Sophos Cloud Optix
Lavabit, formerly the encrypted-email provider for NSA secret-leaker Edward Snowden, has reopened for a brief window of time to let its users get at their data.
Lavabit founder Ladar Levison on Monday posted a brief message saying that the first step would be to enable users to change their password during a 72-hour period that started on Monday at 7:00 pm Central time (Greenwich Mean Time [GMT] -5).
Lavabit said that the password-change step was created “due to recent events in the news that have lead people to believe that their account information may have been compromised.”
Any users who are concerned that their account information has been compromised will be able to change their account password on a website with a newly secured SSL key.
(Note that the URL Lavabit provided, http://liberty.lavabit.com, doesn’t work in some browsers, bringing up a blank page. This can be fixed by switching to HTTPS: https://liberty.lavabit.com.)
Following the 72-hour window to change passwords, starting on 17 October, the site will then enable users to access email archives and personal account data.
Lavabit abruptly shut down in August amidst legal wranglings that a gag order kept it from disclosing.
Levison said in a statement at the time that it had come down to a decision: either “become complicit in crimes against the American people” or “walk away from nearly ten years of hard work by shutting down Lavabit.”
(As it turned out, Lavabit did, in fact, hand over its crypto keys to the US government – printed in a near-microscopic 4-point font.)
Sister encrypted email service Silent Circle quickly followed suit, silencing email in anticipation of the US government getting its hands on the metadata inevitably associated with email.
Lavabit now says that it’s moving to open the data access window to its users because its abrupt closure – done to protect its users’ privacy – left users without a way to access their sensitive data.
That includes the founder himself, who said in the message posted on Monday that he’s feeling the same pain as his email-less users:
I'm in the same boat as them. I used my Lavabit email account for 10 years. It was my only email account.
Hmm…so the NSA has the keys and now they want the users of the system to come get their mail?
I guess you missed the part where it said "on a website with a newly secured SSL key." The government has the old SSL key, that was revoked by the way, and so now they are using a new key that the government does not have.
I did read that. But the fact the NSA already has been in contact with Lavabit….I still would not trust it for that fact. How do we know they don't have the new SSL key? I was just thinking that others may have info they want to retrieve and the NSA is waiting for them to come for it….I may be way off base….just a paranoid thought!
Paraphrasing an old saying:
It's not paranoia when in fact, someone is trying to scoop up your emails.