[darkwater]

If the chat is truly E2E there is no way a data breach can happen on the server side. The same applies if the app is only saving chat logs locally. [1]

Now, if the threat scenario is someone implanting a compromised version of the IM app on every device out there, and siphoning data from the device itself, then it's a completely different scenario.

[1] although this could be intercepted by an attacker compromising the IM servers, if the app is not distributed/P2P

[outime]

Logs are stored on local devices and many people back them up in whatever cloud (majority not encrypted).

You or the other person could lose the device and someone could use your PIN/password (something as simple as shoulder surfing while you use it). There could also be a leak in whatever cloud service you're using, or the data could get subpoenaed because of some dumb law that gets passed, some rogue employee, etc. It's a huge liability no matter how you look at it.

[darkwater]

You are proposing scenarios in which the only safe posture is to not chat at all...

[outime]

The whole thread is about permanently storing every single conversation forever vs conversations that get deleted shortly after. If the latter is chosen, the blast radius is significantly smaller.

[darkwater]

The blast radius of a single person conversations (shoulder surfing) which doesn't make any sense because if you are the kind of person targeted for their conversations you are going to take anyway other countermeasures in any case (in addition to probably disappearing messages).

But for normal people, the biggest risk is companies using their chats to train models / dispatch ads etc to which the only solution is E2EE.

[rhines]

There is the potential to use homomorphic encryption so that encrypted text can support operations like string search while encrypted, so unencrypted indexes would never need to be stored on user devices. It is a huge hassle though - it requires a ton of compute and is still very slow and limited, it's much more complex, and research is still ongoing regarding security. However if you want to truly minimize the amount of unencrypted data on your device this could one day be an option.

[actionfromafar]

Not really, if you accept the risk of it happening but you shrink the blast radius.