[edandersen]

It doesn't need to be a pop up. Just behave like a HTTP site ("not secure" warning) when you could be MITM'd between yourself and the entity you think you are communicating with.

If it turned out "End to end" encrypted chat went through a third party that even transiently had access to the plaintext version of the chat (like how Cloudflare works) you'd be apoplectic.

[tick_tock_tick]

It's impossible to know if a third party had access to the plain text. Hell even Cloudflare can be setup with actual end to end encryption where they can never see the contexts of the traffic. Most users don't want that as they want CDN features that require unencoding the data.