[fc417fc802]

> everyone interprets it differently.

No, they don't. You're spreading misinformation. If the service provider can see the data then it is not E2EE. There is no room for negotiation here. Let me be perfectly clear that any service provider that claims E2EE while having access to user data is committing blatant fraud.

That said, it does not appear that Oura ever claimed E2EE. The author is merely making it clear to the reader that this is not the case.

[Chaosvex]

Agreed. Weird to see a bunch of posts trying to argue that E2E doesn't imply that provider can't see the data, at rest or in transit.

[close04]

> Weird to see a bunch of posts trying to argue that E2E doesn't imply that provider can't see the data, at rest or in transit.

It's only weird for the people in that middle ground where they know "something" about it, but really not much at all. There are ways to get educated and at least acknowledge the misunderstandings but who has time for that [0].

E2E explicitly means from one end to another. Obviously when the provider is one of the ends, as sender or final recipient of the data, they can have access to the data and not violate the principle of E2EE. When the provider is just an intermediary they should not be able to decrypt the data because they are not one of the ends.

Some companies slap the E2EE sticker on their product even when it's meaningless because it makes the product sound more secure. Like when they were slapping "blockchain" on everything. Or "AI" and "agentic" these days. It means nothing, it's misleading, but not factually wrong.

[0] https://www.researchgate.net/publication/342621891_Improving...

[fc417fc802]

No, again, that is misinformation on your part. By your own logic every https connection qualifies as E2EE by virtue of traversing untrusted intermediaries as it crosses the public internet.

That obviously makes no sense as it renders the term entirely pointless. The entire reason for the term to exist is the difference from encryption in transit. It specifically means that one or more of the intended recipients (generally the service provider) do not have default access to the data.

The "meaningless" usage you describe is fraud seeing as it's an intentional attempt to deceive the consumer. It is factually wrong in the exact same way that slapping an open source label on something made available on github under a proprietary license is.

[close04]

> No, they don't. You're spreading misinformation.

You can confidently say that everyone is qualified enough and understands E2EE the same way you do? Is it magic or an LLM whispered in your ear?

Because by the nature of my job I talk every 2 days with someone who doesn't really understand what E2EE is, what it does and more importantly what it doesn't do. They learn from marketing materials nit from reading technical info, you know, like almost all users out there.