“Users verify cryptographic proofs to ensure that servers behave properly.”

If this is one of the defining tenets of this data system, is it not DOA? See also: the PGP key-signing parties that never were…

So it seems this is a system where the server only does encrypted storage and minimal processing on plaintext that it is allowed to decrypt. I was hoping it was a FHE implementation where the server does computation on the encrypted data. Still waiting for that.

"what the server can see to support rich queries" is the whole ballgame, right? Anything queryable is metadata that can leak or be subpoenaed... membership, access patterns, query frequency. For the activist/journalist threat idea, that's usually the sensitive part.