This sends the file in transit over SSL, but encrypts the data at rest on EC2. That means you must completely trust EC2.

Worse, based on the comments in the blog, it is unclear who has the key that is used to encrypt the files: hotzyco: "What key AES uses to encrypt files?" Response: "Sorry hotzyco. We can not give out that information."

If Zumodrive controls that key, they have access to your data.

Welcome -- to Zumodrive

Pay no attention to the Cylons behind the mirror.

It's impressively quaint that they think they can protect your data by not telling you how it's encrypted.

I think they need to tell us pretty quickly that they aren't using the same key for all data.

I hope they can!

Since they'd want to deduplicate equal files across different users, to save bandwidth and storage costs, I imagine the keys they use won't be user-by-user. They'd be defined file-by-file, or block-by-block, with the keys being stored elsewhere (but where?), or there's just one universal master key. Considering their security is just theatrical in nature, I'd bet they have one master key.

I'm being dumb in the previous posting. I know.

No, they'll create a humanoid form Cylon that's a tremendously hot blonde. She will seduce you and steal the encryption keys. "All this has happened before, and all this will happen again."

NOT RELEVANT TO DISCUSSION:

Here's something for all you people who run blogs for your app or business or something.

Please LINK to your actual app/business/something so I can click my way there.