Hubbry Logo
HushmailHushmailMain
Open search
Hushmail
Community hub
Hushmail
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Hushmail
Hushmail
Hushmail
View on Wikipedia
from Wikipedia

Hushmail is an encrypted proprietary web-based email service offering PGP-encrypted e-mail and vanity domain service. Hushmail uses OpenPGP standards. If public encryption keys are available to both recipient and sender (either both are Hushmail users or have uploaded PGP keys to the Hush keyserver), Hushmail can convey authenticated, encrypted messages in both directions.

Key Information

For recipients for whom no public key is available, Hushmail will allow a message to be encrypted by a password (with a password hint) and stored for pickup by the recipient, or the message can be sent in cleartext. In July 2016, the company launched an iOS app that offers end-to-end encryption and full integration with the webmail settings. The company is located in Vancouver, British Columbia, Canada.[1][2]

History

[edit]

Hushmail was founded by Cliff Baltzley in 1999 after he left Ultimate Privacy.

Accounts

[edit]

Individuals

[edit]

There is one type of paid account, Hushmail for Personal Use, which provides 10GB of storage, as well as IMAP and POP3 service.[3]

Businesses

[edit]

The standard business account provides the same features as the paid individual account, plus other features like vanity domain, email forwarding, catch-all email, user admin, archive, and Business Associate Agreements for healthcare plans. Features like secure forms and electronic signatures are available in specific plans.[4][5][6]

Additional security features include hidden IP addresses in e-mail headers, two-step verification[7] and HIPAA-compliant encryption.[8]

Instant messaging

[edit]

An instant messaging service, Hush Messenger, was offered until July 1, 2011.[9]

Compromises to email privacy

[edit]
Further information: E-mail privacy

Hushmail received favorable reviews in the press.[10][11] It was believed that possible threats, such as demands from the legal system to reveal the content of traffic through the system, were not imminent in Canada – unlike the United States – and that if data were to be handed over, encrypted messages would be available only in encrypted form.

Developments in November 2007 led to doubts amongst security-conscious users about Hushmail's security – specifically, concern over a backdoor. The issue originated with the non-Java version of the Hush system. It performed the encrypt/decrypt steps on Hush's servers, and then used SSL to transmit the data to the user. The data is available as cleartext during this small window of time, with the passphrase being capturable at this point, facilitating the decryption of all stored messages and future messages using this passphrase. Hushmail stated that the Java version is also vulnerable, in that they may be compelled to deliver a compromised Java applet to a user.[12][13]

Hushmail supplied cleartext copies of private email messages associated with several addresses at the request of law enforcement agencies under a Mutual Legal Assistance Treaty with the United States:[12] e.g. in the case of United States v. Stumbo.[12][13][14] In addition, the contents of emails between Hushmail addresses were analyzed, and 12 CDs were supplied to U.S. authorities. Hushmail privacy policy states that it logs IP addresses in order "to analyze market trends, gather broad demographic information, and prevent abuse of our services."[15]

Hush Communications, the company that provides Hushmail, states that it will not release any user data without a court order from the Supreme Court of British Columbia, Canada and that other countries seeking access to user data must apply to the government of Canada via an applicable Mutual Legal Assistance Treaty.[13] Hushmail states, "...that means that there is no guarantee that we will not be compelled, under a court order issued by the Supreme Court of British Columbia, Canada, to treat a user named in a court order differently, and compromise that user's privacy" and "[...]if a court order has been issued by the Supreme Court of British Columbia compelling us to reveal the content of your encrypted email, the "attacker" could be Hush Communications, the actual service provider."[16]

See also

[edit]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Hushmail

View on Grokipedia
from Grokipedia
Hushmail is a web-based encrypted service launched in May 1999 by Hush Communications Inc., a Vancouver-based company founded in 1998 by Cliff Baltzley. The service employs OpenPGP standards to enable encrypted messaging, secure web forms, and electronic signatures, with a primary focus on healthcare providers seeking HIPAA-compliant tools for handling sensitive patient data. Key features include one-click encryption for emails sent to non-Hushmail users via secure viewer links, custom domain support, and mobile notifications, positioning it as a user-friendly option for small practices over fully client-side alternatives like PGP . While marketed for against and unauthorized access, Hushmail's involves server-managed keys, enabling the company to decrypt content under legal compulsion, as demonstrated in when it complied with a British Columbia court order to supply U.S. authorities with private keys from accounts linked to animal rights activists, prompting user exodus and terms updates acknowledging such risks. This incident highlighted limitations in its model compared to zero-knowledge services, where providers cannot access , and underscored Hushmail's adherence to Canadian jurisdiction over absolute user anonymity. Despite these concerns, the service remains operational and profitable, evolving to include e-signable forms and scheduled messaging while maintaining its niche in professional secure communications.

History

Founding and Launch (1998–2000)

Hush Communications, the parent company of Hushmail, was established in 1998 with a focus on developing secure solutions. The company was headquartered initially in , a in the , to avoid U.S. restrictions by employing non-U.S. citizens for development. Cliff Baltzley, then 28 years old, served as president of Hush Communications during this period. Hushmail, the flagship encrypted web-based service, entered public beta in late 1999 and officially launched in May 1999. The service provided free accounts modeled after Hotmail, accessible via any , and featured client-side through a Java applet supporting 1024-bit keys based on PGP standards. This timing coincided with a U.S. Ninth Circuit Court ruling on May 6, 1999, deeming federal export controls unconstitutional, which facilitated broader adoption of in commercial products. From inception through 2000, Hushmail emphasized user by performing and decryption exclusively in the browser, ensuring the did not access content. Early highlighted its "bulletproof" for everyday users, with the company's patent-pending process made available for public scrutiny on its website. Gilliam, a co-founder and , promoted the service's use of 128-bit as a standard for secure communications. By 2000, Hushmail had established itself as a pioneer in accessible encrypted , attracting users seeking protection against amid growing adoption.

Expansion and Feature Evolution (2001–Present)

Following its launch in 1999, Hushmail experienced leadership transitions that supported operational expansion, with Ben Cutler assuming the role of CEO in 2001 and Brian Smith becoming CTO in 2002. These changes coincided with steady growth in user base, reaching tens of thousands of customers primarily in regulated sectors such as healthcare, finance, non-profits, and law, where compliance needs like HIPAA drove adoption. The company maintained its Vancouver, Canada headquarters while prioritizing simplicity in encrypted communications to facilitate broader accessibility for small practices and individuals handling sensitive data. Feature development began with core PGP-based encrypted email but expanded incrementally to address user demands for integrated secure workflows. Over the subsequent decades, additions included secure web forms for client intake and electronic signatures for document handling, enhancing utility beyond basic messaging for professional applications. By the mid-2010s, mobile support emerged, including an iOS app enabling end-to-end encryption and webmail synchronization. More recent enhancements reflect a focus on healthcare-specific tools and efficiency, such as reusable email templates with attachment and form support introduced in November 2024, improved client messaging consolidation in March 2025, email scheduling via "Send Later" in April 2025, additional Patient Health Questionnaire templates (PHQ-A, PHQ-15, PHQ-SADS, PHQ-4) with auto-scoring in June 2025, and client-initiated e-signable forms in July 2025—all available on select paid plans. These updates underscore ongoing iteration toward HIPAA-compliant features like automated form scoring and seamless integration, without reported acquisitions or major partnerships altering its independent structure.

Technical Features

Encryption Standards and Mechanisms

Hushmail utilizes the OpenPGP standard (RFC 4880) to encrypt email bodies and attachments exchanged between Hushmail accounts, employing RSA 2048-bit asymmetric keys for and AES-256 for symmetric of content. Each recipient receives encryption protected by a unique key derived from their public key, ensuring that messages remain encrypted at rest on Hushmail servers. The user's private key is generated server-side during account creation, symmetrically encrypted with AES-256 using a key derived from the passphrase via OpenPGP String-to-Key (S2K) derivation with SHA-256 hashing, a random salt incorporating the email address, and an iteration count of 2^20 for added resistance to brute-force attacks. For access, and decryption operations are performed server-side by a dedicated Engine component, which processes only in memory after over an SSL/TLS-secured connection; the server never stores unencrypted content or the raw , retaining only a hashed version of the for verification. In contrast, the Hushmail application handles OpenPGP client-side, retrieving and locally decrypting the private key with a master password before encrypting outgoing messages, with local data further protected by device-level NSFileProtectionComplete and additional AES-256 . Emails to non-Hushmail recipients are secured via symmetric OpenPGP or recipient public keys when available, with delivery occurring through a password-protected secure link to a temporary server-stored message. All client-server communications, including web access, IMAP, POP3, and SMTP, mandate SSL/TLS encryption with , utilizing ports such as 993/995 for direct SSL/TLS and 143/110 or 587/25 for STARTTLS upgrades; the app additionally implements TLS certificate pinning to mitigate man-in-the-middle risks. Outbound emails to external servers employ TLS opportunistically when supported by the recipient's server, falling back to unencrypted SMTP otherwise, though content remains OpenPGP-protected where applicable. Stored emails for users persist in OpenPGP-encrypted form on hardened servers compliant with CIS benchmarks, segmented by data sensitivity to limit breach impact.

Account Types and Additional Services

Hushmail offers tiered account plans categorized primarily for personal use, healthcare professionals, and es, each emphasizing secure capabilities with varying levels of storage, user accounts, and compliance features. Personal accounts provide basic encrypted without HIPAA requirements, starting at $59.99 annually for 15 GB of storage, unlimited aliases, ad-free access, one-click , and compatibility with mobile apps and clients like . Healthcare plans, designed for compliance with HIPAA regulations including a signed Business Associate Agreement, begin at $11 monthly for a single-user basic option with 10 GB storage and core , escalating to $16.50 monthly for growth plans that include 15 GB storage, 25 secure forms, and e-signatures. accounts, scalable from single-user setups at $10.79 monthly, support custom domains, multi-user options up to five accounts, and integrated web forms for client interactions. Additional services extend beyond core email functionality, particularly in healthcare and contexts. Secure web forms, HIPAA-compliant where applicable, allow for , questionnaires (including self-scoring tools like ), and body charts, with responses routed to encrypted inboxes and optional integration with electronic health records via PDF exports; these start at $14.99 monthly or are bundled in higher-tier plans with up to 25 forms included. E-signatures on forms adhere to ESIGN and UETA standards, featuring timestamped tracking for submissions. For personal users, an optional add-on at $95 annually provides VPN access across 10 devices, threat protection, and server coverage in over 111 countries. All plans include a 14-day trial or 60-day , with support for custom branding and domain setup in and healthcare variants.
Plan CategoryStarting PriceKey FeaturesStorage/Users
Personal$59.99/yearUnlimited aliases, ad-free, , POP/IMAP15 GB / 1 user
Healthcare Basic$11/monthHIPAA-compliant email, BAA, archive10 GB / 1 user
Healthcare Growth$16.50/monthForms (25), e-signatures, templates15 GB / 1+ users
$10.79/monthCustom domains, web forms, multi-userVaries / 1-5 users

Security and Privacy Architecture

Data Encryption and Access Controls

Hushmail employs OpenPGP encryption for bodies and attachments exchanged between Hushmail users, ensuring that such content remains encrypted both during transmission and when stored on Hushmail's servers. This standard, integrated into Hushmail's interface, mobile applications, and IMAP/POP3 protocols, generates unique keys per recipient to facilitate secure delivery without requiring external software. For communications with non-Hushmail recipients, users can opt to send encrypted messages via a secure web form, where the recipient authenticates using a one-time or responds to a secure question, preventing storage or transit exposure. Data in transit between user devices and Hushmail servers is protected using SSL/TLS protocols, incorporating advanced features such as Perfect Forward Secrecy to mitigate key compromise risks, to enforce encrypted connections, and certificate pinning to validate server identities. Server-to-server transmission defaults to TLS when the receiving server supports it, falling back to unencrypted delivery otherwise, though Hushmail masks originating user IP addresses in headers to enhance privacy. Unencrypted emails, including those not explicitly secured by the sender, are stored in on Hushmail's disks, underscoring the service's reliance on user-initiated for at-rest protection. Access to user accounts is governed by multi-factor authentication options, including two-step verification via SMS, alternate email, or authenticator apps, alongside rate limiting and automatic account locking after repeated failed login attempts. User passphrases are hashed upon storage, preventing server-side recovery or employee access to plaintext credentials, with no provision for passphrase reset absent pre-configured recovery mechanisms. Internal access controls limit employee privileges to job-specific systems, with mandatory vetting for new hires, prompt revocation upon termination, and policies prohibiting routine decryption of user content, aligning with SOC 2 compliance standards for organizational security. These measures ensure that unencrypted data transmission from browsers to servers remains insulated from third-party interception, though Hushmail retains administrative capabilities over encrypted archives via designated keys for compliance or recovery purposes.

Logging Practices and User Data Retention

Hushmail logs various metadata associated with user activity to support account management, abuse prevention, and auditing, including IP addresses, browser types, operating systems during website visits and sign-ins, actions such as reading or moving messages, sender and recipient addresses, subjects, and URLs embedded in unencrypted emails. These logs are centralized on segregated systems and retained for up to 18 months to facilitate detection of suspicious activity, with statistical aggregates potentially kept indefinitely for analytical purposes. Users can access a limited view of their recent sign-in history, including timestamps and IP addresses, directly through their account interface. The service does not log or store email content in plaintext form due to end-to-end encryption via OpenPGP standards, though message headers remain unencrypted during storage on web servers, and bodies are temporarily decrypted on servers before encryption in transit. Passphrases are not stored in recoverable form but as hashed values, preventing recovery even by Hushmail staff unless required by court order. details from purchases are not retained, aligning with PCI compliance. User is retained only while the account remains active, with messages deleted immediately upon explicit account closure or request, though encrypted backups may persist for approximately post-deletion to allow recovery windows. For inactive accounts, free and accounts are deactivated after and two weeks of inactivity, respectively, with remaining emails purged around 12 months later; paid accounts downgrade to free status after one week of lapsed payment before following similar deactivation protocols. In Hushmail , individual user accounts are deleted after cancellation or six months after deactivation due to non-payment. Administrators in business domains may optionally configure archive keys to retain copies of inbound and outbound emails for compliance or archival needs, stored in encrypted form offsite. Associated personal information, such as billing details, is accessible to users via their account but subject to the same activity log retention of about 18 months after deletion. These practices support HIPAA and SOC 2 compliance by enabling audit trails for access logging without compromising core .

Jurisdiction and Compliance Framework

Hushmail, operated by Hush Communications Corporation, maintains its headquarters and primary operations in , , , with servers located in and , . Although incorporated in , , the service's data handling and legal obligations are governed by the laws of , subjecting it to Canadian federal and provincial regulations rather than direct U.S. oversight for core activities. This Canadian jurisdiction positions Hushmail within the Five Eyes intelligence-sharing alliance, potentially facilitating cross-border requests via mutual legal assistance treaties, though disclosures require enforceable orders under local law. The core compliance framework centers on Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), which mandates consent-based collection, use, and disclosure of while permitting exceptions for legal compliance, fraud prevention, or public safety. Hushmail asserts full PIPEDA adherence, including breach reporting obligations amended in 2018 to require notification of significant privacy incidents to the Office of the Privacy Commissioner and affected individuals. The European Commission recognizes PIPEDA as providing adequate protection, enabling data transfers from EU member states without additional safeguards. Additionally, Hushmail complies with British Columbia's Freedom of Information and Protection of Privacy Act for public sector users and mandatory reporting under Bill C-22 for child sexual exploitation material, allowing proactive disclosures in exigent cases without user consent. For sector-specific needs, Hushmail tailors compliance to international standards: healthcare plans include HIPAA-compliant features such as signed business associate agreements, automatic encrypted archiving, and audit logs to meet U.S. safeguards. All plans support GDPR requirements for users, encompassing data minimization, user rights to access or erasure, and cross-border transfer mechanisms. Security practices align with SOC 2 Type II controls, audited annually for confidentiality, availability, and processing integrity, though these are voluntary enhancements beyond legal mandates. Data retention and access policies under this framework limit logging to essential metadata for service functionality and security, with user content encrypted at rest and in transit using 256-bit AES; however, Canadian law compels decryption keys or disclosure for targeted accounts upon valid court orders from authorities, without broad warrants. Hushmail does not store unencrypted email bodies long-term but retains recovery keys for self-decrypting messages sent to non-Hushmail recipients, accessible only under legal compulsion for specific users. This structure balances assurances with statutory duties, prioritizing verifiable legal processes over absolute non-disclosure.

Instances of Law Enforcement Cooperation

In a 2007 U.S. federal drug trafficking investigation targeting alleged manufacturers and distributors, Hushmail provided U.S. (DEA) agents with decrypted copies of emails from three targeted accounts, delivered on compact discs. The case involved communications between suspects in and the U.S., including dealings with Chinese wholesale suppliers and underground labs, where Hushmail addresses were used for coordination. The disclosure occurred under a U.S.- mutual legal assistance treaty (MLAT), which facilitated a court order from the compelling Hushmail to retain user passphrases or decryption keys and produce unencrypted message content from the specified accounts. Hushmail's technical architecture at the time, relying on server-side encryption for its web-based interface (as opposed to fully client-side Java applet processing), enabled compliance by allowing access to data stored on servers. The company stated it only responds to such orders targeting named, specific accounts and does not contest them if properly limited in scope. Following public revelation of the via unsealed U.S. court documents in November 2007, Hushmail updated its to explicitly notify users that encrypted emails could be decrypted and disclosed to authorities pursuant to valid Canadian court orders. Hushmail's emphasized that the service is not designed to shield users from persistent investigations involving legal processes. No additional public instances of such have been documented since.

Reception and Applications

Adoption in Healthcare and Professional Sectors

Hushmail has achieved notable adoption in healthcare, particularly among providers such as , counselors, psychologists, and psychiatrists, who require secure handling of under HIPAA. Over 47,000 healthcare and professionals use the service for encrypted communications and e-signable forms, facilitating compliance through features like automatic encryption for external emails, business associate agreements, and built-in archiving. The platform targets solo practitioners and small group practices, with plans starting at $11.99 per month, enabling streamlined patient intake and follow-up without additional third-party tools. Early implementations date to 2000, when Hushmail introduced secure specifically for healthcare networks to protect electronic communications. In professional sectors beyond healthcare, Hushmail supports adoption by lawyers and small businesses handling sensitive client data, offering dedicated plans for encrypted email and secure forms to build trust in legal practices. Market data indicates approximately 4,665 companies utilize Hushmail, primarily those with 1-10 employees and revenues under $1 million, reflecting its appeal to independent professionals in fields like and consulting where privacy regulations such as PIPEDA or GDPR apply alongside general data protection needs. For instance, licensed professional counselors integrate it for administrative efficiency, as demonstrated by user Carol Park, who adopted it to manage client communications securely without reverting to less protected methods. Overall, the service's focus on ease of use and compliance has driven uptake among professionals prioritizing over standard providers.

Criticisms from Privacy Experts and Users

Privacy experts have criticized Hushmail's architecture for lacking true , as the service's web-based model enables server-side access to under certain conditions, such as when users opt for non-Java or during compliance with . In a 2007 case involving U.S. authorities investigating distribution, Hushmail complied with a obtained via a U.S.-Canada , providing 12 CDs containing decrypted emails from three accounts, demonstrating the service's ability to store and retrieve passphrases via a mechanism. Hushmail's acknowledged this capability, noting that the company could obtain user passphrases to decrypt stored and future messages when compelled, and explicitly warned that the service is unsuitable for users anticipating legal scrutiny. Security analyst Bruce Schneier highlighted the inherent risks of Hushmail's outsourced encryption model, arguing that server involvement exposes data to government demands, misleading users who assume robust protection comparable to client-side tools like PGP. Reviews from privacy-focused outlets have echoed these concerns, pointing to Hushmail's Canadian jurisdiction within the Five Eyes alliance and its U.S. subsidiary as amplifying risks of extraterritorial data access, including under U.S. warrants without user notification due to the absence of a transparency report or warrant canary. Additionally, the service logs IP addresses, browser details, and email metadata, which can be disclosed alongside content, further eroding claims of comprehensive privacy. Users, particularly in privacy advocacy communities, have voiced dissatisfaction with Hushmail's legal compliance practices, citing the 2007 incident and subsequent updates clarifying that encrypted emails may be handed over to authorities as evidence of insufficient resistance to compelled disclosure. Complaints often on the service's closed-source nature and perceived over-reliance on jurisdictional safeguards rather than technical zero-knowledge proofs, leading some to abandon it for providers offering verifiable non-cooperation or offshore operations less amenable to Western legal processes. These critiques intensified after revelations that Hushmail's applies primarily to transit between users, with server-side vulnerabilities persisting for targeted accounts.

References

  1. https://www.crunchbase.com/organization/hushmail
  2. https://www.hushmail.com/about
  3. https://www.hushmail.com/
  4. https://www.techradar.com/reviews/hushmail-secure-email
  5. https://www.hushmail.com/how-it-works/encrypted-email/
  6. https://www.hushmail.com/therapy-hipaa-compliant-email
  7. https://www.wired.com/2007/11/encrypted-e-mai/
  8. https://www.wired.com/2007/11/hushmail-to-war/
  9. https://www.theregister.com/2007/11/20/hushmail_update/
  10. https://www.hushmail.com/new
  11. https://pitchbook.com/profiles/company/92215-45
  12. https://www.wired.com/1999/05/bulletproof-email-for-the-masses/
  13. https://www.schneier.com/crypto-gram/archives/1999/1015.html
  14. https://apps.apple.com/ca/app/hushmail/id1008495364
  15. https://4429584.fs1.hubspotusercontent-na1.net/hubfs/4429584/Hushmail-Authentication%20and%20Encryption.pdf
  16. https://4429584.fs1.hubspotusercontent-na1.net/hubfs/4429584/Hushmail-Security.pdf
  17. https://help.hushmail.com/article/731-security-analysis
  18. https://blog.hushmail.com/blog/understanding-your-hushmail-encryption-options
  19. https://www.hushmail.com/plans/personal
  20. https://www.hushmail.com/pricing
  21. https://www.hushmail.com/plans/small-business/
  22. https://www.hushmail.com/how-it-works/secure-forms/
  23. https://www.hushmail.com/privacy
  24. https://help.hushmail.com/article/738-your-recent-login-history
  25. https://www.hushmail.com/secure-healthcare-email-for-canadians
  26. https://blog.hushmail.com/blog/new-pipeda-rules-require-conscientious-breach-reporting
  27. https://blog.hushmail.com/blog/not-just-hipaa.-hushmail-complies-with-gdpr-pipeda-and-others
  28. https://www.theregister.com/2007/11/08/hushmail_court_orders/
  29. https://www.itnews.com.au/news/hushmail-turns-out-to-be-anything-but-97286
  30. https://www.schneier.com/blog/archives/2007/11/hushmail_turns.html
  31. https://compliancy-group.com/is-hushmail-hipaa-compliant/
  32. https://www.hushmail.com/plans/healthcare-hipaa-compliant-email
  33. https://www.auntminnie.com/imaging-informatics/enterprise-imaging/is/article/15556820/hush-communications-offers-secure-e-mail-for-healthcare-professionals
  34. https://www.hushmail.com/plans/legal/
  35. https://enlyft.com/tech/products/hushmail
  36. https://blog.hushmail.com/blog/customer-success-story-licensed-professional-counselor-embraces-technology-and-doesnt-go-back
  37. https://www.totalhipaa.com/hushmail-a-comprehensive-review-for-hipaa-compliance/
  38. https://proprivacy.com/email/review/hushmail
  39. https://www.reddit.com/r/privacy/comments/1k03w4/hushmail_is_not_a_secure_email_provider/
  40. https://cyberinsider.com/email/reviews/hushmail/
Add your contribution
Related Hubs
User Avatar
No comments yet.