IIRC, the Lavabit case was one of the reasons (and perhaps the strongest one) for the current push towards forward secrecy cipher suites in TLS (with TLS 1.3 even having them as the only option).
Since Lavabit used the older RSA key exchange, instead of a DHE key exchange, the private key they were forced to hand over could decrypt all past HTTPS connections. With forward secret (DHE/ECDHE) key exchanges, the private key can only be used to impersonate the server; it cannot be used to decrypt any past (or future) HTTPS connections.
Had Lavabit used DHE/ECDHE, they would have nothing to give. Even adding a backdoor to their servers (or a MITM logging middlebox) would gain nothing, unless the target logged in after it was installed. They would be able to simply respond "we have nothing useful to give" and be done with it, like recently happened to Whispersystems.
I know it's an old article but re-reading it is worthwhile; it is short and chilling - how have we ended up in a dystopian present where the ability to perform bulk surveillance is demanded and ruled upon in secret court rooms (in the UK where I am based the situation is even worse!).
I have never found myself in the situation that Ladar Levison describes but I wonder (and fear) whether I would have the courage to shut down my business on a matter of principle like that.
The only reason he had to shut down or provide bulk access is because he had built it without a system to provide specific access.
You might believe the government should never be able to access private communications at all, but that would be a quite extreme position. In this case they had a (presumably legitimate) warrant for access to a specific user's emails (and while it shouldn't affect the principles at issue, it focuses the mind to remember that this was a child porn case IIRC).
> it focuses the mind to remember that this was a child porn case IIRC
Do you have a link? If you're referring to Lavabit's shutdown, according to this source [1], they were looking for Snowden. I've never heard Snowden associated with child porn.
Sexual exploitation of children is one of the most reprehensible things I can think of. Regardless eroding the privacy of everyone to maybe catch someone is not possible.
Children are absolutely innocent, and they always deserve protection. Using child exploitation as a means to snoop isn't protecting; it's just a bullshit excuse at mass surveillance. There is, however, a balance to privacy.
But federal authorities recently screwed up and revealed the secret themselves when they published a cache of case documents but failed to redact one identifying piece of information about the target: his email address, Ed_Snowden@lavabit.com. With that, the very authorities holding the threat of jail time over Levison’s head if he said anything have confirmed what everyone had long ago presumed: that the target account was Snowden’s.
I can only agree with your 'quite extreme' classification, if you also agree that a physical chat between you and I in the your house (especially if we are sat in the bath or bed) should also be freely evesdropped... otherwise we are talking about the same thing, just abstracted away to the ether.
Freely eavesdropped? No. Eavesdroppable after a suitable warrant has been issued (narrowly scoped, based on probable cause, with appropriate safeguards in place)? Yes.
What I don't like is how the government demands to wiretap EVERY person's account regardless of there being no suspicion of crime in every account. How can that be justified? To stop future whistleblowers?
It reminds me of the Investigatory Powers Act in Britain which demands ISPs to log everyone's internet browsing history and the end of end-to-end encryption as all encryption will have to have backdoors.
All that will happen, is that anonymous email providers will move to countries which are privacy friendly. It's a game of whack a mole. There's already Sigaint which is an anonymous email provider which is hosted on Tor. I'll be using Sigaint, offshore hosting and I2VPN when I launch my anonymous website.
> What I don't like is how the government demands to wiretap EVERY person's account regardless of there being no suspicion of crime in every account. How can that be justified? To stop future whistleblowers?
The article is giving a one-sided account. The government issued a (presumably valid) warrant to intercept messages on a specific user's account. He had designed the system such that he couldn't provide that access except by providing his keys to everything, and at first attempted to bill the government for building a system that would let him grant access to individual accounts.
Just wondering. Your first comment on this thread claimed the warrant was looking for child porn which was immediately corrected in the reply suggesting you only have a passing acquaintance to the case.
Now in this reply you seem to know much more about the case so why make the false accusation about child porn in the first comment?
I followed the case in detail at the time (back in 2014) but haven't read about it since then. I must have misremembered the child porn aspect (my memory was vague enough that I did say "IIRC", for whatever that's worth). I don't know what you want me to say other than "human memory is fallible".
No. Lavabit could have programmed a backdoor into their web interface using the private keys that allows access to only one account, but the US government wasn't happy with that.
Sorry but that is exactly the opposite of what happened.
From the first paragraphs:
> THE U.S. GOVERNMENT in July obtained a search warrant demanding that Edward Snowden’s e-mail provider, Lavabit, turn over the private SSL keys that protected all web traffic to the site, according to to newly unsealed documents.
> The July 16 order came after Texas-based Lavabit refused to circumvent its own security systems to comply with earlier orders intended to monitor a particular Lavabit user’s metadata, defined as “information about each communication sent or received by the account, including the date and time of the communication, the method of communication, and the source and destination of the communication.”
Someone already replied, but this is exactly opposite what happened as stated. The US government wanted access to only one particular user. The infrastructure did not allow this, and the guy behind Lavabit objected because a single key regulated everything, including server management. He offered to hand over the things that USG requested, which was obviously denied as they could not be sure he was handing over everything. The US government had a valid warrant and was willing to pay for re-keying after they were done. This to me seemed straightforward. He did not have the system setup so that the data was unavailable to him, so why could the government not subpoena the data that existed and was available?
Whenever I read a story about the US justice system here on HN, it almost always includes incredible level of harassment towards peaceful, (usually) law-abiding citizens.
In this particular case I was surprised (as a European) that one can be summoned to a court outside of their home town. In my country it's unthinkable that someone from another city could sue me and expect me to go there for a court hearing. I'm sure there are exceptional cases where someone might be summoned, say, to the capital, but AFAIK this would be a very unusual case.
Little things like this - lies, misrepresentations, pressure; I am more scared of police and other agencies when I think of visiting the US than I am of criminals. Unsettling.
> that one can be summoned to a court outside of their home town
Generally it is very hard to do this. The U.S. actually has two levels of court systems: state (each state has their own judicial system) and federal (for cases involving federal law, agencies, and so on - IANAL so I don't actually know the full list). This rapidly gets obscenely complicated when you think about the fact that some people live in one state but work in another, about how you might handle an accident on a road trip to Disneyland, or even about how states can tax businesses that operate online, say through Amazon.
In many cases you have to file in a region convenient for the defendant to respond.
Federal court, even at the lowest levels, is serious stuff. Combine that with
- the NSA,
- implications for national security, which means everyone with a title and everyone who wants one is going to raise a hullaballoo, from the Department of State to the Department of Defense to the Department of Homeland Security,
- countries around the world being pissed, and
- the FBI, with explicit directives to capture Snowden,
and what you get is a very well-oiled political and bureaucratic machine moving far faster than it normally would. Now, as a disclaimer, I have absolutely no experience with federal cases, but in the state civil cases that I saw when I interned at a small law firm, it was perfectly common for components of the judicial process to take weeks; it takes months and egregious conduct to be found in contempt.
I was going to say that I suspected the case went to a specific subject-matter court (yes, if you have a case dealing with a specific topic X, it's possible - highly unlikely but possible - that you may have to deal with a subject-matter court), but after doing some fact-checking (https://www.wired.com/2013/10/lavabit_unsealed/), it seems the suit was raised in the Eastern District of Virginia. I'm not sure exactly what it was that gave V.A. E.D. original jurisdiction over such a case, but I'm sure someone better versed in this could provide a better answer.
I am a traveller, hacker and nomad. The US is still pretty much the last country id like to visit for exactly this and some other related reasons. I am not even sure that they let me in at this point
Because the government can control peaceful, law-abiding citizens. When one has a choice to deal with things one can control vs things one cannot, guess which one gets chosen?
They spend lots of money on those recommendations :) Their affiliate program is probably handing out multiple hundreds of thousands of dollars monthly at this point, even small blogs earn thousands pushing them.
It's all about threat model. If I'm trying to get past a hotel firewall, an ISP deep-packet inspection system, or a coffeeshop blocking my traffic or snooping on it for profiling purposes, then PIA is a simple, reliable choice.
If I'm a freedom fighter in a hostile country or a criminal with state-level adversaries, then PIA is a poor choice for you. It's not ever going to protect you against someone who wants you bad enough.
The truth is that it's turtles all the way down my friend. Follow the paranoia thought-chain long enough and pretty soon you're suspicious of your own phone, the supply chain that put it in your hands, the manufacturer of the components that went into it, and the people who wrote the applications you run on it.
If you're really worried about privacy, then you better not ever use technology. It's all suspect.
Also ask them why they didn't find it during internal audits, this bug was as obvious as they come. Anyone with a clue could see it simply by looking at the cookies privateinternetaccess.com would set.
At some point, you need to look towards things like cost, reliability, and speed.
I'm with you on security vulnerabilities and marketing but I'm also pragmatic. Few of the companies we deal and support financially have perfect records.
I'm writing this on a Macbook Pro. Tell me how they stack up on the human rights issue with their Chinese factories.
A good alternative present today is Protonmail(https://protonmail.com). Aside from being secure and their encryption being open source, their servers are also in Switzerland and subject to Swiss laws.
Protonmail is not anonymous. I tried to sign up with Tor and it asked me to validate my phone number. Also if you look at their Transparency Report, you'll see that they do data retention on the government's demand.
"A good alternative present today is ... (blah blah I don't run a mail server)".
No, that's not a good alternative. None of them are. The "good alternative" is to run your own mailserver on a physical piece of hardware, under a business name, not at your house.
Technically speaking, it's childs play, so that's not a barrier. It does cost something to rent 1U of space somewhere but if you shop around and pay annually, etc., it's bearable.
What you gain is huge:
1. Subpoenas/letters/writs go to you and you get to decide how to respond to them. You're the operator.
2. By you I mean your business entity which is a PO BOX somewhere. Not your house.
3. You get to control retention and encryption and certificates and security features.
4. Finally, instead of being a consumer/viewer of "the web" you get to be a peer on the network. For some people this will be truly using the Internet for the very first time.
> 1. Subpoenas/letters/writs go to you and you get to decide how to respond to them. You're the operator.
You're assuming here that the executive will actually follow the full.due process of law vs. "we raided X address on suspicion and grabbed a few servers". Not true in many parts of the world and having email encrypted and stored in a different jurisdiction may be safer.
The advantage to not running it yourself is if you trust a different government more then you're own. Maybe there isn't an advantage to using protonmail in the US because you trust the government won't simply come and take your server away. But if you were in a place like Thailand you may not have that same trust.
I'm not sure how Lavabit worked exactly, but ProtonMail, at least in its web version, is far from secure. An attacker could compromise their web servers and serve malicious JavaScript, thus intercepting the user's passkey.
The most noticeable difference is that Protonmail's approach means "no standards". No SMTP or IMAP. All emails must be sent and received via the web interface or mobile app.
That also makes it hard to switch away if you choose to leave them. Your data is captive.
I don't think that their intentions are bad...it's just the nature of how it's designed.
That is true. But just so you know: I am a paying protonmail customer and received an email just today where they anounced tha IMAP/SMTP support is in closed beta. I do not know how this is implemented and what the exact security implications are.
Here is an exerpt from the email:
Dear ProtonMail Plus Subscriber,
We are happy to announce the beta program for a new product that adds IMAP and SMTP support to ProtonMail. We call this project the ProtonMail Bridge.
The ProtonMail Bridge is among the most requested features by the community and lets you send and receive encrypted emails from within your mail client of choice. The Bridge supports any client that uses IMAP/SMTP including Outlook, Thunderbird, and AppleMail.
We will be choosing only a few dozen people to start so if you are interested in participating please fill out the following form by the end of this week:
As a happy FastMail customer, I can tell you they do not attempt to have the end to end encryption that LavaBit or ProtonMail have. FastMail prefers to offer a lot of advanced features which do require their servers be able to see your data. There is a huge tradeoff between privacy and features, and while I'd argue by policy FastMail protects your privacy better than something like Gmail that uses your data for their own purposes, FastMail isn't that type of service.
Personal attacks aren't allowed on HN, regardless of how wrong someone else is. Please (re-)read the following and post only civil, substantive comments from now on:
Since Lavabit used the older RSA key exchange, instead of a DHE key exchange, the private key they were forced to hand over could decrypt all past HTTPS connections. With forward secret (DHE/ECDHE) key exchanges, the private key can only be used to impersonate the server; it cannot be used to decrypt any past (or future) HTTPS connections.
Had Lavabit used DHE/ECDHE, they would have nothing to give. Even adding a backdoor to their servers (or a MITM logging middlebox) would gain nothing, unless the target logged in after it was installed. They would be able to simply respond "we have nothing useful to give" and be done with it, like recently happened to Whispersystems.