@bob Hubzilla is slightly ahead in this space. I don't claim that any privacy is perfect, but people with special needs can choose higher security if they want it. Javascript based E2EE has been working for a few years. Last year we put in place everything needed for full client E2EE; mostly waiting for somebody to create an external app to shuffle content in and out and do the actual encryption.  Encrypted message contents aren't displayed in your stream but are offered for download. All an app needs to do is attach to the message mimetype.  Posting is done via API. This is available for stream content as well as direct messages. Hubzilla itself does not care what the content is or how it is encrypted; which is how it should be. If you have a client side app instead of a webservice you can encrypt/decrypt on the fly and display content inline.  For the webservice you can only display inline using the built-in JS encryption.