Trusting your data to Hushmail, an email service that provides encryption may not be as secure as you may think. Recently Cryptome noticed that Hushmail’s encryption program is not actually the same as the source code that they make available. Hopefully this is an error and not an attempt to intentionally mislead their users.

When coupled with the fact that Hushmail handed over 12 CDs worth of data to law enforcement, I would suggest using your own email encryption like Thunderbird/Enigmail/GnuPG (GPG) for sensitive data. If another party has your secret keys, they are less likely to fight for your right to keep the keys and data secret as you are. Nobody should ever have accecss to your secret encryption keys but you (hence calling them ‘secret keys’ and not ‘public keys’). While you are at it, download the Lightning extension to add calendar support to the Thunderbird email client, and the WebMail extension to check your web based email account (e.g.: Hotmail, GMail, Lycos, etc…).