I think you raise some good points, and I wanted to add some thoughts of mine
to them. Maybe you can evaluate how valid they are.
>You better hope it doesn't break or have downtime, and trust that your home
network is secure enough to handle anyone intruding through this internet
facing service.
That goes for pretty much any kind of server you host from your home, right?
Whether it be kids hosting their Minecraft servers, or people sharing some
files with friends and family via FTP. (I don't condone playing proprietary
video games btw.) Of course that's more dangerous than not hosting anything,
but is there an alternative when you decide that you want to self-host and
have this level of control over the server hardware? Not everybody has their
own data centers.
>Once we go out of business you're screwed. You also have to trust us not to
proxy and snoop your traffic.
I think this "feature" (which I personally wouldn't like to use) is mainly
for people that can't into DNS or want to pay for domains. You can still use
this box with your own domain that is not associated with the makers of it.
But yeah that's definitely something they should make clear to the user
during set-up or so.
>So we'll actually proxy your traffic maybe. Just trust us not to snoop?
I think this would be a manual setting, not necessarily happening automatic
and "maybe" without you knowing. And while you definitely lose some privacy
by using a proxy in this case, as long as the connection is still
end-to-end-encrypted, at least the content itself would be still safe.
(Metadata is of course still a serious issue.)
>New crypto techniques? This isn't good either. Who hosts the link database?
I think this database could be easily hosted by your box itself, and that
would make the most sense to me. This technique they're using at least can
only end up better than sending plain unencrypted mail, and I think is the
same that services like Tutanota are using, so it's not completely unexplored
territory.
>We already have problems making CAPTCHAs to filter spam bots, but obviously
the most equipped surveillance agencies on Earth won't be able to get by
them.
True. I wouldn't trust a Captcha for a second. Well, and thanks for your
remarks about the hardware, I didn't know much about that aspect of this
project. If you have any more information that's maybe not obvious to someone
reading their website, I'd appreciate it. I'm still kind of curious about
this.