It would seem to me to be negligent of intelligence-agencies to not be running their own mixing services.
I agree, but that discussion should be held in a topic of it's own.
One feasible way (AFAICT) of proving you aren't logging would be making-public the program that runs on the server. That program would not log (which people can check by looking at the source code) and it would generate a "communication key". Which would be an asymmetric encryption key that can be used to securely talk to the program. Then on your website you make a little light js client which serializes/deserializes encrypted messages from server-side program.
So now the only thing you need to do, is prove the "communication key" was generated by the program. If we know the communication key was generated by the program, then we know anything encrypted to that key can only be read by the program, and we know that program does not log. Now the cool thing is we can use Intel's SGX and remote attestation to actually prove this key was generated by this particular program.
I don't know that this would prove anything. Regardless of the encryption method you suggest, we must still trust that ChipMixer's code running on their server is the same code made available for public audit. Without being granted access rights to their server (which I can't imagine happening) we're left taking their word for it. Like we're taking them at their word that they are not logging.