Update: Lavabit.com has been shut down by the owner. How would I adjust my diagram? Hmm…
My Fellow Users,
I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on–the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.
What’s going to happen now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.
This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.
Owner and Operator, Lavabit LLC
Defending the constitution is expensive! Help us by donating to the Lavabit Legal Defense Fund here.
“Dad,” asked my son in anticipation of his upcoming birthday, “I’m planning on starting over online. I want to delete my email accounts, YouTube accounts, etc.” As we discussed all the things he wanted to do (and why), I made a few suggestions based on recent changes that I’ve made in my own habits.
For fun, I’ve captured them in a Gliffy.com diagram (wow, this is an AWESOME diagramming tool!) that I made using their free account. One of the questions I have is, What have I left out? On first look, I wonder if this is too complicated. But then, the reality sinks in. It’s important to plan your virtual presence with security and encryption in mind.
Here’s the diagram, and I’ve included a list of the various sites:
As you can see, there are two strategies discussed in the diagram.
1) Lavabit Account:
The rationale for getting a Lavabit.com account is the security. They offer free webmail accounts that can also be accessed on your mobile device via POP/IMAP. What makes them unique is that statements like this:
In an era where Microsoft and Yahoo’s e-mail services sell access past their spam filters, Google profiles user’s inboxes for targeted advertising, and AT&T allows the government to tap phone calls without a court warrant; we decided to take a stand.
The key element of the PATRIOT Act is that it allows the FBI to issue National Security Letters (NSLs). NSLs are used to force an Internet Service Provider, like Lavabit, to surrender all private information related to a particular user. The problem is that NSLs come without the oversight of a court and can be issued in secret. Issuing an NSL in secret effectively denies the accused an opportunity to defend himself in court. Fortunately, the courts ruled NSLs unconstitutional in 2005; but not before illustrating the need for a technological guarantee of privacy.
Lavabit believes that a civil society depends on the open, free and private flow of ideas. The type of monitoring promoted by the PATRIOT Act restricts that flow of ideas because it intimidates those afraid of retaliation. To counteract this chilling effect, Lavabit developed its secure e-mail platform. We feel e-mail has evolved into a critical channel for the communication of ideas in a healthy democracy. It’s precisely because of e-mail’s importance that we strive so hard to protect private e-mails from eavesdropping.
Their security description continues as follows, but you can read the whole thing online:
The short description is that for users of this feature, incoming e-mail messages are encrypted before they’re saved onto our servers. Once a message has been encrypted, only someone who has the account password can decrypt the message. Like all safety measures, encryption is only effective if it’s used. To ensure privacy, Lavabit has developed a complex system that makes the entire encryption and decryption process transparent to the end user.
Google Drive does not currently encrypt files on the server. Our team and our company take the security and privacy of our users very seriously. For example, we support 2-factor authentication, and as Julio mentioned, all transmissions to and from your device using HTTPS and TLS. However, you can encrypt a file (or all your files) before you add it to Google Drive, and Drive will sync any file (whether it’s encrypted or not) to all your devices.
Security researcher Christopher Sogohain believes Dropbox is lying in claiming that they encrypt uploaded files and keep them from employee eyes. So he filed an FTC complaint against them. According to Wired, the complaint alleges that the lack of encryption means that your files could be involved in possible government searches, copyright infringement lawsuits, or the machinations of Dropbox employees.
- Kik – an instant messaging service popular with youngsters.
- Instagram – photo sharing site
- YouTube – video sharing. We think we can use YouTube with a 3rd party email account.
- Cloud Storage solutions
- Apple ID – Since he’s an avid Apple user (sigh), switching over to Lavabit shouldn’t be difficult. I went through the process prior to writing this email and it was pretty straightforward.
Check out Miguel’s Workshop Materials online at http://mglearns.wikispaces.com