[kelnos]

You keep saying this, but it's nonsensical. If I terminate TLS on the box that does processing, there's nothing to intercept.

And these days (especially post-Snowden), many (most?) companies encrypt data when sending between servers within their own (private network) infrastructure.

[aleqs]

You have no control about where TLS is terminated when you're talking to a 3p cloud service (with services you don't control/run like cloud LLM APIs). You also have no control about what spyware is installed on/around VMs you rent (and there's a lot). Also when talking about encryption between servers within datacenters you seem to be missing that in order for such multi -stage/path encryption (separate certs/keys) to be possible the data first has to be decrypted at each point, not to mention every major US tech company generally cooperates with the NSA and gives them access to anything they request (including allowing the installation of dedicated hardware to intercept decrypted traffic as has been publicly exposed documented many times already).

Yours and others' claims that it's impossible and nonsensical is based on lack of understanding.

Yours and others' claims that things somehow got better after Snowden is just a completely baseless statement - if you actually looked into what happened post-Snowden - absolutely nothing was done to prevent NSA spying on any communications they want, in fact it got significantly worse.