Back

The question is *what*. Encrypted messaging seems to be proliferating and there are now many alternatives, from Apple, Meta, Signal. Many of those companies have threatened to leave countries that ban it. I have a hard time seeing any US-aligned country wipe that out.

Local device encryption seems to be ubiquitous now. It’s really hard to see a country demanding that phones become unencrypted. There would be huge pushback globally. So again, where is the weak link that governments can push on?

The one place where end-to-end encryption is “weakest”, ie where deployment rates are lowest, is *cloud backup*. This is, coincidentally, one of the best places for governments to obtain data.

So why am I tweeting about this on a Saturday? Because something funny happened recently.

I heard (thirdhand) from a person at Big Company X that they were under pressure to disable end-to-end encryption for cloud backup.

This is a company that has cloud backup E2E encrypted as a default. And so at first I assumed that this was just a business demand — that it was costing the company a lot to keep this service running. But now I’m getting more worried about it. Maybe I’m paranoid.

So maybe it would be good to give a lay of the land on this issue. Here is what I know about fully-E2E backup in major services:

Apple iCloud: available as an opt-in (called ADP)

Google: on for Android backups, if you use Google/Android backup (caveats)

Meta/WhatsApp: available opt-in, sometimes by default (for texts)

I wish I could offer more than a funny feeling. I think the upshot of all of this is that the companies doing “opt in” backup should be pushing harder to make “opt in” into “heavily encouraged” and then into “by default.” The sooner the better.

@matthew_d_green what's the state of the art on deduplication of encrypted backups? backup services rely on a lot of their users uploading copies of the same data