
Lavabit returning in 19 days - temp
https://lavabit.com/
======
diggan
Hm, feels a bit weird. If they already got served with an order to share the
data and they refused to comply, closing down the service instead, what can
have changed today? Wouldn't this mean that someone else took up the service,
agreed to the order and now this will become some sort of honeypot?

Maybe I'm misunderstanding something, but I don't understand how anyone could
trust Lavabit to either stick around or actually be private and/or secure.

~~~
gravypod
Force end to end PGP encryption for all users? If they do that then I'd assume
they could hand over data and say "good luck".

They could also setup a P2P delivery & backup system so that it's not
guaranteed they have the data. If all the data is encrypted, it's not really
an issue to distribute everything (but then again we'd be talking AES512 or
better for something crazy like that).

~~~
kevinbowman
From StackOverflow [0]:

"We can't implement "AES 512 key size" because AES is defined for key sizes
k∈{128,192,256} bits only; much like we can't make a bicycle with 3 wheels."

[0] [http://crypto.stackexchange.com/questions/20253/why-we-
cant-...](http://crypto.stackexchange.com/questions/20253/why-we-cant-
implement-aes-512-key-size#20258)

~~~
shshhdhs
I was about to disagree with the bicycle analogy, and realized that a tricycle
is indeed different than a bicycle, at least by name & definition. Clever
analogy.

------
berryg
Protonmail looks interesting. They do not store keys. They can only handover
encrypted data. It is open source software. -
[https://protonmail.com/blog/switzerland/](https://protonmail.com/blog/switzerland/)

~~~
y4mi
i just went through several paid email providers over the last few days and
was astonished to see how few allow wildcard mailboxes on custom domains.

protonmail is one of the worst in that regard with only 5 aliases on a regular
subscription.

~~~
lorenzhs
I use FastMail, they handle custom domains excellently.

~~~
josephb
Agree. FastMail does email very well.

------
nilved
There's really no coming back for Lavabit. Nobody can trust them anymore, and
this isn't just about Lavabit, but about e-mail. If a person is privacy-
conscious enough not to use Google, they know not to use anyone else either.

~~~
matt4077
I may have missed something about the original Lavabit affair, but my take-
away was always "He's proven to be the rare individual willing to take a
significant hit for his principles".

If they now added whatever the state-of-the-art is for a service such as this,
wouldn't that create quite a compelling service?

~~~
nilved
> If they now added whatever the state-of-the-art is for a service such as
> this, wouldn't that create quite a compelling service?

Right, but that wouldn't be e-mail, and this seems to be e-mail. He made the
decision to shut down e-mail accounts (including mine!) to prevent data
leakage and that is not a decision that anyone should be forced to make; it is
a deficiency of the system.

------
forgotpwtomain
relevant: [https://moxie.org/blog/lavabit-
critique/](https://moxie.org/blog/lavabit-critique/)

~~~
ycmbntrthrwaway
Looks like everyone on HN understand that architecture should be changed. If
Lavabit is just relaunched, it cannot be used.

------
akerl_
I wonder how they plan to approach security this time, given how much of the
previous demise of Lavabit centered around how they had they ability to
circumvent the encryption, despite some marketing claims that that wasn't the
case

------
Dowwie
Ladar acted with integrity and self sacrifice. He's earned trust in a way that
not many others have.

I am looking forward to trying darkmail, or whatever they're branding it as
now.

------
Canada
Will this be the debut of Dark Mail in a production service?

[https://darkmail.info/](https://darkmail.info/)

~~~
ycmbntrthrwaway
I guess not based on activity on GitHub:
[https://github.com/lavabit/](https://github.com/lavabit/)

~~~
Canada
Looks like DIME hasn't been touched in a while. After the initial talk about
this stuff a couple Defcons ago there doesn't seem to be much public progress.

We'll see what he puts up.

------
win_ini
Great! Why now? Why on Inauguration Day?

~~~
tazjin
Marketing.

------
aorth
I wonder if their sysadmins will be able to read your mail or just promise not
to. :/

~~~
satysin
This is why you always encrypt on your machine not your email service. TBH I
don't get why people get excited about things like Lavabit. You shouldn't be
relying on one particular email service for security when email is not secure
by design. Secure your content properly and then it shouldn't really matter
what email service you use.

~~~
mistaken
I agree with you, but sadly things like PGP are not universally adopted and
can be a PITA to explain to someone not technically inclined. So it all boils
down to the lack of standardized an universal encryption in e-mail.

~~~
geocar
Then sadly you don't have security.

Understanding the threat model is fundamental: If you don't know what this
protects against, it might as well protect against nothing at all; My ISP
received my emails in plaintext, so I have to assume that they've got a
plaintext backup of those emails.

------
ComputerGuru
Is this supposed to imply that they feel they'll have more freedom/less
censorship under Trump (Jan 20 is inauguration day)? Does FISA change
ownership/control between the parties when a president's term ends?

~~~
matt4077
No, it's implying a heightened need for secure communications with the new
administration.

And no, courts aren't owned by parties. FISA judges are appointed by the Chief
Justice of the Supreme Court. That's been a conservative for the last, ugh...,
well longer than FISA exists, anyway.

Also, even if I subscribed to the current dystopian view of politics, I'd
argue it's never the parties that excerpt control of a court, but always the
administration. There is, in theory as well as in practice, a difference
between the two.

------
aioprisan
Without any details on why this time the service is secure and won't be able
to hand over actual user data, it is hard to get excited about the relaunch.
Also, nice marketing ploy with re-launching on Inauguration Day.

------
clishem
I'm running my own e-mail server now using mail-in-a-box. Don't think Lavabit
can beat that. If you want secure e-mail use PGP.

~~~
tscs37
If it's running on a VPS on AWS or somewhere, it's still subject to the
provider tampering with it.

Secondly, PGP is not nearly widespread enough to be considered secure and
additionally provides no anonymity properties which in this day and age should
be the focus of any secure e-mail provider.

Additionally, running your own email server also reduces the anonymity to
basically null and leaves you with a weak pseudonymity at best.

------
drfuchs
Does this mean Groklaw will come back?

------
qwertyuiop924
Is this actually going to be secure? Because there _is_ a reason they closed
last time...

------
legodt
Something about me does not want to trust a webmail host who has an ad running
on their front page reading "date rape appreciation station." This appalling
lack of professionalism makes the entire service suspect to me.

edit: I would like to thank all the misogynists in this thread voting this
down. Thanks for keeping tech a welcoming place for women and victims of
assault!

~~~
dqv
>This appalling lack of professionalism

I don't think anything about cock.li is meant to imbue professionalism.

I think one of the points is that it almost immunizes them from psychological
operations. [1]

I know it sounds conspiratorial, but social justice movements in online
communities can be easily leveraged by orgs like the NSA to disrupt an
organization. Combined with anti-meritocracy ideals, it's easy to get someone
"at the top" who doesn't have any credentials (and who isn't really trying to
get there for any other reason than disruption).

It might not be his actual strategy, but the offensive things serve as a
deterrent against lowest common denominator character assassinations. He has
no reputation to destroy.

[1] [https://theintercept.com/2014/02/24/jtrig-
manipulation/](https://theintercept.com/2014/02/24/jtrig-manipulation/)

~~~
legodt
I'm sorry that demands to be less awful to groups of people that aren't you
make you feel like outside orgs are attacking your freedoms in some sort of
conspiracy to destroy your insulated world, ESPECIALLY considering the context
that the US has used malicious actors working against gender and racial
equality to destabilize groups striving for better social justice.

