hushmail refund

**nbkandrew13** · 09-28-2007, 06:50 AM

am i wrong to think they should refund our money since they cant do the one thing they said they could do

RA · 09-28-2007, 07:10 AM

Do we know for sure they are open to LE?

**nbkandrew13** · 09-28-2007, 07:18 AM

to be completely honest im too lazy to seek one but im pretty sure it is now an established fact that the encrypted email and we all know there are 2 or 3 major ones we use are compromised... i out of curiosity checked out a overseas pharmacy i used 2 years ago their prices were really high they no longer stock any aas. aas related materials

**TAPPER** · 09-28-2007, 08:06 AM

Originally posted by: nbkandrew13

am i wrong to think they should refund our money since they cant do the one thing they said they could do

Pardon my ignorance, but what didn’t they do??? Was their PGP encryption algorithm compromised or did they work with LE to hack the passphrase of the accounts in question?

In the FAQ section it clearly states that Hushmail will comply with court orders compliant with the laws of British Columbia. It also says, as I understand it, that the passphrase is the only thing stopping an insider from gaining access to ones keys which are stored on the Hush key server. Since the keys encrypt and decrypt emails the only defense one has from a court order is to change the passphrase frequently (as Hushmail suggests) and encrypt email content yourself. Then you possess the keys and if Hush or LE were to crack your passphrase they would still need to crack the pgp encryption without the keys which isn’t going to happen.

**Odpierdol_sie!** · 09-28-2007, 09:01 AM

Some good questions being raised about certain subjects the last few days, i just touched on a bit of studying regarding PGP and key exchange etc a few months back. didnt really absorb much of it but all this has got the old gray matter ticking again cheers lads.

**deadliftin00** · 09-28-2007, 09:28 AM

I am an engineer... work with encryption all the time. If they cooperate with LE they aren't doing shit to "crack" encryption - which is in most cases mathematically impossible. They are giving them access to your emails. Your mail still sits on their server regardless of your changing passphrase or whatever. For all anyone knows there is a backdoor in the client that sends them your passphase so they can decrypt emails if necessary specifically for LE.

**Odpierdol_sie!** · 09-28-2007, 09:36 AM

I thought that could be the case but didnt want to assume.

**nbkandrew13** · 09-28-2007, 11:43 AM

what they didnt do was prtect our privacey, wherever they were located they cooperated with law enforcement..

**305GUY** · 09-28-2007, 01:31 PM

Canada coperated with "Operation Raw Deal" and those servers are located in British Columbia. hmmmmm?

**DSM4Life** · 09-28-2007, 03:04 PM

All this talk about what can be traced and blah blah blah.

Its simple: If you type online/post/email/delete files on your computer ALLOF THIS IS FOREVER. There is no 100 percent way to get it off your computer unless you take a hammer to your HD. I don't care how many time you delete something or even buy software to delete an already deleted program, ITS STILL THERE FOREVER !

**swole25** · 09-28-2007, 03:04 PM

anyone know some other options, i used hushmail as well.

**TAPPER** · 09-28-2007, 04:34 PM

Originally posted by: deadliftin00

I am an engineer... work with encryption all the time. If they cooperate with LE they aren't doing shit to "crack" encryption - which is in most cases mathematically impossible. They are giving them access to your emails. Your mail still sits on their server regardless of your changing passphrase or whatever. For all anyone knows there is a backdoor in the client that sends them your passphase so they can decrypt emails if necessary specifically for LE.

Assuming Hushmail didn’t totally BS everyone with their claims any emails on their servers remain encrypted until the user logs in and they revert back once logged out. As you pointed out cracking pgp is essentially out of the question so there is either a backdoor or they hack the passphrase (which is doable) to gain access to the keys.

Whatever the scenario if one were to encrypt emails outside of the hush system first, it wouldn’t matter how LE did it. Without access to the keys (which you would keep in a safe place) LE would not be able to decrypt the emails on the Hush servers.