Lavabit to Briefly Reinstate Services for Data Recovery

I think there is already a judicial precedent (at least in the U.S.) that you cannot be forced to give up your password, because it would amount to being forced to testify against yourself, which is a violation of your fifth amendment rights.

So I take your point about orgainzations like Countermail, Austici, Riseup, being prepared to go to the mat. But I'm not sure (honestly) if that really protects you better than fifth amendment rights.

Of course, this only applies to people when they are in the United States. If you're stopped at the U.S. border or something it seems like even U.S. citizens don't really have rights or, rather, it's not clear what people's rights at the border are. Although some activists have recently gotten away with refusing to divulge passwords to U.S. border agents.

As far as other countries go, I don't know what the legal ins and outs of it are.

The other advantage of being yourself subject to a raid is that at least you would then know that you're under investigation, wherease with a third party service there's always the possibility that they could be compelled one way or the other to keep a investigation secret.

 

I do sympathize with how much it must have sucked to suddenly not have access to your email. (I had a Lavabit account too, although it doesn't sound like I was using for crucial things in the way you were.) And I can see that many people may have signed up for Lavabit wanting privacy from Google, et al, and not really understood how dead serious Levinson was about privacy (hence the choice he made, when he had no other way to protect his users' privacy). The information was there, but you would have had to read a lot of complicated, often pretty technical, stuff on the Lavabit site, about how the system worked and what Levinson's intentions were.

So I see how circumstances arose, in which a lot of users suddenly found themselves without access to their email, in a way that they did not anticipate (did any of us really see the whole NSA, FBI, Snowden debacle coming?). And I can see in retrospect how some people might have chosen the downsides of Gmail over what happened (although only because in retrospect they finally understood what Lavabit and Levinson were really about). So I really sympathize with that. I just don't blame Levinson. He did a courageous, principled, thing, not for lazy or selfish reasons, but instead taking huge risk to himself to protect his users and keep a promise he made to them (whether or not all of them fully understood it).

That aside, as Taliscicero points out, you could use a private email service like Lavabit (while it still existed) or Countermail, with a client like Thunderbird on your own system that downloads the emails to your computer and then you would have the privacy and not the risk of losing your email if the system gets shut down. You could also set it up to leave copies of your email on the server, so that you can still use the webmail client also, if you don't have access to your computer at a particular time (although any emails sent or received while on the webmail client would not be on your own computer). You could also periodically just download your whole mailbox somewhere to back it up. So it is possible to have privacy, without the risk of losing all your email if the system gets shut down. In addition, as well run as Gmail is, I wouldn't one hundred percent count on it being impossible to lose your email. As long as you're trusting it to all be stored in only in one place, by one service, the risk of losing everything is real.

Thanks for taking the time to reply, and I think you make some very fair observations too, looking at it from both sides of the coin. I appreciate you taking to time to explain.
When I was looking for an alternative email provider, all I was looking for was to escape the google targeted ads showing up all the time and Lavabit did fit the bill in that respect. I did actually use outlook to access it, but it must have been an IMAP set up, as when I could not gain access I could not see any of the folders within outlook. This has caused me to do some research into the different types of email, and I have settled for a Microsoft exchange service which is nicely backed up and stored on my local outlook too. I do use an Outlook email now, yes, its in the states and probably peeked at by the authorities there but that does not bother me in the slightest.
I accept its gone now and have made adjustments so the same cannot happen again. Would I pay for a secure private email again such as Lavabit? No, I don't think I would, as the same could happen to them. I could moan about Snowden.............but I won't, I wont moan any more..........I don't want to end up like Taliscicero

 

You may also want to consider email providers in EU that have stronger privacy than Microsoft but not as strong as Lavabit. Runbox is in Norway and they are straight forward open that they will give away your emails to authoritis after a proper court order is provided. This is okay with me since it provides me more privacy protection than U.S. kangaroo court that will be okay with email provider sending all emails of all people in United States to NSA.

 

Strange goings on...

http://i.imgur.com/rIgaZf0.png

https://pay.reddit.com/r/worldnews/comments/1oij1d/lavabit_comes_back_online_for_96_hours_to_allow/ccsh07b

 

Technical issues aside, it's imprudent to trust people who've recently been arrested.

 

Like all things on Reddit, I take this with an extreme grain of salt. I went to the SSL Labs site myself and ran the SSL test on Lavabit's site. In fact, forward secrecy is working fine with most browsers, just not with Internet Explorer. Forward secrecy fails on all version of IE that SSL Labs tests (which is not all of them), but works fine on all versions of Chrome, Firefox, Opera, and Safari that they test (which is also not all of them). So it seems like a problem with IE and Windows, not the Lavabit site.

I'm not technical expert, but whoever made that post at Reddit appears unable to read the SSL results and properly interpret them. Either that or (given the relative level of hyping tone to their post) they deliberately misinterpreted the SSL Labs results. Off hand, it just seems like someone on Reddit trying to get attention.

*

I think that's a good point and it's fair to be skeptical. To be accurate, Levinson (I believe) has not been arrested, nor charged with a crime. Instead he's bringing legal action against the government to prevent it from forcing him to disclose all of his users' information. Given the general circumstances of the case, I'm inclinded to have faith in his actions, but it is a leap of faith. Obviously Levinson is under a lot of pressure from the governement. If one had information on Lavabit that one absolutely did not want the government to ever see, then I suppose the safest choice would be to kiss that information goodbye and not use the data recovery feature.

 

Agree, if you put all your eggs in one basket you are asking for trouble. A competent risk analysis has to be performed on all aspects of our on-line lives in order to maintain security. Honestly expecting a provider to protect your security is ludicrous. I use a secure provider that keeps no records. If I keep all my email on their servers and they get shutdown I know the risks the responsibility falls on me. If I am paranoid and download my email to a client and delete everything from that server then I cannot be compromised in the fashion rollers is griping about.

@lotuseclat79 - you bring an interesting point. The patriot act modified the warrant status of the FISA court from specific warrants to general warrants. This is the very reason the US created the 4th amendment and one of the mitigating reasons the American Revolution was fought. So now the United States is using a general warrant against its own citizenry instead of the british. Do you find it at all curious that no case like Levison's has made it up through the legal system that even has the potential to make it to the Supreme Court? I do! The government did not want to (IMO) sustain any risk of the general warrant status of the FISA court winding up in front of the Supreme Court the only entity that could do anything about it. Now, however, the NSA is frantically trying to assess the damage caused by Snowden, so now they take the risk.

 

I believe this is something that Levison might do. The honey pot theory considering what the government has done should conservatively be reason alone to abandon lavabit entirely. You simply don't know.

 

Backups

 

Yes, I do!

-- Tom

 

Technical point: He hasn't been arrested.

PD

 

Ladar gave an interview on TWiT Trangulation recently. Go-Daddy took it upon themselves to revoke the SSL keys that the FBI got, and he has new SSL keys for the recovery.

Not saying any of that matters, but the guy does seem to be genuine. If he wasn't he'd still be running Lavabit.

PD

 

@Pauly. This is more then just a technical point. This is a critical point. The man was doing everything within his power to protect his customers privacy. Levison ONLY buckled when his liberty became threatened and even then once he gave the gov't the ssl keys he shut down Lavabit to mitigate future compromise. BTW, from what I read that ~ Snipped as per TOS ~ to government off big time.

 

That's true. But he's been dealing with the FBI far too much for comfort. And he's admitted some cooperation, albeit only concerning "certifiably bad" customers. Trust him now? No thanks.

 

His interview on Triangulation was very interesting. If you have an hour laying around, this would be a good use of it.

http://twit.tv/show/triangulation/125

 

I love it how hey gave them the SSL key in a 4 point font. HA HA that would ~snipped~ them right off.