Lavabit Is Relaunching

The encrypted email service once used by whistleblower Edward Snowden is relaunching today. Ladar Levison, the founder of the encrypted email service Lavabit, announced on Friday that he's relaunching the service with a new architecture that fixes the SSL problem and includes other privacy-enhancing features as well, such as one that obscures the metadata on emails to prevent government agencies like the NSA and FBI from being able to find out with whom Lavabit users communicate. In addition, he's also announcing plans to roll out end-to-end encryption later this year. The Intercept provides some backstory in its report: In 2013, [Levison] took the defiant step of shutting down the company's service rather than comply with a federal law enforcement request that could compromise its customers' communications. The FBI had sought access to the email account of one of Lavabit's most prominent users -- Edward Snowden. Levison had custody of his service's SSL encryption key that could help the government obtain Snowden's password. And though the feds insisted they were only after Snowden's account, the key would have helped them obtain the credentials for other users as well. Lavabit had 410,000 user accounts at the time. Rather than undermine the trust and privacy of his users, Levison ended the company's email service entirely, preventing the feds from getting access to emails stored on his servers. But the company's users lost access to their accounts as well. Levison, who became a hero of the privacy community for his tough stance, has spent the last three years trying to ensure he'll never have to help the feds break into customer accounts again. "The SSL key was our biggest threat," he says.

Re:ProtonMail already exists

Protonmail is just security charade.

They claim their webclient is open source, except that on their github page you can only find the source code of older versions, not the current one. That's basically equivalent to using closed source software.

They claim their protocol is OpenPGP-compliant, but for some strange reason they don't want to let users access their mail with third-party OpenPGP-compliant clients. After a lot of complaints, now they are releasing a beta, closed-source client to access the mailbox. Long story short: it's impossible to know for sure if they use the OpenPGP protocol or something else.

They claim they are protected by "swiss privacy laws", that have just been heavily watered down, and weren't particularly strict before either, contrary to popular legends: for example, Greece has far stricter privacy legislation than Switzerland, according to Privacy International.

And obviously they have an "underground bunker" for their servers, which is really useful from an IT security standpoint, and surely isn't just marketing crap.

I would definitely trust Lavabit far more: their current source code is public, they use standard encryption protocols, and their founder already proved to be ready to stand up to the FBI.