They don't have access to your data? Who, exactly, are you being protected from?
Privacy, encryption, Apple, Meta and the shadow of Snowden: a function-by-function inquiry to tell apart what is true, what is marketing, and against whom
0. Introduction: the wrong question
“Is it bullshit?” The question returns with every scandal, with every privacy promise plastered on a giant billboard, with every reminder of Edward Snowden’s revelations. We ask it wholesale, and we expect a wholesale answer: either these companies protect us, or they are laughing at us. The trouble is that the question, asked that way, has no answer, because it leaves out the one variable that decides everything: who you are trying to protect yourself from. The honest answer is neither “it is all bullshit” nor “you are protected”, it is a map, whose entries are the precise function, the default setting, and the adversary.
Privacy is not a global promise to be believed or rejected in one move: it is a matter of fact, checked function by function, by looking at the technical architecture, the cryptography and the law. We will not ask whether the ambient cynicism is understandable, we will ask whether it is accurate, and where.
Picture the most ordinary scene. An app displays, in reassuring letters, that your privacy matters to it, and you waver between two equally lazy reflexes: swallow it whole, or sweep it away with “they all lie”. Neither tells you what, in that sentence, is true for you, because the sentence specifies neither the function it covers nor the adversary it claims to separate you from. The slogan is built to reassure wholesale, and it is precisely because it speaks wholesale that it cannot answer your question, which is always particular: protect what, from whom, in which situation.
The tool that structures the whole inquiry has a name in computer security: the threat model. A protection is never judged in the abstract, but against a precise adversary, and the range is wide: an advertiser, the company itself, a thief who picks up your phone, your own State, a foreign State, an intelligence service holding a warrant. A function very effective against one can be perfectly useless against another, so that answering “protected” or “not protected” without naming the adversary means nothing.
There remains the most widespread posture, and the most honest of the three: “I have nothing to hide”. In its strong version, it assumes a trade-off rather than a naivety: I accept a share of exposure because I trust the rule of law, and locking down the least detail of my life is not worth the effort it would cost. Taken that way, it deserves better than a shrug. Two observations displace it without ridiculing it. Having a private life does not amount to hiding an offence: one closes the bathroom door without concealing anything guilty, and intimacy remains a need when one has nothing to reproach oneself with. And the sorting between what would be “to hide” and what would be harmless escapes you: it falls to whoever holds the data, whose criterion can differ from yours and change over time.
One last precaution, symmetry, which will be the through-line. The fact that a company lied or yielded on one point does not prove that everything is false, and the fact that the encryption holds mathematically does not prove that you are protected. A local flaw does not make a general theatre, solid mathematics do not make a global security. The techno-cynic and the advertising optimist make the same mistake in reverse: they replace case-by-case examination with a verdict of mood.
This symmetry is not a comfort of neutrality, it is a demand of method. It forbids two opposite shortcuts: concluding from one revealed flaw that the whole edifice is a set, and concluding from one real technical guarantee that the user is safe. Both moves console, one by permitting surrender, the other by permitting carelessness, and both spare us the only work that truly enlightens, that of looking at one function at a time.
Let us also state what this text does not do. We examine the consumer privacy promises of Apple and Meta, function by function, and their relation to real access by the company and by the State; we do not offer a security guide, we do not enter the country-by-country legal detail, and we set aside targeted spyware attacks except for what they illuminate of the reasoning. As for Snowden, the former NSA contractor whose shadow hovers over the subject, he must be situated in time: his 2013 revelations exposed mass surveillance, but they also partly caused the generalisation of encryption that followed, so that citing him as proof that nothing has moved would be an anachronism (Lyon 2014).
1. Apple is not Meta
The first error consists in treating “the tech giants” as a homogeneous block. Apple and Meta have opposite business models: Apple sells mainly hardware, and makes privacy a selling point, whereas Meta sells targeted advertising and draws most of its revenue from exploiting its users’ data (Apple ; Meta 2024; Acquisti et al. 2015). This difference is not a detail of communication, it is a difference of incentive: for one, protecting data strengthens the product; for the other, the data is the product. One does not expect the same thing from a locksmith and a burglar, even if both are skilled.
This real incentive does not make Apple an angel, and the skepticism must stay symmetric. Apple develops its own advertising business, takes a commission on the App Store and remains a commercial company whose interest goes to the margin rather than to purity (Apple ; Meta 2024; Acquisti et al. 2015). Privacy is, for it, a competitive advantage as much as a value, and it is safer to reason on incentives than on stated intentions.
On Meta’s side, the workings are documented rather than supposed: the extensive collection of behavioural data to target advertising has been the object of regulatory actions, notably by the FTC in the United States (Englehardt and Narayanan 2016; Federal Trade Commission (FTC) 2023). The watchword “the data is the product” is no figure of speech: in this model, the free service you use is not what is sold, what is sold is access to your attention, calibrated by what the company knows of you, and the more it knows, the more that access is worth (Englehardt and Narayanan 2016; Federal Trade Commission (FTC) 2023). The extensive collection is therefore not a flaw of the system, it is its engine, which explains why a privacy promise from such an actor calls, by construction, for closer scrutiny than the same promise from a hardware seller. The model does not hide, it measures. But one must at once complicate the picture, for a group is not homogeneous function by function: Meta owns WhatsApp, whose message content is end-to-end encrypted, while extensively exploiting the metadata and the data of Facebook and Instagram (WhatsApp 2023; Englehardt and Narayanan 2016). The same owner therefore offers strong content protection on one service and an advertising-surveillance model on the others, which forbids judging Meta in a single word.
This grid of incentives is worth more than a trial of intentions, in either direction. It does not require believing Apple virtuous nor Meta malicious, only looking at what each model pushes one to do: a company whose product is hardware has an interest in privacy being credible, a company whose product is the audience has an interest in data circulating (Apple ; Meta 2024; Acquisti et al. 2015). When a promise goes in the direction of the interest of the one who makes it, it deserves less suspicion than when it runs against it, and it is from this angle that one should read each of the functions that follow, rather than by the measure of stated intentions.
2. End-to-end encryption: what the maths guarantee
At the heart of every privacy promise lies a word we often use without weighing it: end-to-end encryption. Where it is really active, it means that only the sender and the recipient can read the content, and that the service provider cannot, which is a verifiable cryptographic property, and not an advertising phrase (Abelson et al. 2015; Cohn-Gordon et al. 2017). This is the point that ruins the lazy claim “anyway they have access to everything”: for properly encrypted content, they do not, and it is demonstrable.
The word “verifiable” deserves a pause, for it makes all the difference between a belief and a finding. A published protocol can be studied by any cryptographer, its assumptions written down in plain sight, its weaknesses sought out in the open; a guarantee that rests instead on a company’s word alone, with no readable specification or code, demands a trust that nothing controls (Abelson et al. 2015; Cohn-Gordon et al. 2017). End-to-end encryption of content belongs to the first category, and that is why “they cannot read your messages” can be, for this precise function, an accurate statement instead of a sales pitch.
One still has to know where this property is really in force. End-to-end encryption is indeed active on several consumer services: iMessage between Apple devices, the content of WhatsApp messages, and Advanced Data Protection for iCloud when it is enabled (Apple 2024b; WhatsApp 2023; Cohn-Gordon et al. 2017). WhatsApp, in particular, encrypts content with the Signal protocol, a public protocol whose properties have been the object of formal cryptographic analyses, which places the guarantee beyond the company’s word alone (Cohn-Gordon et al. 2017; WhatsApp 2023). This nuance is decisive, for a privacy guarantee is only worth something if it can be independently audited, through a public protocol, analyses by cryptographers and checkable implementations; that is what separates a marketing promise from an established property.
Apple’s case deserves a technical clarification. When Advanced Data Protection is enabled, most iCloud categories, including backups and photos, move to end-to-end encryption, so that Apple no longer holds the keys and can no longer hand over the content in the clear, including under legal request (Apple 2024a; Abelson et al. 2015). The promise here is as strong as the mathematics allow. The flip side, as we will see, is that this protection is optional.
This clarification changes the reading of a common slogan. When Apple states that it cannot access certain data, the statement is accurate for the categories actually moved to end-to-end encryption by Advanced Data Protection, and it ceases to be so for those that remain outside (Apple 2024a; Abelson et al. 2015). The same company can therefore be truthful and incomplete in the same sentence, depending on whether one is speaking of a covered datum or a datum left out of the perimeter. To read a privacy promise is first to ask which precise categories it applies to, rather than settling for its reassuring breadth.
All this calls for wariness of labels. Not all messengers reputed to be “secure” are equal: Telegram, for instance, does not encrypt end-to-end by default, its end-to-end encryption being limited to an optional mode, which shows that the label does not guarantee the function (Telegram 2024; Cohn-Gordon et al. 2017). An app can thus present itself as a protector of privacy while reserving end-to-end encryption to a separate, barely visible mode that most people never use, so that the user believes they enjoy a guarantee which, for their ordinary conversations, does not apply (Telegram 2024; Cohn-Gordon et al. 2017). The useful reflex is to check what is actually encrypted by default, rather than to trust the reassuring register of the name or the presentation. Likewise, iMessage encryption only holds between Apple devices: a message exchanged with a non-Apple phone classically fell back to SMS, and since late 2024 to interplatform RCS, whose exchanges between iPhone and Android are not end-to-end encrypted, so that the protection also depends on the other party’s device (Apple 2024b; Cohn-Gordon et al. 2017).
To give the “real protection” camp its strongest form, one must cite recent efforts. For its artificial-intelligence processing, Apple presents a confidential cloud-computing architecture, Private Cloud Compute, designed so that no personal data is accessible even to Apple; the architecture is documented and partly auditable, but its guarantee rests on trust assumptions that must be named rather than swallowed (Apple 2024d; Abelson et al. 2015). The right attitude is neither to applaud nor to sneer, but to ask what, in the promise, is verifiable.
3. Metadata: what encryption does not cover
End-to-end encryption protects the content, and that is already a great deal. But it does not protect the metadata: who communicates with whom, when, from where, how often and for how long remain largely visible to the provider and to the networks (Mayer et al. 2016; Abelson et al. 2015). This is the nuance the public most often misses, because attention naturally falls on the message and not on the envelope.
Yet the envelope says enormously much. Empirical work has shown that telephone metadata alone allow one to infer relationships, activities and sensitive information about a person, without ever accessing the content (Mayer et al. 2016; Lyon 2014). The importance of these data for intelligence has, moreover, been summed up by the parties themselves, the former director of the NSA and the CIA Michael Hayden having declared “we kill people based on metadata” (Hayden, Michael 2014; Mayer et al. 2016). The sentence is brutal, and it tells the truth of a system where knowing who talks to whom is often enough to act.
An example makes it concrete. Without reading a single message, observing that a number called an oncology centre, then an analysis laboratory, then a support group already sketches a diagnosis; observing that it called a single number every night, late, for weeks already sketches a relationship (Mayer et al. 2016; Lyon 2014). The content adds almost nothing to what the map of calls has revealed, and that is why protecting the content alone leaves an essential part of one’s intimacy intact.
One must add that even end-to-end encrypted messengers keep or see certain metadata, phone number, contact list, timestamps, network addresses, with notable differences between services as to how much is retained (WhatsApp 2023; Mayer et al. 2016). Signal marks the low end, with its “sealed sender” that hides the sender and the absence of a contact list kept on the server side, where others keep far more (the present inquiry sticks to Apple and Meta, the Google/Android ecosystem remaining out of scope) (WhatsApp 2023; Mayer et al. 2016). None erases the trace of the communication entirely. This sheds light on a frequent confusion between “content” and “data”: the promise “we do not read your messages” can be perfectly true for the encrypted content while leaving the company to exploit other data abundantly, which is a distinction to hold, and not a contradiction.
A last route of access escapes encryption from below, by attacking the device itself. End-to-end encryption protects communications in transit, but it does not protect against spyware that directly compromises the terminal, like Pegasus, which reads the content after decryption on the phone (Citizen Lab 2021; Abelson et al. 2015). The protection therefore also depends on the security of the device, and the adversary changes: we are no longer talking about a curious provider, but about an attacker able to enter your home.
This shift of adversary is instructive, for it shows that the same communication can be both well protected and exposed. Against a provider that would read your messages en masse, end-to-end encryption is effective; against spyware that takes control of your phone, it is useless, since the content is read there once decrypted, on the very screen where you read it (Citizen Lab 2021; Abelson et al. 2015). This kind of attack is costly and remains, in practice, reserved for valuable targets, which takes it out of most people’s threat model while recalling that no function protects against everything.
4. The default-setting trap
A true promise can protect very few people if it is disabled by default, and this is one of the most underestimated levers of the subject. The strongest protections are often optional, and their real adoption stays low, so that the function exists but covers only a minority of users in practice (Acquisti et al., n.d.). The default setting matters all the more because the great majority of people never change the options offered, out of habit, ignorance or trust; a less protective default therefore protects fewer people, regardless of the existence of a stronger option (Acquisti et al., n.d.).
The most telling example concerns backups. By default, iCloud backups are not end-to-end encrypted: Apple then holds the keys and can hand over the content, including saved messages, in response to a valid legal request (Apple 2024b, 2024c; Abelson et al. 2015). The consequence is concrete and often ignored: an end-to-end encrypted iMessage can become accessible again if it is included in an iCloud backup that is not end-to-end encrypted, whose key Apple holds (Apple 2024b; Abelson et al. 2015). The door locked on the messenger stays open through the window of the backup.
This power of the default setting is in no way anecdotal, it is one of the best established levers of design: what is offered from the start becomes, for almost everyone, what will remain (Acquisti et al., n.d.). A company that leaves its strongest protection optional, behind several menus and a warning, can therefore display an accurate promise while knowing that most of its users will never enable it. The sincerity of a function is judged also by the place it is given in the settings, and a protection buried in a submenu sends a different message from the same protection enabled by default.
The same trap holds beyond Apple. For a long time, WhatsApp conversation backups to a third-party cloud were not end-to-end encrypted, and their encryption became an option to enable, so that the weak link is often the backup rather than the messenger itself (WhatsApp 2023; Abelson et al. 2015). The general lesson holds in one sentence: to judge a protection, one must look at the default setting as much as at the announced function.
5. The state layer: Snowden, and what has changed since
There remains the adversary that cryptography is not enough to keep out: the State. This is where Snowden’s revelations keep all their force. The PRISM program, revealed in 2013, allowed American intelligence to obtain data from large providers under legal compulsion, relying on Section 702 of FISA, which authorises collection targeting non-American persons abroad (Privacy and Civil Liberties Oversight Board (PCLOB) 2014; Lyon 2014). Far from being a relic, this framework remains active: Section 702 was reauthorised by the US Congress, notably in 2024 (Congres des Etats-Unis 2024; Lyon 2014).
The legal arsenal has even widened. The CLOUD Act of 2018 allows US authorities to require from a provider data it controls even when stored outside the United States, which extends the reach of requests beyond borders (Congres des Etats-Unis 2018; Lyon 2014). To this are added national security letters, which allow the FBI to require certain subscriber data without prior judicial warrant, often accompanied by a prohibition on speaking of it that limits the companies’ transparency (Electronic Frontier Foundation 2023; Lyon 2014). The citizen sees only part of what is asked in their name.
This is where the technical layer and the legal layer meet. End-to-end encryption limits what can be compelled, for a provider cannot hand over content it cannot read, and that is exactly why States seek to weaken it. Under the term “going dark”, several States have for years pushed to introduce exceptional access or backdoors, in the name of public safety (Abelson et al. 2015). Yet a broad consensus of cryptographers concludes that there is no safe backdoor reserved for the authorities: any exceptional access introduces a vulnerability exploitable by others, which weakens everyone (Abelson et al. 2015, 2024).
This argument is not a militant posture, it is a technical consequence. A backdoor is a deliberately introduced weakness, and a weakness does not choose who uses it: the key intended for the authorities can be stolen, copied, or demanded tomorrow by another government, so that weakening encryption to reach criminals weakens it at the same stroke for journalists, dissidents and ordinary citizens (Abelson et al. 2015, 2024). The real choice therefore sets solid encryption for all against fragile encryption for all, and it does not reduce to a convenient trade-off between security and privacy.
Recent events illustrate this battle better than any speech. In 2025, the United Kingdom served Apple, through a secret order under the Investigatory Powers Act, with a demand for access to encrypted iCloud data; rather than insert a backdoor, Apple withdrew Advanced Data Protection for its British users, before the order was abandoned in the summer of 2025, the United Kingdom having backed down under American diplomatic pressure (Electronic Frontier Foundation ; Apple 2025; Abelson et al. 2015). On the European side, the draft regulation on the detection of child sexual abuse material, known as “chat control”, long provided for client-side scanning of messages; under pressure from experts and several States, the obligation to scan encrypted messages was removed from recent versions of the text, the debate continuing on other points such as age verification (Electronic Frontier Foundation 2026; Abelson et al. 2024). Apple itself had announced in 2021 a client-side photo-scanning system, before abandoning it in the face of criticism (Apple 2022; Abelson et al. 2024).
These episodes all turn around the same technique and the same danger. Client-side scanning, which consists in scanning content on the device before its encryption, circumvents the promise of end-to-end encryption, and security experts have shown that it creates a generalisable and divertible surveillance mechanism (Abelson et al. 2024, 2015). One must nonetheless keep a distinction of precision: targeted lawful access, where a company answers a valid request for data it can read, is not the same thing as mass surveillance, and confusing one with the other blurs the debate.
Two facts finish situating the real. A major part of data exposure escapes the encryption debate altogether: data brokers aggregate and resell location and behavioural data collected by third-party apps, a channel that neither encryption nor Advanced Data Protection covers (Englehardt and Narayanan 2016). And on the companies’ side, their own transparency reports show that they regularly answer tens of thousands of legal requests per year for the data they can provide, which confirms that the privacy promise does not remove legal access to data that is not end-to-end encrypted (Apple 2024c; Meta 2024; Lyon 2014).
These facts close the loop between technique and law. As long as a datum remains readable by the provider, it remains reachable by a legal demand, and that is exactly what end-to-end encryption withdraws from compulsion. The state layer therefore does not cancel the cryptographic layer, it follows its contours: blocked where encryption protects, present everywhere else. Understanding where this line runs is worth more than believing it either absent or impassable, for it is this line that decides, function by function, what a State can obtain without your consent.
6. Tracking transparency: a real and self-interested protection
To stay fair, one must acknowledge the protections that work, and one of the most visible comes from Apple. The App Tracking Transparency feature, which requires explicit consent to cross-app tracking, reduced advertising tracking and notably cut Meta’s advertising revenue, which shows that it has a real and not cosmetic effect (Kollnig et al. 2022). A privacy promise can therefore have measurable consequences, and it would be dishonest to deny them.
The skepticism must nonetheless stay symmetric. By restricting third-party tracking while developing its own advertising business, Apple also serves a commercial interest, and its protective function is not a purely disinterested act (Kollnig et al. 2022). The same measure protects the user and advantages the provider, which is possible without contradiction. One must finally note that the protection is partial: the restriction of identifiers did not make tracking disappear, the advertising industry having shifted in part to device fingerprinting and aggregated measurement, so that tracking adapts rather than ceases (Kollnig et al. 2022; Englehardt and Narayanan 2016).
The lesson of this episode goes beyond advertising. The same function can serve the user and harm a competitor in the same gesture, without one disqualifying the other, and well-tuned skepticism consists in holding both together rather than choosing the most convenient story (Kollnig et al. 2022). Apple did its users a real service and Meta a disservice in a single move; acknowledging the first does not require denying the second, and suspecting the second does not require erasing the first. It is the application, in the commercial register, of the symmetry that guides the whole text.
7. What this establishes, what it does not
We can now assemble the map. The same function gives opposite answers depending on the adversary: iMessage end-to-end encryption protects very well against a phone thief or an advertiser, but it does not protect against a request bearing on an unencrypted iCloud backup, nor against spyware installed on the device. This is the central illustration of the threat model: without specifying the adversary, the word “protected” is empty.
The honest answer is therefore a three-entry map: by function, that is, what is really end-to-end encrypted; by setting, that is, what is enabled by default or left optional; and by adversary, that is, who one is trying to protect oneself from. Applied to the two competing narratives, symmetry gives a divided verdict: real end-to-end encryption has nothing of marketing, so “it is all bullshit” is false; and yet metadata, defaults and legal access subsist, so “you are protected” is just as false. Each of the two camps holds half the truth, and errs by taking it for the whole.
This map is not a cautious dodge, it is the exact form of the answer. For a given function, one can say what is encrypted and what is not; for a setting, one can say whether it protects by default or only on a voluntary step; for an adversary, one can say whether the function holds or gives way. Once these three boxes are filled, the initial question receives a precise answer, often reassuring on one point and worrying on another, which is worth more than a global yes or no that would be wrong half the time.
This does not, however, exonerate the marketing. Part of the privacy promises does amount to overselling: broad phrases of the kind “your privacy is our priority” suggest a general protection that holds only for certain functions and certain adversaries, and it is legitimate to distinguish them from verifiable technical guarantees. The right reflex consists less in believing or rejecting these slogans than in asking them which function and which adversary they speak of.
8. Conclusion: shifting the reading
From all this a simple, sustainable line of conduct emerges. Before believing or rejecting a privacy promise, ask yourself who you want to protect yourself from, on which precise function, and with which setting; enable the strong options, backup encryption, Advanced Data Protection, when the adversary justifies it, and do not expect encryption to cover what escapes it. It is less restful than a slogan, and far more useful.
Concretely, this comes down to a few gestures proportioned to the adversary. If you mainly fear a phone theft or an advertiser, default encryption and a good passcode are largely enough; if you fear a legal request or a more determined actor, enabling Advanced Data Protection and backup encryption really changes things; and in all cases, do not ask encryption to protect what it does not cover, such as metadata or a compromised device.
The shift holds in one sentence. The good question stops being “is it bullshit” to become “who does this precise function protect me from, with this setting”. The answer is a map rather than a verdict, it is less satisfying than a cry from the heart in one direction or the other, and it is the only scale at which it is true.
This shift has a cost and a reward. The cost is to give up the comfort of a clear-cut judgment, the “they are all rotten” as much as the “all is well”, in favour of an answer that changes from one function to another. The reward is to stop being tossed between panic and naivety, and to be able at last to act: to choose one’s tools, enable the right settings, grant one’s trust to the precise measure of what is verifiable, and withdraw it where it is not deserved. To know what one is protected from, and what one is not, is already a form of lucidity, and lucidity is worth more, here, than the peace of mind it replaces.