See my comment above about the unencrypted backup.
It's basically a UX tradeoff:
You can not promote default E2E + no autobackups -- people in mass are not ready to lose their data when losing the device. Nor they are ready to store the key separately in a confidential manner. Nor they are ready to manually transfer the key among different devices.
All this UX situation is defined by Moxie (the author of Signal and Whatsapp encryption) in his blog post about PGP/WoT concept meeting the reality https://moxie.org/2015/02/24/gpg-and-me.html
So in fact as the average user you have either:
1) E2E + unenctypted autobackup (Whatsapp)
or
2) no e2e by default and separate e2e secret chats (Telegram) that are available only on a specific device.
In the first scenario all your chats inclusing the most sensitive are available by the law enforcement by issuing a warrant to your file storage provider.
In the second scenario you potentially can spill some sensitive information in default non-encrypted chats.
What is worse? I don't know. But I use both Telegram and Whatsapp with backups turned off. So I'm losing all the Whatsapp chat history when using a new device while losing only secret chats In Telegram (not a problem for me since I delete them often manually or set a self-destruct timer anyway)
Backups are encrypted now. Looks like they improved it.
I get it. I'm a privacy and free and open source software enthusiast. It's not perfect. It certainly is better than alternatives though. We know for a fact that it pisses off judges and authorities. That's a major sign that its working. You should be concerned when they stop complaining about it, it means they got in.
Judges and authorities complaining is not a proof that encryption is good. Not cooperating with court will have the same effect, which is exactly what Durov is allegedly accused of.
It's basically a UX tradeoff: You can not promote default E2E + no autobackups -- people in mass are not ready to lose their data when losing the device. Nor they are ready to store the key separately in a confidential manner. Nor they are ready to manually transfer the key among different devices.
All this UX situation is defined by Moxie (the author of Signal and Whatsapp encryption) in his blog post about PGP/WoT concept meeting the reality https://moxie.org/2015/02/24/gpg-and-me.html
So in fact as the average user you have either: 1) E2E + unenctypted autobackup (Whatsapp) or 2) no e2e by default and separate e2e secret chats (Telegram) that are available only on a specific device.
In the first scenario all your chats inclusing the most sensitive are available by the law enforcement by issuing a warrant to your file storage provider. In the second scenario you potentially can spill some sensitive information in default non-encrypted chats.
What is worse? I don't know. But I use both Telegram and Whatsapp with backups turned off. So I'm losing all the Whatsapp chat history when using a new device while losing only secret chats In Telegram (not a problem for me since I delete them often manually or set a self-destruct timer anyway)