Blue GhostDec 12, 2024

Hushmail is a email provider based in Canada.
Owned by Hush Communications, a United States corporation.

OpenPGP supported server-side.
Encryption keys are stored on servers.
Ability to intercept passphrase and decrypt messages.
Source: https://www.hushmail.com/public/downloads/Hushmail-Authentication%20and%20Encryption.pdf

Decrypted messages sent to United States: https://wikipedia.org/wiki/Hushmail

Consider email clients such as Thunderbird: https://mastodon.online/@blueghost/111891560151967986

Website: https://www.hushmail.com

#Hushmail #Encryption #Privacy #CyberSecurity #InfoSec #Thunderbird

SpyBlogJan 19, 2023

#skiff #skiffprivacy
Interesting #Privacy #Anonymity browser based #E2E #Encrypted email from https://skiff.com with a Calendar & (non anonymous) distributed Drive & 2FA .
No .onion service but does not block #torproject

#Brave Tor browser handles the javascipt / css a bit better than #TorBrowser

No need for phone number or recovery email - if using the backup code (copy & paste or download .pdf)

OPSEC Includes Scheduled Send feature lacking in e.g. #ProtonMail, or #hushmail

Skiff - Private, encrypted, and Web3 email

skiff.com
Show threadbojkotiMalbonaOct 30, 2022
@kaip If that rumor is true, perhaps we can say that #Protonmail has finally caught up with #Hushmail’s capability a decade ago.
Show threadbojkotiMalbonaMay 23, 2022
@Mayana @storydragon I think those #Hushmail front-ends died off so there is only hushmail.com now -- correct me if I’m wrong. #askFedi
Show threadbojkotiMalbonaMay 21, 2022
@kev @joel @Wivik Consider the problem that #hushmail solved: an expert user needs to share a secret w/a novice user who has minimal motivation to secure their comms. The novice can’t handle the key exchange. An expert user can put their pubkey on HM’s keyring & also fetch the pubkey of the novice user w/no effort or expertise on the part of the novice, who may even be unaware of the crypto.
bojkotiMalbonaApr 13, 2022
Roughly 10 years ago I was able to communicate w/normies, thanks to #Hushmail. Then HM started charging & worse, they discontinued public access to their keyring. Ever since then comms options have worsened. #Protonmail, #Tutanota, #Signal, #Wire, #XMPP… these are all shit options for expert-to-normie comms. Hushmail 10 yrs ago was the peak best moment for experts to talk to normies.
Show threadbojkotiMalbonaDec 22, 2021
@pj @dsfgs A classic real world case was a couple steroid dealers who were using #Hushmail. A court ordered HM to push malicious JS to the steroid dealers. They didn't push that JS to everyone, just the targets, which lead to comms interception & arrest. Although that involved 1st party JS, it's the same thing if a third party were to audit HM JS. It would pass the audit yet burn the dealers.
bojkotiMalbonaNov 11, 2021
I used to force my friends & other correspondants to use #Hushmail. Then it became non-gratis & HM shit-canned the key management tool. Then I forced ppl to use #Protonmail which has always been shit (for different reasons at different times). Then I forced ppl to use #Wire, which has turned into a massive pile of shit. Now I’m about to force ppl to reach me on #Snikket.
Show threadresist1984Aug 4, 2021
@dianoetic @kzimmermann #Hushmail solved the key exchange problem.. it's a shame #Protonmail is a regression in that regard, so novice users are tasked with handling pubkeys of their expert correspondants.
Show threadresist1984Aug 4, 2021
@dianoetic @kzimmermann #Protonmail has the same vulnerability to subpoena power that #Hushmail has: the server can push malicious javascript that grabs whatever the server admin wants, including but not limited to the private key. There is a defense that's possibly in reach for normies-- running #ElectronMail over Tor, which uses static (potentially reviewed) javascript that's anonymously downloadable.