Ralkage The thing is we already have Direct Messaging (Byobu) We do not have private messaging.
phenomlab This opens up an awkward can of worms for GDPR in the sense that if you are requested by subpoena or similar court order to disclose information relating to any ongoing or incumbent case and it is encrypted, there will be issues arising from this in the sense that you are not able to provide the information requested.
But GDPR requires you to implement end-to-end with a backdoor anyways, so that means that this issue, as well as others, don't actually exist, otherwise you're violating GDPR. Because it's likely that this extension's end-to-end would be self-hosted, the backdoor already exists in the form of you having the private keys (and not a third party). The question is only what kind of notification/logging would there be in the case of you decrypting stuff yourself. I'd be in favor of there being simple logging in case of a government intervention that requires confidentiality, with a mandatory user notification in case of a simple moderation intervention.
That way you cannot actually personally abuse that you're someone with the access to the database without the user knowing (nor can any attacker), but you still allow pretty much everything direct messaging would allow.