[soundcloud url=”https:\/\/api.soundcloud.com\/tracks\/305803230″ params=”auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true” width=”100%” height=”450″ iframe=”true” \/]<\/p>\n
The title pretty much says it all. \u00a0On Friday January 20, 2017 Ladar Levinson revealed that Lavabit is back and the new Dark Mail protocol is available. \u00a0I can’t tell you how HUGE this is. \u00a0The email system is broken. \u00a0And while most won’t understand this new protocol, all will benefit from it.<\/p>\n
So let’s discuss why this is so important to just about everyone. \u00a0There are two parts to this thing to make it work. \u00a0First isDIME (Dark Internet Mail Environment). \u00a0This is what does all the heavy lifting. \u00a0The second is\u00a0Magma, which is the mail server itself.<\/p>\n
Developed by Lavabit, DIME (Dark Internet Mail Environment) is an open source secure end-to-end communications platform for asynchronous messaging across the Internet. DIME follows in the footsteps of innovative email protocols, but takes advantage of the lessons learned during the 20-year history of PGP based encrypted communication. DIME is the technological evolution over current standards, OpenPGP and S\/MIME, which are both difficult to deploy and only narrowly adopted. Recent revelations regarding surveillance have pushed OpenPGP and S\/MIME to the forefront, but these standards simply can\u2019t address the current privacy crisis because they don\u2019t provide automatic encryption or protect metadata. By encrypting all facets of an email transmission (body, metadata and transport layer), DIME guarantees the security of users and the least amount of information leakage possible. A security first design, DIME solves problems that plague legacy standards and combines the best of current technologies into a complete system that gives users the greatest protection possible without sacrificing functionality.<\/p>\n
The above statement comes from Lavabit.com. \u00a0And the most important thing out of the entire statement is that DIME encrypts all parts of the email(body, metadata and transport layer). \u00a0This in my opinion, is what we have been needing. \u00a0So much of our information can be gleamed from the metadata. \u00a0It’s this and the SSL certificates that the government and hackers want. \u00a0So by addressing and encrypting, and stripping the metadata, this has taken the guessing out of who the user or the identity of the person is.<\/p>\n
Magma is Lavabit\u2019s open source, commercial-grade, and full-featured server ready for use with the Dark Internet Mail Environment. Magma is now ready for commercial implementation and will fundamentally change the way business transmits encrypted data. Whether you are an individual, SME, or corporate enterprise wanting your own DIME compatible server, the Lavabit technical team can assist with your implementation and development needs.<\/p>\n
So to keep it simple. \u00a0DIME is the protocol that does all the voodoo, and Magma, is the mail server that does what a mail server is supposed to do. \u00a0Collect and send emails. \u00a0Again, that’s simply put.<\/p>\n
Lavabit provides 3 levels of encryption. \u00a0What is nice about this, is that it gives a user choices. \u00a0Yup, choices. \u00a0Unlike Gmail, or Hotmail, or Yahoo, where users have to accept that stuff is secure. \u00a0Well we know how well that worked out for people who utilized Yahoo’s service now don’t we?????<\/p>\n
Having choices is what makes this so much better already. \u00a0Even before anything happens. \u00a0And I like that. \u00a0I like the fact that I can choose how I want to handle\u00a0MY DATA!<\/strong><\/p>\n For users who want a more secure email environment, but require the ability to use existing email software, we created Trustful mode. As the name suggests, Trustful mode requires users to “trust” the server to manage encryption. This mode ensures an ease of use, as users do not need to worry about technical requirements, or incompatibility with existing email clients. We envision Trustful mode as the mode of choice for businesses, which have regulatory requirements, data retention practices, and unique needs like escrow keys. Lavabit\u2019s free and open source server, Magma, supports these users.<\/p>\n In Trustful mode, your key is within our server’s memory only while you are logged into the server. The server performs the encryption on your behalf, and as such, you must trust that the server will not be rewritten in such a way that it captures your password, or peeks at your messages during processing. This magic black box mode is no different from many other encryption systems, which perform encryption automatically. The only difference is where the encryption takes place. The key question is whether you are comfortable trusting the implementation to function securely.\u00a0If you feel that trusting our servers to perform the encryption is unacceptable, we offer other modes of operation, Cautious or Paranoid.<\/p>\n As stated, this is the easiest way to go. \u00a0Kind of a “set it and forget it” mode. \u00a0This is best used if you just want to have encrypted emails and not worry about the fuss and muss of everything else! \u00a0Perfect for the family or small business.<\/p>\n Cautious mode is the first level of true end-to-end encryption, your key, used for encryption is only in plaintext within the memory of your device, be it phone, laptop, desktop, etc. The key is encrypted in your device and is transmitted encrypted to our servers. Here it is secure, we cannot encrypt it, and only store it encrypted in a space designated for your user account.<\/p>\n If you have your account on one phone and decide to also install the client software onto your laptop, you log into the system and can request your encrypted key from the server. Then on your laptop, using your passphrase, you can unlock the key and import it into the client software on your laptop. Only on the devices you control does your key exist in a format that it can be “seen”. We anticipate most users will use Cautious mode as it ensures you don\u2019t have to trust your provider while ensuring your privacy is always under your control. Some users who believe they have a higher threat level and don’t want a key to exist anywhere in any format except on devices where they maintain ABSOLUTE technical control may prefer Paranoid mode.<\/p>\n Cautious mode is for those who are more what to take a bit more ownership of their encryption and want a more “hands-on” approach. While I will recommend this way to most businesses who actually have their own mail server, this is also a great place for those who actually enjoy dealing with code and want to make sure that they are fully secured.<\/p>\n Paranoid mode is our most advanced and ultimate security mode. In Paranoid mode, your key never transmits anywhere; You maintain ABSOLUTE control. It is up to the user to move their key to any new device. If you create the original key within client software and wish to also use it on your phone, you must devise a secure method to move your key. This will allow you to export it to a file securely and encrypted. You can use a data cable or your own trusted digital method to copy the key to your new device. You can use a device to communicate for a period and then destroy the key or device, without a copy of the key stored. This renders all communication that that the key opened inaccessible from that point on. Paranoid mode is ultra-secure, however, requires technical proficiency in user key management.<\/p>\n Let’s just put this out here. \u00a0If you want this mode, then you are super crazy! \u00a0You are the guy who’s in the back of the house, who hasn’t taken a shower in weeks, chain smoking and worried that “those crazy government people” are coming to get you. \u00a0And that is AWESOME! \u00a0 To have this amount of control over your data and your information and emails is just what the doctor ordered. \u00a0This is the top of the food chain in email security.<\/p>\n I love that there is this mode. \u00a0I love that I have this choice. Then I can be the one who dictates how things works. \u00a0Not someone or something else.<\/p>\n So the two things that the hackers or governments want, are the metadata and the SSL keys. \u00a0The metadata tells who is and gives information in a somewhat general context. \u00a0And I say that loosely. But, the SSL keys allow access. \u00a0SSL keys are the things that ensures privacy for the communication between clients\/customers and servers\/providers in online banking, shopping, and logins across the internet.And that is the part that is what you NEVER want to give out. \u00a0The government wanted Ladar to give up his SSL keys so that they could “act like Lavabit” and thus effectively do a Man in the Middle attack, without ever having to actually attack.<\/p>\n So how is Lavabit going to handle the SSL keys and all the stuff that is involved with it? \u00a0With DIME, Lavabit now has (3) new operational modes to secure all customers: Cautious, Trustful and Paranoid. For the Cautious and Paranoid modes, all communication is encrypted on the user’s device making TLS (Transport Layer Security) less relevant. Even with end-to-end encryption, TLS ensures a client is connected to the provider’s server and provides perfect forward security for network traffic. In Trustful mode, we have moved from the SSL key typically stored on the server to a secure hardware device. The former is an extremely common setting for many SSL enabled sites throughout the internet. We have installed FIPS 140-2 hardware security modules which allows us to use a TLS key without having to access it directly. Any attempt to extract the key will trigger a tamper circuit causing the key to self-destruct. The only account capable of extracting the key is the HSM supervisor. To prevent this we set the passphrase blindly thus locking us out.\u00a0We suggest anyone not comfortable with trusting the provider to utilize the Cautious or Paranoid modes.<\/p>\n By making sure that the TLS key is 100% protected and because they are unable to retrieve it at any point and time, this assures that no one, not even the company itself can access it. \u00a0Thus keeping it from those who wish to have this piece of valuable information.<\/p>\n I am a big fan of what Ladar and Lavabit are doing. \u00a0I like the fact that it is open source. \u00a0I like the fact that it is taking email security\/encryption to a totally different level. \u00a0I like how they give me choices on how I want to access my data. \u00a0I like how they are handling the TLS\/SSL keys. \u00a0By actually rewriting the email protocol itself, they have done the one thing that no other entity can do. \u00a0And that is encrypt email properly and in a way that will make every email more secure.<\/p>\n Email isn’t going away anytime soon. \u00a0Even though applications and programs like Slack, Ryver, Google’s Hangouts do help reduce the amount of email a person might receive. \u00a0But let’s just call it like it is. \u00a0Email isn’t going anywhere! \u00a0DIME is here to change how encryption helps secure the one thing that contains most of our information. \u00a0It’s changing how things are secured and how those securities are kept. \u00a0Lavabit has finally brought forward something that everyone can utilize. \u00a0IF<\/strong> they are willing to change to something new.<\/p>\n And that is going to be the biggest detractor for most companies and people. \u00a0It’s new. \u00a0Untested. \u00a0And shakes things up. \u00a0So have the courage and see what it’s all about. \u00a0You can go here<\/a> to read all about it. And if you want to\u00a0really get into it, then go to the links below.<\/p>\n <\/p>\n <\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" [soundcloud url=”https:\/\/api.soundcloud.com\/tracks\/305803230″ params=”auto_play=false&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true” width=”100%” height=”450″ iframe=”true” \/] The title pretty much says it all. \u00a0On Friday January 20, 2017 Ladar Levinson revealed that Lavabit is…<\/p>\nTrustful Mode<\/h3>\n
Cautious Mode<\/h3>\n
Paranoid Mode<\/h3>\n
SSL anyone??<\/h2>\n
In conclusion<\/h2>\n
\n