The question of trust is a difficult one. The decision to trust must be made taking into consideration both now and by calculating future probabilities into the equation. Unfortunately the users of the users of Hushmail, a longtime provider of encrypted web-based email made the wrong decision.
The main selling point of Hushmail was it’s encryption which would guarantee privacy and security to the user. Hushmail markets it’s service by saying that “not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer.”
Unfortunately such promises are rarely true. In an article in Wired:
A September court document (.pdf) from a federal prosecution of alleged steroid dealers reveals the Canadian company turned over 12 CDs worth of e-mails from three Hushmail accounts, following a court order obtained through a mutual assistance treaty between the U.S. and Canada. The charging document alleges that many Chinese wholesale steroid chemical providers, underground laboratories and steroid retailers do business over Hushmail.
I have no sympathy for the drug dealers but it is important to realize that relying on free services provided by companies will never ensure a reliable infratructure – when placed under stress the private company has an obligation to make a profit, not to protect non-paying users.