Lavabit, the email service that shut down rather than comply with a US government demand to hand over encryption keys that would have jeapordised the security of its 400,000-plus users, is almost ready to relaunch, and it comes with a new security feature.
The request for SSL keys to decrypt users accounts was primarily directed at Edward Snowden, who used the service before it shut down in 2013, but the company’s founder Ladar Levison chose instead to close the whole service down, thereby making it impossible to comply with the government request for access. The store of 50 million or so emails hasn’t been deleted, according to The Intercept, however. It’s also no accident that Levison chose Inauguration Day in the US to relaunch the service, either.
“In August 2013, I was forced to make a difficult decision: violate the rights of the American people and my global customers or shut down. I chose Freedom. Much has changed since my decision, but unfortunately much has not in our post-Snowden world. Email continues to be the heart of our cyber-identities, but as evidenced by recent jaw-dropping headlines it remains insecure, unreliable, and easily readable by an attacker,” Levison wrote.”Today, we start a new freedom journey and inaugurate the next-generation of email privacy and security.”
The relaunched service, which Levison has been working on since 2014, will offer three levels of security, which essentially depends on where you want the encryption to take place. Two of the modes allow all encryption to be done on the user’s device, while the third is done on Lavabit’s servers while you’re using the service. This ‘Trustful’ mode also has a new security implementation that allows Lavabit to serve encrypted communications but without having any access to the key to decrypt.
This is achieved by inputting the key in a physical device, and then destroying the generated key; the end result is that the key is stored, but inaccessible, and as an extra security measure, if anyone tries to retrieve it or tamper with the device, the key will be destroyed.
According to The Intercept, Snowden says he’s planning to re-activate his account when the service is up and running, but can’t comment on the security of it before testing it out.
Watch: Hands-on with the Nintendo Switch
Will you be using Lavabit’s service when it relaunches? Let us know in the comments below!