Your response indicates you may have limited knowledge on the topic.
> what do you think is more likely, that the tiny team of 6 invested a ton of time reinventing the wheel with a custom in-house AES implementation
AES is a cryptographic primitive. No one ever implements their own. What developers implement is the cryptographic system - the block cipher mode, initialisation vectors, rounds, salting etc. It all very easy to get this wrong. Their site does state they use GCM cipher mode which is the right choice (say over ECB, CBC…)
> which you can verify with wireshark
Viewing encrypted material in a packet capture is meaningless and provides zero assurances
> What exactly are your concerns, given that the data isn't encrypted locally in the first place?
The encrypted data in their cloud solution is adequately protected.
Companies that take end to end encryption seriously will generally provide details on how they went about their cryptographic system.
For example, is the encryption key derived from the password? If so what is the key derivation function? How many rounds didn’t get select? These are generally the responsibility of the developer to responsibly choose.
> what do you think is more likely, that the tiny team of 6 invested a ton of time reinventing the wheel with a custom in-house AES implementation
AES is a cryptographic primitive. No one ever implements their own. What developers implement is the cryptographic system - the block cipher mode, initialisation vectors, rounds, salting etc. It all very easy to get this wrong. Their site does state they use GCM cipher mode which is the right choice (say over ECB, CBC…)
> which you can verify with wireshark
Viewing encrypted material in a packet capture is meaningless and provides zero assurances
> What exactly are your concerns, given that the data isn't encrypted locally in the first place?
The encrypted data in their cloud solution is adequately protected.
Companies that take end to end encryption seriously will generally provide details on how they went about their cryptographic system.
For example, is the encryption key derived from the password? If so what is the key derivation function? How many rounds didn’t get select? These are generally the responsibility of the developer to responsibly choose.