[coopdog]

From the security FAQ: "Plug uses asymmetric cryptography. When Plug is installed, the application generates a RSA-2048 pair of keys, identifiable by the user's email, and with a private key protected by the user password. This private key, which is what authenticates a user in the Plug system, is stored in your Plug and your devices. We don't know this key because we don't have your password, so we cannot - us or anyone else - steal your identity."

So it really does seem to be zero knowledge, and therefore could be the magic UI that finally makes proper asymmetric encryption tolerable to the general public.

The NSA could still steal the key off of any of the devices, but it would be hard to do that systematically on a global scale. The closed source nature of this software probably still makes it a no-go though, they can just coerce them to patch it ala skype.

I wonder how this would fair against TSA also. If your entire home server looks like a folder, and they can copy that folder at the border, they now get every file you care about rather than just the ones on any one device.