Secure Email by Lavabit

Posted on the 22 August 2018 by Darkwebnews @darkwebnews

The web is currently cluttered with burgeoning secure email platforms that aim to circumvent the long arm of government surveillance.

Many of these projects have been created to ensure that their users stay clear of the prying eyes and ears of the National Security Agency (NSA).

Certainly modern platforms have been tailored to fix previous issues that have littered encryption tools such as Pretty Good Privacy (PGP). The most notable example is that of Dark Mail, a comparatively new platform with the tools to hide user metadata.

In the context of this article, Lavabit is one such service that has established itself as king in the secure mail industry.

The Lavabit platform utilizes the Dark Internet Mail Environment protocols with a solid standing on the web interface.

A Dramatic History

You Might Be Wondering About When You Last Heard the Name "Lavabit"

Lavabit was the widely publicized encrypted email service that was very dear to world-renowned whistleblower Edward Snowden.

Lavabit was created by Ladar Levison in the year 2004, and has always appealed to privacy-conscious minds that are in constant fear of NSA spying.

This email service served its purpose accordingly, before it was suspended in 2013 and would later relaunch in 2017 with a refurbished operational model.

The famous August 2013 closure of Lavabit had been the result of clashes between the secure email provider and the Federal Bureau of Investigation (FBI).

In this regard, the authorities had directed Lavabit to surrender its Secure Sockets Layer (SSL) private keys to pave way for government investigations on its users.

Particularly, the U.S. government had intended to surveil Edward Snowden's email communication activities to establish a court case.

As fate would have it, March 2016 saw the exposure of court files indicating the release of Lavabit's portfolio, which confirmed FBI interest in Snowden's dealings within Lavabit's umbrella.

From the case files, it was revealed that Snowden was an avid user of the encrypted email service and that the FBI had attempted to arm-bend Lavabit policies to their interests.

The government asked that they would be allowed to create a surveillance pathway within Lavabit servers, which would open doors to the presentation of the mail service encryption keys and the eventual access to Snowden's emails.

In addition, the case files showed that the government had directed Lavabit to hush up the deal with regards to third-party outfits.

Ultimately, Lavabit preferred to shut itself down rather than fulfill the U.S. government needs. An article by the Guardian reported this incident as an abrupt shutdown and the product of 38 days of legal battle.

A Host of E-Tools

After shutting down Lavabit, the platform's founder partnered with Silent Circle to create the Dark Mail Technical Alliance (DMTA) and announced that Lavabit would be "back with a bang" the following year.

Two years later, Levison presented a protocol that would go a long way in supporting the "dark" email, a tool that was dubbed the Dark Internet Mail Environment (DIME).

In a nutshell, DIME is a multi-layered construction of structures that support message encryption.

The framework included the implementation of libdime, which presented libraries and command line utilities.

The year 2016 saw the appearance of Lavabit's Magma server daemon on GitHub.

Rightfully, according to an account provided by Ladar Levison, DIME is a multi-modular provider of security in the abstract.

In this sense, it categorizes its offerings according to Trustful, Cautious and Paranoid options.

DIME has managed to duly set itself apart from its colleagues, owing to the fact that it neutralizes security issues that its counterparts fail to solve.

DIME is the only automated encryption of its kind, a security standard that is fashioned to work in harmony with divergent providers.

This aspect is true to the fact that it manages to curtail the unauthorized seepage of metadata across the space of system security.

In actual terms, DIME provides end-to-end security but still maintains a desirable level of flexibility as far as user friendliness is concerned-you do not need to be a cryptology pundit to operate your email platform.

So, What Exactly Constitutes This Protocol? Let's Dig Deep.

Any computer security expert might tell you that with the existence of wetware, perfect security becomes a difficult-to-achieve goal.

The DIME protocol provides that weak user passwords are significant culprits that cause system security issues.

Expectedly, this limitation should have been well captured by the DMTA, which speaks of DIME as a reliable provider of email confidentiality.

Additionally, it claims that DIME is tamper-proof by nature and has mechanisms in place to prevent the unnecessary leakage of metadata across the delivery track.

The four units of the system, in the upper echelons of the framework, are:

  • Email clients
  • Privacy processing elements
  • Key stores
  • Encrypted message items

Indeed, the criticality of brainstorming the significance of user interfaces for privacy agents, in the context of this article, cannot be overemphasized.

Thus, to the obvious majority, the Organization Privacy Agent (OPA) interacts with both email clients and the web in its entirety.

This concerns aspects of dealing with key management issues with the aim of establishing secure transit channels that conceal messages by means of layer security.

In addition, it gives access to the envelope information for appropriate management.

The User Privacy Agent (UPA) deals with crypto tasks accrued to users, and may be based in the user's email client, or even on the server.

What is DIME?

Theoretically, DIME operates according to three aforementioned approaches, whereby:

  • Truthful denotes an instance where users fully trust the server in question-they bear zero doubt that their privacy is guaranteed.
  • Cautious concerns situations where encryption may take place within a user's browser. In this case, the server executes acts of encryption with a focus on private keys and messages.
  • In Paranoid mode, the server stays blind to a user's keys. Webmail becomes at large, and the utilization of multiple devices begs the need to do syncing across diverse keyrings.

In the high-tech context, DIME prompts the system to establish its functions on the basis of an automated effort, in which key management issues and anti-manipulation endeavors are handled even if a client becomes vulnerable.

The existence of multi-layered encryption framework is tailored to protect messages even in the event where a server has been breached.

In summary, DIME depends on the idea of two main "signets" for keys; organizational signets which are tied to a domain and user signets (associated with individual email addresses).

Why Choose Lavabit? You Guessed It Right.

Lavabit's biggest selling point is its proven willingness to sacrifice its existence for the best interest of their users.

The fact that a platform of Lavabit's stature can choose to shut itself down, rather than sell off its users, is unique, to say the least.

This is a rare attribute and in fact, Edward Snowden was quoted saying that Lavabit could be the only ones in the world with such strong ideals.

Secondly, Lavabit has established its place in the league of internet privacy and security tools.

As a choice email provider, its undivided commitment to privatizing the email service is highlighted by its constant huger for partnership and product evolution-just to secure the mailboxes of its clients.

Apart from establishing encrypted connections, Lavabit can be used to scout for any malicious software, and messages become only accessible to bona fide password holders. Encrypted connections are not just restricted to web access, but extend to other access functions that govern the desktop email.

These programs may also be encrypted, thanks to Lavabit.

Furthermore, Lavabit's elementary web client interface is comprised of filters, and expresses email messages as plain text. This setting is usually fixed as a default approach. However, it is noteworthy to acknowledge that the same interface has particular limitations in the aspect of features and comfort. For example, a user cannot proofread their work for spelling errors.

Finally, Lavabit provides a variety of options when it comes to filtering junk email messages. A quick understanding of fundamental configurations may allow a user to set up important lists and impose sanity in their email inbox.`1112

Disclaimer: