E2EE protocols, require all the credential gymnastics to happen on the client.
Webauthn, BrowserID, and other ideas, relied on the browser controlling credentials as well.
Proposals like Turtledove also delegate ad displaying to the browser.
Which, seems like a good and easy principle to remember, when designing privacy first services, if the client is too lightweight, there's probably not enough privacy.
Of course, that will not solve your problem, the real question is how much knowledge is delegated to the services, and answering that is difficult in extremes like fingerprinting.
The sad part, is that it makes it difficult to leverage web technologies without growing new Browser APIs, or re implementing your own thing in JS from scratch.