Results 1 to 15 of 15
  1. TRgEOff's Avatar
    Posts
    589 Posts
    Global Posts
    591 Global Posts
       #1  
    Hushmail is probably the most used secure (ie encrypted) email service, but its usability for Treos (well, Palms anyway) has been limited by a requirement for Java.
    http://discussion.treocentral.com/sh...light=hushmail

    But Hushmail has just now made it apparently possible, at least for new accounts, since the new default account creation process does not enable Java. (I dont think there is any way to disable Java in existing accounts).

    So far I have been able to login no problems and get to the main Message Reading page for my account, but I cant navigate around the page (Im using Blazer) in any workable way. It seems to be composed of frames that Blazer is just not handling. So close but yet so far!!

    Ive tried Optimized and Widepage views in Blazer,and Ive tried going via Skweezer and MobileLeap, still no joy.

    Id be interested to hear if any other Hush devotee can go the last step using some other browser or Blazer config

    geoff
    Last edited by TRgEOff; 04/20/2006 at 12:56 PM.
  2. #2  
    I used HushMail once. It was pretty great. My user name was even just a string of random numbers, and it required authentication on the receivers part. I know I'm preaching to the choir here, but I guess I'm just trying to remember it. It's been a while. I stopped needing to use it when a sticky situation blew over. What would be cool is if they made an email client specifically for mobile devices. I'll see if I can get it working with Xiino(I doubt it though).
    Why are ringtones always such a big issue? Don't people realize that they're obnoxious!? And why the Nintendo 'Wii'? What th-!?
  3. #3  
    It's one of the best secure email services!! I hope they get it to work on handhelds. It took them quite some time to get out a Mac version.
    HP has officially ruined it's own platform and kicked webOS loyalists and early TouchPad adopters to the curb. You think after you drop it like a hot potato and mention it made no money and is costing you money, anyone else wants it??? Way to go HP!!

    And some people are fools to keep believing their hype. HP has shown they will throw webOS under the bus and people are still having faith in them??? News flash: if it's own company won't stand behind it, it's finished!
  4. TRgEOff's Avatar
    Posts
    589 Posts
    Global Posts
    591 Global Posts
       #4  
    Quote Originally Posted by ShannonElements
    I'll see if I can get it working with Xiino(I doubt it though).

    That would be great. Just remember you will need to create a new free account at
    www.hushmail.com

    I dont think there is any account-opening process more simple than Hushmail's!

    good luck

    geoff
  5. #5  
    I couldn't get it working with Xiino. Since it supports IMAP though, can't you use it with Snapper or Chatter or VersaFail?
    Why are ringtones always such a big issue? Don't people realize that they're obnoxious!? And why the Nintendo 'Wii'? What th-!?
  6. TRgEOff's Avatar
    Posts
    589 Posts
    Global Posts
    591 Global Posts
       #6  
    Quote Originally Posted by ShannonElements
    I couldn't get it working with Xiino. Since it supports IMAP though, can't you use it with Snapper or Chatter or VersaFail?
    Thanks SE

    At what stage did it not work?

    As to IMAP, its an interesting thought. The server Im on right now doesnt allow me to access Hushmail to check, but its self-evident that when messages are handled in that way, they must at some point become unencrypted (as opposed to the dynamic decrypting that occurs when you access your messages via the Hushmail webpage). In terms of security it would be important to know exactly where that point was. I seem to remember reading on the site that the process used for IMAP basically means the messages can be considered unencrypted, suggesting that the decryption occurs before it is relayed to you, which I think would defeat the whole purpose of the exercise.

    Ill look into that a bit more when I get home.

    Do you know offhand which browser is meant to be the best for handling frames? OperaMini perhaps?

    cheers

    geoff
  7. #7  
    Quote Originally Posted by TRgEOff
    Thanks SE

    At what stage did it not work?

    As to IMAP, its an interesting thought. The server Im on right now doesnt allow me to access Hushmail to check, but its self-evident that when messages are handled in that way, they must at some point become unencrypted (as opposed to the dynamic decrypting that occurs when you access your messages via the Hushmail webpage). In terms of security it would be important to know exactly where that point was. I seem to remember reading on the site that the process used for IMAP basically means the messages can be considered unencrypted, suggesting that the decryption occurs before it is relayed to you, which I think would defeat the whole purpose of the exercise.

    Ill look into that a bit more when I get home.

    Do you know offhand which browser is meant to be the best for handling frames? OperaMini perhaps?

    cheers

    geoff
    It wouldn't let me advance any further than entering my user name, then it brought up some obscure error/security code("Peer could not be authorized due to the following reasons: Failed to validate the certification. Certificate: CN=mailserver7.hushmail.com O=Hush Communications Canada, Inc. OU=Hosted by Hush Communications Limited SP=British Columbia C=CA).

    I do agree that it would probably defeat the point if the message became decrypted before it got to you(or your mail client). But it's advertised on their site that they're compatible with email clients such as Thunderbird and Outlook, so I don't see why they might not also be compatible with Versamail/Snapper/Chatter.

    I do believe Opera Mini is supposed to be the best when it comes to frames. Of course, you're gonna need to have JAVA installed(oh, the irony)...
    Why are ringtones always such a big issue? Don't people realize that they're obnoxious!? And why the Nintendo 'Wii'? What th-!?
  8. TRgEOff's Avatar
    Posts
    589 Posts
    Global Posts
    591 Global Posts
       #8  
    Quote Originally Posted by ShannonElements
    It wouldn't let me advance any further than entering my user name, then it brought up some obscure error/security code("Peer could not be authorized...

    I do agree that it would probably defeat the point if the message became decrypted before it got to you(or your mail client). But it's advertised on their site that they're compatible with email clients such as Thunderbird and Outlook, so I don't see why they might not also be compatible with Versamail/Snapper/Chatter.

    I do believe Opera Mini is supposed to be the best when it comes to frames. Of course, you're gonna need to have JAVA installed(oh, the irony)...
    Well I can now report that new non-Java-enabled Hushmail accounts can be accessed on a Palm, via OperaMini. But..and how big the but is Im not really sure...not very securely. At every stage of the login process there is a warning on the page saying

    "The communication between your phone and this page is not secure"

    I think this is a result of the fact that OperaMini browsing on a Palm is always routed through a proxy server.

    Now does this mean that copies of the decrypted file end up all over the place, or does it just mean that during the process of transfer they could be snaffled by someone who was intent on doing so? I dont know, but Ill contact Hushmail support and try to find out.

    Other than that: the main Message Page that poor Blazer could not handle gave OM no probs at all and overall it is a a good browsing experience.

    Some other observations:

    *Now OM does require the IBM Java VM, but getting that onto your Palm doesnt mean unfortunately that you could access java-enabled Hushmail accounts, at least according to Shneor in this thread
    http://discussion.treocentral.com/sh...light=hushmail
    wherein it is said that nothing will allow the Palm to handle the Java Applet that the older Hush accounts use.


    *I also tried Xiino and got the same Error message that Shannon reported.

    * The IMAP access on Hushmail is secure but costs $15/yr (normal Hush accts are free). Also from what I have read it only integrates with programs (like Outlook) for which Hushmail has created dedicated plug-ins etc.

    * POP access is available with the free Hush accounts, but they are very explicit about it not being secure (perhaps of equal insecurity to the OperaMini browser access??).

    Thanks for your efforts ShannonE, it inspired me to keep trying!!

    geoff
  9. #9  
    Quote Originally Posted by TRgEOff
    Well I can now report that new non-Java-enabled Hushmail accounts can be accessed on a Palm, via OperaMini. But..and how big the but is Im not really sure...not very securely. At every stage of the login process there is a warning on the page saying

    "The communication between your phone and this page is not secure"

    I think this is a result of the fact that OperaMini browsing on a Palm is always routed through a proxy server.

    Now does this mean that copies of the decrypted file end up all over the place, or does it just mean that during the process of transfer they could be snaffled by someone who was intent on doing so? I dont know, but Ill contact Hushmail support and try to find out.

    Other than that: the main Message Page that poor Blazer could not handle gave OM no probs at all and overall it is a a good browsing experience.

    Some other observations:

    *Now OM does require the IBM Java VM, but getting that onto your Palm doesnt mean unfortunately that you could access java-enabled Hushmail accounts, at least according to Shneor in this thread
    http://discussion.treocentral.com/sh...light=hushmail
    wherein it is said that nothing will allow the Palm to handle the Java Applet that the older Hush accounts use.


    *I also tried Xiino and got the same Error message that Shannon reported.

    * The IMAP access on Hushmail is secure but costs $15/yr (normal Hush accts are free). Also from what I have read it only integrates with programs (like Outlook) for which Hushmail has created dedicated plug-ins etc.

    * POP access is available with the free Hush accounts, but they are very explicit about it not being secure (perhaps of equal insecurity to the OperaMini browser access??).

    Thanks for your efforts ShannonE, it inspired me to keep trying!!

    geoff

    Yep, no prob. Hmmm, even if your message IS being decrypted at some point before it gets to you by going through Opera's proxy server, I doubt you'd be at much risk. But then again, that kinda defeats the purpose of the whole thing. Maybe if we bug them enough they'll add a plug-in for VersaFail. I don't think that's entirely unreasonable.
    Why are ringtones always such a big issue? Don't people realize that they're obnoxious!? And why the Nintendo 'Wii'? What th-!?
  10. #10  
    The following is a comment by LP-Trel. I guess he/she deleted it for whatever reason. Still though, because I'm subscribed to this thread, it made it to my inbox before it was canked. Sorry about your luck LP, but your opinion with be heard(and rebutted).

    *Begin Trolling..*

    Am I the only one that fails to see what is so great about Hushmail?

    It has SSL logins with a java login system that is so secure you can't access your email from your PDAs like you want to. It is so secure that you are secure from your own email. That is the best security plan ever. (The man that first suggested unplugging a computer and burying it as a security plan even sees the irony here.)

    Three comments:

    1) Email is sent in plaintext from server to server unless the servers support encryption or the message is encrypted from the email client itself. Server to server encryption is much more widely supported than encrypting the message itself.

    2) Anything you can't use no matter how secure is worthless.

    3) Their pricing for IMAP and other services seems a bit.. high.

    You can get far better pricing and even quite a few more services as in:

    you@yourchoiceofdomain.tld for less than their desktop plan with far more space and control.

    Just some thoughts.


    Geoff, shall I give you the honors?
    Why are ringtones always such a big issue? Don't people realize that they're obnoxious!? And why the Nintendo 'Wii'? What th-!?
  11. #11  
    No problem at all.

    I just wanted to write something when I was a bit less tired and could make a more forceful arguement. Have at that for now and I'll follow up with another reply later.

    Security is a topic I absolutely love debating.
  12. #12  
    Quote Originally Posted by LP-Trel
    No problem at all.

    I just wanted to write something when I was a bit less tired and could make a more forceful arguement. Have at that for now and I'll follow up with another reply later.

    Security is a topic I absolutely love debating.
    Bwahaha! Seriously, LP, way to be a good sport. A lot of people would've gotten upset that I posted their deleted comment like that. When you're at 100%, drop the hammer on us Hush fans!
    Why are ringtones always such a big issue? Don't people realize that they're obnoxious!? And why the Nintendo 'Wii'? What th-!?
  13. TRgEOff's Avatar
    Posts
    589 Posts
    Global Posts
    591 Global Posts
       #13  
    Quote Originally Posted by ShannonElements
    Bwahaha! Seriously, LP, way to be a good sport. A lot of people would've gotten upset that I posted their deleted comment like that. When you're at 100%, drop the hammer on us Hush fans!
    hehe, its true what they say ...once youve hit that ENTER key..

    But actually I agree with much of what LP-Trel says. Hushmail has been difficult not just for PDAs (well impossible for Palms), but for PCs as well. I do a lot of travelling and with the (prior) Java requirement the comps in many Net cafes just did not cope.

    But:

    1. Hushmail is definitely improving all the time. The recent removal of the Java requirement being just one of the many incremental improvments that appear from time to time. They also added a nice feature last year where you can send encrypted messages to non-Hush accounts.

    2. Ive never had to pay a cent for 5 years of occasional use. Ordinary accounts are free and you could have 100,000 or more of them if you so wished.

    3. Most importantly I dont know of anything else that is both free and has the same functionality or better. But Im no security expert, not actually being in real need of Hush (but its nice to know it's there), and Im always curious to know of any other alternatives.

    Maybe when LP-Trel has more energy he could explain the bit about you@yourchoiceofdomain.tld
    and server to server encryption a bit more fully. I dont understand how I would go about implementing that.

    ffego

    (name encrypted with my own patented algorithm)
  14. #14  
    1) From what I can see it looks like they support SSL, a Java login system, and OpenPGP in webmail. That is about it.

    2) Gmail is also free with SSL logins and 2.7GB of space with a very slick interface.

    3) Gmail has most of the functionality of Hushmail and perhaps a bit more since Gmail requires SSL for SMTP and POP3 as I recall.

    Now as for you@yourchoiceofdomain.tld you could have TRgEOff@TRgEOff.com or TRgEOff@TRgEOff.co.uk and so on for less than the price of Hushmail's Desktop plan. With using your own domain like that you are also free to move from provider to provider without changing your email address (i.e. you'll always be TRgEOff@TRgEOff.com regardless) and will also be able to setup a website at http://TRgEOff.com/

    Now the server to server encryption is something that Exim and other MTAs support to keep email from being passed between them in plaintext. It is solely dependant on the configuration of the servers involved but, Exim attempts to use secure (SSL/TLS) first then falls back to plaintext.

    Rather than being afraid of sniffing at the server or backbone level I would be more afraid of sniffing at the ISP or local network level. Using TLS/SSL to check your email and send your email via the server will likely be secure enough without going overboard where it restricts your usage of your email.
    Zach Roberts
    Director - Lifeless People Networks Ltd.
    http://www.lifelesspeople.com/ - Pay by Post™ Webhosting
  15. TRgEOff's Avatar
    Posts
    589 Posts
    Global Posts
    591 Global Posts
       #15  
    Thanks LP-T for that info

    I guess if I had extensive need of secure emailing I might consider your suggested solution, but it does involve some expense and and I can get Hush to satisfy my rather minimal needs for free. I only need a website for work, and my work supplies all that space for free too. I can see that there are obvious advantages for some people in consolidating everything into a single email with your own domain etc, but it doesnt suit my particular needs right now.

    I got a reply back from Hushmail support (below) about the consequences of OperaMini routing through a proxy server:

    "We do not allow unsecured connections to our server, so at the very
    least the connection between our server and the proxy server would be
    secure. After that, the information is handled within your Treo's network, so
    we're unable to answer questions about how they handle that information."

    Does that mean the decryption occurs on the proxy and then proceeds onwards unencrypted?

    cheers

    geoff

Posting Permissions