Best Review, from PC Magazine:
"With sensitive or confidential e-mail, a healthy balance of security
and paranoia is a must. The only service in our roundup to offer a
free version, Hushmail enables anyone with a Windows or Linux PC to
send and receive 2,048-bit encrypted e-mail from a Web interface.
Upgrading to a Premium account for $29.99 gets you a year of service
with 32MB of storage (extra increments of 32MB are available for $20
each per year, up to 128MB for $90).
The Premium version is terrific, and it is the focus of our analysis.
The free version has reasonable limits of 2MB of storage and 1.5MB of
outgoing attachments, but it's cumbersome to use, burdened by pop-ups
designed to get you to upgrade or chase you away. You may still
recommend the free version to some of your friends, since the only way
to enjoy the full power of Hushmail is to have encryption-enabled
e-mail users to communicate with.
By default, any e-mail sent from one Hushmail user to another is
encrypted with the 2,048-bit scheme. You can also correspond with
users of PGP, GnuPG, or other OpenPGP-standard products using
TripleDES, Twofish, and other, more standard encryption levels. The
Hushmail site has a FAQ that details the few steps you and your
contacts have to take to ensure that all public keys involved are
accessible. The procedure shouldn't seem complicated to anyone who's
actually used OpenPGP products. If you try sending mail to someone who
hasn't been set up with OpenPGP or Hushmail, you will get a message
stating that no public keys are available. You then have the option to
send your message in plain text.
During account creation, you generate a key by moving your mouse
randomly for a minute or so. You then add a long, case-sensitive
passphrase to lock the account. Hushmail has no access to this phrase
or to your unencrypted mail, so if you lose the phrase, you lose your
mail forever.
We love that the encryption engine is also used to store documents in
your account. All this encryption and decryption is handled by a Java
app that you download once on your machine or download dynamically on
a public machine. Hushmail even has an intuitive interface with a
message preview pane.
Even if you don't always communicate with crypto users, Hushmail
offers some other excellent benefits. You can digitally sign messages,
proving they came unchanged from you. Non-Hushmail users have to click
on a Web tool link and paste the signature in to verify it as yours.
Turn off digital signatures, and Hushmail even provides some
anonymity, as messages are light on header information and do not
reveal your IP address. Note that both Hotmail and Yahoo! send your IP
address in a header, as does Oddpost (Mailblocks doesn't).
Hushmail also has some flexible spam-filtering options, making it a
truly complete service. You can block mail based on whether it is
encrypted or use a whitelist. You can also set up Human Authenticator,
which sends a challenge to those sending you mail for the first time.
This challenge requires senders to click on an image in a linked Web
page. Hushmail's multiple spam controls should provide a reasonable
solution, although some analysis-based filtering would have been nice.
Hushmail is simply the best we've seen at handling attachments. You
can receive 25MB files and send 15MB ones; the other services set a
10MB limit on both incoming and outgoing attachments. There's no virus
scanning of attachments as with Hotmail and Yahoo! Mail, but none of
the others here have attachment virus scanning either.
Rounding out the service are new mail notifications sent to
non-Hushmail addresses and even a new Hush Messenger. Hush Messenger
is a truly secure chat application, and it will enable secure file
sharing and file encryption on users' hard drives in coming months.
Hushmail is a securityphile's dream come true. We would like to see
external access to other accounts and Mac OS support, however, in
keeping with the liberating concept of Web mail."
|
|