[throwanem]

> The system can not generate the key required to decrypt your data unless you are logged in. Our staff have no means of accessing your data at any given time.

If this is true, how can your service work? If I'm dead, I can't log in to generate a decryption key so my message can be sent in the clear.

If your service works, how can this be true? If it can decrypt and send my message in the clear when I'm dead, I very evidently don't need to log in for decryption to occur.

[pomnia]

When you add recipient your message is (decrypted using your id) copied and the copy is encrypted with the recipient email. Once the recipient logs in (their OAuth id becomes available) the email (verified by the OAuth) is used to decrypt the message copy and encrypted again this time with his/her id. That temporary email encrypted message is decryptable of course although there is no utility or UI for us to do so. I guess we'd better store the owner Id and don't make copies, since it doesn't change anything security wise ... Yes, rogue admin can do harm ...