[xoa]

>Any insights as to why the big players are implementing E2E while ignoring P2P? Is this a control issue or purely related to technical challenges?

Both. Certainly a lot of major players see messaging as an important strategic area, not much needs to be said about that. But remember, for actual secure communications one needs both encryption and authentication, and the latter is a much more challenging problem. Purely as a matter of tech there could be better ways to go about that, but in practice there isn't any great infra for that inter-system, which is both distributed or at least federated and easy/accessible for the overwhelming majority of the population. It's improving in fits and starts but still a mess. A lot of the natural places that might make sense to base authentication off of have insecure foundations with enormous legacy base that'd be hard to change (typical collective action problem), or are very slow moving for other reasons.

Centralized solutions just make authentication much easier, even if at obvious cost and SPOF-risk. Within any given platform the centralized provider can of course guarantee all participants about certain properties of whomever they're dealing with. Governments could perhaps require some sort of industry standardized public-key based interoperability of auth, but even assuming they didn't muck it up goverments themselves (as this article shows) have unfortunate perverse incentives there. Not many have internalized yet that the economic cost of poor authentication and security is very high because it's so distributed. There may be a bit of coming around on that but it's slow. A grim silver lining to all the ransomware attacks for example is that at least they're highly visible and painful, and at last have started to motivate minds a bit. But the addiction of many agencies to old models is strong.