"aes.io uses SSL _and_ JS crypto on top of it to make sure server-side data is always encrypted, with keys unkown to the server side."
So, if I understood it correctly the keys are unknown to the server because they are encrypted locally by javascript code which is provided by the very same server. By doing that, aren't you implicitly trusting the server every time you download the JS crypto library from them and assuming they are actually not peeking?
In that scenario, you might as well upload the files without encryption and provide them with the keys (through SSL of course :) ), and still assume that they encrypt it in the server (without peeking) and delete your key plus temporary copy when done...
So, if I understood it correctly the keys are unknown to the server because they are encrypted locally by javascript code which is provided by the very same server. By doing that, aren't you implicitly trusting the server every time you download the JS crypto library from them and assuming they are actually not peeking?
In that scenario, you might as well upload the files without encryption and provide them with the keys (through SSL of course :) ), and still assume that they encrypt it in the server (without peeking) and delete your key plus temporary copy when done...