New HTML element I just imagined: pubkey encrypted, noscript, canvas read blocking block element whose contents are shown to the user after decryption with a private key held by the browser.
Replay attacks and other stuff like that aside, I think this would enable having at least e2ee messaging in arbitrary sites' DM systems, *without* having to trust that the site isn't going to swap in malicious site js to steal your keys or the decrypted data.