back to article Snowden-inspired crypto-email service Lavaboom launches

Lavaboom, a German-based and supposedly NSA-proof email service, will go into private beta this week. Its mission is to spread the Edward Snowden gospel by making encrypted email accessible to all. Although it has been referred to in various parts of the interwebs as an heir to Lavabit, the now-defunct encrypted email service …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

It may be NSA or GCHQ proof (good luck with that), but is it proof against a German court order issued on behalf of any of the German 3-letter security agencies? Fortunately there's little chance of a German government violating citizens' rights in this way (whoops, there goes Godwin's Law).

9
1
Bronze badge
Pint

There might be some court order in specific cases, but there will probably not be a general order, to make all conversations available to a three letter agency, issued by a secret court, together with a muzzle for the site owner.

That said, NSA and GCHQ will most likely do everything they can do to get their hands on that site. Honey and bears...

Beer - for good intentions.

11
0
Silver badge

Curious - I wonder how they handle the keys? If it all happens client-side (either installed application or JS) and the keys are never on their server...they're kind S.O.L. Just like if Google got a subpoena for my emails. Some are in the clear, others are GPG'd so all you get is some metadata (which could be a problem in and of itself, but the message is secured).

Upshot - if Lavaboom does not have my keys as they reside with me (outside of Germany), am I not safe? OK; Iguess I can never visit Germany with those keys.

2
0
Anonymous Coward

Upfront announcement of an intention to break the law?

It may be NSA or GCHQ proof (good luck with that), but is it proof against a German court order issued on behalf of any of the German 3-letter security agencies?

Actually, it isn't. I quote from their FAQ:

If we should become scrutinized by law enforcement we rely on a severe public outcry

Let me translate that: YOU will have to do the work, and it will be too late by that time anyway. They have nothing in place to deal with the law other than an (IMHO brutally naïve) idea that a public outcry would stop acquisition. I have a neat question for them: what if this court order demands access on the basis of a drugs ring investigation? Because that's the kind of audience you will attract if you run an outfit that announces upfront it's happy to break the law (see rest of the FAQ segment).

German law is a LOT better than US law insofar that it has at least some control and due diligence in place, but let's not forget that this is a country that allows evidence in court that is obtained through illegal means (as demonstrated by their handling of stolen Swiss bank data) - and it's still EU law, which means there are anti-terror backdoors present.

Let's have a closer look at some other statements:

"We do not know the exact locations of our servers. They are located in separate locations around Germany and we are aware of the general area. As such we do not have physical access to our servers.

Ah, so they have no way of protecting the servers, nor will they find out if they are physically compromised. Duh. Well done.

If we should become scrutinized by law enforcement we rely on a severe public outcry, since we are under jurisdiction of the German law and the best privacy laws in the world.

If we should ever be forced by the BSI or the BND to give up all our data, rest assured that we do have something in place that will destroy our hard disks in a matter of minutes and turn them into little more than coasters."

Two problems:

- a severe outcry will only ever take place AFTER the event, in which case it's too late.

- this is an announcement of an intention to defy any court order. Well, Lavabit got into hot water here, and they played it in a way that had a plausible alternative explanation (making prosecution unsafe). These guys have just announced, upfront, that they have an intention to break the law if served with a warrant so I don't fancy their chances in court..

Bonus question: if they have no physical access to the servers, how are they going to trigger this toaster event? Oh, it's just a wipe then? I suspect what they really mean to say is that they use a crypto file system and nuke the key. Which isn't the same as rendering the disks useless, only inaccessible - which could be possibly undone.

I give this half a year, tops. Interesting tech, but in its current form I don't see this as a sustainable business.

8
5

Thanks for the beer

Bill from Lavaboom here. We do have something in place as a last resort if the NSA ever did get access or we were legally obliged into something we don't think users would appreciate.

10
1

Bill from Lavaboom here

Hey Chris, that's an interesting point. Although German privacy laws are very strict, they are also very clear cut, which makes them some of the best in the world. We also think there would be a public outcry if we were forced to close our make weaker the systems we put in place to protect our users. Especially after our Chancellor has been cracking down on US intervention in Germany.

We also have an excellent failsafe.

If you have any other questions or suggestions please hit me up anytime on Twitter at @lavaboomhq

7
1
Silver badge
Facepalm

Re: BillFranklin Re: Bill from Lavaboom here

".....Especially after our Chancellor has been cracking down on US intervention in Germany....." Yeah, that would be the Stasi-approved Angela Merkel, who served as spokesperson in the Communist East German government before the Stasi were dissolved in October 1990. I'm sure she knows plenty about surveilling the population at large, going right back to her days as Secretary for Agitation and Propaganda on the board of the Free German Youth (Merkel is on record as trying to hide that bit of her past, having insisted she was the much less-offensive Secretary for Culture!). Oops, was that the sound of a few bubbles popping?

Angela Merkel is a career politician, she will say what she needs to get votes. Blindly relying on her 'morals' as protection against the BND, let alone the NSA, is charmingly naive.

5
4
Silver badge

I'm less concerned by lawful access, based on a court order from any competent government, than unwarranted hoovering of all data "just in case".

6
0

"Upshot - if Lavaboom does not have my keys as they reside with me (outside of Germany), am I not safe? "

Nope, you have the Hushmail problem - they can (and were) forced to deliver malicious code when certain people logged in that saved plain text versions.

1
0
Silver badge

Re: Bill from Lavaboom here

Bill, all the best with your new enterprise. The 6.6 Billion non-Americans are sure to embrace it.

The world needs secure communications and I shudder to think of the consequences without them.

5
2
Pint

Re: Bill from Lavaboom here

Hey Bill .

Many folks will make the jump. I for one subscribed. The world is more than ready for a service out of the US territory . Ill be waiting the other side of Easter . Many folks like I am are ready to pay for a good service. Congratulations and best of luck.

Ric

2
0
Anonymous Coward

Re: Thanks for the beer

> We do have something in place as a last resort if the NSA ever did get access or we were legally obliged into something we don't think users would appreciate.

> We also have an excellent failsafe

Hi Bill,

Can you elaborate on those two comments?

0
0
Silver badge

Re: Thanks for the beer

> Hi Bill,

> Can you elaborate on those two comments?

It almost certainly is some kind of self-destruct. Probably semtex under the servers with remote activation.

1
0
Anonymous Coward

I'm less concerned by lawful access, based on a court order from any competent government, than unwarranted hoovering of all data "just in case".

The problem is that the due process that demands a court order can be bypassed by anti-terror legislation - it's a component of EU law. This means that there are fewer barriers to abuse of such rather serious powers, which in turn suggests that there may already be mass surveillance in place - legally.

By way of public example, practically ALL airport WiFi networks are routinely sniffed for adverse information, yet you never see that mentioned in T&Cs or other information. What makes that legal?

0
0
Anonymous Coward

Re: Thanks for the beer

It almost certainly is some kind of self-destruct. Probably semtex under the servers with remote activation.

Unfortunately not. You missed the discrepancy between the statement "we don't know where our servers are" and "we will render our hard disks useless".

Those statements are actually mutually exclusive...

0
0
Silver badge

Re: Thanks for the beer

> Unfortunately not. You missed the discrepancy between the statement "we don't know where our servers are" and "we will render our hard disks useless".

That would be the joke sailing over your head. Didn't think I needed the icon.

Any road up, just because Lavaboom don't know where the servers are doesn't mean that nobody knows where the servers are. Clearly, someone must know where they are, else who built and installed them?

They are clearly setting up a plausible deniabilty scenario. Sticking a few sticks of semtex under the machines could have been a build option.

2
0
Anonymous Coward

Re: Upfront announcement of an intention to break the law?

well spotted. I was suspect of the " rest assured that we do have something in place that will destroy our hard disks in a matter of minutes and turn them into little more than coasters." line too, because what definite way is there of destroying hard disks in a few minutes? Other than a bomb of course, that would probably cause more problems with the authorities...

2
0
Silver badge
Flame

Re: Upfront announcement of an intention to break the law?

...what definite way is there of destroying hard disks in a few minutes? Other than a bomb of course...

Oh, I can think of at least one - remote activated thermite. Fiery mayhem simultaneously melting and demagnetising the platters inside, nothing but a bit of smoke outside (given a suitably ceramic-y enclosure) - much neater than a bomb.

3
0
Anonymous Coward

Re: Thanks for the beer

Bill from Lavaboom here. We do have something in place as a last resort if the NSA ever did get access or we were legally obliged into something we don't think users would appreciate.

.. which means you're announcing upfront that you have no intention of complying with a demand which would be legal under German law - translated: you plan contempt of court and announce that upfront. Didn't work out so well for the last one to try that one..

It's interesting to see just how many are prepared to build on quicksand. Weird.

1
0
FAIL

Their web page is already snooping...

I wish companies and the public would wake up to the overuse of google-analytics. This is a worldwide *web* of internet usage which is all centralised at google. I dont understand how a so called privacy respecting website can have so much intrusive shit buried inside its front page.

Your emails might be stored encrypted, but I suspect that given the connectivity of the "social media" cookies etc that if you are not careful you can already be sniffed as signing up to this page if you do it while logged into facebook et al.

If you are signing up to this service, do it from a clean private browser session and make sure to look at the "privacy settings" tab before entering anything into any boxes. I noted with dissapointment that their "privacy" settings default to "No Privacy"

13
0
Silver badge

Re: Their web page is already snooping...

And it also runs JS from Amazon AWS. Surely they aren't storing real data on Amazon S3 or are they just keeping a bit of JS there?

3
0
ql
Bronze badge

Re: Their web page is already snooping...

/etc/hosts

## control analytics

0.0.0.0 www.google-analytics.com ssl.google-analytics.com ad.doubleclick.net plusone.google.com

etc

Not perfect, but one in the eye, at least and an indication that the fight is on, and it's a fight we must maintain in our own small ways, or we'll regret it, personally and collectively.

17
0
Anonymous Coward

Re: Their web page is already snooping...

Have a more complete version of that

http://pgl.yoyo.org/adservers/

3
0

Re: Their web page is already snooping...

The easy way:

http://www.abelhadigital.com/hostsman

been using it for years, and Noscript is now the only reason I stick with Firefox.

1
0

Re: Their web page is already snooping...

This is a really important point you're raising, we'll be meeting as a team today to discuss removing all third parties more immediately than we first intended. We hope to be totally independent before public beta. - Bill from Lavaboom

12
1
Anonymous Coward

Re: Their web page is already snooping...

wish companies and the public would wake up to the overuse of google-analytics.

In intelligence, there are a number of data types. One of them is called "atmospherics", and refers to the background chatter of an environment, like Twitter trends, and is used to put data into context.

Google does another thing on the Internet which provides it with atmospherics, namely Google fonts. It's not an exact value because browser caching distorts the picture, but that's exactly why it's called atmospherics (and caching is not too hard to defeat - change a few values and a new copy needs loading).

I challenge you to find a SINGLE Wordpress template that doesn't have Google fonts embedded - they are really everywhere. And while you focus on analytics, they happily go on collecting data..

4
0
Thumb Up

Re: Their web page is already snooping...

Good to hear that Bill. I think the customers who are willing to consider using a service like this (like me) will share these concerns. I have also emailed you (or 'Felix') directly earlier today.

2
0

Re: Their web page is already snooping...

Check out the Ghostery plugin for most browsers. It filters a lot of s**t out and tells you in an un-intrusive way what it filtered, so that you can allow exceptions if you ever have to.

2
0
Silver badge

Re: Their web page is already snooping...

So, all you need to do is run a less-than-truthful™ DNS server, which tells spare ribs about Google Analytics (and others who want to track your movements) and various advertisement servers. Certainly makes El Reg bearable.

0
0

Re: Their web page is already snooping...

Another way: Ghostery.

Edit: I see it's already been mentioned, but here's a handy link.

0
0
Anonymous Coward

Re: Their web page is already snooping...

So all the NSA need to do is issue -Amazon- a court order, requiring them to serve a modified JS to anyone with a lavaboom referer? Ohhhh, that's SUCH a secure site...

2
0
Silver badge
FAIL

Why I'd never use this...

First; the intended principles on privacy and such don't really matter at all; its the reaction which follows when those principles are being put to the test (think requests from the government and other agencies), that's what matters. Unfortunately it's something a lot of companies fail horribly at.

But there are also some other issues.. First of all they're hosting with Amazon's AWS. And what does Amazon tell us about the data on their systems? From the AWS customer agreement (3.2):

"We will not move Your Content from your selected AWS regions without notifying you, unless required to comply with the law or requests of governmental entities. You consent to our collection, use and disclosure of information associated with the Service Offerings in accordance with our Privacy Policy, and to the processing of Your Content in, and the transfer of Your Content into, the AWS regions you select."

Amazon has centres in multiple regions; but what's legal in one part of the world can be illegal in another. Do I see a major loophole here? Guess I do.

So what does Lavaboom themselves tell us about this? Well, unfortunately not that much. I see a lot of "privacy, security, blah, blah, blah" but no where on that site do I see any disclaimers which tell me exactly what they're going to do with my data. What I mean with that?

They'd like you to subscribe to something. So what are they going to do with the name/e-mail combination? Where are their commitments that this (small, sure) bit of information stays private and won't be sold to 3rd parties for commercial purposes (to fund their project for example)?

Most companies, even Google which I don't trust at all, have clear written out policies which can tell me exactly what their stance on my data is and how they're going to treat it. And this firm, which preaches security, has nothing of the sort?

Needless to say; that doesn't make me feel secure at all. On the contrary; missing out on information like that makes me convinced to be dealing with a poor attempt at marketing. They claim privacy but fail horribly at something just as important: transparency.

Fail...

11
2
Gold badge

Re: Why I'd never use this...

You're one of the few people who actually looked at the legal context. I'm not surprised by the omission, though, most technical people tend to focus on technical problems and privacy is actually not a technical problem at all, that's just tweaking in the margin of the current global problem (the NSA is but one of the issues, and is actually distracting from the bigger context).

I'm happy they have put some good thinking into the tech aspect, because that widens the choices you have for SECURITY. But security is not the problem: broken law enforcement is.

In this context it's much better to have data under German law than under US law - if it wasn't for the fact that it isn't, as far as I can see. Even if Amazon stores in in a EU location, as it's a US company it can be compelled to supply that data, irrespective of that causing them to break the law in the nation the data is hosted (hence the copious disclaimers for their service in that respect). As I have mentioned before, from a perspective of wanting to protect personal data it's a really bad idea to touch any outfit with a US HQ as they are legally compromised.

So, good marks for coming up with more tech approaches to security, but more work to do on the business framework until this is viable. IMHO, of course.

6
0

Re: Why I'd never use this...

Hey thanks so much for sharing your thoughts. Bill from Lavaboom here.

I totally agree with what you wrote, that's why we don't host with AWS. We're so sorry our privacy disclaimers do exist but they're in German. We're working hard to get them translated asap. In the meantime you can find them here: http://www.lavaboom.com/contact.html

Some more detailed info: http://www.lavaboom.com/nerd-info

If you have any other questions please hit us up anytime through Lavaboom.com or on Twitter at @lavaboomhq

-Bill

2
0
Anonymous Coward

Re: Why I'd never use this...

I just want to understand here. If only you the user holds the encryption key then it doesn't matter so much where the data is stored? Isnt this the whole point of their service? Even they cant access the data so court orders and AWS doesn't matter?

0
0
Silver badge

Re: Why I'd never use this...

Point is that if ANY part of the system can be arm-twisted by the US, they can perform MITM attacks to obtain your private key. This combined with hoovering the raw encrypted data would allow them to decrypt your emails. And since they can squelch, there's no way for you to know they've done it.

0
0
Silver badge

Re: Why I'd never use this...

Re: the privacy statement - I followed Bill's link and then used Google Translate (yes, I know ...) The result is:

Your personal Disclaimer:

Disclaimer (Disclaimer)

Liability for content

As a service provider we are responsible according to § 7 ​​paragraph 1 of TMG for own contents on these pages under the general laws. According to § § 8 to 10 TMG we are not obliged as a service provider to monitor transmitted or stored foreign information or to investigate circumstances that indicate illegal activity. Obligations to remove or block the use of information under the general laws remain unaffected . However , a relevant liability is only possible from the date of knowledge of a specific infringement . Upon notification of such violations, we will remove the content immediately.

Liability for links

Our site contains links to external websites over which we have no control. Therefore we can not accept any responsibility for their content. The respective provider or operator of the pages is always responsible for the contents of any Linked Site. The linked sites were checked at the time of linking for possible violations of law. Illegal contents were at the time of linking. A permanent control of the linked pages is unreasonable without concrete evidence of a violation . Upon notification of violations, we will remove such links immediately.

copyright

The contents and works on these pages created by the site operator are subject to German copyright law. Duplication, processing , distribution and any kind of exploitation outside the limits of copyright require the written consent of its respective author or creator. Downloads and copies of these pages are only permitted for private, non -commercial use. As far as the content is not created by the website operator, the copyrights of third parties. Any duplication or marked as such. If you still be aware of copyright infringement , we ask for a hint . Upon notification of violations, we will remove such content immediately.

Source : Disclaimer from eRecht24 , the portal to the Internet right lawyer Sören Siebert

Of course, my German isn't good enough to guarantee that this is totally accurate.

0
0
Silver badge

@BillFranklin

First off; kudo's for responding. I may be critical but responding and taking it seriously deserves some respect.

Yeah, after looking deeper into the webpage (to try and prove you wrong; I stand corrected) you don't host with Amazon but use one of their addresses to grab a CSS stylesheet as well as run javascript code from it (referring to https://s3-eu-west-1.amazonaws.com/assets.cookieconsent.silktide.com/current/plugin.min.js). I already noticed above that you recognized the issue here and are going to address it, but I figured I might as well mention what triggered NoScript at my end.

The dependence on third parties (like the javascript file above, but also your cookie control from Silktide) is indeed impacting privacy. People don't only contact your site but others as well, with all the flags needed to track their request right back at your place. I'm curious how deep you guys will be going to fix that (as you mentioned earlier).

Thanks for the links.

2
0

BND is as close to NSA as GCHQ is...

"Lavaboom was founded by Felix Müller-Irion in Germany, so presumably it stands a reasonably good chance of staying as NSA proof as possible."

Germany's spy body BND has excellent links with the Americans and British. As you would expect given the number of American and British troops in Germany, and the history of the cold war, when of course the partition between east and west was the front line. Rumour has it they are particularly good at tapping fibre-optic lines.

If you want to be proof against the NSA, set up in China. Of course you will then have the Chinese authorities to deal with, so it's not like you will be better off...

1
1
Anonymous Coward

You lost me at

Boom

1
0
Silver badge

Re: You lost me at

> Boom

That would be the backup plan. :D

2
0
Anonymous Coward

https

Interesting that their sign up page is not secure.

2
0
Anonymous Coward

"I wish companies and the public would wake up to the overuse of google-analytics"

Your advice is admirable as is using 'hosts', Ghostery / AdBlock / Noscript.... But its all in vain folks.

Why?

1. SuperCookies (test yourself using panopticlick on EFF.org website)

2. Server side scripts can still send all your info to Google Analytics et al anyway no matter what you do!

Instead we need legislation and mega-fines. And that starts with stopping Google lobbyists from having VIP access to No 10. Otherwise we will always be playing catch-up, and the majority of people we know: girlfriends, family, friends will always be 'marks' regardless of what we tech endowed know or do...

2
0
Anonymous Coward

I hope this takes off... But I have a real fear...

....That state backed forces have the resources to sabotage, intercept or nullify this or similar endeavour. If we learned anything from the Open-SSL debacle, its that the private sector is too busy expanding and making $, to ensure their systems are robust never mind foolproof.

We don't even have the required layers of software / hardware to begin with. A new paradigm is needed. At Uni we had courses proving that a program would behave exactly as planned. But the internet is such a wholly organic original beast that I've rarely heard of this type of thing anywhere except at places like NASA or defense contractors...

So nothing is foolproof, everything is a lump of Swiss Cheese.... And as long as the state continues to keep the juicy bits to themselves as they did by withholding information on Heartbleed, we're fried folks! How can we assume otherwise? Its pointless!

1
0
Anonymous Coward

Re: I hope this takes off... But I have a real fear...

With all due respect, there is no such thing as perfect security. What you do is risk management, manage exposure down to a level that you can cope with and that still fits within a budget you can afford.

There is, however, one thing you cannot afford: give up and do nothing. Because that's playing into the hands of all who would like your data. No way - if they want my data they will bloody well have a fight on their hands (I actually have a few more tricks up my sleeve in that respect, I pity the poor sod who tries to use the data I've given out :) ).

These guys have come up with another route to technical security, which is always worth it because if everyone would adapt the same approach there would be one intercept process that would work everywhere. It's up to us as voters to make it known to the politicians that pretend to represent us that enough is enough, we want our privacy back. You know, the bit the Human Rights declaration all signed up to in 1948?

2
0
Anonymous Coward

Re: I hope this takes off... But I have a real fear...

With all due respect, there is no such thing as perfect security. What you do is risk management, manage exposure down to a level that you can cope with and that still fits within a budget you can afford.

The problem is that risk management is starting to become infeasible. The adversary (a state) is resourceful enough and patient enough to find a way in and use it as often as they can to get as much as they can, and—increasingly—systems are becoming more glass-like, wherein even a small imperfection can cause a cascade that eventually breaks the whole thing open (the case of they only have to be lucky once).

Short of retiring to a heavily-forested hermit life (or else the satellites will see you), if people want to know about you, they will, will ye, nil ye. The world is a village now.

PS. That bit about the Human Rights Declaration? Ink on a page...

2
0
Anonymous Coward

Re: I hope this takes off... But I have a real fear...

The problem is that risk management is starting to become infeasible. The adversary (a state) is resourceful enough and patient enough to find a way in and use it as often as they can to get as much as they can, and—increasingly—systems are becoming more glass-like, wherein even a small imperfection can cause a cascade that eventually breaks the whole thing open (the case of they only have to be lucky once).

Still not an argument to give up. Unless they change the state into a totalitarian format, there are still ways in which they need to account for what they do - it just takes longer. In the meantime I'm not going to roll over and let them invade my life and that of my family. You're welcome to your own choices, but there is no way I'll give in. Not my style.

1
0

Why lavaboom is (unintentionally) lying

Unless the can provide technically convincing arguments to the contrary, current technology does not allow for Host-delivered, Host-proof Web Apps, that's especially so when it comes to client-based JS crypto that is delivered by the/a host. Stating it simply, they cannot hold on technical arguments the following sentence of theirs: "That means we make sure that your Email remains your Email, and can only be read by you." Any rogue employee of them could tamper with the JS crypto code that is delivered to your browser any time you reload your inbox page! That is, the amount of trust you need to put on them is as much as the trust you need to put on Gmail, an unencrypted email service. There is no way to check that the JS crypto code you are using at any time hasn't been tampered with: they could be sending your private key back to their servers in an encrypted way. You cannot be sure but only trust them on 1) they'll never do so, 2)they have put enough measures to avoid that any authority gets access to their servers and tampers with their code. After all, they don't know where their machines are...

But more importantly, keep in mind that, AFAIK, JS-crypto is simply doomed. Worse, it's a dead end with current technology. The Web browser offer a huge attack surface and JS is blatantly bad at shielding you from that. Plus it introduces it's own pitfalls. See references.

I myself starting building such JS based service till I learned that it's a no-go if I really want to offer serious security+privacy. If anybody can proof me wrong on this, please enlighten me.

References (each offers more links, especially the second one, with links to JS/Browser attacks):

Why JS crypto webapps are doomed:

The key reference: http://www.matasano.com/articles/javascript-cryptography/

An extremely resourceful one: http://tonyarcieri.com/whats-wrong-with-webcrypto

Discussion on a previous real case use of JS-crypto and its pitfalls: https://www.schneier.com/blog/archives/2012/08/cryptocat.html

PS: Did I get that right, that _they_ generate your private key!? What keeps them, or -again- a rogue employee/authorities to tamper with the code and get a copy of the key?

0
0

Re: Why lavaboom is (unintentionally) lying

Additionally, you may want to follow last year's discussion on Arstechnica about Lavabit. The user edrowland expresses the concern on JS web crypto very clearly as well

http://arstechnica.com/civis/viewtopic.php?f=2&t=1223679&hilit=javascript+crypto&start=40

Has there really be any advance that would allow lavaboom to honestly offer a really host-proof web app with JS crypto?? I don't know of any, but I'd gladly be proven wrong on this.

Anybody can offer any links supporting JS crypto on the client side?

0
0

Re: Why lavaboom is (unintentionally) lying

You might be interested in following a discussing on this on Arstechnica forums

http://arstechnica.com/civis/viewtopic.php?f=20&t=1241479

1
0

Page:

This topic is closed for new posts.

Forums