Using encrypted communication
Privacy is protection of the weak against abuse from those who have more power and possibly a desire to use it against
the powerless in order to obtain some illegitimate advantages.
If you cannot communicate and make your decisions in privacy, you have no protection against abuse from those in power.
It is for good reason that all democratic elections are by secret ballot!
If you want to protect your freedom, communication privacy is a must.
You don't have many options available, particularly not if you live in the USA... The US government has made law that
permits it to listen to all phone calls made by or through any phone located in the USA - without a court order,
without telling anybody about it, and without ever having to be held accountable for what the information thus
gathered will be used for. All e-mails originating at and destined to a US ISP are automatically scanned by the
government's robots, to make sure that "no suspicious activities" are being undertaken. "Suspicious" not be
defined by law, but by the government's desire. Mail can be intercepted any time - again, no court order or warrant
is required. And you home can be invaded, as the government pleases. No warrant required. No requirement either for
even telling you that you had a "visit" while you were gone, and that your computer's hard drive and
your important papers in your filing cabinet got copied or confiscated!
If you believe that the government does this in order to protect you, you are as naive as a Nazi SS-officer believing
in Hitler's government doing the best for Germans. Maybe you would choose a different word than "naive"....?
For communication with us about business matters that go beyond trivial technicalities, you will need the ability
to communicate in privacy.
You have a few options:
Get a PGP software package and educate yourself about how to use it in conjunction with your current e-mail account.
(We warn you: although this solution is genuine, it is also not for people who are "technically challenged"). If that
does not scare you, then you can get
paid version (so you can get support) at www.pgp.com or a free version at
Get a hushmail account, where
the PGP encryption is built-in - and even better: all files are stored on
Hush Communication's secure server in Vancouver, Canada - outside the USA and out of reach of US law, except
when the US government can convince a Canadian judge that a serious crime is brewing. Mind you, Canada does not (yet)
have any laws that allow government to violate people's fundamental rights, unless there is a crime involved. A crime
that is a crime also in Canada... (Being "a suspected terrorist", "a possible criminal", or "acquainted with a Muslim" is not
a crime in Canada...) And you can get a free account, if you accept to check your account minimum once every 20 days.
(The links opens in new windows, so you can get back to this page afterwards - which you should, so you can get started
well by following the instructions below.)
If you can operate a hotmail account, you can also use a hushmail account. Although less fancy, it is also
no more complicated.
We cannot say the same about personal use of PGP. Hushmail provides an excellent services making PGP encryption
available to everyone.
The most important advantage of a hushmail account, however, is that nothing is stored on your own computer!
It is like having a confidential document storage outside the USA! For US residents, this is probably the most
important feature of all, as it makes it impossible for the US government to snoop by entering your home and
copying files from your computer. Or even doing it without entering, but simply by installing a Trojan in
For private non-criminals, our recommendation is clearly in favor of hushmail as the least costly and by far the easiest
way of obtaining communication privacy. For commercial enterprises, a complete PGP solution covering all
computers in the local network might be a worthy solution to at least take a look at. For criminals, we
offer no recommendations.
So, if you are a private investor or running a small enterprise mostly on your own, you
get yourself a hushmail account. When done, this page will remain open, so you can continue with the
set-up by following our instructions below.
Setting up your new hushmail account
When you are done creating your hushmail account, either a free account you have to check regularly or a paid account you don't
need to worry about checking, then you should get the account set up, so you get the most benefit from it.
You do this by going to "Preferences" - the link above your overview of the mail you have.
First, in the "General preferences" section, you make your account show as much of your name as you want in your
outgoing mails. And you set the reply-to address to be your hushmail account. The rest in that section is up to you.
Next, if you want to annoy other people, you set your outgoing mail to always ask a read-receipt. If you want to
remain on friendly terms with those you communicate with, you only ask for such a receipt when you truly need it.
Then, you can add a footer to your outgoing e-mails, if you want. For most people it matters little, so don't bug
yourself with that. However, right underneath it is your chance to decide where you want your own words when you
reply to or forward a message. Once again, in order for you to remain on friendly terms with most other people, then you
have your own words ABOVE the text you refer to so the receiver does not have to scroll all the way down in order to see
why you sent all this...
The following section about external hosts is something you leave blank!
Next section is about you setting up the account to notify you at your "normal" e-mail account when there is
hushmail waiting for you. For security reasons, do not let the message include the name of whom you got that hushmail
from! You will find out when you log in. And by keeping your hushmail "clean" (only give the address to people you truly
trust), then you will want to see every single hushmail you receive!
You can, if you wish, set the account up to send an autoresponse upon receipt of any mail.
The next section allows you to do so, and I suggest you use it with care. With that I mean: don't send a standard
message just confirming that you received the e-mail and that you will respond as soon as possible.
The sender KNOWS that, when he/she was able to send the mail without triggering an error! But if you are not
currently available, or you have some standard references that could help people connect with you or get information
you assume they might need, then you can set up an autoresponse.
Then you need to make sure that you do not "forget" to check your hushmail. You handle that by
setting up the account so it automatically forwards a notice to your ordinary e-mail account when a hushmail arrives.
Now almost done, you will find the next section allows you to set up an alias address if you have a temporary need for
using a hushmail account but do not want to risk using your real account, in case it should be spammed. This feature might be
useful later, so keep it in mind. For start, you probably do not need it.
The section on changing your key phrase is obvious. You should do that once in a while.
Finally, you can use your hushmail account to communicate encrypted with other people who use PGP encryption from
a normal e-mail account. If you want to do this, then be sure first that you fully understand what you do! Using
PGP like this is not a simple thing, so if someone else want you to provide them with you public key for your hushmail
account, then be sure to get the guidance before you "just do it"!
So, you just need to hit the "Save" button on the light-blue bar almost at the top of the window.
If you don't, all your input goes lost...
Using your hushmail
You send a hushmail by clicking on "Compose". That gives you a new window for your message. You can fill in the
recipients by using your contact list or by simply writing the address.
You create a new contact by clicking on "Contact" and then "New" (them icon with a person's head). The rest
is simple, so play around with it.
One little important thing to remember is that you must start with the addressee for your message - otherwise you cannot
encrypt any attachments to it.
You add an attachment by following the procedures on the tap "Attachments" right underneath your subject line.
Don't get confused because there are TWO files added! One is the key to unencrypt the encrypted main document, and you
must send both to your receiver. When opening an encrypted attachment, you only need to open the main document, not the
little additional .sig file - it is only the key to unencrypt the main document - but it is being sent to the
destination along a completely different route over the Internet.
The "Message options" tap allows you to ask for a read-receipt for any particular message. It also allows you to send
encrypted e-mail to someone who has no hushmail and no PGP encryption. You do this by providing a question to them. They must
answer that question EXACTLY as you give the answer, and you must, of course, then make sure that they do indeed know
that answer! You get this option as your default if you try to send a hushmail to a non-encrypted account - in which case
you, of course, also can choose to abstain from encryption altogether. But please use that option with great care - don't
let convenience make that choice for you!
We hope you will take good care of your hushmail account. After all, without private communication, you can have no
freedom. And freedom isn't free. But it is worth it...
Killing some myths...
On certain web pages, you might find the claim posted that hushmail is not secure.
You find our comments added in red. The original text is in purple.
Please note that HUSHMAIL IS NOT SECURE!!!
This is a recent development.
COMMENT: This is no "development". This is how it has always been, and
hopefully always will be in Canada and other civilized countries.
1. Hushmail can access your personal messages and has the ability
to modify the java applet used for encryption to capture your
COMMENT: Yes, and they do it ONLY when ordered by a judge in BC in order to pursue a criminal case.
As any other law-abiding business in Canada would do - and as any business also in the USA or anywhere
else in the World would do! If you want to use the services of a business that refuses to cooperate with
the court system pursuing or preventing a crime, you got it: it is called the Mafia.
2. Hushmail has control of your private PGP encryption KEY.
COMMENT: Of course it does. And so does any hacker that plants a Trojan on your machine...
For hushmail, though, you can rest assured that they only do it when they receive a legitimate court order for it
- and they can only do it through the java applet by letting the java applet install a Trojan.
3. Hushmail stores your ip address for 18 months.
COMMENT: And your ISP and the government does it FOREVER. So what's the point? Why do you want to hide the
fact that you use hushmail? Besides, you can change IP address any time, and many ISP's use "floating IPs" anyway...
4. Hushmail stores your deleted emails for 3 weeks.
COMMENT: The FBI stores them FOREVER when they get them from snooping at your ISP.
Hushmail DELETES them completely.
5. Hushmail will not guarantee your privacy or security.
COMMENT: No, because they will not cover crimes. It would put them out of
business, if they did.
6. Hushmail can and has recently turned over “encrypted” email
content and IP addresses to 3 parties, including government
agencies and other individuals.
COMMENT: ONLY in response to a legitimate court order from a BC judge, who found that
there was a crime to investigate and stop.
To communicate securely, you need PGP on your own computer under
your own control. For maximum security please use (commercial) PGP
http://www.pgp.com or (free) http://www.pgpi.org or GnuPG
COMMENT: So, this is all advertising? Advertising by spreading stupid semi-true irrelevant facts around about
a competitor, who seriously makes a decent effort to make PGP encryption EASY, also for people who do not
understand all the technicalities involved in installing and running your own software encryption?
And then you have it ALL, in clear text, on your own computer!!!!! Gees - are you sleeping at the steering
wheel??????????? This means that, if you live in the USA, the FBI can ANYTIME, with NO COURT ORDER, access
your home and confiscate your computer and get the whole story, nicely served, without even telling you in
advance that they want to do it, and without telling you afterwards that they did it, if they did it at a
time you were not there... They can even access your computer when you are gone, copy everything, and leave
without a trace telling you that "something" has been going on....
When you use hushmail, the documents are stored on Hush Communication's server in Vancouver, Canada -
and they are NOT available to anyone in the USA, not even the FBI, UNLESS there is a legitimate criminal
charge that is considered relevant by a judge in BC, Canada, in accordance with CANADIAN LAW, not the
US Patriot Act.
So, it boils down to this: WHERE do you want your documents stored? And whom do you trust? Here are
your options for an answer:
On an encrypted server in Canada, where it takes a court order from a judge in BC, Canada, which will
ONLY demand this done if there are compelling reasons for suspecting a crime that is also a crime in
accordance with CANADIAN LAW;
In the USA, where the FBI and the US government have all the power they want to snoop in order to check
if there SHOULD be something for them to grab.
Pick your poison.