by Mike Masnick
Fri, Nov 9th 2007 12:37am
Many people are familiar with the company Hushmail, who provides encrypted web-based email that the company claims is completely private. In fact, the company makes it clear: "not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer." It turns out that isn't quite true. Wired reports that Hushmail handed the feds 12 CDs worth of plain text emails from the service following a court order. The Wired piece goes into great detail concerning what happened here -- and the folks at Hushmail were quite honest about how their service works. Hushmail has two different versions, one which requires a java app to be downloaded, which handles all the encryption locally. The other, more popular one, is entirely web-based, meaning that your passphrase is stored on the server ever so briefly -- and that's how Hushmail was able to access the accounts required in the court order. So, while it's true that Hushmail is mostly secure outside of a court order, the marketing material on the site is at least a little misleading, implying that even in such cases, your email will be encrypted.
If you liked this post, you may also be interested in...
- T-Mobile Customer Data Leaked By Experian... And Faulty Encryption Implementation
- Chip And PIN Meets Facial Recognition: Chipping Away At Privacy, Pinning You Down In A Database
- Microsoft 'Addresses' Windows 10 Privacy Concerns By Simply Not Mentioning Most Of Them
- FBI Almost Entirely Arbitrary In Redacting Info On Freedom Of Information Requests
- FBI Sent Informant Into Mosque To Find Terrorists... Mosque Gets Restraining Order And Reports Him To The FBI