[mschuster91]

You can do end-to-end encryption just like with emails. Just the metadata (sender, recipient) needs to be plaintext.

[sososoko]

Ahh, i think i get it. but that brings us back to my question; how is the data store on the server, Encrypted or plaintext? if its encrypted would that mean decryption happens per each session. e.g. when using whatsapp web ( could it be why they need the phone to be online? )

[motoboi]

They seem to use a public key method.

How I would do it was by distributing keys to devices at login and let friends use a users public key to encrypt messages to him.

Now you pack that encrypted message in a metadata envelope, send to server to be later retrieved by the owner.

The keys should never leave the device.