As I don't remember the name of everybody I read about, it would take significant effort to go find the source.
It's much simpler to prove the concept logically:
Any time you're communicating on a service provided, programmed, and updated by at least one third party, it is fundamentally impossible to guarantee E2EE without being omniscient of what they're doing.
This is simply because the unen/decrypted data is in the software at some point in time, and the third party controls the software.
> Oh, this is a downright insane, dishonest argument. Perfection is impossible, so we shouldn't even try!
I did not say or imply this in any way, and no it is neither an insane nor dishonest argument, it's just a consequence of allowing a third party to control your data.