
Lavabit Reloaded - ycmbntrthrwaway
https://lavabit.com/?reloaded
======
mvip
If you really want secure email, having it hosted and owned by a U.S. company
is a recipe for disaster. Since we know that the U.S. gov't will gladly issue
gag orders and blackmail, why even bother? It's great that Lavabit is
innovating but Protonmail is already ahead by simply not _being_ in the U.S..

~~~
newscracker
Protonmail is a walled garden of its own because it has no IMAP or POP (hasn't
had it for more than two years since it was requested). So you're stuck with
using the Protonmail apps on iOS or Android or using the web version. None of
them are good choices to have one's own copy of all mails in an easily
portable form. The only option Protonmail provides is to individually save or
print emails. So there's no easy way to export your mails and switch to
another provider.

~~~
mvip
This used to be true. Their IMAP support is currently in beta.

~~~
dhc_tech
how do you get it? I've had an account there a long time and see nothing
allowing IMAP config.

~~~
gabeio
Beta features are reserved for paying customers (and in this case you also
have to apply to get the IMAP functionality). Free accounts don't get it until
it becomes stable.

> The best way is to upgrade your account to a paid account and take advantage
> of the numerous extra features we provide with paid accounts. [0]

[0] [https://protonmail.com/pricing](https://protonmail.com/pricing)

------
bigbrooklyn
If you NEED encryption, don't use email.

From: [https://blog.fastmail.com/2016/12/10/why-we-dont-offer-
pgp/](https://blog.fastmail.com/2016/12/10/why-we-dont-offer-pgp/)

What's the tradeoff?

If the server doesn't have access to the content of emails, then it reverts to
a featureless blob store:

    
    
        Search isn't possible
        Previews can't be calculated
        If you lose your private key, we can't recover your email
        Spam checking on content isn't possible
        To access mail on multiple devices, the private key needs to be shared securely between them
    

update: want->NEED

~~~
unknownsavage
> If you want encryption, don't use email.

That's total nonsense.

> Search isn't possible

It absolutely is, in both theory and practice. The server stores an encrypted
index, and the client walks it (requesting parts as needed). It's going to
little slower, and a lot more complex but it's doable.

> If you lose your private key, we can't recover your email

This is a damn feature. I had my icloud account social engineered (someone
walked into an apple store claiming to be me and they couldn't get their
iphone syncing to "their account"). I'll never again trust another company
with my private stuff.

> Spam checking on content isn't possible

This is probably your best point. It's definitely harder to do well

> To access mail on multiple devices, the private key needs to be shared
> securely between them

This is a non-issue. It can easily be derived from a password

~~~
brianpgordon
> > Search isn't possible

> It absolutely is, in both theory and practice. The server stores an
> encrypted index, and the client walks it (requesting parts as needed). It's
> going to little slower, and a lot more complex but it's doable.

Are you suggesting that to search your mailbox, the client should download
every single encrypted message in the entire mailbox and decrypt them all
locally to search them?

If not, how does the server get this "encrypted index" without having your
private key?

~~~
Pxtl
So what, you hash each word in the e-mail and search for the hash, and this
returns which emails include those hashed words? Would that be horribly
insecure? I guess it would be impossible to salt those hashes, and it probably
risks defeating the whole crypto.

~~~
gardnr
[https://en.wikipedia.org/wiki/Salt_(cryptography)](https://en.wikipedia.org/wiki/Salt_\(cryptography\))

You wouldn't use a hashing algorithm to build the index. They are talking
about an inverted index in a binary format, something like what lucene
outputs. That binary index would be encrypted with a block cipher (AES,
Blowfish) using a secret key and would then be stored on the server.

The mobile client comes along and downloads & decrypts the index in memory,
searches it for some terms(s), the index returns 10 result, of which, the user
selects one and the mobile client downloads and decrypts to show to the user.

------
tinkersec
Code for Magma Mail Server:
[https://github.com/lavabit/magma](https://github.com/lavabit/magma)

Code for DIME (Dark Internet Mail
Environment):[https://github.com/lavabit/libdime](https://github.com/lavabit/libdime)

~~~
ycmbntrthrwaway
I wonder if there are no updates or they are simply not pushed. Similar thing
happened to Telegram [1]. Client is open-source and functional, but Google
Play version is not what you can build from the source.

Explain Lavabit page phrases it like Magma supports only Trusted mode: "We
envision Trustful mode as the mode of choice for businesses, which have
regulatory requirements, data retention practices, and unique needs like
escrow keys. Lavabit’s free and open source server, Magma, supports these
users." Are other modes supported?

[1] [https://github.com/DrKLO/Telegram](https://github.com/DrKLO/Telegram)

[2] [https://lavabit.com/explain-lavabit.html](https://lavabit.com/explain-
lavabit.html)

UPDATE:
[https://twitter.com/kingladar/status/822583975067713536](https://twitter.com/kingladar/status/822583975067713536)

"The website is live, but it will take another day or so to finish deploying
magma, and _get the latest code into Github_."

Looks like code is just not pushed yet, it was just withheld until release.

------
codehusker
Is there any person as trustworthy as Ladar Levison for a service like email
or chat?

To my knowledge, he is one of the few that has gone to the mat for his users.

~~~
pvg
A good way to regain and build trust with users would have been to acknowledge
his previous mistakes. Then at least you could say "he's been around the
block, done it wrong and learned how to do it right". Instead, he writes:

"In August 2013, I was forced to make a difficult decision: violate the rights
of the American people and my global customers or shut down. I chose Freedom."

That isn't what happened. He chose to build and sell a supposedly secure email
service that was fundamentally vulnerable to government intrusion. He then
decided to play chicken with the USG over a warrant no different than ones
he'd complied with previously. The completely pointless escalation forced him
to compromise _all_ of his users, something the government had not been asking
for. He then shut the service down.

There are a lot of ways to describe this but 'I chose Freedom' without any
acknowledgment of his previous mis-steps is both misleading and shameless. I
wouldn't buy supposedly secure services from him.

~~~
ycmbntrthrwaway
> The completely pointless escalation forced him to compromise all of his
> users

How has he compromised all of his users? The service was shut down and emails
kept encrypted. Am I missing something?

~~~
pvg
He gave up the cert, there was no PFS-only configuration, plus, presumably the
FBI got to do their surveillance except instead of the target's email, they
could read everyone's. So no, you are not right.

~~~
ycmbntrthrwaway
I was not aware he gave up the cert in the end. Thought he just closed website
without disclosing TLS cert. Now it looks way worse than I imagined.

Anyway, I really hope that it leads to adoption of backward-compatible and
secure email protocols. Server encryption can't be trusted anymore anyway, we
need end-to-end encryption.

~~~
pvg
The business with the cert was just the final outcome. The initial mistake was
making and selling snake oil. It is possible for someone to innocently do
this, out of inexperience and ignorance.

Over time, though, it's become increasingly clear Ladar Levison is just a
snakeoil salesman who misled his users. He's never acknowledged he did
anything wrong. Don't fall for his posturing about 'Freedom'.

------
jimnotgym
Whatever did or didn't happen in the past, I for one am pleased to see another
organisation attempting to make email more secure. Especially when governments
have gone surveillance crazy. Goodluck Lavabit

------
MichaelGG
Last I looked, DIME was just org level trust. That is, your domain determines
what level of verification you get as far as knowing you have the right key
for the recipient.

So if you used, say Gmail and they did DIME, you'd still be trusting them
totally. Am I misunderstanding?

And still no admitting he was selling a fundamentally critically flawed
service in the first place. If that's not even being mentioned, it really
removes confidence from their new service.

As far as hardware HSM, that's cool. I very much enjoyed reading about how an
HSM, the Luna CA3, was cracked:

[http://www.cl.cam.ac.uk/~mkb23/research/Unwrapping-the-
Chrys...](http://www.cl.cam.ac.uk/~mkb23/research/Unwrapping-the-
Chrysalis.pdf)

~~~
geofft
Also, hardware HSM is vulnerable to the "SSL added and removed here! :-)"
attack, is it not?

"Dear Mr. Levison, remember that law about pen registers that you clearly
hadn't heard off last time around? Well, now that you understand them, please
install a pen register on the _other side_ of your fancy FIPS 140-2 hardware
security device, and have it send us everything in .pcap format. You don't
need to reconfigure your HSM for this, and in fact any attempt to do so is now
tampering with evidence in a federal investigation. Cheers, the FBI."

------
akerl_
Trustful seems like a strange way to refer to the insecure mode. It is indeed
full of trust, but not in the way a normal read would suggest: it requires
full trust in Lavabit's hosting provider and administrator.

If you're going to operate in "trustful" mode, lavabit isny offering any real
security wins over any other mail host.

~~~
ycmbntrthrwaway
> Former Lavabit users will be able to access their accounts in “Trustful”
> mode

Looks like Trustful mode is how the old lavabit operated.

> If you're going to operate in "trustful" mode, lavabit isny offering any
> real security wins over any other mail host.

This level of security apparently was enough to protect email contents against
FBI.

The reason this "insecure" mode is kept is to allow users to continue using
their old accounts and restore mailbox contents: [https://lavabit.com/have-
lavabit.html](https://lavabit.com/have-lavabit.html)

~~~
sleavey
Oh I didn't know that the contents of old accounts were now accessible again.
Was that not deleted by Lavabit when they got subpoenaed?

~~~
ycmbntrthrwaway
I think Ladar deleted TLS key, not the database.

Well, [https://lavabit.com/have-lavabit.html](https://lavabit.com/have-
lavabit.html) says: "With the help of these tutorials, you should be accessing
_your old Lavabit e-mail_ and sending new secure messages in just a few
minutes." Maybe e-mail here means account, not messages.

I have some free accounts to test, but looks like imap.lavabit.com and
smtp.lavabit.com don't have SMTP/IMAP/POP3 ports open.

Update:
[https://twitter.com/kingladar/status/822570163547541504](https://twitter.com/kingladar/status/822570163547541504)
Database is not deployed yet.

------
tptacek
_In August 2013, I was forced to make a difficult decision: violate the rights
of the American people and my global customers or shut down. I chose Freedom._

Shouldn't that "or" be an "and"?

~~~
chuckdries
what do you mean?

~~~
codazoda
My understanding is that he was legally forced to hand over the encryption key
and all the data. The FBI, then, could have read all messages that were
available on the server.

He shut down so that no additional mail could be sent and read.

It's unclear to me how much mail was kept on the server. Only unread mail?
Anything in your inbox? Everything?

~~~
caf
My understanding is that the key he was forced to hand over was the TLS key
that protected communications between clients and his server, and the stored
emails were encrypted with a key derived from the user's password.

So whether or not the FBI could read a particular stored message or not would
depend on whether they'd been able to obtain that user's password: they could
if the user had logged in after the FBI had the certificate, or if they'd
logged in using a non-PFS cipher suite at any time, or if their password was
vulnerable to cracking or determinable by the FBI in some other way.

------
kijin
What I want is an open-source proxy that I can install on localhost to provide
IMAP/SMTP access on the one side, and talk to the encrypted remote data store
on the other side.

All of the encrypted email services I've seen so far, including Protonmail and
now Lavabit v2, require using a special client (app or webmail) instead of
common email software. This fails the very first test that I apply when trying
to decide whether or not to use an online service: can I get all my data out
of it on short notice, in a standard format through an automated process?

For email, this means IMAP access so that I can use standard tools like
imapcopy to back up and migrate my mailbox. I don't care how secure your
product is if it leads to vendor lock-in. I want _both_ good encryption _and_
an exit strategy, and the latter is much more important because if you screw
up, I can always move to someone who does it better.

------
coretx
Sensible choices in a nutshell: If you live in a 5-eyes nation, don't use or
buy services hosted or operated from a 5 eyes nation. If you don't live in a 5
eyes nation, only use services hosted and operated from Iceland or
Switzerland.( Nation states are the #1 threat, and your own nation is always
the most dangerous one. )

~~~
JumpCrisscross
Schweiz is in the EU. We are subject to its data-retention laws. Consider
Norway.

~~~
reitanqild
_Schweiz is in the EU._

I don't think it is. See [https://europa.eu/european-union/about-
eu/countries_en](https://europa.eu/european-union/about-eu/countries_en)

------
mike-cardwell
So they're using a HSM to protect the SSL key this time. Makes me wonder how
many HSMs out there are already backdoored.

~~~
cuckcuckspruce
My mind tells me that it's not a large amount, but given that the USG has a
track record of intercepting routers in the mail and installing surveillance
software in them, my guts tell me to be very wary.

~~~
nikcub
The whole point of an HSM is that you can't physically tamper with it.

Vendors also provide ways to validate HSM's

[https://www.thales-esecurity.com/msrms/validate](https://www.thales-
esecurity.com/msrms/validate)

------
smoyer
How do we know who's controlling the Lavabit domain?

~~~
ycmbntrthrwaway
Check whois database.

Also Ladar Levison twitter:
[https://twitter.com/kingladar](https://twitter.com/kingladar)

If he lost control of his domain, he will tweet about it.

I guess your point is that he is using Let's Encrypt instead of CA that would
verify person or Lavabit LLC identity. In this case, it is not really an
issue. If you are not going to check the cert manually every day, pinned Let's
Encrypt cert is not way worse given that you have other means to verify
ownership.

------
macmac
Why would they ask for name, address etc?

~~~
quickben
This tells you all you need to know about the rebooted version.

~~~
macmac
Ok, I thought my question was perhaps too tinfoilhatty.

------
OJFord
Why does their server need your private key? (Except "paranoid" level - I'm
much more concerned about handing my private key over to them than anything to
with email, why's that paranoid?!)

Why can't they just receive, encrypt with my _public_ key, let my client
decrypt with private?

~~~
azag0
What would be the point of that? That portion of the traffic is already
encrypted if you do encrypted IMAP.

~~~
OJFord
What's the other portion of traffic that's encrypted if you give them your
private key?

Given a symmetric key, it can only be outgoing, but again - why would you do
that on the server?

------
advisedwang
The explain document doesn't describe how key distribution works. How do I get
a public key for somebody that I want to email, and how can I know that I am
getting the right key?

This is the hard part of an modern cryptosystem and the usual source of
weakness.

~~~
ycmbntrthrwaway
[https://darkmail.info/downloads/dark-internet-mail-
environme...](https://darkmail.info/downloads/dark-internet-mail-environment-
march-2015.pdf)

------
zymhan
Any reason I shouldn't sign up right now?

edit: Signed up. Half off for life is a sweet deal.

~~~
dandelion_lover
As written in another comment
([https://news.ycombinator.com/item?id=13447493](https://news.ycombinator.com/item?id=13447493)),
one has to give away too much personal information without clear reason.

I would suggest to use [https://posteo.de](https://posteo.de) instead. They
offer anonymous payment by post (I'm just a happy user).

~~~
hackuser
> I would suggest to use [https://posteo.de](https://posteo.de) instead. They
> offer anonymous payment by post (I'm just a happy user).

I glanced at it. It may offer anonymous signup but it uses standard mail
protocols. Almost every email Posteo processes for its users reveals their
identities.

------
daveheq
Naming it the "Dark Internet Mail Environment" is not going to get the average
person's sympathy or interest, and will be an easy target for politicians.

~~~
nathan_long
This.

Folks: encryption is not mainly for doing dark, bad things. It is normal and
reasonable to want to control who comes into your house, who reads your email,
and who can track your every move.

Stop naming your tools as if they were for bad guys.

Lavabit Guy, of all people, should realize that encryption isn't worth beans
to anyone if the rest of society thinks it's Bad and Should Be Punished.

So stop making it sound like that. That's Step 0.

------
betolink
I consider this article relevant to this discussion: "Hackers can't solve
surveillance" [http://www.dmytri.info/hackers-cant-solve-
surveillance/](http://www.dmytri.info/hackers-cant-solve-surveillance/)

------
chadcmulligan
If I was a government spook I'd set up an email service, then make a big show
of closing it down because the government. Then decide to make a big show of
'No, Security is paramount' and reopen my mail service.

Not saying this is what happened of course but without legislation all 'secure
servers' must be considered corrupted or corruptible. There isn't a technical
solution to trust.

..or even going into extreme tinfoil hat mode - how do we even know this is
the same person. Again no technical solution

Edit: why the down vote? - perhaps a counter argument would be better, I'd
like to be proved wrong.

~~~
superflyguy
"There isn't a technical solution to trust."

Well, there is but it's not email and it's not as convenient as end to end
encrypted messages. You just need to meet up once in a while -not a problem
for most communication-and exchange random data which you use either to
encrypt the whole message one time pad style, or piece by piece as passwords.
One pair of random data per contact. Lavabit or spookmail or whoever don't get
anything exciting to look at other than who is communicating.

~~~
chadcmulligan
but for a one time pad doesn't the trust happen by meeting the person? It's
good for person to person exchanges for people you know, but as you say not
for email.

------
Arallu
What's the difference between Standard and Premier?

~~~
ycmbntrthrwaway
Storage size. 5GB vs 20GB

------
grecy
> _Today is Inauguration Day in the United States, the day we enact one of our
> most sacred democratic traditions, the peaceful transition of power_

Sitting here in West Africa, watching the news, we didn't see much peace
during the rioting in the streets in (I assume) Washington

------
newsat13
There is no way I would trust lavabit again given it's past...

~~~
hackuser
Would you elaborate?

~~~
tomjen3
Can't talk about op, but I got bucked fucked when he shot down with no warning
because I had used a nerdshack email to register my primary domain and can't
move it do a different email or server.

I am in the process of signing up now, just to restore access and get the hell
away from that service. Email is insecure, we know that.

------
truebosko
Is this the right space to ask for opinions about Fastmail and its privacy? I
just switched on trial after being on Gmail. I'm happy but I switched
primarily to get part of my life away from Google.

------
DKnoll
I can finally get my old mail back. :)

~~~
tomjen3
I just want it so that I can move my domain, which was registered with a
nerdshack.com account.

------
satysin
No trial is a shame.

------
wjd2030
this smells funny.

------
tastythrowaway2
this vs protonmail.ch?

~~~
ardaozkal
I'm going with protonmail, personally.

~~~
thatlooper
Plus protonmail is free. I still want to see how it works out. But I really
don't have a lot of hope though.

------
MaymayMaster
>Lavabit believes in privacy and will always ensure your digital freedom.

>Asks for your credit card information on the same page.

Wew, at least let us use buttcoin, Levison.

~~~
danielhooper
This is being down voted but is an interesting point. Is a privacy service in
which public record is available for its purchases ever truly private? Maybe
its extremely difficult for others to see your communications, but if someone
(or some law-enforcement agency) knows you have paid for a private
communications service, does that make you a candidate for further
scrutinization? I think so.

~~~
EthanHeilman
Probably shouldn't pay in Bitcoin then.

