As a longtime and current debian user, lol if you think it hasn’t been infiltrated or that any network of developers spread over the globe could resist infiltration let alone the open source “community”.

A large portion of the maintainers of popular open source projects are en the employ of some company or other explicitly because of their maintainer role. Even if some hypothetical distributed global network of developers could resist infiltration, the maintainers of our open source software cannot.

The building blocks of android are maintained by developers who are employed by google. Google was compliant with prism four years before Apple (the exact amount of time it would take for a sealed case to wind its way through appeals).

If the fact of apples compliance with the laws of its jurisdiction worry you, the fact that people don’t get targeted or convicted off of information from properly configured icloud accounts or locked Apple devices should counteract that worry. The fact that other generally held to be trustworthy companies like mullvad are compliant with the laws of their jurisdiction should make it clear that legal compliance doesn’t necessarily mean a company or service isn’t trustworthy.

I would also like to point out that for the purposes of us law, entities outside the jurisdiction of the us are subject to a freer surveillance apparatus which need not be hampered by what some judge is willing to sign off on and doesn’t need to comply with its subjects rights as defined under us law.

An apple in Mexico would be able to offer fewer protections to its us customers than one incorporated in the us.