At the moment when user enables E2E encryption for S3 back-ends (or S3Drive storage) UI updates between devices are encrypted using the user's defined encryption key.

Rclone back-end on the other hand, doesn't expose the encrypted data to S3Drive (only decrypted data is shown) and as such S3Drive operates on decrypted data.

This could be improved by extracting the encryption passphrase from the user's config, deriving the encryption key and encrypting/decrypting the UI updates on both ends.