Jump to content

Talk:Hushmail

Page contents not supported in other languages.
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Unimaginative Username (talk | contribs) at 04:05, 29 April 2013 (Private keys ?: no applet anymore). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

WikiProject iconWebsites: Computing Unassessed
WikiProject iconThis article is part of WikiProject Websites, an attempt to create and link together articles about the major websites on the web. To participate, you can edit the article attached to this page, or visit the project page.
???This article has not yet received a rating on Wikipedia's content assessment scale.
???This article has not yet received a rating on the importance scale.
Taskforce icon
This article is supported by WikiProject Computing.


Private keys ?

The most important part is missing in the article: Where are private keys stored and how does an applet running in the browser get the private key. Please add this missing part to the article urgently! — Preceding unsigned comment added by 186.105.79.45 (talk) 15:34, 18 February 2013 (UTC)[reply]

Sadly, there isn't an applet running in the browser any more. That option was removed for new accounts several years ago. The key is stored, in encrypted form, on their server, but both the message body and the password are decrypted on the server, if only momentarily, to re-encrypt with the recipient's key. To source this, please click on what is currently Citation [5] in the article, then click on the hyperlinked phrase, "technical comparison". This used to point to the actual comparison of Java vs. non-Java versions of Hush. It is still a valid link, but the security analysis to which it points says nothing at all about Java, and there are no other options. So, no more AES-256 as originally designed, and no endpoint-to-endpoint (user-to-user) full encryption.
I have a grandfathered account that still runs the Java applet, but you can't open a new account with Java. Perhaps if I send to another old Java-enabled Hush account, it still may stay AES-256 all the way through. I don't know enough about crypto to know. If it's sent to a non-Java account, surely there are the same potential vulnerabilities, at least once it reaches their server. If you read all of their documentation, including the threat analysis, method of secruring, etc., you may find it appropriate to edit the article. However, since Java versions like mine may still be out there, the sentence regarding the potential of being forced to send a compromised Java applet under court order is still a valid statement.
Overall, it's still probably better than conventional web mail, even those that offer SSL connections, because your stored messages remain fully encrypted on Hush's server, fairly immune from all but a court order, except when you are actually logged in. I think it likely that conventional services that offer SSL connection to the web server will still store all of your messages in plain text on their servers. So Hush is still probably better than "nothing", though a lot weaker than it used to be. Unimaginative Username (talk) 04:05, 29 April 2013 (UTC)[reply]

NPOV Issues

Please review NPOV issues re differences between these versions: http://en.wikipedia.org/w/index.php?title=Hushmail&diff=168025454&oldid=166787296. Uncompressed 21:26, 30 October 2007 (UTC)[reply]


"The Patriot Act has endangered civil liberties and we should be grateful that Canada is a sovereign state and not subject to the American (il)legal system." I removed this statement because it doesn't conform to the NPOV standards of WikiPedia. GZAdmin 15:31 UTC 04/05/06


The statement is technically incorrect, Canada is subject to the American (il)legal system because of the Mutual Legal Assistance treaty signed by Canada and the US. I share the sentiments of the author of this statement however. —Preceding unsigned comment added by 207.176.6.111 (talk) 23:12, 3 November 2007 (UTC)[reply]

I've done some editing, and at this point I think the npov issue is gone. I'm removing the template.--76.81.180.3 (talk) 18:49, 17 November 2007 (UTC)[reply]

finding out who sent you a hushmail.com email

Is this possible? Can you find out who sent you a hushmail email? Or trace their IP address?—The preceding unsigned comment was added by Terryboo (talkcontribs).

No, Hushmail removes the ip address of the sender. 62.163.3.75 13:37, 17 July 2007 (UTC)[reply]


Hushmail removes the ip address of the sender from the email itself ... that doesn't mean that they cannot determine the ip address of a sender and relay that information to the american authorities. So for the average joe... he wouldn't be able to determine the ip address...but in essence the americans could. —Preceding unsigned comment added by 207.176.6.111 (talk) 23:08, 3 November 2007 (UTC)[reply]

After 180 days in the U.S., email messages lose their status as a protected communication

After 180 days in the U.S., email messages lose their status as a protected communication under the Electronic Communications Privacy Act, and become just another database record. This means that a subpoena instead of a warrant is all that's needed to force Google to produce a copy. Other countries may even lack this basic protection, and Google's databases are distributed all over the world. Since the Patriot Act was passed, it's unclear whether this ECPA protection is worth much anymore in the U.S., or whether it even applies to email that originates from non-citizens in other countries.Nunamiut (talk) 18:05, 17 May 2009 (UTC)[reply]

Article states that servers located in Canada plus Ireland, USA, and Anguilla

I'm using the "Flag Fox" plugin and it is showing the hushmail server that I connected to as being located in UK (mailserver1.hushmail.com). That part of the article may need to be updated. Nevart (talk) —Preceding undated comment added 10:58, 9 July 2010 (UTC).[reply]