For a scenario like the one Lavabit was trying to address, trusting the service ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		rosser on Nov 5, 2013 \| parent \| context \| favorite \| on: A Critique of Lavabit For a scenario like the one Lavabit was trying to address, trusting the service provider to "avert its eyes" isn't good enough. If I'm Edward Snowden, I need to assume that my service providers are all actively hostile to my interests. Crypto that doesn't protect me in that environment can't be trusted to protect me in an "non-hostile" environment, either.

jtheory on Nov 5, 2013 [–]

Right; I was talking about the private version of Lavabit, where you aren't obliged to trust a service provider.

rosser on Nov 5, 2013 | [–]

Even so, how many people would implement their "private Lavabit" on AWS or Linode, utterly defeating the purpose?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact