Using PGP to encrypt a privnote URL is like hitching a mobile home to a nuclear submarine to drive down the road. That it does not work is but the start of your potential problems.--It is not advisable for this reason:Plaintext -> Privnote -> PGP encrypt Privnote URL -> SR is less secure than:Plaintext -> SR.Why do you believe what Privnote says? Maybe their service is legitimate. But you're depending on... trust. It's no good scouting about for privnote reviews or ascertaining how many people use privnote, those are not relevant metrics as to the service's reliability. Just as with the Feds and Hushmail's Java applet, you can have a special version of Privnote, just for you. They don't even need to get you to download anything, it can all be done at the backend. Nobody else has to be affected.Some people in this thread are exhibiting classic signs of selection bias in their thinking. Just because you don't know anybody that was busted by the use of Privnote does not mean this is information. That's like saying alpha team that went up ahead through the Vietcong infested jungle hasn't got in touch so they must not have met any Vietcong. Perhaps you don't know anybody busted through use of Privnote simply because they are in a prison, hence you have not been communicating with these people. I don't know if that is true, but it could easily be true. I note that outside of TV serials police do not explain how they caught the prep. The purpose of honeypots may not be what you imagine. Take Tormail for example. The rumor bird says it is operated by the FSB. Clearly Russian intelligence networks are unlikely to care excessively about the Silk Road, but perhaps they wish to monitor private chatter so they can make predictions about the use of tradecraft, various actors on the darknet, traffic analysis and so forth. Essentially they do not intend to spy on you specifically, they are simply hoovering up data for potential use later on e.g. blackmail, influence. The majority of anonymous public proxies on the clearnet are governmental or commercial run enterprises aggregating data for similar reasons. Data is cheap, finding one good lead later on out of millions of users would be considered a good batting average. So stop thinking about interception of information in terms of "fishing" and start thinking "trawler". This is 2013, not 1950, mass surveillance is a here and now reality. It is said by some that Wikileaks exploited Tor exit nodes and obtained millions of documents stolen by various hacker organizations, often working for nation states. This is a quite realistic threat since before that researchers obtained hundreds of emails and logins from diplomatic staff using Tor naively in the past (and if this is true then the US intelligence community ought to be thanking Wikileaks because the leaks must have surely made the stolen documents mostly worthless).In short, we (not just SRians) are surrounded by spies, most of them electronic, working for a diverse range of interests. The only way to counter this is to use public key cryptography. If you depend on *any centralization*, you become a target. In fact it doesn't matter if the people who run Privnote are completely trustworthy. If you are any kind of aggregation, communications can be intercepted before they even arrive on the servers, you are said to be an information "watering hole", as in the place the giraffes and antelopes come to drink, and then there is the "watering hole attack", that's the lions/tigers or the Feds and the rest of the alphabet mafia. That is it, it is very simple. Fortunately the platypus and its other aquatic friends are impervious to such things since they are freshwater beasts that live near or in rivers, that is to say they are always using PGP encryption and cryptographic forms of trust only. Don't be a clunky wildebeest, become one of the sleek otter people instead.tldr; Depending on any third party service without using *end to end* public key encryption is a total clusterfuck on general principals, Privnote is just one example. --I intended a while back to start a thread listing vendors stupid enough to be encouraging the use of Privnote for their customers. It's fine for the vendors, not so much the customers. Judging from this thread, I may have to revisit the concept of a witch hunt.btw: Wadozo, although you're right JavaScript is a possible attack vector, Java is completely different to it, they only share the name in terms of similarity, nothing else. Java is infinitely more dangerous to use than JavaScript. The general point yourself and Fallkniven are making is spot on though.