Hushmail is worthless for personal use

It might be okay to check a compliance box for a business, but not for anything you want to keep secure from governments or possible bad guys. You have to place a lot of trust in their service.

They advertise encrypted email, but it's their encryption. Users have no control of keys or encryption. Uses question / answer to send encrypted email to non-Hushmail users.

  • No control of keys.
    • Hushmail keeps the keys and can obviously go into your encrypted email if they want.
  • No PGP support at all.
  • Based in Canada - 5 Eyes cooperative spy ring.

And then there's this: Encrypted E-Mail Company Hushmail Spills to Feds

Hushmail, a longtime provider of encrypted web-based email, markets itself by saying that "not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer." But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company.

That was 2007, but it should still be a concern for obvious reasons:

No PGP, They keep the keys and they're in 5 Eyes Country - No, no and no thanks.