Slashdot Mirror

← Back to Stories (view on slashdot.org)

Secure, Web-based E-mail

Posted by Hemos on from the throw-away-the-hotmail-account dept.

Cal Godot writes "I've come across this interesting company, HUSMAIL.COM, that provides secure, encrypted, web-based email. They're pretty new, still working out a few kinks, and want people to take a look. (Bug reports should be sent to bugs@hushmail.com, by the way.) The URL is https://www.hushmail.com The whole thing works via a Java applet, and requires the latest-greatest web browsers. Source code is also availible. It's all built around public/private key encryption, using a 1024-bit Diffie-Helman scheme. "

4 of 76 comments (clear)

  1. Vunerabilities by Matts · · Score: 4

    The exploits in all the other web based email systems (particularly hotmail, although I suspect they are just targeted because they are big) have been based on browser bugs, and Javascript deficiencies. What's to say that something running as Java won't suffer from similar problems? I know there's the sandbox there, but will that be enough (i.e. there might be bugs in their server configuration or any other possible point of entry)? And do enough people care?

    For me, I don't care about the security of my email, just that I can get it 24/7 and quickly (which is why I dumped hotmail for joymail). I honestly don't think that many people will care enough to use Java for their email. Especially not considering how slow it is. Still, I might just create an account, just for a laugh...

    Matt.


    perl -e 'print scalar reverse q(\)-: ,hacker Perl another Just)'

    --

    Matt. Want XML + Apache + Stylesheets? Get AxKit.
  2. Hummm..... by A+well+known+coward · · Score: 5

    I tried to set-up an account just to see what they're all about. For a company that is so interested in the users' privicy, they sure ask you a lot of personal questions. For example, why would they need to know people's income?

    BTW, what are the chances of /. running a email redirecting service? I wouldn't mind paying 50 bucks or so to support /. while getting an "@slashdot.org" address. :)

  3. who's this for, again? by th0m · · Score: 4
    you'd think that people who cared enough about their privacy to want to strong-encrypt their email would just install PGP on their local system and be done with it, rather than trusting a third party to take care of the encryption for them.

    i'm sure the java solution performs the encryption locally and never sends anything plaintext to the hushmail server (otherwise what would be the point) but it seems to be more hassle than it's worth.

    i'm not saying this isn't useful; i'm just curious as to exactly what demographic they're aiming at. people who are already anal about their privacy will know how to do their own secure email; and people who don't go crazy about privacy and/or don't know how to use PGP will probably just go and use a more straightforward webmail service.

    --

    -- in china, chinese food is just called food.

  4. Not really a secure e-mail... by MeanGene · · Score: 4

    Well, it looks more like a commodity web-based e-mail, but running on a SSL-enabled server. Their FAQ plainly states that only e-mail sent to another hushmail user is secure. Duh...

    PGP all the way!