Is Hushmail Still Safe
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
There’s been a fair amount of talk lately about Hushmail and whether it’s still “safe” to use. This has apparently originated with a post on cyptome that cast some doubt on the .jar file for the applet that they use. This was later corrected, apparently somebody compared the wrong files.
However there is still some doubt that actually comes from Husmail’s own privacy polices. There’s a page on Wired.com with an exchange of emails in which not only makes clear hushmail’s policies regarding LEA’s wanting information about accounts or their contents but also shows that there is a risk that your private key and more importantly, the passphrase for it, CAN actually be captured by a determined attacker.
This means that it’s possible for an attacker that controls their systems or an LEA with legal authority Requiring Hushmail’s cooperation to determine the IP address you connect from, capture your private key, capture your passphrase, and finally, use that passphrase to decrypt your encrypted email.
Hushmail’s privacy policy makes it clear that they try to protect the privacy of users but that they will cooperate with Law Enforcement Agencies when presented with a court order form the Supreme Court of British Columbia or through the Mutual Legal Assistance (MLAT) for situations not occurring in Canada.
The solutions however are easy.
NEVER give your private key to them. Instead, get GnuPG and keep the private key to yourself. Write your message in your favorite plain text editor and then encrypt it on your end before ever handing it to Hushmail.
In order to prevent Hushmail from being able to hand over your IP address, the only solution is to use Tor to connect to hushmail in the first place.
Technorati Tags: security, british columbia, private key, decrypt, safe, hushmail, passphrase, is hushmail safe, supreme court, privacy
If you enjoyed this post, make sure you subscribe to my RSS feed!
Based next to big brother USA, dont think you are protected in Canada. Go offshore, far away…
Offshore is subjective. What’s “Offshore” to you might be my hometown. For many, Canada IS “Offshore”.