Snowden's favoured e-mail service opens shop, again

Lauren Kate Rawlins
By Lauren Kate Rawlins, ITWeb digital and innovation contributor.
Johannesburg, 24 Jan 2017
The e-mail service provider used by US whistle-blower Edward Snowden has been revamped and reopened.
The e-mail service provider used by US whistle-blower Edward Snowden has been revamped and reopened.

US whistle-blower Edward Snowden's preferred e-mail service, Lavabit, said this week it would relaunch its service after nearly three years of downtime.

Founder of the service, Ladar Levison, explains: "In August 2013, I was forced to make a difficult decision: violate the rights of the American people and my global customers, or shut down. I chose freedom.

"Much has changed since my decision, but unfortunately, much has not in our post-Snowden world. E-mail continues to be the heart of our cyber-identities, but as evidenced by recent jaw-dropping headlines, it remains insecure, unreliable and easily readable by an attacker."

At the time of closure, the service had over 400 000 users, including Snowden, whose identity on the service was revealed in July 2013 when the e-mail address was used to invite human rights lawyers and activists to a press conference during his confinement at Sheremetyevo International Airport in Moscow.

The day after, the US federal government served a court order to Lavabit asking for metadata on an unnamed customer, and later that month, obtained a search warrant demanding Lavabit give away the private SSL keys to its service. This would have affected all Lavabit users.

Levison responded by shutting the service down.

He says the company has decided to revamp and relaunch now, to coincide with the US presidential inauguration.

After shutting down, Lavabit developed an open source secure end-to-end communications platform for asynchronous messaging across the Internet, called DIME (dark Internet mail environment). The company says DIME is superior to current standards as it provides automatic encryption and protects metadata.

"By encrypting all facets of an e-mail transmission (body, metadata and transport layer), DIME guarantees the security of users and the least amount of information leakage possible."

For every level of paranoia

To accommodate different user needs, DIME operates in three account modes: trustful, cautious and paranoid. Lavabit says the difference between each mode is based on where message encryption (or decryption) occurs and where the user's private key is stored.

Trustful mode is for users who want a more secure e-mail environment, but require the ability to use existing e-mail software. It claims to be easy to use and the server performs the encryption on the user's behalf.

Cautious mode is what Lavabit believes most users will choose as it allows users to access their e-mail in the same way they normally do, but with added protection and control. This is because it offers end-to-end encryption, and the user's key (used for the encryption) is only available in plaintext within the memory of the user's chosen device. This means it cannot be seen by the Lavabit servers, but does exist there, encrypted.

Paranoid mode was designed for users who believe they face a higher threat level and don't want a key to exist anywhere in any format except on devices where they maintain absolute technical control. In paranoid mode, the key never transmits anywhere unless the owner does so. It is ultra-secure; however, it requires technical proficiency in user key management.

Previous Lavabit users are now able to access their accounts in trustful mode and update their credentials to the new DIME standard.

New users can pre-register for a Lavabit account here, for half price. Normally it costs $30 annually for 5GB of space or $60 annually for 20GB. Users can pay with a credit card or Bitcoin.