Thanks for the feedback, and these are all fair concerns. Some points that would hopefully alleviate some of them: 1. We have been running EteSync for >3.5 years and have been in the space for much longer, so I'm not just some rando, though yes, I'm definitely not djb. :) 2. We use libsodium for everything so the harder crypto parts are audited and battle-tested. 3. We are going to formally verify the protocol. 4. We have been been awarded a grant by NLnet's PET fund and as part of that we will get a mini security audit. Though to be honest, I think the formal verification is a much more serious assurance.

With that being said, I'm not trying to convince you. I think it's a very important point that we are working on addressing.