Category: Secure e-mail
Name of tool: Hushmail
Company name: Hush Communications Inc.
Price: Both free and fee ($30/yr) versions available
Platforms supported: All Windows operating systems, IE recommended Strom-meter:
*** = Hey, not bad. One notch below very cool. Key features:
Secure e-mail using your Web browser. Pros:
Easy and simple to use, no additional software required.
No crypto key management required either, making it especially nice for traveling users. Cons:
Doesn't work on Mac OS.
Password strength not enforced.
Recent (IE V5 or better) browsers recommended. Description:
Finding a product or a service to secure your e-mail isn't easy. While there are plenty of vendors that lay claim to this area, few of them can deliver something that is easy to use and effective, without requiring users to learn a great deal of cryptography and make major changes to the way they go about their business of sending and receiving messages.
The one exception I have found is Hushmail's namesake service, and the cost is very agreeable. You can use their lower-end service for free, provided you use it regularly and don't miss the extra features that are available for the fee-based product. The biggest downside is that you will need to set up a new and separate e-mail identity (firstname.lastname@example.org).
I have written about securing e-mail before, including recommending Pretty Good Privacy for those who need really solid encryption. I still stand by that recommendation, although Network Associates doesn't stand by PGP anymore, and you'll have to download it from the pgpi.com site if you still want to make use of this product. (PGP remains a part of NAI/McAfee's server, personal firewall and VPN client products.)
But, PGP's biggest downfall and burden is having to manage your crypto keys to encrypt and decrypt your e-mail. If you aren't used to doing this, it isn't easy. And if you move about between home and work PCs, it becomes very difficult.
Hushmail takes a different approach: It is completely browser-based, so you technically don't have to download any software (other than a couple of Active X controls) to your desktop. You set up your account, then read and compose messages all within your Web browser, using a secure connection to their servers.
Having a service makes it easier in one big aspect: You don't have to manage your keys and encryption mechanics since Hush does it all for you. If you are corresponding with someone else who has a Hush account, then you just click on the "encrypt" check box and it will automatically perform the encryption of your messages. This couldn't be any easier. If you send and receive your encrypted e-mail when you are traveling, you can make use of its service from anywhere you have Internet access and a browser.
Hushmail isn't perfect. It doesn't work on MacOS, and you'll need to be running a relatively recent version of IE (5.0 or better). I didn't test it on any other browser, but they clearly are optimizing it for the IE experience. And your account is only as secure as your password -- if you choose a weak password, that doesn't help matters. Hush should enforce some kind of password strength algorithm (such as the length and complexity of your password) to help protect its account holders. But, all of these are minimal quibbles for what is truly a great service.Hush isn't the only browser-based encrypted e-mail service. Another is offered by Lok, but it doesn't offer the simplicity of Hush, and it has a few bugs of its own. Because Hush is based on OpenPGP, you theoretically can exchange encrypted messages with any PGP user. While there are detailed instructions on Hush's FAQs that tell you how to do this, I was only able to get encrypted messages flowing one way -- outbound from Hush. I don't know what I was doing wrong.
The fee-based (what Hush calls Premium) accounts cost $30 per year and include several items. Most importantly, you can send and receive attachments up to 15 megabytes. Your account remains open regardless of how many or few e-mails you send. You have more storage space (32MB total vs. the 2 MB that the lite users have), don't get any banner ads or pop-up screens (which do get annoying, but given that the lite accounts are free, what can you do?) and receive technical support.
Overall, Hush is a great service, either for free or for the minimal annual fee. If you are concerned about privacy of your e-mail communications -- and all of us should be -- then it is well worth maintaining a separate e-mail box and making use of its service.Strom-meter key:
**** = Very cool, very useful
*** = Hey, not bad. One notch below very cool
** = A tad shaky to install and use but has some value.
* = Don't waste your time. Minimal real value. About the author
David Strom is the senior technology editor for VAR Business magazine. He has tested hundreds of computer products over the past two decades working as a computer journalist, consultant and corporate IT manager. Since 1995 he has written a weekly series of essays on Web technologies and marketing called Web Informant. You can send him e-mail at email@example.com.