Hushmail in U.S. v. Tyler Stumbo

Dave Howe DaveHowe at
Fri Nov 2 14:46:59 EDT 2007

Jon Callas wrote:
> On Nov 1, 2007, at 10:49 AM, John Levine wrote:
>>> Since email between hushmail accounts is generally PGPed.  (That is
>>> the point, right?)
>> Hushmail is actually kind of a scam.  In its normal configuration,
>> it's in effect just webmail with an HTTPS connection and a long
>> password.  It will generate and verify PGP signatures and encryption
>> for mail it sends and receives, but they generate and maintain their
>> users' PGP keys.
>> There's a Java applet that's supposed to do end to end encryption, but
>> since it's with the same key that Hushmail knows, what's the point?
> I'm sorry, but that's a slur. Hushmail is not a scam. They do a very 
> good job of explaining what they do, what they cannot do, and against 
> which threats they protect. You may quibble all you want with its 
> *effectiveness* but they are not a scam. A scam is being dishonest.
> You also mischaracterize the Hushmail system. The "classic" Hushmail 
> does not generate the keys, and while it holds them, they're encrypted. 
> The secrets Hushmail holds are as secure as the end user's operational 
> security.

Seconded. the java applet is effectively a mail client, a copy of gpg, 
and a copy of the secret keyring; the public keys are looked up on the 
server though, and I suspect/assume that the messages are no more or 
less secure at the hushmail side than your own pgp mail would be on a 
isp imap server (i.e., you could get traffic information trivially just 
by looking, but message content would require being lucky with the 
keyphrase or active co-operation from hushmail to give you a "gimmicked" 
client the next time you log in that reveals that information.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list