reply
Maybe I'm misunderstanding something, but I don't understand how anyone could trust Lavabit to either stick around or actually be private and/or secure.
They could also setup a P2P delivery & backup system so that it's not guaranteed they have the data. If all the data is encrypted, it's not really an issue to distribute everything (but then again we'd be talking AES512 or better for something crazy like that).
"We can't implement "AES 512 key size" because AES is defined for key sizes k∈{128,192,256} bits only; much like we can't make a bicycle with 3 wheels."
[0] http://crypto.stackexchange.com/questions/20253/why-we-cant-...
They could encrypt with two(or more) 256bits keys, but I think just 256bits key is enough for at least next 5years.
Also, if you have a way to break AES512 I know some people who'd pay a killing to get that information. No litterally there's people who'd kill for that.
>How can I trust you?
>You can't. Cock.li doesn't parse your E-mail to provide you with targeted ads, nor do I read E-mail contents unless it's for a legal court order. However, it is 100% possible for me to read E-mail, and IMAP/SMTP doesn't provide user-side/client-side encryption, so you're just going to have to take my word for it. Any encryption implementation would still technically allow me to read E-mail, too. This was true for Lavabit as well -- while your E-mail was stored encrypted (only if you were a paid member, which most people forget), E-mail could still technically be intercepted while being received / sent (SMTP), or while being read by your mail client (IMAP). For privacy, I would recommend encrypting your E-mails using PGP using a mail client add-on like Enigmail.
This was originally followed by a quote from /g/, which has been redacted for obvious reasons (if you want it, you know where to find it), save this line:
>Now that I think about it, administering a mail host is exactly like being a nurse, only people die slightly less often.
OTOH, the guy does genuinely go to great lengths to protect the security of his site (and of the mail of his users), and seems to know what he's doing. So I'm not to down on him for the unprofessionalism.
It's not a sustainable atmosphere to maintain
reply