Hushmail: why you should run the Java version
With Lavabit shut down for the time being and uncertainty whether it will get back up its feet ever again, users of the secure email service may have started to look for alternatives right away. One that is probably high up on the list is Hushmail, a long-standing email provider that is offering free and premium accounts to its users.
The free account is not really usable if you ask me, as it gets you 25 Megabyte of storage space and the requirement to log in at least once every three weeks to avoid it being shut down.
What many users do not know as well is that Hushmail is offering two different options when it comes to communication with their servers. While both use encryption to protect email from prying eyes, they differ in regards to where critical operations are executed.
If you are using the default configuration, critical passphrase and private-key operations are carried out on the Hushmail server. That's problematic as it is giving the site operators - and therefore also law enforcement and other agencies - options to decrypt user emails as they have access to the server the operations are carried out.
Wired published an article in 2007 about that and how this was exploited to collect evidence on an alleged steroid dealer.
Anyway, if you are using the non-Java way of connecting to Hushmail, you are in theory giving anyone with access to the server - Hushmail, Feds, agencies - an option to decrypt all of your messages.
The only way around this is to use the Java applet instead that Hushmail is offering. The reason for this is that the applet is run on the local computer, taking care of all the decrypting and encrypting locally, so that server operators cannot intercept the password and decrypt the emails.
A security analysis of Hushmail's regular service hints at possible attack vectors. It highlights three scenarios where your data may not be protected:
- Attacker controls the web server.
- Attacker controls the local computer.
- Attacker compromises the web server after email was accessed (memory)
The two web server vulnerabilities are not playing a role anymore if you are using the Java applet.
Users can enable Java when they sign in to the service. It is probably best to do this the first time you sign in to the account, but you can switch to Java - and back - anytime you want.
If you sign in on the page right away, you start to use the new Hushmail. To avoid this, click on "return to original Hushmail" which redirects you to the Java version of the email service.
Depending on how your browser is configured, you may receive a permission request at the top of it, or a request to download and install Java if it is not installed on your system.
You may also receive a second prompt in which you are asked if you want to run the HushEncryptionEngine application which you also need to accept.