Reader Comments

Subscribe: RSS

View by: Time | Thread

• 

  Pesti, 9 Nov 2007 @ 1:27am

  
  

  Why am I not suprised....Privacy is slipping away

  [ link to this | view in chronology ]

• 

  Anonymous Coward, 9 Nov 2007 @ 1:29am

  
  

  Warnings

  Various security experts have been warning about Hushmail (and similar services)for years. Some people just won't listen though.

  [ link to this | view in chronology ]

• 

  Anon, 9 Nov 2007 @ 2:23am

  
  

  and locally?

  What would have happened if the emails were from account owners who encrypted locally?
  
  Would they have still been able to find a way to move encrypted emails into plain text for a court order?
  
  I'm sure a similar reasoning would be used in that case.

  [ link to this | view in chronology ]

  • 

    Sean, 9 Nov 2007 @ 3:02am

    
    

    Re: and locally?

    The Feds have trojans they download to sniff out passwords. If I recall correctly, Techdirt have done posts on this very subject not so long ago.

    [ link to this | view in chronology ]

    • 

      Anonymous Coward, 9 Nov 2007 @ 3:29am

      
      

      Re: Re: and locally?

      The Feds have trojans they download to sniff out passwords. If I recall correctly, Techdirt have done posts on this very subject not so long ago. They have experts at waterboarding that they can use for password recovery too.

      [ link to this | view in chronology ]

• 

  Anonymous Coward, 9 Nov 2007 @ 3:56am

  
  

  At least there was a court order this time.
  
  Gee! The feds followed the law, got a court order first and nothing blew up. How dare they take such risks with our safety!
  (/sarcasm)

  [ link to this | view in chronology ]

• 

  Prime Minister, 9 Nov 2007 @ 5:35am

  
  

  RTFA!!

  For those of you too lazy to RTFA:

  [Hushmail] is useful for avoiding general Carnivore-type government surveillance, and protecting your data from hackers, but definitely not suitable for protecting your data if you are engaging in illegal activity that could result in a Canadian court order.

  That's also backed up by the fact that all Hushmail users agree to our terms of service, which state that Hushmail is not to be used for illegal activity. However, when using Hushmail, users can be assured that no access to data, including server logs, etc., will be granted without a specific court order. Smith also says that it only accepts court orders issued by the British Columbia Supreme Court and that non-Canadian cops have to make a formal request to the Canadian government whose Justice Department then applies, with sworn affidavits, for a court order.

  Hushmail is a Canadian company. The US government made a request and the CANADIAN company complied when a legit court order was presented.

  READ THE F*CKIN ARTICLE!

  [ link to this | view in chronology ]

  • 

    Anonymous Coward, 9 Nov 2007 @ 12:42pm

    
    

    Re: RTFA!!

    READ THE F*CKIN ARTICLE!

    So who did you think didn't?

    [ link to this | view in chronology ]

• 

  Overcast, 9 Nov 2007 @ 6:17am

  
  

  Just again - one more reason to be further sure that... computer's aren't nearly as secure as they are hyped out to be.

  [ link to this | view in chronology ]

• 

  lar3ry, 9 Nov 2007 @ 6:47am

  
  

  I, for one, think this is GREAT

  Hushmail states up front that they do not condone the use of their product for illegal activities, and therefore they will comply to the best of their ability with any valid court order given them. The order needs to come from a court that has power in their jurisdiction (provincial court or possibly the Canadian federal courts), which makes it a bit of a harder hurdle for people from, say, the USA DHS who might just be on a fishing expedition.
  
  They have complied with a legal order, and they are up front in exactly what they did: provided about 12 CDs of emails (without delving in exactly what those CDs contained).
  
  In this day and age, seeing such candor and honesty by a corporation is refreshing and gives me a (small) hope that sometimes there are nice guys out there. Their service makes it clear in what circumstances they will comply, and they also make it clear that they are not able to unencrypt email sent from their Java client (which is a bit more of a hassle to use). They don't promise a rose garden, but they don't hide the thorns, either.
  
  The article would make me MORE prone to use their service, as opposed to some other vendor that might cave in to the "nosy neighbor of the week," or that might have a back door into your supposedly-encrypted email that they are willing to share with the people in black hats.
  
  Hooray for the good guys!
  
  Oh... if you are doing something illegal, I hope you get caught. Just because I don't want my private life spewed all over the internet doesn't mean you have the right to get away scot free with your dastardly deeds. If the government asks for your encrypted email and has reason to suspect that it is worth a twenty man-year effort to decrypt it to prove a case, they will do so, and there's nothing you can do about it except avoid doing illegal things.

  [ link to this | view in chronology ]

  • 

    Jack o. Trades, 9 Nov 2007 @ 6:55am

    
    

    Re: I, for one, think this is GREAT

    Well, while this poly-anna replies about the great and good are nice, one should as a more basic question. What happens when the Government is wrong? What happens when what you are doing is legal then is ruled illegal. Privacy is a right like the second amendment is for guns. It sets those in power on notice that a normal everyday person is protected. IF "they" deem it bad then is it bad?
    
    You would do well to think about such things before you go off and suggest its ok for the good guys to save us from ourselves.

    [ link to this | view in chronology ]

    • 

      lar3ry, 9 Nov 2007 @ 2:59pm

      
      

      Re: Re: I, for one, think this is GREAT

      What happens when the Government is wrong? In a perfect world, you will be found innocent. In the real world, things go sometimes go awry. I'm not a Pollyanna, but I'm also not an alarmist.
      
      What Hushmail is doing does not impact this one iota. They are doing what they advertise they are doing, and when they are asked to give over customer data, they are forthright about it.
      
      I do think of such things. I don't expect ANYBODY to save me from myself except, perhaps, myself. And I hope that people that would utilize a useful tool for illegal purposes get nailed in the same way that a person that uses a gun to commit a crime.

      [ link to this | view in chronology ]

  • 

    At idiot above me, 23 Jun 2019 @ 12:27am

    
    

    Re: I, for one, think this is GREAT

    Define "illegal"!
    PS: I can do whatever I want even if it p*sses you off.

    [ link to this | view in chronology ]

• 

  TheDock22, 9 Nov 2007 @ 6:57am

  
  

  No problems here

  I think Hushmail did the right thing. A court order was given and they complied. It is silly to think that an email service company would really encrypt all your emails so that they can not comply with a court order and leave themselves open to nasty legal battles.
  
  At least they waited for a court order and did not just hand over the information like other companies.

  [ link to this | view in chronology ]

• 

  Max Powers at http://ConsumerFight.com, 9 Nov 2007 @ 7:42am

  
  

  Everything can be seen

  It seems to me that anything ever written on a computer can be read, regardless of the protections you think you might have. As I have stated before, I would never type anything on a computer that I wouldn't want to be seen.

  [ link to this | view in chronology ]

• 

  countzero, 9 Nov 2007 @ 8:32am

  
  

  not targeted

  So be it, they got the court order, the police should be able to do what they need to to gather information for a case or whatever. However. 12 cd's of plaintext is what, 1.5 million full pages or so? Even if they were targeting a crime ring or something along those lines, that amount of information is absurd. The fact that the police went through the right channels gives me some hope, but that they just grabbed everybody's emails disgusts me a bit.

  [ link to this | view in chronology ]

• 

  Anonymous Coward, 9 Nov 2007 @ 9:01am

  
  

  Countzero is the only one so far to address the real issue:
  
  That Hushmail handed over 12 CD's worth of email. I doubt any human being could send or receive enough email in a lifetime to fill twelve CD's.
  
  If Bill does an illegal act and the courts ask for Bill's email through the proper channels, then handing over just Bill's email is one thing. However, it sounds like Hushmail handed over ALL of their users email, not just the evidenciary email. That is the issue at hand. They should not violate all of their customers privacy in that way, nor should any government have the power to demand that ALL the email, even that unconnected to their case, be handed over.
  
  Hushmail IS in the wrong here.

  [ link to this | view in chronology ]

  • 

    Freedom, 9 Nov 2007 @ 9:29am

    
    

    Re:

    You are assuming text based e-mails. E-mails with attachments could very easily consume 12 CDs. For instance, let's say this person was using the account for child porn or something - would it be that difficult to fill up 12CDs with those types of e-mails?
    
    They could have also included logs which tend to be extremely verbose and can add up quickly.

    [ link to this | view in chronology ]

  • 

    TheDock22, 9 Nov 2007 @ 9:54am

    
    

    Re:

    Yea, I think your wrong on this one. I just backed up my email the other day and I filled up 5 cds worth of stuff on my own. With attachments I really needed the space.
    
    Plain text email with attachments from a few users could easily fill up 12 cds.
    
    So, you need to not make finite statements like I doubt any human being could send or receive enough email in a lifetime to fill twelve CD's. It makes you seem like a fool.

    [ link to this | view in chronology ]

    • 

      Anonymous Coward, 9 Nov 2007 @ 12:30pm

      
      

      Re: Re:

      I don't buy it. I have five years worth of mail stored in my email account, including potentially thousands of attachments which mostly constitutes image files.
      
      The total size is just over 1 gigabyte of data, not even enough to fill two CDs. Image files are very small, a few kilobytes worth of data, and most email services have size limits that prevent attachments that are too large, such as video files from being sent.
      
      I stand by what I said that 12 CDs (which averages out to around 8 Gigabytes of data) sounds like more than just 1 or 2 accounts.

      [ link to this | view in chronology ]

    • 

      Anonymous Coward, 9 Nov 2007 @ 1:15pm

      
      

      Re: Re:

      Plain text email with attachments from a few users could easily fill up 12 cds.
      
      E-mail messages with attachments are not plain text. Plaintext does not mean "plain text" and making statements about "plain text email with attachments" makes you seem like a fool.

      [ link to this | view in chronology ]

      • 

        TheDock22, 9 Nov 2007 @ 1:53pm

        
        

        Re: Re: Re:

        E-mail messages with attachments are not plain text. Plaintext does not mean "plain text" and making statements about "plain text email with attachments" makes you seem like a fool.
        
        Ah well on this forum I assumed most people were astute enough to understand plain text (plaintext) as encrypted. I am either a fool or hopefully optimistic.

        [ link to this | view in chronology ]

        • 

          Anonymous Coward, 9 Nov 2007 @ 3:56pm

          
          

          Re: Re: Re: Re:

          Ah well on this forum I assumed most people were astute enough to understand plain text (plaintext) as encrypted.
          
          Wow. How dense are you? It's been explained to you in simple terms and yet you still don't understand that plaintext isn't encrypted and that "plaintext" doesn't mean "plain text".
          
          I am either a fool or hopefully optimistic.
          
          I don't know about the latter but you're certainly showing yourself to be the former.

          [ link to this | view in chronology ]

• 

  nipseyrussell, 9 Nov 2007 @ 9:46am

  
  

  Mike says plain text, but i dont see that in the e-mail. Also the article says "turned over 12 CDs worth of e-mails from three Hushmail accounts" not the whole enchilada

  [ link to this | view in chronology ]

  • 

    Sean, 9 Nov 2007 @ 12:35pm

    
    

    Re:

    Plain text as in not encripted

    [ link to this | view in chronology ]

  • 

    Anonymous Coward, 9 Nov 2007 @ 1:05pm

    
    

    Re:

    Mike says plain text, but i dont see that in the e-mail.

    I suspect Mike should have written 'plaintext' rather than 'plain text'. 'Plaintext' just means 'unencrypted' and can include attachments and stuff other than just plain text.

    [ link to this | view in chronology ]

• 

  claire rand, 9 Nov 2007 @ 2:46pm

  
  

  if its important enough to care about privacy, then do the blinding obvious.. encrypt it yourself before sending it..
  
  if you let a company encrypt if for you, well you get what you deserve.
  
  can't blame the company at all for this, at least they are open about what they will do, and waited for a court order.
  
  what exactly do people expect?
  
  if you are serious about sending a 'secret' message its not exactly hard

  [ link to this | view in chronology ]

• 

  Jamie, 9 Nov 2007 @ 3:09pm

  
  

  Thank you, Claire Rand! Finally someone got the point: Hushmail offers Java-based software that will encrypt outgoing data *before* it even gets to Hushmail and then will decrypt it after it leaves Hushmail. When used, Hushmail sees nothing but encrypted gibberish. The people who had their plaintext email passed onto law enforcement were to damned lazy to use the software and instead uploaded plaintext messages for Hushmail to do the encryption on the server end. That's stupid. It's like walking into a busy post office and dictating your secrets to the clerk behind the counter so everyone else can hear and then asking that the message be sent in a secure package.

  [ link to this | view in chronology ]

  • 

    Anonymous Coward, 9 Nov 2007 @ 4:26pm

    
    

    Re:

    Thank you, Claire Rand! Finally someone got the point:

    Yes, Claire got it right.
    
    

    Hushmail offers Java-based software that will encrypt outgoing data *before* it even gets to Hushmail and then will decrypt it after it leaves Hushmail. When used, Hushmail sees nothing but encrypted gibberish.

    Maybe, maybe not. You see the problem with Hushmail's Java applet is that you can't verify that it is secure. While Hushmail does publish the source code for an encrypting Java applet you still can't be sure that it corresponds to what is actually downloaded to and run on your computer each time. That's why you should use only open-source encryption software that you can verify and install on your own computer if security is really important to you.
    
    

    The people who had their plaintext email passed onto law enforcement were to damned lazy to use the software and instead uploaded plaintext messages for Hushmail to do the encryption on the server end. That's stupid.

    As explained above, using their Java applet could also be said to be lazy and stupid. Good security usually isn't easy to implement. That's why most people don't do it.

    [ link to this | view in chronology ]

• 

  Billy Boy, 9 Nov 2007 @ 5:44pm

  
  

  I'm right in my assumption that encrypted email I send to someone is vulnerable to be compromised if the recipient is lax at their end, aren't I? In this case, even if the senders were vigilant in their encrypting, the fact that the recipient wasn't, made all of their emails (to that recipient) readable.

  [ link to this | view in chronology ]

  • 

    Anonymous Coward, 9 Nov 2007 @ 6:45pm

    
    

    Re:

    I'm right in my assumption that encrypted email I send to someone is vulnerable to be compromised if the recipient is lax at their end, aren't I?

    Absolutely. Encryption is just a tool and not a substitute for good judgment. You should have the good sense to not send confidential information to unreliable recipients.
    
    

    In this case, even if the senders were vigilant in their encrypting, the fact that the recipient wasn't, made all of their emails (to that recipient) readable.

    And all of the messages from those recipients back to the sender as well. Encryption only protects the message from those without the key, it doesn't make the recipient reliable. It's kind of like having a lock on your house but then giving a key to bad neighbor. The lock may protect your stuff from people without the key but it won't keep the bad neighbor from ripping you off.

    [ link to this | view in chronology ]

• 

  anonymous email, 8 Dec 2007 @ 7:15pm

  
  

  Think Twice!

  Hushmail isn't offshore enough. If you think that you are protected just over the border then you are completely wrong. Choose your secure email provider wisely!

  [ link to this | view in chronology ]

• 

  barbiedoll, 24 Mar 2008 @ 5:49pm

  
  

  Data Locking

  Check out www.datalocking.com as I would love to hear any thoughts on their idea! It appears that the data/text info is owned by a third party and the server is off shore in Costa Rica (who does not extradite info to the USA--hence that is where off-shore gambling and off-shore banking are flourishing.)

  [ link to this | view in chronology ]

• 

  bogus boghart, 2 Dec 2009 @ 6:42pm

  
  

  hmm

  what i don't get is why the feds aren't burning emails on dvds. come one get with the times.

  [ link to this | view in chronology ]

• 

  Rick, 12 Dec 2009 @ 9:47am

  
  

  choosing email providers

  If you are concerned about the US government (or the EU now) reading your email, you need to select a service outside those jurisdictions and in a country that can resist pressure from other, more powerful countries. There is a table comparing several secure email providers, including their locations, on the novo-ordo website at http://www.novo-ordo.com. There are also pages discussing other aspects of computer security there.

  [ link to this | view in chronology ]

• 

  harry potter, 21 Oct 2013 @ 8:21pm

  
  

  oh my god use megabytes not cds

  [ link to this | view in chronology ]

• 

  clueless gramibear, 8 May 2016 @ 2:00pm

  
  

  new pilgrim exploring

  At this point not entirely sure I am totally signed up but I did pay $49.99 and get get an email address, I think. These comments are interesting! Since none of my activities are in the least "interesting" to government agencies I am only glad for thair protection. Yet invasion of trojans, or any other really obnoxious potentiaiiy destructive forces would be untolerable because I just had a wicked experience with such stuff. In case of things like that happening does hushmail hav a way of fixing it? And is this "paid version" safe from suuff?
  I don't have a clue about the technical stuff like the URL. Where do I even find such stuff? I really need help . . . Being "gently seasoned" . . . . . . . most likely way older than you, I am slow, disabled, and my memory is . . . . let's just say a bit foggy these days sorry to say.

  [ link to this | view in chronology ]

• 

  martyn, 8 Jun 2017 @ 7:20am

  
  

  youre all scrapping over nothing!

  I'll spell it out to you in plain text!
  
  there is no difference between "plain text" and "plaintext"
  probably just a typo or a misused jargon.
  In emails there is only a choice between plain text or HTML
  like when you are a technophobe with a crappy slow computer and when you try to read your email your browser asks you if you want to view your email in plaintext because its loading very slowly and cant handle all the HTML formatting! you choose plain text! so I think that 12 cds worth of plain text is in fact overkill and hushmail has something to answer for! However i dont think that 12 cds worth would be all their users! thats just ludcicrous if you you consider that possbily a lot of their users might be business users who both send and recieve thousands if not millions of emails everyday, every hour , every minute, every second! ponder that for a while?? I doubt very much that 12 cds worth of emails even plain text/plaintext would fit all their users emails on! I rest my case!

  [ link to this | view in chronology ]

• 

  M N, 19 Nov 2018 @ 10:30am

  
  

  HushMail "not so secure" article

  Really??? And whar=t exactly would you do if the Feds sent you a court order to provide them with information? What do you expect HushMail to do on their marketing material - state that your emails are secure" short of a federal government court order"?
  
  You obviously have way too much spare time on your hands!

  [ link to this | view in chronology ]