At 2:54 PM -0400 5/15/2000, Marc Horowitz wrote:
>"Arnold G. Reinhold" <[EMAIL PROTECTED]> writes:
>
>>> I'm not picking on Hushmail. Hushmail is a fairly good privacy
>>> product. It should protect against the average office snoop or an
>>> employer that wants to monitor employee e-mail. In fact, I'd give
>>> their work a 95%. Unfortunately, 95% is not a passing grade in high
>>> security cryptography. They have, however, opened their design to
>>> public critique and that is the only way I know to get close to 100%.
>>> So I'm just trying to help.
>
>I'm not that familiar with Hushmail. Do they claim anywhere to be
>doing "high security cryptography"? As you say, what they have is
>probably enough if the market they're going after is dirty jokes and
>love letters.�
>
>All of what you've suggested is good advice, but it isn't impossible
>that Hushmail doesn't believe it's worth the effort, considering that
>the private keys are stored online on their servers. If you disagree,
>there's certainly nothing preventing you from building a competitor.
>
> Marc
The hushmail.com web site has statements like:
"HushMail offers the world's only, secure, end-to-end, free,
Web-based email service."
"HushMail uses powerful encryption technology."
"HushMail allows and encourages people to speak freely and without
fear of snooping eyes."
I think the general public would consider that a promise of high
security. People today realize that ordinary e-mail isn't very
private. Anyone who encourages people to "speak freely" via e-mail
has an ethical obligation to protect them as well as possible. Dirty
jokes can get you fired at many companies and love letters to someone
else's spouse are grist for blackmail. Foreign intelligence agencies
no doubt collect stuff like that for future use.
Again, I like Hushmail. I recommend them in my book and my Diceware
web site has instructions on how to use them safely. I just think
that with a little effort they could do a much better job protecting
the average user.
Arnold Reinhold
