[mtogo]

| What about SSL?

| SSL will not be helpful here, since no sensitive information is ever sent to this server. All encryption is done BEFORE it leaves your computer!

This made me cry.

And that's not even mentioning that I'm typing a possibly sensitive message into your app and just hoping that you're going to encrypt it with the right key and not read it yourself.

[shocks]

Heh, yeah I guess you are right. Getting an SSL certificate now. Not sure what to do about "proving" I'm not doing anything untoward with the message?

[tptacek]

You really can't, but that unfortunately doesn't make it not an issue.

[shocks]

I am going to put the source code up on GitHub, so if people really don't trust me that can run their own! :)

[tptacek]

Nobody is suggesting that they don't trust you, are they? I'm just observing how bad web browsers are for the kind of UX you hope to have.