The upshot of this is that a paranoid user might be able to detect - if not prevent - if his Hushmail account is being interfered with, but only if he uses the Java applet option.
"This means that in Java mode the level of trust the user must place in us is somewhat reduced, although not eliminated," Hushmail's Smith told Wired. "The extra security given by the Java applet is not particularly relevant, in the practical sense, if an individual account is targeted."
Smith told Wired that those looking to Hushmail as a safe haven for snooping on illegal activity were out of luck. However, he added that the firm, unlike US telecoms firms involved in the controversy over the Bush administration's warrantless wiretapping program, would resist mass surveillance efforts.
"[Hushmail] is useful for avoiding general Carnivore-type government surveillance, and protecting your data from hackers, but definitely not suitable for protecting your data if you are engaging in illegal activity that could result in a Canadian court order," Smith told Wired.
"That's also backed up by the fact that all Hushmail users agree to our terms of service, which state that Hushmail is not to be used for illegal activity. However, when using Hushmail, users can be assured that no access to data (including server logs, etc.) will be granted without a specific court order.
"We receive many requests for information from law enforcement authorities, including subpoenas, but on being made aware of the requirements, a large percentage of them do not proceed," said Smith.
"To date, we have not challenged a court order in court, as we have made it clear that the court orders that we would accept must follow our guidelines of requiring only actions that can be limited to the specific user accounts named in the court order. That is to say, any sort of requirement for broad data collection would not be acceptable." ®
"How about Hashmail? Every mail you send is instantly turned into a randomly-salted MD5 hash. "
Yeah thats a great idea?! MD5 is a one way hash function - you cant decrypt it, numerous rainbow tables have been created for MD5 even up to a 3 character salt - but still no chance otherwise.
use it or lose it.
Encryption. If people don't get on the bandwagon and start encrypting all their communications, in the near future you will lose the right to do so. Governments can easily impose anti-encryption legislation when so few people are using it, under the old saw that "if you've got nothing to hide you have nothing to worry about".
Trouble is, governments change, and ordinary people do have things to hide from not just the government, but from their neighbours, their boss, and a host of others who can get access to your secrets.
Encryption. Use it now, or lose it. There are dozens of programs out there that can be installed and used.
As for Hushmail, they're a scam. I hope they get sued by their customers.
Okay...if Hushmail isn't secure enough...
How about Hashmail? Every mail you send is instantly turned into a randomly-salted MD5 hash. This was we can guarantee that no Federal Agency will ever read any of your outbound email ever again.
I feel the fact that no-one else will ever read your outbound mail, including the intended recipient, is a small price to pay for this level of security and privacy.