methinks

Hushmail

Since my last post about digital encryption, I've had the chance to talk with many of you loyal readers about the topic. Surprisingly, the majority opinion is one of skepticism. In fact, of all the people I've tried to sell this idea to, only two people thought it was a good idea, and only one of them has followed through and is now set up to cypher files. (I've made him a Lt. Colonel in my paranoid, separatist, anti-establishment, backwater militia.)

Your doubts fell into two broad categories: those with "nothing to hide" and those who face technical barriers at work or home.

To the first I'd say don't confuse privacy with secrecy. Secrecy implies covertness whereas privacy implies that something is not public. Use the two in parallel: a secret room, a private room; a secret letter, a private letter. In your home you have a private (not secret) phone line, as opposed to the communal lines of my grandparents youth when the neighbors always listened in on each others' conversations. Everyone has a private life, and encryption can ensure that it stays that way. Furthermore, don't presume because you're not a criminal that you don't have secrets. Passwords, credit card data, bank accounts -- how much of that information is floating around on your computer? Have you ever needed to send one of those secrets across the net?

To the second I offer Hushmail (https://www.hushmail.com) . As far as webmail clients go, it's pretty lame. The free account only gets you a couple megabytes of storage and you have to log in every three weeks to keep your account active. What it lacks in bells and whistles it makes up for in security. Hushmail offers 128 bit strong encryption (using OpenPGP). It is the exact encryption scheme I suggested in the previous post except for that it is hosted on the internet instead of on your computer.

The benefits of this setup are that you can send/recieve secure mail from anywhere, you can encrypt/decrypt any file on your computer through their webpage (which makes up for the measly three megabytes of space they give you) and you don't have to install anything on your computer (well, you do have to load an applet in Internet Explorer, but it's virtually automatic). The downside is that your private key and passphrase are hosted on a third party computer. I would imagine, however, that a business who sells privacy will have taken extraordinary measures to ensure those stay secret -- more security measures than you or I have taken with our own home computers.

If you're still unconvinced...okay. If you think you'd like to give Hushmail a try, it is absolutely essential that you chose a strong passphrase when you make your free account. Don't plunk down that same password you've been using since college. Don't whip out your middle name spelled backwards or something weak-sauce like that. Totally random numbers and letters with non-alphabetic symbols are the best for security, but the worst for our memories. For a way to create random passphrases with words, check out this page.

That's all for now. I have to get back to writting my cover-letter for jobs at the NSA.