> all that gives you is confidence that the message comes from someone authorized by that right/real person.
Which is good enough for many applications, I think. With friends and family, I am pretty confident, that none of them deploy a personal assistant to answer my encrypted messages. As opposed to a messenger where the service provider can inject ads into the messages.
How do I know that a person that I speak to IRL is really saying what they think or even really is who they claim to be if I don't know them well? A rest of uncertainty always remains.
Even though it is not an official service, in Germany there is Abgeordnetenwach [0](Translate: representative watch), where citizen can ask parlamentarians directly. Some parlamentarians are great at answering questions, while some never reply and some only let their offices copy & paste standard replies. I wish politicians would be forced to make an effort to reply to their sovereign. Certain reasonable anti-spam and DoD measures granted.
With cryptographic signatures I could at least verify that something stems from the same account that I previously agreed with, but this would require people to be able to manage their own private keys.
Actually nothing would stop people from signing their own comments today and sometimes it is done.
With e2ee messengers I feel pretty confident that a message comes from the right / real person after I verified their public key.
> But let’s not pretend it’s a move that doesn’t come with a cost. Scanning for CSAM by companies does catch a lot of child abusers and result in children being rescued from abuse, and it’s likely that Apple implementing such scanning would have done the same.
Let's not pretend that scanning everyone's photos is the only (or even a good) way to catch child abusers. Child abusers have been convicted without CSAM scanning before, so I am sure it will continue to be possible without. Just scanning everyone's photos may or may not be a convenient way to catch many, but the social cost for that is too damn high.
There is no guarantee that fewer children would get abused by scanning for CSAM, since abusers would probably adapt and avoid scanned services, while the innocent majority of people would have lost their privacy.
I often hear the argument that the average user does not care about privacy, but I don't think that this is true.
Instead I think the average user is just not aware of the insane amount of data that is exfiltrated and what can be done with that data, because the software does not make it clear what it actually is doing.
Which is good enough for many applications, I think. With friends and family, I am pretty confident, that none of them deploy a personal assistant to answer my encrypted messages. As opposed to a messenger where the service provider can inject ads into the messages.
How do I know that a person that I speak to IRL is really saying what they think or even really is who they claim to be if I don't know them well? A rest of uncertainty always remains.