Encrypted webmail service Lavabit relaunched

HITBSecConf2019 - The 10the annual HITB Security Conference in The Netherlands - Trainings, Conference track and Haxpo exhibition. Register now.

Lavabit, the secure encrypted webmail service used by Edward Snowden, is back online.

Lavabit relaunched

Lavabit founder and operator Ladar Levison shut it down in 2013 when the US government demanded he hand over the service’s SSL encryption key. The key would have allowed them to decrypt and read all emails sent and received by all of Lavabit’s 400,000+ users.

Levison opted for shutting down the service and chose to fight the US government in court.

More than three years later, Lavabit rides again – Levison relaunched the service to coincide with Donald Trump’s presidential inauguration, and has made it so that he could never again be asked or forced to provide a backdoor into it.

“Today, we start a new freedom journey and inaugurate the next-generation of email privacy and security. In 2014, with Kickstarter funding, I started the development of the Dark Internet Mail Environment (DIME), a revolutionary end-to-end encrypted global standard and Magma, its associated DIME capable free and open source mail server. Today, I am proud to announce that we are releasing DIME and Magma to the world,” he announced.

“DIME provides multiple modes of security (Trustful, Cautious, & Paranoid) and is radically different from any other encrypted platform, solving security problems others neglect. DIME is the only automated, federated, encryption standard designed to work with different service providers while minimizing the leakage of metadata without a centralized authority. DIME is end-to-end secure, yet flexible enough to allow users to continue using their email without a Ph.D. in cryptology.”

In the Trustful mode, Lavabit’s server is trusted by the user, and handles all privacy issues. In the Cautious mode, the server is used only to store and synchronize encrypted data. In the Paranoid mode, the server doesn’t have access to the user’s private keys.

“We suggest anyone not comfortable with trusting the provider to utilize the Cautious or Paranoid modes,” Levison notes. As can be expected, ease of use decreased with the increase in security.

For the moment, only past Lavabit users are called in to login, and to migrate their credentials to the DIME standard and begin operating in Trustful mode. New users can buy a subscription that will be valid as soon as the service is finally and entirely set up.

According to The Intercept, Snowden intends to reactivate his Lavabit account as a show of support, but pointed out that he can’t speak for the security of the service before it’s available.

Lavabit has provided links to free and open source versions of DIME and Magma and invited the public to get involved in improving and testing it.