Lavabit — Encrypted Email Service Once Used by Snowden, Is Back
Lavabit CEO Ladar Levison had custody of the service’s SSL encryption key that could have helped the government obtain Snowden’s password. Although the FBI insisted it was only after Snowden’s account, that was the key to the kingdom that would have helped the FBI agents obtain other users’ credentials as well.
But rather than complying with the federal request that could compromise the communications of all of its customers, Levison preferred to shut down his encrypted email service, leaving its 410,000 users unable to access their email accounts.
Now, Levison has announced that he is reviving Lavabit with a new architecture that fixes the SSL problem — which according to him, was the biggest threat — and includes other privacy-enhancing features that will help its users send emails that he can’t eavesdrop, even if ordered to do so.
Levison is releasing the source code for an open-source end-to-end encrypted global email standard that promises surveillance-proof messaging that even hides the metadata on emails to prevent agencies like the NSA or FBI from being able to find out with whom Lavabit users communicate.
Dubbed Dark Internet Mail Environment (DIME), the standard will be available on Github today, along with an associated mail server program called Magma, which is ready for use with the Dark Internet Mail Environment.
“DIME is the only automated, federated, encryption standard designed to work with different service providers while minimizing the leakage of metadata without a centralized authority,” Levison said in a blog post.
“By encrypting all facets of an email transmission (body, metadata, and transport layer), DIME guarantees the security of users and the least amount of information leakage possible.”
According to Levison, Magma server is designed to offer an easy-to-use application so that even non-technical users with existing email clients can use Lavabit encrypted email service with ease.
DIME standard includes a ‘Trustful’ encryption mode, which requires users to trust the server to manage the encryption and their keys.
“The server performs the encryption on your behalf, and as such, you must trust that the server will not be rewritten in such a way that it captures your password, or peeks at your messages during processing,” Levison said.
Also, the DIME also offers Cautious Mode and Paranoid Mode for users who want absolute control over their encryption keys, so that their keys never transmits anywhere. Paranoid means Lavabit will never store a user’s private keys on its server.
Initially, the new Lavabit service will only be accessible to its existing customers and only in Trustful mode.
However, if you were not LAvabit customer in the past before the service shut down, you can pre-register and wait for the eventual rollout.