Hushmail can protect you against a variety of security hazards.

When you are using Hushmail, the connection between your computer and the Hushmail server is protected by encryption. That means that if someone is eavesdropping on your Internet connection, they will not be able to read the traffic that you send to the Hushmail website. This is especially important if you are using your computer on a public or office network, or if you are using a wireless connection that is not encrypted.

In some countries, government sponsored projects have been set up to collect massive amounts of data from the Internet, including emails, and store them away for future analysis. This data collection is done without any search warrant, court order, or subpoena. One example of such a program was the FBI's Carnivore project. By using Hushmail, you can be assured that your data will be protected from that kind of broad government surveillance.

When a Hushmail user sends email to another Hushmail user, the body and attachments of the email remain encrypted even when they are stored on the hard drive of the Hushmail server. That means that Hushmail won't scan your email to collect information for advertising or other purposes.

Hushmail can help protect your sensitive data from hackers and identity thieves who try to break into servers and steal large amounts of user data that they can mine for useful information.

No system in the world is 100% "unhackable" and anyone who tells you otherwise is being disingenuous. However, some systems are harder to hack than others. In most email systems, once a hacker gains access to the server upon which your email is stored, the email can quickly be copied off the server and read. Hushmail encrypted emails are not so easy to capture. Even if a hacker gets access through our highly secure network to the server on which your encrypted email is stored, he won't be able to just copy off and read your encrypted emails. He would have to capture your passphrase first. To do this, the hacker would have to gain control over the software of our system, alter it, and remain undetected until the next time you come back, in hopes of stealing your passphrase the next time that you enter it. That would be a much more difficult task than simply getting in, copying data, and leaving.

Did you know that anybody can send an email that looks like it comes from any email address? If you get an email that looks like it comes from an address of someone you know, there is no guarantee that it actually does.

When you send email from Hushmail, you can "digitally sign" the email. That digital signature proves that the email actually came from the true owner of the email account. When you are reading a Hushmail, if it is digitally signed, you will see a message that says "This mail is digitally signed by..."

Learn more about Hushmail services, then sign up for your own free email account!

Hushmail is the most secure webmail service on the Internet, but it is not a 100% solution for all of your security needs. There are some things that Hushmail cannot do.

We are committed to the privacy of our users, and will absolutely not release user data without a court order from the Supreme Court of British Columbia, Canada, which is the jurisdiction where our servers are located. In addition, we require that any such court order refer specifically by email address to any account for which data is required. However, if we do receive such a court order, we are required to do everything in our power to comply with the law.

Hushmail will not accept a court order issued by any authority or investigative agency other than the Supreme Court of British Columbia, Canada. Other authorities must apply to the Canadian government through an appropriate Mutual Legal Assistance Treaty and request that a court order be issued by the Supreme Court of British Columbia, Canada.

When one Hushmail user sends an email to another Hushmail user, the body and attachments of that email are kept on our server in encrypted form, and under normal circumstances, we would have no access to that data. We can't just pick an arbitrary encrypted email message off the server and read it. However, since Hushmail is a web-based service, the software that performs the encryption either resides on or is delivered by our servers. That means that there is no guarantee that we will not be compelled, under a court order issued by the Supreme Court of British Columbia, Canada, to treat a user named in a court order differently, and compromise that user's privacy.

If you expect to engage in activity that might result in a court order issued by the Supreme Court of British Columbia, Canada, Hushmail is not the right choice for you.

In accepting our Terms of Service, Hushmail users agree not to use Hushmail for illegal purposes.

PGP Desktop and GnuPG are not web-based services. They install as software on your computer. Installed software is different from a web-based service in that you don't rely on the owner of the website to run the software correctly. You take on that responsibility yourself. If used correctly, both PGP Desktop and GnuPG can provide an extremely high level of security. When choosing your security solution, carefully weigh the convenience and ease-of-use of Hushmail against the inherent limitations of a web-based service.

If your own computer is not secure, than Hushmail will not be secure. Although all emails sent through Hushmail are virus scanned, Hushmail cannot prevent you from getting a virus from some other source, and once that virus has infected your computer, it could result in your Hushmail account being compromised as well.

When using Hushmail, be sure to also use a virus scanner, and keep your virus definitions up to date. Also, don't access Hushmail on a computer that you do not trust.

The following table gives some analysis as to what sort of threat Hushmail can protect you from. The "attacker" could be anyone who is trying to gain access to your email. If a court order has been issued by the Supreme Court of British Columbia compelling us to reveal the content of your encrypted email, the "attacker" could be Hush Communications, the actual service provider.

The following examples apply to the bodies and attachments of emails sent using public key encryption.
Attacker is listening to your Internet connection	Protected
Attacker gets access to email stored on the server	Protected
Attacker obtains data from the server's databases	Protected
Attacker compromises webserver after you have accessed your email	Mostly protected (there is a chance some sensitive data could remain in memory)
Attacker controls webserver while you are accessing your email	Not protected
Attacker has access to your computer after you have accessed your email	Protected
Attacker has access to your computer before you access your email (and can install programs such as key loggers)	Not protected

More detailed information on the security of Hushmail in various configurations is available in the Hushmail Help System.

Sign up for your own free email account!