[amadeuspzs]

You are confusing E2EE encryption with encryption in transit/rest in the commerce example. The majority of transactions today are encrypted in transit and (you would hope) encrypted at rest so that the bank and selected parties can access the data (including the customer). There is no bank that would encrypt financial data using E2EE so that only the customer and merchant could access it, which is the analogy here on E2EE with messaging.

Sure, now we are looking at tokenization which reduces the risk merchants store your details insecurely, but commerce will always require a bank to store your information and share it with legislators for anti money laundering purposes etc.

[amingilani]

> You are confusing E2E encryption with encryption in transit in the commerce example

I think he meant to do that. E2EE between two people has the same kind of requirements as E2EE between a person and a server. If you're trying to say point-to-point encryption, where the server is just a relay between the points, and it handles the data unencrypted, then I think all the arguments for E2EE apply here as well.

[cmiles74]

I think it would be entirely reasonable to have communications between a person and their bank end-to-end encrypted (isn't that the goal of SSL?) as well as communications between a person and a vendor or a vendor and their bank. Wouldn't this cut down on the instances of credit card information and other data being intercepted while in transit?

[thefz]

Correct. Nice catch.

I still think that full E2E is a fundamental human right.

[dijit]

Many governments agree with you. Sometimes hypocritically.

https://en.wikipedia.org/wiki/Right_to_privacy