Randall A Sindlinger on 5 Jan 2009 08:43:22 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Reasonably secure email

On Tue, Dec 23, 2008 at 06:21:33PM -0500, jeff wrote:
> David Shaw wrote:
> > http://www.itnews.com.au/News/65213,hushmail-turns-out-to-be-anything-but.aspx
> > http://www.privacydigest.com/2007/11/19/hushmail+warn+users+law+enforcement+backdoor
> > http://blog.wired.com/27bstroke6/2007/11/pgp-creator-def.html
> Sir,
> VERY well done.  Very level.  Good research.
> Research I should have done myself.
> How anyone can defend them is beyond me.
> I should just bite the nuclear weapon and figure out how to run my own 
> server :)

*Any* service out there is vulnerable to subpeonas.  This one is quite a twist, but
the emails are still encrypted;  they're just making the password accessible, if I read 
it correctly.  Nothing the feds *couldn't* do, just hushmail is doing it for them, IMO.

Go for it, and run your own server - more power to you.  (Seriously.)  But know that
it will be *you* dealing with the feds *if* one of your users falls in their crosshairs.
Just like hushmail, you should have a policy of what you're doing with your data, and
how you'll deal with it in the event of a subpeona.


Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug