News:

Facebook killed the radio star. And by radio star, I mean the premise of distributed forums around the internet. And that got got by Instagram/SnapChat. And that got got by TikTok. Where the fuck is the internet we once knew?

Main Menu

Hushmail not so secure

Started by iago, November 08, 2007, 09:35:27 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

iago

November 08, 2007, 09:35:27 AM
Hushmail, run by a Canadian company, advertises that nobody, not even their staff, can read your email. It's encrypted on the server and when sent, and enforces a long passphrase (my 18-character passphrase barely qualified).

However, a court order was recently given to turn over emails from three accounts, which they complied with:
http://www.theregister.co.uk/2007/11/08/hushmail_court_orders/
http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html

Skywing

#1
November 08, 2007, 10:09:02 AM
Not too surprising; I doubt that you'll find (any) corporation willing to outright defy court orders for the sake of a non-paying user's privacy.  That and trusting the server with the plaintext of the mail as seemed to be the case here is rather foolish if you don't trust the server in the first place.

In fact, I fail to see what value hushmail adds at all over just doing local encryption client-side.

iago

#2
November 08, 2007, 10:37:40 AM
I believe that the only advantage to Hushmail over client-side security is convenience. Setting up PGP or similar requires some level of technical knowledge, whereas Hushmail doesn't.

But you're right, it's stupid to trust companies to defy court orders .
Print
Go Up Pages1
User actions