Back in 2013, Edward Snowden used a secure email service called Lavabit to uncover secret NSA documents detailing the mass surveillance program started by the agency. Soon after the leak, the service’s developer, Ladar Levison, decided to shut down Lavabit after the US government demanded from Ladar to hand over the platform’s SSL encryption key. After more than three years, Lavabit is back.
Ladar decided to shut down the service because handing out SSL security key to the US government would mean giving the government data about more than 400,000 active Lavabit users at the time on a plate. This time, the service is using a new type of architecture, physically preventing the company from handing its SSL encryption key.
Basically, Lavabit stores the key in a tamper resistant device, with the service generating a long passphrase unable to be seen by the company. The passphrase is destroyed after the key is inserted into the device. According to one developer for the company, “Once it’s in there, we cannot pull that SSL key back out.”
Now, the platform is revived in the form of DIME (Dark Internet Mail Environment), which is a global standard for end-to-end encryption, and Magma. Magma is a DIME-supporting email server, both free and open source.
Both have been released, with Magma giving users a couple of levels of encryption, Trustful, Cautious, and Paranoid. Choosing trustful will encrypt user’s data on the company’s server; Cautious offers end-to-end encryption from the moment an email is sent to the moment it is received.
Paranoid level includes all the above plus an additional client software capable of generating encryption keys stored on the user’s device. If a user wants to transfer the security keys, she has to do it manually.
The resurrected Lavabit service is available only for users who had active accounts at the time when the service went offline. They can continue using their accounts but aren’t able to retrieve their old emails. If you want to get a chance of using Lavabit you can pre-register for an account on Lavabit’s website, but note that the company didn’t share when it will start accepting new users.
After it got back online, Lavabit is now constructing graphical clients for various OSs such as Microsoft’s Windows, Apple’s Mac OS X and iOS, Google’s Android, and Linux.