Re: State Surveillance. The weakness here is in swapping out for a compromised device.
"Given this is attempting to prevent State surveillance. Worth stating that deliveries can be intercepted and addresses flagged for purchases of electronic equipment due to be delivered and examined/opened before delivery."
NSO malware is frequently used by states surveilling people in other states. Saudi Arabia couldn't have intercepted a phone being delivered in the US to compromise it, at least not as cheaply as doing it locally. They may also lack a convenient exploit kit to install on a phone that remains resident, given that the initial setup process only happens normally when there is no user data.
"If you're going to this much trouble, you also need to go to the trouble of obtaining a device through someone else, who isn't being targeted"
Or get lucky. The last laptop I bought for someone was by walking into a shop, paying for it, and carrying it out. You can buy phones like that too. Try intercepting that delivery. Unless they've got a spy in every computer store or opportunistic malware on all of them (and I'm sure they'd like to), you can't guarantee it. They can do a number of things, but they aren't certain and they're expensive and difficult.
"Apple is likely to have a list of devices with this feature enabled,"
Why? They don't need that in a database. As you correctly point out, doing that could cause problems. There's no reason for them to want that list or to put in code to collect it, which could not help them but would certainly anger users.
"Surely better to sit below the radar with an unassuming run-of-the-mill device within the masses, switch off every privacy compromising feature you can, so that it looks like every other regular Apple device. The idea is not to stand out from the crowd."
Again, this is on-device config. It's not a spotlight attracting attention to you. Likely, if you're turning this on, they already know who you are and can find your device without needing this, and the feature just protects you from their attempts to penetrate your defenses.
"This doesn't fit the zero-trust model."
Actually, it entirely does. The zero trust model isn't about trying to hide. It's about having protections on everything. A zero trust configuration is very different from a default config that has several trust-based attack surfaces. I should point out, however, that zero trust configurations don't announce themselves routinely. You only find out whether it is one when you intercept its traffic or attempt an attack.
Biting the hand that feeds IT
