Hushmail

Hushmail

Infobox Website
name = Hushmail
favicon =
logo =


caption = Hushmail Inbox
url = http://www.hush.com/, https://www.hushmail.com
commercial =
type = Web-based email
registration = Yes
owner = Hush Communications Ltd
author = Cliff Baltzley
launch date =
current status =
revenue =

Hushmail is a web-based email service offering PGP-encrypted e-mail, file storage, vanity domain service, and instant messaging (Hush Messenger). Hushmail uses OpenPGP standards and the source is available for download. Additional security features include hidden IP addresses in e-mail headers. The free e-mail account has a limit of 2MB, and no IMAP or POP3. Paid accounts have several hundred MB of storage as well as IMAP and POP3 access. If public encryption keys are available to both recipient and sender (either both are Hushmail users or have uploaded PGP keys to the Hush keyserver), Hushmail can convey authenticated, encrypted messages in both directions. For recipients for whom no public key is available, Hushmail will allow a message to be encrypted by a password (with a password hint) and stored for pickup by the recipient, or the message can be sent in cleartext.

Hushmail was founded by Cliff Baltzley in 1999 after leaving Ultimate Privacy, and is based in Vancouver. The servers are in Vancouver, and there are also offices in Dublin, Ireland; Delaware, United States; and Anguilla.

Controversy

Until September 2007, Hushmail received generally favorable reviews in the press. [ [http://www.pcmag.com/article2/0,1895,1136652,00.asp Alternative Web Mail - Hushmail Premium - Reviews by PC Magazine ] ] [ [http://www.npr.org/templates/story/story.php?storyId=5227744 E-Mail Encryption Rare in Everyday Use : NPR ] ] It was believed that possible threats, such as demands from the legal system to reveal the content of traffic through the system, were not as imminent in Canada as they are in the United States and if data were to be handed over encrypted messages would only be available in encrypted form. However, recent developments have led to doubts among security-conscious users about Hushmail's security and concern over a backdoor in an OpenPGP service. Hushmail has turned over cleartext copies of private e-mail messages associated with several addresses at the request of law enforcement agencies under a Mutual Legal Assistance Treaty with the United States. [http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html Encrypted E-Mail Company Hushmail Spills to Feds | Threat Level from Wired.com ] ] One example of this behavior is in the case of U.S. v. Tyler Stumbo. [http://static.bakersfield.com/smedia/2007/09/25/15/steroids.source.prod_affiliate.25.pdf] http://blog.wired.com/27bstroke6/hushmail-privacy.html] In addition, the contents of emails between Hushmail addresses were analyzed, and a total of 12 CDs were turned over to US authorities. Hushmail also now states that it also logs IP addresses in order "to analyze market trends, gather broad demographic information, and prevent abuse of our services." [ [http://www.hushmail.com/help-faqs2#trackipaddressesofvisitorsandholders Hushmail - Free Email with Privacy - Help ] ]

"Hush Communications", the company that provides Hushmail, states that it will not release any user data without a court order from the Supreme Court of British Columbia, Canada, and that other countries seeking access to user data must apply to the government of Canada via an applicable Mutual Legal Assistance Treaty.Hushmail states that "...That means that there is no guarantee that we will not be compelled, under a court order issued by the Supreme Court of British Columbia, Canada, to treat a user named in a court order differently, and compromise that user's privacy." and additionally "...If a court order has been issued by the Supreme Court of British Columbia compelling us to reveal the content of your encrypted email, the "attacker" could be Hush Communications, the actual service provider." [http://www.hushmail.com/about-security Hushmail - Free Email with Privacy - About ] ]

The issue originally revolved around the use of the non-java version of the Hush system. It performed the encrypt and decrypt steps on Hush's servers and then used SSL to transmit the data to the user. The data is available as cleartext during this small window; additionally the passphrase can be captured at this point. This facilitates the decryption of all stored messages and future messages using this passphrase. Hushmail has stated that the java version is also vulnerable in that they may be compelled to deliver a compromised java applet to a user. Hushmail recommends using non web-based services such as GnuPG and PGP Desktop for those who need stronger security.

The privacy policy of Hushmail has been defended by privacy advocate and PGP creator Phil Zimmermann, who sits on the advisory board of Hush Communications. Zimmermann has stated, "Their hearts are in the right place but there are certain kinds of attacks that are beyond the scope of their abilities to thwart. They are not a sovereign state." [ [http://blog.wired.com/27bstroke6/2007/11/pgp-creator-def.html PGP Creator Defends Hushmail | Threat Level from Wired.com ] ] Zimmermann suggests that "online encrypted email storage" cannot be expected to provide a defense against a legal process, because government can "compel a service provider to cooperate". This is in contrast to "using encryption software on one's own computer", which is presumably a reference to his original PGP program and equivalent software.

References

Related Pages

* GPG / PGP
* Anonymous remailer
* E-mail privacy
* Nym server
* Secure channel
* Cryptography

External links

* [http://www.hush.com/ Official site]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • Comparison of webmail providers — The following tables and gallery compare general and technical information for a number of webmail providers. Please see the individual products articles for further information. General information Name Owner First public release date Cost (US$) …   Wikipedia

  • Pretty Good Privacy — Original author(s) Phil Zimmermann Developer(s) Phil Zimmermann Initial release In 1991 Written in Multi language …   Wikipedia

  • Electronic envelope — An electronic envelope or e envelope is almost like a postal Envelope in function. Where a paper Envelope privately encloses its contents like a mail message, so an Electronic envelope privately encloses its contents like an e mail message.… …   Wikipedia

  • Magic Lantern (software) — Magic Lantern Original author(s) Federal Bureau of Investigation Operating system Microsoft Windows Type Keylogger Magic Lantern is keystroke logging software developed by the United States Federal Bureau of Investigation …   Wikipedia

  • Passphrase — A passphrase is a sequence of words or other text used to control access to a computer system, program or data. A passphrase is similar to a password in usage, but is generally longer for added security. Passphrases are often used to control both …   Wikipedia

  • Secure communication — includes means by which people can share information with varying degrees of certainty that third parties cannot know what was said. Other than communication spoken face to face out of possibility of listening, it is probably safe to say that no… …   Wikipedia

  • The Broker — infobox Book | name = The Broker title orig = translator = image caption = author = John Grisham cover artist = country = United States language = English series = genre = Thriller novel publisher = Doubleday release date = January 11, 2005 media …   Wikipedia

  • Pharming — For pharming in genetics, see pharming (genetics). For pharming in drug abuse, see pharming parties. Pharming (pronounced farming) is a hacker s attack aiming to redirect a website s traffic to another, bogus website. Pharming can be conducted… …   Wikipedia

  • E-mail privacy — The protection of electronic mail from unauthorized access and inspection is known as electronic privacy. In countries with a constitutional guarantee of the secrecy of correspondence, e mail is equated with letters and thus legally protected… …   Wikipedia

  • Opportunistic encryption — (OE) refers to any system that, when connecting to another system, attempts to encrypt the communications channel otherwise falling back to unencrypted communications. This method requires no pre arrangement between the two systems. Opportunistic …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”