|Type of site||Web-based email|
|Owner||Hush Communications Ltd.|
|Created by||Cliff Baltzley|
|Alexa rank||6,774 (March 2014[update])|
Hushmail is a web-based email service offering PGP-encrypted e-mail, file storage and vanity domain service. Hushmail offers "free" and "paid" versions of service. Hushmail uses OpenPGP standards and the source is available for download. If public encryption keys are available to both recipient and sender (either both are Hushmail users or have uploaded PGP keys to the Hush keyserver), Hushmail can convey authenticated, encrypted messages in both directions. For recipients for whom no public key is available, Hushmail will allow a message to be encrypted by a password (with a password hint) and stored for pickup by the recipient, or the message can be sent in cleartext.
A free e-mail account has a storage limit of 25MB, but does not include IMAP or Post Office Protocol (POP3) desktop service. There are two types of paid accounts. The basic paid account provides 1 GB of storage, without desktop service. Premium paid accounts provide 10GB of storage, as well as IMAP and POP3 service. If a user does not use an account for three consecutive weeks, Hushmail deactivates the account. Customers attempting to reactivate a disabled account are required to pay for a Hushmail premium account.
Additional security features include hidden IP addresses in e-mail headers.
Hushmail was founded by Cliff Baltzley in 1999 after leaving Ultimate Privacy. Hushmail is based in Vancouver, Canada with additional offices in Dublin, Ireland; Delaware, United States; and Anguilla. Servers are in Vancouver.
Compromises to email privacy
Hushmail received favorable reviews in the press. It was believed that possible threats, such as demands from the legal system to reveal the content of traffic through the system, were not imminent in Canada, unlike the United States, and that if data were to be handed over, encrypted messages would be available only in encrypted form.
Developments in November 2007 led to doubts among security-conscious users about Hushmail's security and concern over a backdoor. The issue originated with the non-Java version of the Hush system. It performed the encrypt and decrypt steps on Hush's servers and then used SSL to transmit the data to the user. The data is available as cleartext during this small window; the passphrase can be captured at this point, facilitating the decryption of all stored messages and future messages using this passphrase. Hushmail stated that the Java version is also vulnerable, in that they may be compelled to deliver a compromised java applet to a user.
Hush Communications, the company that provides Hushmail, states that it will not release any user data without a court order from the Supreme Court of British Columbia, Canada, and that other countries seeking access to user data must apply to the government of Canada via an applicable Mutual Legal Assistance Treaty. Hushmail states that "...that means that there is no guarantee that we will not be compelled, under a court order issued by the Supreme Court of British Columbia, Canada, to treat a user named in a court order differently, and compromise that user's privacy" and "...if a court order has been issued by the Supreme Court of British Columbia compelling us to reveal the content of your encrypted email, the "attacker" could be Hush Communications, the actual service provider."
- Anonymous remailer
- GNU Privacy Guard
- Pseudonymous remailer
- Secure channel
- Silent Circle
- Thomas Andrews Drake
- "Hushmail.com Site Info". Alexa Internet. Retrieved 2014-03-01.
- Hushmail – Features and Pricing
- Hushmail closes IM service
- Alternative Web Mail Review – Hushmail Premium, PC Magazine
- E-Mail Encryption Rare in Everyday Use: NPR
- Encrypted E-Mail Company Hushmail Spills to Feds |Threat Level via Wired.com
- Hushmail Privacy via Wired.com
- Hushmail – Free Email with Privacy – About