as far as i can see, client-side e2e encryption in the browser requires *a bunch* of changes to browser tech?
but maybe there's some obscure way to route around those concerns?
but in that case, I'd worry about bugs in the obscure implementation of that feature.
how do whatsapp/signal/telegram desktop clients work? you'd basically either need to transfer the private key (in which case the encryption isn't e2e anymore?), or generate new keys for every device.
we can't do it with cookies holding the private keys, since many people block cookie usage & cookies are readable by anyone. we'd need to have local storage that the server authenticates for, otherwise any server would be able to read out the private key from storage via js & send it to the attacking server…