hushmail

From "Robert Kemp" <sensuant@hotmail.com>
Date Thu, 14 Oct 1999 15:51:38 EDT


[: hacktivism :]




----- Original Message -----
From: by way of GEN lists <genetics@gn.apc.org> <dodgygeezer@hushmail.com>
To: <rts@gn.apc.org>
Sent: Wednesday, October 13, 1999 12:34 AM
Subject: -ALLSORTS-SIMPLE e-mail encryption for everyone


 > [this comes highly recommended and they say even a technophobe like me 
could
 > get to grips with it - happy encryption - ALLSORTS]
 >
 > At last, SIMPLE e-mail encryption for everyone.
 > ====================================
 > Many activists must have become totally paranoid after hearing recently 
about
 > the Echelon global e-mail spying project, hotmail accounts being hacked 
into
 > etc. The Interception of Communications Act allows surveillance to be 
carried
 > out on anyone who is part of "a large number of persons in pursuit of a 
common
 > purpose". The forthcoming Electronic Communications Bill contains 
staggering
 > proposals that can, for instance impose a 5-year prison sentence on you 
just
 > for warning someone else that they're under surveillance. Understandably 
you
 > want to use e-mail without fear of being spied on by the forces of 
darkness.
 > Well for once there's some good news because powerful help is at hand
 > thanks to
 > a timely new e-mail service called hushmail.
 >
 > I should explain at this point that the term strong encryption means that 
a
 > scrambled message can't be unscrambled within a time scale in which the
 > information is still of any use to anyone e.g. whilst you or the present 
world
 > order are still in existence. For a worthwhile encryption system, this 
usually
 > means that using the most powerful computers of the day unscrambling a 
message
 > should take thousands or even millions of years.
 >
 > Whilst strong e-mail encryption has been around in the form of PGP 
(Pretty
 > Good
 > Privacy) for a number of years, the fact is that even in it's new Windows
 > version, PGP remains fairly tricky for non-technical computer users to 
set
 > up &
 > use. Not only that but PGP also has to be in turn - installed & 
configured
 > successfully by everyone else who you want to communicate with on their
 > computers before it is of any use at all. This difficulty of use has been 
a
 > massive impediment to the take up of strong encryption in activist 
circles.
 >
 > Hushmail is a new web based e-mail service that is by contrast stunningly
 > simple to set up & use. It's like hotmail, yahoo, mailcity or any of the 
other
 > free web e-mail services but hushmail uses strong encryption.
 >
 > To use this completely free service, simply surf over to
 > <http://www.hushmail.com/>www.hushmail.com & follow the very clear &
 > straightforward instructions for setting up a new account. There are also
 > answers to many Frequently Asked Questions & info on how it all works for
 > those
 > that are interested. Basically the only essential requirements are that 
you
 > have a fairly recent internet browser program that understands what's 
called
 > Java script such as Micro$ofts Internet Explorer version 4 or 5 (both of 
which
 > are supplied by nearly all the free ISPs) & an existing dial up 
connection.
 >
 > Being web based, hushmail is not quite as convenient for regular heavy 
e-mail
 > use as a conventional e-mail system that allows off line reading & 
composing
 > etc. Also, although hushmail can be used for sending & receiving mail 
to/from
 > conventional e-mail accounts, in order to exchange SECURE messages using
 > hushmail, both the sender & recipient must have existing hushmail 
accounts set
 > up. Neither of these requirements are that much of a handicap as 
hopefully
 > loads of activists will have the foresight to set up accounts in advance 
&
 > distribute the details to friends for use whenever the need might arise. 
In
 > fact if you've an existing hotmail account or the like, I'd recommend you 
drop
 > it & convert to hushmail instead.
 >
 > There are some other tremendous bonuses of this system especially the 
fact
 > that
 > you can use a cyber cafe or a college or friends computer anywhere in the
 > world
 > to send & receive hushmail. No need for any special software to be
 > installed on
 > that computer or you having to carry your private key files around on 
floppy
 > like PGP would require. All you need is to be able to type your pass 
phrase &
 > to know someone else at the receiving end with a hushmail account. If 
you're
 > away from home & need to send some sensitive information to someone with 
no
 > risk of it being eavesdropped then this could be a lifesaver.
 >
 > Since you're allowed a mailbox size of 3MB (that's 3 good sized novels) 
you
 > can
 > also use it to store any text you don't want others any chance of reading 
on
 > your computer simply by sending hushmail to yourself & leaving it on the
 > hushmail server.
 >
 > OK so by now the sceptics will be asking what's to stop the forces of 
darkness
 > kicking the door of the computer room down where the hushmail server is 
based
 > (in Canada) & accessing all the dodgy stored messages directly that way. 
In
 > fact that wouldn't work at all & a brief description of why not follows:
 >
 > When you log onto hushmail the hushmail server downloads to your computer 
a
 > small program called a Java applet which performs all the strong 
encryption on
 > your local computer. This happens transparently & you'd hardly be aware 
of it
 > except for a delay of a few seconds. Everything stored on & passing to & 
from
 > the server & your computer is strongly encrypted first by the Java applet
 > including your pass phrase. Line taps & jackboots would be of no use in
 > gaining
 > access to your private information.
 >
 > The creators of hushmail have very sensibly published the human readable
 > source
 > code of the encryption program used so that encryption experts world-wide 
can
 > scrutinise it for potential weaknesses. This is in marked contrast to 
most
 > commercial encryption programs which, because they're copyrighted up to 
the
 > eyeballs can & do have all sorts of back doors & secret master keys 
hidden
 > away
 > in them for use by the likes of dodgy outfits like the NSA, CIA, GCHQ, 
MI5/6
 > etc.
 >
 > I'd urge everyone who's even slightly concerned about civil rights &
 > privacy to
 > set up a hushmail account today, tell everyone you know about it & 
regularly
 > use it even just for writing to your mum. Doing so should seriously piss 
off
 > the likes of Jack Straw & his forces of darkness.
 >
 > ------------------------------------------------
 >
 > For the hopelessly paranoid, the full list of potential weaknesses of 
hushmail
 > follow but please note that many of these are typical of any encryption
 > system.
 >
 > Choosing a piss poor pass phrase or writing it down in your diary & then
 > getting arrested. When choosing a pass phrase, DON'T use a slogan, sound 
bite
 > or quotation, the name of your lover/dog/mother/favourite 
band/song/football
 > team or anything else predictable. Choose about six words that are easy 
for
 > you
 > to remember without writing them down, but impossible for others to 
guess. All
 > characters, spaces, punctuation & case are significant. If you forget 
this
 > phrase NO ONE IN THE WORLD will be able to read or recover your mail for 
you.
 >
 > If you prepare text offline you need to be aware that every word 
processor
 > program creates temporary files containing your sensitive information & 
these
 > can be easily recovered from your disk after they've been deleted. There 
are
 > programs downloadable for free that can wipe out all trace of files but 
it's
 > beyond the scope of this article to go into detail here. E-mail me for 
more
 > info on dealing with all possible security pitfalls.
 >
 > Any untrusted person with access to your computer could secretly install 
a
 > virus like program such as DIRT (Data Interception & Remote Transmission) 
or
 > Back Orifice. Such programs can also be installed simply by e-mailing 
them to
 > you & relying on you to open the attachments unchecked. Once installed, 
they
 > can save the last few thousand key strokes & then secretly upload them to 
a
 > server operated by the forces of darkness every time you connect to the 
net.
 > Learn about how viruses spread (e-mail me for an easily understood info 
file).
 > Don't open e-mailed file attachments from ANYONE & install & use an UP TO 
DATE
 > virus scanner such as <http://www.avp.ch/>www.avp.ch
 >
 > Be very careful about who you use to repair your computer if it ever 
breaks
 > down. It's an excellent opportunity for the forces of darkness to rake 
through
 > your computer's contents and/or fit bugging hardware/software.
 >
 > Video bugging devices looking onto the screen/keyboard. These are now so 
small
 > that they can be hidden inside a light switch or can see through a 
pinhole
 > drilled through the party wall of an adjacent property.
 >
 > Tempest technology.
 > This is very hi-tech & involves using a vanload of equipment parked 
outside a
 > building that can, reproduce the image of a computer screen some distance 
away
 > just from the radio interference emitted from it. Watch out for dodgy 
looking
 > vans outside your home, or use your computer inside a screened aperture 
free
 > Wendy house that you've made from flattened out tin cans stapled 
together!
 > Laptops are less susceptible to this form of attack.
 >
 > Hushmail is susceptible to the forces of darkness somehow intercepting 
the
 > downloading of the Java encryption applet & substituting their own hacked
 > version. This wouldn't be particularly easy to do & hopefully alert 
cipher
 > experts around the world would spot that the Java applet had changed.
 >
 > The author of this article is an environmental & cyber rights activist. 
If I
 > sound very enthusiastic about this new hushmail service, it's because I 
see it
 > as a huge step towards allowing people to easily communicate in absolute
 > secrecy. I stress that I have no links with hushmail apart from having a 
free
 > account with them. dodgygeezer@hushmail.com
 >
 >
 > Get HushMail. The world's first free, fully encrypted, web-based email 
system.
 > Speak freely with HushMail....
 > <http://www.hushmail.com/>http://www.hushmail.com
 >


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

[: hacktivism :]
[: for unsubscribe instructions or list info consult the list FAQ :]
[: http://hacktivism.tao.ca/ :]