Of all the problems iMessage has, Apple says it plans to solve a persistent one: having access to all your conversations on every device, instead of messages and data lying scattered across all the Macs, iPhones, and iPads you use. But is this the right problem to solve?

Apple’s Craig Federighi explained at the 2017 Worldwide Developers Conference that iMessage will be stored in iCloud with “end-to-end encryption,” but provided no other details. Later, he mentioned that Siri training will sync across iCloud instead of being siloed on each of your Apple devices, and that training and marking faces in Photos’ People album will do the same—and with end-to-end encryption.

Despite that encryption promise, this concerns me. It’s better to have the least amount of personal and private information pass through other systems, instead of directly between two devices. It’s especially good to have the least amount of private data stored elsewhere, except if the encryption for that data is firmly under your control or fully independently vetted.

That storage issue is particularly problematic with iMessage. While Apple’s design for at-rest storage could be terrific, iMessage itself is way behind its competition in providing an effective, modern encryption model. Notably, if a party sniffs and records encrypted iMessage data from a privileged position and a later flaw allows the recovery of an encryption key, all previously encrypted data can be unlocked. The way to prevent that is using forward secrecy, which Signal’s OpenWhisper protocol employs in the Signal app and in WhatsApp.

How it likely works

While I’ve queried Apple for more details on how all this will work, it’s likely they won’t provide any until closer to the OS updates or even afterwards. If you’re installing developer or public betas, you should consider how this might affect you without having all the details to hand.

Apple designed its iCloud Keychain sync in an admirable way. It uses a “zero knowledge” approach, which is the gold standard for hands-off data transfer and storage. With a cloud-storage system like Dropbox or how Apple hands email, contacts, calendars, photos, and other iCloud data, all information has an encryption overlay while in transit and another form of encryption at rest on the cloud servers.

However, that at-rest encryption lies under the control of the company offering the service. It possesses all the keys needed to lock your data on arrival and unlock it to transmit it back. Thus, it’s susceptible to internal misuse, hacking, legitimate government warrants, and extralegal government intrusion.

With iCloud Keychain and other similar syncing—such as that used by 1Password and LastPass, which I discussed in a recent column—a secret gets generated by software running only on client devices and that secret is stored only there. The company that runs the sync or storage service never has possession. Data is encrypted by the mobile or desktop OS and transmitted.