I’m not sure what you’re talking about ?
You’re not sending your private key to their server without first encrypting it first locally.
Their servers are not doing the E2EE, your client is.
The website front and apps are open source.
Yes they could send you a compromised front if you use it via their website, that’s a compromise you accept, otherwhise you could only use their apps which are open source.
Tell me… when you visit a website that gets updated daily, if not hourly. If it served you a different version of JavaScript than what it served someone else… would you know?
I’m not sure what you’re talking about ? You’re not sending your private key to their server without first encrypting it first locally. Their servers are not doing the E2EE, your client is. The website front and apps are open source.
Yes they could send you a compromised front if you use it via their website, that’s a compromise you accept, otherwhise you could only use their apps which are open source.
Tell me… when you visit a website that gets updated daily, if not hourly. If it served you a different version of JavaScript than what it served someone else… would you know?