|
|
If you value your freedom, only use hushmail.com for fun, don't say anything you wouldn't say to a cop.
Hushmail.com is claiming to provide strong encryption on email via a web-based interface. You can only send encrypted mail to other hushmail account holders, so people will obviously encourage their mates to join. A very clever net woven by the fish themselves?
Anyway I checked who is hosting the service. It was registered by radiant.net who, on their home page, claim that hushmail is just a client of theirs. Maybe, but then who owns the company? Safemail enjoys a big link on the homepage, while lesser bodies such as Maxim Chemicals are relegated to a list on another page. The other clients of radiant.net are very interesting. It is a 'British' Columbia internet provider exclusively for the 'corporate community'. Bear in mind the recent history of BC re environmentalists particularly.
From their 'about us' page: "The corporate client needs a higher level of service and attention to detail that is just not available from providers dealing with tens of thousands of residential users. This dedication to the corporate community is exactly the emphasis at Radiant and why Vancouver's businesses are migrating to Radiant Communications."
Good buddies include:
Well, call me paranoid if you like but it seems to me that it would be very easy for a bunch of good buddy loggers and miners to get together with the NW police and their extremely wealthy local internet experts (not to mention the local redneck militia supplier) to provide this nice easy crypto-mail service and erm... help out all the activists they love so much.
A prerequisite for any encryption algorythm to be taken seriously is that the source code be available for scrutiny by other cryptographic experts. This is the only way ordinary folks can assure themselves that the thing they use is actually secure. If many experts over a period of years have been unable to mount aq sucessful attack on the encryption, then there is a good chance that it is ok. There is too much to go into here, but although hushmail's stuff is publicly available, I haven't found much peer review (lots of advertising of course).
A good summary of some of the cons is at http://www.counterpane.com/crypto-gram-9908.html#Web-BasedEncryptedE-Mail.
People I have corresponded with who are in the business of strong encryption have confirmed my hunches. Anyone who knows anything about security wouldn't touch this with someone else's computer, methinks. But that's not who they are after, obviously. People need to be warned and we need to find out more. It could well be bona fide, or at least well-intentioned, but there is not enough information provided to know that. As this can possibly be a matter of being imprisoned for some people, I think warnings should be prepared and circulated, unless someone with more knowledge than me can show it is as secure as PGP.
Any help appreciated. If you think this will do as a warning then feel free to forward it to people you care about.