World Library  
Flag as Inappropriate
Email this Article

Hushmail

Article Id: WHEBN0000332222
Reproduction Date:

Title: Hushmail  
Author: World Heritage Encyclopedia
Language: English
Subject: Comparison of webmail providers, Reference desk/Archives/Computing/2007 September 30, PGP, Passphrase, Webmail
Collection: Cryptographic Software, Internet Privacy Software, Pgp, Webmail
Publisher: World Heritage Encyclopedia
Publication
Date:
 

Hushmail

Hushmail
Web address Hushmail.com
Type of site
Web-based email
Registration Yes
Owner Hush Communications Corp.
Created by Cliff Baltzley
Launched 1999
Alexa rank
11,761 (October 2015)[1]
Current status Active

Hushmail is a web-based email service offering PGP-encrypted e-mail, file storage and vanity domain service. Hushmail offers "free" and "paid" versions of service. Hushmail uses OpenPGP standards and the source is available for download. If public encryption keys are available to both recipient and sender (either both are Hushmail users or have uploaded PGP keys to the Hush keyserver), Hushmail can convey authenticated, encrypted messages in both directions. For recipients for whom no public key is available, Hushmail will allow a message to be encrypted by a password (with a password hint) and stored for pickup by the recipient, or the message can be sent in cleartext.

Contents

  • History 1
  • Accounts 2
    • Individuals 2.1
    • Businesses 2.2
    • Instant messaging 2.3
  • Compromises to email privacy 3
  • See also 4
  • References 5
  • External links 6

History

Hushmail was founded by Cliff Baltzley in 1999 after he left Ultimate Privacy.

On November 4, 2014, Hushmail scored 1 out of 7 points on the Electronic Frontier Foundation's secure messaging scorecard. Hushmail received a point for encryption during transit but lost points because communications are not encrypted with a key the provider doesn't have access to (i.e. the communications are not end-to-end encrypted), users can't verify contacts' identities, past messages are not secure if the encryption keys are stolen (i.e. the service does not provide forward secrecy), the code is not open to independent review (i.e. the code is not open-source), the security design is not properly documented, and there has not been a recent independent security audit.[2][3] AIM, BlackBerry Messenger, Ebuddy XMS, Kik Messenger, Skype, Viber, and Yahoo Messenger also scored 1 out of 7 points.[2]

Accounts

Individuals

A free e-mail account has a storage limit of 25MB, but does not include IMAP or Post Office Protocol (POP3) desktop service. If a user does not use a free account for three consecutive weeks, Hushmail deactivates the account. Customers attempting to reactivate a disabled account are required to pay for a Hushmail premium account. There are two types of paid accounts. The basic Premium paid account provides 1 GB of storage, without desktop service. The Premium+Desktop paid account provides 10GB of storage, as well as IMAP and POP3 service.[4] Free account registration is not available in some regions.

Businesses

The standard business account provides the same features as Premium+Desktop, plus other features like email forwarding, catch-all email and vanity domain. Optional features that can be added for an extra fee include: secure web forms, user admin, reset passphrase and email archiving.[5]

Additional security features include hidden IP addresses in e-mail headers, two-step verification[6] and HIPAA compliant encryption.

Instant messaging

An instant messaging service, Hush Messenger, was offered until July 1, 2011.[7]

Compromises to email privacy

Hushmail received favorable reviews in the press.[8][9] It was believed that possible threats, such as demands from the legal system to reveal the content of traffic through the system, were not imminent in Canada, unlike the United States, and that if data were to be handed over, encrypted messages would be available only in encrypted form.

Developments in November 2007 led to doubts among security-conscious users about Hushmail's security and concern over a backdoor. The issue originated with the non-Java version of the Hush system. It performed the encrypt and decrypt steps on Hush's servers and then used SSL to transmit the data to the user. The data is available as cleartext during this small window; the passphrase can be captured at this point, facilitating the decryption of all stored messages and future messages using this passphrase. Hushmail stated that the Java version is also vulnerable, in that they may be compelled to deliver a compromised java applet to a user.[10][11]

Hushmail turned over cleartext copies of private email messages associated with several addresses at the request of law enforcement agencies under a Mutual Legal Assistance Treaty with the United States.;[10] e.g. in the case of U.S. v. Tyler Stumbo.[10][11][12] In addition, the contents of emails between Hushmail addresses were analyzed, and 12 CDs were turned over to U.S. authorities. Hushmail privacy policy states that it logs IP addresses in order "to analyze market trends, gather broad demographic information, and prevent abuse of our services."[13]

Hush Communications, the company that provides Hushmail, states that it will not release any user data without a court order from the Supreme Court of British Columbia, Canada, and that other countries seeking access to user data must apply to the government of Canada via an applicable Mutual Legal Assistance Treaty.[11] Hushmail states that "...that means that there is no guarantee that we will not be compelled, under a court order issued by the Supreme Court of British Columbia, Canada, to treat a user named in a court order differently, and compromise that user's privacy" and "...if a court order has been issued by the Supreme Court of British Columbia compelling us to reveal the content of your encrypted email, the "attacker" could be Hush Communications, the actual service provider."[14]

See also

References

  1. ^ "Hushmail.com Site Info".  
  2. ^ a b "Secure Messaging Scorecard. Which apps and tools actually keep your messages safe?".  
  3. ^ "Only 6 Messaging Apps Are Truly Secure".  
  4. ^ Hushmail – Features and Pricing
  5. ^ – Hushmail Business Features
  6. ^ – Two-Step Verification
  7. ^ Hushmail closes IM service
  8. ^ Alternative Web Mail Review – Hushmail Premium, PC Magazine
  9. ^ E-Mail Encryption Rare in Everyday Use: NPR
  10. ^ a b c Encrypted E-Mail Company Hushmail Spills to Feds |Threat Level via Wired.com
  11. ^ a b c Hushmail Privacy via Wired.com
  12. ^ bakersfield.com
  13. ^ "Hushmail.com Privacy Policy". Hushmail.com. Archived from the original on 2001-02-15. 
  14. ^ Hushmail – Free Email with Privacy – About

External links

  • Official site
  • The Hushmail Report, privatliv.com
This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and USA.gov, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for USA.gov and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
 
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
 
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.
 


Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.