Remember when Hushmail backdoored their client-side applet to capture unencrypte... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

digianarchist on Aug 16, 2018 | parent | context | favorite | on: OpenPGPjs has passed an independent security audit

Remember when Hushmail backdoored their client-side applet to capture unencrypted emails and passwords?

0xbadcafebee on Aug 16, 2018 | [–]

It appears they were actually just hosting a web app and users were sending their decryption password to Hushmail. I don't see a reference to backdooring the Java client, though obviously since they delivered it, they could do that too. https://www.wired.com/2007/11/encrypted-e-mai/

bigiain on Aug 16, 2018 | [–]

I remember when Lavabit didn't...

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact