Not only is the source closed and proprietary, the company and the product themselves have terrible reputations when it comes to security. Why would anyone even consider trusting whatever encryption they offer?

Even with open source software you will never know what is actually running on the servers. It's best to assume none of the services are e2e encrypted and you should provide your own encryption on top of the medium you communicate with if you require privacy. By own encryption I mean exchanging keys and encrypting offline using oss tools.

> Even with open source software you will never know what is actually running on the servers.

If the clients are open-source and properly implement end-to-end encryption, and you verify that they are not sending your keys to the servers, then what is running on the servers is irrelevant.

... if you have the technical expertise to audit the full source code, and run and audit your own build (on both ends).

Sure, but that's a different argument than what parent was making.

I'm qualified to audit loads of software I don't have the time to write myself.

Yes, but the servers only transfer encrypted payloads for which the servers do not have the decryption keys, and you can verify that just by looking at the clients (which are open source in this scenario). That is the entire point of end-to-end encryption.

Are you saying that MITM is not possible? For example your client will receive a key prepared by rogue server and it will decrypt and encrypt conversations on the fly. You wouldn't be able to tell unless you find a way to verify the person on the other side tried to exchange different keys.

Resisting MITM is the entire point of end-to-end encryption.

Verification can be made with the security code that WhatsApp uses, and the safety number that Signal uses (same thing, different name). Other systems have other, similar methods.

You can verify that they match in order to verify that you're not communicating with a man-in-the-middle, and if the key changes then both apps show a prominent warning.

Granted, a lot of people may not actually bother to verify.

End-to-end encryption properly implemented on clients is resistant to any malicious software that may run on servers.

The only relevant vulnerability is stealth updates infecting the client, but the client could disallow it as well.

Isn't the whole point of e2e that you don't need to worry about what runs on the server, unless you're worried about metadata leakage.

Correct, but if there is something between you and other user and can intercept key exchange then it can decrypt and encrypt anything on the fly. I think you would have to exchange keys offline to have true e2e experience.