Hacker News new | past | comments | ask | show | jobs | submit login

Hmm, oh, I think the stuff after the hash is the decryption key, and we're assuming the server throws it away.

We still require a trusted third party here.

The HTML anchor never reaches the server in the request, it's for local use only. Of course, malicious JS on the page can always send it anywhere.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact