Lavabit, Snowden's Favorite Encrypted Email Service, Returns from the Dead

Working on even stronger tech to protect from snooping.

Scott Shackford | 1.24.2017 5:20 PM

(ReasonTV)

Email service provider Lavabit famously (in tech security circles anyway) shut its doors and turned itself off back in 2013. Its owner, Ladar Levison, explained that he was doing so to keep from having to comply with federal government orders to hand over the encryption key that would give the feds access to the contents of emails by domestic surveillance whistleblower Edward Snowden.

Now, as a new administration takes control of the White House, Levison and Lavabit are returning. Lavabit is relaunching its services, now that Levison has worked to make it even harder for the federal government to attempt to gain access to emails sent by its users. On his announcement, timed to launch with Donald Trump's inauguration, Levison explained that he had developed an end-to-end encryption system that would minimize the ability to for outsiders to access users info, once it's all fully implemented.

Kim Zetter over at The Intercept has more details directly from Lavabit:

With the new architecture, Lavabit will no longer be able to hand over its SSL key, because the key is now stored in a hardware security module — a tamper-resistant device that provides a secure enclave for storing keys and performing sensitive functions, like encryption and decryption. Lavabit generates a long passphrase blindly so the company doesn't know what it is; Lavabit then inserts the key into the device and destroys the passphrase.

"Once it's in there we cannot pull that SSL key back out," says Sean, a Lavabit developer who asked to be identified only by his first name. (Many of Lavabit's coders and engineers are volunteers who work for employers who might not like them helping build a system that thwarts government surveillance.)

If anyone does try to extract the key, it will trigger a mechanism that causes the key to self-destruct.

The hardware security module is a temporary solution, however, until end-to-end encryption is available, which will encrypt email on the user's device and make the SSL encryption less critical.

The site is for Lavabit is active, and for those who want to subscribe, the price currently ranges from $15 to $30 annually depending on storage limits. And they accept bitcoins!

Reason TV has previously interviewed Levison about the importance of encryption in protecting liberty and privacy (and warnings about those who simply use vague encryption and security claims for marketing purposes). Watch below:

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Trump Wants Keystone, Cops in Schools, the Pros and Cons of Punching Nazis: P.M. Links

Hide Comments (50)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

Password: pode$ta 7 years ago

OT: Don’t they psychologically screen Secret Service agents?
Someone must have been asleep at the polygraph.
1. kbolino 7 years ago
  
  Someone must have been asleep at the polygraph.
  That would be an interesting way to pass the test. Unless you had apnea.
2. ant1sthenes 7 years ago
  
  I don’t think the lady agents are being put in tanking roles anyway. Too small to absorb bullets reliably, not intimidating enough to draw aggro.
  1. Heroic Mulatto 7 years ago
    
    Yes, but someone smart goes after support first to eliminate the heals.
  2. Clich? Bandit 7 years ago
    
    So are you saying girls can only be kiting mages? I know a few leet trolls that would put that theory to the test. Plus if you think a Tauren Pally can’t stop bullets OR draw aggro yer doin’ it wrong!
    / nerd
    P.S. LEEERRRROOOOYYYYYY JEEENNNNNKINS
3. Scarecrow Repair & Chippering 7 years ago
  
  Ya know …. I would normally admire resistance like this; how would history have changed if more people had protested Hitler for instance? But these idiots are so blind that they cannot see Hillary as being worse in her own ways, and cannot see that Trump is no Hitler. I can only guess that they are so emotionally caught up in the Obama rainbow that they have to carry that over into Hillary, yet they know how thoroughly corrupt and dishonest she is, so their disgust for the other party can only be validated by thinking Trump is much worse, ie literally as bad as Hitler.
  1. DenverJ 7 years ago
    
    The left went completely batshit on Trump, saying outrageous things about him in order to keep him from winning.
    Now that the tactic has failed, however, they have painted themselves into a corner. If they hadn’t gone full Hitler on him, they could chill out and accept the results of the election, being the loyal opposition. They can’t very well just admit to being dishonest, hypocritical, and hysteric, though, so they have to keep acting like Trump really is Hitler.
Diane Reynolds (Paul.) 7 years ago

I may sign up for this service. I’m not sure about their hardware solution– but the idea that they’re creating a blind system is intriguing to me.
1. FreeToFear 7 years ago
  
  Been following this for awhile… glad it’s out. The instant key destruction is an interesting way to solve the server trust problem
  1. R C Dean 7 years ago
    
    I threw some bucks at a Kickstarter he had awhile back. Glad its finally getting to market.
Playa Manhattan. 7 years ago

The NSA made it extra special for users.
PapayaSF 7 years ago

OT and an old link, but: Leftist Jewish lesbian defends sharia law. It’s all in the interpretation of sharia, you see.
1. Scarecrow Repair & Chippering 7 years ago
  
  I read he first couple of paragraphs, stopped when she said Trump doesn’t understand Sharia law, then tried to distinguish between personal Sharia and law Sharia. I guess she doesn’t either.
  1. Diane Reynolds (Paul.) 7 years ago
    
    Yeah, heard something similar on NPR today. Sharia law is an individual dude like crossing the waters or climbing mountains of conflict.
    Far out. *fingersnap applause*
    I suppose that may be true. I can think of some seriously devout scholars of the religion who say otherwise.
Ken Shultz 7 years ago

They say it’s better to go with one of the services based in Switzerland–because the Swiss, apparently, don’t respond to American subpoenas.
1. DenverJ 7 years ago
  
  Also, thru have a better font. So, basically, with a Swiss server, you’re getting narrow i’s.
  1. Scarecrow Repair & Chippering 7 years ago
    
    +1 pixel
  2. Ted S. 7 years ago
    
    They don’t use the ?, so they have a worse font.
2. loveconstitution1789 7 years ago
  
  The Swiss banks already caved.
  Swiss reveal American accounts
kbolino 7 years ago

I wonder, has there been any movement on browser-based crypto? I would think such a development would be necessary for Lavabit to offer true “end-to-end” encryption.
1. kbolino 7 years ago
  
  Clarification: by “browser-based crypto” I mean the ability for web applications to perform cryptographic operations interactively, not just the browser implementing crypto at the connection layer.
  1. Ken Shultz 7 years ago
    
    If I understand, you’re saying you want something better than Tor?
    1. kbolino 7 years ago
      
      Tor is more about providing anonymity, not confidentiality per se.
2. FreeToFear 7 years ago
  
  It would be if they were making webmail clients… I don’t think they’re trying that yet; rather staying focused on native clients. That said, theres no reason you couldn’t implement the algo’s in javascript, but you’d have to trust the download sources implicitly. I could see doing it as a browser extension but a true “paranoid mode” web client would be next to impossible – you have to be able to trust that the app being put together from various sources on your machine hasn’t been tampered with
  1. kbolino 7 years ago
    
    you have to be able to trust that the app being put together from various sources on your machine hasn’t been tampered with
    True, but true of native clients as well. Trust, but verify.
    1. FreeToFear 7 years ago
      
      native clients can be built from source, for the truly paranoid – using a browser makes the verify all but impossible
  2. Diane Reynolds (Paul.) 7 years ago
    
    The key is what happens at the edges. Encryption in general is pretty good. That’s why the state doesn’t like it.
    That’s why it’s rare that anyone cracks the encryption– it’s all about what happens at the endpoints. Is it vulnerable to MITM attacks and what not, compromised clients etc.
    1. FreeToFear 7 years ago
      
      right – and the nature of javascript and HTML1 creates additional endpoints – all of which you have to know are populated with good actors, lest somebody take over the service returning your encryption code and have it replace AES with PEGASUS or something
3. ????? ???? 7 years ago
  
  If you are asking what I think you are asking, yes
AlmightyJB 7 years ago

Nice
straffinrun 7 years ago

If anyone does try to extract the key, it will trigger a mechanism that causes the key to self-destruct.
And spill vinegar on your papyrus.
DenverJ 7 years ago

You know else returned from the dead?
1. jesse.in.mb 7 years ago
  
  Alvaro Garza Jr?
  1. DenverJ 7 years ago
    
    Heart warming story, but the correct answer is “zombie Hitler”.
2. Rich 7 years ago
  
  Bob Weir?
3. Ted S. 7 years ago
  
  John Huston fans?
Derpetologist 7 years ago

file under: my body, my choice..other bodies also my choice
Nigeria: Muslims use babies in jihad suicide bombings
Female suicide bombers in Nigeria are now carrying babies to avoid detection in their attacks, authorities warn.

An attack in the town of Madagali on 13 January saw two women detonate their devices, killing themselves, two babies, and four others.
1. DenverJ 7 years ago
  
  Yes, but Islam is totally not a death cult.
2. Rich 7 years ago
  
  Do the male baby martyrs get to enjoy, you know, …?
  Seriously, 8-(
Derpetologist 7 years ago

file under: fish sticks
WUSTL offering ‘Politics of Kanye West: Black Genius’ course
The course on the outspoken musician will be taught by Dr. Jeffrey McCune, an Associate Professor who teaches both Women, Gender, and Sexuality Studies and African and African American Studies.
How shocking.
1. DenverJ 7 years ago
  
  He sure looks like he knows it’s all a scam. Also, looks like the black guy from “Scrubs”.
Derpetologist 7 years ago

file under: what’s the matter wtih Kansas?
Flyers have appeared at the University of Kansas calling “Make America Great Again” and “anarcho-capitalist” examples of coded neo-nazi language and urging students to remove materials posted by “hate groups.”
In addition to keeping an eye out for coded language, the flyer says students should also “protest those who are at risk” of being recruited by hate groups, specifying that “opponents of safe-spaces, inclusivity, social justice, intersectional activism, and multiculturalism” are all considered to be “at risk” because they oppose “liberation and equality.”
“i got it! We’ll call our enemies Nazis! nobody’s ever done that before!”
1. straffinrun 7 years ago
  
  So they are going to “protest” people likely to join? Yeah, that’s a great plan.
2. Ted S. 7 years ago
  
  “anarcho-capitalist” is actually fascist?
  And the lefty “anarchist” protesters are anarcho-socialists? That’s an oxymoron.
3. ant1sthenes 7 years ago
  
  So, if the posters stay up, does it mean people aren’t paying attention to them?
Derpetologist 7 years ago

file under: hell, it’s about time.
Dutch Prime Minister Tells Immigrants To Integrate Or Leave
Rutte wrote: “I have that feeling, too. Behave normally or go away. Leave, you don’t have to be here. People who don’t want to adapt, who attack gay people, who shout at women in short skirts or call ordinary Dutch people racist.”
1. PapayaSF 7 years ago
  
  Will Trump have the same guts…?
  1. ant1sthenes 7 years ago
    
    Trump doesn’t calculus, so…
2. Rich 7 years ago
  
  How about shunning those who do not integrate?
3. ant1sthenes 7 years ago
  
  You know, in more ancient cultures, there are laws of hospitality, and they certain protect guests, including foreigners, from abuse, but they also deal rather harshly with guests who abuse the hospitality of their hosts. Balance.
Derpetologist 7 years ago

SPLC blames Google for racist massacre
1. Christophe 7 years ago
  
  Almost every racist used Google at least once.
  But every racist uses oxygen nearly constantly.
  We need to have our priorities in order.
2. ????? ???? 7 years ago
  
  Roof’s radicalization began, as he later wrote in an online manifesto, when he typed the words “black on White crime” into Google and found what he described as “pages upon pages of these brutal black on White murders.”
  Everyone knows everything written in “manifestos” is true.

Please log in to post comments

Lavabit, Snowden's Favorite Encrypted Email Service, Returns from the Dead

Working on even stronger tech to protect from snooping.

Latest

Brickbat: Stop the Music

Congress Yet Again Abuses 'Emergency Spending' for Non-Emergency Purposes

Colorado Bans HOAs From Banning Home Businesses

FCC Set To Reinstate Net Neutrality Rules That Seem More Unnecessary Than Ever

She Only Served 10 Months Behind Bars. Florida Still Slapped Her With A $127,000 Bill.

Recommended

Login Form