Lavabit founder has stopped using email: "If you knew what I know, you might not use it either"


#1

[Permalink]


#2

That's so ominous, but at this point, I don't see how reality could be any worse than our suspicions, unless they actually had shoggoths arranged on racks systematically reading and cursing each packet.


#3

George W. Bush didn't use email either. Remember that the internet was a Darpa joint from the beginning. The internet has always been a government beast and it always will be. But if this government is stupid enough to monitor me and all my friends and family, none of whom are terrorists or any sort of threat to anyone anywhere, then it really deserves the backlash that will inevitably arise against it. Kind of a self-fulfilling prophesy of a bully provoking people. Sort of a backwards Koresh, if you will. If the nameless faceless security apparatus has achieved the level of sophistication that equals the pathology of a paranoid person who sees threats in every single person around it, it's tim to medicate the beast or put it out of its misery. Time to starve some contractors out of business. Me, my family, and my friends are no threat to the United States; why are they treating us like criminal suspects except to prove that they have way too much money, power, and time on their hands?


#4

Technically ARPANET used a different protocol. It was the older brother to the internet, but the internet itself wasn't a military device, nor was TCP/IP - in fact it was developed as an open alternative to ARPANET (admittedly by one of the creators of ARPANET).

Slightly pedantic, but I think an important distinction.


#5

Very interesting. Papers, please.


#7

The lesson of "Climategate" is always assume your email will be read by a hostile party in some future lawsuit. Ideally it would be along the lines of "I have completed the tasks we discussed last week" where everything is left ambiguous. But anything that sounds negative or secretive is something that can be used to accuse the writer of a "coverup." And anything like "looming catastrophe " is a big fat legal liability down the road, especially since most times those are things that never happened, but an opponent will try to conflate with their lawsuit.

This can be turned on an opponent and invite them to spew in an email rather than face to face which is a bad habit for many people.


#8

Part of the problem is that we've outsourced responsibility for e-mail to third parties, which has placed those third parties in the difficult position of deciding whether to fight the impossible battle on your behalf, or just submit to the inevitable.

Running your own mail server, however, neatly deals with the problem of the ECPA and the 6 month rule. Warrant, no warrant, new, old, whatever, if they want access to e-mail on a server you own, you're going to know, and you will have the opportunity to fight it. It is easier than ever these days to run your own mail server, if you wish.

Since the mail host is the most attractive target, you can run your own. Some of the better NAS products come with mail capabilities, such as Synology, and Apple's OSX Server features mail server capabilities as well.

Using encryption such as PGP can protect mail crossing the public Internet, which is the next weakest link.

Neither of these is going to absolutely stop the government from knowing something about what you are doing, but you can simultaneously make it more difficult for them while also eliminating the chance that your e-mail provider will go out of business for some random reason.


#9

hahaha... so "someone" can just break in a walk off with all your email. nice.


#10

Riiiiiiiiight. Instead of merely handing your e-mail service provider a demand for your mailbox content, along with everyone else you've ever communicated with.

Your suggestion Does Not Scale.

If you're afraid of some random burglar, then use Synology's various backup options.

If you're afraid of the government coming to find evidence of criminal conduct, well, that's outside the scope of this discussion, but you can host your mail server in some backwater country that scoffs at the US, I suppose.

The point is that if everybody was running their own mail server, and exchanging encrypted messages, the government would not be able to do the sorts of dragnet e-mail surveillance we're discussing.


#11

If you give me six lines written by the hand of the most honest of
men, I will find something in them which will hang him.

Armand Jean du Plessis, Duc de Richelieu (1585–1642)


#12

Just where do you find a service provider that is willing to unblock inbound SMTP? Unless you have the money to buy fairly high-end service, you can build a mail server but you can't make it face the net. Where I live, the ISP's don't even make "business grade" service - required to get the port unblocked - available to residential users, or "home business" users, at any price. So in addition to paying through the nose for the service, you'd have to rent a storefront to house the server. Oops: now they can serve the NSL on the landlord.

From what I've read lately, it wouldn't surprise me a bit if this situation is the result of an edict from one of the Agencies: make sure that ordinary people have to use third-party-hosted email so we can seize it without their knowledge. For their own good, of course.


#13

Security is never absolute. Mostly it involves making yourself a less attractive target.


#14

you been following the news lately?


#15

Well, that's a point, and you also need a static IP. It isn't a problem around here where both cable and DSL business-class options are available for only a little more per month.

However, these days it isn't exactly costly or difficult to find a variety of hosting services where you could host a server, and I believe that some of the VPN providers have options that are essentially designed to allow you to bypass such restrictions. Worst case scenario, you buy a cheap VPS and stick OpenVPN on it to give yourself a static IP and port 25 reachability, and forward that to yourself at home.

There are always options.


#16

Speaking as a mail systems administrator who has been doing e-mail since before the ECPA was passed, uh, yes.


#17

such as by running a private mail server?


#18

even basic reliability precautions rules out this plan (power outage, you go on holiday), that is before considering redundancy.


#19

You're implying that running a private mail server on a business class connection would cause you to be singled out as a more attractive target?

That'd probably be rather shocking to all the businesses who do in fact run their own mail servers.


#20

yes.


#21

Hey, if you want to keep using Hotmail or whatever, you are welcome to do so. That doesn't actually make you exempt from service problems, random unexplained spam filtering, or loss of access to your account when somebody manages to hack your account and change your password. There are problems with every strategy for maintaining a stable Internet presence.