Apple already shipped attestation on the web, and we barely noticed

Yes, we're talking about the same Google that only reacted that way to PRISM when a leaker blew the whistle (do we need to wait/hope for a whistle blower for every government thing they comply with?). The same Apple that moved the data for all Chinese customers to data centers where the CCP can access/monitor them. The same Apple that censors/filters the app store for Chinese users to enforce government policies.

The chances that they would comply with future government requirements cannot possibly be "virtually zero."

China is kinda irrelevant here because western social networks and services are blocked there anyway, so the Chinese government can indeed compel Chinese companies to spam users with political propaganda (and does), but western companies are irrelevant in that process.

For Google and PRISM, I'm sure it won't change your mind, but I worked there at the time and the reaction was genuine. If there were people inside the firm who knew about it at all it must have been a very small group of spies/double agents, and such people were never detected despite a thorough search. Given that it was all based on fiber taps done by telcos though, it's not clear why they'd need any insiders. The assumption of formal cooperation was based on the phrasing of one or two sentences in some leaked documents, but the way the whole thing was set up didn't actually require it so, what those insiders would have been doing was a bit unclear.

Anyway, this is all by the by. We can't know what will happen in future. But if they won't budge on E2E encryption then it seems unlikely they'd be willing to bypass anti-spam measures, which is far more detectable, far less justifiable, and probably doesn't fit within any existing laws.

Thanks, that actually does make me feel a bit better about Prism.

Do you have any experience with how things have changed over the last few years at Google?

I have a friend who said that 2016 was really a turning point in the culture. Prior to that most people were all about liberal values like free speech, and user freedom, but in the last 6 or 7 years it's become very "moderation" or "censorship" friendly (depending on your views), including for things like OP topic. On the plus side he has said that privacy is don't that used to be an after thought of anything, but is now in the cultural zeitgeist, do it's not all bad. Do you have any experience you're willing to share on that?

I left in 2014 so don't know what happened after that. It does seem that 2016 was a turning point for a lot of institutions. The Google that believed in empowering people through "making the world's information universally accessible and useful" was definitely dead by that point, although they still claim that's the mission.

I don't agree that privacy was an afterthought before then. There were a lot of internal controls and privacy considerations had been a part of the design process even when I first joined in 2006. Of course the level of effort ramped up over time as the company grew. The primary constraint then as now was simply that most users trust tech firms, don't include them in their threat model and will reject even tiny amounts of inconvenience in the name of privacy. So that really heavily constrains what can be done. For example it kills most attempts at proper end-to-end encryption, leaving us with this sort of strange pseudo-e2e-encryption that's more a legal hack than anything serious (the company that supplies you with the encryption equipment is your adversary, which makes no sense in any classical conception of cryptography).