Hacker News new | past | comments | ask | show | jobs | submit login

They say that Hushmail keeps your mail in plaintext. But does it?

From what I heard, they encrypt your mail even on their servers.

However what kills the service for me is the need to pay if you don't use it reguralry - and there is no way to pay for hushmail anonymously (read: with bitcoin).





Hushmail is encrypted, but not anonymous. As you say, your details are tied to hushmail when you pay for it. Your account and data are all tied together.

Hushmail complies with validly formed legal requests - to the extent of crafting a backdoored version of their Java software and pushing out to the target user.

Some regions have laws compelling people to make the plaintext available.

Hushmail is useful for secret communications but only if you understand the limits.

Secrecy, privacy, and anonymity are trivially easy to break completely and hard to get right.


It doesn't really matter whether they encrypt it on disk: the scenario here isn't that their disks get stolen, but that law enforcement makes them decrypt your mail. The only way to get in the way of that is to encrypt it yourself, see GPG etc.

Also: isn't a bitcoin transaction really difficult to anonymise, with the global transaction record available to the whole world?


About bitcoin: It depends.

Yes, it is not fully anonymous, but you can make it reasonably anonymous quite easily (infinitely more than any credit card). Just trade it for cash with someone you know in the first place, then send it to MtGox and back, then send it to something similar with online wallet and back, and the result is reasonably anonymous.

Also the default client does what it can to obfuscate all the transactions - with every outgoing transaction, the "change" goes back to you, but at completely different address. This causes that after a few transactions, it's basically untrackable.


There are some bitcoin launderers that can simplify it, but it should be clarified that much like PGP, anonymity/security is not just as simple as downloading a client and using it. You need to understand the model and its implications, or it's pretty easy to make links in the blockchain that'll give you away to an interested, resourceful party.

Bottom line: Do NOT think bitcoin is safe for your usage until you've done sufficient research to ensure that you're using it the correct way. Bitcoin is NOT private by default, it's up to you to protect the identities behind the transaction endpoints, including nearby txs. If you get bitcoins and then immediately send them to your brother's public address, or launder these only lightly, or use a MtGox address that is linked back to a scan of your driver's license somewhere in the laundering process, or if you buy your bitcoins from your brother and HE doesn't launder very well, or the guy from LocalBitcoins got curious and did a bunch of research before your exchange and the feds contact him because the coins came from an address tied to his identity, or something else like that happens, you are going to get caught if someone is interested in catching you.

It's more complicated than just downloading the client and waiting four days for the blockchain to download. :)


IANA privacy expert but isn't the point of the OP that "reasonably anonymous" == "not anonymous to a major government"?

It seems better to think in terms of "anonymous" and "not anonymous", The End.


Isn't the point of bitcoin to have anonymized transactions, even though their record is available? AKA. you can know someone bought something, but you can't identify the parties?


It's not fully anonymous. Say my friend gets some bitcoins completely anonymously by doing something illegal. And then sends them to me completely anonymously. And then I go and spend those same coins on something like web hosting which ends up having some link back to me, eg I accidentally log in to it without using Tor one time.

The police can then trace that hosting account back to me personally from my IP, and then ask me who sent those coins to me. Even if I refuse to tell them, they can still look at my various contacts/friends/family to see if any of them are likely to have committed the original crime, and investigate further.

You can even connect to the bitcoin network via Tor. The risk comes when you spend them. If there's any connection between you and the recipient of those coins, then you're potentially screwed.


> The police can then trace that hosting account back to me personally from my IP, and then ask me who sent those coins to me. Even if I refuse to tell them, they can still look at my various contacts/friends/family to see if any of them are likely to have committed the original crime, and investigate further.

Has that ever happened? If there's no way to verify that a transaction was made it would not hold up in court. In the US for stolen property it's possession that's what gets you in trouble. If the cops find you holding a laptop that was stolen the day before it doesn't matter if you paid some guy off Craigslist for it, you're in trouble (at least out your money, but if you can't prove you paid for it you're looking at a felony). What they won't do is investigate everyone in your address book (no probable cause).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: