Email is not a secure service. Even if you use a secure transport like HTTPS or SSL to access your mail, once your messages leave your email provider’s mail server they travel unencrypted over the Internet to the recipient’s mail server. For this reason you really should not use regular email to send credit card numbers, SSNs or confidential personal or business information. Messages can be intercepted and read by employers, ISPs, government agencies and hackers. Fax or even a voice phone call is significantly safer but still subject to eavesdropping particularly by telephone service providers and the government.
Secure email is possible only if messages are encrypted by the sender and decrypted by the recipient using something like OpenPGP, BouncyCastle or GNU Privacy Guard. These tools are somewhat cumbersome to use and require both sender and recipient to have the encryption package installed on their PC. These tools are also not available for most mobile phones. However there is an alternative that’s relatively easy to use, secure web mail. The oldest (since 1997) and largest secure web mail provider Hushmail.com, recently launched a mobile web based version of their product at m.hushmail.com.
In order to use HushMail’s mobile email you first have to sign up for their regular web mail at hushmail.com. Sign up is fast and easy. There are three HushMail plans, Free, Premium and Business.
The free account is limited to 2MB of email storage and must be accessed at least every three weeks or your account and emails will be deleted. Every time you log into a free account on the full web you have to dismiss a prompt to sign up for the Premium Plan before you can reach your inbox. Thankfully, the free mobile web version doesn’t do that.
The Premium account is $34.95/year and raises the storage limit to 250MB, lets you use HushMail from OutLook, Mac OS Mail and Thunderbird and removes the every three week log in restriction.
Business accounts let you use you own domain for secure email and start at $2/month/user after a $9.95 setup fee. There are additional optional charges for Outlook/Thunderbird/Mac OS Mail access, increased storage and various administrative services.
Using Hushmail is as easy as any web mail product. Sending an encrypted email to another Hushmail is simply a matter of checking an “Encrypted” box when composing the message. As both sender and recipient log into Hushmail to access their mail, encryption and decryption happens behind the scenes with no user intervention. Sending and receiving unencrypted emails with anyone requires no extra steps either. If you want to sent an encrypted email to a non Hushmail user, you are prompted to enter a challenge question and response. When the recipient opens the encrypted email they actually see a place holder message informing them that there is an encrypted email from you waiting for them at Hushmail along with a message specific URL. When they visit that URL, they are prompted with the challenge question, if they answer it correctly they see the message and can send an encrypted reply without any additional log in.
The mobile Hushmail interface is clean and lean and loads rapidly in even the most basic mobile browsers. It’s fairly full-featured too with mass tag and delete and the ability to move individual emails to folders, although you can’t create new folders with the mobile version. Attachments are supported on mobile, however, unlike with mobile gMail, Word and PDF documents aren’t converted to plain text to be readable on any phone. If your phone has a PDF or Word reader that’s fine, otherwise you are out of luck. Usability is fairly good, the main drawback is the need to enter your full Hushmail email address including the ‘@’ sign along with your passphrase every time you visit Hushmail mobile. Hushmail does not set a persistent cookie so you have to log in every time. It doesn’t help that when you sign up for Hushmail you are urged to make your passphrase much longer and more complex than an ordinary password. I understand that the lack of persistent log in and the long ID and passphrase enhance security but they also make logging in much harder than with other mobile web mail services like gMail. The other thing I don’t like about Mobile Hushmail is that it turns URLs in messages into plain text so they aren’t click-able. This is a pet peeve of mine although it may not be an issue for most people.
Hushmail and it’s mobile version are a great way to do secure email with a minimum of inconvenience. While I’m sure none of my readers would do anything illegal, Hushmail warns that you may not be protected if you use HushMail for email related to any activity which is illegal in either your home country, your recipient’s country or Canada, where Hushmail is based. Hushmail must respond to valid Canadian court orders including international court orders from countries that have a mutual assistance treaty with Canada. In fact HushMail cooperated recently with US authorities to turn over decrypted emails in a case involving the sale of illegal anabolic steroid drugs.
Via: Mobile Mammoth
Mobile Link: m.hushmail.com
Ratings: Content: Usability:
HushMail is web based. As long as pages aren’t cached by the browser (and they shouldn’t be if HushMail uses sensible cache control headers) nothing is saved on the device.
With smartphones and tablets, the main problem is that the email stays on the device once downloaded. And then it can be hacked… (quite easily in fact, even if the device has pincode).
The only solution is not to leave the email on the device.