
Lavabit abruptly shuts down - cstuder
http://lavabit.com/
======
lmkg
For the unfamiliar: Lavabit was a webmail service, that (claimed to) encrypt
emails in such a way that they literally did not have access to the content
stored on their own servers. The linked email would lend some credence to
those claims. It was originally designed in contrast to gmail scanning your
email for targeted advertising, but my imperfect memory says that their system
should also have been resilient to "we have a warrant, hand over the data."

~~~
yajoe
Edit: I was a PM on Exchange and Exchange Hosted Encryption for some time, so
it looks like Lavabit tried to fight the government on whether they are
required to release private keys. I've seen one other customer try to fight,
and it was not pretty either. The US government in these cases are _serious._

Takeaway for fellow hackers: If you are building a system that stores user-
generated data, prepare for the eventuality that someone other than the user
will demand to see it.

In general, the prevailing theory is that all companies are required to
release private keys or passwords needed to unlock evidence. As a consequence
of Lavabit fighting, they likely got slapped with some pretty harsh contempt
of court rulings, including a demand to record all private keys needed for
decryption going forward. The worst case (that I can talk about) I saw
involved requiring a specific employee be demoted due to improper care of a
_company 's_ systems.

What's sad is that because Lavabit was such a small service provider, they
never had the previous rounds of government threats and must have been caught
off guard. As I've said in past posts (before Snowden), it is common knowledge
among large-scale service providers that the local government can always come
in to take a look. Doesn't matter if you are in the US, EU, or China, you have
to comply. I've seen the US DOJ threaten pretty harshly a customer who simply
asked about 'options' of how to comply.

Past post with explanation:
[https://news.ycombinator.com/item?id=5754641](https://news.ycombinator.com/item?id=5754641)

 _P.S. Right or wrong is a separate conversation..._

~~~
qwerta
Could you name some examples from Europe? Cases when police physically takes
servers are common. But I never heard of case where police would require
encryption keys for 'maybe we will needed it'.

~~~
northwest
Also, what prevents the guy from setting up that service in a European country
(Switzerland is not subject to EU laws)?

I don't see why his 10 years of work would be lost.

~~~
draugadrotten
He might not want to relocate.

It's risky to relocate the servers in another country. You will have to obey
the other country's laws, but the US gov will still claim jurisdiction if the
staff and/or owner is in the US. The US will even claim jurisdiction as soon
as you use a ".com" domain [1]

Of course the hosting nation will also claim jurisdiction. So relocating your
servers to one country while staying in another will expose you to two
national laws as well as any international agreements between these nations.

[1] Richard O’Dwyer, a UK citizen who ran a UK-based web site, was facing
extradition to the U.S. because he used a .com domain. -
[http://www.theguardian.com/law/2011/jun/17/student-file-
shar...](http://www.theguardian.com/law/2011/jun/17/student-file-sharing-
tvshack-extradition)

~~~
northwest
He could still just sell it to someone in another country. Neither the service
nor his 10 years of work would be lost.

~~~
kbenson
Depending on how bad the government wants the data, that's essentially just
charging a high premium to get _all_ the data instead of a specific user's
data.

If the purchasing party is less scrupulous, you've thwarted nothing. In
extreme cases (or for smaller companies), the purchaser could even be a
government front.

~~~
rdl
I'm pretty sure there are known entities offshore you could sell to who are
unlikely to be government fronts. Imagine selling to someone Wikileaks
affiliated...

------
grey-area
So he pretty much does say why he's shutting down, the US gov. has demanded
access and he said no. Kudos for standing up for his users, and he does raise
an interesting point at the end:

 _This experience has taught me one very important lesson: without
congressional action or a strong judicial precedent, I would _strongly_
recommend against anyone trusting their private data to a company with
physical ties to the United States._

The worst thing about this situation is that other governments like the UK,
France and Germany are equally guilty.

For history on lavabit, see the cache, this page is now gone:

[http://webcache.googleusercontent.com/search?sclient=tablet-...](http://webcache.googleusercontent.com/search?sclient=tablet-
gws&site=&source=hp&q=cache%3Ahttp%3A%2F%2Flavabit.com%2Fhistory.html&oq=cache%3Ahttp%3A%2F%2Flavabit.com%2Fhistory.html&gs_l=tablet-
gws.3...1877.7996.0.9385.7.7.0.0.0.0.513.1492.0j1j0j1j1j1.4.0....2...1c.1j2.24.tablet-
gws-psy..3.4.1436.lIv1Hdpu5EY&pbx=1)

~~~
joering2
> Kudos for standing up for his users,

Where did you get this one from? I think its a bit of a stretch to say he is
"standing up to his users". I would rather say he is standing up against the
GOV, and that's nice for a change, but we have no idea what has happened with
all the emails residing on their servers.

Knowing just a bit that I know how the us gov operates, I am pretty sure he
was given two options at exact the same time: either you accept our black box,
OR you will not. If you not, then you are not allowed to delete or alter any
messages on your servers. Given the business lavabit was in, I am sure Feds
will punish him to the extends of the law (or more) if he decides to "stand up
to his users" and delete content of their mailboxes.

~~~
grey-area
Hello, I didn't say stand up to, but for (i.e. on behalf of) . The most he can
do is stand up to the government, _for_ his users, in court, deleting servers
would not be a wise move, and I wouldn't expect it of him, would you? Just
standing up and saying no in a climate like this takes some courage, for which
I admire him.

~~~
joering2
by the time he is done wish courts defending their users, Feds will be given
chances to copy all users data over and over again about 250 times. So it
doesn't matter whether he loses or wins. Not a bit.

~~~
grey-area
Well, I can't agree with that. I do believe the only way to fight this sort of
overreach is in the courts, and in the court of public opinion. Publicly
standing up to bullying like this is the only way to provoke larger
discussions, and ultimately to stop such actions in the future. In addition he
doesn't have permission to just unilaterally wipe all his users' data, even if
he wanted to.

It was too late for his users' data the moment representatives of the
government walked through the door of their data centre/offices, but their
rights he can stand up for, which is what he has done.

~~~
CmdrKrool
Yep. Now I naturally have to e-mail all my friends and work contacts (from my
throwaway Gmail address), not to mention the person I know who opened a
personal Lavabit account on my recommendation, announcing to all that my
e-mail address is changing - and such a message wouldn't be complete without
mentioning the reason why, venting a little of my shock and disappointment,
and perhaps dropping in a little potted history of the recent developments in
government net snooping leading up to this with newspaper article links.
Messages that I wouldn't have otherwise sent without this justification, for
fear of boring my dear friends, having assumed that any of them who are likely
to care about this stuff, will already have read about it themselves without
me telling them.

Despite the annoyance of not being able to use my e-mail the past couple of
days, and the possibility that the US Gov may have some copies of my e-mail
(which I imagine will be perfectly useless to them) I am immensely gratified
at the stand Lavabit's owner appears to have taken, and having chosen them in
the first place due to these values which I am in broad alignment with, I feel
it confirms that it was a good choice, despite the fact that I now have to
find another provider. I am sorry for the guy that he's effectively had his
business - perhaps his livelihood - pulled out from under him, and I will be
donating to his defense fund out of sympathy, though I am not an American.

------
RyanZAG
I'm in the process of moving any Saas offerings I use off USA-affiliated
companies, but it's actually more difficult than I first thought. I believe
there might even be a very profitable market in simply duplicating the
functionality of Saas offerings at a higher price with security/privacy
guarantees in Germany/HK/etc. Might be the next hot business to be in? You'd
be surprised as to the number of people seeking alternatives at this point.

EDIT: Relevant XKCD for people calling for technical solutions to the problem:
[http://xkcd.com/538/](http://xkcd.com/538/)

~~~
meritt
Moving services off USA-based companies is like using two bicycle locks
instead of one. A determined government is still going to get your data, they
just need to spend a bit more time.

Focus instead on encryption.

~~~
fnordfnordfnord
It is just as bad or worse. You have to move the data in/out of the country.
It definitely isn't protected when it leaves the country. The only advantage I
see is that it punishes US businesses for failing to protest.

~~~
smtddr
I don't blame the companies; they're about as much a victim of USgov as we are
IMHO. That being said, if all the online-storage/cloud-server/email-
providers/social-whatever companies in US start going out of business because
nobody trusts them I strongly suspect something will have to change. It's just
too bad we have to do a "scorched earth"[1] to bring about change.

1\.
[http://en.wikipedia.org/wiki/Scorched_earth](http://en.wikipedia.org/wiki/Scorched_earth)

~~~
sixothree
This is where I disagree. I do blame companies like Google for not fighting
this more. At the very least they make users aware that these laws exist, even
if they cannot detail specifics related to their surveillance involvement.

~~~
smtddr
See this comment :
[https://news.ycombinator.com/item?id=6182179](https://news.ycombinator.com/item?id=6182179)

Fighting the USgov isn't a decision to take lightly regardless of how much
money & resources you have. I cannot condemn a company that backs down from
that battle. It could hurt an employee(s) significantly, or the whole company.
While I agree they have the most resources to fight it, they're not immune to
harm from USgov.

------
guelo
The US government is destroying one of the few bright spots in the American
economy with its out of control military. It is unconscionable. And the sad
thing is it has been enabled by the betrayal by many of the web 2.0 giants,
Facebook, Google etc. Google especially is sad to see since they were willing
to forgo the Chinese market on principle, but then decided that taking on the
authoritarian US government was too lucrative for principle to be involved. If
Google had done what Lavabit just did we would be living in a freer country
today.

~~~
MrKurtz
If you are seriously suggesting that abandoning the US market is a realistic
option, especially for a multibillion dollar corporation, then you are (and
I'm not using this word lightly) an _idiot_.

Not to mention that there is no US equivalent to the rampant human rights
violations and censorship in China.

~~~
pinchyfingers
The US certainly has many more prisoners per capita and in total than China
does.

Also, the U.S. government is censoring Ladar Levison of Lavabit and others in
his situation.

I've never been to China to see anything for myself, so I won't make further
comparison, but prison state thing definitely bothers me.

~~~
cmccabe
_I 've never been to China to see anything for myself..._

Yep, I can tell. I can tell you haven't read about it either.

~~~
LinXitoW
Numbers, facts, anything. Please substantiate your comment, instead of adding
nothing but snark to the discussion. Here, i'll start:
[http://www.nytimes.com/2008/04/23/world/americas/23iht-23pri...](http://www.nytimes.com/2008/04/23/world/americas/23iht-23prison.12253738.html?pagewanted=all&_r=0)

------
modeless
Please donate to their defense fund. It's not often you get a chance to
directly support a cause like this. The link is at the bottom of
[http://lavabit.com/](http://lavabit.com/), but I'll repost it here:
[https://www.paypal.com/cgi-bin/webscr?cmd=_s-
xclick&hosted_b...](https://www.paypal.com/cgi-bin/webscr?cmd=_s-
xclick&hosted_button_id=7BCR4A5W9PNN4)

~~~
Tossrock
One of the benefits of a high-paying software industry job is that I can
afford to support causes like this now. I suspect many other HN readers are in
a similar position. I encourage everyone to give what they can, as standing up
for our rights at the cost of ten years of labor is an incredibly difficult
thing, and deserves reward.

------
ferdo
Takeaway:

> "This experience has taught me one very important lesson: without
> congressional action or a strong judicial precedent, I would _strongly_
> recommend against anyone trusting their private data to a company with
> physical ties to the United States."

It's kind of fitting. The nation that spawned the internet is the nation
that's killing the internet biz on its own turf.

~~~
sentenza
I wonder if there is some historical regularity here. After all, my own
country, "Das Land der Dichter und Denker" turned on its "Dichter und Denker"
when it was at (or close to) the apex of intellectual achievement.

~~~
javert
Yes, there is a strong parallel between pre-Nazi Germany and current USA. Of
course, Americans will not literally follow Nazi ideology.

What we see in America is an increasing merger between industry and
government. Finance is the most regulated sector; hence "too big to fail" and
all the exploits pulled by big banks. Telecom is almost completely government
controlled (through the graning of regulatory monopolies). The government
spies on everyone all the time now. This is the fulfillment of Progressivism:
regular people are ignorant, but we can fix all social ills through government
control. It is also, literally, the fascist model. I sound like an immature
teenager for saying that, but I mean it in the full, intellectual sense.

tl;dr the American Progressive movement occurred in parallel, but to a must
greater extent, in Weimar Germany. American Neo-conservativism is
Progressivism in a right-wing flavor. The modern USA is Weimar Germany all
over again.

As the USA's societal ills continue to accelerate (because we're taking anti-
corrective action instead of corrective action at every step), the USA will
increasingly resemble a command-and-control system like Nazi Germany.

~~~
javajosh
_> we're taking anti-corrective action instead of corrective action at every
step_

That's not true. The Congress almost defunded the NSA recently. It was a far
closer thing than anyone in the establishment suspects. In the end, we are a
country that values it's privacy, values small government, and we'll assert
that sooner or later. It may be later. But hey, it took a long time for us to
figure out slavery, women's rights, civil rights, gay rights, and drug rights.
But in the end we did the right thing, and we'll do the right thing on this.

Patience.

~~~
javert
Maybe there will be a turnaround, but given that the education system has long
been (and continues to be) controlled by Progressives, it doesn't seem that
likely to me.

But yes, the USA is the only nation founded on the principles of individual
freedom, and many people remember that, so there is a chance.

~~~
eightyone
Education is controlled by corporate interest and always will be. In fact the
education system was founded by wealthy industrialists so they could churn out
great factory workers. To learn more about this read Seth Godin's Linchpin.
It's not profitable to have a smart populous.

George Carlin sums it up here:
[http://www.youtube.com/watch?v=AMqJvhmD5Yg](http://www.youtube.com/watch?v=AMqJvhmD5Yg)

~~~
javert
I don't believe there's any evidence at all for what you're claiming regarding
"corporate interests." In fact, I think it's obvious that it's wrong.

As far as I know, Otto von Bismarck started modern education so that he could
indoctrinate the German youth, but I'm less certain on the details of that.

------
raganwald
I like the part where he can't tell you why he's shutting down. As if we won't
engage in rampant irresponsible speculation that they have told him to decrypt
and forward everything to them in real time.

~~~
toyg
what would you have him do? He's clearly under NSL, so he can't tell you what
he was asked for. This is the strongest statement he can legally make (in
fact, i'm sure some US lawyers would argue that it's actually _beyond_ that).

I guess we now know how it must have felt to watch republican institutions
spiral into tyranny in ancient Rome.

~~~
hga
Yes, unfortunately; I'm a student of that period of history and it's getting
pretty bad by its standards. No proscriptions yet, though ... perhaps because
that doesn't work so well with a well armed populace.

------
dkulchenko
This is infuriating, and the worst part is that a clear solution isn't in
sight.

Sure, we can fight this in the courts, and a few secret programs might get
shut down, but operations will just continue under a different name. We can
encrypt our data, move our services and data offshore, but that just paints a
big target on our heads - doesn't actually address the fundamental issue. This
is supposed to be a democracy, but I don't see any democratic way of
addressing this.

What do we do?

~~~
sneak
The only nonviolent solution I've found is to move away and stop paying taxes
to the US war machine. Don't use or support services that pay US taxes,
either.

It's what I did.

PS: It is very, very, very difficult, because most of the people you care
about will not move with you.

~~~
deftnerd
My family and I have started this process already and expect to be in Central
America within the year.

~~~
rayiner
Because the Central American governments so wonderfully respect human rights.

~~~
unimpressive
I know you'd probably prefer people stay in the US, but would you like to make
a recommendation for our viewers at home looking to get away?

~~~
rayiner
Where are you going to go? People playing up third world countries don't know
shit. The day-to-day corruption in nearly every such country is so bad that
after awhile you'd rather have someone reading your e-mail but otherwise
leaving you alone. And let me tell you from first hand experience--it is soul
sucking to live in a country like that where you're constantly surrounded by
people living on the edge of subsistence (or if you aren't you've segregated
yourself into 1%-er bubbles, which is its own kind of bad).

Look at the BRIC countries, which are supposedly on an upward trajectory.
Russia, India, and China are out off the bat. Russia and China do not have
functioning democracies, and while India does, it is corrupt from top to
bottom. Someone commented about Brazil yesterday how debts are inherited in
that country, not to mention it's got outrageous income inequality.

Out of the big European countries, you've got the U.K. with cameras on every
corner, and France where until recently it was a crime to insult the
President. It has come out that Germany spies on people too, though apparently
less than the U.S. to a degree (I guess just because of shorter retention
periods).

Australia tried to put up a nation-wide internet wall a few years ago, so
that's out. Canada? Canada does it too:
[http://www.michaelgeist.ca/content/view/6870/125](http://www.michaelgeist.ca/content/view/6870/125).

Libertarians like to put up Hong Kong as some shining example, but that's just
proof that libertarians don't really value democracy (since Hong Kong doesn't
even pretend to have democracy). Hong Kong apparently does less internet
surveillance, except if you're a pro-democracy activist in which case all bets
are off.

That leaves the Scandinavian countries, I suppose, but I have a hard time
seeing a lot of libertarian-minded people fleeing the U.S. for that
collectivist utopia.

~~~
icelancer
> That leaves the Scandinavian countries, I suppose, but I have a hard time
> seeing a lot of libertarian-minded people fleeing the U.S. for that
> collectivist utopia.

As a pragmatic libertarian, I am willing to pay many more dollars in taxes to
provide services I don't agree with so long as little to none of my tax
dollars go towards bombing brown people and spying on citizens.

Some things are worth compromising over.

~~~
varjag
All Scandinavian countries do implement EU Data Retention Directive just as
well.

~~~
iand
Can you confirm this since Norway is not in the EU

~~~
varjag
Norway is in EEC, and it volunteered to implement the directive, at the
bidding of Arbeidspartiet.

(I live in Norway)

------
dmix
From 2011:

> Lavabit processes 70 gigabytes of data per day, is made up of 26 servers,
> hosts 260,000 email addresses, and processes 600,000 emails a day. That’s a
> lot of email.

[http://www.dbasoul.com/2011/1008.html](http://www.dbasoul.com/2011/1008.html)

Update: According to their stats page, they had 410k email accounts hosted
before shutdown
[https://twitter.com/georgemaschke/status/365553445538775040](https://twitter.com/georgemaschke/status/365553445538775040)

~~~
trimbo
70 GB / 600K emails = 122KB per email. That's a large average even with
headers. To put things in perspective, Costco's massive marketing email sent
to me this morning is 138K including headers.

So the question is, what were people sending though Lavabit that _averaged_
122K and would have attracted attention? Therein probably lies the reason for
all of this.

~~~
dictum
If Lavabit allowed large attachments, I'd say photos.

122KB is the average. The majority of emails were probably 1-2KB. Then
newsletters, around 50KB. Lastly, emails with attached photos, ~5MB.

Probably follows a simple Pareto distribution: 20% of emails comprised 80% of
the total storage required.

------
koenigdavidmj
"I can't tell you the reason" is a rather blatant way of saying "National
Security Letter".

~~~
aroman
At first I read your comment as "rather _brilliant_ way" and I agreed with it
more than your actual comment :)

------
rsync
Time to donate to the EFF. They haven't been branded as a terrorist charity
yet, AFAIK...

~~~
venomsnake
Don't give ideas.

Too bad that he does not have donations page. I would gladly donate. Also -
respect for the decision he made. If he kickstarts a campaign for restoring
the service I will be there too.

~~~
erichurkman
There is a link at the bottom of the email to a PayPal page for donations to a
Legal Defense Fund.

I do wonder if PayPal was a good choice for this, or just a choice of
convenience. I have trouble trusting PayPal given how many horror stories
about accounts being suspended, funds seized (or returned to the senders), and
phantom account locks for fraud investigations.

------
joelrunyon
> I wish that I could legally share with you the events that led to my
> decision. I cannot. I feel you deserve to know what’s going on--the first
> amendment is supposed to guarantee me the freedom to speak out in situations
> like this.

Anyone know what happens if he just says "F it" and writes a massive blog post
on what exactly happened or what exactly they said to him?

~~~
guelo
He'd probably go to jail immediately and then spend years working the case
through the courts in the hopes of getting a Supreme Court decision striking
the law down as unconstitutional.

~~~
hkarthik
Probably worse. They'll often go after family members (siblings, parents,
extended family) and their businesses until you comply.

------
kefs
Seems like it would make sense for users to demand that any US based service
includes a warrant canary, just like rsync.net's implementation. A global
canary + separate canaries for individual accounts would also make sense.

[https://en.wikipedia.org/wiki/Warrant_canary](https://en.wikipedia.org/wiki/Warrant_canary)

[http://rsync.net/resources/notices/canary.txt](http://rsync.net/resources/notices/canary.txt)

~~~
jaggederest
I don't think canaries are effective. You can't get around a court order just
by mental gymnastics, they'll hold you in contempt. I'd be happy to be proven
wrong, but I suspect that they'd simply order you to keep updating the canary.

~~~
kefs
I'm also unsure of their proven effectiveness, but how could they hold you in
contempt for _not_ taking an action?

~~~
cschmidt
I'm sure they would argue that you weren't supposed to reveal that you were
under an NSL, and that your inaction _did_ reveal it, so you violated the
terms. As the grandparent says, it probably just a cute legal trick that
wouldn't impress a judge.

~~~
jlgreco
If it gets to the point that a judge is not impressed, at least the public has
been warned.

~~~
IvyMike
The "judge is not impressed" means they would probably view it as the same as
just warning the public directly, with equivalent penalties.

And thus the canary is legally useless--if you're going to have the penalties
of violating a national security order, might as well just do it in a
straightforward manner.

~~~
jlgreco
At this point, it is speculation that the judge would not be impressed. If
anyone decided to test the theory, the public would be informed regardless.

~~~
jongraehl
I agree, but your analysis is missing something: the canary-threatener may be
secretly, without a public ruling, within the refresh interval, be convinced
that if he doesn't keep updating (falsely) the canary, he'll go to jail. In
other words, the precommitment to stop producing the canary signal isn't fully
credible (though it seems much more likely to get the message out than a
promise to actively say if something happens).

~~~
patrickmay
The technical solution to that social problem (yeah, we know how well those
work) is to set the refresh interval to be less than the time required to
process a motion contesting the government's order to update the canary.

------
mtgx
Source: [https://lavabit.com/?repost=true](https://lavabit.com/?repost=true)

This is very unfortunate and sad. I hope he wins in Court. The
NSA/administration are really trying to destroy the last bit of privacy in the
world, and they will fight relentlessly until they do (especially if the
People aren't fighting back).

~~~
joering2
um okay. If it is what we think it is, what makes you think that he will
wrestle with Feds if Google, Facebook, Yahoo, Microsoft and other billion-
dollars giants were not even interested pursuing the legal way?

Most likely, this is all so secret with secret courts foreseeing secret
rulings that unless he has solid capital to burn on legal defense, he won't
get far. He won't get far probably either if he has the money. I am sure
courts would stretched it in infinity. And I am sure the owner is businessman
more than a libertarian.

~~~
SageRaven
Sometimes a David makes a bigger impression than a Goliath.

It's been years since I've worked with Ladar. However, he's a man of great
intelligence and principle. It's not unheard of for "the little guy" to take
on the machine and win. I believe that Ladar will prevail in the end, and I
hope he'll resume operations or come up with something even better.

I'll be donating something as soon as I finish my post.

------
lawl
I really would want to donate to them. But you know I kind of feel weary now
connecting my PayPal Account with them. I hope some kind of organisation is
standing up for them. Like EFF or something. Not because I don't trust them.
But because I don't trust the NSA. They might flag me as a terrorist or
something. Then again I'm probably already on this list for having some
technical involvment with something the US gov doesn't like.

I guess it _purely_ a _coincedence_ that Snowden used a lavabit address the
last few weeks. I guess there is _no_ relation _at all_.

~~~
jerfelix
There should be a bitcoin address for donations.

There's no reason to trust me, but if you send me bitcoins, I'll convert to
dollars and send to the fund. You preserve your anonymity. I'll convert all
donations at the end of each month.

173WSQxBiwswTtMBxnnhGTZJtTy2RrdLgn

~~~
lawl
Thanks for the offer, unfortunately I don't have any bitcoins so i would first
have to buy them. Which I would have to do with money that can be traced back
to me...

------
jka
I've posted this link on HN before, but it's potentially relevant - we might
find out more, but it sounds like this might be the result of a National
Security Letter preventing Ladar from talking about the reason behind the
shutdown.

I would suspect he has tried to protect his users from a request for
information (NSLs are allegedly limited to metadata), but would prefer to
discontinue the service than take the other possible legal action (silently
disclosing information). Perhaps it is possible he will/has been forced to
disclose information anyway.

This link is a video featuring Nicholas Merrill who (if this is in fact NSL-
related) went through a similar situation with his ISP Calyx, and gave as much
information as legally possible about the frustrating process as a talk at the
yearly Chaos Communication Congress in 2010.

[https://events.ccc.de/congress/2010/Fahrplan/events/4263.en....](https://events.ccc.de/congress/2010/Fahrplan/events/4263.en.html)

------
tehwalrus
I had just signed up for 2 years pro service, and had been wondering why
thunderbird couldn't log in all day (and I've been waiting to send an email
all day!)

I also recently had a chat with their support about this (before purchasing,)
and they told me something like _" don't worry, we're not big enough to get
hit by this stuff, and if we are we'll tell them where to shove it!"_ \-- it
looks like they were telling the truth.

------
unethical_ban
I watched Casablanca the other night.

SPOILERS

I thought about how the Gestapo had Lazlow in their midst, at the same TABLE
as them, and yet didn't do anything immediately other than deny him further
travel. Of course, it's a movie, but it was an interesting thought. Nowadays,
if Snowden were known to be hiding in a foreigner's Moroccan cafe, we'ds drone
half the building.

Also, I noticed the pride and the wonder that America inspired in the workers
and patrons of Rick's. It was a symbol of freedom and opportunity. I wonder
how many people see it that way now.

~~~
toyg
Old European elites shared a common culture that went beyond borders, at times
perversely so (e.g. the whole Geneva Convention mindset where war is all a big
game in need of more gentlemanly rules). They respected each other more than
they did their fellow countrymen from lower classes. It's the same today:
you'd never see a Saudi billionaire droned, even if we knew he'd been "the
real Osama" all along.

Snowden is a little fish and as such he's being treated, as an example to his
uppity peers. His friends are little fish, and as such are being burnt down
without a second thought.

~~~
Dylan16807
Iterated prisoner's dilemma isn't exactly a 'perverse' way of looking at war.
Taking the high road helps you more than it hurts you. And remember that a
country taken with minimal casualties is going to be much less rebellious.

Killing is not the _goal_ of war.

------
junto
They should open source the whole thing. We can bring it to Germany. I believe
we are legally allowed to tell the NSA to GFYS.

Any people who have businesses in the US need to take a serious look at the
risk now posed by their own government on the success of their business.

One rogue customer and business could go down the toilet, or you'll be forced
to bend your morals to suit a rogue secret fiefdom.

------
spoiledtechie
When the FUCK did we become a nation that starts shutting things down that
don't comply with the government?

What really have we come to?

Reminds me of Nazis Germany, except replace communist and socialist with Free
Thinkers, The Innovators.

First they came for the communists, and I didn't speak out because I wasn't a
communist.

Then they came for the socialists, and I didn't speak out because I wasn't a
socialist.

Then they came for the trade unionists, and I didn't speak out because I
wasn't a trade unionist.

Then they came for me, and there was no one left to speak for me.

~~~
NegativeK
> When the FUCK did we become a nation that starts shutting things down that
> don't comply with the government?

This is not new. When a company doesn't comply with fire code, the business is
shut down. When a company doesn't comply with law enforcement, it's shut down.
This is the case when the law is just or not (until the courts rule it unjust,
best case.)

But to your actual point: we've been a nation that enslaved an entire race,
locked up another one because of war, genocided yet another, banned speech
against the government, ruined careers of famous scientists and actors because
of political affiliations, passed laws against sex acts, shot water cannons
and unleashed dogs at protesters, shot others, tore up the shanty towns of
veterans, trained our soldiers to be racist so they'd be more effective,
classified encryption as munitions, and on and on and on and on.

This NSA crap is infuriating, but pretending that we've suddenly turned into
Nazi Germany (and conveniently ignoring our history, such as J. Edgar Hoover,)
turns a complete blind eye to the fact that we've dealt with this before. We
need to tell our representatives that this is not okay -- not hyperbolize it.

Also, and most importantly, quoting things from the Holocaust is absolutely
disrespectful to the survivors of the Holocaust and the millions who died. Not
only is that poem diluted by it being towed out whenever a government does
something that someone doesn't like, but your argument is better served by
coming up with something original.

~~~
stass
> But to your actual point: we've been a nation that enslaved an entire race,
> locked up another one because of war, genocided yet another, banned speech
> against the government, ruined careers of famous scientists and actors
> because of political affiliations, passed laws against sex acts, shot water
> cannons and unleashed dogs at protesters, shot others, tore up the shanty
> towns of veterans, trained our soldiers to be racist so they'd be more
> effective, classified encryption as munitions, and on and on and on and on.

Yes, and police in US has historically acted to protect the regime and not the
citizens regardless of whether the citizen actions were justified and lawful
or not. Environmentalists have been dealing with this for decades[1], so it's
not something new and probably not getting worse: internet activists' homes
could as well have been raided, family members handcuffed and their eyes
pepper-sprayed. This is fairly common, unfortunately. The question is what do
we do about it?

[1] See the "If a tree falls" documentary for an excellent example.

------
Kelet
Crap, I had just recently migrated all of my accounts to my new Lavabit
address, paid for a year of service, etc.

Although I've seen some mentioned, what recommendations does HN have for a new
e-mail service? Preferably something stable and also respecting of a user's
privacy. Or perhaps you can only have 1 of the aforementioned attributes.

~~~
aleksis
I just lost access to my primary email account.

~~~
unethical_ban
Do what I do!

I have my own domain name, currently hosting with Google Apps. If I get the
motivation to move to another host like myself, I can do it without changing
contact information.

~~~
throwit1979
Oh good, because Google will never be subject to an NSL.

~~~
unethical_ban
At the moment, I accept the danger and resent myself for it. Moving to a
custom domain is one step in the process, though.

And really, since all your email hops through relays constantly, the only
truly effective anti-spy technology is message encryption, which wouldn't
depend on where the messages end up.

------
DASD
Interesting thread from Email Discussions:

[http://www.emaildiscussions.com/showthread.php?t=66968](http://www.emaildiscussions.com/showthread.php?t=66968)

If you're a SAAS provider, be aware if you need to shutdown that many users
are not prepared for this. Several posters in the linked thread rely on a
recover password feature sent to e-mail for access to other accounts. Not a
prudent practice but this is common for many.

~~~
toyg
This is not an orderly shutdown, this is basically a civil disobedience act.
As such, the more people are pissed off, the better (as long as their rage is
channeled to the real culprits, i.e. the feds).

------
joyeuse6701
You know, all these counter measures we come up with are just 'patches' to a
set of bugs in our society. We need to rewrite the damn thing. This will just
become a cat and mouse game against our own gov't and indirect defensive
movements are meaningless without some sort of offensive to change policy.
This is becoming a full blown arms race over people's private information. The
funding, the computational power, the human capital used to create these
things... if the gov't can't or won't listen to the people's will and the
situation is bad enough, then something will rise to replace the broken
system. Someone's got to spearhead a defense of the individual.

~~~
WhoIsSatoshi
You're talking about Assange. He's currently running for australian senate
spot. Read his book, spread the word.

~~~
joyeuse6701
I may have to.

------
nsxwolf
If there's any upside to this news at all, it's a confirmation that encryption
in general does frustrate the NSA's mission to some extent.

------
Karunamon
Are there any countries, anywhere, where a person can store data outside the
reach of the US government's illegal overreach?

Any countries friendly to the US are right out. They can tap the lines, but
there are ways around that.

I just want to be able to park data where some twit with a piece of paper that
says "NSA" on it can't get it retrieved or deleted. Any suggestions?

~~~
vlastik
Iceland should be OK

~~~
flixic
Iceland is a NATO country, and fairly friendly with USA.

~~~
vlastik
That's irrelevant in this case, please see [http://torrentfreak.com/kim-
dotcom-will-move-mega-privacy-se...](http://torrentfreak.com/kim-dotcom-will-
move-mega-privacy-services-to-iceland-to-avoid-spying-130809/) and more.

------
sage_joch
If Congress has passed laws abridging the freedom of speech, then those laws
are illegitimate. Unfortunately, it feels as if speaking favorably of the
Constitution is enough to get put on a watch list anymore.

~~~
gecko
Congress can legally pass laws abridging freedom of speech, and has always
been able to do so. For example, if someone were to talk up and threaten my
life, that is not legally protected speech. Nor is blackmail, for that matter,
nor the famous adage of shouting "fire!" in a crowded theater.

For that matter, Congress can legally restrict speech in certain national
security issues, and has, again, done so for a very long time. The Supreme
Court has (in my opinion, correctly) understood that restricting people
handling classified documentation from repeating that information is, _without
extraordinary circumstances_ (more on that in a second), completely legal, for
example.

The trick here is the sheer _breadth_ of the NSLs. I completely agree that
they're unconstitutional, and I sincerely hope they are struck down in court.
But I hope that I've just highlighted why this isn't a slam-dunk situation for
those on the receiving end of an NSL. Add in that, at least so far, any
disputes with NSLs have to be taken up with the FISA court, and even wins
against NSLs don't actually count as binding precedent, because FISA itself
does not create binding precedent.

Congress can, in certain circumstances, make laws restricting freedom of
speech. This isn't one of those instances. But suing our way to that
conclusion will take time, money, and personal risk for the petitioner.

~~~
mattraibert
>the famous adage of shouting "fire!" in a crowded theater

[http://www.theatlantic.com/national/archive/2012/11/its-
time...](http://www.theatlantic.com/national/archive/2012/11/its-time-to-stop-
using-the-fire-in-a-crowded-theater-quote/264449/)

> In 1969, the Supreme Court's decision in Brandenburg v. Ohio effectively
> overturned Schenck and any authority the case still carried. There, the
> Court held that inflammatory speech--and even speech advocating violence by
> members of the Ku Klux Klan--is protected under the First Amendment, unless
> the speech "is directed to inciting or producing imminent lawless action and
> is likely to incite or produce such action" (emphasis mine).

------
raganwald
Seems like a good time to hunt through the wayback machine:

[http://web.archive.org/web/20130116102854/http://raganwald.p...](http://web.archive.org/web/20130116102854/http://raganwald.posterous.com/friendly-
for-business)

------
alan_cx
So, secret court case, started by a secret spy service gets an email service
shut down. We _know_ next to nothing, except the service went down, with out
an open honest explanation. The owner is left with leaving a cryptic-ish
message to their users.

So, I ask again: at what point is it reasonable to use words like fascist,
police state, etc? What is a reasonable tipping point?

~~~
PavlovsCat
If you'd simplify it as fascism being about control instead of, say,
conscience and justice, then it certainly seems to continue to be headed in
that direction: [http://www.theatlanticwire.com/national/2013/08/nsa-will-
rep...](http://www.theatlanticwire.com/national/2013/08/nsa-will-replace-most-
their-potential-snowdens-machines/68153/)

------
EthanHeilman
The line "A favorable decision would allow me resurrect Lavabit as an American
company." seems to suggest that he may be working to create lavabit outside
the borders of "Mordor". Can he reopen it as a foreign business?

------
tareqak
Some questions given the reasons why they had to shutdown:

1\. Can Lavabit now set up shop overseas (with a different TLD)?

2\. If not 1, can Lavabit license their software infrastructure in such a way
such that someone overseas can set up shop for them?

3\. If not 2, can Lavabit open source their software such that someone
anywhere else in world can start their own Lavabit?

The point that I am trying to get across is that if Lavabit has been forced to
shutdown through no wrongdoing of their own by the US government, a case can
be made that certain American government actions are making American companies
uncompetitive/non-viable in an increasingly competitive global marketplace.

TL;DR jobs are leaving the United States.

~~~
toyg
Not knowing the actual crime, you cannot answer any of those questions.

See, this is why "secret laws" are so bad: you cannot legally counteract
because _you don 't know what's legal anymore_.

~~~
tareqak
I am speculating because I am genuinely interested.

Assuming this event is the result of an NSL, what can the owners do next? An
NSL would have to have been served against an organization. If said
organization no longer exists, there should be no reason why another
organization that performs exactly the same activity as the first could not be
formed.

If the answer is no, then it's as if a coffee shop was destroyed by a
hurricane, but now the government says you aren't allowed own/operate/license
coffee shops anymore except the hurricane is actually an arm of the
government.

This event really gives a new meaning to "invisible hand", except this time,
it's in the shape of a fist[1].

[1]
[https://en.wikipedia.org/wiki/Invisible_hand](https://en.wikipedia.org/wiki/Invisible_hand)

------
mathattack
This is a real shame. 10 years of work gone, and they have to ask for help for
the legal bills.

------
scoofy
How in the hell are national security letters constitutional? It's
mindboggling to me that they haven't reached the Supreme Court. I don't mean
to sound like a hippie or patriotic douche, but it seem rather tyrannical that
you aren't even allowed to talk about something that happened to you.

~~~
john_b
I have been wondering the same thing. They very clearly abridge on one's
freedom of speech, so if they have been tested in the courts at all (?) then
some mental & legal gymnastics were no doubt required to justify them,
probably invoking analogies about "tradeoffs" of dubious validity in the
justification.

If someone knows of any court precedents here, I'd genuinely be interested in
hearing & reading about it.

------
bgentry
How long until PayPal suspends their legal defense fund?

On a serious note, if you want to donate to their defense fund, consider doing
so anonymously. Pay cash for an Amex or Visa gift card, and use that to make
your donation.

~~~
burke
This is a really great way to get their PayPal account frozen for sure.
Abnormally high rates of Visa gift cards will absolutely trip all the fraud
alarms.

------
vermontdevil
Lavabit needs to contact their congress representative and raise stink.
Explain to the representative that jobs and money is at stake. And explain to
the local community how there will be jobs lost due to this behavior.

We need to start getting on both local communities and their representatives
to emphasize the long term dangers of NSA's actions towards tax revenues,
jobs, etc.

In other words speak their language and make them understand that inaction is
not an option.

And yeah spare me the comments about how all Congress representatives are
owned by corporations etc. It is still possible to get your representative to
pay attention as they still need votes for the next election every two years.

------
plainOldText
I know I've said this before in one of the other threads, but I believe
donating to their Legal Defense Fund is a sensible thing to do if you care
about your rights. Link: [https://www.paypal.com/cgi-bin/webscr?cmd=_s-
xclick&hosted_b...](https://www.paypal.com/cgi-bin/webscr?cmd=_s-
xclick&hosted_b..).

------
tenpoundhammer
Sounds like any country willing to guarantee a snoop free environment could
have a lot of servers hosted there. I'm thinking the Caymen islands of data.
Set up a shell company and a shell server in the Caymens to protect your money
and your customers.

~~~
johnrob
Don't forget a _physical_ shell to keep the U.S. marines at bay.

------
Theory5
Well, that's it. I am now going to move everything onto my own infrastructure.
I signed up for lavabit a while back, and I like them as a secondary email
service; and now they just shut down!

------
joncfoo
Is there a way to verify that the service has been shut down for the reasons
stated/(not-stated)? I want to call my political representatives and let them
know that these secret court filings that prevent people from speaking about
their case hurts businesses & individuals alike. Before I do that though I'd
like be sure that the reason Lavabit shut down is due to the government's
interference. Is there any way of finding out?

Also, can someone recommend a trusted alternative?

------
Glyptodon
I've had a lavabit email as one of my main emails for years (close to when
they first started) and this is a major inconvenience. I'm not sure I'll be
able to change the email address associated with a lot of my various accounts
now that they're offline.

~~~
vincentstorme
I'm in the same boat. Anyone know of other services similar to Lavabit?

~~~
vincentstorme
Switched to runbox: [https://runbox.com/](https://runbox.com/)

~~~
chopin
MD5 message authentication for the site. No PFS (ephemeral key exchange).
Mixed content. I couldn't find a statement where the servers are hosted. Not
exactly encouraging.

------
samstave
So this is the reality. 100% proven that there is utterly NO privacy nor any
"legal" defense against the spying of the NSA.

America has NO 4th amendment rights and encryption is now a criminal activity.

------
u2328
Any other Obama supporters out there so utterly disappointed in this
administration? Call me naive, but good god this is depressing. Seems like the
country at large is so much more willing to let this stuff slide because it's
not Bush/Cheney doing it.

Congrats Democrats. Your complicity here has pretty much converted me to a
third-party voter.

------
uptown
So we've hear stories of the big companies being targeted. Now a smaller
company has been included. How small will this go for monitoring?

Should we assume that any browser plugins are potential trojan horses for
desktop targeting?

~~~
unimpressive
Why stop there? You can probably bully the smaller open source programmers who
work on various utilities to backdoor their programs.

~~~
vdaniuk
Actually, open source provides plausible deniability where a programmer would
be able to provide information about a backdoor to the community anonymously.

------
EdSharkey
When I read the Lavabit statement, I felt like this was "The Strike" Ayn Rand
predicted. Guy took his marbles and left. Tough to be optimistic about our
future after seeing this happen for realsies.

~~~
SmokyBorbon
Atlas shrugged and dropped the world wide web.

------
throwaway420
Lavabit's UI was a bit imperfect, but their death is a horrible loss to people
who were using it and looking to defend their privacy. Additionally, the fact
that this guy running the service was clearly threatened with some kind of
national security letter that clamped down on his freedom of speech is rage
inducing.

There's a lot of ridiculously smart folks on here who are making good money
working on advertising, social networking, and other typical web 2.0 startups
and companies. There's nothing wrong with these things, they are certainly
enriching peoples' lives and create value.

But if what is going on in the world isn't a clarion call for a lot of these
smart people to look into startups, networks, services, software, open source
projects, etc that try to defend peoples' privacy I don't know what is.

I urge everybody to look at your notes, ideas, forgotten projects, and see
what you can come up with to provide services and ideas and concepts that will
work to defend people's security and privacy from government entities that
have gone drunk with power.

Not only is this vital to everybody's liberty, but there is a ridiculously
huge business opportunity here for services and software that can provide some
measure of defense for people.

If we don't stop what is going on soon there will not long be a market for a
lot of cloud based services that people are going to want to use.

------
acuozzo
I only used webmail on Lavabit; not IMAP.

All of my e-mail is gone.

I was a paying user. WTF.

~~~
sneak
Why did you not make backups?

~~~
acuozzo
I only started using Lavabit a few months ago.

------
afarrell
Wired says "Court records show that, in June, Lavabit complied with a routine
search warrant targeting a child pornography suspect in a federal case in
Maryland. That suggests that Levison isn’t a privacy absolutist."

Can anyone find me a primary source on this document? It is from
[http://www.wired.com/threatlevel/2013/08/lavabit-
snowden/](http://www.wired.com/threatlevel/2013/08/lavabit-snowden/)

~~~
Ningzhi
[http://dblf27q6vp5m8.cloudfront.net/Lavabit_Joey006.pdf](http://dblf27q6vp5m8.cloudfront.net/Lavabit_Joey006.pdf)

------
MarcScott
Can you imagine if this had been the response from Google, Microsoft and Yahoo
when the FISA court demanded they hand over data? I commend Ladar Levison.

~~~
nilved
If I was using Google, Microsoft or Yahoo I wouldn't have found out that my
primary email account was shut down abruptly, my subscription canceled without
refund and my email lost without any ability to download it. Not sure if
that's really a worthwhile tradeoff for the average person.

~~~
kbart
On the contrary, I believe millions of angry Gmail and Facebook users (and
voters) COULD have influenced some politic decisions on this matter.

------
dgregd
Is this really the end of freedom in the US? Does your constitution means
nothing nowadays?

Almost everybody here talks to move email elsewhere, etc. There are no
positive comments.

Does this mean that the US government has won and can do anything they want?

~~~
SmokyBorbon
It's over.

------
rexreed
This may have something to do with it: [http://bbs.boingboing.net/t/so-
apparently-edward-snowden-use...](http://bbs.boingboing.net/t/so-apparently-
edward-snowden-uses-security-focused-email-service-lavabit/3645)

And he references his troubles over the past six weeks, which would be pretty
much perfect timing with this.

------
nish1500
It won't be long before companies start introducing non-USA-affiliated as a
feature.

~~~
grote
That's already happening. [https://MyKolab.com](https://MyKolab.com) for
example is heavily playing the hosted in Switzerland card.

------
mpyne
One big question I have for the legal beagles: It's understood (if not well-
liked) that Fourth Amendment protections don't apply to data given to a third-
party...

What if, instead, you host server space within the U.S. and run your own
software (email, listserv, whatever) and data on the leased hardware? I would
think there's a good argument that Fourth Amendment protections then resume,
and the domestic-ness of the server would also mean the NSA is not legally
allowed to look at it, at least without a real Article III warrant.

Do similar rights apply IRL, e.g. if you rent a storage closet, can law
enforcement just open the door when they wish or do they need to get a
warrant?

~~~
tootie
You need a warrant, but honestly we don't know if that isn't the case here.
It's come up before that the NSA, FBI et al, serve warrants for encrypted data
and can demand it be decrypted. Otherwise, services like lavabit are
equivalent to Swiss bank accounts that are unreachable by any means,
legitimate or otherwise. Realistically, this service was almost certainly
hosting a ton a illegal activities.

~~~
mpyne
Well there we go then, Constitutional Fourth Amendment protections restored.

But why do I get the impression that's not _actually_ what we all were really
asking for here?

~~~
Dylan16807
There are multiple overreaches.

In this case the government is probably trying to pull a hushmail: getting the
service provider to install spying equipment targeted at their users, and then
sharing the spy data with the government.

1\. The government should not be able to force this kind of spy equipment to
be installed.

2\. If we had good privacy laws it would be illegal for the company to even
_willingly_ share this data without a warrant.

~~~
tootie
I think the trick here is that lavabit can't share data even with a warrant.
Their inability to do so is pretty much their entire business model. That
protects people from unwarranted intrusions, but it also insulates people from
legitimate investigation. If they build a backdoor for only duly authorized
warrants, they are no more or less obligated to comply with an NSL.

~~~
mpyne
I would hope that _if_ they've received an NSL ordering them to wiretap their
own email, that the NSL is at least limited to specific targets of an
investigation.

But some people do strongly believe in throwing out the whole bathtub if
that's what it takes to keep the data safe, and to those people I will
certainly tip my hat, even if I disagree myself.

~~~
Dylan16807
I can accept a company complying with a warrant and divulging data for some
customers.

I will not accept a company that promises complete security and then sends a
trojan to customer computers. Anyone that betrays the security promises made
to the entire user base (eg. hushmail) should be ostracized.

~~~
mpyne
Agreed.

------
yaiu
As a user I'm essentially fucked. I can't change emails since the service is
shut down... and the money I paid is now gone.

~~~
MrGando
I'm guessing that you will receive some sort of notice on your data.

You should reconsider foreign hosting the next time, this sucks.

------
sycren
Would it be naive for me to ask if the private key can also be encrypted?

User logs in, password is used to decrypt the private key which is used to
decrypt the emails.

I guess this method would mean that the password is not stored as such.
Perhaps there is a method of encryption that you could use that generates
different sentence structures and word choices instead of obfuscation. So even
if a user tried to bruteforce the login, they would always get a message back
in the language it was written with no idea if it was the correct message
unless they demand the password from the user.

Therefore, all the 'keys' can be handed over but it's all meaningless.

------
ics
I _just_ signed up three days ago, and was exchanging mail with one of their
reps about opening a couple more accounts with them. I went to log in last
night and noticed that the service was down, which I thought was a little odd
(since everything was down at once). I'm going to have to read this again
later when I get a chance but for now, wow. I respect their decision but I'll
bet the timing sure was bad for a lot of people (especially those coming to
Lavabit specifically to escape what's going on here).

------
wellboy
Looks like the second hero from the NSA scandal emerges.

------
ozziegooen
Apparently they just cut off all email access. From Facebook: "Could you
please at least forward the messages for a couple of days to some other e-mail
accounts? I can't reset/change the e-mails I used on other websites because
they require validation PER EMAIL." "While I approve of what you've chosen to
do, I just purchased a decade of advance service from you, and you've left no
contact addresses or information. Who are your customers supposed to speak to
at this time?" "i do respect your decision. But as a long time lavabit
customer(8 or so years) I am very upset. I have paid money every year to
upgrade and have spam protection and now lost all my emails. I would have
liked some notice and a forwarding option for us."
[https://www.facebook.com/KingLadar?fref=ts](https://www.facebook.com/KingLadar?fref=ts)

~~~
nwh
I doubt they truly have much choice in the matter. It sounds more like a pull-
the-plug-and-run sort of situation than one that leaves any actual planning.
As their servers now just flat out don't have an SMTP service running, it
seems like a fairly reasonable guess.

------
HNaTTY
Here's my speculation, to be buried 450 comments deep:

The government said, "you must update your software to compromise your
encryption, and deliver us this information we have a warrant for." Lavabit
said, "well, no, that defeats the purpose of our business". The gov't said "we
don't care, we have a valid warrant" and now Lavabit is out of business.

If I'm right, nobody's files were compromised because Lavabit refused, but I
imagine that doesn't bode well for returning user data because there could be
huge legal consequences if one of the confirmed users is strongly suspected of
XYZ.

If I'm right, it shouldn't prevent the owner from starting a new secure email
service outside of the US. I suggest Iceland.

------
th3byrdm4n
If I could afford it I would donate, big time, to them.

------
kelvin0
The whole system is collapsing under it's own weight. There is no simple
solution, we simply need to accept that the current power structure in place
and anything resembling it will always cling to power for it's own sake.

It's up to us to decide if we want to continue having our cake and eating it
too. What I mean is that we cannot continue incensing our shiny techno-gadgets
based system, and then also be surprised that the same system tries to keep
itself 'on top' by whatever mean necessary.

We need to change our attitudes and actions within the current system,
anything else is simply a band-aid on an open wound.

------
skrowl
So.... what should we use now?

~~~
WhoIsSatoshi
Is MEGA ([https://mega.co.nz/](https://mega.co.nz/)) an acceptable company?
What's the HN consensus on this? Kim Dotcom does appear a bit sketchy.

~~~
hnha
god, no. that weasel ran bbs systems for the whole purpose of ratting out
warez users to the authorities, making money through it as he coorporated with
a lawyer. he actively spied on the users.
[https://de.wikipedia.org/wiki/Kim_Schmitz#Werdegang](https://de.wikipedia.org/wiki/Kim_Schmitz#Werdegang)

never ever trust that piece of ....

------
methehack
Maybe we should all just start writing letters again. Snoop that mutha fucka!

~~~
cracell
The USPS reportedly has some very expensive machines that can read letters
without opening them now. I believe it was Russell Tice that said that, though
I can't find the specific source at the moment.

But it's technical feasible and a desirable tool to get around being unable to
legally open letters.

------
tn13
Shutting down of Lavabit makes us more safe from suicide bombers!

------
biomechanica
I support his dicision. I just wish there was some warning so I could have
prepared for losing all of my contact information, etc. This couldn't have
happened at a worse time as my backup server took a rather ultimate farewell
yesterday.

I _really_ don't want to use gmail or hotmail, so what other service can I
use? Ugh. It might be time to get back to the roots and invest more time and
effort in decentralized services instead of relying on centralized services.

------
MrGando
This is terrible, I'm thinking about migrating my personal stuff out of
Digital Ocean to some VPS host under the Netherlands legislation or other...
any suggestions?

~~~
eqyiel
For a NL VPS host I would like to recommend tilaa.com. No affiliation, just a
happy customer.

------
laureny
Doesn't the fact that Snowden was using Lavabit lend credence to the
allegation that he has been leaking information?

If you're just a regular joe who, one day, realizes that what he's working on
is bad for the public and decides to release it to the public, surely you have
had no reason to use an encrypted email service before this realization dawned
on you.

~~~
DanBC
No.

Some people are aware of the long history of government surveillance, or of
the lack of privacy in regular email. Some of those people will have encrypted
their email in an attempt to reduce the amount of casual snooping they leave
themselves open to.

------
mrshu
It's very sad news. For those who didn't use it, Lavabit has been down for 2
days prior to releasing this statement. To give you an idea what it felt like
I wrote up my experience here:
[http://mareksuppa.com/blog/notes/lavabit/](http://mareksuppa.com/blog/notes/lavabit/)

------
resplin
This is a great story about an ISP owner having to deal with National Security
Letters: [http://www.shiftfrequency.com/madison-ruppert-owner-of-
small...](http://www.shiftfrequency.com/madison-ruppert-owner-of-small-utah-
isp-describes-how-the-nsa-got-him-to-install-surveillance-equipment)

------
revelation
The health page is still up:

[http://lavabit.com/health.html](http://lavabit.com/health.html)

------
photorized
Host in Russia. You all saw how the Snowden issue was handled.

Just don't do anything that would attract FSB's attention.

~~~
jlgreco
Snowden isn't a general purpose tool. As far as Russia is concerned, he
presents no threat to them; it's not like they are going to let him pursue a
career in the FSB.

This service however _is_ a general purpose tool. It would attract the
attention of the FSB immediately.

~~~
dsuth
Exactly. A lot of the fallout from this seems to be revolving around the idea
of getting a service in 'not the USA'. Never mind the fact that: a) The US has
been shown to actively compromise targets in their ally's jurisdictions and
then share that information. We can assume allies are doing similar. b)
Countries not allied to the US are not necessarily your friends either.

Odd times, when the data havens proposed by Neal Stephenson in his sci-fi
books start to look more and more important... to the citizens of (supposedly)
the most freedom-loving country in the world.

------
dmead
[http://gizmodo.com/somebody-read-government-goons-shut-
down-...](http://gizmodo.com/somebody-read-government-goons-shut-down-edward-
snow-1070103469?utm_campaign=socialflow_gizmodo_facebook&utm_source=gizmodo_facebook&utm_medium=socialflow)

------
declan
My initial guess about what the government did to Lavabit that forced Ladar
Levison to shut it down:
[https://plus.google.com/112961607570158342254/posts/EujgUYbr...](https://plus.google.com/112961607570158342254/posts/EujgUYbrEwv)

------
andy_ppp
Given what we know about all this; the NSA has a legal right to retain access
to everything - you have no right to complain or to stop it (because of the
terrorists/children/anything that'll wash), we can assume Google Glass is a
dead product at this point right?

------
Zelphyr
I really wish he had chosen some other means for accepting donations. PayPal
has gotten so bad that I literally can't donate money to a worthy cause
because I can't even change my fucking address on file without some generic
error message popping up.

------
olsn
A "complicit in crimes against the American people" \- he's just providing a
tool, if he's a complicit then ANY weapon-/gun-manufacturer in the US is a
complicit in armed crimes/murders against American citizens!

------
shirro
Anyone care to comment on the chances services like LastPass are compromised
in some way? I would expect they would have been approached. Even if the data
is end-to-end encrypted there have to be ways - injecting something client
side etc.

------
oldgregg
dear god I hope he open sources his codebase.

------
chx
Do you know much coverage this extraordinary events gets in mainstream media?
Nothing, zilch, nada. [http://imgur.com/a/WyDKy](http://imgur.com/a/WyDKy)

~~~
MyDogHasFleas
Washington Post: [http://www.washingtonpost.com/blogs/the-
switch/wp/2013/08/08...](http://www.washingtonpost.com/blogs/the-
switch/wp/2013/08/08/snowdens-e-mail-provider-is-closing-cannot-legally-say-
why/)

You may not include the Drudge Report
[http://drudgereport.com](http://drudgereport.com) in your definition of MSM,
but they have huge readership. They linked the WaPo story this morning.

------
mladenkovacevic
Hmm another tremor... I wonder how long until the big one hits.

~~~
helloNSA_
This is big news to a persistent minority. The larger population will never
care. They simply don't have the context required to understand the extent and
severity of the problem.

~~~
mladenkovacevic
It's true.. I think Americans might sleep through the whole thing. It seems TV
news doesn't even try to ask questions and whenever they do it's about where
Edward Snowden might be and what Obama's favourite vegetable is.

------
BinaryAcid
I just don't get it. Why not create and store the encryption keys client side?
That way, even Lavabit would not have any keys to hand over. Just like Mega
does.

------
dendory
This will never go away, what we need is strong email encryption to become the
norm. Then the US would need to go see the individual users if they wanted to
spy.

------
khafra
Seems like a great time for cperciva to remain in Canada.

------
jorgecastillo
Maybe if you use Yandex Mail the US government will at least have to do the
proper procedures in a Russian court, to get your data.

------
nilved
Does anybody know of a good European VPS provider for self-hosted email? That
seems to be the only way to go moving forward.

~~~
cheald
If you want security, avoid VPSes. Your VPS is at the mercy of the hypervisor.
You need to own a physical machine under lock and key if you want to be
assured of its security.

~~~
jasonkostempski
And your own army to defend it when whatever government has jurisdiction in
the location of your servers demands access to it.

------
JimWestergren
What about relocating to South America? Perhaps Bolivia? Bolivia is _really_
pissed about USA ... I know as I live here.

------
nilved
I regret giving Lavabit my business and more so paying for several years up
front. This is immensely disrespectful.

~~~
epo
Jesus! The guy is being leaned on by the Government. This is his only option
to maintain customer privacy. "disrespectful"? There aren't polite words to
describe the contenpt I have for whiners like you.

~~~
nilved
Moving forward, yes. Why can't he provide content dumps?

------
pearjuice
Any word on what happens to our data?

------
brass9
Since they've stopped providing service, they should opensource their stack.

------
mnml_
They didn't even bother giving refunds ?

------
superconductor
Can we get a list going of non-US alternatives of popular apps most of us use?

Let's start with Dropbox. What's the alternative?

~~~
Karunamon
I'd suggest Owncloud for that, on a server running in your own home. Encrypted
file system (LUKS), the works.

Pretty much identical to Dropbox and just as stable, IMHO.

Pricewise? You can buy an HP Microserver for about $300 that's capable of 12TB
of storage on the top end (more if you get fancy with external arrays), whack
it into a APC UPS for another $50, and just run it off your home internet
connection. Hang a free domain hame at afraid.org off of it, and run a script
on the box to keep the hostname pointed at your dynamic IP if your ISP won't
give you a static one on reasonable terms.

~~~
patrickdavey
afraid.org looks nice - thanks for sharing :)

------
LekkoscPiwa
In communism there was no progress exactly because of laws like this. Who
wants to operate hosting business in the US now? Why not Asia? HK, Singapore?
Or even New Zealand at this point. See how much business is lost. See how much
Google, Yahoo, MS, Facebook are hurting now. That's true people will still use
them, but not for business critical stuff. No way. In the name of catching a
few idiots from a desert who try to blow up themselves they just handled over
the whole IT industry to the rest of the world. How stupid you must be to do
that?

~~~
Torkild
I'm sure some of the largest of the tech firms are getting something for their
troubles.

------
MyDogHasFleas
Where's the "I wish you hadn't done that, lavabit, I'm a customer and I feel
very screwed over by this action" comments?

Or is this appropriate for any SaaS vendor? You're OK with this? Should all
customers, even those who really don't care if the NSA could be watching, be
put out because some feel that this cause trumps actually doing business and
having customer-vendor relationships?

I could see someone suing an SaaS vendor for an action like this, actually.
"You cost me $XX in actual costs and $YYY in lost business. Your TOS says
nothing about your shutting down because the government asked you to do
something you didn't agree with."

~~~
mariuolo
> Should all customers, even those who really don't care if the NSA could be
> watching, be put out because some feel that this cause trumps actually doing
> business and having customer-vendor relationships?

If they don't care, why pick lavabit then?

From my point of view they did exactly what they were supposed to do.

~~~
MyDogHasFleas
Yep, you're right. I wasn't thinking about their specific business model and
customer set. Thanks for setting me straight.

I wonder what the Lavabit TOS and privacy terms actually said? Usually they
say something like "we will not disclose ... Except to comply with legally
served requests..." I'm curious whether Lavabit had something different here.

Perhaps this suggests a new business model, a sort of turbo canary, where the
service explicitly commits to shut down rather than comply with a secret order
which it would otherwise be compelled to obey.

