I'm Luzius Meisser, cofounder of Wuala. Yes, some trust in Wuala is still required, namely trusting us that we won't put a backdoor into the client. Much more trust is required in services without client-side encryption. Adding a backdoor would ruin our reputation once someone found out, while companies like Dropbox won't suffer much when they hand over data to a government agency as it is known that they can and will do it. Also, bugs like accidentally disabling the password verification can be ruled by design with client-side encryption.
Also, please note that laws are often constructed such that companies can be forced to hand over data they possess, however not to collect data they do not possess yet. E.g. there are many laws in many jurisdictions that could be used to force Google to hand over data you have stored in Google Drive, but the same laws cannot be used to force us to add a backdoor to Wuala. So legally, it is much much easier to obtain data stored in Google Drive than to obtain data stored in Wuala (or another service that uses client-side encryption). Noone has ever asked us to add a backdoor to Wuala and we would fight against it if someone did.
I agree that it would be nicer to open the source code so our security would be independently verifiable, but claiming that what we do is "empty marketing" is clearly wrong.
Thanks for the reply. I see what you mean and agree there is some difference. Let me put it this way: I would feel confident my Wuala backup is secure from my boss or ex-girlfriend, but not from a hostile government. If I were an activist or otherwise doing something very controversial, I wouldn't trust it. And honestly, that's the same way I feel about Dropbox. It's not the most secure thing around, but as long as I'm just another J. Random Hacker, who cares? So to me there isn't a distinction.
For why not to trust a closed-source system's claims of security, see Skype. If I remember correctly what I have read, they boasted about using "end-to-end encryption", strongly implying that your Skype calls could not be wiretapped. The catch? The encryption keys were stored on the server! And there was a story where someone (a drug smuggler, I think) was busted seemingly as a result of intercepted Skype calls. The misleading claims of security didn't ruin Skype's reputation - people still use it.
I'm glad you replied to my comment as it shows you're at least thinking about these things. I hope you will consider opening your source code in the future. At that point Wuala might be of interest to me.
Also, please note that laws are often constructed such that companies can be forced to hand over data they possess, however not to collect data they do not possess yet. E.g. there are many laws in many jurisdictions that could be used to force Google to hand over data you have stored in Google Drive, but the same laws cannot be used to force us to add a backdoor to Wuala. So legally, it is much much easier to obtain data stored in Google Drive than to obtain data stored in Wuala (or another service that uses client-side encryption). Noone has ever asked us to add a backdoor to Wuala and we would fight against it if someone did.
I agree that it would be nicer to open the source code so our security would be independently verifiable, but claiming that what we do is "empty marketing" is clearly wrong.