I don’t know which at rest point you’re meaning, but TLS in an HTTPS connection is not normally considered end to end. For a chat client, end to end encrypted means you hit send, the message is encrypted, and cannot be decrypted until it arrives at the recipient.
An HTTPS connection is decrypted by the server in the middle, then re-encrypted for transit to the next person. I would think E2E could be considered encrypted at rest while on (e.g.) Facebook’s servers. The danger area for E2E is at either end, where the decryption client is controlled by the middle man.
I would hope that Facebook would not store the decrypted messages on your device, but I guess they must store something as you aren’t prompted each time for your decryption code.
notice how they always talk about end-to-end-encryption and never say anything about encryption-at-rest
I don’t know which at rest point you’re meaning, but TLS in an HTTPS connection is not normally considered end to end. For a chat client, end to end encrypted means you hit send, the message is encrypted, and cannot be decrypted until it arrives at the recipient.
An HTTPS connection is decrypted by the server in the middle, then re-encrypted for transit to the next person. I would think E2E could be considered encrypted at rest while on (e.g.) Facebook’s servers. The danger area for E2E is at either end, where the decryption client is controlled by the middle man.
I would hope that Facebook would not store the decrypted messages on your device, but I guess they must store something as you aren’t prompted each time for your decryption code.