Domain: lavabit.com
Stories and comments across the archive that link to lavabit.com.
Comments · 14
-
Re:He gave away his login....
??? How old ARE you? (OMG: I'm only 55 -- maybe I really am older and more paranoid than I thought.)
Let me get this straight: you gave away control of your unencrypted files to someone who wasn't a known personal friend and then am surprised that something happened to them??
I treat on-line services slightly differently: I keep local copies of EVERYTHING that goes out, and I'm surprised when it's still accessible online 5 minutes later, never mind 5 years later. And controlling exactly who has access to it? That's just a fantasy -- really. It's actually binary: either it's out there and they MIGHT have it, or it's not and they DON'T.
I do run Dropbox and use KeePass as a password manager. The credential store is encrypted, but even then the stored password there just isn't "quite right". Phone camera pics get uploaded to Dropbox. At times I'll AES encrypt and email or use Dropbox and expose. For stupid pics I'll just dump 'em out there straight. But I know what's exposed and encrypted-exposed. The latter die soon after they're used.
You store important and critical (tax receipts, lawyer-enforced) notices that might cause breach of contract? And you put control of that in someone else's hands, paid for or not? What kind of an IDIOT are you? Then again, you must not think much of the breaching penalties. That's great, I'm glad you're so confident at everyone always doing the right thing everywhere and nothing bad ever happening.
Me, if I'm going to have a some contract or data leakage it'll be because *I* did it myself and have no one else to blame. Then again, it's obvious digital computer files and paid services will stay around forever: Just ask MegaUpload, GeoCities, and LavaBit. Oh, and the data center located in the Twin Towers? Onsite backups sure came in handy there. Some got thru better than others: One, Two
Then again, there's this brand new data center that will hold all of your data for years -- all for free! I'm sure you can retrieve all of your data from that.
Really, I'm glad things are going so well for you, with the exception of a few bumps. And local storage doesn't solve everything either -- drives can be stolen, warrants can be served, computers can be hacked and data downloaded. But damn it, for 99.9% of my data, I'm 100% directly responsible for it. Offloading everything to the cloud is just offloading responsibility, never mind anything at all to do with the NSA.
Oh, one last thing. Even if all of the employees in the ISP, supporting companies, 3rd party vendors and everyone involved are all above reproach. are you sure? And even say all of the software is 100% vetted and accurate (ignoring accidental software bugs): oops.
Paranoid? Probably, but then again most things don't deserve multiple layers of defense. Only a few do, and of those only a select few get vetted, encrypted, backed up, and rotated offsite. But as for "What would you need if everything was suddenly gone (house fire) and you could only keep a couple of things?" Well there's your answer.
Good luck with it all; hope you produce a updated -
Re:Corporations are not allowed BY LAW to have mor
Well... a CEO might resign and go somewhere else instead of doing something s/he doesn't like. They didn't so they preferred the alternative.
Recently Lavabit shutdown instead of doing something they didn't like. I don't know anything about US corporate law but maybe even public companies, even Apple, can decide to shutdown at any time for any reason. It could be as easy as buying back the company and closing it. Stockholders get their money back and don't have anything to complain about. Is there any expert out there?
That said, would I expect any CEO of world class corporations to pay attention to morals? I don't. They won't be there, stabbed in the back by some competing manager long time ago.
-
Re:Where will this end?
Educate yourself: Lavabit founder has specifically stated that he did not wat to compromise the privacy of his users.
Source: https://lavabit.com/
My Fellow Users,
I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on--the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.
What’s going to happen now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.
This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.
Sincerely,
Ladar Levison
Owner and Operator, Lavabit LLCHe has also stated that he could be arrested for shutting down his site:
I may be ''rather fucking stupid'' as you say, but, at this stage, I trust Lavabit more than I trust the NSA.
And please learn the difference between "convent" and "convenient". I am not a religious person and I have no intention of ever becoming a monk.
-
Re:Weird!
If later I say "I shut down the service not to help terrorists, as my service was meant only for horny partners and surprise birthday parties, not to really get un-snoopable communication", then I show everyone I am an incompetent and a simpleton.
Silent Circle and Lavabit are not shutting down because they do not want to help terrorists, they are shutting down because they do not want to be complicit in the violation of their customer's rights by the United States government. These companies would rather stop existing than to be compelled participate in an illegal monitoring program.
Lavabit Statement: "I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit."
Silent Circle Statement: "We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now. "
-
Donate to the defense fund!
They are still fighting this and are asking for donations - see the PayPal link at the end of http://lavabit.com/
-
Re:Riiight
If only I could switch back to the classic inbox view...of two revisions ago, when I liked the service. http://lavabit.com/ is looking more and more interesting.
-
Re:Five reasons why it's highly improbable.
I agree -- Google selling their services for cash does not seem to be a good business decision for Google. I for one would be happy to pay for a Google account where my privacy was ensured. Since that's not an option, I've switched my mail over to another provider that encrypts all of their email and provides POP3/IMAP for a modest monthly/yearly fee. I use http://lavabit.com/ but there are other alternatives as well.
Now that's not to say mail is the only feature that Google provides. I've migrated any work I've done with Google docs to my local box and am using LibreOffice. I use my VPS for storage instead of Drive/dropbox. I use XMPP instead of Google Talk in Gmail exclusively. The only Google service that I have yet to liberate is the calendar service (simply because I have not found a company that sells managed CalDAV servers).
It will probably be a small minority of Google users moving their services elsewhere and probably won't have a large impact on their business, but I can be happy to know that I'm not selling my privacy for Google services.
-
Re:Take 'em offline
-
Re:This is Why I Avoid Google Products
I'm undoing moderation for this, but you might want to try Lavabit as an alternative to Gmail. You have a choice between free, ad-supported, and paid accounts, with increasing benefits for each. Its features page has an impressive list of privacy- and security-friendly features that are supported. Oh, and pop and imap support too. Works pretty well for my purposes.
-
Re:This is Why I Avoid Google Products
I'm undoing moderation for this, but you might want to try Lavabit as an alternative to Gmail. You have a choice between free, ad-supported, and paid accounts, with increasing benefits for each. Its features page has an impressive list of privacy- and security-friendly features that are supported. Oh, and pop and imap support too. Works pretty well for my purposes.
-
Graph showing adoption
I am one of the admins for the free email service Lavabit. We have a graph on the net showing adoption, built from about 150k messages a day. (We don't include messages for users who have disabled this inbound check, or for messages which are blocked for some reason other than SPF.)
-
Lavabit
Lavabit has a great service concept.
Only minus point: When using the free 1GB plan, the ads invalidate PGP signatures. They have ad-free 128 MB though.Features: http://lavabit.com/features.html
-
Lavabit
Lavabit has a great service concept.
Only minus point: When using the free 1GB plan, the ads invalidate PGP signatures. They have ad-free 128 MB though.Features: http://lavabit.com/features.html
-
Re:Has anyone actually answered the question?
This "enterprise" post reminds me of several WTF's. But I link to one in particular:
http://worsethanfailure.com/Articles/Bitten_by_the _Enterprise_Bug.aspx
In general, enterprise has come to mean overpriced and underperforming. By making something "enterprise" your saying you designed it such that you can throw money at the problem. By breaking things into multiple "tiers" your saying that if any one tier gets overloaded, you can fix the problem by throwing money/hardware at that teir.
From my perspective, the best way to solve the performance/reliability problems are with sound design, good programming (algorithims), and careful tool selection. That means architecting your app so that there is no single point of failure. If one node goes down, can the other nodes recover and continue functioning? In the same vein, can you add nodes to the cluster and scale increased loads across more machines without encountering bottlenecks? Its been documented elsewhere, but you want a(n) algorithims, not a(log n) algorithims. All to often the answer to scaling "enterprise" software is buy a bigger box. That can get expensive very fast. The better, albeit more difficult solution is to write the app so that multiple machines can work in concert. And finally, making sure that the tools you use will be able to scale. In general this relates to what database system, and libraries you use (and not so much the language).
I'll address the language issue too. A lot of people have mentioned Erlang. While I think its a great language for server applications, there just isn't the community support to make it a pracitical choice. (Exception, if you don't need libraries or you plan to write _everything_ yourself, as is often the case for embedded systems, then maybe Erlang is a good choice. Hence, why you find Erlang is routers.) Erlang also is problematic because of the small number of people skilled in its use. For me it really comes down to choosing C on Linux, or C# on Windows. (I've written scalable apps, supporting several hundred thousand users using both.) Its a simple fact that it takes less time to write production code in C# (or Java) than in C (or C++). So what you need to ask yourself is whether the efficiency savings of the former outweigh the added development cost of the latter.
One of the apps I wrote is the SMTP/POP/IMAP server used to support my free e-mail service (http://lavabit.com/). For that project, hardware was comparatively expensive (I paid for everything myself), and my time was relatively cheap. (I started by only working on the code in between consulting gigs.) So it made sense to write the app in C, and use Linux. Over time, the efficiency savings have made the decision, while painful at times, the correct one. I'm able to support 70K users very cheaply. If I had chosen C#/Windows, I might have gotten the project done faster, but I'd need more expensive hardware. (I'm using Dell 1650's at the application tier, with beefier machines at the database/storage tier. Note, I have a two tier architecture.) I would also have had to shell out lots of dollars for Windows licenses. It just didn't make sense. For more on my mail server, read this other post http://slashdot.org/comments.pl?sid=191034&cid=157 11157.
Another large project I worked on was a social networking site sponsored by a large carbonated beverage firm. In this case the pockets were deeper but the timeline was shorter. So it made sense to write the app in C#. In reminds me of the saying that in software development you have three factors: cost, quality and time. You get to pick two of those, but not three.
I'll close by saying again, the best way to solve the performance/reliability problems are with sound design, good programming (algorithims), and careful tool selection.