Hushmail Passing PGP Keys to the US Government

teknopurge writes "Apparently Hushmail has been providing information to law enforcement behind the backs of their clients. Billed as secure email because of their use of PGP, Hushmail has been turning over private keys of users to the authorities on request. 'DEA agents received three CDs which contained decrypted emails for the targets of the investigation that had been decrypted as part of a mutual legal assistance treaty between the United States and Canada. The news will be embarrassing to the company, which has made much of its ability to ensure that emails are not read by the authorities, including the FBI's Carnivore email monitoring software.'"

Glad they cleared that up but

[DaSH+Alpha]

decrypted emails which contained decrypted emails for the targets of the investigation that had been decrypted

...and how do you decrypt a person? (assuming people were the targets of the investigation, and not the email)

Re:Glad they cleared that up but

[securityfolk]

Well, I would start with a resurrection spell... sorry, GIGO...

Re:Glad they cleared that up but

[sethstorm]

Wouldn't you need something to open it up first?

I welcome our new

[kaufmanmoore]

the authorise overlords

Re:By the authorise?

[McGiraf]

"How do you possibly get "authorise" from "authorities"?

First suggestion of the spell checker?

But more on topic:

What do you expect when you PRIVATE key is stored somewhere you do not control access to? kind of dumb, if you ask me.

Goodbye Market!

[Fallen+Seraph4]

I really hope that they go out of business for this. I mean they extremely deserve it. I know that they probably didn't have much of a choice to hand over the keys, but to continue advertising such security... That's not cricket.

Re:Goodbye Market!

[betterunixthanunix]

Hushmail always seemed fishy to me. At the behest of a friend, I uploaded my public key to their keyserver, which does not sync up with the MIT keyserver, and which took a huge amount of effort because of their use of a Java applet to parse keys (who the hell thought that was a good idea, when all the other keyservers just use an HTML form?). When I examined Hushmail, I instantly knew that trusting it had to be taken with a grain of salt, simply because of the existence of a web client for encryption. This only validates my paranoia about it, and demonstrates that being lazy about these things is a recipe for disaster.

Alternatives?

[InvisblePinkUnicorn]

What alternatives are there besides Hushmail?

Re:Alternatives?

[John+Hasler]

> What alternatives are there besides Hushmail?

GPG works fine.

Re:Alternatives?

[Bert64]

If you want encrypted mail, run the encryption yourself... GPG is freely available. Then it doesn't matter via which service you transmit the mail.

Re:Alternatives?

[Bieeanda]

Exchanging keys the old-fashioned way, maybe? This seems to be the perfect example of why convenience and security are ultimately mutually exclusive.

Re:Alternatives?

[Zonk+(troll)]

FireGPG?. Quoting the website:

"FireGPG is a Firefox extension under GPL which brings an interface to encrypt, decrypt, sign or verify the signature of text in any web page using GnuPG. FireGPG adds an contextual menu to access to some useful functions. We will support some webmails. Currently, only Gmail is supported (some useful buttons are added in the interface of this webmail!)."

I haven't used it or Hushmail*, but it looks interesting. It does lack the portability, though. Maybe it could be made to work with Portable Firefox.

* I trust no one with my private keys.

Re:Alternatives?

[krazytekn0]

> What alternatives are there besides Hushmail?
^^^this got informative? Do the people with mod points this week own dictionaries?
GPG works fine.
^^^ Insightful? Well at least there is some grain of truth to that modding, this would be the place for informative...

and this post here would be offtopic, not flaimbait or troll, mod accordingly. Seriously though do people just try to use up all their points on the first two comments they see?

Re:Alternatives?

[drix]

FireGPG. It frikkin sticks buttons onto the Gmail UI for sign, encrypt, decrypt, verify, etc. Doesn't get much easier than that folks.

BTW as rummy as this story is, it's also a good sign that the Feds doesn't possess some magical method of factoring enormous primes that they're not telling anyone about.

Re:Alternatives?

[Jester998]

As if they'd admit to having prime-factoring methods to bust a couple of drug dealers. That kind of thing is /much/ better kept secret to use in intelligence circles...

Re:Alternatives?

well, if security is paramount you could use the good ol' tricks of days past. go buy 2 usb flash drives, one of which having double the capacity of the other. take them home, switch all the identifying markings so that you have e.g. a 2 gig drive with all the markings of a 1 gig. install a hidden and encrypted volume sized so that the remaining visible partition matches the size indicated by the new falsified markings using true crypt. throw some bullshit vacation photos, some random documents with shopping lists or some other junk on the visible part. now just sneaker net the flash drive to whomever is expecting the encrypted data. even if the hardware itself is intercepted en-route, it will appear as just another jerkoff jump drive that everyone and their mother has. it will have the markings, volume size, and even the bullshit data to boot.

the true crypt volume is only accessible to someone who 1) knows it exists in the first place and 2) has the appropriate key to mount the hidden volume, and 3) has the encryption key to access the data on the volume.

of course this method is not perfect, but it's several orders of magnitude more secure than transmitting data via the internet.

if you want to go even more old-school, you could simply use hotmail to send an unencrypted message in code. this method is well suited for a lot of things since it's "hiding in plain sight." it works well enough that crime lords can rule thousands of gang members from a maximum security federal prison.

Re:Alternatives?

[DustyShadow]

GPG + the Thunderbird GPG plugin works perfectly.

Re:Alternatives?

[Creepy+Crawler]

The federal government was willing to sacrifice many thousands of lives in WW2 to keep secret of the Enigma decryption.

What makes you think that they dont have a way to do as such? You can bet... well, thousands of American lives that they wont tell anybody. It's most likely sitting buried in the bowels of the NSA, known only by a handful of spooks, and only incompletely at best.

Re:Alternatives?

[H310iSe]

I was recently looking into secure communications and revisited hushmail, discovered it was compromised (this story isn't new). I believe there is no good encryption solution available that doesn't involve both the sender and receiver running the same software.

Once you make that compromise the solutions multiply. For windows I really like truecrypt for file/disk encryption and firegpg with gnugp to do web based email encryption.

Re:Alternatives?

> it's also a good sign that the Feds doesn't possess some magical method of factoring enormous primes that they're not telling anyone about.

that's what they want you to think.

Re:Alternatives?

Don't you have better things to do than complain about moderation?

Re:Alternatives?

[Niten]

What alternatives are there besides Hushmail?

This isn't meant as one of those haughty, holier-than-thou remarks that it might initially sound like: The best solution is to run your mail user agent yourself, on your own hardware. Really.

These days it's easy to find an old PC or Mac / Soekris box / Linksys router and install OpenBSD or Linux on it. Then you not only have a more powerful and secure router than you started out with, you also have a general-purpose Unix server at your disposal; set up a free dynamic DNS account from DynDNS.com or the likes (in conjunction with the ddclient update script from the OpenBSD ports tree or Debian repositories) and OpenSSH, and you have a secure and efficient way to log into this system from anywhere on the public Internet. That's one step away from a remote access mail client with far greater security than any web-based company will provide you.

A few pointers:

• Set up daily, automatic backups of your mail folders with rsync! Don't lose your mail.
• You'll need a command-line mail user agent so that you can access all this by SSH. Mutt is my favorite, but others swear by Pine or the Emacs client.
• You can use msmtp to relay, and fetchmail to download, your messages from a remote server; or you can set up your own mail service if your ISP allows it. Consider using procmail to sort incoming messages.
• Configure S/KEY passwords on your home server: this way you can login from a somewhat untrusted client, yet rest assured that your password cannot be surreptitiously cached and used again.
• Access your mail on the server as a non-wheel user. Now even if somebody does compromise that account (a risk that is, in my opinion, far lower than the risk taken in using web-based systems), they will not have immediate control over the entire system.
• Carry Putty around with you on your USB memory device, in case you need to login from a Windows client. Putty is much smaller and more manageable than keeping your own personal copy of Firefox, and it will happily run from the USB stick without any installation or modification required.
• Install GPG on the server and import your keyrings.

This approach has a number of advantages over using any third-party web based system. The most obvious one is that in this configuration, GPG runs entirely on the server, keeping your encryption keys safe from untrusted clients. Also, because you are not using a web application, this system is immune to CSRF and XSS attacks. And OpenSSH offers a wide variety of authentication options, many of them far more secure in real-world scenarios than the simple username/password schemes implemented by most web apps.

Real information security takes real work, and as Hushmail has so kindly demonstrated for us, it isn't sound to exclude your own hosting company from your threat analysis. Why not simplify things and host part of your mail system yourself - the part that matters, where your encryption keys are stored and your messages are cached. Sure, it won't protect you from every vector of attack; but if your system does get attacked, it will be much more difficult for the attacker to do so entirely behind your back.

I'm not claiming that such a setup is for everyone. But if you want better security than what Hushmail was able to provide, this is what you need to do. If this is more work than you're willing to put in, it important to realize what you're giving up, and that there are no vastly "better alternatives" in the web-based secure email cottage industry. Or in other words: if you want something done right, do it yourself.

Re:Alternatives?

[legirons]

Except that the government can put you in prison for trying to keep a secret from them

how ironic, a fascist government in the UK. Good thing all the WW2 veterans are dead, so they didn't have to see it...

Re:Alternatives?

[cp.tar]

And FireGPG works nice with Gmail.

Very convenient, too.

Re:Alternatives?

[caluml]

Or if they do, this information isn't work giving up the knowledge that they do.

Re:Alternatives?

[buzzdecafe]

>> the Feds doesn't possess some magical method of factoring enormous primes

Hmmm. I have a method for factoring any prime, enormous or not. Here it is:

For any prime p, the factorization of p = p * 1

Now excuse me while I run to the patent office.

Re:Alternatives?

BTW as rummy as this story is, it's also a good sign that the Feds doesn't possess some magical method of factoring enormous primes that they're not telling anyone about.

How's that follow?

Said magical method might only be available to higher levels of Feds. Said magical method's existance might be further protected by staging raids that don't use it.

I mean come on, there's 25 feet in the average roll of aluminum foil. You haven't even cracked the seal yet.

Re:Alternatives?

[Deanalator]

"... a good sign that the Feds doesn't possess some magical method of factoring enormous primes that they're not telling anyone about."

These are Canadian feds :-) Even in the US, only a few get access to the code cracking mountains. Not that it would take much, as you can silently hijack any ssl connection with a single cracked verisign/thawte key. Then you win the internet :-)

Also, on a side note, prime numbers are the easiest numbers to factor :-p

Re:Alternatives?

If you want something that is easy to use and doesn't store your message on the service, the Voltage Security Network (http://vsn.voltage.com/).

PGP, GPG, etc. only work for us geeks, but if you want to be able to send secure encrypted email ad-hoc, without the recipient needing to install anything or get a password from you, Identity Based Encryption is the way to go.

Re:Alternatives?

[Deanalator]

"GPG works fine."

Hardly an alternative to hushmail. Hushmail allows anonymous users to sign up (tor is good) for free email accounts, and has built in support for clientside crypto in your emails. Nothing that I know of comes close. Some people would say firegpg + gmail would cover that, but there are some issues. First of all, there does not exist an untracable way to make a gmail account. Also, I believe that in the default configuration, the AJAXness of gmail sends each letter you type one at a time over the wire unencrypted as you type them. This allows google to suggest words etc as you type, and also eliminates any benefit that would be obtained by encrypting the message in your browser. Maybe something like the "encryptthis" plugin with maybe yahoo or hotmail (some sort of webmail that does not require references to get an account), but even then remember you are dealing with American companies, so who knows.

Re:Alternatives?

[Valdrax]

Great! Now email your friends and watch all the messages get bounced or eaten by anti-spam filters that don't trust your home IP address.

Not all of us can afford dedicated hosting for our email.

Re:Alternatives?

[drix]

Doh. This is what happens when you can type faster than you can think :-) "Products of" enormous primes. Once upon a time I took a class where we studied RSA and I even understood it, I swear!

Re:Alternatives?

[v1]

Encrypted mail is built into OS X mail. The only annoying part is the hoops necessary to go through at thawte to get a certificate to begin with. Anyone you have the public key for enables a little box in the mail message to either sign it or encrypt it.

Re:Alternatives?

To remove the AJAX from Gmail, turn Javascript off on your browser. Which, if you're really looking for security, should have been done already.

Re:Alternatives?

[nizo]

Luckily one could encrypt an innocuous message with, say, an attached image that contained the real encrypted message hidden in it. Which of course is what the naughty people are going to do; they will get off while the government snoops through the email of law-abiding citizens.

Re:Alternatives?

FireGPG? It doesn't work with Seamonkey.

Re:Alternatives?

[instarx]

BTW as rummy as this story is, it's also a good sign that the Feds doesn't possess some magical method of factoring enormous primes that they're not telling anyone about.

Ha ha, the more things change the more they stay the same. Say what you will about them, but the NSA is *very* good at keeping secrets. Sure, because they've asked for the keys it might make you think they don't have the ability to read the emails without them, but asking for the keys is exactly what they would do to keep the secret. If the government never asked for anyone's encryption keys we would know they didn't need them. On the other hand, asking for them imparts NO information to the public about whether or not they are really needed.

Re:Alternatives?

[smoker2]

Good thing all the WW2 veterans are dead, so they didn't have to see it...

Eh ?
They're not all dead. My grandfather is in his nineties and served in Africa. As far as I know, there was even still one live WW1 vet at Remembrance Sunday this year. WW2 was only over 62 years ago, and most of the troops were in their 20s when they fought.
Don't be in such a hurry to "lose" the past.

Re:Alternatives?

[rpillala]

I hope no one's figured out a way to factor any primes. I've gotten used to the job security of being a math teacher :)

Re:Alternatives?

[mcrbids]

Not that it would take much, as you can silently hijack any ssl connection with a single cracked verisign/thawte key.

Care to substantiate this?

Re:Alternatives?

[Obsi]

Don't you have better things to do, like block rooms on insignificant online games? Or perhaps threatening to bomb sports stadiums with yellow vans, or imagining yourself in a situation like this?

Note to mods with clue: Keep up the good work.

Note to mods lacking clue, or lacking functioning sarcasm meters: WOOSH

Re:Alternatives?

[tm2b]

The federal government was willing to sacrifice many thousands of lives in WW2 to keep secret of the Enigma decryption.

If you're talking about Coventry, that was Churchill's UK government, and that claim has been debunked by Peter Calvocoressi's (he was a cryptanalyst for the RAF during the war) book, Top Secret Ultra. The Enigma Wikipedia article talks about it.

Re:Alternatives?

[gowen]

Being obliged to surrender your encryption key to police with a court order == fascism eh?
Do you know what a search warrant is? The fact you have to let the police into your house if they've gone through the right channels? You know you can go to prison for destroying evidence, especially if its been subpoenad? Again, if they get the warrants they can intercept your mail and listen to your phone calls.

That's how police work functions. If they jump through the hoops that legal oversight requires, and you have to follow their requests. You can certainly claim you don't have the key, and you get the presumption of innocence, but if the other evidence suggests otherwise, the jury would be quite right not to believe you.

If you think that's fascism, you really, really, really don't understand what fascism is. And since you seem to believe that WW2 was so long ago that all its veterans are dead, I'm not surprised you make other completely moronic statements.

Re:Alternatives?

[houghi]

All of the above, or just use DSL from a USB key. That way when the cops come, nobody will be the wiser as it will be very easy to get rid of/erase/whatever.

They are now so small that they can be anything. You have a lot of lying around? Just dropt it in there and nobody will be the siser.

You can desguise them as almost anything.

And how easy is it to 'loose' this one

And there are many more things where you would not know that they are USB drives.

Re:Alternatives?

[Demerara]

BTW as rummy as this story is, it's also a good sign that the Feds doesn't possess some magical method of factoring enormous primes that they're not telling anyone about.

If I were the Feds (and I'm not, honest), the first thing I'd do after discovering a method to factor enormous primes would be to slap a writ on several outfits like Hushmail, precisely to perpetuate the notion that I could not factor enormous primes.

A man who has the reputation of rising at dawn may sleep until noon.

Re:Alternatives?

For the record, the Feds actually do possess a method for factoring enormous primes. In Python, it's something like the following:

def FactorPrime(n):
        return n

Please don't let the secret leak; we wouldn't want al Qaeda getting their hands on this.

Re:Alternatives?

[stinerman]

And if I don't have my private key handy? Well I still get thrown in the pokey.

I've sent emails encrypted with GPG. Those emails were encrypted under a key that I no longer have access to. I forgot to back up my key when I did a reinstall. I can't really prove I don't have it since proving a negative is damn hard, so it looks like I'm going to jail for not backing up my private keys.

Yeah, that's the mark of fascism.

Re:Alternatives?

[Deanalator]

With a root SSL key, you can sign any domain you want. You could redirect a user's connection via DNS poisoning or whatever, and then serve them pages via https that a browser would recognize as valid. This would mainly be useful for harvesting web credentials, such as banks/paypal/ebay etc. Even the most paranoid security expert would not be able to tell that they were connected to a malicious server.

Similarly you could crack keys used for signed software updates (windows update etc), and silently patch systems with malicious code.

Re:Alternatives?

[Cervantes]

I don't trust email at all, really. I mean, even if your end is secure, and the receiving end is secure, it still has to go through equipment that is either gov't owned, tapped, or "coerced into helping".
That's why I've forgone email entirely, in favour of carrier pigeons. That's right folks, carrier pigeons. Used for centuries for quick, reliable communication across distance. And with advances in modern materials and technology, I can just strap a USB stick to their leg, and send them off. The gov't may have wiretaps and rubber hoses aplenty, but I'm quite certain they don't have people sitting out on rooftops with big nets, watching for pigeons. Security through obscurity, people!

However, thanks to Slashdot, I now recognize that STO isn't a foolproof method of protecting your data. With that in mind, I've started to randomize my data as well. Even if they found it, there's no way they could sort it out.

Now, if you'll excuse me, I have to go throw another pigeon in the blender.

Not paranoid enough.

[Valdrax]

I guess this is a brief lesson in why one should never fully trust the encryption of your private materials to a third party.

Re:Not paranoid enough.

Oh, I never trust any party to encrypt my privates..

Oh..

You said... *blush*

Re:Not paranoid enough.

[TheVelvetFlamebait]

Not paranoid enough.

OK, so the Government got your passkey. You haven't really justified your paranoia until the Government not only uses it, but does something sinister with the information gathered with it.

Missing from the article

[WK2]

There are several facts missing from the article:

1) Was there a court order? Or Canadian equivalent?
2) Did hushmail lie? The obviously commited willful deception, but did they outright lie?
3) Did hushmail violate it's TOS?
4) Did hushmail do anything illegal?

Of course, what the article did mention is important, especially to hushmail, and potential hushmail users. However, it would have been nice if they had dug a little bit to answer these obvious questions.

Re:Missing from the article

[Albanach]

The Register ran an article on this last week. From their piece:

US federal law enforcement agencies have obtained access to clear text copies of encrypted emails sent through Hushmail as part a of recent drug trafficking investigation.

The access was only granted after a court order was served on Hush Communications, the Canadian firm that offers the service.

Hush Communications said it would only accede to requests made in respect to targeted accounts and via court orders filed through Canadian court.

Re:Missing from the article

[e9th]

From their FAQ.

Re:Missing from the article

[bcrowell]

The Wikipedia article has a bunch of good references. The slashdot summary seems to be incorrect in some of its particulars. If you read the various articles, none of them seem to say that hushmail turned over private keys. They turned over cleartext of messages. Yes, there was a court order (see the more recent wired article). No, hushmail doesn't seem to have lied to their users in general -- the wired article praises them for their honesty -- but they do seem to have put a strong marketing spin on the lack of real security in the JS implementation of their service (as opposed to the original, more secure Java applet, in which the private keys never left the client machine).

Re:Missing from the article

[justzisguy]

This is all old news that was spelled out in a much more detailed article on Wired last week. To subvert those that don't RTFA, I'll answer your questions here on /.:

1. Hushmail was served with a court order issued by the British Columbia Supreme Court (the Feds in Bakersfield, CA had to forward their request to the Canadian government)
2. Hushmail glosses over the vulnerability to private key capture in their non-Java based web client, but it is mentioned. The Java client never transmits the private key (you still must trust the client, source code is available; compare the hashes)
3. No, Hushmail's TOS do not prevent them with complying with a legal court order. Their users also must not break the law, per the TOS.
4. Hushmail followed Canadian law perfectly.

So what can we learn from this? First, don't do illegal things (and use Hushmail or anything else). Second, while their non-Java client is convenient for avoiding the bulk of your traffic getting sucked up by programs like Carnivore, use the Java client and not even Hushmail can hand anything over (they never received the private key, even for an instant).

Re:Missing from the article

[Jinjuku]

You do realize you have the only reasonable response so far? As the years go by I see more /s'ers losing grip with reality. It's sad to see so many otherwise intelligent people not think for themselves and going off half-cocked.

Re:Missing from the article

Was there a court order? Or Canadian equivalent?

Yes, we do have courts in Canada, along with juries, judges, lawsuits, court orders, warrants and appeals.

One thing we don't have have is the "lawsuit lottery" where you can get millions for frivolous cases.

Re:Missing from the article

[Frosty+Piss]

2) Did hushmail lie? The obviously commited willful deception, but did they outright lie?

Come on now. It's the same thing.

Re:Missing from the article

[GuldKalle]

No, lying is what us normal people do. Willful deception is only for marketing executives, lawyers and politicians.

Re:Missing from the article

[jonbryce]

In the event of a conflict between their TOS and criminal law, they have to comply with criminal law, and not their TOS. To the extent that they have to do that, they aren't in breach of contract.

Re:Missing from the article

[inonurmi]

Second, while their non-Java client is convenient for avoiding the bulk of your traffic getting sucked up by programs like Carnivore, use the Java client and not even Hushmail can hand anything over (they never received the private key, even for an instant).

A couple of weeks ago, I read an article containing some very frank quotes by one of the Hushmail spokesmen. In it he agreed with the interviewer that it was possible to bypass the private key in the Java client. All Hushmail needed to do was serve up a different version of the client, that contained a backdoor.

Re:Missing from the article

[RealGrouchy]

1) Was there a court order? Or Canadian equivalent? Yes, as evidenced by the different colour smoke coming out of the National Igloo.

- RG>

Re:Missing from the article

[Swampash]

Their users also must not break the law, per the TOS.

Sounds a bit circular to me. "If you are shown to be breaking the law we will turn over your emails which will be used to show you are breaking the law and thus we will turn over your emails which will be used..."

Re:Missing from the article

Not according to this man.

Re:Missing from the article

I think it is more like if you are caught breaking the law in some way then Hushmail will respond to legal requests to hand over your email which may be used to provide additional evidence of your lawbreaking. So if the police can show reasonable cause to suspect you of drug smuggling, they can get a court order and Hushmail will provide your email to the police. This is pretty much the way it's always been so no big surprise here. If you don't want Hushmail to be able to do this then don't provide them with your private key, or don't use them.

Re:Missing from the article

[justzisguy]

Security has never been and never will be absolute. There is an inverse relationship between security and convenience. The Java client can be changed (are you checking the code every time your browser downloads it?); your web browser can be compromised; your operating system can have a (software) key logger; your computer can be tampered with. We're not going to even get into physical security avenues of attack. At some point you have to cut your losses and begin to trust someone/something.

Hang on while I don my tin-foil hat. Or is that the way *they* amplify the brain-scanning waves...

Re:Missing from the article

[pla]

Was there a court order? Or Canadian equivalent?

Irrelevant. Public key encryption makes a court order irrelevant. Only the victims' stupidity made even turning their emails over possible.


Did hushmail lie?

All companies lie.


Did hushmail violate it's TOS?

TOSs apply to customers, not service providers. Not that I approve of that, but so it stands.


Did hushmail do anything illegal?

Legal and illegal simply don't apply here. They could have followed the letter of the law and still acted reprehensibly, or they could have broken the law and acted "patriotically" by rolling over.



Mostly this boils down to people using a service they didn't understand. This should pretty much destroy HushMail as a company, but only because of how they presented themselves. The real blame here falls squarely on the idiots who trusted their sensitive information to anyone other than themselves.

Re:Missing from the article

Deception isn't the same as lying. Lying is the active, direct *communication* of a falsehood. Deception can be anything, from a fake wood floor to an elaborate ruse that leads someone, on their own, to form false beliefs. I'm not saying anything about the ethics of either, but they are definitely not the same thing.

Re:Missing from the article

[CronoCloud]

What I'm wondering is why didn't Hushmail, when the authorities show up on their external security cameras, just essentially do the secure wipe equivalent of:

rm -rf sensitive_data/

Re:Missing from the article

[m50d]

No, it really isn't. And if you can't see why, you don't belong on slashdot.

Re:Missing from the article

Right. In fact, I could very easily deceive you (but not lie) by saying:

"There was no concentration camp during WWII!" ... ...

in Mexico, I mean.

A form of deception called "half-truths" are too commonplace these days.

End of Hushmail?

[hairykrishna]

Surely this will do for them? How can they base their entire business around providing private email then just hand over CD's full of them whenever the authorities come knocking? Terrible.

Re:End of Hushmail?

[nurb432]

How many of their users will even know this happened? Enough to put a dent in them? without a doubt. Enough to put them out of business? I donno.. lots of uninformed people out there.

Re:End of Hushmail?

[eipgam]

I don't know, maybe because a court order said they had to?

Re:End of Hushmail?

[corsec67]

But, why would they be able to comply?

If they really lived up to their name, they would never have the private keys, unencrypted emails, or any way to get either of those.

Re:End of Hushmail?

[Kjella]

I think you're pretty delusional to think any company will provide a service that operates outside the law. Or if they were, they'd probably go under the term "organized crime". Hushmail can be private in many ways - private against legally served court orders is not one of them. Again, if you expect them to you're a fool. What did you think, that they have some sort of legal immunity? The only real rule is that they can't give anyone what they don't have. Never give them your private key, and they can never reveal it. Everything else is just security theater.

No mater how secure

[KevMar]

No mater how secure a company claims to be, you can't expect them to not fallow the law.

Re:No mater how secure

[LeafOnTheWind]

heh, "fallow the law"
Maybe they just need to find a new crop to plant?
P.S. Just because you say you make a lot of spelling and grammar mistakes doesn't mean we can't rip on you for it. http://www.answers.com/fallow&r=67 http://www.answers.com/follow http://www.answers.com/mater http://www.answers.com/matter

Re:No mater how secure

[julesh]

No mater how secure a company claims to be, you can't expect them to not fallow the law.

The point is that according to hushmail's end-user documentation, *they can't do this*.

Hushmail supposedly store everything, including your key, encrypted. The encrypted key is sent to an applet running on your computer, which decrypts it *locally* without sending a copy of your passphrase to the server. If you send e-mail to another hushmail user (as was the case in this instance) it is supposed to be encrypted with their public key *before it leaves your computer*.

If all of this was true, hushmail would not have been able to supply the FBI with the documents they did.

Re:No mater how secure

http://www.theregister.co.uk/2007/11/08/hushmail_court_orders/

The access was only granted after a court order was served on Hush Communications, the Canadian firm that offers the service.

Hush Communications said it would only accede to requests made in respect to targeted accounts and via court orders filed through Canadian court.

(emphasis mine)

They followed a court order, this story is a non-issue.

Re:No mater how secure

As many others have pointed out, hushmail has 2 versions: the better version is an applet that does the encryption client side, and is completely secure; the lesser (and probably the one involved here) does the encryption server side, which has obvious issues.

Re:No mater how secure

[UbuntuDupe]

No mater how secure a company claims to be, you can't expect them to not fallow the law.

Oh, but I *can* expect them not to render the law useless!

Re:No mater how secure

[Spykk]

But if a company promises you they will keep your data from the authorities, then they are the ones in the wrong. The onus is on the company to understand the laws before they make you a promise that they cannot keep.

Re:No mater how secure

[Vegeta99]

You may not be a grammar major, but as a gamer you should understand following the rules. Unfortunately, when communicating with people, certain rules must be followed. For instance, it would be a little bit weird if the doctor came up and screamed at you YOU'S GONNA DIE! when you have cancer, or if you tried to ask your friend to check our the woman next to him by screaming.

It is furthermore unfortunate that most of these rules are taught to people before they enter secondary education; breaking the rules simply makes you lazy, unintelligent, or both!

By using the word "fallow" (I'm ignoring the double negative for now), you have indicated that one can expect Hushmail to leave the law undeveloped, ie, would not work to make it better. Please remember that Firefox has a spell checker, and will automatically highlight your typos.

Re:No mater how secure

[Chris+Tucker]

"Please remember that Firefox has a spell checker, and will automatically highlight your typos."

"Fallow" is a perfectly cromulent word, and as such, would not be considered a typo by the Firefox spell checker.

Re:No mater how secure

[TapeCutter]

"Firefox has a spell checker"

Truth from poster different, he break rules firefox wise - not.

Re:No mater how secure

Hey genius - did you know that your misspellings effectively reverse the meaning of your sentence?

Re:No mater how secure

[alw53]

History is full of flagrantly unjust court orders. Many reporters have gone to jail
in defiance of court orders to reveal their sources. When I encrypt something, I
expect it to stay encrypted.

Re:No mater how secure

[Vegeta99]

Ah yes, but his sig has not one, but two typos!

Re:No mater how secure

[Chris+Tucker]

So it does. Still and all, this IS /.!

I suspect that most of these folks who do that blew off 'bonehead English' during their freshman year, and then complain to their professors about bad grades. "Dude, I spell checked it and everything!"

Homonyms: The landmine of the English Language!

I could always pull a B+ paper up to an A- or even an A just by making sure my spelling and punctuation was correct, and that I was using the right word with the right meaning in the right place.

And this in the days before personal computers! My ancient and well-taped together Doubleday Dictionary served me well, way back when. As did my typewriter.

Re:No mater how secure

[Vegeta99]

I hear ya. I know this is /.

And I'm young enough that computers had spell check right about the time they stopped giving us spelling tests - I'm still in college, and it drives me up a wall too. :P

If you give away your key...

[Albanach]

This is only possible because users want the convenience of letting the Hushmail servers do the encryption on their behalf. To do this they have to hand over their encryption key, and once it's out of your control, so should be any expectation of privacy.

I'm not sure what users expect. If a legitimate legal request that is clearly going to stand up to any legal challenge comes in and you give the company the ability to decrypt the messages you send, the company has no option but to comply.

If Hushmail users want privacy they need to put up with the inconvenience of using an applet to sign their messages, and should be checking the hash of the Applet each time it is downloaded too so they can ensure it hasn't had a backdoor added. ideally the applet shouldn't send anything over the network, it should just encrypt the text and pass the pgp encrypted text content to the browser compose window. Then the user can check the data doesn't include anything they didn't put there themselves.

Re:If you give away your key...

[nehumanuscrede]

Have to agree with you on this.

I don't understand why folks are so upset over this. You do NOT
give out your private keys. Ever. For anything. I don't care
how convenient the new version is, if you don't have control over
your private keys, they're no longer private.

In a related note:

Last night I noticed that my encrypted emails were not making it
to my Comcast account. ( Yeah, I hate em too but they're a monopoly
in my area. You want high speed ? You have Comcast or you have dial
up. )

After checking spam settings and whatnot ( everything is disabled and
wide open, no spam blocking enabled at all ) I was sending test emails
from another online account to see which ones made it through.

Extremely short messages ( 1-4 lines ) would make it through. But
anything longer would simply vanish. To verify my end I would send
a misc cleartext message of decent length and it would go through
instantly. Each and every time. Send a PgP encrypted email of the
same length, and it would go MIA.

Changed to a different application and it is able to send encrypted
messages through no problem. ( Encrypt This FireFox Addon ) Though
this application doesn't use symbols in the cyphertext. AES algorithm
that outputs alpha characters in five character groups.

I pulled the flags off of the PgP emails thinking they may be triggering
on that, to no avail. Still MIA. Maybe it's keying on the random gibberish
output ?

I sent in an email to tech support on it and oddly enough at five
am this morning, all my encrypted emails that went MIA all came in
at the same time. :|

I'm hoping they just got caught up in a Anti Virus system or something.
Then again, with Comcast's reputation, it bothers me somewhat.

*shrug*

Re:If you give away your key...

[rastoboy29]

I would expect these customers simply don't understand all these encryption concepts at all, they just saw "secure" and figured they could do their illegal shit with it safely.

I dunno.  Long and short of it, is these folks may be so crazy desperate to do their illegal shit that they would take a chance like that, anyway, may indicate that they really sould be investigated by the FBI and friends.

Re:If you give away your key...

[novakyu]

In the meantime, I advise you to learn how PGP (or any key-pair encryption scheme) works. You NEVER encrypt with your private key (i.e. the key you keep). It's for decryption only (and maybe signing). If you'd ever encrypt an outgoing mail, you'd encrypt it with the public key of the recipient, and the recipient can decrypt it with her private key.

The passwords that encrypt your private key, which normally lives in the encrypted form, so that not just any shmuck who comes across it can use it (the heart of the matter in this case) uses a symmetric cypher and your naive description does have a slight chance of being remotely correct in this case (about encrypting on your own machine).

Re:If you give away your key...

[novakyu]

If you are running your own mail server ... have you checked your mail queue? After all, Comcast's tactic of "delaying" messages could cause exactly that. i.e. As your mailserver tries to upload the messages to destination server, Comcast cuts it off with their patented reset packets. Then, if your mailserver is like any other well-configured server, it'll retry a couple more times and reschedule to send the message a couple hours later. And so on.

Without knowing exactly how Comcast decides to mangle your connections, of course it'd be hard to explain why you received all your mail at the same time. But the thing is, there is no "mail limbo" that exists somewhere in the Internet---either it's still on your server (i.e. the receiving server did not accept and take responsibility for further delivery), or it's on the other server. Chances are, it's still on yours. And then you'd at least know, if you sent it to accounts other than your test accounts, that the mail never made it to the recipients.

Re:If you give away your key...

[Albanach]

Oh FFS - just change encrypting to decrypting above and everything makes sense, as anyone else reading the post was able to comprehend. Only you were naive enough to think it needed another post to explain.

Hushmail now lets you encrypt & decrypt messages on their servers rather than using an applet. As a result you have to hand over your private keys and it's a simple matter for Hushmail to capture the plaintext of your password that protects your private key.

Plaintext messages are now sent to hushmail for encryption before being sent. Received messages are converted to plaintext before being delivered to your browser. Hushmail have access to plaintext in either direction because users didn't like the 'inconvenience' of using an applet.

As I said, that's not a wise compromise to make.

Re:If you give away your key...

[nehumanuscrede]

As a test, I fired up a Yahoo account.

I sent half a dozen plaintext emails from that account to my Comcast account.
Once I sent a plaintext email, I then encrypted it and sent it next.
All of the plaintext showed up in my Comcast Inbox almost instantly.

No issues there.

The encrypted ones, on the other hand, all went MIA. Which is what I found odd.
Even more so, was the fact that all of the encrypted mail all showed up at
the same time early in the am. Even though all of the mail ( encrypted and plaintext )
were all sent out around the same time. ONLY the encrypted ones ended up going missing.

I'll have to play with it some more. Perhaps it was just a fluke.

who the hell gives away their private keys???

[acvh]

kind of defeats the purpose, I'd say.

Re:who the hell gives away their private keys???

[goodmanj]

In other news, a breakin and robbery was reported at 42 Elm Street after the owner gave his front door key to a gang member to hold for safekeeping. "He seemed like such a nice guy", said the owner.

Re:who the hell gives away their private keys???

Evidently, drug traffickers.

Re:who the hell gives away their private keys???

[kensan]

those people that don't understand the "private" in "private key" I guess.

Re:who the hell gives away their private keys???

[jc42]

Heh, funny. But we could probably produce a closer parallel:

In other news, a breakin and robbery was reported at 42 Elm Street after the owner gave his front door key to a cleaning service, so they could clean his house while he's at work. But a local gang extorted copies of keys from the cleaning service, in exchange for "protection" from the gang's members, and they used the keys to burglarize customers' houses.

This is a lot closer to the actual story. The main difference is, when the government does this sort of thing, it's effectively legal.

Re:who the hell gives away their private keys???

[DustyShadow]

Criminals were never considered to be the brightest of the bunch...

Re:who the hell gives away their private keys???

That's just the ones who get caught.

Re:By the authorise?

How do you possibly get "authorise" from "authorities"?
Remove the second t, second i, and reverse the e and the s.
(the summary was C/P'ed from TFA, so this is all I got...)

right.

[apodyopsis]

you'd be expecting hushmail to turn up on fuckedcompany.com soon...

...if the website was not currently fucked.

Really though, come on. A firm that sells privacy as a feature and then gives it away to anybody who asks is about as crooked as your doctor telling your friends about your medical records on request. I had a hunt for the hushmail T&C to try and see if this was mentioned in any legalese but had no joy locating it.... The Internet being notoriously unforgiving on such matters I would not give too hoots for hushmail's future business regardless of whether they claim they had no choice or not

Re:right.

[Antique+Geekmeister]

Whatever happened to fuckedcompany.com, anyway? I rather enjoyed seeing information on that site before I got it under NDA, and pointing it out to the person who insisted on the NDA. (It was particularly sad and funny during layoffs, and an amusing thing to quietly forward the URL to departments about to be visited by the corporate hatchetman.)

Re:right.

[base3]

And they should have been set up in such a manner that it was impossible for them to hand over the public key, as they imply. I suspect the decision to make the insecure non-Java version default (saving the trouble of signing a rigged applet and pushing that down when served with a court order) was the result of some not-so-subtle back door pressure. Like when ZKS Freedom "ran out of money" right after 9/11.

Re:right.

[Jinjuku]

I don't see where any of this is Hushmails fault. They had parties that where willfully engaging in illicit activities and sought to cover their tracks by encrypted emails. The only problem is that the criminal element overstepped their technical ability. The Hushmail service makes a distinct notice on their technical FAQ of the differences between client side and server side encryption.

Check out the link:

https://www.hushmail.com/hushmail/showHelpFile.php?file=compatibility/java/index.html
Particular line items to read:

1. Passphrase decrypted on web server: discusses where the crypt/de-crypt takes place
2. Private key decrypted on web server: discusses where the pk crypt/de-crypt takes place

This only takes three clicks to get to. I really think the collective intelligence of /. readers and editorial staff are is either slipping or very much jaded and agenda poisoned.

Re:right.

[base3]

Sure, they were criminals, but criminals aren't the only ones who will take the services' advertising, which said straight up they didn't have access to the user's private key, at its word. Had it been a Chinese dissident getting the death penalty for "crimes against the State", would it still be okay for Hushmail to bury the fact they store private keys and that they're recoverable by a valid subpoena in a "technical FAQ"? Those who know their way around technically don't need services like Hushmail to communicate securely and anonymously--this services is marketed to the less technically inclined.

Re:right.

[Jinjuku]

Bottom line: Hushmail makes no bones about the pro's and con's of client vs. server side encryption. They in no way obfuscate. It's all academic anyways since they were compelled by court order. I am just simply calling some liars here, er, well liars when they are stating that Hushmail doesn't document this particular fact. Then once it is pointed out that they indeed do, the liars then go to plan B and say, well it's hard to find. When it is then pointed out that in 3 clicks from the main page you can find this information it's on to plan C and say, well they aren't technically proficient... Well who's fault is that? It's true that STUPID criminals get caught first. Private keys HAVE to be stored SOMEWHERE. Hushmail is not going to market themselves as a company that enables complete anonymity for thugs, drug dealers, mafioso, etc. They are a legitimate service for legitimate privacy needs. Hushmail had the emails in clear text BEFORE they were encrypted btw.

Last time I looked at hushmail...

[DamnStupidElf]

They used to release the full source code to their Java applet that handled encryption/decryption, and provided instructions for building a byte-exact replica of what they distribute.

Theoretically, hushmail can be used in a perfectly secure manner; download the source, check it for back-doors, compile the applet yourself and memorize its hash. Then whenever you use hushmail, just verify that the hash of the downloaded applet is the same as the one you compiled yourself.

Probably hushmail was just feeding a tainted applet to the specific targets of the investigation, otherwise I'm sure some other astute user would have noticed the change in the applet signature. The typical muscle-bound steroid dealer probably doesn't have the time to memorize and compare hashes though...

Re:Last time I looked at hushmail...

[jjohnson]

Hushmail wasn't feeding a tainted applet, they were providing the keys of those who were identified and chose to use the server-side encryption option, rather than the applet.

Why is this surprising?

[crypTeX]

Is everyone forgetting that this is a relatively small company. How many people believe that if The Suits show up with something that looks official on paper that a company with people who want to look out for their own families and such will say "No, we're not giving you that." If the algorithm is secure, you have to keep your own key. I'm not willing to go to prison for your secret, let me know if you find someone who think truly is.

Re:Why is this surprising?

[julesh]

If the algorithm is secure, you have to keep your own key

Of course, hushmail's original selling point was that you _do_ keep your own key, or at least your key's AES-encrypted while on their servers and not decrypted there. That's the story that most people here about the service, even now.

However, at some point in the not-too-distant past, hushmail added a new service that didn't require a java applet to work, but that does require them to have your key. They're not forthcoming enough (IMO) about the difference between the two services.

Re:Why is this surprising?

[Jinjuku]

Actually they are quite forthcoming, you just need to practice what is called 'Due Diligence' and READ. I know it's an uncommon skill nowadays. Sorry if the users where too god damned stupid to read up and educate themselves. I guess that is why prisons are mostly filled with stupid prisoners.

Re:Why is this surprising?

[julesh]

Actually they are quite forthcoming, you just need to practice what is called 'Due Diligence' and READ. I know it's an uncommon skill nowadays.

Where does it say this? The only mention on the home page is at the bottom, "Hushmail without Java is now available". OK. Say I don't particularly care whether or not Java is used; I click on the "sign up for free email" button.

The text on this page is:

New Secure Email Account
Welcome to Hushmail, the world's premier free, secure web-based email and document storage system.

  Step 1
Choose your new email address:
Click here to use an automatically generated email address

  Step 2
The security of your account is determined by the strength of your passphrase. Please use a passphrase that is much longer than an ordinary password. For advice on generating a strong passphrase, see http://www.diceware.com./

Choose your passphrase:
Re-type your passphrase:

  Step 3
Five numbers are displayed below to help us distinguish between real people like you and computer programs trying to use our service.
Please type the five numbers you see below:

  Step 4 (Optional)
Show advanced options

  Step 5

By signing up for this service, you acknowledge that you have read and agree to abide by our terms of service.

Do you expect people to read the entire site before signing up, in order to realise that in order to be secure they have to click "Show advanced options", and press the "Enable Java" button that's hiding in that panel?

Re:Why is this surprising?

[Jinjuku]

Actually, I would expect someone to hit their technical FAQ http://www.hushmail.com/help-faqs2?PHPSESSID=eec0a49a477ecd863c4f97f20849d434#roleofjava

Re:Why is this surprising?

[Jinjuku]

Here is better link: https://www.hushmail.com/hushmail/showHelpFile.php?file=compatibility/java/index.html It is a simple table matrix of differences. If you can't take away the pro/con and what it means to run your encryption scheme on a 3rd party server then you have overstepped your technical competency. This is no fault of Hushmail. They spell it out in black in white. I am so tired of a board like slashdot with the false arrogance of presumed superiority vs. the masses.

Re:By the authorise?

[timberwork]

Considering the article is written for an Australian website, "authorise" is indeed the correct spelling.

Lesson Learned:

[nurb432]

Don't trust someone else to do what you should be doing yourself.

Re:Lesson Learned:

[StarfishOne]

http://www.sjtrek.com/trek/rules/ ;P

This is nothing more than another example and ....

[3seas]

....reminder of the typical "make a claim of one thing and do the opposite --- and profit"
Oh so typical of the computer.....

Re:By the authorise?

'DEA agents received three CDs of decrypted emails which contained decrypted emails for the targets of the investigation that had been decrypted as part of a mutual legal assistance treaty between the United States and Canada. I received three decrypted cds of decrypted emails that were once encrypted but are now decrypted so the encrypted emails are now decrypted. I've now reading through for formerly encrypted decrypted emails and by reading the decrypted emails that were encrypted but now decrypted I will find out what was so important that it had to be encrypted and now decrypted.

--
Qrpelcgvat guvf rapelcgrq pbagrag vf n ivbyngvba bs gur Qvtvgny Zvyyraavhz Pbclevtug Npg.

Hushmail did NOTHING WRONG

[wurp]

I have used Hushmail for ages, and it is entirely secure. These users did something foolish - they demanded, then got, then used a "more convenient" version of Hushmail that did the encryption on the server instead of on the client.

Standard Hushmail downloads (& caches) an applet on your computer that encrypts & decrypts your private key with your passphrase. Only the encrypted private key is stored on Hushmail servers, and your email encrypted with the public key. They don't give your decrypted email up to authorities, even with a court order. Because, by design, they CAN'T. The unencrypted private key is never on their server.

The new & improved Hushmail works without you having to have Java support or download an applet. It can only work by decrypting the private key server-side, which means Hushmail has (at least briefly) the information to decrypt all your email. Which means that if they get a court order, they must capture that information and provide your decrypted emails or they go to jail.

Of course, with the applet they could give you a new one that sends them the decrypted key - I'm not sure of the legality of them doing so, even with a court order. However, this is not what happened - all they did was provide information they had on their servers, as required by law.

The only way to be sure of your security is to build a device by hand that does all the decryption & display on the device, inspect all of the code you put on it by hand (preferably compiling using a compiler you wrote in machine language). Oh, and only read email on the device in an opaque faraday cage, naked.

Hushmail gives you precisely as much security as they possibly can, and no more.

Re:Hushmail did NOTHING WRONG

[julesh]

Of course, with the applet they could give you a new one that sends them the decrypted key - I'm not sure of the legality of them doing so, even with a court order.

If I were them, I'd wipe the private key that's used to sign the applet. That way, if they're ever forced to do this, they'd have to use a different signing certificate, and the users (at least those who had checked the 'always trust applets from Hush Communications' checkbox the first time they signed in) would get an unexpected security dialog. Those of us who are paranoid could then choose not to use the fishy version.

Re:Hushmail did NOTHING WRONG

[hpavc]

I disbelieve .... "Hushmail gives you precisely as much security as they possibly can, and no more." is meaningless when they fail to share that they have a policy of going turn coat on you. Billing yourself as a oasis when its a mirage is more like it.

Re:Hushmail did NOTHING WRONG

[badfish99]

Hushmail gives you precisely as much security as they possibly can, and no more.

I don't know much about Hushmail, but I looked at their website, and they seem to want about $50 per year for what is basically GPG, and therefore available free. Except that, since java applets are downloaded from the server, there's no way to be sure that what you're actually running is what they claim that you are running, so their system might have all sorts of insecurities and backdoors, even if their source code looks OK. So they might give you as much security as they can, or they might be a bunch of cowboys. How do you tell? I certainly wouldn't trust them with my secrets.

Re:Hushmail did NOTHING WRONG

I'm not a Hushmail member, but I'm assuming their EULA/privacy policy has the same clause statement as every other website I've ever signed up for: that your right to privacy, and their "efforts" to actively protect your privacy, does not extend to an official request (eg. subpoenia) by law enforcement. End of story.

Yes, I really do glance through every online EULA when my real name is required.

Pretty sure The Pirate Bay even has that one... though.. I'm not a... member there.. either...

Re:Hushmail did NOTHING WRONG

I certainly wouldn't trust them with my secrets. Which are?

Re:Hushmail did NOTHING WRONG

Standard Hushmail downloads (& caches) an applet on your computer that encrypts & decrypts your private key with your passphrase. Only the encrypted private key is stored on Hushmail servers, and your email encrypted with the public key. They don't give your decrypted email up to authorities, even with a court order. Because, by design, they CAN'T.

Why can't they? You are assuming that the Java applet does exactly what they say it does. Meanwhile you are blaming the other users for being idiots for believing Hushmail's other service will do what they say it does.

Re:Hushmail did NOTHING WRONG

[cortana]

Standard Hushmail downloads (& caches) an applet on your computer that encrypts & decrypts your private key with your passphrase. Only the encrypted private key is stored on Hushmail servers, and your email encrypted with the public key. They don't give your decrypted email up to authorities, even with a court order. Because, by design, they CAN'T. The unencrypted private key is never on their server. Are you sure that Hushmail wouldn't deliver a version of their software with a backdoor if ordered to by a court?

Re:Hushmail did NOTHING WRONG

[guruevi]

Standard Hushmail downloads (& caches) an applet on your computer that encrypts & decrypts your private key with your passphrase.

<Adam Savage (from Mythbusters) voice:> Well, there's your problem...

Re:Hushmail did NOTHING WRONG

[Burz]

I have used Hushmail for ages, and it is entirely secure No it isn't, you +5 prat.

You have no way of knowing whether they 'tweak' the applet code for targetted users, much as cellular networks in the USA remotely reprogram cellphones of targeted customers, turning their phones into always-on wireless mics even when they appear to be off.

They COULD provide you with an open-source client app (in Java, for instance) that would function just as nicely as their server-controlled client. But for whatever reason, they kept control over everything which means they can rat you out on command.

Hushmail gives you precisely as much security as they possibly can, and no more. You sound like an advertisement.

Re:By the authorise?

First suggestion of the spell checker?

Maybe you meant a grammar checker?

Hushmail are okay

They complied with court orders for their SSL webmail product, the more secure variant uses a java applet. Nothing of note here except how stand-up hushmail have been about it.

Re:By the authorise?

[larry+bagina]

emails aren't read by the authorise and submissions are edidet by the slashdot janitors.

trust any electronic devices

[FudRucker]

do not trust anything electronic for communications anymore...

Re:trust any electronic devices

[Bill,+Shooter+of+Bul]

what exactly do you propose for long distance communication?

Re:trust any electronic devices

[FudRucker]

i never said not to use anything for long distance communication, just don't trust the devices used for long distance communication...

Re:trust any electronic devices

[Bill,+Shooter+of+Bul]

So basically what you're saying is that you cannot send a message long distance with %100 assurance that it is secure. So either don't send sensitive information long distances, or live with the fact that they may be intercepted. Right?

Re:trust any electronic devices

[Vegeta99]

ROT-13 smoke signals.

Re:trust any electronic devices

[petard]

So basically what you're saying is that you cannot send a message long distance with %100 assurance that it is secure. So either don't send sensitive information long distances, or live with the fact that they may be intercepted. Right?

I don't know what OP was trying to say, but your statement is wrong. You don't want to place your trust in the communications medium. Transmit a token out of band that you can use to establish trust. One example of this would be encryption keys. You and I meet in person, exchange keys, then use those keys to establish a secured channel over an untrusted medium. If this is infeasible, we can do accomplish the same thing transitively. Anyone remember key signing parties?

Re:trust any electronic devices

[Bill,+Shooter+of+Bul]

Right, but how can you be 100% sure that there isn't a rootkit on either your box or the recipients that is grabbing the cypher text after its been decoded. At somepoint you have to just accept the 1 in six billion chance that it could be intercepted. Thats not the same as saying that the risk doesn't exist.

Re:trust any electronic devices

[petard]

My point was simply that those don't need to be the devices used for the communication. You could be transferring the encrypted message via offline means to a box that's never been online or left your control for decryption. Now how you can be sure that a box that's never been online or left your control doesn't have a rootkit may or may not be an open question, depending on how you constructed it... the fact remains that you don't need any trust in the communications equipment. Even if you want to claim that the risk is still not zero, it's a very different risk than any strategy that requires you to trust your long distance communication equipment.

Re:trust any electronic devices

Two tin cans and a very long piece of string.

Not as big a deal as you think

[headhot]

Hushmail has 2 options, client side encryption which is done via a java plug in, and server side encryption.

They only had the keys to give away for those people who chose server side encryptions. They don't have the private keys for those who cleint side.

Also, when you choose you method, Hushmail tells you that server side is much less secure. They and anybody else operating in the US would have to turn over the private keys they heald with a court order.

Whats the leason? Key your private keys private. Duh.

Re:Not as big a deal as you think

[betterunixthanunix]

1. You submit your passphrase to Hushmail's servers, which log it. What stops hushmail from doing that?
2. You are using a closed Java Applet that is developed by Hushmail; how do you know it isn't sending a decrypted copy for logging on Hushmail's servers?
3. Hushmail does store private keys, otherwise their system would break. If the private key was never stored on their servers, then you wouldn't get the convenience of Hushmail.

4. Lesson: don't use a third party encryption service, it is complete bullshit. Hushmail provides nothing more than a fresh MITM attack vector for anyone wishing to look at your email. It capitalizes on people who heard that the NSA is eavesdropping on Email, that encryption can prevent this invasion of privacy, but who are simply too lazy to set up Enigmail (for Windows) or any of the dozens of email programs for *nix. As with all privacy violations, this one is fueled by laziness -- too lazy to learn about cryptography, too lazy to set up secure cryptography, too lazy to think about the implications of a third party encrypting your message for you.

Wired article with an interview

[tommyatomic]

Here is a link to a wired article about the same issue. However wired actually bothered to contact the Hushmail and got a response from the CTO Brian Smith. Apparently it is not a clearcut as the OP and TFA suggests. http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html

Web Mail

[Frosty+Piss]

If you want encrypted mail, run the encryption yourself... GPG is freely available.

I don't know anything about "HushMail", but I assume it has some kind of Web interface? Are there any alternatives for people that must use Web mail (for example on the road a lot)? Could some type of encryption program be carried on a USB drive that might translate the message locally into code?

Re:Web Mail

[N7DR]

Are there any alternatives for people that must use Web mail

FireGPG. I haven't used it, but the blurb seems to indicate that that does the trick, at least for gmail.

Re:Web Mail

[Nasarius]

I concur with FireGPG. USB key drives of 2GB and larger are dirt cheap these days, so just install your fully-customized version of Firefox on one, if you're using many unconnected computers. Thunderbird/Enigmail is even better if you're using Gmail, especially now that they offer IMAP.

Re:Web Mail

[TwilightXaos]

If you do the encryption yourself then you can use whatever you want.

For example, let's say you want to use Yahoo mail:

• You get an account at yahoo
• Then you get a usb drive with gpg on it (for example from http://www.jumaros.de/rsoft/index.html
• Now, before you send mail you encrypt it with gpg and whatever front end, like gpgShell above, you are (or aren't) using.
• Paste the encrypted text into the e-mail, and send
• When you get a message from your drug/child porn/illegal software/ect dealer it will look like gibberish
• Copy the message, and then decrypt it with your program

The flaw in this is that if the computers you use are compromised, then they could get your key and passphrase. If you had stuff that was that secret, and moved around a lot I would get a laptop.

Re:Web Mail

[hairyfeet]

here you go-http://www.portablefreeware.com/?q=encryption&m=Search plenty of USB portable apps to encrypt, including blowfish.

Re:Web Mail

[aleander]

http://firegpg.tuxfamily.org/ And I think I remember a Greasemonkey script that made S/Mime over GMail possible.

Re:Web Mail

[Kadin2048]

FireGPG doesn't really include GPG, though; it's an interface to it, but requires GPG to be installed on your client system. While I guess you could possibly put that on the stick as well, along with Firefox and GPG, it's probably getting easier at that point just to put a whole Linux-based system on the stick and boot from it whenever you desire to do something requiring security.

Re:Web Mail

[badzilla]

Alternative to Hushmail; advertises itself as free secure webmail

http://www.s-mail.com/

Re:Web Mail

[jgrahn]

If you want encrypted mail, run the encryption yourself... GPG is freely available.

I don't know anything about "HushMail", but I assume it has some kind of Web interface? Are there any alternatives for people that must use Web mail (for example on the road a lot)?

You don't have to use Web interfaces in order to work remote. Log in to your company server using ssh, and do your mail stuff there. There are ways of coping with insecure clients, and ways to forward GUIs over the ssh connection.

Could some type of encryption program be carried on a USB drive that might translate the message locally into code?

Yes. GPG again. If you are at a sucky hotel computer, you'll probably want GPG to ASCII-encode the encrypted+signed data, save it to file, and add the file as an attachment. Less convenient than having the mail program encrypt and sign the whole mail. And if you cannot trust the computer you are on, you still have a problem.

Re:Web Mail

[sciurus0]

Portable Thunderbird plus enigmail. http://portableapps.com/support/thunderbird_portable#encryption

Sounds like a honey-pot

[Marc_Hawke]

I guess some of you actually use it, so maybe it does do some legit service, but from the description of the thing it sounds like a great "honey-pot" to me.

1. Present yourself as a way to keep secrets from people.

2. Sell/Give those secrets to the people directly.

Wrong wrong wrong

[starfishsystems]

I've seen several comments already to the effect that we should know better than to trust PGP or other forms of asymmetric encryption.

These comments are misguided.

The crypto is fine. It's just been applied in an obviously flawed manner. Of course if some third party obtains your private key, your should assume that your communications are no longer secure. What part of that is hard to understand?

There way asymmetric crypto is supposed to work, you generate the key pair yourself. Then you give out the public key. You never ever give out the private key.

As an exercise, think about the following scenario. You go to a website which purports to offer some kind of secure service based on asymmetric crypto, using for example PGP keys or X.509 certificates. The site asks you to supply a bunch of identity information. It then generates a key pair for you.

What part of this scenario should you trust? The answer: no part! It's not the function of another party to generate your key pair for you. You must do this yourself. You must closely guard the private key, store it securely, never give it out, and avoid transmitting it in cleartext. Got that? Then your problems are over.

Re:Wrong wrong wrong

[Ghubi]

As an exercise, think about the following scenario. You go to a website which purports to offer some kind of secure service based on asymmetric crypto, using for example PGP keys or X.509 certificates. The site asks you to supply a bunch of identity information. It then generates a key pair for you. The way asymmetric encryption works is the public key is used for encrypting messages and the private key is used to decrypt them. If you are sending identity information to some website then they do need to be the ones to generate the key pair and send you the public key so that they have the private key to decrypt your information. If they are sending sensitive account information back to you once your identity has been verified then a second key pair must be generated by your computer.

Re:Wrong wrong wrong

[lawpoop]

The crypto is fine. It's just been applied in an obviously flawed manner. What about a technology that is theoretically sufficient to accomplished the job it was designed for, but the implementation of such is so counter-intuitive that any human user stands a good chance of thinking it's working when it's not?

In other words, crypto works -- but the problem is getting human beings to do proper crypto.

Re:Wrong wrong wrong

[Jay+L]

Of course if some third party obtains your private key, your should assume that your communications are no longer secure. What part of that is hard to understand?

Duh! I agree - even my grandmother knows the difference between a private key generated on her PC by a Java applet running in a browser pointed to hushmail.com and a private key that's generated server-side and displayed in her browser pointed to hushmail.com.

Oh, wait, no she doesn't.

Re:Wrong wrong wrong

[Stewie241]

sure... but people are overlooking the fact that if you are in to stuff that is serious enough to require this kind of privacy then you really should make the effort to know what you are doing and to do it right.

The average person doesn't know how to do design a bridge properly... but if somebody were to design a bridge, they had better take the time to learn how to do it properly.

So, in this case, before you send sensitive data over the Internet, know the process, or get it approved from somebody you trust (and it might not be wise to trust somebody offering a free service over the Internet)

There are some things that you should be really really really sure about...

Re:Wrong wrong wrong

And, of course, your grandma engages in such exciting activities like steroids trafficking and other matters where the government would have keen interest, right? I mean, doesn't every grandma who can't understand some basic aspects of modern technology?

Server-side Webmail Only!

[pavon]

This only applies if you use their webmail service with server side encryption. They have to have your key in order to encrypt/decrypt server-side, and they have to turn it over to the authorities if they have a valid warrent. It's the law.

If you use their client-side Java applet to do the encryption on your computer - as they strongly recommends that you do - then this is not an issue. Hushmail never see you keys and thus cannot be compelled to hand them over.

Several other sites covered this story earlier in the month all without the crappy sensationalism of slashdot. I first saw it at arstechnica, which linked to an interview with the CEO by wired.

I'm not usually one to hard on individual slashdot editors, but this is the 4th intentionally misleading troll that zonk has posted today. It is crap like this that caused me to not renew my slashdot subscription so many years.

Re:Server-side Webmail Only!

[julesh]

If you use their client-side Java applet to do the encryption on your computer - as they strongly recommends that you do - then this is not an issue.

If they "strongly recommend" this, why is it off by default?

Re:Server-side Webmail Only!

If you use their client-side Java applet to do the encryption on your computer - as they strongly recommends that you do - then this is not an issue. Hushmail never see you keys and thus cannot be compelled to hand them over.

One vector for attacking this would be to force Hushmail to send you Java file with a backdoor.

While client-side caching would keep the proper, secure, version on your machine for a while, it can expire eventually and then you're running the hacked code.

Not sure how feasible this is. (Of course no system is perfect--it could be possible to install a keysniffer on your system to get your passphrase.)

Re:Server-side Webmail Only!

[alyandon]

Exactly. I just surfed to hushmail's login page via a browser I hadn't used before. It defaulted to the insecure non-java login even though Java is enabled in the browser and I received absolutely no warning at all about the feature being insecure.

We new they ratted out a week ago

[Jeremiah+Cornelius]

It was on the Cypherpunks list - then picked up at CRYPTOME.

http://cryptome.org/hushmail-rat.htm

Re:We new they ratted out a week ago

[iminplaya]

And the hits just keep on comin'. It would be silly to ever trust those people(Hushmail and others like them) to begin with. But, as it turns out, your hardware's giving you up anyway.

Caveat emptor

[iminplaya]

Trust no one.

May I assume that the contract has a clause stipulating that they will give up anything "with a court order"?

Re:Caveat emptor

[John+Hasler]

I doubt it. I also doubt that they have a clause saying "If our servers are struck by a meteorite there will be an interruption of service".

Embarrassing??

[samantha]

No. They should be sued into oblivion for clear breech of contract for starters. This is one of the most disgustingly slimey things I have seen in a while. Those that take privacy seriously, which should be all of us, were lied to by a company that was supposed to help. And don't give me that tired "well I have nothing to hide" bullshit. When the government and other busies make it their business to prohibit and/or punish a great number of activities that really are no one's business it behooves us as purportedly free people to limit access where we can.

Re:Embarrassing??

[samantha]

OK, I am embarrassed. They really didn't have much choice except to go out of business given both a fully legal (though it shouldn't be) court order and the fact that the users in question were foolish enough to make their private keys available. I should have read more before firing off. Mea culpa.

Re:Embarrassing??

[Neon+Aardvark]

That's ok Samantha. Just don't let it happen again.

Re:Embarrassing??

[hyades1]

Can I be really old-fashioned for a minute? Hushmail made a promise, then didn't keep it. Perhaps they should have informed the people in question they were about roll over on them. Perhaps they should have told the DEA they'd fight the court order all the way to the top. Perhaps they should have gone to the media, and damn the consequences.

I think your answer was right, and the fact that both the U.S. and Canada seem intent on turning themselves into police states (get a load of what happened to that Polish guy in Vancouver Airport if you think the Mounties are all like Dudley Doright) doesn't absolve Hushmail of their moral responsibility to deliver what they promised or shut down.

Sooner or later we'll have to make some hard decisions about how much we value the rights and freedoms a bunch of elected cowards and fascists have been treating like toilet paper. I, for one, am getting sick and tired of watching a bunch of tight-assed old white men who look like they just swallowed a rancid pickle tell us we're all going to die if we don't surrender everything earlier generations bled and died to protect.

Re:Embarrassing??

[KevMar]

The company had no leverage. Even if they fought it to the end, they still would have lost.

Its not a brach of contract because you can not add illegal stipulations on a contract.

And the company is not allowed to inform the individual that they gave up the keys.

The law overides any right to privacy we think we have. We talk all we want, but when we step up to the law, we have nothing to stand on. The only way we can win is by chaning the law. Even if I do all the encryption myself, they can come to me and ask me for my keys. We just had a news item this week where that was threatened. We cant blame the companies, we have to fix the laws.

If the company breaks the laws, then do the public hanging.

Re:Embarrassing??

[rk]

In fairness to you, both the headline and the summary not only completely failed to mention that they did this only after receiving a legitimate court order from their jurisdiction for the information they turned over, the tone of the title and summary implies that Hushmail just handed over information voluntarily in violation of agreements. The Article is poorly written, but the summary and headline are even worse. In general, I think a lot of people are a little too hard on Slashdot, but in this case, the criticism is duly warranted. The summary as written is borderline libelous.

I'm opposed to the stupid and wasteful "war on drugs"*. But that doesn't mean if I run a network service that drug runners are using I'm going to go to jail for them so they can stay in business, either. If you expect strangers to go to jail for you so you can continue to break the law then you're pretty stupid.

* - My brother-in-law got busted for toking up in September. He's in prison. It's a common story, right? Thing was, when he was toking up, HE WAS IN PRISON THEN, TOO. And he has been since 1991. Now tell me: If we can't keep drugs out of maximum security prisons, how the fuck are we going to keep them out of the country?

Re:Embarrassing??

[russotto]

Even if I do all the encryption myself, they can come to me and ask me for my keys.

They can. But they can't do so without you knowing they are doing so, which is valuable in itself. And if you're sufficiently paranoid, there are steps you can take to limit the damage there.

Re:Embarrassing??

[Antique+Geekmeister]

You are kidding, right? Even a lawyer or doctor have to testify and turn over records with the right court order. One of the few exceptions is a Catholic priest hearing confession, at least in US law, and the attorneys will pick around the edges of the confessional privileges.

Re:Embarrassing??

If you give away your private keys in the first place, it's game over anyway. If they really want it, I'm sure the guvnors could brute force it. Playing devils advocate for a minute, would you really want say Enron to store all it's records in a form unrecoverable by the courts?

HushMail supports spammers

I've been getting text message SPAM advertising a site, whose WHOIS records point to a HUSHMAIL account.

Andy

Re:HushMail supports spammers

[julesh]

I've been getting text message SPAM advertising a site, whose WHOIS records point to a HUSHMAIL account.

Andy

Err.. right. So spammers (who conduct often-illegal activities) are using a webmail service that makes it a little more difficult than usual for law enforcement to get hold of their details.

And you're surprised... why?

Re:By the authorise?

[julesh]

What do you expect when you PRIVATE key is stored somewhere you do not control access to? kind of dumb, if you ask me.

Except, according to hushmail's docs, that's not the case. They may have your private key, but according to the docs, it's AES-encrypted with your passphrase, and never leaves your local machine in any other state. That doesn't seem so dumb.

How did this happen? Fuck knows. It isn't supposed to be possible. Hushmail's system was supposedly designed so that they couldn't do this, even if they wanted to. Perhaps one of them was running with an incredibly weak passphrase and hushmail cracked it on behalf of the feds...? All I can think of.

Entirely secure?

[Pinky's+Brain]

Passphrase encryption is weak shit, also it's trivially easy for them to launch a man in the middle attack ... having a secure and valid keychain is just as important as having a secure private key.

Re:Entirely secure?

[Kadin2048]

Passphrase encryption is weak shit, also it's trivially easy for them to launch a man in the middle attack ... having a secure and valid keychain is just as important as having a secure private key. Huh? The security of "passphrase encryption" depends solely on how hard your password is to guess. Aside from that, it's AES-128, which is perfectly good encryption. If you use a trivially-guessable password, you're sunk. But if you used, say, 19 random ASCII characters, you're at more than 128 bits of randomness. At 50 guesses per second you're still talking about a brute-force time that's 2.15805661 × 10^29 years, based on my quick envelope-back numbers. And if you're at all concerned about the government spying on you, you'd better be using those sorts of passphrases.

(Of course, if you use a single dictionary word or only a handful of ASCII characters, then the brute forcing is trivial, but that's a PEBKAC problem, not a cryptographic one.)

Re:Entirely secure?

[GoofyBoy]

>that's 2.15805661 × 10^29 years, based on my quick envelope-back numbers.

I know this is slashdot but I refuse to define a quick back-of-an-envelope calculation as having 8 significant digits.

Re:Entirely secure?

Then you're welcome to stick with calculating tips for the waiter, and let others handle that scary exponent-thingy that clashes with your pre-ripped and -faded designer duds.

Re:Entirely secure?

wow. you're really fucking stupid.

Re:Entirely secure?

[kalirion]

Your envelopes don't have built-in scientific calculators? What kind of a geek are you?

Re:Entirely secure?

[makuabob]

Sorry, Geeksters, but that number has NINE significant digits, eight of which are to the right of the decimal point.

MOD PARENT UP

Much better article... amusingly, the one that had bubbled to the top on digg about 2 weeks ago.

The principle behind Hushmail is flawed.

That may all be well and good, but the fact of the matter is that the design of Hushmail is flawed.

You never give your private key away to anyone ever. Period. Giving Hushmail a weakly encrypted private key is fishy to start with, but then entering the passphrase to decrypt it in a Hushmail controlled applet is just stupid.

And it's completely unnecessary because there are very good encryption utilities in existence and it's very trivial to set up a system that is a thousand times more secure than Hushmail. How about Debian + KMail + GnuPG? You don't trust Debian enough, because it's a binary distro and who knows what they secretly put in there? Use Gentoo.

Perhaps the tinfoil hat crowd will say things like "but there might be a backdoor in your hardware", but Hushmail wouldn't save you from that. And let's be honest here: no one really believes that anyway.

You may have thought yourself very witty when writing that penultimate paragraph, but the fact of the matter is that in today's world you can actually be as good as sure.

Re:The principle behind Hushmail is flawed.

[rm999]

The users demanded a less secure method because it was more convenient. They got what they asked for. Hushmail made it very clear in the process that they were giving up security, and the users still wanted it. We should be blaming the users for ruining Hushmail's reputation, not Hushmail for following the law.

Re:The principle behind Hushmail is flawed.

I'm guessing that Hushmail told them it would be less secure in a very different kind of way. There's a big difference between "If you use this an adversary could read the email as it's being sent to our servers", and "If you use this, we will give your private key to the government."

Neither one is secure, but there's a big difference.

Re:The principle behind Hushmail is flawed.

[wurp]

Well, my workplace, library, and dad might take issue with me installing a new email client so I can read my email there, which I like to do.

I would absolutely not use Hushmail for information I wanted to keep secret from the government, at least if I thought the gov't might conceivably get a warrant for it.

The fact of the matter is that you absolutely cannot be as good as sure of your security in the world today. The government installs keyloggers. The government puts inline hardware keyboard readers. I doubt that anything shy of WMD is going to get the fabled van outside your house monitoring your EM emissions, but it is practical to do so if they're willing to spend a few $1000s on surveillance.

There are varying degrees of security. For information that I don't want anyone to have access to, but I know the gov't has no reason to issue a warrant on me and the info is not illegal anyway, Hushmail w/applet is a great solution. Hushmail via html is almost no solution at all, because anyone at Hushmail could scam your key, and without doing stuff that someone would almost certainly notice (faking out the applet... someone is going to notice the new download, and decompile, and then they're outed).

I do see one big avoidable hole in Hushmail w/applet: they ask your username before they send you the applet. This gives them the option to send a special broken applet just to the users whose keys they want to lift. It would be just as easy for them to wait until the applet downloads to ask both username and passphrase, and then it would be much harder to slide an applet with borken security in on you.

Re:The principle behind Hushmail is flawed.

[wurp]

Oh, and what in the world makes you say the private key is 'weakly encrypted'? Hushmail uses AES, which is a standard for symmetric encryption. If you've chosen a good passphrase, until & unless there's an algorithmic breakthrough regarding AES, it is essentially unbreakable.

(By essentially unbreakable, I mean it would be far cheaper to install a software or hardware keylogger on your machine than to break it.)

Re:The principle behind Hushmail is flawed.

[crush]

You don't trust Debian enough, because it's a binary distro and who knows what they secretly put in there?

Emmm... WTF!? Debian supplies sources just like every other distro and if you really want to you could rebuild every single piece of it yourself after reviewing the code. Or ... you could just take the reasonable risk that the hundreds of disparate Freedom-loving Debian developers are more likely and more expert at noticing weirdness than you yourself can be. Chances are that a binary version of Debian is more secure than some Gentoo shit cobbled together by an arrogant newbie.

Re:The principle behind Hushmail is flawed.

[garutnivore]

And it's completely unnecessary because there are very good encryption utilities in existence and it's very trivial to set up a system that is a thousand times more secure than Hushmail. How about Debian + KMail + GnuPG? You don't trust Debian enough, because it's a binary distro and who knows what they secretly put in there? Use Gentoo.

Are you going to walk through the source code of your Gentoo applications? Oh, and you can't just limit yourself to walking through KMail and GnuPG because a keylogger could be sitting in the kernel, a kernel module, X or somewhere else. The fact of the matter is that there must be trust as some point and no matter what you do, you can get bitten. Even with Gentoo. The way I see it, the reasonable level of security is attained when a distribution requires all of its packages to be signed by using a private key system that has been deemed secure by the security community *and* uses this information to produce a set of binary packages that can be traced to their source (not only who built those binaries but the actual source code used). If that is done, then it does not matter whether the distribution is binary or source. In either case, you have traceability in the system.

The problem is not source vs binary but whether or not the distribution you use has implemented secure channels of production. And even with that, there's still no guarantee. If someone compromises the servers hosting the distribution or if private keys are stolen, all bets are off.

Re:The principle behind Hushmail is flawed.

[novakyu]

That's why there's such thing as "Portable Apps".

If you are non-technical, you can install Portable Thunderbird on a USB key and any Windows computer modern enough to have USB port (and with enough relaxed security to allow you to run executables from a mounted device) will let you read your encrypted email (Thunderbird supports GnuPG, I think) without having to install anything. If you want to do the encryption/decryption manually, there's probably something like "Portable GnuWin32" of which GnuPG would be a part (I found some discussion here).

P.S. Oh, and yes, government installing hardware keylogger is a real problem. Which is why I always carry a USB keyboard with me. Or better yet, my own personal laptop (and all internet connections are done through a SSH tunnel to a server in secure location).

Always read the disclaimer

The actual disclaimer page isn't even that long. Heck it fits into one page with normal size font. http://www.hushmail.com/login-disclaimer

"Hush Communication Corporation (hereby known as "Hush" or "Hush Communications") does not represent or endorse the accuracy or reliability of any of the information, content or advertisements (collectively, the "Materials") contained on, distributed through, or linked, downloaded or accessed from any of the services contained on this website (the "Service"), nor the quality of any products, information or other materials displayed, purchased, or obtained by you as a result of an advertisement or any other information or offer in or in connection with the Service (the "Products"). You hereby acknowledge that any reliance upon any Materials shall be at your sole risk." Basically, whatever we say about keeping your privacy, we may not mean it.
Lovely.

Re:By the authorise?

Well the same system is supposed to make it so that they cannot reset your password. A friend of mine forgot his pass. It took him weeks. Maybe 5 or 6 weeks of constant badgering and they finally reset it. I never used hushmail again........

Avoid using "services" like this.

[rice_burners_suck]

If you need to email trade secrets, banking information, or any other sensitive information, the way to do this is by learning to use PGP or your encryption standard of choice on your own, and then generate and store your own private keys, and send the emails through any service of your choice, already encrypted.

For added security, send the public key to the other party by postal mail so none of the keys ever see email; only the encrypted content. Furthermore, encrypt the sensitive content between streams of random length from /dev/random, so that anyone trying to crack the encryption will see a bunch of hogwash even if they attempt brute force methods.

War on drugs

[apparently]

How awesome is it that a company's reputation and income has to suffer (potentially unrecoverably) in order to comply with a court order, all in the name of The War on Drugs. Yay America: putting business out of business and restricting citizen's rights to their bodies, all at the same time!

Re:War on drugs

[brxndxn]

Vote for Ron Paul.

Re:War on drugs

Depressingly, all that is true, yet he's still the best candidate, especially where personal freedoms are concerned.

'incorrect', sensational, summary

The company, based in Canada, was issued a warrrant by a Canadian court to hand over information. That information, via an agreement between the two countries, was then given to US investigators who made the original request.

Technically speaking what happened was the alleged criminal was using a more "insecure", but also more convenient, version of Hushmail's product. What occurred was that said individual typed their password/phrase into their web browser and sent it to Hushmail. HM was then able to decrypt the individual's messages and had to send them off to the police as it was legally required to.

Hushmail has a version of their product where the encryption and decryption occurs on the individual's machine via Java. The catch is that you have to wait for the applet to download and run, which it seems the alleged crimincal was not willing to do.

The company was clear in their description of their more "convenient" product offereing: if you give us the key, we can decrypt your message. If you don't want us to decrypt your messages then use the 'more secure' version of our product.

--
I'm not related to the company in any way (not even a customer), just like to set things straight as the summary is a bit sensational.

Even security companies have to follow the law and the courts. If you don't like that live in a place where there are neither.

The situation here is not like the (alleged) AT&T-NSA program. Everything was done above-board.

Re:So? Google and Yahoo do the same

[CaptainTux]

The difference, I would think, would is fairly obvious to most people. GMail and Yahoo don't give you a promise of "unbreakable encryption for your emails" that even the government can't break. There's no question that Google will share your information when properly ask to do so by law enforcement. It's in their Terms of Service. You know what to expect and you use your GMail or Yahoo accordingly.

On the same token, while I am appalled at HushMail's actions, it's for a different reason than most here I suspect. I don't have a problem with HushMail sharing information about customers engaging in illegal behavior with the authorities. Those people don't deserve their activities to be protected - they're illegal. But I DO have a problem with HushMail not disclosing that they're doing it right up front. Now, I've not fully read their ToS so maybe they do but their statements on the website would lead you to believe they aren't.

Really though, why would anyone use a PUBLIC service to conduct illicit activities? Setting up a private mail system complete with encryption is trivial and MUCH more secure.

broader issue

[bcrowell]

This seems to me like an example of a much broader issue, which is the plethora of concerns, including privacy concerns, that surrounds the whole concept of using the browser as a platform for applications. People have been struggling with this forever, ever since Sun and MS first locked horns over Java applets. Over and over, we've seen security holes in IE caused by MS's poor handling of the javascript security model. Over and over, we've seen nonproprietary, multiplatform solutions (javascript, ajax) battling with proprietary ones (flash) and proprietary, single-platform ones (silverlight). In the present situation with hushmail, the problem was that although hushmail had a good, secure design that used a java applet, a lot of people didn't want the hassle of installing a java runtime, so they provided an alternative using JS. But JS isn't fast enough to do encryption, so the encryption had to be done on the server side. Maybe tamarin will help with this kind of thing, but in general, security, privacy, and user control are always going to be serious problems with web applications.

What does it mean...

[Deliveranc3]

That the NSA and CIA are widely believed to have the best hackers and cryptographers in North America.

The most successful hackers have been social hackers... and will continue to be.

Re:By the authorise?

[kdemetter]

If they can reset the password , it means that the emails themselves are not encrypted using that password . Otherwise , resseting your password would result in loss of all your emails .

Re:By the authorise?

[xeoron]

Your first round of decrypted messages are worthless meat eating mammal, for the the party of interest encrypted the messages twice-- once before going into Hushmail and again when Hushmail scrambled it before sending.

Re:By the authorise?

[d7415]

It is if they mean "authorise" (or "authorize"), but not if they meant "authorities", which is what the AC was getting at.

Re:By the authorise?

[Torvaun]

Correct spelling, wrong word. It should say authorities.

Re:By the authorise?

[Kadin2048]

How did this happen? Fuck knows. It isn't supposed to be possible. Hushmail's system was supposedly designed so that they couldn't do this, even if they wanted to. Perhaps one of them was running with an incredibly weak passphrase and hushmail cracked it on behalf of the feds...? All I can think of. TFA is crappy in this regard, there are better articles which explain what happened in more detail. (Full disclosure: I submitted this Wired article to /. but apparently got beaten.)

Basically, Hushmail has two main modes of operation. One of them is (reasonably) secure, the other is a trainwreck.

In one mode, the 'secure' one, you -- the user -- access their site and download a Java applet to your browser, which contains the OpenPGP encryption engine. You type your emails, they're encrypted on your machine, and sent to the server that way. Hushmail never, at any point in the operation, knows the password to your private key.

Now, because a lot of people use browsers that don't support Java, as of a few years ago, Hushmail came up with an alternative, which doesn't require it. Instead of using a Java applet, it works like a regular HTML/HTTPS webmail system, and all the encryption is done on the server. This means you don't need to be able to run the Java applet on your client machine.

However, and this is the crucial part, when you use this second mode even once, you expose the passphrase to your private key to Hushmail. And that's how they could decrypt all the messages. Once a person used the insecure service, they had basically sold themselves down the river. Hushmail had their passphrase, and from there could decrypt their private key, and from there get at all their messages. (Or at least their incoming messages; I don't know whether Hushmail encrypts outgoing messages to the sender's private key as well as the recipient's.)

From what I can tell, if you used Hushmail and were careful to always use the Java-based service, you wouldn't necessarily be vulnerable to this sort of attack. Since Hushmail wouldn't have your passphrase, the most they could do would be to hand over your encrypted messages and encrypted keys to the Feds, who would then have to try to brute-force your private key. (Meaning, everything would rest on how good a passphrase you used...)

Of course, any time you're depending on a downloaded applet for encryption, you're at the mercy of whomever you're downloading it from ... there's no reason (other than it being more difficult) that Hushmail couldn't be forced to "poison" their Java applet, or backdoor its encryption engine. Unless you're going to examine the code yourself each time, you have no way of really trusting it. But that's a lot more technically difficult than just grabbing the password from the server-side decryption engine, which appears to be what they did.

Re:So? Google and Yahoo do the same

[hairyfeet]

Only problem with that is this-have you ever seen a federal law book? Or one for an average state? Not to mention all the "we can do it because of national security" crap. The simple fact is, ready for this- EVERYONE IS DOING SOMETHING ILLEGAL!!! If they look through the books they can find SOMETHING you have done which would break a law. So why should this email bunch even bother with encryption? And why would anyone trust this email bunch again?

I know it is more of a PITA, but there is a good reason why open source crypto like PGP exists. Encrypt it yourself, that way only you and the person YOU share the key with will be able to read it. Thats my 2c,anyway.

Re:So? Google and Yahoo do the same

[Scrameustache]

I don't have a problem with HushMail sharing information about customers engaging in illegal behavior with the authorities. Those people don't deserve their activities to be protected - they're illegal. Things can be made illegal at a whim or your masters. Be wary of allowing them to dictate what is and is not right.

Hushmail isn't secure - they use Outlook!

[fluffy99]

Would you trust a secure webmail company that uses Outlook? This certainly looks like a printout from Outlook to me. http://blog.wired.com/27bstroke6/files/hush_klp.pdf

Re:So? Google and Yahoo do the same

The difference is, google and yahoo do it without cause. Your mail is advertisers' wetdream, orgasmic even. You think googlemail exists because . . . right, because it gives advertisers primo targets.

Hushmail

[b1ffster]

I sent someone who shall not be named a hushmail and I hope they stand by their conviction and deny all attempts to get details. It's personal and has not in any way been criminal or civily prosecutable in nature. (#18826893) and BTW all charges are being dropped - according to my ex :P BITCH!

Re:By the authorise?

Or they could just encrypt your password at runtime with their own secret key and send it to themselves along with the emails.

The key to encrypted communications

Is to only ever decrypt a message on the receiving client.

When I log into the server and give it my user name then it should pass my client back my encrypted private key and a message encrypted with my public key. Authentication is when I give the plain text message back to the server encrypted in it's public key. This proves I am who I say I am without giving the server the ability to decrypt any messages.

The server should only know enough to route a message between the appropriate clients. Even the subject of a message should be encrypted.

Re:By the authorise?

[julesh]

Of course, any time you're depending on a downloaded applet for encryption, you're at the mercy of whomever you're downloading it from ... there's no reason (other than it being more difficult) that Hushmail couldn't be forced to "poison" their Java applet, or backdoor its encryption engine. Unless you're going to examine the code yourself each time, you have no way of really trusting it. But that's a lot more technically difficult than just grabbing the password from the server-side decryption engine, which appears to be what they did.

The applet is signed. They could make themselves invulnerable to this attack by wiping the key they signed it with. This would mean if they ever have to introduce a new applet, it would have a different certificate associated, and users' browsers would prompt them again whether they wanted to trust the applet. Knowledgeable users would then know not to trust the new applet until they'd confirmed that it was trustworthy (e.g. by decompiling it and comparing to the publicly available source code for the official applet).

Not the entire story..

Hushmail is still very secure if you use their Java applet to generate your keys, that way key is on your system not Hushmail's server. If you do it through the page they store your keys on their server making it possible for them to be subpoenaed for it. There is a warning on the page about this, but I guess it needs to be in huge bold letters in order for people to actually read it.

Nothing Matters But Trust

[anorlunda]

It is impractical for just about any of us to audit the claimed security of any provider, public or private. You can't be sure that they really provide the safeguards they claim. Unless you're an encryption genius, you can't even examine open source code to verify that it is secure and doesn't have weaknesses.

I don't personally know the principle employees of Hushmail or of any other security service providers, nor do I personally know Phil Zimmerman or any other authors of the encryption software. For all I know, these companies and individuals could all be fronts for the NSA.

I also fail to see how other posters to this topic can claim that the technology is rock solid? How do they know? How do I know if they too are fronts for NSA?

So what am I left with. Nothing but trust. If I trust the provider, then their technology is irrelevant. If I don't trust them, then their technology is irrelevant. In this instance, Hushmail has proved that they are unworthy of trust.

if you read your mail...

[m2943]

If you use a company that promises to hide your messages from the government, you can be sure that that's the first place the government looks!

Re:So? Google and Yahoo do the same

[shaitand]

'Those people don't deserve their activities to be protected - they're illegal.'

They deserve to have their activities protected unless those activities are wrong and it really isn't for Hushmail to say whether or not they are wrong. Illegal really has nothing to do with it. Many things were illegal in Nazi Germany or are illegal in China, or Russia, or the United States, or that doesn't mean they are wrong or immoral. Many laws are innately immoral.

Unfortunately many people forget that even a democratic government is an entity in itself with interests that differ from yours and from the actual citizenry. Even if the books weren't filled with preposterous laws that would make criminals of good decent and ethical individuals total law enforcement would be a bad thing.

Corrected that for you, no tip required

[This+Rhino+Flies]

.....Oh, and only read email on the device in an opaque faraday cage, with a tinfoil hat.

Re:So? Google and Yahoo do the same

[Mawginty]

I don't have a problem with HushMail sharing information about customers engaging in illegal behavior with the authorities. Those people don't deserve their activities to be protected - they're illegal.

The problem with that reasoning is that the authorities don't necessarily know that you're up to no good before they read your email. That's the entire reason they are reading your email, they want to find evidence of illegal activities. That in and of itself should tell you something: innocent people will have their emails read because they look suspicious. We only find out about the times when they find something because those are the only people they charge and bring into court.

Really though, why would anyone use a PUBLIC service to conduct illicit activities? Setting up a private mail system complete with encryption is trivial and MUCH more secure.

HushMail IS private. It is a private entity providing an encrypted email solution by contract. This is not the U.S. Post Office (which, by the way, has much more protective privacy laws for some reason). I suspect you mean, "Why would anyone share confidential information that relates to illicit activities with a third party?" I think the answer is exactly what you pointed out: HushMail bills itself as a provider of private email. As such, there was a reasonable expectation of privacy in the communications. That should bring it within 4th Amendment protection (although I doubt any court will hold so).

That's been recommended to me, but I can't do it.

[Grendel+Drago]

I just can't imagine sticking my PGP key and passphrase anywhere near my web browser. Sure, I use NoScript and all that jazz, but browsers are some of the most insecure programs in existence. Encryption keys are supposed to be kept as secure as possible; it strikes me as insane to let them touch the swiss-cheesiest app on the machine.

Re:So? Google and Yahoo do the same

[PopeRatzo]

Encrypt it yourself

Mark my words, there's going to be an effort to make any personal encryption illegal. I know all the arguments about why this "can't happen" and why we'll all be able to get around any law regarding personal use of encryption, but that's not going to stop the government from trying to outlaw it. And it's going to happen under the guise of "fighting terrorism". Further, it doesn't really matter if Mrs Clinton or Rudy Ghouliani become president. Either one will try to outlaw personal use of encryption. I'm not one of those people who believe there's no difference between the two political parties, and I don't believe any of the other Democratic candidates would go this way, but my sense is that Mrs Clinton is as enamored with secretive authoritarianism as any Republican corporatist.

Now, to be fair, Hushmail was probably pushed pretty hard by the NSA or FBI or DOJ to give up the PGP keys. They're trying to make a go of their little business and some alphabet outfit comes and basically lays it out that they can either play ball and let go of the keys or cease to exist. They couldn't even go to court to fight it because the government just has to say that "national security" is at stake and the case is thrown out. That's how bad it's already become.

But still, any provider of online communication services who does this must be given the consumer death penalty. It may be unfair to boycott a company that is otherwise good when they come up against this type of government bullying, but if we don't make a stand, every single company we rely on is going to fold to the government. We have to let any company that is going to handle our information that giving up our stuff without a warrant means they lose their customers. We're going to have to be every bit as ruthless as the corporate power establishment that is masquerading as our government.

If any of you have Lexis/Nexis, just take a quick look at the unbelievable acceleration of the destruction of our constitutional freedoms that has happened in the last 7 years. Although there's always been a push/pull in this kind of thing (after the Nixon years, the pendulum swung the other way for a while, with many laws protecting our freedoms shored up by congress), there's never been an administration that has been so outright hostile to our Constitution, and never has there been a court system so willing to acquiesce to the "Unitary Executive". If you look at the current makeup of the Supreme Court for example, we have a majority of activist, anti-freedom, reckless justices from the Chief on down. It's chilling. If Bush gets one more appointment, it's game over for at least three generations. Even without one more appointment, the Court has never been this hostile to personal freedom and willing to lie, twist and simply ignore our Constitution.

It's time that we take privacy and our freedoms into consideration with every decision we make, especially the economic ones. My wife and kid and I have already decided to make every effort to subvert the consumerist agenda that is being forced down our throats. Instead of borrowing to spend, we save. Instead of investing in the corporations that are our adversaries, we invest in family and neighbors. No carrying balances on our credit cards. No home equity loans to take vacations or buy HDTVs. Interestingly, our standard of living has improved. And when a company is hostile to our interests, we don't do business with them, and we encourage all our friends to stop doing business with them too. We're rooting for a horrible xmas buying season. When we heard that consumer confidence fell dramatically, we cheered because it means people are waking up. Once we realize that corporations use the same FUD to keep us buying and borrowing that the government uses to get us to give up our freedoms and privacy, we learned that there are worse things than a downturn in the economy - especially since the current economic model is feeding on midd

Don't forget authentication.

[Grendel+Drago]

Don't forget that you have to verify your public key out-of-band with anyone who you want to communicate with, and vice versa. If not, you can quite easily be man-in-the-middle'd.

Re:Don't forget authentication.

[starfishsystems]

Well, that's why there is a higher-order authentication framework within both PGP and X.509. This is necessary whenever two parties not previously known to each other need to establish identity with each other.

X.509 certificates are signed by a Certificate Authority whose identity is presumed trustworthy. PGP keys operate on a ring of trust where peers vouch for each other.

In both schemes there is necessarily a dilution of trust as you move further away from the point of contact. And there are not good metrics for this dilution. But in terms of the obvious MITM the problem has been solved for a long time now. We're looking at more nuanced issues now.

That's not the same at all.

[Grendel+Drago]

Trusting that Hushmail isn't doing wacky things with information you send them is a far, far cry from trusting that there are no backdoors built into PGP. You have only Hushmail's word to go with in the former case, but PGP and GPG have both been extensively audited and reviewed; you (or more accurately, someone with the time and inclination to do so) can look at the code from top to bottom, which isn't the case with a web-based service like Hushmail that you're trusting with your goodies.

Re:That's not the same at all.

[anorlunda]

I think that you forget that the whole point of encryption is paranoia. So PGP and GPG have been extensively audited; that only helps if I have reason to trust those auditors.

I repeat my point. Unless you have the time and the qualifications to personally audit, validate and verify any security claims, you have to trust someone else. It's not about technology, it's about trust.

Re:That's not the same at all.

[nagora]

Unless you have the time and the qualifications to personally audit, validate and verify any security claims, you have to trust someone else.

No it's not. In this case it's about effort and value. YOU can audit GPG. If you choose not to then that's not about trust, that's about you judging the relative value of your security needs and your time.

TWW

Re:So? Google and Yahoo do the same

[TempeTerra]

In principle I agree with you, but I think there is the same problem with focussing on immorality as there is on illegality. Standards of morality differ, and what's worse is that when something is 'immoral' people get much angrier than when something is illegal.

Prostitution, for example, varies widely in whether it is considered illegal or immoral. I would be appalled if supposedly secure communications could be seized because they contained evidence of consensual sex for money.

The only position I find tenable is that secure communication must be considered a right of free people. Yes, that means that the murderers, child molesters and terrorists will have it too, but the alternative is that nobody has secure communication.

Certainly there are technological solutions, such as proper use of encryption. But because of cases like this I would like to legal and social support for the right, such as laws making communications that were 'reasonably believed to be secure' inadmissable as evidence. I would also love to hear a group like the NRA saying that the right to secure communication is as essential as the right to bear arms. It certainly is in my mind.

If you trust big companies

[kcredden]

then don't go crying when the give it to you in the end, for they will. Companies are only interest in their bottom line, and if it means shafting their customers, they will (Think RIAA). If I was transmitting an e-mail with any sort of encryption, I certainly wouldn't use a company to do it. I'd use PGP (of some sort) and standard e-mail. I'd also go the extra step of wrapping the e-mail and past it into an e-mail. Convenence to some means all or nothing. - Kc

The first mistake...

[e-scetic]

The first mistake was probably to have the servers on US territory. If your servers are on US territory there's no way in hell your emails are secure from the government.

The second mistake was not fighting the court order. What, just roll over? That easy? Goddamn.

I'm no expert but I'm sure there are ways to distribute the data around the world in such a way that, if served with a court order in any one place, the data you're forced to provide is useless.

Also, witness the fact that Google challenged those court orders to provide log data. Ultimately, the log data was not useful to law enforcement because they didn't connect search terms to IPs. Google had gone out of its way to make sure this information was not available, the only way they had available was to simply not record this information. Hushmail could have done something similar, simply refuse to offer an app which would have private keys stored on their servers.

Come to think of it, it's very odd.

Heh, tinfoil hat time...

[e-scetic]

Check out this user testimonial from their site:

"Hushmail has been tremendously useful to me and to others I know in the Middle East." Read more from Hush users!

It's like they're trying to attract terrorists! GEE, I wonder...

Re:This is nothing more than another example and .

[fbjon]

They're not actually claiming that one thing you think. They have two products you see, one secure, and one lame and convenient. This is unsurprisingly about the lame one.

Re:So? Google and Yahoo do the same

[Deanalator]

Calm down. No need to be appalled. If you look into it, you will see that the account owners intentionally disabled the "troublesome" secure interface (enabled by default), which hushmail discourages. They also inform you of exactly what that means when you do it. This article is FUD designed to scare people away from using a really good free service.

Re:By the authorise?

[caluml]

It's all because of this (now) irrational dislike of Java. Guys, it's not bad any more.

Yeah, right

[SteveFoerster]

So what can we learn from this? First, don't do illegal things (and use Hushmail or anything else).

This smarmy advice sounds great until you start talking about dissidents in totalitarian countries trying to get the word out about what happens there.

Re:Yeah, right

[justzisguy]

The dissident in the totalitarian country is always used to justify anonymous systems, but that is not what we're talking about here. Hushmail is not giving up records on users spreading The Word(tm) from Burma/Myanmar. They're complying with the British Columbia Supreme Court, in Canada (not a totalitarian state), which doesn't routinely cooperate with these scummy regimes. This is not an unreasonable search & seizure; the law enforcement had to present proper evidence to a court (series of courts, really) and only then did Hushmail cooperate. Kudos to the CTO for being so upfront and honest about the situation.

You're almost right.

[Poromenos1]

Just one minor mistake, if they hand the encrypted mails to the feds, it doesn't matter how good your passphrase is, since it's only used to encrypt your private key (which they don't have anyway). So it would only depend on the size of the key you selected when you generated, which is pretty secure even for small keysizes (I think PGP's lowest keysize is 1024 but I only use 4096 anyway, it's not like modern processors can't handle the 256 bits it encrypts with it).

So yeah, if what you say is true, you'd be almost invulnerable if you had only used the java applet (assuming it didn't send your private key to Hushmail anyway). Why go to all this trouble though? Just get Thunderbird with Enigmail and you're set, without any third parties to fear.

But that doesn't make any sense.

[Grendel+Drago]

You're mushing two things together which are massively different in scale, if not in nature. Total paranoia is utterly useless; there are different levels of likelihood for a security breach depending on what you do. If you transmit data in plaintext, it's possible that nobody will be paying attention. If you use GPG, it's possible someone is TEMPESTing you to get around that. We use different methods to achieve different degrees of security. Lumping everything you didn't make from scratch yourself into "it's about trust" is silliness.

Seriously? It's the default?

[Kadin2048]

I think it's pretty damning for Hushmail if the insecure option is the default.

It's one thing if they offer the server-side, non-Java implementation as an option for people who just can't use the secure one, but it's quite another to offer a supposedly "secure" service and then make the insecure version the default.

I was ready to write most of this off as sloppiness by people who should have known better, but if Hushmail makes the non-Java version the default for new accounts, and makes you go into "Advanced" settings in order to enable Java and get real security, they're really not delivering what they're advertising.

Voltage Security Network as an alternative

If you want something that is easy to use and doesn't store any messages on the service, the Voltage Security Network (http://vsn.voltage.com/) is a good alternative. It's based on IBE (Identity Based Encryption).

PGP, GPG, etc. barely works for us geeks, but if you want to be able to send secure encrypted email ad-hoc to anyone (i.e. dad, grandma, your accountant), without the recipient needing to install anything or get a password from you, Identity Based Encryption is the way to go.

Here's the DEA's depostion

Detailed here back in October.
https://www.w4ck1ng.com/board/showthread.php/secure-hushmail-6246.html?p=26237#post26237

Additionally here's the DEA's case
http://static.bakersfield.com/smedia/2007/09/25/15/steroids.source.prod_affiliate.25.pdf

Re:So? Google and Yahoo do the same

[shaitand]

'Standards of morality differ, and what's worse is that when something is 'immoral' people get much angrier than when something is illegal.'

True enough, that is why I don't believe in legislating morality. Not all things that are illegal are immoral and the laws should reflect what is needed for a stable and functioning society not what is needed to punish immorality. I believe that juries as originally empowered (with the duty to determine if the application of the law in a case is just, not merely whether the defendant violated it)are the best method available for discarding cases where applying the law is also immoral.

'But because of cases like this I would like to legal and social support for the right, such as laws making communications that were 'reasonably believed to be secure' inadmissable as evidence. I would also love to hear a group like the NRA saying that the right to secure communication is as essential as the right to bear arms. It certainly is in my mind.'

Agreed, and for many of the same reasons. That is one of the flaws in our corrupt two party system (how did they con people into believing a couple dozen independents is 'one party' and that only giving them two choices was somehow more?) one party supports free speech but would leave citizenry unarmed and at the mercy of the police state and the other claims they should be armed (for hunting) but supports every other aspect of the police state.

Vote from the rooftops

[Clay+Pigeon+-TPF-VS-]

It would be a shame if their CEO happened to "disappear"...

Privacy is a right to exclude

[Valdrax]

I differ with you on this. The value of privacy is in the security it provides you -- the "right to be secure in [your] persons, houses, papers, and effects." It's, in many ways, a right to exclude, like property. The very violation of that right to exclude is a form of trespass without the need for someone to abuse that violation further.

The other problem here is that you will most likely never know what someone has done with information gleaned from your personal papers and effects unless they do something public with it. That doesn't mean that they haven't done something harmful to you. The lack of security over one's own secrets means that one may be restrained from doing something that isn't wrong but is illegal and from doing things which aren't even illegal but are disapproved. That's an unconscionable restraint on liberty.

Re:Privacy is a right to exclude

[TheVelvetFlamebait]

Absolutely, you're right. It's just that privacy is a kind of paranoia, and it's worthless if, in a purely hypothetical world, no-one was interested in using or remembering your information. But I don't think that the fact that the Government is trying to find out more about you is proof that they're out to get you. I especially don't think that the fact that the government collects certain encryption keys from privacy services is proof either. It's more like an overt act, rather than the crime itself. To truly justify your paranoia, rather than do what most people do, which is to refuse them the benefit of the doubt, there has to be cases where the government actually uses private information in a way that completely oversteps their bounds (i.e. not while investigating something you've done illegally).

You can expect them to FIGHT it.

[Valdrax]

No mater how secure a company claims to be, you can't expect them to not fallow the law.

I'll assume you meant "follow." This is true. However, we have absolutely no evidence that HushMail attempted to FIGHT this order. This should have made a big stink about it and tried to come up with ways to protect their users both technically and legally, but instead they just rolled over and tried to keep it quiet to avoid letting it hurt their bottom line.

They lied to their customers by pretending to offer them a security that was as ephemeral as their own spine.

Re:You can expect them to FIGHT it.

The fuck are you talking about? They still protect me from indiscriminant wiretapping.

To get a court order you're going to need probable cause and an ongoing investigation. These don't happen by accident.

Further, if they abuse the court order there's an appelate court where you can get the evidence throw out,

Honestly, I have no idea what the fuck you expect from Hushmail.

Don't break the law and this won't happen to you.

Re:By the authorise?

[totally+bogus+dude]

Your emails are encrypted using your private key, not a "password". The password (or passphrase) is used to unlock the private key. It's perfectly possible to change the passphrase required for your private key without damaging your ability to read or send your emails. It's still the same key, it just needs a different pattern of bits to be able to use it.

Of course, they shouldn't have the ability to reset your key's passphrase. Maybe it took them 5 weeks because they had to brute force it? :)

Re:So? Google and Yahoo do the same

[mollymoo]

I don't have a problem with HushMail sharing information about customers engaging in illegal behavior with the authorities. Those people don't deserve their activities to be protected - they're illegal.

They're suspected of doing something illegal, which is a highly significant difference. Any innocent person (including you and me) can be suspected of doing something illegal just by being in the wrong place at the wrong time.

I agreee with the rest of your post, I just felt the need to draw attention to that point.

I don't do E-mail.

At all.

Its Very Simple

[EEPROMS]

If you want privacy "dont use any American companies services". The reality is any information services provider based inside the USA has to hand over records to the US Government even without a warrant at any time. Thus any private details are as secure as if you kept the same records within any other authoritarian state (China, Burma, Vietnam etc). I would not even be surprised if Hush mail has a black box router hooked into their service cloning all the data and routing it to the NSA in the name of "National Insecurity".

Re:So? Google and Yahoo do the same

[Lordrashmi]

I encourage anyone who cares about privacy (and many other issues) to look into voting for Ron Paul.

http://www.ronpaul2008.com/issues/privacy-and-personal-liberty/

No, of course he isn't perfect but atleast he is different.

You are troll of the month and I claim my $1 prize

[mikehunt]

It's really sad to see this drivel modded up as 'informative'. The only thing I see in this posting is
a clear demonstration of the poster's lack of knowledge.

Shame on those who modded this up!!

The fact of the matter is that relying on a third party to provide security for your communications
is at best naive and at worst stupid. There are simple ways to use computers for secure communication
and some of them do involve PGP. However, just using strong cryptography leaves a communications fingerprint
which is likely to draw attention from all the people and organisations that the encryption was supposed
to short-cut in the first place.

In short, anyone who was using hushmail for anything really important should be preparing for the knock
on the door...

Re:That's been recommended to me, but I can't do i

[DMUTPeregrine]

The following is inexact, but illustrative. FireGPG just calls GPG. You click encrypt, it sends the text to be encrypted to GPG, you enter your passprhase in GPG, and GPG encrypts it and returns it to FireGPG, which puts it into the e-mail in place of the plaintext. Enigmail for Thunderbird works the same way.

The Compact

[Burz]

http://www.bbc.co.uk/dna/h2g2/A25871141

Re:The Compact

[PopeRatzo]

Hey, thanks, Burz. I had no idea this was a whole movement.

My wife and daughter have already started going the "Goodwill" route, buying clothes from resale shops or making it themselves or buying directly from artisans. I came of age in the punk rock days, so I actually have some experience in creating a personal fashion statement from culture's castoffs.

But it's not so much that I want all corporations to collapse, just the ones who are acting against the best interests of their customers. Unfortunately, that's a big slice of the pie.

When someone goes out of their way to send me some valuable information, as you have, I consider them "friend".

Re:So? Google and Yahoo do the same

[Anti_Climax]

If you give me six lines written by the most honest man, I will find in them something to hang him.

- Richelieu

is S/MIME email encrypted by Thawte any better?

[illogic]

I heard about this a few days ago, when I was in the process of trying to figure out the easiest way to encrypt my mail using Apple's Mail.app on Leopard. Most everyone writing online recommended using S/MIME instead of GPG, and getting a no-cost certificate from the South African company Thawte to use for signing as well as encrypting email.

The question I could not answer is how trustworthy is this Thawte-issued "certificate"? One blogger claimed that the key was actually generated in my own browser, and then only the public key transmitted to Thawte to store, thereby theoretically keeping my private key private. But this is certainly not how it appeared. I submitted a "request" for a certificate and then 5 minutes later it was emailed to me from Thawte as an attachment, which was picked up by Keychain and that was that. As far as I could tell, they generated my key for me.

Is encrypting my email this way vulnerable to the same flaws as the Hushmail service? I really don't trust Thawte to keep whatever information they might have about me away from the Feds, if they ever came knocking. Hell, I don't even know if Thawte IS the Feds! If this certificate-issuing system is indeed flawed, can anyone recommend a better process to use strong encryption with Leopard's Mail?

Re:is S/MIME email encrypted by Thawte any better?

[stinerman]

As long as no one but you has your private key, you'll be fine.

I'm not familiar with Mail.app, but I have to believe they'd have some sort of integration with PGP/GPG.

Re:is S/MIME email encrypted by Thawte any better?

[Sloppy]

Most everyone writing online recommended using S/MIME instead of GPG,

S/MIME is quite a bit worse, simply because an identity can only have one certifier. At least with OpenPGP, you can get multiple certs, thus requiring a conspiracy in order to do a MitM.

Whoever recommended you use S/MIME instead of GPG, probably considered security to be a very, very distant second priority, compared to some other value (probably Mail.app compatibility; I have that program here at work, and I don't see any OpenPGP support in it).

The question I could not answer is how trustworthy is this Thawte-issued "certificate"?

That's indeed a problem. You don't know. You probably don't know the name of a single person in that company, and you don't know their policies for protecting their signing key. Of course, at least you're asking (which is extremely cool and wise), but you're not going to get an answer.

For all you know, they might be vulnerable as Verisign. And with S/MIME, that means there is a single point of failure which can allow MitM.

Re:is S/MIME email encrypted by Thawte any better?

[illogic]

Thanks for the Verisign links, they were (frighteningly) informative.
I guess I'll wait until the GPGMail plugin is Leopard compatible. I was pretty impressed with Mail.app otherwise, but perhaps I'll just have to go back to old "reliable" Thunderbird, its Enigmail extension seems well-regarded.

"Whoever recommended you use S/MIME instead of GPG, probably considered security to be a very, very distant second priority"

I guess you must be right... but I wondered as I was reading such guides... what other priorities could there be?

Re:So? Google and Yahoo do the same

[Almahtar]

And that's why Ron Paul gets my vote.

Example of illegality

[Anonymous+Bullard]

'Those people don't deserve their activities to be protected - they're illegal.' They deserve to have their activities protected unless those activities are wrong and it really isn't for Hushmail to say whether or not they are wrong. Illegal really has nothing to do with it. Many things were illegal in Nazi Germany or are illegal in China, or Russia, or the United States, or that doesn't mean they are wrong or immoral. Many laws are innately immoral.

In China rule by a fascist (i.e. capitalist/national socialist dictatorship) one-party clique, the use of encryption by "citizens" is strictly forbidden. Some people do use GPG, but at a risk of being detained at the regime's whim. Most ethnic Chinese consider themselves "historically conditioned" to complying with their regime's rules and restrictions, as long as they themselves and their empire grow richer. However the Chinese regime is also holding several non-Chinese peoples (in Tibet, Mongolia and East Turkestan) under brutal and even genocidal occupation since the communist dictator Mao ordered his communist army to invade their territories immediately after seizing power in China in 1949 (after the USA had defeated the Japanese who had occupied parts of China, Manchuria and Mongolia until 1945).

In order to wipe these non-Chinese nations off the map in eternity, Mao's regime embarked on systematic "Final Solution" plan which involved ripping off these nations' natural resources for exploitation by the ethnic Chinese "master race" and building up a massively militarized Chinese-controlled police state.

In Tibet over a million Tibetans have perished after their country was turned into a one huge gulag, with hundreds of thousands suffering from torture and rape before dying. The Chinese-built road, rail and air transport infrastructure aimed at relieving Tibet from its great natural resources is also used for settling massive numbers of Han-Chinese migrants in the Tibetan territories, leaving Tibetans increasingly in a minority in their own country! Meanwhile Tibetan culture, language, religion and history (all completely non-Chinese) are being systematically wiped out in order to permanently stamp Tibetans as an inferior and backward "Chinese" untermenschen (sub-humans) without proper identity.

Now, according to the "law" written by the occupying Chinese "communist party" clique, it is illegal to discuss any matters which might somewhow give legitimacy to Tibetans' calls for actual self-rule. But since the Tibetans' 2000-year-long independent history, language and its sanskrit-based script (distantly related to Hindi), old Buddhist religion originally from India and their unique fusion of south and central Asian culture and identity are all inherently non-Chinese, practically any talk of native Tibetan affairs can be ruled to be "splittism", with punishment familiar to the victims of Stalin and Hitler.

A few months ago, on August 1, a Tibetan man named Ronggyal Adrak walked on the stage during a massively policed Tibetan "cultural event" in the Tibetan province of Kham and called for the Dalai Lama (equivalent to Pope to Catholics) to be allowed to return to Tibet from exile.

"When I shouted 'Long live the Dalai Lama' and called for the release of Tibetan political prisoners, I was detained and then formally arrested." "The main reason was that there is nobody in Tibet who does not have faith in, loyalty to, and the desire to see the Dalai Lama," he told the court. "On the contrary, the Chinese government sends out propaganda saying that the Tibetans inside Tibet have no desire to meet him and have lost faith in him." "That is wrong, and we have no freedom to say so." The judge told Ronggyal Adrak that his crimes were "very severe."

Details of his imprisonment and the secret Communist Party "court" ruling only leaked out because his case was an unusually

Re:Example of illegality

[jack_csk]

In China rule by a fascist (i.e. capitalist/national socialist dictatorship) one-party clique, the use of encryption by "citizens" is strictly forbidden. Not necessary. As far as I know, companies are using VPN, and HTTPS is still the way to do online shopping in China.
Unless you have a different understanding of citizens, the term that you quoted.

Re:Example of illegality

[Anonymous+Bullard]

Does this stating-the-obvious clarification help?

The use of encryption by "citizens" *without providing the regime with the keys* is strictly forbidden.

Private "citizens" under the rule of the Chinese Communist Party are not allowed to hide their communications from that regime. Mere unauthorized possession of encryption tools equals intent to commit a crime against the regime by the CCP kangaroo courts.

Some foreign firms undoubtably use unapproved VPNs to have a secure link overseas and perhaps the Party now allows some large foreign businesses to do that "legally", but that has zero relevance regarding the rights of the "citizenry" (both the Chinese and their occupied neighbors) or the prevalent abuse of the Chinese "law" in suppressing dissent or even thinking about dissenting.

Domestic shopping via HTTPS is allowed (using regime-approved keys)... now there's a wonderful example of human rights with Chinese charasteristics!

Re:By the authorise?

"Not supposed to be possible" by even Hushmail by design is not "true" - you may be thinking ZeroKnowledgeSystems's network of old, which closed shop shortly after September 2001.

Re:So? Google and Yahoo do the same

[JCWDenton]

Like the others I would suggest looking at Ron Paul. I think he is very compatible with your beliefs.

There's always #RonPaul on freenode if you have any doubts.
http://www.expertvoter.org/
http://www.youtube.com/watch?v=yG2Ra_eI680&NR=1
http://www.youtube.com/watch?v=O6t_H69yOKE
http://www.youtube.com/watch?v=J3xovHYYOrg
http://www.youtube.com/watch?v=JHS_y94H1Dk&NR=1
http://www.youtube.com/watch?v=yG2Ra_eI680&NR=1
http://www.youtube.com/watch?v=V3Kuf9a4SQ4
http://www.youtube.com/watch?v=9UuivYdiS5w
http://www.youtube.com/watch?v=yCM_wQy4YVg - Google interviewing RP
http://www.youtube.com/watch?v=FmKwlE3fO-Y - Google summary
http://www.youtube.com/watch?v=_8pLpI5rzKI
http://www.youtube.com/watch?v=efrt2h1AH_A&NR=1
http://www.youtube.com/watch?v=vP5ON9jjoLc&NR=1
http://www.youtube.com/watch?v=jyUcrBQIiJI
http://www.youtube.com/watch?v=pwJKGfAWQUo
http://www.youtube.com/watch?v=mK-_x2l9aM8&NR=1
http://www.youtube.com/watch?v=ev4AEyac10o
http://www.youtube.com/watch?v=O2KU02lsfH8 O'reilly, Malmedy
http://www.youtube.com/watch?v=zex8uW_9pqo
http://www.youtube.com/watch?v=styYIG-fiEc
http://en.wikipedia.org/wiki/Political_positions_of_Ron_Paul
http://www.youtube.com/watch?v=zJrtUpptYGE&NR=1
http://www.youtube.com/watch?v=Kll9-nR4uVs - Land of the Free
http://www.youtube.com/watch?v=7Rh6KIRflYg&feature=related
http://www.youtube.com/watch?v=bdx9803IEgE&feature=related
http://www.youtube.com/watch?v=emPzgtywYNU&feature=related Ron Paul's Fight For Freedom
http://www.youtube.com/watch?v=RWmWlhBtA-w&NR=1 - Summary
http://www.youtube.com/watch?v=yAwvlDJgJbM - Ron Paul Schools Ben Bernanke Again
http://www.youtube.com/watch?v=sJUXIb27AOI
http://www.youtube.com/watch?v=ZQ3T5REZ11Q&NR=1 Ron Paul Mops the Floor with CNN Anchor (05/20/07)
http://www.youtube.com/watch?v=Wmc60JmaLbE "The Constitution is just a piece of paper" - G.W. Bush (CIA)
http://www.youtube.com/watch?v=TzLidmu_UpY&feature=related - Ron Paul Debates Federal Reserve

important email usage safety tip ..

[rs232]

Never put in an email something you don't want your mother or the police reading ... :)

Re:So? Google and Yahoo do the same

[donpeyote]

im not sure if anyone here knows Jose Saramago, he is a Portuguese Nobel Prize, and he wrote a very nice book, called "Ensaio sobre a Consciência", in English maybe its something like "Essay on conscience" and he created a fiction history about a country, where, 80% of the population voted in blank. the government said something was wrong, there was someone or something trying to manipulate the citizens, so, they had another voting, and this time 85% of the population voted in blank. The government panicked, there where tanks in the street, no one could talk in big groups, etc. basically , the country was under a dictatorial fist. Well, i wonder if something like that happen, what would happen? I guess ppl arent smart enough and they keep voting...

Re:By the authorise?

Your first round of decrypted messages are worthless meat eating mammal, I'm vegan...

for the the party of interest encrypted the messages twice-- once before going into Hushmail and again when Hushmail scrambled it before sending. I double encrypt all of my communications with the unbreakable ROT13.

Most laws are immoral?

[cowwoc2001]

You seem to be implying that most laws are immoral or that we seem to be living in Nazi Germany or something.

The US/Canadian governments gains little by decrypting emails of their citizens, mostly due to our political systems. The same can't be said about decrypting the email of people who most of us would agree are doing "bad things". Think organized crime, terrorists, etc.

First and foremost you need to declare outright what your position is: are you saying that most laws are immoral? are you saying that our government is reasonably comparable to Nazi Germany? Our point of contention seems to have little to do with encryption.

Huh?

[EriDay]

You can use msmtp to relay, and fetchmail to download, your messages from a remote server; or you can set up your own mail service if your ISP allows it. Consider using procmail to sort incoming messages.

If you take the first alternative, you are simply running a mail client. The mail headers will no different than if you were sitting at your desk at home composing the email and using your favorite mail service.

How secure is Hushmail

[sjames]

From their home page, if you go to "How secure is Hushmail", they make it quite clear that they will protect you from various warrantless searches by virtue of the encryption. In the Limits section, they also make it uite clear that IF they receive a valid court order, they can and will turn your communications over to law enforcement.

Just to be more clear, they point out that hushmail is not an appropriate choice if you intend to break the law.

Really, did anyone expect them to strike the colors and relocate to international waters, becoming fugitives in the process, to protect a customer from a valid court order?

If you need a higher level of security than that (for example, if you believe your government mighy bully the Canadian courts into issuing a court order for a non-criminal activity) then you MUST keep the secret key and the software that uses it on your own machine under your exclusive control. There are no excptions.

Re:By the authorise?

And you just take their word on that do you? Hrm... great job. You'll never have any real security no matter what you do if you're that dim...

Forgot one...

[gillbates]

There is actually a much easier, more secure way than you mention.

• The stand alone encryption utility and attending keys on read-only, removable media. I suppose for the less paranoid, a USB drive would work as well.

Rather than using special mailers, setting up servers, etc..., you could do the following:

1. Use a yahoo, hotmail, or gmail account.
2. Distribute your private keys via sneakernet, UPS, FedEx, etc... to your cohorts.
3. Use a standalone encryption program to encrypt and base-64 encode your messages. Copy and paste them into the mailer of choice.

Granted, you have to do copy and paste for every send and receive, but there are a lot fewer potential compromises in this scenario than the one you mention. Even if you are using Putty, you still run the risk that someone has a keylogger installed on the public computer - having SSL or SSH functionality won't do you any good in those circumstances.

So what, really, does this buy you:

1. For one, you have fewer areas of possible compromise. As with any machine, a keylogger can foil the whole scheme, but aside from that, you don't have to worry about vulnerabilities in your browser, your mail client, your SSH client, the host OS, or anything beyond that.
2. Should someone obtain physical access to your server, your secrets could be compromised. It's much easier to hide/destroy a USB stick without detection than to destroy an entire server; with the first, the attacker may not even know that it exists, whereas the second is likely to be seized in a raid, and will be the primary target of any investigation, regardless of the legitimacy of such. Attackers don't demand keys to data they don't have . The best defense against compromise is to plausibly deny the existence of any data, rather than depend on their inability to break encryption.
3. Public key encryption is vulnerable to a man-in-the-middle attack. It is not necessary to break the encryption to intercept messages because it is possible to impersonate a trusted entity. You have no way of knowing if the person with whom you are corresponding is who they say they are; any weaknesses in the chain of trust can extend to the entire chain below. A CA compromised by an attacker could easily be used to insert hostile entities which appear trustworthy.
4. Granted, private key cryptography seems like more work; however, this is not actually the case when you consider that it provides both authentication and encryption. Because you use a side channel for key distribution, you are better able to verify the identity of correspondents. Contrast this with public key methods, where you have to develop a chain of trust, and any weak link breaks the trustworthiness of the entire chain. Private key methods allow you to cut off a compromised individual without necessarily breaking the entire chain (actually, the chain is only one link long).

The difficulty in encryption nowadays is that you either go with something secure and less convenient, or you go with convenience over security. With encryption, though, if you don't get it right the first time, you might not get a second chance.

Not sure that's how it works, though.

[Kadin2048]

I'm not necessarily saying that you're wrong, but that's not how I understand the 'secure' Hushmail mode works.

My understanding is that even if you use the Java client, Hushmail retains a copy of your private key on their server, encrypted using AES-128 with your passphrase of choice.

Were this not the case, you would need to carry around your private key (using a USB stick or some other media) in order to have it available for decryption when you used Hushmail. While secure, this would defeat much of the convenience of using Hushmail in the first place. (Why not just carry around your keys and GPG, or heck, a whole bootable Linux distro, on the stick instead?)

So what Hushmail does is keep everything on their server except your passphrase. That way, you can fire up any computer you want, and the only thing you need to have available is that passphrase, which you can memorize (or store in some other convenient fashion). They send you the Java applet and your AES-encrypted private key, you enter the passphrase, and the key gets decrypted and can be used by the client-side applet to read and sign messages. At the end of your session, the applet throws everything away.

In the insecure, non-Java mode (which may be the default?!), all the encryption is done on the server, which requires that you send the server your passphrase (via a SSL connection) so that it can decrypt the key and perform the decryption or signing. Thus, in this mode, Hushmail has everything: both the encrypted key and its passphrase. That means they can get the decrypted key, and that means they can sell you out to the Feds or anyone else they so desire.

While there might be some way to keep your private key and not even turn the encrypted version of it over to Hushmail, I'm not sure what advantages that mode of operation would have over just using your email provider of choice, and carrying around your own GPG binaries (perhaps with an entire OS, limiting your avenues of attack to hardware- and TEMPEST-based ones). Once you have to have something with you that's too big to memorize, you might as well just keep everything with you and trust no one.

Re:Not sure that's how it works, though.

[Poromenos1]

Ah, I hadn't used HushMail so I didn't know that, I thought they required you to have your private key with you. This makes more sense, but it's still a stupid way to work (well, disclosing your private key is always stupid) because they only need your passphrase once and your private key would be compromised. You'd need to trust them not to do that, which, apparently, you can't. You were right in your original post, though, if they keep the private key encrypted. I still think Thunderbird + Enigmail on a flash disk is a much better solution.

No, your problems have just begun

[gillbates]

Okay, sure, you didn't give out your public key. But say you want to correspond, securely, with me, and say also, that the Feds are tapping the phone.

Here's how it plays out: I go get my own public/private key pair. I email you my public key, but in the process, the Feds intercept the email, and alter it so that it's their public key, not mine. The reverse key exchange goes the same way. Then, when you send a message to me, they decrypt it, read it, and encrypt it with their public key. Then they forward the mail to me. Because I've accepted your public key (which is really the Fed's key), I think it is legitimately from you. And I trust you. Problem is, the Feds can now read all of our emails, even though we think they're securely encrypted.

What's the solution? Oh, you could publish your public key, but how would I know that the html I'm receiving is really from your website, and not altered by a proxy? Or you could call me and recite your public key, but then we may as well be using private key encryption anyway.

Security is not as straightforward as merely following the directions.

Re:No, your problems have just begun

[starfishsystems]

The solution to the MITM scenario in present systems is as follows.

In X.509 certificates, the public key is signed by a mutually trusted third party. In PGP, the same thing is achieved at a peer level by ring of trust.

Earlier proposals call for a commonly trusted keystore, but that was found not to scale well. Really you need the cert to carry its own means of validation, hence the need for thir party signing.

Re:By the authorise?

[starwed]

One point of clarification: By default, they don't store your key. The point is that because they could store your key, the feds can demand that they do so next time you use the webmail version.

Distributed code-signing key

[The+Conductor]

If they really wanted to be clever, they could wipe the key after breaking it into 100 factors, any 20 of which would be enough to re-construct the key, then distribute that to 100 independent 3rd parties. That way, if they want to update the code, they could sign it only after scores of outsiders have reviewed it. It should be hard to sneak a back-door past that. If the government wants the code-signing key, they have to serve subpoenas to a large number of outsiders for the key factors without someone blabbing the fact and blowing the investigation's cover.

Re:That's been recommended to me, but I can't do i

[Lord+Kano]

Encryption keys are supposed to be kept as secure as possible; it strikes me as insane to let them touch the swiss-cheesiest app on the machine.

Yeah, but when you've got insecure apps on a machine what else can be secure? If your web browser is sufficiently insecure, what's to stop a buffer overflow from giving someone access to a file that you haven't specifically opened?

LK

Phil Zimmerman appears to agree with me...

[wurp]

http://blog.wired.com/27bstroke6/2007/11/pgp-creator-def.html

Problems aren't over yet

[LandruBek]

Then your problems are over.

Actually no: then you are on to the next problem, the one after that, etc. You are certainly right about guarding your private keys, but there is more to data security than that. Obviously if you store your messages on a box that has a rootkit or is a zombie, or is otherwise hacked, you have no security. Supposedly the FBI has done this. If you read the messages on an unshielded CRT monitor, that's a security hole, since the images on the monitor can be picked up remotely. Then there are the new "sneak-and-peek" searches. And on and on. Those who really are into drug trafficking face a truly difficult security problem, because the FBI has quite a bit of resources to spend on getting into their business.

As you correctly noted, the crypto that is freely available these days is plenty strong enough provided you use it properly. I think it was Bruce Schneier who used the image of crypto being like the lock on the door, whereas security is the whole house: not only the lock on the door must be sound, but the whole building (door, hinges, walls, foundation). Crypto doesn't solve all your problems: it solves one of your many problems.