To be fair zoom did claim E2EE, with one of the ends being their servers.

> When companies like Meta claim they support E2EE, this is what they claim.

Well, that statement can only resolve to true.

These requests of data collection are perfectly legal. FBI DITU gives an order: give me all chats from *@banana.com and they receive banana.com.

From there, two choices from the perspective of a tech provider:

a) You accept. You get paid.

    You can always claim you had been coerced / are a victim, and that everything has been done by the law.

    You take the risk to lose over 250K per day (!) in fines, some other court scandals that will come to you, some shady private stuff (what if we learn about your secret jacuzzi ?), harassement of the team, be publicly shamed that you supported terrorists who caused actual death of Americans, etc.

    In addition, nobody will know that you are the privacy hero and you are not even sure that the data is not exfiltrated another way.

Yes, we looked carefully and decided we won't enjoy losing 100M USD and go to jail.

The trick is that the identifier / wildcard can be very vague and wide. Or there can be multiple of them, each of them are narrow, but put one of top of the other they are super wide.

Do companies that claim E2EE support face consequences if they don't abide by IETF's definition? Not like IETF governs them.

It's not entirely accurate to say "any party other than the sender and the intended receiver," since the messaging app running on the user's device can read the messages. Something like "any third party (other than the app vendor)" would be more accurate. Without actually analyze app behavior, it comes down to trusting that the vendor doesn't do anything nefarious.