Lol are you kidding me? Why the fuck even use privnote if the end to end encryption of Tor is enough to protect you? Do you understand the difference between link encryption and message encryption? Just because Tor hidden services use end to end encrypted links doesn't mean that the message is encrypted when it is stored on the server. That is the reason why we use GPG, to add message encryption as well. So that when the message is sitting on the server it cannot be intercepted and decrypted. When a privnote link is sitting on the server it can be intercepted and the message can be obtained. So it is completely worthless for our purposes. Privnote symmetrically encrypts the message and then you hand out the symmetric key without using an asymmetric algorithm for session key transfer. I might as well AES encrypt a message to the vendor and send them the password to decrypt it along with the ciphertext. That is what privnote is doing. It isn't even the same thing as GPG, which is a hybrid cryptosystem. Privnote is a retarded implementation of a symmetric encryption algorithm that they are tricking idiots into using instead of an asymmetric-symmetric cryptosystem like GPG. It would be nice if you had a basic understanding of the fundamentals of cryptography prior to trying to argue with me. It has everything to do with GPG because if I send a vendor a message encrypted with GPG the attacker can not read my message but if I send the vendor a privnote message the attacker can read my message and then replace it such that the vendor never knows the message was read. That means that Privnote has 0 security, it accomplishes jack fucking shit. I send the vendor a link to a symmetrically encrypted message and in plaintext I send them the symmetric key, so obviously the encryption isn't helping a god damn thing. That means the security of the system entirely depends on privnote deleting messages after they are read once, so the vendor can tell if their message was intercepted, but oh the MITM attacker can just recreate the same exact message and send the vendor the new link. So Privnote accomplishes absolutely nothing at all, GPG accomplishes something. I don't even understand what the hell you are talking about here?? Ho hum, can javascript even do constant time operations. Get a clue before making claims plz. You are the one who said you never looked at the code in the first place. Anyway AES implemented in javascript is not likely to be very secure. Your initial statement was that GPG and Privnote are of equal security, and I never called anyone an idiot but you did just clarify for me that you are one.