(Thanks for the link.) It says hushmail had a simplified web-only version (no java applet) and that the disclosure of client emails did not involve pressured code changes (at least code shipped to clients), rather that as a natural consequence of the way passwords would be processed on the server side and decryption happened on the server side so hushmail had the passwords, private keys, and decrypted plaintexts at leas in memory to hand over on request. Adam On Fri, Aug 09, 2013 at 08:59:53PM -0400, Jeffrey Walton wrote:
On Fri, Aug 9, 2013 at 8:56 PM, Adam Back <adam@cypherspace.org> wrote:
...
Its less clear what lavabit were talking about. Perhaps something similar in terms of an SMTP interoperability encryption gap, or alternatively about being pressured to modify code (which people seem to assume, but I didnt see explicitly stated).
There were some hushmail rumors about code modification some years back - does anyone know what actually at hushmail? Encrypted E-Mail Company Hushmail Spills to Feds, http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/.