If you are migrating over from Google, the loss of a calendar, storage via drive , and spreadsheets may come as a shock. However, if you only need secure email services, Hushmail might suffice. It is also worth noting that if you want Below are the full set of features available on premium:. United States case, the US supreme court found that US corporations have a duty to extract data from their international servers when served a warrant by the US authorities. For Hushmail, which is a subsidiary of a US firm, this raises privacy concerns over the possibility of gag orders.
All in all, this puts something of a question mark over the privacy that you might gain when using Hushmail - especially considering the closed source nature of the platform.
The firm also informs users that they will comply with the authorities if they are served a legitimate warrant to do so. It is worth noting at this point that there are no logs email providers on the market that allow you to sign up without handing over personal details or an email address.
As part of the account creation process your IP address will be recorded. We may request that you provide other information, such as a phone number, as well. We use this information to analyze market trends, gather broad demographic information, and to prevent abuse of our services.
We will not share this information with third-parties. In addition, the firm warns users that if they decide to purchase a subscription the following data will be required for processing:. Name, the account you are upgrading, the domain you wish to use for your email, alternate email address, your billing address, and your credit card information. Additionally, we will record the IP address from where the payment is made.
When we process your payment transaction, this payment information will be transmitted to our payment processor. We use third-party PCI compliant services to process your payment transaction. When we process your payment, we share your IP address, city, country, and postal code with a third party anti-fraud service to determine the likelihood of the purchase being a fraudulent transaction.
We do not store your credit card number on our servers. Information we record may include your IP address, your browser type, browser language, date and time of the action, account usernames, sender and recipient email addresses, filenames of attachments, subjects of emails, URLs in the bodies of unencrypted email, and any other information that we deem necessary to record for the purposes of maintaining the system and preventing abuse.
As you can see the firm collects and retains all email metadata, presumably so that it can comply with warrants and requests from law enforcement if it is presented with them.
So, is there any evidence of Hushmail passing data to the authorities? For starters, Hushmail does not provide a transparency report, or have a Warrant Canary, like so many of its competitors. This is a shame because it means it is impossible for consumers to understand the number of requests for data it is receiving and complying with. However, with just a little research it is possible to find evidence of Hushmail spilling information to Canadian authorities.
In , Hushmail handed over 12 CDs worth of emails relating to three Hushmail accounts. According to sources from the case, Hushmail provided clear text versions of encrypted emails it should not have been able to access due to End-to-End Encryption.
That data was passed to the US Feds, following a court order obtained via the mutual assistance treaty between the U. The case is extremely concerning and casts serious doubts over the service and the possibility of it having a backdoor. Following the case, the CTO of Hushmail also admitted that intelligence agencies were able to break into encrypted emails of targeted accounts via vulnerabilities in the Javascript browser application.
To be fair on Hushmail, this is a problem for all browser-based encryption that is executed with Javascript. Hushmail can be used in this way; if you trust it. On the other hand, the frank admission that this Java exploit is actually being exploited on Hushmail users goes quite a bit further than simply saying that it is possible in theory, and it is a sharp reminder of the fact that it is very hard to trust US services that claim to provide privacy.
Finally, we hated that we had to provide a phone number at the subscription stage in order to receive an SMS verification code.
Having to provide your old email and a phone number is too invasive for us. Hushmail implements encryption for both sending and storing emails on its servers.
When users send emails using Hushmail, their real IP address is scrubber from the header and is replaced with an IP address belonging to Hushmail. Mcdermott Pasadena. Pabst Blue Ribbon Corporate Headquarters.
Dmv Virginia Headquarters. Ymca Headquarters Florida. Delta Galil Usa Headquarters. Where is Hushmail headquarters? Hushmail headquarters is located at Hornby St , Vancouver.
Our offerings have evolved over the past 17 years to include a wide range of secure But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company. A September court document. The charging document alleges that many Chinese wholesale steroid chemical providers, underground laboratories and steroid retailers do business over Hushmail.
The court revelation demonstrates a privacy risk in a relatively-new, simple webmail offering by Hushmail , which the company acknowledges is less secure than its signature product. A subsequent and refreshingly frank e-mail interview with Hushmail's CTO seems to indicate that government agencies can also order their way into individual accounts on Hushmail's ultra-secure web-based e-mail service, which relies on a browser-based Java encryption engine.
Since its debut in , Hushmail has dominated a unique market niche for highly-secure webmail with its innovative, client-side encryption engine. Hushmail uses industry-standard cryptographic and encryption protocols OpenPGP and AES to scramble the contents of messages stored on their servers.
They also host the public key needed for other people using encrypted email services to send secure messages to a Hushmail account. The first time a Hushmail user logs on, his browser downloads a Java applet that takes care of the decryption and encryption of messages on his computer, after the user types in the right passphrase. So messages reach Hushmail's server already encrypted. The Java code also decrypts the message on the recipient's computer, so an unencrypted copy never crosses the internet or hits Hushmails servers.
In this scenario, if a law enforcement agency demands all the e-mails sent to or from an account, Hushmail can only turn over the scrambled messages since it has no way of reversing the encryption. However, installing Java and loading and running the Java applet can be annoying. So in , Hushmail began offering a service more akin to traditional web mail. Users then tell the server-side engine what the right passphrase is and all the messages in the account can then be read as they would in any other web-based email account.
The rub of that option is that Hushmail has -- even if only for a brief moment -- a copy of your passphrase.
0コメント