Hushmail Privacy Limits Revealed Significant difference in java, non-java versions Tipped by fcisler 
Hushmail offers encrypted e-mail services for the paranoid and/or privacy conscious. The company uses cryptographic and encryption protocols OpenPGP and AES 256 to scramble the contents of messages stored on their servers. According to the company, "not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer." However, Wired News's threat level blog notes that this protection only goes so far. The blog notes that one version of the company's platform contains a loophole that allows law enforcement to request un-encrypted messages en masse, defeating the purpose for some of the service's regular clientelle: A September court document (.pdf) from a federal prosecution of alleged steroid dealers reveals the Canadian company turned over 12 CDs worth of e-mails from three Hushmail accounts, following a court order obtained through a mutual assistance treaty between the U.S. and Canada. The charging document alleges that many Chinese wholesale steroid chemical providers, underground laboratories and steroid retailers do business over Hushmail." Hushmail is very forthcoming to Wired (perhaps more forthcoming than their marketing) concerning the privacy limitations of their platform. In particular they admit that there are some very real privacy differences between their java and non-java clients. In the non-Java configuration, private key and passphrase operations are performed on the server side -- giving Hushmail a copy of your passphrase (and subsequently the ability to read everything).
|
  MxxCon
join:1999-11-19
Brooklyn, NY | So use java? So are they saying that if we use their java client, law enforcement won't have access like in the case above?
--
[Sig removed by Administrator: Signature can not exceed 20GB] | |
| | | Let's get this out of the way... If you have nothing to hide, you have nothing to worry about, right comrade?
--
Burrow owl...burrow owl... | |
|  | Reviews:
 ·magicjack.com
| Re: Let's get this out of the way... Better yet, use your own encryption. Why trust that someone else is doing it securely?
I see hushmail as a potential "tell" just by using it. (Even using your own encryption.). If 1/100th of 1% of Internet users use it, that's the first place to look for potential "person's of interest." For encryption to be completely useful everyone has to do it.
It's kind of like when the officer asks "do you mind if I have a look around in your car?" If 99% comply, then the 1% become person's of interest just because of their answer.
Mark | |
| | | | | | | | | Re: Let's get this out of the way... wow, youre a tough guy!
breaking laws then citing the constitution!
you're my idol | |
| | | | |  woody7Premium
join:2000-10-13
Torrance, CA | Re: Let's get this out of the way... I wasn't breaking the law, just cause you are given a ticket, doesn't mean you broke the law. It was more of on the line kind of thing, and I don't feel I have to sign anything. If I don't show up for court, they can issue a warrant, and arrest me, flag me at the dmv for registration, insurance etc. If they want to waste scant resources on a dubious ticket, so be it. IMHO most tickets are a revenue generator anyway. Timed yellow lights, bogus speed limits etc. This changes from city to city. Where I live, in the course of a couple miles, you can go through 3 or 4 cities. Peace 
--
BlooMe | |
|
| | |  meister_sdPremium
join:2006-01-29
La Mesa, CA
kudos:7 | By signing the ticket you just acknowledge you must pay it or go to court. By not signing, you are essentially saying you won't abide by this and the office can take you in to force you to court. All this has nothing to do with guilt or innocent of the actual charges. | |
| | | | | |
| | |  ShamayimI already have a Messiah.Premium
join:2002-09-23 | said by woody7:I always say no,even tho I have nothing to hide. Everybody's got something to hide (except me and my monkey). | |
|
|  N3OGHYo Soy Col. "Bat" GuanoPremium
join:2003-11-11
Philly burbs
kudos:1 | said by CrazyFingers:If you have nothing to hide, you have nothing to worry about, right comrade? I wouldn't go that route.
I would go the "since I was a dopey high school student I was smart enough to know that if it was said on the phone, or sent electronically someone can probably monitor it" route.
You really want privacy? Drive out into the middle of nowhere, and meet the person you want to communicate with.
Even then, who's to say that person isn't wearing a tape recorder when you meet with them?
Any sense of privacy anyone ever had living in the modern age is a work of fiction. Has been since the early 20th century.
You can kid yourself otherwise, but it's been that way since your first telephone, Master-charge, or ATM card.
Shit, it's gotten to the point where your hopeful to be ex wife can subpoena EZ Pass to get your toll records.
Privacy? Just opening yourself up to get caught.
Sneakiness and paranoia. NOW THAT'S THE TICKET!!
--
Petty people are disproportionably corrupted by petty power… | |
| | | Reviews:
·magicjack.com
1 edit | Re: Let's get this out of the way... said by N3OGH:You really want privacy? Drive out into the middle of nowhere, and meet the person you want to communicate with. And even then you can be surveillance by air, at least connecting you to the person you met, expanding future surveillance to that person.
said by N3OGH:Any sense of privacy anyone ever had living in the modern age is a work of fiction. Has been since the early 20th century. In some ways that's correct. In some ways not. There was never a general right to privacy until the 1960s when the Supreme Court discovered it in the 14th Amendment while deciding whether someone had the right to birth control when Connecticut banned it. (Griswold v. Connecticut.).
So, in fact, the concept of us having a general privacy right is relatively new. And, it came about in large part because the Supreme Court "discovered" in the 1920s that the framers of the 14th amendment (1866) intended the Bill of Rights to be applicable to State and private infringement. They began a 50-year campaign selectively incorporating clauses of the Bill of Rights. That was a major transfer of power to the Federal government to expand our rights. And, at the same time diminish our rights because the Feds had more power over the states (who previously operated with more autonomy).
I think what you're noting is the rapid expansion of technology, communication, travel, "virtual money." There's far more that's visible compared to 100 years ago when, if the local sheriff knew you owned "Old Paint" it didn't mean he knew where you rode off with him. But, I think under the pre-1960 system (and pre-1920 system, when states regularly infringed the Bill of Rights) it would be even worse.
Mark | |
| | | | N3OGHYo Soy Col. "Bat" GuanoPremium
join:2003-11-11
Philly burbs
kudos:1 | Re: Let's get this out of the way... WOW, good SCOTUS reference.
I'm impressed. No smart ass on my part, either...
--
Petty people are disproportionably corrupted by petty power… | |
| | | | | | To say that privacy is a new thing (150+ years old) is not even close to accurate. I'll agree that perhaps the way in which we describe the term "privacy" could be classified as new but the fundamental rights which make up privacy are as old as time.
People, in general, need things to be able to keep things to themselves that they don't want others to know about. For example, do you close the door when you go to the bathroom. Why do you do that? When you have sex with your partner, why do you close the door or why aren't you having sex out on your front lawn?
Even the framers of the constitution understood the need for privacy (unfortunately for us they didn't use that exact word).
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. | |
| | | | | Reviews:
·magicjack.com
| Re: Let's get this out of the way... said by jdjbuffalo:but the fundamental rights which make up privacy are as old as time. That's what the Supreme Court said. (Google for Griswold v. Connecticut.). They found it in the "penumbras" (the shadows or margins) of the Constitution. It was used to overturn a State ban on contraception, and later legalization of abortion.
The Court's language asserts that privacy is not explicitly protected by the Constitution. And, this was a landmark ruling. Therefore, it's correct to say that a right to privacy is relatively new (at least as far as the government reconizing it). And, it is true to say that this recognition wouldn't have occurred if the Court hadn't begun the process of "selective incorporation" in the 1920s. Prior to this, the Bill of Rights was only a bar against Congress. States regularly infringed explicitely enumerated rights, not just those in the margins.
If you want to argue a libertarian point of view that rights are preexistant, that's fine with me. But, the Supreme court didn't recognize this one until the 1960s. Making it, for all practical purposes "relatively new." And the result of a vastly larger expansion of rights that began in the 1920s (or, vastly larger and intrusive government, considering the power over the states that this implied.).
Mark | |
| | | | | | | | Re: Let's get this out of the way... Thanks, interesting Supreme Court case. I've always wondered which one did that (I knew that it was a USSC case that defined privacy in the context of the Constitution but never researched which one).
Personally, I think that it couldn't be clearer than what it says in the Constitution "The right of the people to be secure in their persons, houses, papers, and effects" which sounds exactly like privacy but obviously my interpretation is different than the USSC.
This is one of many reasons we are in dire need of several new amendments to the constitution. | |
| | | | | | | Reviews:
·magicjack.com
| Re: Let's get this out of the way... said by jdjbuffalo:Personally, I think that it couldn't be clearer than what it says in the Constitution " The right of the people to be secure in their persons, houses, papers, and effects" which sounds exactly like privacy but obviously my interpretation is different than the USSC. I think the difference is whether something is justifiably illegal (making you subject to searches and seizures), or unjustifiably illegal because of your privacy interests. Griswold was the first time the Court legalized something based upon a right to privacy. A *very narrow* finding. The Court hasn't legalized possession of automatic weapons, marijuana or pirate radio based upon a right to privacy. You're only protected in the pursuit of enforcing those law.
They justified their decision the same way you did (it's implicit). But, this is one of those win/lose propositions. People affected by state bans of contraception came out winners. But, states came out losers. This was another precedent in the Court's 40-year "selective incorporation" which dramatically altered the Federal/State relationship, putting state action under federal scrutiny.
Like anything, it's had it's good and bad points. Power is power. Do you want the state to be supreme (and legalize racial segregation with no recourse above the state?). Or, a federation of states (a larger collective standard) that has the same chance of imposing looney social standards? It's all mob rule. In some cases there's safety in larger numbers. In other cases it would have been better to be a smaller group, protected from the larger mob.
If the recent (legal) standard for a privacy right interests you, google for "selective incorporation." The 14th Amendment (and it being taken seriously 50 years later, long after it was intended to solve a problem) is an interesting topic. It's amazing how the Supreme Court can go 50 years (and 5,000 lynchings), then with a straight face say, "hey, I just realized the framers of the 14th amendment intended the bill of rights to be applicable to the states..."
Mark | |
|
| |  RARPSL
join:1999-12-08
Suffern, NY | said by N3OGH:said by CrazyFingers:If you have nothing to hide, you have nothing to worry about, right comrade? Shit, it's gotten to the point where your hopeful to be ex wife can subpoena EZ Pass to get your toll records. Or because you have bought a GM Car with OnStar you have given the Police permission to track your movements due to the ability of the OnStar Control Center to flip the "Stolen Car" switch and activate the continuous GPS Tracking Mode. At least, unlike Caller*ID and ANI, Hollywood has acknowledged that this capability exists and uses it as part of their plots. With Caller*ID and ANI it was years before they would stop doing the "Keep them talking while we track the call" routine when the call is automatically reverse traced and the number displayed if you let the phone ring twice (in a Kidnap/etc. situation a switch can be flipped at the central office and the ANI information will be displayed which thus bypasses a do-not-display Caller*ID *xx request made when placing the call).
Talking about EZ Pass, there have been claims of the records being used to issue Speeding Tickets (due to you passing though Toll Barrier #2 too soon after passing though Toll Barrier #1 [ie: you must have been speeding to have traveled the distance in that elapsed time). | |
| | |  rtcyFACTS only pleasePremium
join:1999-10-16
Norwalk, CA | if you're a real paranoia freak like me you use pgp2.2 the one before the CIA went after Phil for. use those keys to sign your stuff with. now if I only had something worth encrypting still I feel "somebody's watching me" LOL | |
|
| ShamayimI already have a Messiah.Premium
join:2002-09-23
1 edit | said by CrazyFingers:If you have nothing to hide, you have nothing to worry about, right comrade? You send all your mail by postcard, of course. No?? Hmm. You have nothing to hide, right comrade?
--
"tick...tick...tick..."
»www.jtf.org/
| |
| | |  MattAll noise, no signal.Premium
join:2003-07-20
Jamestown, NC
kudos:12 | Re: Let's get this out of the way... said by Shamayim:said by CrazyFingers:If you have nothing to hide, you have nothing to worry about, right comrade? You send all your mail by postcard, of course. No?? Hmm. You have nothing to hide, right comrade? No offense, but this is such a stupid argument.
Encryption would take years and years to break, anyone can open a paper envelope.
--
Pretty Fly for a White Guy™ | |
|
 kapilThe Kapil
join:2000-04-26
Chicago, IL | Encrypt THIS! All Encryption can be broken, given enough time, computing power and motivation.
The irony of it is that in today's environment you're more likely to avoid raised eyebrows if you operate within what I call the margin or ordinary.
If you're 5 foot 10 white guy named Steve, driving a Ford Explorer or Toyota Camry and wearing Levi's...you could get pulled over with a kilo of coke in your trunk and the officer won't suspect anything....and you might even get away without getting a ticket.
Be stern and tell the officer where he can shove it because you have constitutional rights...and you will find another cop or two showing up, perhaps a supervisor...tasers...."resisting arrest" ...the whole bit.
--
»PropertyMaps.com - Real-time, map based, nationwide MLS property search! | |
| |  wifi4milezBig Russ, 1918 to 2008. Rest in Peace
join:2004-08-07
New York, NY | Re: Encrypt THIS! said by kapil:All Encryption can be broken, given enough time, computing power and motivation. The irony of it is that in today's environment you're more likely to avoid raised eyebrows if you operate within what I call the margin or ordinary. If you're 5 foot 10 white guy named Steve, driving a Ford Explorer or Toyota Camry and wearing Levi's...you could get pulled over with a kilo of coke in your trunk and the officer won't suspect anything....and you might even get away without getting a ticket. Be stern and tell the officer where he can shove it because you have constitutional rights...and you will find another cop or two showing up, perhaps a supervisor...tasers...."resisting arrest" ...the whole bit. Shockingly, I would agree with everything you just said!
--
я люблю Денди! | |
| | | | | Re: Encrypt THIS! in my town only whiteman driving Toyota is married to chinese lady | |
| | |  TamaraBQuestion The Current ParadigmPremium
join:2000-11-08
Da Bronx
 ·Optimum Online
 ·Clearwire Wireless
| said by wifi4milez:All Encryption can be broken, given enough time, computing power and motivation. Sure; but encryption only has to delay revealing the information beyond the point where it is useful.
Spend 3 days decrypting my schedule for tomorrow, and you end up with useless information.
Bob
--
Motor Vessel - Tamara B.
43' Long-Range Trawler
Cape Elizebeth ME.
See her Here. | |
|
 morboComplete Your Transaction
join:2002-01-22
00000 | good job by Hushmail
i like their strategy--tell everyone to use java if you want MORE privacy.
it's a big F U to the government. | |
|  dvd536as Mr. Pink as they comePremium
join:2001-04-27
Phoenix, AZ
kudos:4 | NO! The thing i never liked about hushmail is them wanting to put activeX control on your system.
--
You can never be too rich, too thin or have too much Bandwidth | |
|  XBL2009------
join:2001-01-03
Chicago, IL | To be safe You can encrypted messages in Gmail as an attachment. Then call the person and instruct them what is needed to open the attachment. Using several encryption methods is ideal and safer.
I do this with Financial documents. | |
| | | | Re: To be safe uh ok,
or just rar-sfx them up encrypted with a password
or attach them to a pdf encrypted with a password | |
| | | | | Re: To be safe How about just putting it in a safe, mailing the safe and then leaving instructions for the key in a second safe, while sending an email with instructions on how to open the second safe. | |
| | | | | | Re: To be safe how about just praying for it to be encrypted 256AES ? | |
| | | |  joakoPremium
join:2000-09-07
/dev/null
kudos:5
·Comcast
| How about your RAR an encrypted PDF on an encrypted hard drive. Put it inside a safe inside another safe. Send a second safe with instructions and send two men with guns to open the second safe.
--
Am Heimcomputer sitz' ich hier, und programmier' die Zukunft mir | |
| | | | | XBL2009------
join:2001-01-03
Chicago, IL | Re: To be safe That's still NOT safe enough.  | |
| | | | | | |
| | rtcyFACTS only pleasePremium
join:1999-10-16
Norwalk, CA
1 edit | edited to remove comment to troller | |
| | | | |
| |
|
|
