Oh....and about Diffie/Hellman (circa 1976).........................
....where two end points can engage in a handshake over an insecure channel, but nevertheless each end point can calculate the same secret key without the secret ever passing over the network.
*
So it's possible for two endpoints to agree a different key for every interaction, without any user involvement, and without any published keys (as with PGP and siblings, HTTPS etc. etc.).
*
This simple mathematical procedure makes it possible for two endpoints to encrypt everything before anything enters a public channel.......making "end-to-end encryption" completely moot.
*
In recent experiments here at Linux Mansions, Diffie/Helman is perfectly practical on pathetic cheap laptops using six hundred long decimals for the handshake and calculated secret keys of the same length. This is all done in software, no user input, all data associated with encryption and keys used once and securely deleted after each transaction. The only data in the public domain is the privately encrypted transaction in transit.
*
Since there is nothing published about keys, and new keys are calculated for each transaction, when the plod turns up, the users can truthfully say "Sorry...we know nothing about keys, you can take all our equipment away and you will find nothing".
*
The mathematical procedure to implement this has been known for over forty years. Why do we hear nothing about it in the public debate about "end-to-end encryption"......rendered moot if anyone wants to implement it?