Security Experts:

Connect with us

Hi, what are you looking for?


Email Security

Lavabit Email Service Returns with New Encryption Platform

Lavabit, the secure email service that shut down in 2013 after the NSA requested access to Eduard Snowden’s email account, is recommencing operations on a new secure end-to-end communications platform, Lavabit owner Ladar Levison announced on Friday.

Lavabit, the secure email service that shut down in 2013 after the NSA requested access to Eduard Snowden’s email account, is recommencing operations on a new secure end-to-end communications platform, Lavabit owner Ladar Levison announced on Friday.

In August 2013, the service was suspended after the NSA requested its Secure Sockets Layer (SSL) private keys to access the email account of its users. The NSA was reportedly interested in Snowden’s account at the time, but Lavabit suggested that, with the SSL key in its hands, the US government would have been able to access any account.

Lavabit’s closing at the time prompted other online services to take a similar route, including Silent Circle, which shut down its Silent Mail service “to prevent spying,” and Groklaw, a technology news site focused on legal issues. Several months later, Silent Circle and Lavabit formed the Dark Mail Alliance, focused on offering the “next-generation of private and secure email.”

The relaunch of Lavabit’s email service, Levison says, isn’t meant only to continue sustaining online freedom, justice, and liberty, but also to address some of the main issues that email services today face. He also points out that the reopening builds on the Dark Internet Mail Environment (DIME), open source secure end-to-end communications platform for asynchronous messaging across the Internet.

“Today, we start a new freedom journey and inaugurate the next-generation of email privacy and security,” Levison notes on the Lavabit website.

DIME was created with Kickstarter funding, which also helped Levison come up with Magma, an associated DIME-capable free and open source mail server. Released on Friday together with Magma, the end-to-end encrypted global standard was designed to offer multiple modes of security (Trustful, Cautious, and Paranoid), and to address security problems so far have neglected.

The platform was designed as an evolution of OpenPGP and S/MIME, which don’t provide automatic encryption and don’t protect metadata. DIME, on the other hand, encrypts all facets of an email transmission (body, metadata and transport layer), thus aiming to deliver the greatest protection possible without sacrificing functionality.

“DIME is the only automated, federated, encryption standard designed to work with different service providers while minimizing the leakage of metadata without a centralized authority. DIME is end-to-end secure, yet flexible enough to allow users to continue using their email without a Ph.D. in cryptology,” Levison says.

Users can rely on the server to handle all privacy issues, meaning they would have to “trust” the server (Trustful mode), can set it to only store and synchronize encrypted data, including encrypted copies of a user’s private keys and encrypted copies of messages (Cautious mode), or can place a minimum amount of trust in the server, denying it access to private keys (encrypted or decrypted), but losing functionality, as webmail access won’t be available (Paranoid mode).

The service is available for existing users to regain access to their accounts in “Trustful” mode and update their credentials to the new DIME standard, as well as for new users to pre-register for an account.

Lavabit also made the free, open source library, and the associated command line tools for creating and handling the new DIME standard available for everyone, and says that any domain admin can deploy Magma or implement their own encrypted DIME compatible server. Clients for Windows, Mac OS X/iOS, and Linux/Android are also expected to be released.

“Today, the democratic power we transfer to keep identities safe is our own. With your continued patronage, we will restore privacy and make end-to-end encryption an automatic, ubiquitous and open source reality,” Levison concluded.

In 2014, Snowden’s revelations about widespread online surveillance resulted in a push to encrypt email and keep messages free from the government, and the move regained momentum last year, after Apple decided not to provide the FBI with assistance to access San Bernardino’s iPhone, claiming that it was actually asking for a backdoor to all iPhones out there.

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.

Cloud Security

Microsoft and Proofpoint are warning organizations that use cloud services about a recent consent phishing attack that abused Microsoft’s ‘verified publisher’ status.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cybersecurity Funding

UK-based email security and brand protection solutions provider Red Sift on Thursday announced raising $54 million in a Series B funding round that brings...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Meta was fined an additional $5.9 million for violating EU data protection regulations with WhatsApp messaging app.