"Robert Kemp" <firstname.lastname@example.org>
Thu, 14 Oct 1999 15:51:38 EDT
[: hacktivism :]
----- Original Message -----
From: by way of GEN lists <email@example.com> <firstname.lastname@example.org>
Sent: Wednesday, October 13, 1999 12:34 AM
Subject: -ALLSORTS-SIMPLE e-mail encryption for everyone
> [this comes highly recommended and they say even a technophobe like me
> get to grips with it - happy encryption - ALLSORTS]
> At last, SIMPLE e-mail encryption for everyone.
> Many activists must have become totally paranoid after hearing recently
> the Echelon global e-mail spying project, hotmail accounts being hacked
> etc. The Interception of Communications Act allows surveillance to be
> out on anyone who is part of "a large number of persons in pursuit of a
> purpose". The forthcoming Electronic Communications Bill contains
> proposals that can, for instance impose a 5-year prison sentence on you
> for warning someone else that they're under surveillance. Understandably
> want to use e-mail without fear of being spied on by the forces of
> Well for once there's some good news because powerful help is at hand
> thanks to
> a timely new e-mail service called hushmail.
> I should explain at this point that the term strong encryption means that
> scrambled message can't be unscrambled within a time scale in which the
> information is still of any use to anyone e.g. whilst you or the present
> order are still in existence. For a worthwhile encryption system, this
> means that using the most powerful computers of the day unscrambling a
> should take thousands or even millions of years.
> Whilst strong e-mail encryption has been around in the form of PGP
> Privacy) for a number of years, the fact is that even in it's new Windows
> version, PGP remains fairly tricky for non-technical computer users to
> up &
> use. Not only that but PGP also has to be in turn - installed &
> successfully by everyone else who you want to communicate with on their
> computers before it is of any use at all. This difficulty of use has been
> massive impediment to the take up of strong encryption in activist
> Hushmail is a new web based e-mail service that is by contrast stunningly
> simple to set up & use. It's like hotmail, yahoo, mailcity or any of the
> free web e-mail services but hushmail uses strong encryption.
> To use this completely free service, simply surf over to
> <http://www.hushmail.com/>www.hushmail.com & follow the very clear &
> straightforward instructions for setting up a new account. There are also
> answers to many Frequently Asked Questions & info on how it all works for
> that are interested. Basically the only essential requirements are that
> have a fairly recent internet browser program that understands what's
> Java script such as Micro$ofts Internet Explorer version 4 or 5 (both of
> are supplied by nearly all the free ISPs) & an existing dial up
> Being web based, hushmail is not quite as convenient for regular heavy
> use as a conventional e-mail system that allows off line reading &
> etc. Also, although hushmail can be used for sending & receiving mail
> conventional e-mail accounts, in order to exchange SECURE messages using
> hushmail, both the sender & recipient must have existing hushmail
> up. Neither of these requirements are that much of a handicap as
> loads of activists will have the foresight to set up accounts in advance
> distribute the details to friends for use whenever the need might arise.
> fact if you've an existing hotmail account or the like, I'd recommend you
> it & convert to hushmail instead.
> There are some other tremendous bonuses of this system especially the
> you can use a cyber cafe or a college or friends computer anywhere in the
> to send & receive hushmail. No need for any special software to be
> installed on
> that computer or you having to carry your private key files around on
> like PGP would require. All you need is to be able to type your pass
> to know someone else at the receiving end with a hushmail account. If
> away from home & need to send some sensitive information to someone with
> risk of it being eavesdropped then this could be a lifesaver.
> Since you're allowed a mailbox size of 3MB (that's 3 good sized novels)
> also use it to store any text you don't want others any chance of reading
> your computer simply by sending hushmail to yourself & leaving it on the
> hushmail server.
> OK so by now the sceptics will be asking what's to stop the forces of
> kicking the door of the computer room down where the hushmail server is
> (in Canada) & accessing all the dodgy stored messages directly that way.
> fact that wouldn't work at all & a brief description of why not follows:
> When you log onto hushmail the hushmail server downloads to your computer
> small program called a Java applet which performs all the strong
> your local computer. This happens transparently & you'd hardly be aware
> except for a delay of a few seconds. Everything stored on & passing to &
> the server & your computer is strongly encrypted first by the Java applet
> including your pass phrase. Line taps & jackboots would be of no use in
> access to your private information.
> The creators of hushmail have very sensibly published the human readable
> code of the encryption program used so that encryption experts world-wide
> scrutinise it for potential weaknesses. This is in marked contrast to
> commercial encryption programs which, because they're copyrighted up to
> eyeballs can & do have all sorts of back doors & secret master keys
> in them for use by the likes of dodgy outfits like the NSA, CIA, GCHQ,
> I'd urge everyone who's even slightly concerned about civil rights &
> privacy to
> set up a hushmail account today, tell everyone you know about it &
> use it even just for writing to your mum. Doing so should seriously piss
> the likes of Jack Straw & his forces of darkness.
> For the hopelessly paranoid, the full list of potential weaknesses of
> follow but please note that many of these are typical of any encryption
> Choosing a piss poor pass phrase or writing it down in your diary & then
> getting arrested. When choosing a pass phrase, DON'T use a slogan, sound
> or quotation, the name of your lover/dog/mother/favourite
> team or anything else predictable. Choose about six words that are easy
> to remember without writing them down, but impossible for others to
> characters, spaces, punctuation & case are significant. If you forget
> phrase NO ONE IN THE WORLD will be able to read or recover your mail for
> If you prepare text offline you need to be aware that every word
> program creates temporary files containing your sensitive information &
> can be easily recovered from your disk after they've been deleted. There
> programs downloadable for free that can wipe out all trace of files but
> beyond the scope of this article to go into detail here. E-mail me for
> info on dealing with all possible security pitfalls.
> Any untrusted person with access to your computer could secretly install
> virus like program such as DIRT (Data Interception & Remote Transmission)
> Back Orifice. Such programs can also be installed simply by e-mailing
> you & relying on you to open the attachments unchecked. Once installed,
> can save the last few thousand key strokes & then secretly upload them to
> server operated by the forces of darkness every time you connect to the
> Learn about how viruses spread (e-mail me for an easily understood info
> Don't open e-mailed file attachments from ANYONE & install & use an UP TO
> virus scanner such as <http://www.avp.ch/>www.avp.ch
> Be very careful about who you use to repair your computer if it ever
> down. It's an excellent opportunity for the forces of darkness to rake
> your computer's contents and/or fit bugging hardware/software.
> Video bugging devices looking onto the screen/keyboard. These are now so
> that they can be hidden inside a light switch or can see through a
> drilled through the party wall of an adjacent property.
> Tempest technology.
> This is very hi-tech & involves using a vanload of equipment parked
> building that can, reproduce the image of a computer screen some distance
> just from the radio interference emitted from it. Watch out for dodgy
> vans outside your home, or use your computer inside a screened aperture
> Wendy house that you've made from flattened out tin cans stapled
> Laptops are less susceptible to this form of attack.
> Hushmail is susceptible to the forces of darkness somehow intercepting
> downloading of the Java encryption applet & substituting their own hacked
> version. This wouldn't be particularly easy to do & hopefully alert
> experts around the world would spot that the Java applet had changed.
> The author of this article is an environmental & cyber rights activist.
> sound very enthusiastic about this new hushmail service, it's because I
> as a huge step towards allowing people to easily communicate in absolute
> secrecy. I stress that I have no links with hushmail apart from having a
> account with them. email@example.com
> Get HushMail. The world's first free, fully encrypted, web-based email
> Speak freely with HushMail....
Get Your Private, Free Email at http://www.hotmail.com
[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: http://hacktivism.tao.ca/ :]