Back in 2013, when Edward Snowden blew the whistle on the US government’s mass surveillance programs, it was discovered that his preferred email provider was the encrypted service called Lavabit. As the government then tried to get its hands on the former NSA contractor, the federal authorities demanded Lavabit turn over its SSL encryption key. Instead, founder Ladar Levison shut the entire service down, as cooperating meant giving the government access to the private data of all of its 410,000 users.
But now Lavabit has announced its return, along with new security features and way to ensure their SSL key can never be recovered, even by the company itself. Among the upgrades are the use of the DIME (Dark Internet Mail Environment) standard to hide email metadata, which also keeps the sender’s and recipient’s ISPs from knowing who received or sent the message, respectively.
Speaking to The Intercept, Lavabit explained that the SSL key is now stored in a tamper-proof device locked with a long passphrase that was set blindly, meaning any attempt to retrieve the key will cause it to self-destruct.
Also new for the service is a choice of three settings for users: Trustful, Cautious, and Paranoid. Trustful is the least secure, and simply encrypts users’ emails on Lavabit’s server. Cautious, on the other hand, offers end-to-end encryption, and requires users to install client software in order to create an encryption key. Lastly is Paranoid, which stores users’ keys on their device rather than the server, making it the only copy, and must be manually transferred if they change devices.
As of now only previous Lavabit users can reclaim their accounts, but the company says it will soon begin accepting new users. Those interested can sign-up on the website early and score half off on subscription pricing, making a 5GB account just $15 per year, and a 20GB account $30 per year.
SOURCE The Intercept