Hushmail rolls over on some of its users.

08 November 2007

For years, the webmail service provided by Hushmail has been an example of weak anonymity and privacy: They don't ask for much to set up an account, they will happily auto-generate an e-mail address for you, users connect via SSL, and they will encrypt and digitally sign any messages a user sends through their service. They also claim that all messages are stored in encrypted form on their disk arrays, so that even if someone did demand a copy of a message from a certain address it would be worthless to them (ostensibly, public key encryption is used on the back end to store data, regardless of whether or not you asked for messages to be encrypted). They've been advocates of PGP for as long as they're been around, in fact. Or, at least they were until they were forced to find a way to decrypt 12 CD-ROMs worth of mail from three e-mail addresses and turned the data over to the courts. And find a way they did, to the satisfaction of the court.

Hushmail has two basic modes of operation: Either you connect to their webmail site, do your thing, and let them handle all of the encryption on the back end, or you connect to a page on their site which implements some degree of the encryption and digital signing process on the user's side through a Java applet running in a web browser (which, unless it's one of those times that Java fouls up, is also entirely transparent to the user). The problem with the former method is that the user's passphrase is used on their side of the link in the encryption and decryption processes - meaning that someone sitting on their servers could get hold of it and use it to decrypt your data on their disk arrays.* Presto: No more privacy, no more anonymity for that user. In the latter case (doing all of the cryptographic heavy lifting in the web browser), the user is dependent upon the Java applet provided by Hushmail. A Java applet that could be switched out for one tailored to get hold of your data and possibly location depending upon the needs of whomever is leaning on them. It is entirely possible that, for a subset of their users, they are served a modified Java applet that captures the user's passphrase and sends it back to Hushmail along with a copy of the encrypted message as part of the surveillance effort, or an applet that implements a compromised though still mathematically valid version of the encryption engine. Either way, their promise that they don't even know what's in your encrypted messages is no longer valid.

In short, Hushmail isn't so trustworthy anymore. Now deciding if you want to go with them as one of your webmail providers is a bigger, more important question.

* I'm simplifying things somewhat, based upon how public key encryption and digital signatures would have to be implemented in a web browser/web server environment, but essentially it would have to work in this manner.