The ostensible reasoning is "think of the children" horseshit, but history proves such a powerful capability will be abused for unrestrained spying.
Key escrow for the entire US and world was floated with the Clipper chip (1993-1996). That was strangled in its crib because trusting thousands of people at NSA or GCHQ to just not stalk people is sheer fantasy, just as the Snowden leaks revealed.
iMessage stores the e2ee key in iCloud by default, which effectively makes all of a user's communications decryptable by governments and Apple at any time.
To offer a centralized service with actual privacy without zero knowledge p2p constructions, then it falls victim to the Lavabit problem. If you want security and plausible anonymity across your own devices, not metadata, then use a fork of Signal such as Session. (Signal is irreparably broken by being tied to phone number, which is a universal tracking device. The only people who use Signal are drug dealers and software engineers who don't know any better.)
Why is Signal "irreparably" broken? What makes the phone number issue "irreparable"? As I understand it usernames and phone number privacy are in the pipeline.
I'm a software engineer who does know; I'm aware that Signal is currently tied to phone numbers, and I'd love for it not to be, but I still use it, because it's E2EE and easy for non-technical people to use.
When there's something that's easy to use like Signal that uses decentralized cryptographic identifiers and onion routes all traffic, I'll start trying to get people to use that. I'd be happy to hear any recommendations.
If you have a mobile phone number, the domestic intelligence agency knows exactly where you are at all times and any LEO (without a warrant) can also find you. In addition, there have been numerous CCC presentations showing how insecure the global (excluding US) and (separately) US carriers are guilty of promiscuous metadata trafficking ($$) and insecure SS7 setups. As a consequence, for low $, you can go to any one of several shady websites and find the last location of almost any phone number (person unique ID) globally. There are additional varying exploitable vulnerabilities depending on the exact combination of {handset x carrier x country} to impersonate them, tap their line, reveal their exact location, and redirect their phone number through a third-party handset or even a PBX. These are more expensive and some capabilities are forbidden for all but a few selective intelligence uses.
Session (Signal fork) doesn't use phone numbers. It's pretty well-designed overall and uses an onion routing approach. It's already a superset of Signal except it doesn't use phone numbers. https://getsession.org
PS: Using regular TOR on home broadband or cloud servers is relatively risky and inefficient. Sybil attacks on it are common. And to network operators and security agencies it gives an easy "flow tag" of your uplink and exit node data traffic as automatically suspicious.
Key escrow for the entire US and world was floated with the Clipper chip (1993-1996). That was strangled in its crib because trusting thousands of people at NSA or GCHQ to just not stalk people is sheer fantasy, just as the Snowden leaks revealed.
iMessage stores the e2ee key in iCloud by default, which effectively makes all of a user's communications decryptable by governments and Apple at any time.
To offer a centralized service with actual privacy without zero knowledge p2p constructions, then it falls victim to the Lavabit problem. If you want security and plausible anonymity across your own devices, not metadata, then use a fork of Signal such as Session. (Signal is irreparably broken by being tied to phone number, which is a universal tracking device. The only people who use Signal are drug dealers and software engineers who don't know any better.)
https://en.wikipedia.org/wiki/Clipper_chip
https://en.wikipedia.org/wiki/Lavabit