So I checked which server Electrum uses and it appears to connect automatically to a (random?) server, besides that it also connects to 9 other nodes. It is possible to manually connect to a single server however this is not recommended by electrum (no fork detection). You can also manually select a server and still have it connect to 9 other nodes.
Does Electrum trust servers?
In short, not really. The Electrum client never sends private keys to the servers. In addition, it verifies the information reported by servers, using a technique called Simple Payment Verification
By default, Electrum tries to maintain connections to ~10 servers. The client subscribes to block header notifications to all of these, and also periodically polls each for dynamic fee estimates. For all connected servers except one, that is all they are used for. Getting block headers from multiple sources is useful to detect lagging servers, chain splits, and forks.
One of the servers, arbitrarily, is selected as the “main” server.
https://electrum.readthedocs.io/en/latest/faq.html#does-electrum-trust-serversAre client-server connections authenticated?
Electrum uses a client-server architecture, where the endpoints speak the Electrum protocol. The Electrum protocol is JSON-RPC based. The two main stacks the client supports are
JSON-RPC over SSL/TLS over TCP
JSON-RPC over TCP
Note that neither option uses HTTP.
The client only connects to servers over SSL (so plaintext TCP is not used). Prior to Electrum 3.1, there used to be a checkbox in the GUI to toggle this but it was removed.
As for authentication, the client accepts both CA-signed certificates and self-signed SSL certificates. When it first connects to a server, it pins the fact whether that server is using a CA-signed or a self-signed cert.
https://electrum.readthedocs.io/en/latest/faq.html#i-might-run-my-own-server-are-client-server-connections-authenticatedand:
Simple Payment Verification
Simple Payment Verification (SPV) is a technique described in Satoshi Nakamoto’s paper. SPV allows a lightweight client to verify that a transaction is included in the Bitcoin blockchain, without downloading the entire blockchain. The SPV client only needs download the block headers, which are much smaller than the full blocks. To verify that a transaction is in a block, a SPV client requests a proof of inclusion, in the form of a Merkle branch.
https://electrum.readthedocs.io/en/latest/spv.html#spvThis makes me think it is not a Bitpay issue.
Would you agree?