Author Topic: Hushmail not so secure (Read 2469 times)

iago · « **on:** November 08, 2007, 09:35:27 am »

Hushmail, run by a Canadian company, advertises that nobody, not even their staff, can read your email. It's encrypted on the server and when sent, and enforces a long passphrase (my 18-character passphrase barely qualified).

However, a court order was recently given to turn over emails from three accounts, which they complied with:
http://www.theregister.co.uk/2007/11/08/hushmail_court_orders/
http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html

Skywing · « **Reply #1 on:** November 08, 2007, 10:09:02 am »

Not too surprising; I doubt that you'll find (any) corporation willing to outright defy court orders for the sake of a non-paying user's privacy. That and trusting the server with the plaintext of the mail as seemed to be the case here is rather foolish if you don't trust the server in the first place.

In fact, I fail to see what value hushmail adds at all over just doing local encryption client-side.

iago · « **Reply #2 on:** November 08, 2007, 10:37:40 am »

I believe that the only advantage to Hushmail over client-side security is convenience. Setting up PGP or similar requires some level of technical knowledge, whereas Hushmail doesn't.

But you're right, it's stupid to trust companies to defy court orders .

Clan x86

News:

Author Topic: Hushmail not so secure (Read 2469 times)

iago

Hushmail not so secure

Skywing

Re: Hushmail not so secure

iago

Re: Hushmail not so secure