Apple Said "Wiped." WhatsApp Said "Backed Up." I Learned How Little Those Words Really Mean.

Both were useless when I actually needed them.

Vincenzo Ciancia

~7 min read · April 20, 2026 (Updated: April 20, 2026) · Free: Yes

If you use Apple, WhatsApp, Google Drive, or iCloud, this may be more relevant to you than you want it to be. There is some good news, though. Read to the end! (spoiler: a radical paradigm shift, and a new open source project designed to survive its own disappearance).

I used to think the basic promises of modern consumer tech were settled. If a service says your messages are backed up, then your messages are backed up. If a device says it will wipe itself on next boot, then that machine is effectively on its way out. You may not understand every technical detail, but the core contract is supposed to hold. Recently I found out how weak that contract can be.

Note in passing: I'm a researcher in Computer Science, I'm 49 years old and I coded for the past 41 years. I love technology and I know it deeply. That's likely why in the last years I started to believe that flaws are less and less common, and vendors have started fulfilling their promises. Turns out I've still got a lot to learn! :)

First came WhatsApp.

I had around 5 GB of old whatsapp conversations (even important ones) backed up on Google Drive. The backup exists. I still pay for the storage. Then I broke my Android phone and bought a iPhone for about a thousand euros. I assumed getting my old conversations back would be annoying, but possible.

After all, the data was there, the account was there, the storage was there, and I was paying for all of it.

This was not some improvised setup done using vibe coding during my lunch break. It was a mainstream situation inside mainstream products: WhatsApp, Google Drive, iPhone, iCloud.

That assumption turned out to be wrong.

What I had was not really a backup in the everyday sense of the word. It was a backup inside a narrow lane.

A backup with conditions.

Basically, there is no way to recover these conversations without getting another android device. Data is just not recovered from Google Drive to iPhone. The backup is still there taking 5gb of my paid storage space.

Then came the macbook.

I have recently moved to a new macbook, and wanted to give my old one to a colleague. Before handing it over, I did what any careful person would do: I wiped it and disconnected it from my account; from a remote location from the new mac, because I was travelling.

I followed the official flow. I got the on-screen confirmation saying, clearly, that at the next boot, at the next connection to the internet, the machine would be wiped.

That sounded final. It sounded safe. It sounded like the problem was solved.

Then my colleague opened the machine. It asked for my password. I trust him, so I gave it to him. He entered it.

The Mac started up normally. My data was still there.

One more reason for this hacker to react!

That is the kind of moment that changes the way you think about the whole stack. Not because it is dramatic in a movie sense, but because it is so ordinary. No exotic attack. No criminal sophistication. No obscure enterprise setup. Just me doing the approved thing, seeing the approved confirmation, and then discovering that the reality underneath was not what the interface had led me to believe.

Those two experiences have stayed with me because they expose the same problem from two different directions.

We are surrounded by products that speak the language of safety, continuity, and control. Backup. Sync. Wipe. Restore. Disconnect. Migration. They sound solid. They sound like promises. They sound like the boring plumbing of modern life, the part you are supposed to be able to trust.

But in practice, those promises often break exactly when you stop being a happy-path user.

They break when your old phone dies. They break when you switch ecosystems. They break when you try to hand a machine to someone else. They break when years of messages matter. They break when you need the word "wipe" to mean what it says.

That is the part I think people underestimate. These are failures that strike inside the spaces we are trained to treat as safe. Your Apple account. Your WhatsApp history. Your cloud backup. Your device handoff flow. The trusted center of your digital life.

And if those spaces are more conditional than they look, then users are living with much less protection than they think.

I do not think the core problem here is that big tech companies are incapable of building polished products. Quite the opposite. The products are polished. That is what makes this more dangerous. The polish creates confidence. The confidence creates passivity.

People stop asking what is actually guaranteed, because the interface makes it feel rude or paranoid to ask.

That is not a small UX flaw. That is the shape of a system built around managed dependence rather than user sovereignty.

How to regain sovereignty

Here is the final part I promised. I mentioned an alternative, and I should explain where it comes from. With a motivated group of great colleagues, we are working on a new open-source project called Nearbytes. It is still experimental, and still in the prototype phase, but the idea behind it is solid. It has been in my drawer for a bit less than… 15 years. Basically, we encrypt your data with all the meta-data you may need to use it, share it or inspect it, and we store it on your computer. Then the transport layer distributes the data. It's not peer-to-peer, data can be shared even over traditional means, including the cloud, but also disks, phones, lan, wifi, and it works equally well on all these channels. We call it friend-to-friend because, since blocks are encrypted, you can share free space among circles of friends without fear of them eavesdropping your private life. In this way, you don't need the cloud to recover your data. It's that simple. And you can still use the cloud whenever you want, using the same app and the same protocol.

I started thinking seriously about Nearbytes around the time of the Megaupload seizure https://en.wikipedia.org/wiki/Seizure_of_Megaupload. That episode made something very clear. When too much of people's digital lives depends on a few centralized services, users are not in control. And this must be changed.

I somehow expected other people to just imagine the same system, and makeit, while I was busy doing the other projects I'm paid for, and other things in life like getting a permanent position, growing kids, buying a house, this kind of stuff.

But this did not happen, and recently I took the plunge and allocated time and resources to make this a research project I'll pursue in the next years.

Nearbytes begins from an inversion of control.

Instead of treating the cloud service as the center of reality, it treats your own local data as primary. You write data locally, and the app then copies it around in encrypted, shareable form across whatever places you choose: your devices, trusted contacts, external drives, local network peers, or cloud providers. The important point is that the cloud can still be useful, but it stops being the thing that gives the data its meaning or keeps the system alive. Even if the app were discontinued, the underlying encrypted data could still be reopened, decrypted by those who have the right keys, and used by new applications written later.

In this vision, a cloud provider becomes a convenience, not a prison. If you want to leave one provider and move to another — because it is cheaper, more respectful, closer, faster, or simply because you no longer trust the first one — that should feel like pushing a button.

Today, we often route everything through distant servers even when two devices are in the same room. That is backwards!

A healthier system should make nearby exchange natural. If a phone can carry photos, files, messages, or updates from one computer to another automatically, it should. If two devices are on the same network, they should be able to help each other directly.

So the vision is this: data is created locally, encrypted locally, and remains intelligible independently of any one provider. The app can replicate it automatically across storage locations and devices. Backup becomes a natural consequence of copying valid encrypted data to more than one place. Collaboration across a local network becomes the easy case, not the awkward one. Phones can act as bridges. Providers can be swapped quickly. And people remain connected, not less than before, but more robustly than before, because connection no longer depends on one narrow center holding the whole picture together.

You can help

This is still an experimental project. I do not want to oversell it. But I do want to be clear about the ambition, which is to help make digital life behave more like a commons and less like a lease. That is the direction I think we need. If that resonates with you, please help.

Raising awareness is already a lot. If you want to help, you can start by sharing this piece.

If you want to follow Nearbytes, the simplest option is to follow me on Medium. I will post major updates here, and I'm listening for better options in case you want to comment on this.

If you are a developer or researcher, watch the "community" GitHub repository for releases and technical progress.

https://github.com/nearbytes/community/blob/main/README.md

The app and specs are public under sibling repos, still under heavy experimentation, and it's likely not yet time to look at them until we stabilize them, but feel free to open issues for discussion.

I wanted to post a Discord link for you to discuss. But Discord won't open on my system today, it's stuck in an update loop :)

One more reason to push for a open source, widespread, reliable communication platform; and in the meantime please comment here, or get in touch on github.

#decentralization #ethical-hacking #decentralized-storage #post-cloud #digital-sovereignty

< Go to the original