I guess the trade off here is that your data is still stored in (essentially) plain text on Apple's servers, and they (or whatever authorities) can still rifle through it at any time without telling you.
The main issue with privacy is not necessarily the initial implementation, but the sliding scale that it permits. Apple's statement that they will ignore "government requests" for broadening the scope is almost funny, because the government wouldn't request: it would demand. Just like how China has control over the crypto keys for the iCloud data in Chinese data centers.
So you're right that the initial plan is indeed more privacy-friendly, but it has some major future privacy implications that are much worse.
Is there any other way? The way I see it, the scanning is coming either fully server side or with a bit more privacy with the proposed client side system so is there something better?
Others providers do it and I don't expect Apple to sit and do nothing about it (governments, ngo pressure, etc.). Something worse is that the Apple brand could be labeled as a "CP enabler" which would very much hurt Apple way more than the current backslash.
Yes: E2EE and not having the ability to scan is a legit alternative.
Apple has lost its credibility as a privacy-enabler. That's a real consequence, as opposed to a potential consequence of being targeted by propaganda.
iCloud is encrypted but Apple has the private keys so it’s only slightly better than plain text. You should not expect you data to be anything more whenever you post anything online. The only exception is E2EE but Apple will never offer it.
Agreed. If they really planned to enable E2EE, they would have announced it with the CSAM detection. It makes no sense to have all this backlash only to enable E2EE at a later date.
