sarahjamielewis, I'm somewhat perplexed by the new SecureDrop protocol - https://securedrop.org/news/introducing-securedrop-protocol/
Specifically: "The server is “untrusted” in the sense [it] learn[s] nothing about users & messages besides what is inherently observable from its pattern of requests, and it should not have access to sensitive metadata, or sender or receiver information"
Seems like a very weak definition of "untrusted", especially when two comparison techniques explicitly attempt to restrict knowledge derived from access patterns.