Go dark with the flow: Lavabit lives again It's taken longer than first expected, but the first fruits of Lavabit founder Ladar Levison's Dark Mail Technical Alliance have landed with the relaunch of the encrypted mail service he closed in 2013. After shuttering Lavabit, Levison joined hands with Silent Circle to form the DMTA and promised Lavabit would flow again in …
Well that's lovely and all, but given the abrupt shuttering of Lavabit.com back in the day is STILL causing me problems with recovering accounts, he can sod off if he thinks I'm giving him my business for a second time. His grand gesture was all well and good, but I bet I'm not the only customer it caused a shit ton of trouble for.
That is what you bought last time, you are buying it this time too.
If you are buying spook-resistant email, you have to account for it being shuttered to remain spookproof as one of the possible outcomes.
Your inconvenience originated from you not fully understanding what are you buying. Can't help you with that one I am afraid.
> Your inconvenience originated from you not fully understanding what are you buying.
Indeed, one of the reasons I would download all my mail off lavabit to my own home via POP. In this world secure communications channels not backed by military power can be shut down, and I would rather lavabit shut down, then just open up a backdoor to all our mail. If I wanted that, I could just use Google.
FWIW, I will be going to back to lavabit once up and running. He proved himself by shutting down his business and going through the courts for years rather than give up the keys.
Also, they say they still have the old lavabit accounts for reactivation, so I am going to see if they can re-activate my old accounts there.
In theory, they may have all the old mail too. I suspect that during the court case, deletion of emails would have been seen as tampering of evidence, so chances are they may still have your original data, as well as the original accounts.
The biggest flaw is whether the client-side decryption code could be trojaned to ping a copy of your keys and passwords to an NSA server after you've entered them, then served selectively to targets of interest. Is there a way to sign a javascript file with a key, pin that key to a domain/file (so any variation gets reported and rejected), and have the browser reject any code that fails that signature check?
Even so, that then assumes the provider is able to keep control of their signing key, won't be complicit with an NSL letter to sign a trojan. Perhaps keep the signing key offshore with a third party that won't sign any code he hasn't personally inspected, or use some kind of federated approach that requires x out of y third parties to inspect and sign the code.
Tough nut to crack with the current web (in)security technology.
> Still can't help feeling there's still a way for the spooks to get in.
No system is 100% secure, there is always a way for spooks to get in, even if it is directly through you (i.e "5 dollar wrench" solution -- https://xkcd.com/538/).
The point of this exercise is to make it harder and more expensive for them to do so. It means that they would only then do it if there is probable cause, or enough reason that it would justify the cost to rifle through your personal life.
What we are trying to avoid is a situation where it is so easy and cheap for almost anyone to rifle through your personal life, that they can do it en masse and for almost nothing per person. That is where we are heading now, and IMO a very dystopic future.
The alternative "secure" solutions don't have to be 100% secure, just secure enough to deter casual/automated spying.
"What we are trying to avoid is a situation where it is so easy and cheap for almost anyone to rifle through your personal life, that they can do it en masse and for almost nothing per person."
And what I'm saying is that I don't think they did enough to raise that cost. For example, there's a point of trust in this new system. All the plods would have to do is subvert or duplicate this starting point, then they have ways to trace you and then just do highly-targeted attacks as needed.
As for the $5 xkcd solution, I've always said it doesn't work against two types of people: wimps (who keep fainting at the mere sight) and masochists (who are turned on by the wrench and ask you to hit harder).
> And what I'm saying is that I don't think they did enough to raise that cost. For example, there's a point of trust in this new system. All the plods would have to do is subvert or duplicate this starting point, then they have ways to trace you and then just do highly-targeted attacks as needed.
Fair enough, I haven't read their paper just yet, so cannot provide constructive rebuttal or agreement. What would you change in the system to make it more secure, but still a palatable alternative to replace the widespread popularity of current email?
At this point, it sounds like it is more secure than 95% of the systems up there, which is an improvement I will not complain about. If it can deter casual spying that is good.
Targeted attacks are harder to counteract, and you may well find that this system will not be enough, you may need to consider multi-layered security systems, or perhaps something other than this.
Still, I won't knock the guy for coming up with a proposal for something better than the unencrypted store-and-forward system we have now. It is all about convenience vs security, if we can get increased security for all, even if not perfect, it is better than what we have currently.
Those who are at greater risk (or have increased paranoia) are free to use more secure and less convenient systems, as they see fit.
> As for the $5 xkcd solution, I've always said it doesn't work against two types of people: wimps (who keep fainting at the mere sight) and masochists (who are turned on by the wrench and ask you to hit harder).
Heh, natural selection working to increase the number of wimps and masochists then =)
In seriousness though, the combined masochists and wimps are what? 5% of the population? more? Even if it was 25% (a bit optimistic I think), that leaves 75% that would be scared enough of the threat to reveal what is demanded, or they will give in not too long after the procedure has begun.
"Still, I won't knock the guy for coming up with a proposal for something better than the unencrypted store-and-forward system we have now. It is all about convenience vs security, if we can get increased security for all, even if not perfect, it is better than what we have currently."
Unless it becomes LESS convenient, turning the average person OFF to the idea. I sometimes wonder if we're going to find it's an UNhappy medium out there: too irksome to use yet not secure enough to be practical. Remember the unwashed masses control the market, and they're searching for unicorns at this point. And we REALLY need the herd effect for this to be really effective. Unless, of course, the State has the computational resources to still winnow this out, in which case we're at the Big Brother stage already, in which case we're pretty much screwed.
"In seriousness though, the combined masochists and wimps are what? 5% of the population? more? Even if it was 25% (a bit optimistic I think), that leaves 75% that would be scared enough of the threat to reveal what is demanded, or they will give in not too long after the procedure has begun."
But like you said, natural selection might result in security people hiring sociopathic masochistic loners since they can't be tortured: directly (wrench turns them on) or indirectly (don't care about anyone else enough for that to be an angle). And this is only in SEMI-jest, since it seems sociopathy is just about a requirement for ANY position of power.
> Unless it becomes LESS convenient, turning the average person OFF to the idea. I sometimes wonder if we're going to find it's an UNhappy medium out there: too irksome to use yet not secure enough to be practical. Remember the unwashed masses control the market, and they're searching for unicorns at this point. And we REALLY need the herd effect for this to be really effective. Unless, of course, the State has the computational resources to still winnow this out, in which case we're at the Big Brother stage already, in which case we're pretty much screwed.
I am willing to let them try. GPG has been around for donkeys years, and it never caught on beyond a few special industries and crypto nerds.
If they can provide similar levels of security in a more convenient fashion, then I don't have a problem with letting them try. Even if the security is worse than GPG, it would be moving forward as long as it isn't unencryped email (which is the equivalent ot writing messages on a post card and sending that).
Plus in theory I could GPG encrypt my mail myself before I send it through this system if I feel particularly paranoid, while for joe average it will be more secure than before, but with (in theory) similar levels of convenience.
I still would class that as a win, because we have moved forward and improved an infrastructure that was designed back when the Internet was an academic utopia, rather than the modern day cesspit it has become.
And yes, if the state can winnow it out anyway without much effort, then we are deeper down the rabbit hole then I expected. In which case, not much you can do. If you can't organise an effective opposition because all comm channels are under scrutiny/control, then you are done essentially. Individuals can either rage impotently against the machine, accept that is the world they live in, or attempt to leave for greener pastures.
> But like you said, natural selection might result in security people hiring sociopathic masochistic loners since they can't be tortured: directly (wrench turns them on) or indirectly (don't care about anyone else enough for that to be an angle). And this is only in SEMI-jest, since it seems sociopathy is just about a requirement for ANY position of power.
I thought they already hired sociopathic masochists? :-D Or at least a mixture of sociopathic sadists and masochists... (their Christmas parties must be fun)
Well, this is a human condition, not something technology will control or remedy (nor am I sure it would be wise to do so). Either way, it is outside the scope of this project's goals :-)
"Plus in theory I could GPG encrypt my mail myself before I send it through this system if I feel particularly paranoid, while for joe average it will be more secure than before, but with (in theory) similar levels of convenience."
Except PGP/GPG is pre-quantum. You may want to assume the data center in Utah is really a cover for a black-project (read: years if not decades ahead of its time AND deny it even exists) working quantum computer.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
