Web Security at N26
medium.com> "In practice, front-end encryption works like this: on start, the server generates two keys, a public one which makes its way to the client in a cookie, and a private one which stays on the server. In the browser, the public key is used to encrypt a certain payload before sending it to the server via a XHR request."
What's the point of that?
Yeah what's the point of not blind trust HTTPS? Close your eyes and pray to the mighty Gods and Queens when HTTPS fails either on server or on clients if they get infected with some kind of a malware and you get everything plain text.