[FrankDixon]

to me all this end-to-end business sounds too much like marketing. As long as you have to use the clients provided by facebook, it doesn't matter that the chats are end-to-end encrypted.

Facebook controls the clients and as such can do whatever it likes with your chats (or whatever you agreed to)

[throwawaymath]

End-to-end encryption is about decomposing trusted parties and compartmentalizing untrusted infrastructure. There are meaningful differences between end-to-end encryption and server-side encryption. These differences are entirely orthogonal to the question of whether or not you can verify the client or the server.

This is what I was getting at in my other comment. If you’re going to reject end-to-end encryption because you can’t verify the client, you’re looking at a very different set of criteria to establish the confidentiality and authenticity assurances you want. In particular, you are at a point where it’s difficult to establish a secure channel unless you’re using a fully decentralized, federated protocol with a server you stood up yourself.

[megous]

Yes, that's why you need independently developed and independently distributed client software. Otherwise there's no meaningful compartmentalization.

The parent poster is not rejecting end-to-end crypto itself, but how it's typically done. (on a locked phone you don't really control in an autoupdating app you don't control at all) Web based end to end encryption is even more ridiculous (say mega.nz for example), because then it's even more trivial to distribute different code to differnet users.

[throwawaymath]

There is meaningful compartmentalization without independent distribution and development. That point was the entire basis of my comment.