The bigger problem is that this model is inherently flawed. Even if end-to-end encryption with browser crypto were implemented, there is never any security since the code in the browser can simply be swapped with compromised code that diverts the plaintext somewhere.
I've been forced to use this service, by way of healthcare professionals just disclosing correspondence to this service without asking for my consent.
> there is never any security since the code in the browser can simply be swapped with compromised code that diverts the plaintext somewhere.
This is not the case in the land of DICE-like key derivation; see TKey protocol for example. You can download and run an actual rv32 program on actual FPGA over WebUSB without having to worry about its provenance. If the program is modified, firmware will derive a completely different key.
I'm simply pointing out that web standards allow for secure end-to-end communication, and more, in fact they happen to allow arbitrary cryptographic constructions—as long as the program itself never changes.
Not necessarily. You can run TKey in qemu :-) etc. The hardware aspect is what makes it easy to use, with WebUSB and all. The derivation algorithm is key. And it takes program binary as parameter to Blake2 hash function.
I've been forced to use this service, by way of healthcare professionals just disclosing correspondence to this service without asking for my consent.
Smeerlappen.