> Weird to see a bunch of posts trying to argue that E2E doesn't imply that provider can't see the data, at rest or in transit.
It's only weird for the people in that middle ground where they know "something" about it, but really not much at all. There are ways to get educated and at least acknowledge the misunderstandings but who has time for that [0].
E2E explicitly means from one end to another. Obviously when the provider is one of the ends, as sender or final recipient of the data, they can have access to the data and not violate the principle of E2EE. When the provider is just an intermediary they should not be able to decrypt the data because they are not one of the ends.
Some companies slap the E2EE sticker on their product even when it's meaningless because it makes the product sound more secure. Like when they were slapping "blockchain" on everything. Or "AI" and "agentic" these days. It means nothing, it's misleading, but not factually wrong.
No, again, that is misinformation on your part. By your own logic every https connection qualifies as E2EE by virtue of traversing untrusted intermediaries as it crosses the public internet.
That obviously makes no sense as it renders the term entirely pointless. The entire reason for the term to exist is the difference from encryption in transit. It specifically means that one or more of the intended recipients (generally the service provider) do not have default access to the data.
The "meaningless" usage you describe is fraud seeing as it's an intentional attempt to deceive the consumer. It is factually wrong in the exact same way that slapping an open source label on something made available on github under a proprietary license is.
It's only weird for the people in that middle ground where they know "something" about it, but really not much at all. There are ways to get educated and at least acknowledge the misunderstandings but who has time for that [0].
E2E explicitly means from one end to another. Obviously when the provider is one of the ends, as sender or final recipient of the data, they can have access to the data and not violate the principle of E2EE. When the provider is just an intermediary they should not be able to decrypt the data because they are not one of the ends.
Some companies slap the E2EE sticker on their product even when it's meaningless because it makes the product sound more secure. Like when they were slapping "blockchain" on everything. Or "AI" and "agentic" these days. It means nothing, it's misleading, but not factually wrong.
[0] https://www.researchgate.net/publication/342621891_Improving...