This could simplify things a bit for website owners since they don’t need to protect a database where they store encryption keys. Bugs or supply-chain attacks on client-side software are still a vulnerability, though.
For the customer, they are unlikely to be able to audit the client-side software and any updates to it, so it still requires trust. The software could still have a lot of telemetry baked in.
Maybe someday there will be something like certificate transparency for software?
Sometimes the company cares more about not having access than the end user does. If you physically don't have the decryption keys, you can't get hacked and have user data leaked. You can also respond to government data requests with "Sorry we don't have access to that"
This. If you store a lot of sensitive documents, you also paint a target on your back. If you don’t even have the decryption keys, this angle becomes irrelevant.
For the customer, they are unlikely to be able to audit the client-side software and any updates to it, so it still requires trust. The software could still have a lot of telemetry baked in.
Maybe someday there will be something like certificate transparency for software?