cameras, and leaving the walled garden.
The problem with the current computing security paradigm is that it puts too much trust in entities that do not deserve it, because the entities are simply too powerful and do not suffer consequences when they break that trust.