Lavabit, an encrypted email service which was shut down after an extended legal battle in 2013, has been relaunched. According to the website, Lavabit founder Ladar Levison has worked with team members from the Dark Mail Technical Alliance to build a new architecture for the revamped Lavabit, a platform called the Dark Internet Mail Environment (DIME). The DIME platform was first introduced by Levison at the Defcon computer security conference in 2014, and after further development, is now available for pre-release to prior Lavabit users.
A user can now choose which email security mode to operate under – Trustful, Cautious, or Paranoid. Encryption and decryption are handled differently in each mode, depending on the user’s preferences and security requirements. Those who want total control of encryption and decryption should opt for Paranoid mode, since the user’s keys never leave the local device. An average but security-minded user would probably prefer Cautious mode, which offers a high level of usability, but can sync the encryption key through the server to multiple clients.
Offering end-to-end encryption, the DIME structure proposes to upgrade the security and user experience for sending and receiving encrypted email. Implementing a secure email strategy is notoriously difficult, since email metadata (such as the subject line and the to and from fields) are transmitted in cleartext, which means it can be easily read if a message is intercepted, and hackers do not have to be particularly sophisticated in order to read the contents of non-encrypted email messages. Other attempts at securing email, like PGP (Pretty Good Privacy), offer a secure way to encrypt and decrypt emails, but are difficult to learn and implement correctly, and don’t often work with popular email clients or with webmail. It will be interesting to see how successfully Lavabit incorporates security and usability.