Quote from: eddiethegun on December 16, 2012, 08:40 pmOne should keep this in mind when using Tormail or TorPM. Although these are both tor hidden services and therefore run from servers of indeterminate location, one still has no assurance that the content ON those servers would be secure in the case that the operators got pinched. That information is vulnerable to subpoena, seizure or bartering for the operators freedom.(Just to head off the inevitable tor arguments, yes I'm aware of tor's security. But busts can happen for reasons other than technological vulnerability.)All I'm saying is, PGP is still always necessary, even on tor hidden services.YES, YES, YES! ^ What he said! Unfortunately, no matter how many times people are told, the message simply doesn't penetrate some peoples' thick skulls. Operation Raw Deal (ORD) 5 years ago, The Farmers' Market bust within the last year or so -- in both cases Hushmail was front-and-center. Take a look at the Member Search function, and do a search on email address. Put Hushmail in the search field. You will find (at this time) no less than 165 people using Hushmail addresses. What needs to be borne in mind is that these 165 members who are showing up are those people who checked the "allow other members to email me" checkbox. Presumably, these would be active Hushmail users. The other day, I saw a post from a newbie who was having problems importing a PGP key into their PGP keyring. They wondered aloud:"I noticed that underneath where it says start pgp key it says HUSH version 3.0 I wonder if this is the reason it wont import to GPA?"I didn't think about it at the time I made the following reply, but there is probably a better than even chance that this was a vendor, for Christ's sake! Here's what I said to them: Where it says Hush 3.0 is just the version string. Hushmail-generated keys are fully interoperable with other keys generated by OpenPGP implementations. If they key is not importing, the key could be corrupted -- If that's the case, consider this your lucky day.The fact that this key has a Hush version 3.0 version string tells me that it was generated by someone using a Hushmail account.If I were in your shoes, I wouldn't just walk away, I'd RUN! If you want to know why, just read the following clearnet articles:http://arstechnica.com/security/news/2007/11/secure-hushmail-can-still-talk-to-the-feds.arshttp://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.htmlNC