Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Security Communications Encryption

Lavabit Briefly Allowing Users To Recover Their Data 52

Posted by Soulskill
from the back-from-the-dead-for-a-few-days dept.
itwbennett writes "Former users of the Lavabit encrypted email service that was shut down in August have 72 hours (starting yesterday at 7 p.m. U.S. Central Time) to change their passwords and start recovering their data. 'Following the 72 hour period, Thursday, October 17th, the website will then allow users to access email archives and their personal account data so that it may be preserved by the user,' said Lavabit's founder and owner Ladar Levison."
This discussion has been archived. No new comments can be posted.

Lavabit Briefly Allowing Users To Recover Their Data

Comments Filter:
  • It's a trap! (Score:5, Informative)

    by Kookus (653170) on Tuesday October 15, 2013 @03:24PM (#45136177) Journal

    It must be encrypted and the only way for the nsa to get it is to have it unencrypted and sent over the wire via ssl!!!

    • Re: (Score:2, Offtopic)

      by Havokmon (89874)

      It must be encrypted and the only way for the nsa to get it is to have it unencrypted and sent over the wire via ssl!!!

      Exactly - cause when it was sent to the server unencrypted, and then encrypted ON the server itself with the password you sent - it's totally secure.

      I'll just give my lockbox key to the teller, watch her disappear into the vault, and she should reappear with all my stuff without having looking through it.

  • by mlts (1038732) * on Tuesday October 15, 2013 @03:48PM (#45136465)

    I wonder what will replace Lavabit for secure E-mail [1] these days. There is always the old standby Hushmail, but it would be nice to find something that can do other features (calendars and such.)

    [1]: Others, it is different, but to me, a secure mail provider, where I am their paying customer and not their product, where they have innate intrusion resistance, and their mail service is designed so an attacker couldn't just grab Exchange mailboxes, or scp off /var/spool/mail/*. More assurance than "yes, we use 'encryption', 'passwords', and 'firewalls'."

    • by Hatta (162192)

      Just use GPG with any email service you like. Nothing else is trustworthy.

      • What makes you think GPG is?

        • by paskie (539112)

          It's opensource and regularly audited?

          • by mlts (1038732) *

            GPG has had a number of eyeballs on it, as well as funding from more than one government (Germany in particular.)

            All and all, it is a good program, although trying to build 2.x on a number of platforms like AIX can be an exercise in frustration due to the sheer number of libraries it uses.

          • by smash (1351)
            Like the debian openSSL package from 2006-2008? Oh you generated your PGP key with a debian sourced version of openSSL in that time-frame? Oops.
        • by vlueboy (1799360)

          Good point. Most of us can't trust GPG anymore, due to having made those GPG keys under Windows.
          Dual-booting is my only real option since I can't completely abandon Windows. I thought of live USB booting, but found no trustworthy linux distribution anyway. Redhat has government ties, derivatives like Centos are not safe either. Ubuntu? It was the firs big disappointment with GUI decisions, so few would trust it with our security in face of NSL meddling. Mandrake and derivatives? Too dead, and fail to boot p

          • by EETech1 (1179269)

            I've been using PCLinuxOS, and it has many different encryption options incorporated in the right click menu.

            Encrypt, decrypt with various options and ciphers as well as gpg encrypt and mail.

            I'm finding it very well thought out, and user friendly, as well as everything just works. The control center, and system settings managers take care of everything I would ever need to configure, and there are many options to secure and verify the system.

            Their monthly magazine of tips and tricks is a nice read, and ever

            • by vlueboy (1799360)

              Thanks
              I too stopped at Ubuntu 10. I'm not sure why I hadn't looked at this distro before. The full monty looks good from what I see on their page and wikipedia which includes printing, multimedia and liveusb support. I'm going to get it.

              • by EETech1 (1179269)

                I think you'll really enjoy it!

                There is also a script in the menu that allows you to make a live CD or live USB from your customized install, so you can get it how you like it, and then clone it to take with you. When you do a system update, just make new live media to take along, and if you do screw up your home install, just reinstall your custom version from your live media and be right back where you were in a few clicks.

                It's the most well thought out distro I've ever used, and I (used to until now) do

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      I started using https://mykolab.com
      They have calendar service too.

  • If one had enabled the secure storage functionality at Lavabit prior to the shutdown, the messages are inaccessible without the password. Naturally, with the password an adversary (say, the feds) could decrypt the messages (assuming they have a copy -- Ladar has stated in several public interviews that the feds did not make a copy of data on the servers).

    Thus, one needs to balance the security of the messages stored with Lavabit with the desire to access old messages. Many users don't have any particular co

  • by Anonymous Coward

    Lavabit should let it's ex-users with encrypted mailboxes download their data in the encrypted form that it's currently stored on the server. If they provide instructions on how to decrypt it properly, or even some utilities to help do so.

    This way Lavabit doesn't have to be trusted. Download the data and decrypt it with your passphrase on your own computer!

  • But "walk up" service with a clone of the Lavabit server running on a private LAN would be better.

    If I were Lavabit and wasn't prohibited by court order or economic reality, I would offer this service over a several-month period, but I would ask (not require) that the customers donate a "reasonable" amount to the EFF or another freedom-supporting organization, where "reasonable" is the amount of money I'm losing by providing this service.

    If I (as Lavabit) had the funds, I would "take this on the road" to ma

"Why should we subsidize intellectual curiosity?" -Ronald Reagan

Working...