Hushmail

Items

CONTEXT

Inquiry

COMPANY

Hushmail

URL

hushmail.com

TEXT

Hello,

We have undertaken some focused efforts to bring the problem of unrestrained corporate access to personal data, with minimal accountability, to the technically naive general public. We also present potential solutions of creating private social networks as apposed to communicating in public social media and help people understand the difference.

Hushmail is one of our proposed solutions posted to our site.
https://www.tekadvocates.com/tekadv/Solution+Step+Email

Recently we have had a patron of our site provide some valuable feedback regarding the Hushmail offering. I am authoring my own response explaining the difference between "security" and "privacy" and clarifying some of the apples-to-oranges comparisons being made. I would however, like to be fair about this and solicite a resond from the Hushmail team that I can reference as direct feedback to illustrate Hushmails concern for the well-being of their customers.

Below are the comments we received. How would you respond to these perspectives?

------------------
Unfortunately, I can find little positve about hushmail.

The Wikipedia article says it scored 1 out of 7 points on the Electronic Frontier Foundation's secure messaging scorecard in 2014.

Top Tens review rates it security as 3 out of ten compared to 10 out of 10 for Gmail and 9 out of ten for Outlook and Yahoo mail. http://free-email-services-review.toptenreviews.com/

PC Mag seems very impressed with the $30 per year version but not with the free version.

Gmail is free and has 500 times the inbox storage as the $30 hushmail.
------------------
Most respectfully,
Steve

RESPONSE

Thanks for contacting us and giving us the opportunity to respond.

Your comparison between Hushmail and Google is accurate with regards to our business models. We are as friendly to use as any other web-based email, but we add OpenPGP encryption to
users’ emails providing protection for data both in transit and when stored in their mailbox, making Hushmail a more secure option that Google (who only offers SSL encryption in transit, but not
end to end PGP encryption). On top of the security, privacy is Hushmail’s top priority, so all accounts are ad-free (we do not scan users content for marketing purposes) and receive less spam (we
use sophisticated engines to prevent spam from cluttering your inbox and to block viruses and malware). And we have been protecting email privacy since 1999. We are a proven, reliable service.

Another big advantage we have over Google is that customers can always get through to a real human being who will personally answer their questions. We are available over the phone, chat and
email and we aim to respond to paid customers within 1 business day.

The review site you sent is not accurate with regards to our features. It is also important to note they are comparing our free account, which is very limited on storage. Here is a link to our plans, so
you can see the different packages we offer: https://www.hushmail.com/pricing/ If the 10 GB storage we offer is an issue, we can always discuss to add more to suit your needs.

With regards to the EFF review, there are a few things to note:

1) Communication encrypted with a key the provider doesn't have access to
Customers using our Outlook plugin (See: https://www.hushmail.com/services/downloads/) can correspond with end-to-end encryption in all their communications. When using this Outlook
configuration the private key is available to the server only in encrypted form. This will also apply to our iOS app, which we will launch in the near future.

2) Independently verify correspondent's identity
It is possible for the user to retrieve the recipient’s public key from our keyserver via LDAP, use a tool such as GPG to extract the fingerprint, and verify it with the recipient (See:
https://help.hushmail.com/entries/20062368-Send-to-Hushmail-using-GnuPG). However, this interaction operates outside of the application, and so does not guarantee that the same public key is
used by the application.

3) Code open to independent review
The source code for the encryption implementation used by our system is available for download (See: https://www.hushmail.com/services/downloads/). However, this code does not cover the
entire application.

4) We have since started to support Perfect Forward Secrecy. Here is a link to where an independent 3rd party checks the security of our website: https://www.ssllabs.com/ssltest/analyze.html?
d=hushmail.com (Gmail gets a B, we get an A+, which is the highest rating).

And last but not least, here is a link to one recent review of secure email providers on the press: http://www.networkworld.com/article/2948615/security/review-email-encryption-has-gotten-so-
much-better-so-you-d-be-crazy-not-to-use-it.html As you can see, Google is not even considered as a secure provider.

Here is another link on how Hushmail can protect you, which I think you will find very useful:

https://www.hushmail.com/about/technology/security/

Let me know if you have any further questions.

Best regards,

Changing Course

Seven steps to using the Internet in privacy as a respected Netizen.

Shoutbox

Steve: Fautore 0.6.0.0 is now released and available to our registered Alpha participants!

Steve: Fautore 5.3.0 is now released and includes dynamically updated stats reporting!

Steve: Fautore 0.5.2.3 FILES.pm patch is up on the site. Thanks for the inputs. Keep it coming. We'll make Fautore a reality together.

OSA

Online Social Advocate