[lotharrr]

The data is encrypted on your client before it leaves your computer. You're relying upon the servers to hold onto your ciphertext (i.e. availability), but not to keep it secret (confidentiality). And the client can detect changes to the ciphertext, so you aren't relying upon the servers for integrity either.

You have to trust the client code, for sure, but that's something that you're at least nominally in a position to inspect and verify. https://github.com/tahoe-lafs/tahoe-lafs

[tchaffee]

I'm a programmer. And I still don't think I'm in a position to verify if something is cryptographically secure. It's quite possible that a client has been built with an extremely subtle backdoor already in mind. One that crypto experts won't find for years.

[thinkloop]

Yes, but it's like when you're at a cafe and need to go to the bathroom so you ask the random guy next to you to watch your laptop. Sure he could steal it, but you reduced the attack vector to just him.

[tchaffee]

It's a reasonable analogy. To use your analogy I'm suggesting you don't trust anyone with your laptop and bring it to the bathroom with you. If something is truly private and / or valuable information don't put it in the cloud. I'm not alone in that thinking. When it comes to storing people's digital currency you hear about things like cold storage. For very good reason.