>So if I'm talking to my bank through a link where only my bank and I have access to the info, that's absolutely E2EE.
Through TLS? That is certainly not E2EE. That is because a trusted third party (certificate authority) is involved to insure that you are actually communicating with the bank. End to end means exactly that. You are able to communicate securely with only the trust of the entity you are communicating with.
You definition pretty much covers any effective use of cryptography for privacy. That would make the distinction meaningless.
It certainly is. Encryption is a separate problem from authentication.
>That is because a trusted third party (certificate authority) is involved to insure that you are actually communicating with the bank
The CA that helps with mutual authentication does not have access to the plain text, and it's perfectly possible to have other checks on top.
>You definition pretty much covers any effective use of cryptography for privacy. That would make the distinction meaningless.
Wrong. In fact, it's your definition that excludes nearly every single existing use of cryptography, also making the distinction meaningless. For most people even Signal involves a central party and trust for establishing authentication. iMessage? WhatsApp? None of this is E2EE according to you, which is ridiculous. MitM attacks and endpoint security are the core modern challenge for E2EE systems, but E2EE is still notably distinct from all the many kinds of communication that existed and still exist that aren't E2EE, and where neither of those are even required because the plaintext itself is available.
Edit to add: I don't tend to use wikipedia as much anymore, but regardless of objective objections to its definitions, I do think it's certainly worth considering for a view on what subjective consensus is. Ie, whether or not the articles are all correct, if you're trying to answer a more meta question of "what do people think it is" then that's always helpful. Which of course is a big question when it comes to language definitions. So fwiw, its entry on E2EE [0] agrees:
>End-to-end encryption ensures that data is transferred securely between endpoints. But, rather than try to break the encryption, an eavesdropper may impersonate a message recipient (during key exchange or by substituting their public key for the recipient's), so that messages are encrypted with a key known to the attacker.
Which is how I've always understood it. Authentication is a major second level challenge to encryption, but without any encryption at all it just doesn't generally come up when it comes to privacy. There is no particular authentication for HTTP or telnet. E2EE is one of those "necessary, but not sufficient" items.
>For most people even Signal involves a central party and trust for establishing authentication.
Most people do not have effective E2EE while using Signal or other systems like it. That is because they have not verified their "Safety Numbers" which is what is used in the Signal case. It is a long known (since PGP) usability problem that makes such systems impractical for most. Relevant:
Through TLS? That is certainly not E2EE. That is because a trusted third party (certificate authority) is involved to insure that you are actually communicating with the bank. End to end means exactly that. You are able to communicate securely with only the trust of the entity you are communicating with.
You definition pretty much covers any effective use of cryptography for privacy. That would make the distinction meaningless.