Hushmail in U.S. v. Tyler Stumbo

John Levine johnl at
Thu Nov 1 13:49:19 EDT 2007

>Since email between hushmail accounts is generally PGPed.  (That is 
>the point, right?)

Hushmail is actually kind of a scam.  In its normal configuration,
it's in effect just webmail with an HTTPS connection and a long
password.  It will generate and verify PGP signatures and encryption
for mail it sends and receives, but they generate and maintain their
users' PGP keys.

There's a Java applet that's supposed to do end to end encryption, but
since it's with the same key that Hushmail knows, what's the point?

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list