[DanWaterworth]

The problem is I have no assurance that the plain text never reaches the server except for your word for it. It also doesn't solve the problem if the message can be intercepted before the intended recipient can read it.

[zipdog]

I think the appeal of the service is the convenience. If the message was important enough to warrant no third-party trust, you'd just go the extra hassle of PGP keys from both parties, etc.

The target seems to be people who were previously just emailing their confidential info. And though trust is an issue, people happily trust anonymous emailers, commercial encryption providers (where source is not available), etc.

[brownbat]

Moreover, if the server stores enough information for a recipient to read the message, then the server effectively stores the message.

[brownbat]

Hmm, oh, I think the stuff after the hash is the decryption key, and we're assuming the server throws it away.

We still require a trusted third party here.

[StavrosK]

The HTML anchor never reaches the server in the request, it's for local use only. Of course, malicious JS on the page can always send it anywhere.

[nkohari]

How is this different than any other security functionality, though? Unless you plan to cipher your message yourself, you always need to trust that whatever encryption you're using works as designed.