> If the ring uses Bluetooth to sync the data to your phone and the phone syncs data to the Oura servers, but the data is in the clear on your phone, then by this definition, it is not E2E encrypted.

Yet another angle would be that both the phone and the ring are in one's material possession, whereas the cloud is someone else's computer, and to display a nice web UI it has to have the data unencrypted over there.

In that case, the cloud is the potentially untrusted intermediate between the data and one's eyeballs.

All of these are equally valid, it all depends on what is your threat model.

> The term has kind of degraded

I have to disagree. It's the same thing that happened to terms such as open source. It's perfectly clear what it means but marketers intentionally attempt to mislead people for the sake of their own bottom line.

> but the data is in the clear on your phone, then by this definition, it is not E2E encrypted.

False. E2EE is centered on a given user. So long as the phone would be viewed as "yours" (ie inside your personal security boundary) by a reasonable person then it is clear that the data is E2E encrypted.

As the sibling comment notes the common issue is providing a web interface. It isn't so simple to have a remote server dish up a nice UI with lots of convenient functions while only decrypting the data on the client side. It can certainly be done but it requires developers that know what they're doing and management willing to budget for it.

this is such a hacker news comment. expounding needlessly. e2e implies encryption at the source and endpoint which entails encryption along all transit paths. its not that deep. if its not encrypted at the source “ring”, then it cant be e2e. I get your semantics but its just a waste, as is my comment here.