@nanook @jsparknz @aral @hypolite Mass surveillance would require #Hushmail to push malicious #javascript to everyone, which would work right up until just one user decides to audit the js code one time. I'd say that's unlikely. Targeting is a risk, so HM is not useful if your threat model includes targeted surveillance.