Lavabit, the secure email service which shut down after pressure from the US government to access customer emails, is back up for a brief window during which users can change passwords and recover lost data. Company founder Ladar Levison posted a brief message claiming that first a 72-hour period starting from 7.00 PM US Central …
He has given the old key to Комитет Государственной Безопасности under "all your lusers belong to us" dragnet total surveilance order as they were not happy with accessing specific lusers via subpoena and wanted all of them. He gave it in 5 point font in print and is under contempt of court procedings for not giving an electronic copy. This part is now public knowledge (though he is probably under secret contempt of court procedings too on making it public knowledge).
The assumption should be that his "new" key is under similar orders, this time successful so that Комитет Государственной Безопасности can collect all the user info at dragnet level.
I believe this is a trap
If the data is still around, then I'm sure the NSA have dissected it already, with, or without Levison's permission and whether he admits it or not.
I'm also confident that the whole scenario of giving a few days to get access to the data is purely a trap, to trap those whom the NSA have identified as interesting targets from analysing the data, They will be monitoring the server logs to track the connection IP's of those silly enough to fall for it. They'll also be running extra tor exit nodes.
I think probably, the world believed that Levison had deleted EVERYTHING at the moment he dissolved the company (including backups) and securely wiped the blank space afterwards. If indeed he didn't, then he's gone down in my opinion, for not doing so. However, he might have done that and this is all bluffing by the NSA to get users to connect one last time!
If I believed the "interesting targets" were real criminals, I might be pleased, but the trouble is, they seem to be more interested in political rivals, unfriendly governments, whistle blowers & corporate espionage!
Re: totally unrelated news
"Japan Airlines is ordering 31 Airbus A350 planes worth a total of some $9.5 billion, the airline said Monday 7th October 2013..."
This time you can bet that none of these contractual discussions went via NSA_BULLRUN approved media!, unlike for the previous few rounds...?
"...Boeing has for decades seen off attempts by the European company to secure an order with JAL. The American firm has benefited from links with its own Japanese parts suppliers and deep political ties between Tokyo and Washington to maintain a share of the national market above 80 percent."
Re: I believe this is a trap
Where's Admiral Ackbar when you need him?
They *already* have the encrypted data because they tap the backbone into Lavabit and specifically record encrypted data for later decryption.
They obtained the SSL key simply by scanning that 4 point text, it may be unreadable to people, it is not unreadable to a 1200dpi desktop OCR scanner costing $50.
Hence that key went into Bullrun and your emails are already compromised, they are already in the database and already being viewed.
What Lavabit founder did was only prevented the NSA/CIA/MI5 convincingly faking email evidence. Even without the box on the network, they still intercepted it and can still decrypt it, including all the historic emails. (Remember they *retain* encrypted traffic specifically so they can decrypt it later when they get the key, they got that key).
Treat your data as lost, (but don't give up on freedom just yet).
Re: I believe this is a trap
"I think probably, the world believed that Levison had deleted EVERYTHING at the moment he dissolved the company (including backups) and securely wiped the blank space afterwards."
If he had, he'd have been arrested, charged and convicted with willful destruction of evidence, obstruction of justice and contempt of court.
So, your opinion of him is contingent upon him enduring life in prison without possibility of parole and bankruptcy for him and his family?
How do we know the message genuinely is from Levison?
Re: Paranoid? Moi?
Because it was sent from his email account. Oh, wait...
The avatar says it all
WARNING for Former LavaBit Users. A few press releases have been made about Lavabit coming on for a few days to allow users to download their data. DO NOT USE THE TOOL PROVIDED. IT IS A FED TRAP as if that was not obvious enough.
*there is no KDF or hashing, meaning passwords and usernames being sent as plaintext
*SSL Certificate is wrong.
*NO PFS support
*Lavabit is already compromised by National security letters and probably has no choice in this.
If you enter your information at the "Recovery" page, your data WILL be accessed by feds.
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Trousers down for six of the best affordable Androids
- Chromecast video on UK, Euro TVs hertz so badly it makes us judder – but Google 'won't fix'