1063
I am Ladar Levison, owner and operator of Lavabit, ask me almost anything.
I am Ladar Levison, the owner and operator of Lavabit LLC. Lavabit served as a place for people signup for secure and private email accounts. By August of 2013 I had grown Lavabit to over 410,000 users, with approximately 10,000 paid subscribers.
I created Lavabit because I believe that privacy is a fundamental, and necessary right for a free and fair democracy to function. On August 8, 2013, I made a difficult decision. I shut down my email business and refused "to become complicit in crimes against the American people." I continue to use the publicity generated by that decision to vigorously advocate for the Internet privacy rights of all Americans.
I personally wrote the 50K+ lines of code that were used to power Lavabit's service. Currently I'm working with the godfather of email cryptography Phil Zimmerman, and his partner in crime Jon Callas (among others) at Silent Circle to create a permanent technical solution to the email privacy problem. Our effort is called "dark mail."
I'm also continuing the fight in court, by appealing the demand for Lavabit's SSL keys. On the political front I'm working to promote a permanent solution to the privacy problem by encouraging positive Congressional action.
When I was deciding whether to shutdown the decision really boiled down to whether users would prefer to have their have emails secretly snooped, or simply lose the service altogether. Since the court prevented me from telling anyone, I had to make that decision alone. Without the benefit of feedback from friends and users. I chose to shutdown.
http://www.kickstarter.com/projects/ladar/lavabits-dark-mail-initiative
LadarLevison14 karma
You're correct. A mistake I seem to make quite frequently when tired.
MagicWishMonkey58 karma
How exactly is the dark mail protocol going to be compatible with existing email systems? If I send my grandma an email to her aol account will she be able to read it?
LadarLevison78 karma
If Grandma is on a dark mail domain, the message will travel securely to her.
If Grandma is on an insecure domain (aka a domain that doesn't support dark mail) your email client will indicate that your sending an insecure email using bright colors. In that scenario the message will travel naked, over SMTP, with nothing but SSL to protect it.
MagicWishMonkey29 karma
Will darkmail subscribers have the ability to plug their darkmail account into an email client such as Outlook/Thunderbird/whatever?
LadarLevison58 karma
Yes, you will be able to use Outlook and Thunderbird although exactly how they'll be supported is still up for debate. It's worth noting my current plan will be to release a fork of Thunderbird with builtin support for dark mail. But if you like your current client, then what?
One option is that we'll simply build dark mail plugins for Outlook and Thunderbird. We'll probably support at least these clients via plugins.
For other MUAs were thinking about releasing a dark mail proxy that you can run on your local machine. The proxy will connect out to the service provider and speak the secure dark mail protocol. Then provide Outlook, Thunderbird, Elm, Mutt, Pine, Eudora, or any other legacy MUA access via the loopback adapther using the traditional protocols, aka POP/IMAP + SMTP.
zdwolfe12 karma
While I agree it might result in more people using it, I think it would be more appropriate as a plug-in.
LadarLevison11 karma
The short term strategy will be focused on releasing a slimmed version of Thunderbird that is focused on securely providing dark mail access. The slim profile will be to minimize the attack surfaces. The concern is potential security vulnerabilities being introduced unintentionally via a plugin or extension.
The long term strategy is to request support for the dark mail protocol be merged back into the main Thunderbird project.
Since I don't know how difficult it will be to implement, I can't promise a plugin, but I'd like to see one released if it's feasible. The plugin will hopefully add support for dark mail to upstream release builds.
Adminisitrator55 karma
First of all thanks for doing this AMA. How would you respond to A Critique Of Lavabit
Reddit discussion thread for that article here
LadarLevison77 karma
I wrote a detailed response for Ars. The short version is that Moxie missed the point. I designed Lavabit to work within the limits of existing mail protocols. I was also focused on building a system that wouldn't require any special knowledge to use.
Specifically Lavabit was designed to protect messages while they resided on Lavabit's servers. The goal was to remove Lavabit from the surveillance equation. The system didn't do anything to protect messages before they arrived or after they left Lavabit. A truly secure system, as Moxie defines it, will require a new set of protocols, servers to support, and clients to utilize it. That is the goal of the dark mail project.
http://arstechnica.com/security/2013/11/op-ed-lavabits-founder-responds-to-cryptographers-criticism/
http://www.kickstarter.com/projects/ladar/lavabits-dark-mail-initiative
moxiemarlinspike38 karma
Lavabit was advertised as a system that couldn't read users' emails. In reality, you were simply choosing not to read users' emails.
When you provided your SSL key to the government, all of your users' emails were compromised. That's unfortunate, but what makes it criminal is that your users were engaging with your service based on the promise that this wasn't possible. If you still believe that you were "removing Lavabit from the surveillance equation," that's a problem.
Ladar, I have great respect for your decision to notify your users that they'd been compromised (in violation of a gag order), and I will do everything that I can to help support you in your legal defense, but it's unforgivable that you knowingly misled users about your capability to access their email in the first place. To use handwaving about ECC cryptography in your advertising was just snakeoil, and I believe it should give us pause about supporting your future technical endeavors.
From @tqbf: https://news.ycombinator.com/item?id=6692321
LadarLevison11 karma
Moxie I'm not sure what I did to draw such strong hatred from you; but I apologize either way.
I just hope you commit as much effort to vetting dark mail when it's released as you've spent trying to besmirch my credibility.
somelinuxuser27 karma
I think, Moxie Marlinspike criticized Lavabit partially for problems that it had no influence over because they ware due to the way the e-mail protocols are designed. Dark Mail is an attempt to fix exactly those problems. So this seems to be a good response.
moxiemarlinspike29 karma
Yes, it is completely true that there was nothing Lavabit could have done within the configuration of a standard SMTP/POP/IMAP server to be secure in the way that it advertised, without dedicated client support.
It's not Ladar's fault that the e-mail infrastructure doesn't natively support end-to-end security, but I do think that we should hold him accountable for advertising that his system provided a false level of security.
When people knowingly sell snake oil, I think we should hesitate to support their future security endeavors, particularly endeavors with virtually no technical information available in advance. What if it puts users at risk all over again?
LadarLevison26 karma
Moxie, I deeply respect your opinion and your contributions to Internet security through your research and the products you've built. My hope is that you'll turn your critical eye upon the dark mail documentation and source code when it's released rather than continuing to focus your criticisms on an banner graphic that might have provided some users with "a false sense of security."
As for your conclusion that a headline and it's corresponding sentence in a much larger document didn't convey all of the security nuances involved; then you're correct. Those statements taken in isolation could be confusing. That is why I documented in great detail just how the system worked.
As for whether the statement about the Lavabit system being "so secure that even our administrators can't read your e-mail" was true; I maintain that was indeed true. Without modifying the platform I was unable to access the account in question. That is why the government felt it needed to demand my SSL key. They were able to deploy resources I didn't have access to.
Now if your claiming my statement was untrue because it was theoretically possible for an attacker to capture the plaintext data, then I have no response. Although I'd add that such an argument also means no system can claim it is secure because there is always a theoretically possible method of breaking the security of the system. For example its theoretically possible for someone with a quantum computer to efficiently break many of the cryptographic methods we rely upon today. Another theoretical attack vector is pushing malware down to the user’s computer and then capturing the plaintext of emails directly off the user’s computer. The list of theoretical attack vectors is quite long. What's really at issue is whether the SSL attack my system fell victim too was practical in 2006 when statements you are pointing to was written and posted on the Lavabit website. Based on the research I did in 2006 an attack against data in transit when protected via SSL was considered impractical for technical and legal reasons.
What bothers me is your accusation that I was somehow selling snake oil because my system was eventually compromised. It bothers me because in reality I did not know the government had the ability decrypt and monitor a large number of SSL connections in realtime, nor did I know that capability was being used by law enforcement. I also didn't think a court could legally issue a search warrant for a service provider's SSL keys. When it was clear those assumptions were no longer true, and I had exhausted my defenses in court, I made the decision to shutdown. One of the reasons I decided to shutter the service was my discomfort over continuing to advertise a service as secure when I secretly knew those claims were no longer true.
I also find your claim that I was misleading customers because I didn't fully explain the weaknesses of my system even more confusing. That's because the very page you quoted from was written specifically to explain the nuances of the system and how it employed encryption so customers could decide if it adequately addressed any of their security concerns. Even if a consumer wasn't technical, my hope was they would read understand the following statement:
"We should also note that this feature only protects messages on the Lavabit servers. Messages can always be intercepted before they reach Lavabit or between Lavabit’s servers and your personal computer if SSL is not used. Finally, messages can be retrieved from your local hard drive if encryption software isn’t used on your computer to protect the files. These vulnerabilities are intentional. Our goal was to make invading a user’s privacy difficult, by protecting messages at their most vulnerable point. That doesn’t mean a dedicated attacker, like the United States government, couldn’t intercept the message in transit or once it reaches your computer. Our hope is the difficulty associated with those strategies means they will only be used by governments targeting terrorists and scammers, not targeting honest citizens. If you’re intent on hiding your communications from the government, we recommend you investigate systems that secure messages throughout the entire e-mail system and not just at one particular point along that journey."
That statement makes it clear the system isn't a perfect security solution. While I wanted to provide users with the security of end-to-end encryption, in a way that was transparent, it simply isn't possible using the traditional mail protocols. I considered building a replacement solution along the lines of dark mail in 2004, but decided against that approach because I felt the community wasn't ready to adopt a new suite of protocols simply because their security. For that I had to wait until 2013. I think the community finally realizes the importance of adopting end-to-end encryption because that is the only strategy capable of protecting messages against today's assortment of practical threats.
Of course we still need to deliver on the promise of a secure email system that is heterogeneous while remaining user friendly. I only ask that you wait until the documentation is published and the source code released before dismissing it's value.
For reference
https://web.archive.org/web/20130805154113/http://lavabit.com/secure.html
Adminisitrator12 karma
Ah, sorry i missed your reply. Good luck with dark mail. I'll donate to it.
edit: I think you should include kickstater link in your main post.
Fen-Jai29 karma
Cheers for doing this first off.
You made the statement "If You Knew What I Know About Email, You Might Not Use It" earlier in the year. What would you suggest as an alternative at the moment (besides dark mail) ?
LadarLevison40 karma
GPG (aka PGP) is secure but it's difficult to use. Unfortunately the people who need it the most are also the people who have the hardest time figuring out how to use it. Namely lawyers, doctors, political activists, etc. End-to-end encryption systems only work if both parties use the technology properly. That's why I'm pushing for the creation of a secure, easy-to-use system that I hope will become ubiquitous. A system that encourages migration by heaping shame on those who haven't made the switch.
Other encryption technologies I trust would be voip calls using ZRTP and instant messaging sessions protected by OTR. Of course both technologies still require the users to check the fingerprints. How many people do that?
The bottom line is this: I trust the cryptographic primitives. What's trickier is deciding which protocols and implementations to trust. Figuring that out is a full time job.
solidwhetstone13 karma
Well thank you for doing what you do on behalf of the rest of us who don't have the knowledge or time to figure it all out.
andrios42 karma
Did you ask Mozilla if they are willing to implement the protocol in their Browser? Or is this protocol proprietary? I think integrated into Mozilla Products, it could be something really big and even help sell their mobile OS enormously. Although one of the biggest problems i think is a lot of people would either loose their passwords or use some Password that they use for everything or is easy to break.
LadarLevison4 karma
The protocol documentation will be freely available and I believe open for anyone to implement. The goal is eventually submit as a standard, once it's been properly vetted and stabilized.
TheGr8Revealing25 karma
Though I fully support the Kickstarter in effort to clean up Lava bit for its potential Open Source release, might you find some concern in the general public's perception of the name 'Dark Mail' if your efforts are to help promote and convince large swaths of people to using more secure methods of email communication?
Point being, it seems a lot of people would shy away from product name that appears to have negative connotations or sinister undertones.
LadarLevison19 karma
I always assumed the name would be changed into something more generic before submission to the IETF for standardization. It seems there has been some lobbying amongst the dark mail stakeholders for changing the name now, instead of later.
There has been talk of holding a crowd sourced competition to solicit candidates for the new name. I have no idea when the competition will be held or what the format will be but look for an announcement on darkmail.info.
somelinuxuser18 karma
Thanks for doing this AMA and creating the Dark Mail Alliance!
Today, instead of writing e-mails, many use tools like Facebook, WhatsApp or Hangouts to communicate and send files like pictures. Those are centralized and closed systems and therefore an easy target for surveillance. What should we do about that? Very few people use XMPP and end-to-end encryption.
LadarLevison26 karma
Your correct about how few people use end-to-end encryption when they communicate. I believe that is partially because of how difficult it is to use secure communication technologies and partially because of inertia; it's difficult to convince people they need to change their habits.
That's where "dark mail" comes in. We've had the technology to create an easy-to-use secure email system with end-to-end encryption for quite awhile, but nobody with the knowledge had the resources to build it. Hopefully that's changed. We'll see how much the Lavabit Kick Starter campaign can raise, but I'm confident we'll hit the mark.
In response to the second half: inertia, whether we can convince people to move to secure systems? If the Summer of Snowden has done anything, it's been to convince the world it's time to make the switch. I think there is enough demand for secure email that for the first time in 40 years we have a real opportunity to change the status quo. Now all that's needed is for us to deliver. No pressure, right?
somelinuxuser8 karma
Thanks for your reply! I agree, now is probably the best opportunity to build such a system that allows easy encryption.
Does Dark Mail in some way merge e-mail and XMPP? That might be a good opportunity to improve what e-mail is capable of. As you said, it is difficult to convince someone to use encryption. If Dark Mail brings some improvements to e-mail, it might increase the adoption of Dark Mail.
LadarLevison7 karma
My hope is that dark mail is just the beginning of a much larger effort that will focus on the integration of security and encryption directly into all of the protocols we use to communicate.
corkboy117 karma
What should people in Europe be more concerned about - spying on citizens (privacy and democracy) or industrial espionage (takin our high tech jerbs).
I'm not asking which is more important - money or privacy, more which threat is stronger to us over in pinky commie socialist Europe?
LadarLevison27 karma
I'd say they are of equal concern. Governments currently pose the biggest threat to our online and offline privacy. Some governments have political motivations for snooping while others are more focused on economic espionage. The outcome is the same.
For me, the scariest aspect of the current climate is that we are no longer focused on protecting our communications, our networks, or technology assets from independent criminals, but organized government agencies. As an infosec worker I know just how difficult it is to defend against a dedicated and hostile attacker with the resources of a government.
The security of consumer products and online services simply aren't strong enough to protect us from this type of threat. Resources exist but security experts shouldn't be the only ones who know how to talk privately.
ASUPREMECOURTJUSTICE15 karma
Can you please answer my question attached here. http://imgur.com/WRCtJd6
aerfen7 karma
For those who don't get it - when /u/LadarLevison was first asked to give up the keys, he printed them in a tiny font so as they were illegible on paper.
LadarLevison8 karma
I thought the point was to get the answer, 42, without knowing the question.
bitshifts_be_crazy15 karma
What's your advice for any of us who are taking a 'first step' to improve our personal internet privacy / connection security, and where do we go from there?
LadarLevison18 karma
I think the most important 'first step' is realizing that everything you say electronically (over the phone, or via a computer) is likely being monitored and recorded. It's simply a question of who is listening to your particular communications.
That's true unless your using end-to-end encryption. Even then you need to be careful how you handle your private decryption keys. Always store your private keys on encrypted drives. Preferably that private key will also be secured with a password. If you don't feel confident in your ability to keep your terminal secure then consider storing your private keys (for email at least) on an air gapped machine. You can move sensitive messages to the air gapped terminal via cd-rom for decryption.
Note that you should never use USB drives to transfer data between your networked terminal and your air gapped terminal. STDs (serially transmitted diseases) have become pretty common. You can blame stuxnet for that.
LadarLevison9 karma
If you believe your worthy of a firmware based attack then diversity in manufacturer, processor instruction set and operating system could provide some protection. I'd also recommend sealing your computers and peripherals with tamper evident stickers.
Gravy-Leg__14 karma
How has your opinion of the U.S. government changed since the start of your journey?
LadarLevison33 karma
Yes.
A year ago my politics were focused on the inefficiency and costs associated with the federal government. My biggest concern was watching the government grow larger and even more deeply entrenched in our daily lives. My fears were focused around threats to our economic freedom.
Today I hold a very different view. I've watched an intelligence apparatus get unmasked that had been encouraged to grow its capabilities and expand its mandate completely secret. I've seen surveillance methods that were originally developed for use against enemies of state (aka foreign governments) being deployed against civilian populations en mass, including against the Americans whose tax dollars fund the intelligence budgets.
With the definition of who we view as a threat so easily manipulated, I now fear that all our freedoms could be taken. Reporters are being classified as terrorists. We've seen the state pursue and prosecute people whose only crime could be viewed as embarrassing the administration politically. Did these actions protect the state? Or were they simply an example of politics through prosecution?
My public fight has focused around our collective expectation of privacy on the Internet. In that vein I've been working to protect our privacy rights in the courts. Politically by advocating Congressional action when I speak publicly. And finally through a technological effort that is embodied by the Dark Mail Alliance.
I've made this effort because I value the right to communicate privately so highly. Without privacy it quickly becomes difficult to organize against the policies of our government. Without a private discussion first, there would never be a public discussion second. And without discussion there is no hope for change.
I fear that unless we collectively revisit the lessons of history, we will be doomed to repeat some it's costly mistakes.
"While mankind tends toward evil, the legislators yearn for good; while mankind advances toward darkness, the legislators aspire for enlightenment; while mankind is drawn toward vice, the legislators are attracted toward virtue. Since they have decided that this is the true state of affairs, they then demand the use of force in order to substitute their own inclinations for those of the human race."
LadarLevison4 karma
I'm just putting one foot in front of the other. That is all I can do. Everything else will need to work itself out in time.
WillGallis11 karma
Thank you very much for doing this AMA.
I am currently writing a research paper about the privacy versus security tradeoff and this dark mail concept sounds very interesting. Is there any more information you can share so a layman like me can understand it better?
LadarLevison13 karma
The easiest way to describe it is thus: were taking the end-to-end security of PGP and integrating support for it directly into the protocol. Coupled with a dark mail compatible client, the encryption process will happen automagically.
The actual protocol will be significantly more complex. A white paper describing some of the details is currently being written.
cp518410 karma
We've known for more than 8 years that the NSA has spliced into core internet nodes. Why did you comply with government search orders until snowden?
LadarLevison28 karma
In the past search warrants only demanded data for a specific user. If the the order was reviewed and approved by a judge I would comply to the best of my limited abilities. Recall that the Lavabit system stored very little personal information.
What was different about this request was that the feds demanded encryption keys belonging to the business. The keys they compelled me to surrender gave them the ability to decrypt and inspect everything coming into and out of the Lavabit network. That included sensitive data such as passwords, credit card transactions, and email content.
The government argued that if I didn't collect the private information they were seeking, they had the right to demand my encryption keys and collect the information themselves. I argued that the law didn't give them the authority to demand my keys, because if such a law had been passed it would have been unconstitutional. I also argued that if Congress felt law enforcement should have a prevailing right to collect meta information from providers they would have passed laws requiring providers to record that information. Since no such law existed, I made the choice not to log meta information.
I maintain the demand for Lavabit's SSL keys was unconstitutional because it would violate 4th amendment rights of Lavabit's users. protection against unreasonable search and seizure. The 4th amendment very clearly states:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."
tw410 karma
I was a very satisfied user of lavabit for many years and was shocked when I noticed that you shut down this service, but I really appreciate your decision, although it provided quite some trouble changing the email of about 20 accounts all over the internet. ;)
But couldn’t you have warned the users as soon as you knew that there’s no alternative to a shutdown? Not like "I’ll shut lavabit down in order to not become complicit in crimes against the American people", but maybe like "I’m doing some maintenance in the next few days, so save all your mails and don’t expect everything to work fine afterwards, *wink, wink*"? ;)
LadarLevison39 karma
When I was deciding whether to shutdown the decision really boiled down to whether users would prefer to have their emails secretly snooped, or simply lose their service altogether. Since the court prevented me from telling anyone the situation, I had to make that choice for everyone. I had to decide on behalf of everyone without the benefit of their feedback. In the end I chose to shutdown.
I was also a very satisfied user of Lavabit. I had been using my own service exclusively for 10 years. Lavabit was also my primary XMPP service. It's been quite the adjustment going without email or XMPP since the shutdown.
Why didn't I warn anyone? Because if the feds had known I was planning to shutdown they would have gotten a court order requiring me to continue operating the service. If I had shutdown the service after receiving such an order I would have almost certainly been charged with obstruction of justice. I've been told that other service providers have threatened a shutdown and received such orders.
fx6893-1 karma
How about just having a message on your homepage like "No government interference of Lavabit has been noted as of [insert date here]" and update it every day? The government can't compel you to lie - they can't compel you to update it. Once it is not current for a few days your users would know.
Is this so simple that I'm missing something?
LadarLevison4 karma
I considered setting up a canary for the Lavabit download site since it was launched using a freshly generated SSL key. In the end I decided against the strategy.
To be trustworthy a canary statement would need to be updated at regular intervals and cryptographically signed to prove it was authentic. I considered automating the process. One option involved generating a collection of signed statements and then simply scripting their deployment. I also considered uploading my private key to the server and then scripting the generation and publication process directly on the server.
After careful consideration I decided automated canary statements weren't a prudent course of action. We think the courts don't have the authority to force a person to lie.* Even if that were true the courts can prohibit a person from taking a particular action. In my case they could prohibit me from disabling the automated canary process. At this point the canary statements would become actively deceptive.
Perhaps it's the similarity to my case that scared me. When my SSL keys were compromised I tried to argue that if I advertised a secure system after it had been compromised I would be engaged in deceptive trade practices. The court rejected my argument.
Why didn't I generate and deploy canary statements by hand? Because I worried that my unpredictable travel schedule coupled unpredictable demands on my time could result in me inadvertently missing a scheduled updated. Triggering an in inadvertent panic wouldn't have been good either.
That left me to conclude a legal test of the canary strategy would have to fall upon someone else.
- I'm not a lawyer so my legal theories carry no authority and should be treated as such.
LadarLevison14 karma
From the command line.
Or if you want to consider something a little bit harder look into Thunderbird and Engmail.
LadarLevison10 karma
I considered recommending the purchase of a tshirt as a starting point.
In all honesty, PGP/GPG is difficult to use properly, even with the assistance of GUI tools. Online tutorials can walks users through specific actions but ultimately if someone wants to communicate securely they will need understand the process and purpose of each step.
That's where dark mail comes into play. The Lavabit/Silent Circle strategy is to integrate support for encryption into the protocol. With protocol and server support a dark mail client will be able to lookup a recipients public key and perform the message encryption without needing to involve a user.
http://www.wired.com/wiredenterprise/wp-content/uploads/2013/01/rsa-perl.jpg
and
http://www.kickstarter.com/projects/ladar/lavabits-dark-mail-initiative
LadarLevison12 karma
Dark mail will utilize public key cryptography. Key wills be generated and the decryption process will take place on the client. As for key management, I have a number of ideas on that topic but I'm not sure which ones will end up getting incorporated into the finalized protocol. I want to review them with the dark mail team and then review the white paper currently being written before I start commenting, for fear of spewing false information.
There hasn't been any interest from Google and Microsoft, although that's to be expected. Companies with significant investments in the current suite of protocols will be the last ones to switch, and only then it will take lots of kicking and screaming from their users to force the change. Other less rigid mail companies have contacted myself and the folks at Silent Circle but the discussions are still at the formative stages.
I haven't spoken to the folks at heml. It looks like a nice app, but what separates dark mail from many of the past efforts at secure messaging is that we are committed to designing and building a new suite of technologies that is provider agnostic. Consumers will be able to choose a dark mail provider just like they pick a traditional mail provider today. The difference will be that if two people exchange messages and both parties are using dark mail providers, then the messages they exchange will travel securely end-to-end.
LadarLevison3 karma
Yes the white paper will published on darkmail.info. I don't the current target date, but I've heard Jon say he'd like to release some documentation by the end of the year or soon afterwards.
spicedpumpkins8 karma
Serious. How do you feel knowing that the NSA will probably FOREVER watch/listen to everything you do (including this AMA)?
I respect what you've done but it must be tough.
LadarLevison15 karma
I still have gotten used to the role of a "high value surveillance" target. It's the simple things. Like buying a new computer over the Internet and feeling confident that it won't show up at my door with something extra special inside.
That said I'm still holding out hope that we'll elect politicians at some point in the future who will make it possible for me to relax back to a state of only mild paranoia. In this mode I only bother to protect information classified as "sensitive" or higher.
Perhaps I'm just naïve.
AceyJuan7 karma
Could you explain why your email recovery system sends passwords in plain text, and why the SSL certificate didn't originally have perfect forward security?
LadarLevison15 karma
Passwords aren't sent in plain text. Passwords are sent inside an encrypted SSL stream which can only be decrypted by the server.
Hashing the password before it's sent to the server would require exposing the system salt in a public Javascript file.
I've worked with systems that use Javascript implementations of an asymmetric algorithm to protect passwords before they leave the browser, but at least in my experience, that was because the data was going to be sent in the clear between an SSL accelerator and the application server. As such I'm not sure what attack vector could be mitigated through Javascript encryption?
If the goal was to mitigate the risk of another SSL key compromise; I have other strategies in place for mitigating that risk.
As for the initial lack of perfect forward secrecy; that was my mistake. In my rush to leave town I only confirmed that the server supported perfect forward secrecy. I didn't realize the server wasn't configured so clients would use those ciphers default. I fixed the issue when I became aware of it.
Chandon7 karma
For Dark Mail, what's your solution to the identity problem?
In my mind, this is the key challenge for any attempt to make secure email (or other communications) pervasive. I don't see any way to both securely authenticate senders and provide the zero-education user experience that people keep demanding.
The problem's pretty easy if you're willing to require user education. If you require out of band key exchange or fingerprint authentication, then everyone's authenticated. You can get more complicated with something like the PGP web of trust, but making an appropriate UI for that seems to be basically unsolved even for experts.
The common cop-out is CA authentication, which basically doesn't work. Not only can a certificate authority not effectively authenticate people in practice, even if they did that would just add another target for a national security letter to compromise user communications.
It's pretty well established in the security community that encryption without good authentication is basically just snake oil. What's your approach?
LadarLevison2 karma
I don't know the technical details well enough to explain them because the current version of SCIMP only involved a single service provider. My guess is the service provider will ensure the key being published was actually generated by the user associated with it.
flusterer6 karma
The tortoise lays on its back, its belly baking in the hot sun, beating its legs trying to turn itself over, but it can't. Not without your help. But you're not helping.
Besides captcha and the Voight-Kampff, what other methods do you plan for preventing scammers and spammers of polluting the new dark mail system?
LadarLevison5 karma
I don't know what will make it into the finalized protocol since we haven't discussed this topic as a group yet.
Personally I've thought a strategy that combines centralized reputation database with a proof of work scheme integrated into the protocol. In theory this strategy could end up making spam cost prohibitive.
My idea would be to allow the end user the ability to report messages after decryption as spam. Only if the user identifies a message as spam would it be reported to the central database. The more complaints a domain or IP address gets the more work it will be required to do before servers accept its messages.
Of course the final strategy could look nothing like what I described.
flusterer1 karma
I was thinking that maybe before a message it is sent for the first time from an unknown sender, then the receiving server may ask from the issuing server that the user solves a puzzle and attaches the answer to the message. If the same user is sending too many incorrect answers, that would be a good reason to flag as spam.
Another thing are encrypted mailing lists, or automated delivery of messages, I guess for that one users should have a white list.
Anyhow, thanks for your answers and for putting some thought into this, because I assume it is going to be very relevant.
LadarLevison3 karma
The problem of mailing lists could be solved relatively easily. A message would be keyed to the remail address for the list. When the source message is received it would be decrypted and then resent to each member of the mailing list. Each recipient would get a copy of the message encrypted specifically for them.
Bluebeard15 karma
Do you think the current state of cryptography is insecure, SSL and SSH, and that government agencies and hackers can intercept any kind of communication?
LadarLevison11 karma
I think the cryptographic primitives are secure. What I believe governments have been attacking are implementations. It's likely that some combinations of hardware, operating system, and software can be broken. Of course precisely what has been broken is a closely guarded secret.
I think the more worrisome practice involves governments trying to acquire the keys used to protect data. The methods for acquiring keys vary from passive intercepts to active attacks. One favorite method of intelligence agencies is to capture keys if they are sent unprotected over a network. Some media reports have suggested that agencies will simply break into servers remotely. Reports have even surfaced suggesting that governments will sometimes offer company employees money to steal an encryption key.
http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html
purple925 karma
Would you consider releasing Dark Mail under a BSD-compatible license such as MIT to allow it to be used in other applications more easily and have more flexible implementation? This could also increase the amount of Dark Mail service providers.
LadarLevison16 karma
The protocol itself will be public, so anyone can create their own implementation under whatever license they choose.
As for the Lavabit reference implementation, I haven't made any final licensing decisions but I'm leaning towards releasing the server code under the GPL and the client code under the LGPL. The latter is specifically so that others can release commercial products with dark mail support.
If that strategy doesn't work for what you have in mind, reach out to me when things calm down. I'm willing to consider other licensing strategies if they will help the effort to evangelize dark mail with the masses.
Alt--F45 karma
How do you plan to handle the authentication problem? IE: How can I send a message securely to a person, remotely, without having any prior out-of-band information from them?
You could do a one-time-insecure-setup model, not unlike SSH. Which is vulnerable in obvious ways, but maybe not on a massive scale. The certificate authority system is obviously broken when the adversary is the NSA. And sharing out-of-band keying information doesn't scale.
I'm just not able to see a solution to authentication that scales, is easy to use, and doesn't involve a trusted third party.
LadarLevison3 karma
I won't try to repeat the technical details I was told by the godfather email cryptography; but the current thinking is to employ a key chains so that two people could manually compare the SAS with their counterpart at any point. If the SAS validated, then it would prove all your previous messages were exchanged securely.
I've got some ideas on additional tactics that could be employed to make key injection attacks even more difficult. I've also got ideas for making it impossible to keep a MitM attack secret. We'll have to wait and see what makes it into the final protocol specification.
TechnoBulldog4 karma
What do you personally believe it will take to push privacy and encryption into the mainstream?
...Also, what are your favorite GNU/Linux distributions?
Thanks for doing this AMA, and thanks for standing up for freedom. The US needs more patriots like you.
LadarLevison8 karma
What's shocking is that despite the revelations of this summer, many American still don't understand just how their privacy is being violated. I think part of the credit goes to the Obama administration strategy of skillfully reassuring the public with details about the safeguards used to protect innocent Americans. For people looking for a reason not to worry, these arguments hold sway. For people in the pre-Internet generations a reassurance by the President is enough to dismiss the threat and move on.
For the younger generation its a different story. This demographic has a better understanding of how much information is available on the Internet and how easy it is for a government to collect, index and access data. The "Facebook" generation also seems to appreciate how dangerous a large database filled with private information could be in the wrong hands. Personally, I find the prospect of a modernized House Committee on Un-American Activities to be a scary thought.
I tend to favor RHEL/CentOS.
LadarLevison8 karma
I'm sending out some sweet Lavabit polo's to the people who back the Kick Starter project at it's highest levels. I'm also planning to send t-shirts out to people who back the project at $100 or higher, although I don't know if the shirts will have the Lavabit logo, the dark mail logo or both. For the lower levels I'm hoping to send out stickers.
TechnoBulldog3 karma
Bonus question: Can you confirm or deny the validity of liberty.lavabit.com?
Lots of Redditors were screaming that it was a hoax. If anyone would know, it would be you.
LadarLevison8 karma
Yes it's legit and yes it's using a new SSL certificate and key that is still secure. That said I'm not sure how much longer I will keep the site online.
janitorbeav3 karma
For your Dark Mail project, how do you plan on safeguarding it from getting seized/shutdown by governments? That is, what makes you think that you won't be forced to shut down this endeavor as well?
I just don't want to see you pour your life into this for another 10 years only to have to pull the plug suddenly once more.
LadarLevison7 karma
A dark mail only provider won't have any information of value. Quite simply there would be nothing to seize. For providers that offer access to the POES (plain old email system), the feds could still demand an SSL key or access to server logs, but users will at least know when they're communicating insecurely. Hopefully users in this situation will assume POES messages are being intercepted and adjust their words accordingly.
The other attack vector worthy of note to dark mail providers would be if the feds demanded a provider usurp a suspect's email account. Doing so would cause all future messages to be keyed to the feds instead of the original user. The difference with dark mail is that if two people have conversed previously, the change in keys will trigger a warning.
In short, it will be impossible for a government to breach the integrity of a dark mail system in secret. If governments insist on compelling providers to usurp accounts then it will quickly become clear which countries are suitable for hosting secure and private online services.
solidwhetstone3 karma
Imagine congress gives you an audience and you can say anything you want. What do you say?
LadarLevison12 karma
The full text of my speech would take some time to prepare but I would argue that our country is slipping towards a financial abyss. That the people closest to a community, who've worked the hardest to fix a problem are the ones best suited to develop the solutions. That the stronger our federal government gets, the more involved it becomes in private enterprise, the less efficient our economy, and our country become. That the problems our country faces can't all be solved by passing more federal laws, and adding more federal employees. That perhaps we need to place more trust in the current laws, or even simplify the laws to make them more effective. Truly the best option is to ensure we have the right people on the front lines of our society. Then trust those same people to make the choices that will lead to the best outcome.
My speech would certainly need to touch on the need for us to invent new strategies for solving the problems of governance. That technology and transparency are the best methods for ensuring the success of our democracy. Finally my speech would close by challenging the members of Congress to fulfill their duty to America and make the tough decisions. The unpopular decisions. The decision that their constituents elected them to make. That if we fail to make a few tough decisions today, we'll guarantee a more difficult tomorrow. I'd close by saying that it's my belief we should pay the steep price of indulgence today, rather than leave our children with the weight of obligations.
MilesTea3 karma
Is there any way of creating an instant messaging service such as watsapp, bbm, iMessage that uses the same kind of security as lava bit?
LadarLevison8 karma
The Lavabit secure storage feature was focused on protecting user data stored while it was stored on a server. With email, messages are often stored on the server even after they've been read.
On other hand instant messaging servers are largely designed along the lines of forward and forget. In fact many clients simply won't transmit an instant message until it sees the receiving party sign online.
PatrickBecerra3 karma
I want to show some love for the decision you made. Not an easy one, I'm sure, but full of integrity.
Levaru3 karma
You said that your goal is a secure email service aka darknet. Are there any plans for making a secure IM service?
LadarLevison3 karma
I believe secure IM is already possible using OTR. What I would certainly support are efforts to add OTR into the suite of XMPP RFCs so more clients start shipping with it by default.
Levaru2 karma
Ok so that already exists. Thats good, i didnt knew that. But what i tried to ask you: Are you or someone else planning on making an easy and simple IM for phones. Something like a "Dark" Whatsapp. If that existed I would instantly jump to it and urge all of my contacts to follow me. If it gained popularity then the concept of secure messaging would get a quite amount of followers, too. Everybody uses their phone for chatting, no one i know uses IM on pc anymore.
LadarLevison5 karma
Silent Circle adapted OTR for text messaging. If both parties text via their Silent Text apps the messages will travel securely.
Exovian2 karma
First, thank you and the rest of the Dark Mail team. Just as a young person growing up in the world, it means a lot to see some heroes out there making a difference.
For the questions: how will Dark Mail handle keys? My understanding (please correct me if I'm wrong) is that an e-mail is encrypted with a public key and is unlocked with the user's private key. Is this private key going to work like a password to login, or is it more involved? I know my mother used to work at a company that gave her a device with a newly-generated login key to the company computers every 12 hours; with Dark Mail be similar?
Secondly, could a client be adapted to handle things like secure chat, in a similar interface to Gmail (my current provider), for instance? It's not a big enough obstacle to stop me switching when Dark Mail is rolled out, but I can see it aiding adoption a fair bit.
Once again, Mr. Levison, thank you very much for your work!
LadarLevison6 karma
Your email client will generate public and private keys on your computer. How those keys will be handled is still in flux, but one of the possibilities is that your service provider will publish the public portion of the key on your behalf, so others can find it if your not online. How often new keys get generated and how their secured may be defined by the protocol or it could be left to individual implementations.
As for chat: it's somewhat easier to secure a chat session than it is to build a system for protecting email. That's because with chat both users are online at the same time. The system can simply facilitate the secure negotiation of an ephemeral symmetric key using Diffie-Hellman and the two parties will be able to chat securely. The Off-the-Record (aka OTR) protocol is a good example. The current version of SCIMP used by the Silent Text app is another example.
CassiusCray2 karma
Thanks for fighting the good fight!
Will former Lavabit users be able to reclaim their usernames?
LadarLevison8 karma
Yes. The databases have all been preserved and assuming they can be converted to whatever database schema the code ends up requiring, everything should work just fine.
nprovein2 karma
Can you recommend a voting strategy so we can elect people that will stop the NSA from spying on us and let you get back to business?
LadarLevison3 karma
Strategies for identifying and then electing candidates who are mentally strong enough to resist the lure of a "classified" briefing is a question I don't know how to answer. Does anyone know of a political report card that is focused on privacy issues?
LadarLevison6 karma
Yes I'm familiar with Mailpile and I'm hoping their development team can be convinced to add support for dark mail. The dark mail protocol will probably use JSON to structure messages passed between clients and servers. That should make it relatively easy to parse protocol messages.
Of course the protocol will require clients to implement several cryptographic primitives locally. Since the Mailpile team is already developing Javascript implementations of common cryptographic primitives this shouldn't be a problem.
Of I don't think anybody can reasonably expect the Mailpile team to promise support for a protocol that is still being developed.
sonic-servant2 karma
I'm assuming (perhaps incorrectly) that Darkmail will use public key cryptography, with users able to generate and keep their own keypairs so that even a central authority can't get at the keys via a secret warrant.
How do you plan to solve the problem of distributing and verifying the public keys?
To my knowledge the only solution which doesn't depend on a central authority (which we must assume to be compromised) for key verification is a web of trust, which depends a lot on users. If this is the solution you're using, what kind of tooling are you planning for allowing users to manage their web of trust?
LadarLevison2 karma
The details haven't been explained to me yet, but my guess is the service provider will publish keys on behalf of its users.
Mechanisms are also being discussed that would make it impossible for a provider to secretly publish fake keys. The assumption is that if we know which providers can be compromised. That will lead us to also learn which providers can be trusted and eventually data will migrate into jurisdictions with strong privacy protection laws.
Elistic-E2 karma
Thanks for the AMA Mr. Levison - As a younger person having only worked in the IT Industry two years now and currently pursuing a degree in applied mathematics, I am very curious how you got started both in this field and with your business?
LadarLevison3 karma
As I child I was introduced to Wolfenstein 3D and quickly became addicted. I learned how to use DOS and optimize config.sys and autoexec.bat files so Doom would perform better. My love affair with computers continued and I picked up skills as both a volunteer and part time developer.
When I reached SMU I made attempts to focus on other fields. I particularly liked the study of finance. After college though, the lure of money brought me back to working with computers and I've been stuck in the IT industry ever since.
LadarLevison3 karma
I'm focusing on building a permanent technical solution that remains user friendly. In short that is dark mail. Once the software is released I'm hoping there will be 100 providers to choose from:
http://www.kickstarter.com/projects/ladar/lavabits-dark-mail-initiative
RooftopBBQ2 karma
When you got shut down, I wondered why you made the decision to shut down Lavabit altogether, rather than 'simply' move the company to a different country where the local laws would be more likely to protect you?
LadarLevison4 karma
Because I would have to move along the service and none of the countries that seemed to offer attractive privacy laws were english speaking.
There is also the big fat American inside me that thinks this should be the best country for hosting private communication companies. I just need to prove it in court.
If end up losing my case I will probably turn the service over to someone else and let me them resurrect it in another country.
cjb9561 karma
So while I realize this is a bit from the main topic, but I really wonder what you think.
Im looking at starting a BA somewhere in the computer spectrum (That indecisive), what would you recommend studying? Even if it's just afternoon reading, but I am looking for something to start a passion in some particular direction?
So far I have a pretty serious interest in cryptography, networked computing, and that sort of thing.
LadarLevison7 karma
If your looking for a good way to gauge your affinity towards computer science I'd recommend reading the Neal Stephenson novel "Snowcrash."
The story presents several different areas of computer science as part a larger narrative. Reading the narrative and seeing how the story and the technology interact may lead you to naturally focus on a particular area of study.
timekillerjay1 karma
If lavabit is released open source, it's conceivable the NSA could develop code to install on a lavabit server to intercept communication, then compel a provider to install it. Would dark mail communications remain secure if there were an NSA "Tap" placed directly on the server ?
LadarLevison2 karma
Yes they would. The only thing a provider could do would be force a person to rekey future messages to use a fake public key that law enforcement controls. The system should incorporate mechanisms that if this scenario occurs it will be impossible to keep secret or deny later. We should know pretty quickly which countries can be trusted with your data.
LadarLevison3 karma
No I speak English. I also speak with varying degrees of proficiency C, C++, C#, Javascript, Perl, PHP, Python, and BASH. I can write queries using several different dialects of SQL and I can create documents in the following structured formats: XML, JSON, CSV, NVP. I also know how to manipulate information using regular expressions, XSLT and AWK.
Of course only one of the skills listed above is useful when trying to communicate with people.
hajj_31 karma
Have you thought about setting up your own competitor to ICANN for email domain names? You could use "@@" for emails and host the servers in iceland, that way america wouldn't own the internet any longer. Only allow users with an @@ email address to be able to email each other.
LadarLevison2 karma
In a sense were doing that with dark mail. Providers will be able to configure the server to only allow users of that service to email other dark mail domains.
whitewalsh1 karma
Are you excited that Thanksgiving and Chanukkah are falling on the same day this year?
LadarLevison8 karma
Alas, I can't say that I am. What I do like about the holidays is that they offer me a chance to spend some quality time with my computer; without the usual interruptions.
whitewalsh3 karma
If I may ask you a follow up.
Can you tell us about that cute little dog that's in your proof picture?!
Thanks in advance.
LadarLevison7 karma
That's my coding companion Princess. She makes sure I don't spend more than 4 consecutive hours at the keyboard. If I attempt such a feat she begins to insists on attention. The longer I spend at my desk, the more insistent she gets. I firmly believe Princess is more popular than I will ever be. Just take a look at the photos:
https://www.facebook.com/media/set/?set=a.10150226376165038.472923.851745037&type=1&l=f25c1c35c4
guess_twat1 karma
Since the court prevented me from telling anyone, I had to make that decision alone.
Aren't you violating that court order now by telling people?
Mauin1 karma
First of all thank you for everything you have done!
How do you deal with people who are still refusing to look for/use secure communication alternatives because "I have nothing to hide". What do you tell them?
LadarLevison3 karma
They will either migrate onto secure providers, or someday feel the sting of reality that comes with knowing they're under surveillance by someone.
For people who like to say "I have nothing to hide", I simply point out that they probably have a secret which could prove embarrassing. Nobody wants a secret held over their head as leverage.
Valencourtcustom1 karma
No questions, just want to thank you for letting me get my email back, my luck to you good sir!
voodoopenguin1 karma
Thanks for doing this AMA! My questions are geared towards the kickstarter campaign.
What are your plans if the kickstarter doesn't get funded? Would you start up another kickstarter at a later date or find another avenue for funding?
Are you planning on being a bit more active with the kickstarter or perhaps having someone help you manage it? Running a kickstarter campaign takes a lot of work and you're probably extremely busy as it is.
Good luck with the project and good luck in court! You've got my support.
LadarLevison4 karma
I haven't given much thought to my options if the kick starter campaign fails. I still think we can push the current effort over the top. My focus right now is explaining the importance of dark mail and hoping they'll help out when pointed towards the campaign. My hope is that getting the message out to a large enough audience is all need to continue attracting support and push the effort over the top. Of course another link couldn't hurt:
http://www.kickstarter.com/projects/ladar/lavabits-dark-mail-initiative
LadarLevison6 karma
Yes. What's your address? I'll mail you a paper photocopy of key.
P.S. The retail price for my encryption key in paper form is $10,000.
Tooq1 karma
No questions. Just wanted to say thanks for taking a stand and for your continued efforts.
LadarLevison7 karma
Ladar is my mother’s grandmother’s maiden name.
I'm wearing a light blue t-shirt with text across the front.
LadarLevison9 karma
I boiled four hot dogs. Then served em with a side of honey dijon mustard.
dombili142 karma
[deleted]
View HistoryShare Link