Comment by buzer

> - Making design choices such as ensuring that E2EE is opt-in by default, rather than opt-out would require people to choose E2EE should they wish to use it, therefore allowing certain detection technologies to work for communication between users that have not opted in to E2EE

So you make it so that when the user starts the application you ask them "Your current configuration allows government, and probably some hackers as well, to see your messages. Do you want to enable encryption? Your government's suggestion is that you should say 'No' here. That's also what the foreign intelligence agencies suggest" "Yes, enable encryption" "No". That's clearly opt-in, you even provide the government's recommendation. And of course you then ask that whenever they open the application if they selected "No", we have learned that it's completely fine to keep asking same question from the user.

Oh, and make sure that the other party is clearly aware that the other side has not enabled encryption.