how hush is hushmail?

Hushmail is based in Canada but they turned over the E-mails to the American Government. I agree they had no choice really, as America pressured the Canadian government to pressure hushmail. But my main problem with Hushmail is that they lied about their abilities. They advertised their service as being immune from Government surveillance, knowing full well I imagine that there were flaws in their system.

Also, they turned over the addresses and E-mails of people who broke zero laws in their countries, because people in America broke American law by working with said people. That is also very disappointing that hushmail violated privacy of people who broke no laws to get at others who did break the law. An analogy would be Hushmail turning over the E-mails of all members of a Gay Pride mailing list to the Iranian government, so that the Iranian government could use the E-mails as proof that a few people living in Iran were homosexuals. Replace Gay Pride with Steroid, Iranian with American and Homosexuals with Steroid Users.

As far as what web based mail is safe, I would say none. If you really want secure E-mails, use GPG.

 

From the articles about this issue:

If you give your passphrase to somebody else (in that case, hushmail) then you basically render the encryption useless. Moral of the story: don't tell your passphrase to strangers

 

In this case, as I understand it, Hushmail bugged the software that the user ran, in order to steal his password to decrypt their encrypted email data they were storing for him. If this is wrong, please correct me. It implies they fed him malware, and that they had it on hand to feed him or developed it just for him.

 

@SteveTX: A qoute from the first link you posted:

So basically, Hushmail crippled his own security solution, and feds used that fact to solve their case. But anyone can use that new interface which is not secure.

 

They also used bugged java applets when users were not using the javascript solution.

 

That analogy is way way off the mark and isn't remotely related to the events. However, one thing I can say is Canada needs no pressure from the U.S, they pretty much are bosom buddies.

 

How is the Analogy off the mark? Homosexuality is just as illegal in Iran as steroids are in USA. I doubt HGH is illegal in Iran, it isn't in much of the world, just as Homosexuality isn't illegal in America but is in some parts of the world.

People have just as much a choice to practice homosexuality (not getting into the choice versus nature debate) in spite of the law as they do to use steroids in spite of the law. I don't think there is anything worse about using or selling steroids than there is supporting or practicing homosexuality. I am just as out raged at Hushmail for turning over the steroid peoples information as I would be if they turned over the homosexuals information. The average propaganda influenced American sees the steroid users as criminals but not the homosexuals, just as the propaganda influenced Iranians see homosexuals as criminals but not users of steroids. It is as difficult for the average American to see a homosexual as a criminal as it probably is for the average Iranian (and certainly the average Mexican or Indian, where many steroids that are illegal in America are sold over the counter, although a few technically require prescriptions even though those ones are usually sold OTC also) to see a steroid dealer as a criminal. Most people have a hard time facing the extent of their cultural bias.

My analogy is only off the mark in your eyes because you see the situations through American biased eyes, if you look at it with objective eyes you would see it is a perfect comparison. No one is forced to practice homosexuality just as no one is forced to use human growth hormone. Neither are rights violations. Both are illegal in some places, and legal in others.

 

But you're getting into a lot more with that analogy than the case at hand is really about. This wasn't an assault on freedom by any stretch of the imagination, though some privacy obsessed loons would try to use it as an excuse to sue. This was about a drug sting and a drug sting alone. You can drag Hushmails security tech into this, but it really is another matter entirely.

Hushmail has to do what it's told by the government they live under, and they were told by Canadian officials to cooperate with the U.S officials, and they did. There's no more to it than that, you forfeit your privacy when you commit crimes. I'm not going into all the "freedom of choice" crap being used here to make this bigger than what it is, because it's all nonsense. You can put the "wronged users" in this case on as many pedestals as you wish, but by using Hushmail to buy the drugs, they surely broke the TOS that abides by the laws of the country Hushmail is in.

 

If it is illegal to sell steroids in Canada and USA, but not in many other countries, does that give Hushmail some right to hand over E-mails of steroid dealers in the other countries to the American government so they can see what Americans were buying the steroids? Or even worse, to tap the E-mails of people living in countries like Thailand and Mexico, where steroids are legal, merely because they bought steroids from an American who sold them illegally?The man who made the news in the article posted here was one of hundreds who had his E-mail compromised, and yes he was American, but there were many others who had their privacy violated who broke no laws.

You seem to be focusing on the notion of a crime and the belief that drug users have no rights. Does a Homosexual in Iran forfeit his right privacy?

Is it an attack on freedom to arrest members of a homosexual mailing list who partake in Homosexual acts? I mean, Homosexuality is illegal in Iran. Your logic is based off the Law of a minority of countries in the world. Steroids are legal in a great many places, in many places they are OTC.

I am not trying to carry on this debate with you or make this into a drawn out argument or anything, I am just trying to show you that it seems to me you have had your rational judgment clouded by American drug propaganda.

I imagine if we were in Iran and it was homosexuals who got busted, you would say "this was a homosexual sting, and a homosexual sting alone."

That previous quote probably sounds as messed up to you as the quote you made sounds to many many other people living in different parts of the world, where getting steroids is as hard as getting Tylenol in USA is. Many in Iran for example would be outraged at a homosexual, but not care in the slightest about a steroid seller.

Anyways, this debate does have little to do with security. The fact of the matter is regardless of how hushmails weakness was exposed, they had a weakness in their system and they should not be patted on the back for selling a weak product just because the weakness was used to bust people who in the eyes of the average American is a criminal. Just as they should not have been patted on the back if they busted Homosexuals, who in the eyes of Iran deserve to be put to death.

Really all I am saying is try to think out side of the box, and don't be so fast to condemn people the media and government tell you to condemn. Also remember that when "the law" is a variable in a security system, the security system is flawed.

 

I agree with you, n33m3rz.

 

And I do too.

 

Do you read these statements that "chatter" has increased from Al-Qaeda,
websites and email?
How do they know about the "chatter"?
Is that chatter coming over Yahoo mail?
I am sure these guys to as much as they can to insure their privacy.
The Spooks can get your info. That is that simple.
This turning over information is a surprise?
Anytime you conduct activity on the internet you need to do it with the
understanding that Cops,perverts,crooks,sundry govenment agencies etc,may be watching.

 

how would you do that?

 

By using Thunderbird+Enigmail+GnuPG for instance.