Hushmail questions

In order to email a hushmail vendor, can you use regular hotmail, or do you have to sign up for a hotmail account and all that. And I used the search button, and only 1 relevant thread showed up and they said hushmail is unsafe, but if you are just using it with a private vendor would it be relatively safe?

 

You don't need to use Hushmail to contact a Hushmail vendor, but it wont have its native "encryption*" unless you do. This brings up the question of if the vendor requires his customers to use Hushmail to contact him, or does not require them to but merely uses hushmail themselves.

Hushmail is an extremely insecure E-mail system that falsely advertised their abilities to keep E-mail secure, and their bullshit lies were largely responsible for Operation Raw Deal, an international multi-agency operation that targeted vendors of Steroids, who were part of a scene set up extremely similar to the research chemical scene (also afaik HGH is not specifically scheduled but people got charged for trafficking that as well if I am not mistaken.).

Although no server side E-mail implementation is truly secure by default, hushmail is particularly dangerous for two reasons. The first reason is Hushmail has already shown a williingness to cooperate in drug cases, and the second reason is hushmail usually uses a Java Applet which can be used to get around Anonymity networks such as Tor.

If this hush vendor truly values his security, and you do as well value yours, I suggest you send him a copy of the GPG tutorial I posted here, or a link to another one online. And I suggest as always that you use GPG for ANY sorts of sketchy activity, be they "grey area" to explicitly black market.

If you are not interested in using strong encryption like GPG, I suggest at the very least you use safe-mail instead of hushmail, provided the vendor allows it. If a vendor refused to work with me unless I used hushmail, and they didn't want to use GPG, I would simply not work with them personally.

 

Yes, questions about me.?

 

Hushmail does not REQUIRE that you use java for webmail, but does require javascript. And you're right, it is insecure. I don't know why anybody uses it other than so many others are using it. www.anonymousspeech.com is probably better.

Safe-mail also requires javascript, at least the first time you login. There are also rumors on the net that the NSA has full access to Hushmail and Safe-Mail.net as well.

 

That sucks. Where do you hear such a thing and how do you know if you can believe it? How do do you know that anonymousspeech is better, for example?

 

Allright thanks everyone

 

http://cryptome.info/0001/nsa-ssl-email.htm

I don't know if I can. Hushmail and Safe-mail both deny Cryptome's claims, but Cryptome as a good reputation (in my opinion)... so make of it what you will...

Also, hushmail's web mail is not secure at all. An explanation more in depth is here, I think.

I can't understand why anyone would use hushmail anymore.

I don't. I only know that I haven't read any bad reports about it (yet). It's (supposedly) as Swiss company with servers in Malaysia (not exactly a bastion of internet freedom). It used to be a Japanese company (I think) with servers in Japan. I don't know why they changed, cuz they used to hype that Japan bit a lot. I don't think Japan's laws changed, but maybe so...

 

no web based E-mail is going to provide you with reliable encryption. The very model is flawed. What it comes down to is jurisdiction and applets/scripts. Unfortunately pretty much every country on earth is going to cooperate with DEA so jurisdiction doesn't matter much, a shit ton of countries have MLAT with USA and all countries besides military dictatorships are part of Interpol. Hushmail is particularly bad because they use java / javascript and that can circumvent Tor.