Logo Dog protecting its treasure 
- are you protecting yours?


Using encrypted communication

through hushmail


Privacy is protection of the weak against abuse from those who have more power and possibly a desire to use it against the powerless in order to obtain some illegitimate advantages.

If you cannot communicate and make your decisions in privacy, you have no protection against abuse from those in power.

It is for good reason that all democratic elections are by secret ballot!

If you want to protect your freedom, communication privacy is a must.

You don't have many options available, particularly not if you live in the USA... The US government has made law that permits it to listen to all phone calls made by or through any phone located in the USA - without a court order, without telling anybody about it, and without ever having to be held accountable for what the information thus gathered will be used for. All e-mails originating at and destined to a US ISP are automatically scanned by the government's robots, to make sure that "no suspicious activities" are being undertaken. "Suspicious" not be defined by law, but by the government's desire. Mail can be intercepted any time - again, no court order or warrant is required. And you home can be invaded, as the government pleases. No warrant required. No requirement either for even telling you that you had a "visit" while you were gone, and that your computer's hard drive and your important papers in your filing cabinet got copied or confiscated!

If you believe that the government does this in order to protect you, you are as naive as a Nazi SS-officer believing in Hitler's government doing the best for Germans. Maybe you would choose a different word than "naive"....?

For communication with us about business matters that go beyond trivial technicalities, you will need the ability to communicate in privacy.

You have a few options:

  1. Get a PGP software package and educate yourself about how to use it in conjunction with your current e-mail account. (We warn you: although this solution is genuine, it is also not for people who are "technically challenged"). If that does not scare you, then you can get paid version (so you can get support) at www.pgp.com or a free version at www.pgpi.org or www.gnupg.org.

  2. Get a hushmail account, where the PGP encryption is built-in - and even better: all files are stored on Hush Communication's secure server in Vancouver, Canada - outside the USA and out of reach of US law, except when the US government can convince a Canadian judge that a serious crime is brewing. Mind you, Canada does not (yet) have any laws that allow government to violate people's fundamental rights, unless there is a crime involved. A crime that is a crime also in Canada... (Being "a suspected terrorist", "a possible criminal", or "acquainted with a Muslim" is not a crime in Canada...) And you can get a free account, if you accept to check your account minimum once every 20 days.

(The links opens in new windows, so you can get back to this page afterwards - which you should, so you can get started well by following the instructions below.)

If you can operate a hotmail account, you can also use a hushmail account. Although less fancy, it is also no more complicated.

We cannot say the same about personal use of PGP. Hushmail provides an excellent services making PGP encryption available to everyone.

The most important advantage of a hushmail account, however, is that nothing is stored on your own computer! It is like having a confidential document storage outside the USA! For US residents, this is probably the most important feature of all, as it makes it impossible for the US government to snoop by entering your home and copying files from your computer. Or even doing it without entering, but simply by installing a Trojan in your computer...

For private non-criminals, our recommendation is clearly in favor of hushmail as the least costly and by far the easiest way of obtaining communication privacy. For commercial enterprises, a complete PGP solution covering all computers in the local network might be a worthy solution to at least take a look at. For criminals, we offer no recommendations.

So, if you are a private investor or running a small enterprise mostly on your own, you get yourself a hushmail account. When done, this page will remain open, so you can continue with the set-up by following our instructions below.



Setting up your new hushmail account

When you are done creating your hushmail account, either a free account you have to check regularly or a paid account you don't need to worry about checking, then you should get the account set up, so you get the most benefit from it.

You do this by going to "Preferences" - the link above your overview of the mail you have.

First, in the "General preferences" section, you make your account show as much of your name as you want in your outgoing mails. And you set the reply-to address to be your hushmail account. The rest in that section is up to you.

Next, if you want to annoy other people, you set your outgoing mail to always ask a read-receipt. If you want to remain on friendly terms with those you communicate with, you only ask for such a receipt when you truly need it.

Then, you can add a footer to your outgoing e-mails, if you want. For most people it matters little, so don't bug yourself with that. However, right underneath it is your chance to decide where you want your own words when you reply to or forward a message. Once again, in order for you to remain on friendly terms with most other people, then you have your own words ABOVE the text you refer to so the receiver does not have to scroll all the way down in order to see why you sent all this...

The following section about external hosts is something you leave blank!

Next section is about you setting up the account to notify you at your "normal" e-mail account when there is hushmail waiting for you. For security reasons, do not let the message include the name of whom you got that hushmail from! You will find out when you log in. And by keeping your hushmail "clean" (only give the address to people you truly trust), then you will want to see every single hushmail you receive!

You can, if you wish, set the account up to send an autoresponse upon receipt of any mail. The next section allows you to do so, and I suggest you use it with care. With that I mean: don't send a standard message just confirming that you received the e-mail and that you will respond as soon as possible. The sender KNOWS that, when he/she was able to send the mail without triggering an error! But if you are not currently available, or you have some standard references that could help people connect with you or get information you assume they might need, then you can set up an autoresponse.

Then you need to make sure that you do not "forget" to check your hushmail. You handle that by setting up the account so it automatically forwards a notice to your ordinary e-mail account when a hushmail arrives.

Now almost done, you will find the next section allows you to set up an alias address if you have a temporary need for using a hushmail account but do not want to risk using your real account, in case it should be spammed. This feature might be useful later, so keep it in mind. For start, you probably do not need it.

The section on changing your key phrase is obvious. You should do that once in a while.

Finally, you can use your hushmail account to communicate encrypted with other people who use PGP encryption from a normal e-mail account. If you want to do this, then be sure first that you fully understand what you do! Using PGP like this is not a simple thing, so if someone else want you to provide them with you public key for your hushmail account, then be sure to get the guidance before you "just do it"!

So, you just need to hit the "Save" button on the light-blue bar almost at the top of the window. If you don't, all your input goes lost...


Using your hushmail

You send a hushmail by clicking on "Compose". That gives you a new window for your message. You can fill in the recipients by using your contact list or by simply writing the address.

You create a new contact by clicking on "Contact" and then "New" (them icon with a person's head). The rest is simple, so play around with it.

One little important thing to remember is that you must start with the addressee for your message - otherwise you cannot encrypt any attachments to it.

You add an attachment by following the procedures on the tap "Attachments" right underneath your subject line. Don't get confused because there are TWO files added! One is the key to unencrypt the encrypted main document, and you must send both to your receiver. When opening an encrypted attachment, you only need to open the main document, not the little additional .sig file - it is only the key to unencrypt the main document - but it is being sent to the destination along a completely different route over the Internet.

The "Message options" tap allows you to ask for a read-receipt for any particular message. It also allows you to send encrypted e-mail to someone who has no hushmail and no PGP encryption. You do this by providing a question to them. They must answer that question EXACTLY as you give the answer, and you must, of course, then make sure that they do indeed know that answer! You get this option as your default if you try to send a hushmail to a non-encrypted account - in which case you, of course, also can choose to abstain from encryption altogether. But please use that option with great care - don't let convenience make that choice for you!

We hope you will take good care of your hushmail account. After all, without private communication, you can have no freedom. And freedom isn't free. But it is worth it...




Killing some myths...

On certain web pages, you might find the claim posted that hushmail is not secure. You find our comments added in red. The original text is in purple.


Please note that HUSHMAIL IS NOT SECURE!!!

This is a recent development.

COMMENT: This is no "development". This is how it has always been, and hopefully always will be in Canada and other civilized countries.

1. Hushmail can access your personal messages and has the ability to modify the java applet used for encryption to capture your password.

COMMENT: Yes, and they do it ONLY when ordered by a judge in BC in order to pursue a criminal case. As any other law-abiding business in Canada would do - and as any business also in the USA or anywhere else in the World would do! If you want to use the services of a business that refuses to cooperate with the court system pursuing or preventing a crime, you got it: it is called the Mafia.

2. Hushmail has control of your private PGP encryption KEY.

COMMENT: Of course it does. And so does any hacker that plants a Trojan on your machine... For hushmail, though, you can rest assured that they only do it when they receive a legitimate court order for it - and they can only do it through the java applet by letting the java applet install a Trojan.

3. Hushmail stores your ip address for 18 months.

COMMENT: And your ISP and the government does it FOREVER. So what's the point? Why do you want to hide the fact that you use hushmail? Besides, you can change IP address any time, and many ISP's use "floating IPs" anyway...

4. Hushmail stores your deleted emails for 3 weeks.

COMMENT: The FBI stores them FOREVER when they get them from snooping at your ISP. Hushmail DELETES them completely.

5. Hushmail will not guarantee your privacy or security.

COMMENT: No, because they will not cover crimes. It would put them out of business, if they did.

6. Hushmail can and has recently turned over “encrypted” email content and IP addresses to 3 parties, including government agencies and other individuals.

COMMENT: ONLY in response to a legitimate court order from a BC judge, who found that there was a crime to investigate and stop.

To communicate securely, you need PGP on your own computer under your own control. For maximum security please use (commercial) PGP http://www.pgp.com or (free) http://www.pgpi.org or GnuPG http://www.gnupg.org

COMMENT: So, this is all advertising? Advertising by spreading stupid semi-true irrelevant facts around about a competitor, who seriously makes a decent effort to make PGP encryption EASY, also for people who do not understand all the technicalities involved in installing and running your own software encryption?

And then you have it ALL, in clear text, on your own computer!!!!! Gees - are you sleeping at the steering wheel??????????? This means that, if you live in the USA, the FBI can ANYTIME, with NO COURT ORDER, access your home and confiscate your computer and get the whole story, nicely served, without even telling you in advance that they want to do it, and without telling you afterwards that they did it, if they did it at a time you were not there... They can even access your computer when you are gone, copy everything, and leave without a trace telling you that "something" has been going on....

When you use hushmail, the documents are stored on Hush Communication's server in Vancouver, Canada - and they are NOT available to anyone in the USA, not even the FBI, UNLESS there is a legitimate criminal charge that is considered relevant by a judge in BC, Canada, in accordance with CANADIAN LAW, not the US Patriot Act.

So, it boils down to this: WHERE do you want your documents stored? And whom do you trust? Here are your options for an answer:

  1. On an encrypted server in Canada, where it takes a court order from a judge in BC, Canada, which will ONLY demand this done if there are compelling reasons for suspecting a crime that is also a crime in accordance with CANADIAN LAW;

  2. In the USA, where the FBI and the US government have all the power they want to snoop in order to check if there SHOULD be something for them to grab.

Pick your poison.