@tindall@cybre.space Nicely written and well-balanced!

A caveat: on threats from trusted vendors, I'm not what would be meaningful advice. Should we judge vendors by what they're known to have done, what people suspect they're doing (but isn't proven), or what they might do someday?

Apple's CSAM plan was delayed. Perhaps indefinitely. Now what?

Once we consider open-ended threats from security updates, any response from ignoring it to extreme paranoia could be justified, depending on your attitude.