Posted on 5 Comments

Reinventing Email: Update on the Dark Mail Project

I just got back from the 2014 New Hampshire Liberty Forum where I got to attend a number of great talks on privacy and security. One of the cooler parts for me was meeting Ladar Levison. Even though he wasn’t a speaker, he still took time out to speak with a number of us. For those who don’t know who Ladar is, he’s the founder of Lavabit, Edward Snowden’s email provider.

Lavabit made national headlines last year when it became the first technology firm to completely shut down rather than allow the NSA to spy on its customers. At Liberty Forum Ladar provided a little more insight into what the NSA wanted. Basically, they wanted his SSL private key so they could perform a man-in-the-middle attack on his servers. All traffic to the server would be intercepted by the NSA, downloaded, then forwarded along to the destination (with the potential for the NSA to manipulate data in the process). Of course this wouldn’t have just affected Edward Snowden, but all of Lavabit’s customers. Lavabit offered to comply with the order by giving them special access just to Snowden’s emails, but naturally that wasn’t good enough for the NSA as they wanted to spy on everyone. So Ladar made the heroic decision to shut down rather than allow his customer’s rights to be violated.

Now you can pretty much guarantee that if the NSA was demanding MITM access to Lavabit, they basically have that access for nearly all other services.

Last year Ladar and Lavabit announced a partnership with Silent Circle ― the Dark Mail Alliance. The goal of the Dark Mail project is to provide an end-to-end encrypted email protocol that not only encrypts the body of the message, but also the metadata. One of the problems with traditional encryption tools like PGP, is it can be relatively difficult for people who aren’t tech savvy to use. Studies have shown that about half of users make mistakes when using PGP, even after receiving instruction. Dark Mail doesn’t strive to be another encryption suit, but rather a new email protocol that encrypts messages by default without the user having to even think about it. It strives to be ‘Email 3.0’.

Ladar said he just hired a development team and intends start work on the project next week. He sounded a little frustrated with the Silent Circle team which has delayed release of the whitepaper, but he’s going to move forward with what he can in the meantime.

When it first launches, the Dark Mail protocol will be used by at least six different email providers, including Lavabit. You’ll still be able to communicate with non-Dark Mail email accounts, but it will put up a red banner telling you the message isn’t secure. Of course, getting every email provider to switch to this new protocol is going to be a huge challenge, but the hope is that consumer demand for secure email will drive adoption.

In my opinion this is one of the most exciting advancements in online privacy. I’m really looking forward to signing up for a Lavabit Dark Mail account.

Original content by Chris, copyleft, tips welcome

5 thoughts on “Reinventing Email: Update on the Dark Mail Project

  1. I just ordered a today.

    I really thought there would never be another genuine good reason why I would need to buy another smartphone after the current one I have (I am on about my 15th).

    H/T Snowden & Levison for waking me up.

  2. […] I met Ladar Levison from Lavabit ― the email provider that shut down rather than let the NSA spy on them. He provided us with an update on the Dark Mail protocol he’s working on with Silent Circle. I wrote more about this over at Bitcoin Not Bombs. […]

  3. I’ve got a blackphone as well.

    For email bitmessage with the mail gateway is working great.

    Though I will look into Lavabit again.

Leave a Reply

Your email address will not be published. Required fields are marked *