hehe, I wrote that guide btw. I think it's helped a few thousand people at this point. Privnote is much less safe that a desktop PGP client. It exposes you to many vulnerabilities and attacks. The site could be run by LE. The code could transmit the decryption key back to the server (presumably the url is the decryption key). Even if the JavaScript is safe now, it could be modified at any time by the Privnote admins without you knowing. The exit node could replace the Privnote site with its own, including malicious code. The thing about the code changing isn't theoretical. It actually happened with Hushmail, which would PGP encrypt your messages with a Java app in the browser. They stored your private key on their servers, but it was symmetrically encrypted with a password. So, when they got an LE request for an account's emails, they sent a different Java applet to that person, which sent the password back to their servers. They got the private key and decrypted the emails. The moral of the story is, never use a third party, and especially a web site or browser code, for your security.