it's probably best to go with client-side encryption and share keys with friends privately. that pretty much fixes all the privacy issues after the initial registration, but maintaining that extension with all the company and their updates is a bit of a headache.