Free Republic
Browse · Search 		General/Chat
Topics · Post Article

To: TurboZamboni

Hushmail.


6 posted on 06/21/2014 8:29:47 AM PDT by E. Pluribus Unum ("The more numerous the laws, the more corrupt the government." --Tacitus)
[ Post Reply | Private Reply | To 1 | View Replies ]

To: E. Pluribus Unum

“Hushmail”

From https://en.wikipedia.org/wiki/Hushmail#Compromises_to_email_privacy

Hushmail received favorable reviews in the press.[5][6] It was believed that possible threats, such as demands from the legal system to reveal the content of traffic through the system, were not imminent in Canada, unlike the United States, and that if data were to be handed over, encrypted messages would be available only in encrypted form.

Developments in November 2007 led to doubts among security-conscious users about Hushmail’s security and concern over a backdoor. The issue originated with the non-Java version of the Hush system. It performed the encrypt and decrypt steps on Hush’s servers and then used SSL to transmit the data to the user. The data is available as cleartext during this small window; the passphrase can be captured at this point, facilitating the decryption of all stored messages and future messages using this passphrase. Hushmail stated that the Java version is also vulnerable, in that they may be compelled to deliver a compromised java applet to a user.[7][8]

Hushmail turned over cleartext copies of private email messages associated with several addresses at the request of law enforcement agencies under a Mutual Legal Assistance Treaty with the United States.;[7] e.g. in the case of U.S. v. Tyler Stumbo.[7][8][9] In addition, the contents of emails between Hushmail addresses were analyzed, and 12 CDs were turned over to U.S. authorities. Hushmail privacy policy states that it logs IP addresses in order “to analyze market trends, gather broad demographic information, and prevent abuse of our services.”[10]

Hush Communications, the company that provides Hushmail, states that it will not release any user data without a court order from the Supreme Court of British Columbia, Canada, and that other countries seeking access to user data must apply to the government of Canada via an applicable Mutual Legal Assistance Treaty.[8] Hushmail states that “...that means that there is no guarantee that we will not be compelled, under a court order issued by the Supreme Court of British Columbia, Canada, to treat a user named in a court order differently, and compromise that user’s privacy” and “...if a court order has been issued by the Supreme Court of British Columbia compelling us to reveal the content of your encrypted email, the “attacker” could be Hush Communications, the actual service provider.”[11]


8 posted on 06/21/2014 8:35:15 AM PDT by NewHampshireDuo
[ Post Reply | Private Reply | To 6 | View Replies ]

Free Republic
Browse · Search 		General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson