Maybe zero-knowledge should be open sourced, built from source by users as a desktop app (so they can lock to a version), and each version should be stamped (hash of specific version signed) by trusted 3rd party penetration testing agency -- it does limit the reach of the product though
It's a tough problem. An application like this is all about convenience. Having to vet the source and build it yourself brings a lot of inconvenience.
It's probably just an issue of the right target market. People like me aren't it, but people who are less concerned about such things may very well be. A zero-knowledge implementation is still a great idea to protect them, even if they don't really appreciate the protection they're getting.
By the way, I realize my comments have been critical, so let me say the other side: good work! I wish you all the success in the world. Building and releasing something is a major accomplishment, and anything you make won't be right for everyone. That's not a fault with your product. That's just the fact that different people have different needs.
Thanks a lot for the encouragement; but also I really appreciate the honest feedback, it wouldn't be hacker news if people stopped being honest, it's why we all love the conversations here.
I agree the primary appeal (and thus market) of this app is not technical, but of course it's still important that the technical aspects are vetted and secure.
