Criteria for choosing a secure email service?

Hello,

To those interested or looking for info on secure email, I've been looking at different services available with a few criteria in mind , namely security & privacy for messages while they are stored on servers + protection regarding IP (to avoid spreading the IP when filling online forms etc or simply just for IP privacy). I've compiled some info on three particular services and thought it would be a good thing to post on the forum, to help others make comparisons.

I also inquired several times to each one as my questions came to mind (usually after being inspired by posts on Wilders Forums!). They were all kind enough to answer inquiries politely and in a helpful way. On this point, I would like to mention/underline how Neomailbox Support answered extremely rapidly to all questions, even responding on Saturdays and Sundays! And XeroBank Support also responded very rapidly and were always eager to explain in detail the functionning of XeroBank privacy to the "average user". They all were straight forward and honest in their answers, including Lavabit. Regarding availability of info on websites (for email services), Lavabit was most thorough in providing extensive details imo.

Hope this might be useful to anyone considering either Lavabit, NeoMailbox or XeroBank/XeroMail. Feel free to comment, add or rectify any info here so we can all benefit!

Lavabit
Sevices available: Basic=free (128 MB storage, no ads); Personal=free (1,024 MB storage, ads in incoming mail); Enhanced=$8/year (1,024 MB storage); Premuim=$16/year (8,192 MB storage)
Server location: USA
Supports: "All of our plans include access to our POP3 servers for downloading your incoming e-mail and access to our SMTP servers for sending your outgoing messages. Our development team is also hard at work developing IMAP and webmail servers for launch later this year." + webmail, simple features
Payment options: credit card
Full feature's list

Pros:

• TLS and SSL encrypted and secure SMTP access
• Supports OpenPGP
• Server security: messages encrypted before saved on the servers (see asynchronous encryption); "Our team of programmers answered with a system so secure that even our administrators can’t read your e-mail"

Cons:

• IP is recorded to enable tracking of individuals in case of misuse*
• Not yet IMAP

Neomailbox
Services available: Secure email US=$39.95/year (250 MB storage); "Offshore" secure email=$49.95/year (1GB storage)
Server locations: 1. US hosted. 2. Netherlands hosted ("offshore" as termed on website); Swiss server in the future should be available.**
Supports: IMAP, SMTP, POP3 and Webmail
Payment options: Visa, MasterCard, Amex, Discover, Diners Club, JCB, PayPal, and Pecunix.

Pros:

• TLS and SSL encrypted IMAP and secure SMTP access
• Supports OpenPGP
• anonymous IP: client's IP is stripped from headers and only reveals Neomailbox's IP to the recipient ***
• Server security: OpenBSD - Proactive Security

Depending on YOUR personal point of view or location, Switz/Netherlands-based servers might be a pro for you or not. There are posts on the forum and articles on the net regarding the privacy situation in Netherlands, EU and Switzerland which might contradict the general idea that those are less subject to data retention practices.****

Cons:

• Encryption on servers for stored email not available at the moment *****

PS I am not a subscriber yet so I don't know how it is inside.

XBMail/XeroMail
Services available: Secure email is part of the privacy package including anonymous surfing through XeroBank network=$35/month, with 1st month at $1. (no info yet on storage)
Server location: see XeroBank Network for more details.
Supports: desktop clients / no webmail available now nor in the future
Payment options: Credit Card. PayPal or bank wire payment options available only for a 1 year prepayment (because PayPal doesn't allow recurrent payment for outside US/UK and wire transfers involve large overhead fees).

Pros:

• TLS and SSL encrypted IMAP and secure SMTP access (I imagine)
• Anonymous and encrypted email for maximum privacy
• Messages are stored encrypted with your private password
• No proprietary software required, all encryption is automatic
• 24/7 accessibility from outside the XeroBank network
• Identifying information is automatically stripped from message headers

Cons:
Looks like this service offers all one requires in terms of security, so I don't know what could be the cons. Except maybe the unavailability of webmail for those who like to use it; however, that's not a drawback as you can transport XBMail on a USB as it's an email client or use The Bat ! Voyager email client.

PS I am not a subscriber yet so I don't know how it is inside.

Lavabit offers excellent storage security, but to prevent abuse will not offer anonymous emailing, unless you go through anonymous surfing, from the start.
Neomailbox offers very good privacy but I imagine that they need to keep an option open to control they are not abused, so emails are not encrypted while stored. However, as they say they'll make this feature available soon.
XeroBank email seems to combine all the security measures all together in one package.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
*"The server currently records your IP in the headers. We took this step because we didn't want our service to become a haven for spammers and scammers. Since we don't record your connecting IP in our log files, we felt it important to record it somewhere.
Our long term plan will be to change this practice. We intend to
continue recording the sender's IP in the headers, but we will start
encrypting that information with AES. This way, if the account is ever
used to commit fraud, someone can request the original sender's IP
through a court order (provided they still have the message headers).
All of that said, several of our users, like you, don't like to reveal
their IP in the message headers. What we've recommended to them is
that they connect to our servers via Tor. Then the Tor exit node IP is
recorded in the headers, and not the actual sender's IP." (Lavabit Team)

**"We hope to introduce this in the next few months." (Neomailbox Team)

***"Our mail servers independently scrub your IP address from mails
you send out" (Neomailbox Team)

****"Yes, the Netherlands has better privacy laws than the US, so from a
legal standpoint the privacy of our Offshore accounts is higher." (Neomailbox Team). Also see here.

*****"Messages are not currently stored encrypted on our servers. But our servers can only be accessed by our CTO and nobody else. They are
stored on secure hardened servers in a secure data center.
We are working on providing a feature that will automatically
encrypt messages as soon as they are received and before they are saved on
the server. However, you would need to use PGP software to read
your messages if you were to use this feature. This feature will probably be added within a few months." (Neomailbox Team)

 

Thanks for the info.

However, IMO, the only way to get secure email is to encrypt the mail before you send it and to have the recipient decrypt it on his/her computer. As for privacy, the chances are very low to get it when using email alone (without any other anonymity service), because: 1) data retention is becoming a standard everywhere and 2) spam forces email providers to record the IP in the email.

 

Storage for XB network on mail is around 20,000 MB as a soft ceiling, and upwards of 75,000 MB as a hard ceiling I think.

Neomailbox is silly. Switzerland logs/data-retention 100% of all email. Offering a 1-hop service there is a joke. That makes you 100% attributable and 0% anonymous.

 

It's worth noting that the free accounts at Lavabit do not support messages encrypted on the server. This feature is only available for paid accounts.

 

Traxx75,

Thanks a lot for pointing that out, indeed an important detail.

Nebulus,

Thanks for the concise résumé on how to achieve security and privacy on the emails. I take your opinion as coming from someone who knows the field, as I've also been viewing other posts of yours with interest.

Hello SteveTX,

Looks like XBMail out does them all, and not only on storage capacity. Seriously, what attracted me first to XeroBank was the email services you offer, namely the encrypted storage. Many people are looking for one email service that they can stick to for years without worrying about an unexpected event or sudden loss of trust in their email services provider (ex. clients of Hushmail, because of the promise made that it was impossible to access the emails even for Hush staff).
Also, the fact that XeroBank appears to have set up a way of keeping servers secure and in undisclosed locations (I believe it is mentioned somewhere or in a post that you do not disclose geographic location of servers). And then of course the anonymous network.
Anyways, congratulations on this project and also for your support team who are very helpful.

I had a question for you in mind:
you mention that webmail is inherently unsafe and is compromised daily. Is one to understand that a person can intrude through webmail and gain access to the email servers this way, and potentially access all the messages of clients stored on the servers?
For example, the intruder accesses the servers of a company through the webmail (Lavabit, Neomailbox etc, not XB because you don't have webmail), is this a risk for the entire system/email storage area, or is the intrusion through webmail confined to certain areas, not compromising the totality of emails stored on servers?
I wish to understand if one never touches webmail and only uses the desktop client to download/send emails, would our stored messages still be subject to intrusion because of the webmail offering a passage to the main storage server?
In fine, my point is : should one avoid any services which offers webmail in addition to SMTP/IMAP for desktop client use, or are the two not connected on the server level, i.e. compartmentalised in a certain way?

I'm having difficulty in visualising what is linked to what on the server level in the case of email. Would be fantastic if someone could link to a diagram or something visual.

Thank you.

 

Actually, while I somehow believe that Xerobank can give you a fair anonimity, I have many questions on their mail service (which I don't use a lot...):

- Server location: Where are the mail servers phisically located? This is important, because a warrant from the country in which the server is located will give full access to all the email stored (unless xerobank fights such warrant)

- Messages are stored encrypted with my private password? What password, exactly? How do they magically decrypt, since I am never asked to provide any password for decrypting emails?

In short, I don't believe xerobank mail is as a quality service as it is their anonimity server. But this is only my 2c.

 

Absolutely.

Depends on the type of exploit. For example, if the exploit is to run remote code execution, it could potentially be used to access any files that the webmail system has access to, such as all user emails, while installing a backdoor. If it was a remote read attack, it could still read all user emails, and potentially read off the hashed passwords which could then be cracked individually if someone wanted. All sorts of vulnerabilities exist.

Yes! Having webmail is a very strong liability. Even if you never used the webmail, the webmail system has potential access to your files, and if it is compromised so are your emails even if you never used webmail. You don't have to use webmail to get hacked by webmail, only the hacker has to use it.

For the most part, yes, if you want strong security, but there are some exceptions. One exception I know of was a webmail system programmed called ISpostur. It was written to highly resist hacking and compromises. I don't think it is still in business though.

Imagine a box. Inside the box is your email. The box is made of solid wood and has only two openings. The first is a locked door called POP/IMAP. The second is a velcro flap called WebMail. Either one can be used to access the contents of the mailbox.

 

We always fight the warrant. Mail server location is hidden inside the anonymity network, and when accessing it you are only seeing a reverse proxy to a public server.

You get assigned a random password and random username when the account is created. The messagebase, I know for sure, is stored on an encrypted filesystem at least, likely under multiple layers of encryption. I didn't design the system so I can't say specifically. This requires clarification that I'll need to get. Additionally the account are anonymized in ownership, so we couldn't find anything if someone said "IP address accessed your system, give us their emails".

 

SteveTX,

Thanks for the explanations. It's so much quicker for the average user to understand IT with simplified images; like when explaining to a child. I like your explanation of VPN and internet with the hose/faucet examples in the other thread.

I've been trying to Google search for email services that only offer the POP3/IMAP/SMTP without the webmail. Difficult! Haven't found anything yet. Ended up mostly on eMail hosting services.

I have difficulty in believing that no one out there (except ISP providers?) offers server storage for eMails strictly for the use through eMail programs/desktop clients.
How does one go about to setting up a messaging system, not for a business but only for personal use, without going through holding areas/message stores that mix both webmail and eMail program messages? You see my point: how can an individual find an email address and have it transit strictly through a server that has no ties whatsoever with webmail, so that eMail program users can be sure that their messages are safe in the holding areas/message stores?

Is it so difficult to find a service (doesn't have to be free) and sign up for an email address without the included feature "everywhere-anywhere webmail access"? I'm getting lost. Because if, according to your saying, webmail is inherently unsafe then why aren't eMail sevices providers/companies coming up with alternative offers, such as : "strictly no webmail access for enhanced security"?

I'm sure that corporations or businesses are aware of this webmail risk. So how do they go about staying away from webmail? Is eMail hosting the answer to this? I'm sure there are plenty of security-conscious individuals that would require such a service, i.e. eMail addresses that only serve through eMail programs. If this is a potential niche market, someone ought to explore it. Plus, now with transportable eMail programs such as The Bat! Voyager or XeroBank Mail, one doesn't really need webmail to access messages while on the move.

It seems that all the services offering email addresses to the public all include the webmail feature. Is XeroBank the only one taking this approach, i.e. taking away webmail for enhanced security?

 

@TKHgva

Don't get too hung up on the fact that a hacker could break to your mailbox through web access. There is nothing you can do if the server has weak security but there are a couple of suggestions which can help keep your account safer.

1. Use aliases instead of your login name to send mail

If your account name is 6jg8974y4@exampleaddress.net but you only send mail with joe.somebody@exampleaddress.net it makes no difference if someone tries hack to your account through that alias since that is not an account and therefore cannot be accessed.

2. Don't forward mail anywhere

In the headers your account name 6jg8974y4@exampleaddress.net is naturally present and can be seen if it would end up with someone trying to compromise accounts.

3. Send and receive only text, turn off html and images

 

You would have to do it yourself, or use a commercial service. How you would find a secure service that does that, I don't know.

For the same reason that everyone switches from Firefox 2 to Firefox 3: People are feature conscious, not security conscious. Firefox 3 opens up massive new holes and privacy problems, all new software does. New code = new bugs. Yet, people want the latest and "greatest" and they will give up their security and privacy to do so.

They don't stay away from it. They love it. And they get hacked constantly, and don't do much about it because they don't know how to quantify the losses, or don't want to identify their usage of webmail as the problem because they can't give up the convenience.

Most anonymity services don't include mail, much less webmail-free systems.

 

Regarding Xerobank's e-mail service - is it possible to have a choice of another domain name besides "xerobank.com" ?


Thanks

 

Ha. No, but i guess we could. you get a @xerobank.net

 

Hello again AnonG,

Your comments above are more than welcome. Usually, the 2nd step after a novice has educated him/herself on internet risks is to set out on a quest for the "flawless security system", which obvioulsy does not exist. So much info on the net about corporations, governments, public treasuries down to common citizens being tricked or abused, it doesn't help to relax; adopting a "hope for the best but be prepared to accept the worst if it happens" state of mind might help to accept certain inevitable situations. I agree that we're going to end up with a headache if we try too hard to find the "ultimate" security setup for our use of the internet and email.

As you seem to explain, it's not only the "structure" that counts, but also through the implementation of good practices from the base that we can achieve a stronger defence.

Please bare with me for a minute, as I am in the learning stages. Basically, having an email address that allows use of multiple aliases offers:

1. Protection of the authentic email address: let's say we're signing up online to receive the Journal of Science newsletter. For safety, we provide an email address which is an alias of our authentic email address like in your example. So, this alias email address remains a harmless piece of personal information because it could never be used as a port of entry to our account by someone else than us. True?
So in a certain way aliases provide "anonymity" of the authentic email address?

2. Spam control: if, for x resons, our alias ended up in the database of some spammers, then we could simply block/delete that alias account from our email client. True?

Though, when we send messages via an alias, our IP is still tracable through the headers on the recipient's side (or anyone else in the middle) right?
So for anonymity of the alias we would have to use a service which strips the IP from the headers or go through anonymous surfing, right?

Finally, is it fair to say that it is a good practice to use aliases and on top of that mask the IP in the headers for our "public" eMail address? Or is it a better practice to proceed this way for all eMail leaving our computer?

Thank you very much.

 

SteveTX,

I see the point that basically what's most relevant from most consumer's point of view is availability of constantly improved features, and that from a marketing point of view always offering new features helps to sell and acquire new users.

But I must say, in a purposely naïve way, that I do not understand why at this stage of advancement in technology & IT it is such a complicated task to ensure privacy, and in a lesser way security, of people's online communications. It is amazing when one looks into it at how weak the online communication system is, point of view of basic privacy. Of course when we make a phone call, fax etc. there is the possibility to intercept the communication, but it seems that for the eMail system there has been no taking into account of privacy breaches from the beginning, when we look at the eMail system in general.

Many examples illustrate the risk of non-encrypted eMail communication:
it is a well know fact that when an invitation to tender is issued out by a governement for example, involving very large contracts, some companies make use of economic espionage to obtain the competitor's offer, in order to cut through with better proposals and obtain the contract. Also, it is a serious threat for NGOs and human rights activists who can be monitored more than ever. Even governments are not ensured their eMails won't end up going public or published in a book one day. So in the end, it appears that whoever uses the eMail in the way it is currently offered is subject to the privacy problem.
Finally, it looks as though eMail is the best designed communication system...from the point of view of those who have an interest/benefit in monitoring people and communications, maybe?

So I am quite bewildered at the lack of privacy in eMail from the very bottom. What I mean is that it seems that the eMail communication system was weak since the beginning, from the time of it's conception. You see what I mean: how come those who conceived the eMail communication system did not foresee, or rather take into account, the evidency that mass abuse could be made of such a communication system, especially as it was to become the major tool for communication on all levels of society?

I understand that from the marketing and end user point of view features is what counts; but from the conceptor's point of view: why wasn't the eMail system engineered in a more secure way from the start? Like, why wasn't the encryption tool immediately integrated in the system, in such a way that Gmail, Hotmail, webmail, Outlook, Thunderbird etc would all be using encryption by default?

I am no IT expert so maybe my view is sort of "looks easy so why didnt they do it?", but maybe it is actually very difficult. I don't know.

Still, it makes one wonder why it is so easy and widespread for people to use an insecure eMail system, and why it is so challenging and rather the exception to see services offering or people using a secure eMail system.... The whole internet system seems designed at it's base to make this harder. I think you are in a good position to observe these difficulties as I imagine setting up an anonymous network system must have been an enormous challenge.

Thank you for any comments.

 

TKHgva, I feel compelled to reiterate the point first made by Nebulus: secure email is not primarily a function of the email service, because the message is in plaintext once it leaves the email server and is on its way to the recipient (even if you use a VPN such as XeroBank). The critical problem here isn’t whether the message is securely stored on the email server (although that is important)—the issue is whether the email can be read by anyone between the end-to-end communication points. The solution, of course, is email encryption: see the thread “how practical is it to use email encryption”. If the email contents and attachments are encrypted, then the security of the email service is irrelevant to the issue of protecting the confidentiality of the message.

Concerning Lavabit’s “Security Through Asynchronous Encryption,” it seems to me that a fatal flaw is that the service generates both the public and private encryption keys. There is no guarantee (or possibility of proving) that the service does not retain the private key, allowing it to decrypt email at its discretion. With approaches such as PGP Desktop Email, in contrast, the user generates the key pair, which ensures that the desired protection is achieved.

Outlook does support email encryption in its “default” state (i.e., no plug-ins or add-ins are required), but the actual feature needs to be enabled by the user.

With the Nyms email service by Anonymizer, you can turn on/off any email alias that you create, or set a time for an email alias to automatically expire.

 

Thank you for highlighting that point.

PGP, encryption, public/private key and who has access in the end seems simple at a first glance, but still it takes a little time for the novice to get acquainted with the system. Especially when a novice reads on a website: "(...) in order to protect your messages, our servers generate a key automatically and then it is wiped out, no one can access it, not even us (...)" or something similar. Illustrating through practical examples helps a lot. Your example helped me clarify that. I also see why it's a better "guarantee" that we generate our own key pairs.

Thank you Pleonasm. It's quite a difficult task not to be too easily taken in by all the security features that are offered (promised) out there. As usual, this forum provides beneficial resources and tools for the "average user", so we can better interpret the information on the net and carry out our own reasoning.

 

Good practices count the most in my opinion. The best/worst example is the virus scanner syndrome. People buy the latest and greatest but don't keep it active or update it if it consumes too much resources, interferes with gaming etc.

Exactly. If the mail provider allows subdomains to be used with the addresses that would be even better. You could set up and alias just for newsletters like:

Alias: mynewsfeed@exampleaddress.net
Subdomain1: journalofscience@mynewsfeed.exampleaddress.net
Subdomain2: movienews@mynewsfeed.exampleaddress.net

Let's say the site you gave the subdomain address movienews starts spamming, you don't even have to worry about killing that alias, simply set up rule to block or delete that particular receiving address. Imagine if you have 25 feeds for an alias and heavy spam starts raining wouldn't it be a lot easier to block a single subdomain rather than resubscribe to all of them after killing the entire alias...

Additional shopping account security can be had if you use a subdomain for all online purhchase accounts. Like:

Alias: myshopping@exampleaddress.net
Subdomain1: 76957amazon857@myshopping.exampleaddress.net
Subdomain2: 8637mp3store@myshopping.exampleaddress.net

Very difficult to try and guess your account login names with this kind of system. It is a poor man's method but it has worked for me.

You absolutely should use aliases for different purposes. Its not only good for security but mail management and priorities are so much smoother after a while. Would you want to have newsfeeds come to your Inbox or should they be forwarded to another folder where you can read them when time is not critical? Is your mother/friend/co-worker/girlfriend sending you nonsense that you don't care about? Give them an alias or subdomain and forward their mail to a designated folder or trash if you want to.

There are many good services that strip IPs from headers. Don't settle for something that includes it. Sure, many of them are located in EU or US but that's another long topic which you probably have searched about.

 

I don't know a lot about webmail, but I noticed this new VPN, ivacy.com that was posted about in a new thread today, and their webmail is only accessible once you have signed into their service, the webmail has no public address. Like an intranet is what I am guessing. Steve, what are your thoughts about something like that? I think if done properly, that's about as safe a way to go as any with webmail. But really, I don't know much about the webmail topic.

 

Speaking of internal email, I just thought of I2P email site, I mean its anonymous also as its only accessed through the I2P network. Or if you don't have I2P network installed it can be accessed through TOR via a I2P inproxy.

Another one that comes to mind is the email offered by Shell account through the SHELLS.ONION, its offers web space and email that uses the mixmaster network to send the email, through i'm not sure about recieving email.

 

Negatory. Webmail is webmail. Anyone can get access to Ivacy's internal site, and that doesn't make it secure, that just makes it not as public as it could possibly be. Think of it like a gate to an apartment complex. The homes inside are just as easy to break in, and the gate only keeps stupid criminals out.

 

Just a quick follow up for those still examining / considering one of the 3 eMail providers above. Following is additional info kindly provided by Lavabit:

Question:

" (...) Regarding your asynchronous encryption for storage on Lavabit servers & why Lavabit is not offering the anonymous IP feature (...)".

Reply:

" (...) we are very concerned with user privacy. After the 9/11
attacks, the Bush administration pushed through the PATRIOT Act, which
gave the FBI the authority to request a user's emails without court
review (they just needed to present a letter). We developed the
encryption system so that even if we were presented with a letter, the
data we turned over would be useless.* That portion of the act has since
been overturned by the courts, but we've kept the system anyways.

If you do sign up for a paid account, make sure you activate the
"Secure" option in the preferences portal, or your messages won't be
encrypted.

As for the user IPs, we've heard similar concerns, and plan to start
encrypting user IPs before including them in the headers. With the IP
encrypted, we can still recover the original IP if required by a court
order, but it won't be easily accessible by the people you email. I'm
not sure when this feature will become available. (...)".

I would only add that our
website/webmail systems are in the process of being updated, so not all
of the information on our website is still accurate.

The Lavabit Support Team"


* Interesting to put this in perspective with Pleonasm's remark further up:
"Concerning Lavabit’s “Security Through Asynchronous Encryption,” it seems to me that a fatal flaw is that the service generates both the public and private encryption keys. There is no guarantee (or possibility of proving) that the service does not retain the private key, allowing it to decrypt email at its discretion. With approaches such as PGP Desktop Email, in contrast, the user generates the key pair, which ensures that the desired protection is achieved.".

 

TKHgva, please note that I have no experience with Lavabit, and do not intend to disparage their services. Nonetheless, in the spirit of “trust, but verify,” I also do not see any mechanism by which a user can independently determine whether or not Lavabit retains a copy of the private key which they generate. It does not matter if the company uses “three different encryption schemes with Elliptical Curve Cryptography (ECC)” — if they have your private key, the company can decrypted anything and everything at their discretion.

 

Dear Pleonasm,

I remember at the time of my signing up to the Wilders Forum (which is the very first forum I joined), being prompted to read the forum rules. In those rules, I remember reading something that sounds like this:

"(...) members should be careful with choice of words. Also take into consideration the international/multicultural nature of the forum and that people express themselves in different ways. Because of all these factors some misunderstandings may easily occur.".

I don't know why but that statement has stuck with me since the beginning. I think it has also helped me understand why I often see people engaging into "word wars" in other forums on the net and (unfortunately) conversations turning bitter for everyone to see. These "small scale conflicts" probably often arise because of either a misinterpretation by the reader or a failure to express a thought clearly from the poster's side.
But it's a bit comical here because it's the first time I experience a misunderstanding because of my (wrong) choice of words; I'll explain:

After re-reading, I totally agree that when one reads:

>It sounds like I wish to supply a newer argument/piece of evidence which counters your previous statement. Or maybe because of the fact I have a free subscription to Lavabit that I wish to "defend the reputation of my eMail supplier". My friend, it's the contrary!

I was actually using your point as a counter argument to what is stated / guaranteed by Lavabit, namely that they do not have access to eMails even if the were compelled to fetch them.

Perhaps a better choice of wording would've been : "It would be a wise thing to take care when considering Lavabit's above affirmation > Pleonasm's remark further up provides a useful perspective on Lavabit's guarantee of permanent secrecy while you store your eMails on their servers".

Had you not pointed out the issue raised when the same person/entity holds both keys, a novice (like me) could easily go ahead and think "fantastic, my privacy on Lavabit's servers is guaranteed because of the encryption they use. I'll subscribe immediately, where's my credit card". Thanks to you, we can now ponder on the fact that Lavabit admin holds both keys, and from there each one can make his own mind about Lavabit's sincerity.

In my personal case, I'd much rather "Trust, and keep verifying" as you say. Because facts and reality of the corporate world tend to (often but not always) prove that "sincere" promises somehow come along with tacit reservations...so I guess we could say we're on the same frequency.

 

TKHgva, apologies for my misinterpretation of your Reply #22. I agree that “some misunderstandings may easily occur” with posts on this or any other forum.

In an attempt to be more clear, please note that I am not saying that the confidentiality claims of Lavabit are false, nor am I stating that the “Lavabit admin holds both {public and private} keys” – rather, I am simply highlighting the fact that it is not logically possible to know whether or not Lavabit retains an unencrypted copy of a user’s private key. It may be true that Lavabit does “not have access to eMails even if they were compelled to fetch them” – the difficulty, however, is that the user must accept this assertion on faith.

Of course, if I am mistaken in my understanding of how the Lavabit email service works, then I welcome corrections from all.

P.S.: I appreciate and admire the clarity and completeness of your posts in this forum!