Lavabit Is Relaunching

The encrypted email service once used by whistleblower Edward Snowden is relaunching today. Ladar Levison, the founder of the encrypted email service Lavabit, announced on Friday that he's relaunching the service with a new architecture that fixes the SSL problem and includes other privacy-enhancing features as well, such as one that obscures the metadata on emails to prevent government agencies like the NSA and FBI from being able to find out with whom Lavabit users communicate. In addition, he's also announcing plans to roll out end-to-end encryption later this year. The Intercept provides some backstory in its report: In 2013, [Levison] took the defiant step of shutting down the company's service rather than comply with a federal law enforcement request that could compromise its customers' communications. The FBI had sought access to the email account of one of Lavabit's most prominent users -- Edward Snowden. Levison had custody of his service's SSL encryption key that could help the government obtain Snowden's password. And though the feds insisted they were only after Snowden's account, the key would have helped them obtain the credentials for other users as well. Lavabit had 410,000 user accounts at the time. Rather than undermine the trust and privacy of his users, Levison ended the company's email service entirely, preventing the feds from getting access to emails stored on his servers. But the company's users lost access to their accounts as well. Levison, who became a hero of the privacy community for his tough stance, has spent the last three years trying to ensure he'll never have to help the feds break into customer accounts again. "The SSL key was our biggest threat," he says.

Might be wise to still use PGP still...

[ctilsie242]

It is nice to have a good transport layer for E-mail, but no matter how well secure it is, it is wise to have your final message/file encryption be separate, just in case something happens. The same reason people put stuff in a physical, sealed envelope before it goes into the courier's hands, even though the courier is 100% trustworthy.

Re:Might be wise to still use PGP still...

[sims+2]

I seem to remember that you aren't supposed to send cash in the mail because letters with cash tend to get lost in the mail at a higher rate than letters without cash.

Re:NO computer is SAFE

You can bet your ass he'll be using all those powers that were meant for 'protecting the people' for whatever purpose he wishes.

Problem is - He's a US citizen

[Indy1]

so even if 100% of the service is hosted overseas, the gestapo errr FBI and NSA, will still put pressure on him to compromise the service.

Any more, you want fed proof email, 100% of the solution has to be fed proof.

That means non US citizens as employees working in a fed proof country, and servers hosted in a fed proof country.

I think proton mail fits this need well.

Re:Problem is - He's a US citizen

even hosted in a "fed proof" country isn't perfectly secure.

pretty sure you understand that the feds can hack with the best of them - they'd just prefer easier methods.

Re:Problem is - He's a US citizen

The way the FEDS bitch and whine about having to do the legwork of actual police work, I have my doubts about the amount of effort they're willing to put into actually hacking an alleged miscreant. They want to play on easy mode all the time.

Re:Problem is - He's a US citizen

[networkBoy]

While I think we all agree that nothing is invincible, you want it to be a very hard problem to break, and one that the site owner can't facilitate. Further you want tamper evidence, thus even if he's served an NSL with gag any action on it will betray that something's up.

In other news, I'll be a customer again :)

Re:Problem is - He's a US citizen

Be careful, Protonmail sounds like "security charade" and nothing else.

They claim their webclient is open source, except that on their github page you can only find the source code of older versions, not the current one. That's basically equivalent to using closed source software.

They claim their protocol is OpenPGP-compliant, but for some strange reason they don't want to let users access their mail with third-party OpenPGP-compliant clients. After a lot of complaints, now they are releasing a beta, closed-source client to access the mailbox. Long story short: it's impossible to know for sure if they use the OpenPGP protocol or something else.

They claim they are protected by "swiss privacy laws", that have just been heavily watered down, and weren't particularly strict before either, contrary to popular legends: for example, Greece has far stricter privacy legislation than Switzerland, according to Privacy International.

And obviously they have an "underground facility" for their servers, which is really useful from an IT security standpoint, and surely isn't just marketing crap.

It doesn't look good to me.

Re:Problem is - He's a US citizen

I'd still prefer them over the free, scan and sell all your data services like outlook, yahoo, or gmail.

Re:Problem is - He's a US citizen

[F.Ultra]

yes, where the service is hosted is unimportant since the US government always can put you into troubles since you are a resident citizen of the US. Because it's not the servers that are thrown into jail for not complying with the warrant.

Re:Problem is - He's a US citizen

[Aighearach]

so even if 100% of the service is hosted overseas, the gestapo errr FBI and NSA, will still put pressure on him to compromise the service.

Any more, you want fed proof email, 100% of the solution has to be fed proof.

The problem has to be 100% fed-proof, too. For example as an American no such solution can exist because I am not physically "fed-proof" myself!

If the sender and recipient are both not in the US, they can probably avoid this problem by other means, assuming they can prevent unauthorized access.

I'm still not sure what a legit use case even is; it seems like it would be more effective to just use an email provider that hires a staff attorney and promises to defend customers if their email speech is illegally encroached upon by the government. Keep in mind that lavabit was shut down because he didn't want to assist what was a legit investigation, not any sort of government abuse.

Re:Problem is - He's a US citizen

[Aighearach]

gmail doesn't sell data, why do people still not understand this? Google only sells targeted advertising services, they do NOT sell data about users like most internet companies do.

If you don't even know what the different threat vectors are, how can you decide which ones to avoid, or succeed at avoiding whatever you decided to avoid?

Re:Problem is - He's a US citizen

[AmiMoJo]

I scanned their site and saw you can pay $15 or $30, but it doesn't really explain for what. Is that monthly or yearly and what do you get for it?

Re:Problem is - He's a US citizen

so even if 100% of the service is hosted overseas, the gestapo errr FBI and NSA, will still put pressure on him to compromise the service.

This kind of problem is actually a lot easier to solve than most people realize. The only catch is that it costs you some minor features.

You just make it so that the service isn't trusted. By specification, let it be okay if the service is totally and completely compromised. [exaggeration, but not really]I'll trust Lavabit if Levison does this: he should offer to run an ethernet cable directly from his server to both the NSA and the FSB, plus any three top-bidders, and allow all these parties to have root access to his server. And do it publically and announced.[/exaggeration, but not really]

Only the user's email client should have the capacity to decrypt the emails, using their locally-stored key and without the knowledge or help of the server. And of course (this should go without saying) that email client shouldn't be anything like a web browser. It doesn't need to know how to download and execute Javascript, for example.

Turns out this has already been implemented: it's called "any fucking IMAP server" and nearly any IMAP client, and GnuPG or PGP.

Just let go of webmail. That's all you have to do: simply reject the stupidest idea in email's history, and you can have reasonably secure email. (and then you can even improve on it, see below)

Does lavabit offer that? Because that's basically all it needs to do: IMAP. apt-get install dovecot.

If you want to harden the server to also frustrate traffic analysis (e.g. don't let an local root-privileges attacker read all the email headers) or anything else an attacker might do at the server (possibly while pointing a gun at Levison's head and getting maximum cooperation), then fine. But none of this should be at all related to how a user decrypts an email body.

LEAVE EMAIL DECRYPTION OUT OF THIS PROBLEM. Your implementation shouldn't even bother to know how, or if, the email's body is encrypted.

Re:Problem is - He's a US citizen

[networkBoy]

$15 annually...
so, yeah, that's a year of service for $15

Re:Problem is - He's a US citizen

[AmiMoJo]

That's actually very cheap for a quality email service. I'm impressed.

It's nice of NSA to put this honeypot back online

Nothing to worry about I'm sure

Re:NO computer is SAFE

no computer, period, is 100% safe.

if you think otherwise, you're part of the problem

Obtain the password?

[wonkey_monkey]

Levison had custody of his service's SSL encryption key that could help the government obtain Snowden's password.

If they could have obtained the password, Lavabit must have been doing things really wrong, no? Salting and hashing and all that...

Re:Obtain the password?

They can dissect the password in transport with the SSL key.

Re:Obtain the password?

No more wrong than how everyone else does it. If you have the private ssl of the email server you can do a whole lot of things.

VMWare is safe!

i telnet into my vmware host from my webtv interface. im tooo obscure.

Re:VMWare is safe!

[CronoCloud]

As a former WebTV user, I know that WebTV's can't do telnet. Besides, you should be logging in via SSH on your PS2 Linux kit.

ProtonMail already exists

[rainwalker]

ProtonMail already exists, has 2 million users, excellent security and architectural design, zero knowledge on the part of the provider, 2 factor authentication, optional two password setup (one for the account, another to decrypt the inbox), is located in Switzerland instead of the US, etc. It's also trivial to use, the importance of which can't be overstated.

In contrast, the new LavaBit is promising end-to-end encryption "later this year", as opposed to PM, which has always had it. It's concerning that a single SSL certificate was the only barrier between the users and total decryption. More competition is always good, but this looks like a significant step down from an existing service.

Re:ProtonMail already exists

[chill]

And they just added Tor support, with their own .onion address.

https://protonirockerxow.onion/

For when you absolutely, positively want your e-mail to be slower than traditional post service.

Re:ProtonMail already exists

[allo]

Have a look at mailbox.org. The people there are really competent for mail. posteo is another good option, they e.g. published their dovecot plugin to decrypt mails on access to store them safely.

Re:ProtonMail already exists

Protonmail is just security charade.

They claim their webclient is open source, except that on their github page you can only find the source code of older versions, not the current one. That's basically equivalent to using closed source software.

They claim their protocol is OpenPGP-compliant, but for some strange reason they don't want to let users access their mail with third-party OpenPGP-compliant clients. After a lot of complaints, now they are releasing a beta, closed-source client to access the mailbox. Long story short: it's impossible to know for sure if they use the OpenPGP protocol or something else.

They claim they are protected by "swiss privacy laws", that have just been heavily watered down, and weren't particularly strict before either, contrary to popular legends: for example, Greece has far stricter privacy legislation than Switzerland, according to Privacy International.

And obviously they have an "underground bunker" for their servers, which is really useful from an IT security standpoint, and surely isn't just marketing crap.

I would definitely trust Lavabit far more: their current source code is public, they use standard encryption protocols, and their founder already proved to be ready to stand up to the FBI.

Re:ProtonMail already exists

The lavabit code was (as of posting) last updated in July. I would be surprised if there have been no code changes in the past 6 months, so I'd argue that everyone claiming to be open source needs to do a better job of it.

Re:ProtonMail already exists

Surely they should fix that, but Lavabit has been frozen for 3 years, they are re-opening just now, that sounds like an acceptable excuse to me. Plus, the founder has widely proven his personal integrity.

Instead those at Protonmail don't have any reasonable justification for always being late in updating their github, refusing to support third-party clients, and allowing IMAP only with a closed-source plug-in. Why should users trust their service? It was featured in Mr. Robot, hence it must be safe. Lol.

Re:ProtonMail already exists

[Aighearach]

For when you absolutely, positively want your email to be stored by the NSA to await improvements in decryption technology. ;)

If you have no secrets, then you can encrypt safely. If you have actual secrets, then it is very dangerous to encrypt and transmit them because you're guaranteeing that your communication will be archived. If it is unencrypted then somebody might read it, but if they don't it will at least be archived in less places and perhaps eventually purged.

A more sure way to keep a secret secret is to not write it down, not encrypt it, and not transmit it.

Most legal things that people want to keep private are not actually secrets but merely confidential information, and then encryption works great; even if the government needs to review it, they will keep that as confidential as they can for both legal and operational security reasons.

Secrecy is not a viable online goal, nor is perfect privacy, but significant confidentiality can be achieved.

Whistleblowers though basically need to be willing to stand up and "face the music" of their whistle. Otherwise, they're not blowing hard enough to matter anyways.

Re:ProtonMail already exists

[John.Banister]

90% of everything isn't secrets. If I encrypt everything, then I just have to make the 10% look like the other 90% before it's encrypted. By the time stored messages are decrypted, odds are good that either they'll lack the context to tell the difference, or that they'll know so much about that particular topic that the additional knowledge about the 10% won't be helpful. Plus, they'll have to put equal effort into getting nowhere with the 90% that's garbage.

Re:ProtonMail already exists

ANY service that requires your browser to download and execute the crypto code from THE SERVICE... is a flawed service.
You should be able to get the executed code from a third party coder. Otherwise the service can be ordered or backdoored or twisted into serving your browser defective crypto and other code.
You're a fucking fool to use browsers in the way proton or lava does.

Furthermore, SMTP is plain fucking broken in regards to cleartext headers, in particular to/from/cc/subject.
And SMTP is plain fucking broken regarding the mail provider having knowledge.

If you want SECURE messaging, you MUST move OFF SMTP and ON to a true end-to-end p2p messaging system, or AT LEAST a zero knowledge system.
Ricochet over tor qualifies, as does pond and blockchain style broadcast networks.

Re:ProtonMail already exists

... surely isn't just marketing crap. ...

It means they can limit physical access long enough to destroy any sensitive data. That will also make them guilty of destroying evidence so, as you suspect, it might not happen.

we need a GNU jurisdiction overseas

to move viable commercial amd government computer equipment overseas where no local host may tamper with nuisamce physical facility take-over messages: a place where overseas the Crown of England and the Shah of Iran cant colonize or co-habit because the natives will be opinionated and armed without infringing regulations and are all able-bodied since rejecting GMO foods: ladies and gentlemen, im talking about America.

Re:It's nice of NSA to put this honeypot back onli

This guy went through some moderate crap to get where he is, including cancelling his service rather than surrendering his principles. Additionally, he went through the hassle of getting the ability to discuss what happened, which involved some court work. Why would you assume this is a honeypot all of a sudden?

Groklaw to return?

Please, please, can we have groklaw back? http://groklaw.net/ Pamela?

Re:Groklaw to return?

[Flexagon]

This was my first thought also. Hope so, but it's been a long time.

Spam?

[ilsaloving]

Question... With all the various contortions that the metadata takes, how well do they handle spam? I guess all the checks are done prior to storing the email on their servers?

Re:Spam?

[Aighearach]

Any time you're using a small non-mainstream email host you have to expect to get spam and to have to handle the filtering client-side, with all the imperfections involved.

However, if you're using secure email you can probably just trash anything that isn't encrypted anyways. And if spammers encrypt, just start adding their public keys to a filter. People paranoid enough to use this type of service, and non-technical enough to trust a service that purports to have these features, probably also have a "normal" email address for regular use if they actually accept normal email.

PJ! Groklaw! Come back?

Wasn't Lavabit's experience what caused the wonderful Pamela Jones to shut down Groklaw?

Lord, how I miss that website. God bless you, PJ, wherever you are.

SSL

[manu0601]

SSL problem fixed: the key is now in a Hardware Security Module and cannot be seized by police.

That fixes communication, but what about stored data. And why the FBI couldn't seize the hardware security module itself?

Re:PJ! Groklaw! Come back?

[Aighearach]

No, she was tired of running it and grabbed a convenient political reason to rage-quit.

The site is still up, you can re-read the quit letter anytime; she says she was rage-quitting the internet, not just quitting the site.

As somebody who was "online" on BBSes before the internet was made public, my take is that we always knew that the internet wasn't private... and that it never claimed to be! That is what private networks are for, after all. Just like, of course the sysop of a BBS can read your email! Some of them do, some of them don't; the ones who say they might often don't they were just warning you, and the ones who say they don't can't prove it or deny capability!

SKIP THIS. Instead....

[WindBourne]

what is needed is to require emails to be encrypted at the client side.
With each new client set-up, any new users should be required to get their encryption key, or enter in their current ones.
Then on the emails, by default, encrypt. If the user wants, they can turn it off on an individual one.

Re:It's nice of NSA to put this honeypot back onli

[Aighearach]

"All of a sudden?" Look how much time they've had to find his weaknesses.

That's the tricky thing about trust on the internet; you can't trust. That is the only correct answer. If you have trust in technology, that trust is misplaced. If you have trust in people, that is probably misplaced too; and even if it isn't, you can't know for sure!

I highly recommend adopting technology strategies that do not rely on trust. When I click on some perverted anime video with cat women, I have to accept that somebody might find out. If such perversions were illegal in my location, I'd have to assume I might get in trouble. If I ever ran for office, some jerk is going to pull out an old access log that proves I'm either a pervert or a prevert. That is just the nature of technology! Increased communication provides more information, not less. As some have said, "information wants to be free!" Information technology can't reduce information, it can only add to the available information.

FBI

Laws are for the little guys. You very rarely hear of them completing pedophile investigations against politicians, those are more likely to get covered up once they realize who they are investigating. Instead, they work hard at undermining privacy of the masses while ignoring extremely vile corruption in D.C.

Re:FBI

[gweihir]

Most of the law is not about right or wrong, but about keeping the population under control. As long as people keep confusing "legal" and "moral", this scam will continue.

Club Penguin...

.. is where the smart kids are. Puffles is the new bitcoin.

Excellent

[gweihir]

We know that Levison is both capable with regards to technology and has excellent personal integrity. Add to that that he now also understand the legal angle better and this is one of the most secure offerings available.

Re: It's nice of NSA to put this honeypot back onl

So you admit then that you do in fact view perverted anime videos with cat women.

Collateral Damage

[sconeu]

Collateral damage from the shutdown of Lavabit was the closure of Groklaw.