If you aren't doing the encryption yourself, you aren't using end-to-end encryption. People need to start realizing this and stop trusting companies implicitly because they say they are end-to-end encrypting something.

End-to-end encryption has been partially redefined by the industry to include things that are transport encrypted all the way. This still gives the central servers access to the data, even if they do not log said data. If they theoretically can read the data, they can be compelled to by CALEA (Compelled Assistance to Law Enforcement Act) in the US, and other laws abroad.

Something to note, this also applies to web based local encrypted services using Javascript such as bitcoin wallets, cloud based password managers, Mega, and things such as Google's described attempt at end-to-end encrypted email. Since everything is happening in Javascript which isn't executed by the server, it is definitely being served to you by the server. That means, a simple insertion of some code that logs your password and sends it to their server once and in limited deployment to certain users they will be able to retrieve your password. Unless you review every single piece of Javascript executing on your client every single time you execute the code, you cannot ever fully ensure this is not happening on any of these services.