Hushmail 2.0

Hush Communications sent us a press release, which I'll spare you from reading. Normally press crap gets deleted with prejudice, but Hush says they've made their encrypted web-based email compatible with OpenPGP, which would be great news. Does anyone use Hush? Good experiences, bad experiences? (Note that a UK civil liberties group also has a Hush-based site at cyber-rights.net, nice domain name for your email.)

Bad experience

[Anonymous Coward]

When I tried to log into my account, the Java applet wanted "Access required by terminal emulators and other communications programs", which Netscape labeled as a high-risk action. Clicking on "Details", I saw it wanted the following permissions:

• Accepting connections from other computers on a network (high)
• Access required by terminal emulators and other communications programs (high)
• Reading data from a network connection (high)
• Writing data from a network connection (high)
• Using native code stored in dynamically linked libraries (high)
• Reading and writing to the system clipboard for your computer (high)
• Contacting and connecting with other computers over a network (high)
• Reading information stored in your computer, such as your user name (low)
• Printing from within Communicator (low)
• Accepting connections from other computers on a network (high)

The applet will fail with a generic error message if you deny these permissions ("An error occured while upgrading the account [name], click here to retry."). I'm not going to give a Java applet permission to run native code on my computer or read data "such as my username". My account is supposed to be anonymous, I have a lot of privacy and security concerns about this. Netscape won't even tell me specifically what info they can obtain, but if it can run native code it can read my entire hard drive anyway.

The applet doesn't mention why it wants these permissions, neither does the web page (AFAIK). So at the moment, I'm not able to use my Hushmail account at all (there's no way to access the old applet). Hopefully they'll fix this soon.

Re:Use it? I loved it. But now it sucks asterisk.

[Chacham]

Aparrently they're having issues right now. And its too bad. I think the old interface was *much* better.

---
ticks = jiffies;
while (ticks == jiffies);
ticks = jiffies;

Use it? I love it.

[Chacham]

I've been using hushmail for quite a while, and I love it. They are rarely ever down, they almost never send anything to you, and they reply quickly (day or so) to questions.

I get the feeling that they are committed to giving you good service.

One thing I don't like, however, is scheduled maintenance. This upgrade to 2.0 happened yesterday, with no warning as the when it would happen timewise. They've been mentioning it, but nothing exact. And, they were then down for a few hours, only to say when that time was up, that they'd be down for a few more hours. Currently, they're forcing the upgrade to 2.0 on everyone. I like the old look better, simple and sweet.

Right now my upgrade is failing. I hope they're in working order soon.

---
ticks = jiffies;
while (ticks == jiffies);
ticks = jiffies;

Re:Does it work? Well, let's see

[DaveHowe]

yes, I got that error too - it is related to the downloaded (cached) copy of the client. to fix this, go into c:\windows\downloaded program files and delete the hushmail app you will find there. when you try again, you will get the online (non installed) version which does work.
--

Hush 2.0 - first impressions

[DaveHowe]

Ok, I thought I would give this the once over - noting in passing that the uk "cyber-rights.org" version is not yet on the conversion path.

1. Upgrade
   Actual upgrade went smoothly; I was presented with a upgrade applet, which (once given some mouse movements to generate a few numbers) calculated my key for me and then threw me into a conventional-looking login screen. One minor glitch - one of the intermediate screens has a different server key to the main site, so a anti-spoof web browser throws an error.
2. First Impressions
   At first glance, everything looks pretty and shiny; in a similar display to Outlook and many mail clients, Hush now has a folder list down the left edge (with number of unread displayed) and a toolbar along the top with check mail, compose, contacts (address book) and quit.
   that the app does not take you to the inbox on start or on "check mail" is a little surprising, but I can live with that. compose works smoothly, and there is a little "options" tab at the top right that will take you to the now integrated "pager" and "change password" functions.
3. Testing - OpenPGP
   well, obviously the big test of the system (and the major change) is pgp. For testing purposes, I did the following:
   1. sent two messages from a conventional mail client, signed with keys long established on the keyservers (youngest is two years old) - one each of RSA and DSS.
      results were disappointing - not only did the program fail to verify either key, but no options are available to display signature info (time/date and so forth) to manually specify a key, or to specify a keyserver to check for keys.
      Ok, I thought - possibly you have to add the sender to your contacts list. yes? no. a careful search found no way to add the sender of the current message to the contacts. ok, so lets do it manually. copied the address data into the clipboard, then contacts->add. hmm. I can add a contact easily enough (nickname, full name, email, much as always) but no sign or concept of key or default encryption. very odd.
   2. sent mail from Hush to the named recipients
      Manually composed messages to the recipients, and hit encrypt. no dice... "no key". oh. ok, I will send a unencrypted, but signed message to one of them, and see what it looks like on receipt. oops, hangs indefinitely. this is not good......
   3. send mail hush-->hush
      a bit shaken, I decided I had better test the functionality that was working before - encrypted mail from a hush user to another hush user. results were the same as to a non-hush encrypted user - encrypt fails with a no-key error, sign hangs the system

I am a bit disappointed in this initial rollout, but am assuming it is still in the teething stage and a few bugs are to be expected (I also have none of my previous mail, but they apologised for that in advance and said it will be moved to the new server soon) however, I think it is unworkable for the short term, and will be waiting to see what happens in the next few weeks.
--

New Accounts are currently disabled. Try again lat

[heliocentric]

I tried to go check it out - the idea seemed good enough for me to poke at and consider for actual use, and hey we can all use an extra web account that when we hate the service eventually we can use for spam.... BUT! This message seems to be implying my quest to sign up has met a dead end:

New Accounts are currently disabled. Try again later.

Toasted my former messages

[ct]

Much like the Canada.com fiasco last year - I just logged in, went through their 'conversion' process, and found the expected 5-10 pieces of SPAM which I got rid of.

Then I noticed that ALL of my previously saved/archived messages are gone. They aren't in another folder - I've checked 3 times.

*** If you have a Hushmail account that you haven't 'migrated' to 2.0 - I warn you strongly against this until they fix things. ***

I had membership emails & transaction records that appear to be gone for good now. I've email their support, I'm not expecting much in terms of assistance.

-ct

Re:Toasted my former messages

[ct]

Hate to reply to my own post, but...

Found in the FAQ a few layers in...

-------
"I have upgraded to version 2 but cannot access my old email messages. Why?"

Throughout the migration period, which will last about three weeks from launch, Hush will be transferring your email to a new, faster, even more robust storage system. During this time, old email messages may not be available. Don't worry; they are safe and will be transferred back into your email account. Premium Account users and extremely frequent users will be given preference during this process. At no point in this process is encrypted email ever unencrypted.
--------

Now I guess I can only wait & hold my breath for a yet to be determined period of time. Unfortunately, I have yet to experience a 'freemail' upgrade that hasn't irrepairably lost archived messages.

-ct

Hushmail Upgrade

[MadSaxon]

I've been trying to migrate to 2.0 for a couple of weeks now, even though I have some strong issues with the liberties the Java applet wants to take with the system being upgraded. However, the migration process always stalls at the "accept certificate" level, no matter what option I choose. My bottom line analysis is that this is one seriously broken process at present. I'd advise against messing with Hushmail until they resolve the problems.

m5x

Upgrade failures

[howardcohen]

The upgrade process crashed both Opera 5 and Netscape 4.7x on two separate machines here. I hope this is a temporary problem, but I'm not optimisitic.

Re:Use it? I loved it. But now it sucks asterisk.

[haggis_bot]

The previous version worked with Mozilla, although they never claimed to support it, that I know of. But I can't log on to v2. The migrate applet seems to load correctly, but then I go to enter my passphrase and every keypress results in *TWO* asterisks. I tried copying and pasting my passphrase into the blank and still came up with an extra asterisk.

Ironic to support the OpenPGP standard while not supporting the most standards compliant browser available...