# Goodbye Lavabit



## jarland (Aug 8, 2013)

Anyone standing up for privacy, it's war they want. This sucks.


http://lavabit.com


----------



## drmike (Aug 8, 2013)

WTF?   Let me guess, Lavabit had *bad* users that the feds wanted to sniff their dirty laundry?  

I've been weary of Lavabit and recently saw of their many accounts less than 10% of the accounts were actively logging in (as per their stats).

If I were getting into the privacy focused hosting, I would start shopping places with active or recent history of defending free speech.  There aren't many places to pick from.

F' the US government.  You god damn goons.  No class whatsoever, none.


----------



## Aldryic C'boas (Aug 8, 2013)

> WTF?   Let me guess, Lavabit had *bad* users that the feds wanted to sniff their dirty laundry?


Ed Snowden.


----------



## drmike (Aug 8, 2013)

If Snowden was hosting there, ummm well, then Lavabit has real legal issues and a PR / legal fight isn't going to have any legs.

Snowden's disclosures would clearly fall under Patriot Act and even absent that poor legislation would be covered under prior practices and "standards".

If, a service was fully crypto'd and the keys were only in the hands of the customer, then perhaps you could host private in the US.  I wouldn't waste engineering time though.  I'd just flea the Stasi police state and given my money to reasonable people (there aren't many left).

Time for non-cloud, then perhaps non-outsource hosted and then finally P2P based email.  Does such a thing exist?   This truly is about to be the death kneel for email.  By design mind you.


----------



## Aldryic C'boas (Aug 8, 2013)

> This truly is about to be the death kneel for email.  By design mind you.


Only for people like us.  No matter how many security-conscious people you can round up, we still only represent a TINY fraction of actual net users.  So sure, we may end up with our own slightly-more-secure methods of communication.. at the cost of isolating ourselves from friends/family that are part of the masses too ignorant/lazy to care.


----------



## drmike (Aug 8, 2013)

You've never spoke truer words @Aldryic.

I foresaw this wave of tyranny decades ago.  I thought however that commercial interests wouldn't want to see the mass destruction and centralization of services.   Many small hosts, email hosts, etc. are going to go extinct due to actions by government.

I remember years ago when every town had tons of small ISPs and alternatives.  Today, the incumbent monopolies.

Allowing mass consolidation of any form to occur means inevitable extinction of privacy, human rights, fair pricing, etc.


----------



## jarland (Aug 8, 2013)

buffalooed said:


> You've never spoke truer words @Aldryic.
> 
> 
> I foresaw this wave of tyranny decades ago. I thought however that commercial interests wouldn't want to see the mass destruction and centralization of services. Many small hosts, email hosts, etc. are going to go extinct due to actions by government.
> ...


Same. I didn't think they'd give us up this easy. Us, the ones responsible for their success. I don't know how we climb out of this one without outside intervention.


----------



## kaniini (Aug 8, 2013)

The only way to stop this is to actively resist FISA orders.  _That_ is a dangerous proposition, with the possibility that you will die, as you are challenging the world's largest intelligence apparatus.  For many people, that is too risky of a position to take.

But, it is what is necessary.  Service providers can choose to either be complicit or to actively resist.  Until there is active resistance, it will continue.  Are _you_ willing to defy a FISA court order?

This time around, I am.  But, it's not so easy to come to that conclusion when you are not prepared to resist them.


----------



## drmike (Aug 8, 2013)

I wonder who comes delivering the FISA court orders?  Perhaps doing what many have done before and sending him back to the Court with something extra special


----------



## jarland (Aug 8, 2013)

kaniini said:


> The only way to stop this is to actively resist FISA orders. _That_ is a dangerous proposition, with the possibility that you will die, as you are challenging the world's largest intelligence apparatus. For many people, that is too risky of a position to take.
> 
> 
> But, it is what is necessary. Service providers can choose to either be complicit or to actively resist. Until there is active resistance, it will continue. Are _you_ willing to defy a FISA court order?
> ...


That's what they count on, that we will value our lives too much. As an individual, yes I am prepared. As a husband, a soon to be father, I'm not. I've got a lot of anger and few ideas how to react. All I can do is try to make a contribution to privacy.


----------



## kaniini (Aug 8, 2013)

The challenge is to find a way to resist a FISA court order while acting in the confines of the law.

If you believe FISA court gag orders to be unconstitutional, and you're willing to fight for that viewpoint, then ignore them.  I certainly do and have lawyers which will back that view.  This is a way that a service provider can resist them which will make an active impact.

There's no valuable contribution that you can make to privacy unless you're willing to invent new forms of cryptography.  The heart of the intelligence beast is the gatekeeper for cryptographic standards.  And if you're inventing new forms of cryptography, you had best get them right, or your cryptography work is useless.

Building isolated infrastructure just means the beast will attack your infrastructure at the points you don't control.  So, for example, they will just tap your traffic upstream if you refuse to comply.  And, that may make your upstream disconnect you.  See, there's plenty of ways they can get in your head and mess with you, as a service provider.

There is certainly no way to have privacy from the beast on the modern Internet.


----------



## drmike (Aug 8, 2013)

Cryptography isn't a single layer solution.  To date, most everything does just one-over crypto and we all say secure.

At minimum for redundancy and sanity, you should be doing N+1 crypto.  That means 3 levels of crypto.  Crypt the plaintext, then crypt the crypted text, then crypt that.   With CPU speeds on desktops and tons of silicon with crypto speed enhancers (coprocessors) in portables, doing this shouldn't be too much overhead/delay.


----------



## jarland (Aug 8, 2013)

Doesn't have to be new forms so much as new implementations and ways to streamline the process for the end user. There is no perfect and convenient solution, short of isolation as Aldryic pointed out, but we can certainly fight to make their jobs more difficult, and we should in every way we can.


They are being revealed as an enemy to anyone regardless of political affiliations. As an American, I feel it is my duty to the world to right this wrong that I funded. I feel I must do so in peaceful, nonviolent ways. What ways exactly? Keeping my eyes peeled, let me know if you have any suggestions. Besides the voting channels of course. I'll use that channel until they shut it down, whether it accomplishes anything or not.


----------



## stim (Aug 8, 2013)

Won't distributed systems like bitmessage eventually render NSA surveillance impotent? 

Genuine question.....


----------



## Slownode (Aug 8, 2013)

The US is indiscernible from China these days... except China is developing and the US is rotting.


----------



## drmike (Aug 8, 2013)

stim said:


> Won't distributed systems like bitmessage eventually render NSA surveillance impotent?
> 
> Genuine question.....


Thanks for posting about Bitmessage.  It is new to me.  Starting to get up to speed and knowledgeable about it.

P2P isn't any layer of security.  It just is kind of like everyone is a server.  Distributed many servers instead of fewer centralized servers.  

In regards to email, the entire hassle of reverse DNS, non moving server target, etc. poses a clear privacy and monitoring issue, so giving a server mobility, ability to change IP, etc. is a mass improvement --- but of course we are comparing email to something entirely different.

NSA surveillance and impotency   Well, to reduce sniffing by the feds you must:

1. Deal only in highly encrypted data - real crypto and crypto within crypto --- different layers and types of crypto on same message

2. Be able to tunnel the data in and out through many proxies as to confuses/hide origin and destination

3. None of the routing, sender or end data should be plaintext

4. SSL-only methods of encrypting are woefully inadequate and likely already keyed into by the feds.

That's a start to the conversation.

P2P is arguably a higher target and more suspect in some ways.  What we need is a proxy/packet server that is generic for all sorts of data.  So no one can say email goes through here or video or anything else, it should just be a pipe with whatever so targeting it traditional legal route isn't so simple (court order).


----------



## drmike (Aug 8, 2013)

Slownode said:


> The US is indiscernible from China these days... except China is developing and the US is rotting.


I am not a China expert, but they seem to hinged upon the US for their stability economically.  Many economic woes in China.  Mass ghost cities sit empty.  Tons of poverty (way more people and higher percentage than US which is huge collection of poor people).

The Great Firewall of China was built by folks like Cisco, a US company.   

Calling China and the US indiscernible is pretty accurate.   Same heavy handed military ran totalitarian governments with top down manufactured corporations that steam roll organic real businesses who don't play along.

Both countries are rotting.  The US is a good 40 years into the rot phase though.  Huge disinvestment in infrastructure. Crumbling cities, highways, bridges, etc.


----------



## Aldryic C'boas (Aug 8, 2013)

> Calling China and the US indiscernible is pretty accurate.


The difference being, there's more honesty there.  There's no "hide behind a smiling elected official" nonsense;  citizens are fully aware that they are constantly being watched, and there are no disillusions about the penalties for invoking govt. ire.  Ask any semi-knowledgable American about what happens to suspected spies/etc - "They get locked up".  Ask a Chinese the same question, and get the real answer - "Best outcome, death".


----------



## drmike (Aug 8, 2013)

Aldryic C said:


> Ask any semi-knowledgable American about what happens to suspected spies/etc - "They get locked up".  Ask a Chinese the same question, and get the real answer - "Best outcome, death".


But, prior to near recent times in the US, worst that could happen is being held in contempt of court to fork over info or contempt for failure to "co-operate" with the government.   Now, under "laws" they can sweep you away to indefinite detention and hold you incommunicado.  Meaning, you effectively get disappeared.

China's heavy death toll, well, the US has long been behind that.   US intelligencia overthrew leaders.  Some say Mao was put into power by the US.  A notorious mass serial killer there.  The one child policy is greatly admired by many US wealthy control freaks.

These are strange days considering modern history where the worlds largest COMMUNIST nation is hip tied to the world purported beacon of freedom and independence.  After all those decades of Cold War, all that money extorted from citizen sweat, and now we lay with the commies?!?!?  See, simple I say, reality isn't as it was advertised to us.


----------



## drmike (Aug 8, 2013)

Lavabit closure has hit Slashdot (and likely other popular sites)... Hopefully this is a step to ratchet up the political activism and get people both angry and out of this chair and out to do something for a change:

http://yro.slashdot.org/story/13/08/08/1956215/encrypted-email-provider-lavabit-shuts-down-blames-us-govt


----------



## Shados (Aug 8, 2013)

kaniini said:


> There's no valuable contribution that you can make to privacy unless you're willing to invent new forms of cryptography.  The heart of the intelligence beast is the gatekeeper for cryptographic standards.  And if you're inventing new forms of cryptography, you had best get them right, or your cryptography work is useless.
> 
> Building isolated infrastructure just means the beast will attack your infrastructure at the points you don't control.  So, for example, they will just tap your traffic upstream if you refuse to comply.  And, that may make your upstream disconnect you.  See, there's plenty of ways they can get in your head and mess with you, as a service provider.
> 
> There is certainly no way to have privacy from the beast on the modern Internet.


Inventing new forms of cryptography is far from the only way to make a valuable contribution to privacy as a 'cause', and really, it's not even the best one. You can build secure, distributed, infrastructure without centralized points of failure, control or observation, you can raise awareness about security & privacy issues, you can lower the barrier to entry for laymen interested in privacy/security, etc.

So start building city-wide wireless mesh networks and then figure out a way of interconnecting them long-distance... of course, even though your upstream is now not sanely controllable/compromisable, they'll still be able to find another way to fuck you, but this stuff is like any kind of security: It's not about making something 'unbreakable', it's about making it prohibitively difficult to break.



buffalooed said:


> Thanks for posting about Bitmessage.  It is new to me.  Starting to get up to speed and knowledgeable about it.
> 
> P2P isn't any layer of security.  It just is kind of like everyone is a server.  Distributed many servers instead of fewer centralized servers.
> 
> In regards to email, the entire hassle of reverse DNS, non moving server target, etc. poses a clear privacy and monitoring issue, so giving a server mobility, ability to change IP, etc. is a mass improvement --- but of course we are comparing email to something entirely different.


P2P/distributed systems design (if done right) does provide some level of extra security because it makes it significantly more difficult for any single organization to attack, control or monitor the entire system. If your infrastructure is federated (and why not, if you're building something distributed in the first place), then you also get 'trust agility'.



buffalooed said:


> These are strange days considering modern history where the worlds largest COMMUNIST nation is hip tied to the world purported beacon of freedom and independence.  After all those decades of Cold War, all that money extorted from citizen sweat, and now we lay with the commies?!?!?  See, simple I say, reality isn't as it was advertised to us.


To be fair to communism, China is not particularly communist in their actions - more like some bizarre state-run capitalism. On the other hand, to be fair to capitalism, everywhere else isn't particularly capitalist (let alone actually good at being capitalist, as opposed to good at being short-sighted and stupid).


----------



## Aldryic C'boas (Aug 8, 2013)

buffalooed said:


> But, prior to near recent times in the US, worst that could happen *publicly* is


Fixed that for ya.  Don't get me wrong, there were a lot of people publicly hauled off.  Speaking as someone who used to have partial access to a 'suspect' file repository.. yeah, the hauling off was only done to mask the people that simply vanished for good.


----------



## drmike (Aug 8, 2013)

Shados said:


> So start building city-wide wireless mesh networks and then figure out a way of interconnecting them long-distance... of course, even though your upstream is now not sanely controllable/compromisable,


Yeppers, truly time for next generation semi-open wireless on local / regional basis.  Independent operations, not incumbent monopolies.

Still have the issue with anything destined for the other net --- the controlled internet --- and your upstreams which are all spying and complying with mass monitoring and recording of likely everything.  So that needs to enter and tunnel out to elsewhere and ideally multiple tunnels to multiple ends.



Aldryic C said:


> Speaking as someone who used to have partial access to a 'suspect' file repository.. yeah, the hauling off was only done to mask the people that simply vanished for good.


Before the hauling aware and being disappeared by truly CIA and related intelligence agencies (mainly) doing it + their contractors.   Now it could be any alphabet agency for any ridiculous reason or total lack of reason.   

Killing people in almost every circumstance other than say self defense is criminal.   Government wants to watch, I say sure, now lets make all your "secret" stuff transparent and monitored too.   If we catch you doing as government criminal things, then life in prison and/or death penalty.   Violate rights, oh yeah, they've been doing that...  They should face the piper and pay up.

Remember our common social saying of don't shoot the messenger?  In times of war and desperate retaliation, those bearing gifts, the messengers should be sent back gifted.  Only a matter of time before this all escalates into physical conflict.  Seems to be what Uncle Scam wants, sadly.


----------



## jarland (Aug 8, 2013)

Remember that not every task in a war is about immediate victory. They may shut down what we do, circumvent it, adapt, all those great things. We just keep on. There has always been people who oppose the idea of freedom, there will always be. A call to arms or a call to keyboards? Start coding!


----------



## MannDude (Aug 8, 2013)

Pretty sure Lavabit was hosting some Tor related stuff, including FreedomHosting and TorMail.



> Court records show that, in March, Lavabit complied readily with a search warrant targeting a child pornography suspect in a Maryland case. That suggests that Levison isn’t a privacy absolutist. Whatever compelled him to shut down now must have been exceptiona





> Lavabit ordered to (1) let FBI take over Snowden's account? (2) Send >Snowden a 0-day? (3) Something to do with Freedom Hosting? Lavabit was also a hosting company. I missed one obvious possibility. Freedom Hosting may have run its hidden services there.


Source: http://www.reddit.com/r/technology/comments/1jyzpl/i_have_been_forced_to_make_a_difficult_decision/

_Do you guys feel safer now?_


----------



## texteditor (Aug 8, 2013)

buffalooed said:


> These are strange days considering modern history where the worlds largest COMMUNIST nation is hip tied to the world purported beacon of freedom and independence.  After all those decades of Cold War, all that money extorted from citizen sweat, and now we lay with the commies?!?!?  See, simple I say, reality isn't as it was advertised to us.


China has never really been communist, even in Mao's day


----------



## texteditor (Aug 8, 2013)

You'd have figured after the whole hushmail thing the people who were truly paranoid about email would have learned that self-hosting is the only real option


----------



## MannDude (Aug 8, 2013)

texteditor said:


> You'd have figured after the whole hushmail thing the people who were truly paranoid about email would have learned that self-hosting is the only real option


But _is _it? I mean, what's to stop your average VPS provider from complying and giving some agency access to their machines? Not hard to see whats going on in VPSes once you have access to the host node with OpenVZ. Unsure what the process is for KVM and Xen, but that's just because I've not deal with either. Sure it's not difficult if someone wanted or 'needed' to.

Internet sucks anyways. I'd rather just have a city-wide meshnet so I can see whats going on in my local community and communicate with my friends. _"Oh nice, this restaurant is having a great deal. They've got the best rubens!"_

I've always said that I work from home and use the internet so that one day I can live without it. Need to make that happen sooner than later now.


----------



## drmike (Aug 8, 2013)

Kevin Poulsen has some interesting thoughts on the subject:

Court records show that, in March, Lavabit complied readily with a search warrant targeting a child pornography suspect in a Maryland case. That suggests that Levison isn’t a privacy absolutist. Whatever compelled him to shut down now must have been exceptional.

and from his Twitter account:

Lavabit ordered to (1) let FBI take over Snowden's account? (2) Send >Snowden a 0-day? (3) Something to do with Freedom Hosting? Lavabit was also a hosting company. I missed one obvious possibility. Freedom Hosting may have run its hidden services there.

Really frightening stuff. I feel bad now complaining to their support service about the frequent downtime in the last few weeks.

http://www.wired.com/threatlevel/2013/08/lavabit-snowden/

Lavabit ordered to (1) let FBI take over Snowden's account? (2) Send Snowden a 0-day? (3) Something to do with Freedom Hosting? #speculation

— Kevin Poulsen (@kpoulsen)

August 8, 2013
(Edit: added links)
permalink


----------



## jarland (Aug 8, 2013)

He said all this that he can't talk about took place in the last 6 weeks. While the freedom hosting thing is possible, it just seems like we've got more clear lines to draw to Snowden as the likely cause that put lavabit under the microscope. I had just paid for a year of service too. Not much money, don't want it back, wish I had more to give to their legal fund. No matter the circumstance, I highly doubt that a gag order is necessary for any short term risk to American citizens by the release of this information. More likely it's bad PR for the government. Speculation is all we have I suppose.


----------



## drmike (Aug 8, 2013)

No doubt Snowden brought the creep heat.   Hopefully these bureaucrats don't believe in hell and are right, cause I am certain they are headed for hot sulfur bathes.   Then again, I think we can emulate hell and give them proper sulfur beforehand. Bahahahah!

Snowden while admirable, isn't a reason to go taking down legitimate businesses and disrupting commerce.  Obama has done quite good at killing legitimate businesses.  Add Lavabit to the list.  Screw it, let's set Lavabit part 2 up in Iceland and shoot them the bird.


----------



## Tux (Aug 8, 2013)

MannDude said:


> But _is _it? I mean, what's to stop your average VPS provider from complying and giving some agency access to their machines? Not hard to see whats going on in VPSes once you have access to the host node with OpenVZ. Unsure what the process is for KVM and Xen, but that's just because I've not deal with either. Sure it's not difficult if someone wanted or 'needed' to.
> 
> Internet sucks anyways. I'd rather just have a city-wide meshnet so I can see whats going on in my local community and communicate with my friends. _"Oh nice, this restaurant is having a great deal. They've got the best rubens!"_
> 
> I've always said that I work from home and use the internet so that one day I can live without it. Need to make that happen sooner than later now.


KVM can be dealt with easily. Just attach gdb to it and force a memory dump.


----------



## perennate (Aug 8, 2013)

> But _is _it? I mean, what's to stop your average VPS provider from complying and giving some agency access to their machines? Not hard to see whats going on in VPSes once you have access to the host node with OpenVZ. Unsure what the process is for KVM and Xen, but that's just because I've not deal with either. Sure it's not difficult if someone wanted or 'needed' to.


Automatically encrypt all incoming emails with OpenPGP. And to avoid tampering, host it on your own computer. (And reinstall every two weeks... just kidding... maybe


----------



## drmike (Aug 8, 2013)

If someone has full server access regardless of platform, there is always total packet dumps as well as reading the raw disk files.

It is in part why shared environments are unsecured unknowns.

Securing such an environment for virtualized customer, well, can it actually be done?  Would require full cryptoed packet traffic and crptoed disk.  The disk part is a puzzle I've never figured out since the OS would need to have credentials to read and write and that would require full access to the volume.


----------



## drmike (Aug 8, 2013)

perennate said:


> Automatically encrypt all incoming emails with OpenPGP. And to avoid tampering, host it on your own computer. (And reinstall every two weeks... just kidding... maybe


Well, this isn't too far off of a semi solution that only hides the actual body of the message.  It still exposes the sender and recipient info.  So they know A and B interacted on this date and the subject.  That's leaking, but better than nothing.

If you use OpenPGP or equivalent on remote device, the message should be fully crypted along the way.  So no hazard there.

In that model could use absolutely any email server.  Secure, unsecure, etc.


----------



## GVH-Jon (Aug 8, 2013)

Guys this is totally off topic but I met a guy the other day that looked like a 20 year old version of Snowden ..


----------



## MannDude (Aug 8, 2013)

Someone should write-up some good tutorials... Just sayin'.

Been wanting to set up my own mail stuff for a long while, more as a learning project than for privacy reasons, but it can be both now.


----------



## perennate (Aug 8, 2013)

MannDude said:


> Someone should write-up some good tutorials... Just sayin'.
> 
> Been wanting to set up my own mail stuff for a long while, more as a learning project than for privacy reasons, but it can be both now.


There are good tutorials, but you have to use Google to find them 

DuckDuckGo doesn't work so well yet.


----------



## drmike (Aug 8, 2013)

perennate said:


> DuckDuckGo doesn't work so well yet.


Really?  While it isn't perfect (had issues looking for a local hardware store a city + state + hardware style search --- where the store showed up about 10th in results) it is pretty alright generally.  

When I have a search snafu I run the same on StartPage.com which is another supposedly secure search engine that does pull from Google.

I've found Google's results to increasingly worse for most of my queries than they use to be.


----------



## drmike (Aug 8, 2013)

MannDude said:


> Someone should write-up some good tutorials... Just sayin'.


I might cobble together a DNS tutorial for end DNS users.  That's the first layer for some of these general security issues.

Since my interests and designs revolve around SSH tunnels, will probably mix that into the DNS piece.

Dawned on me today how much snooping, spying, watching, profiling and intelligence info is gathered just from passively recording DNS requests (domain + request IP).  All those DNS requests fly around fully plaintext in the wide open. Not for long soldiers.

As for email server roll your own, @jarland continues to swear by iRedMail as working currently with the Ubuntu environment.  It's short listed in my world.


----------



## Shados (Aug 8, 2013)

perennate said:


> Automatically encrypt all incoming emails with OpenPGP. And to avoid tampering, host it on your own computer. (And reinstall every two weeks... just kidding... maybe


Or more practically, run something like Alpine Linux from read-only media and reboot every two weeks. Goodbye, rootkits!


----------



## wlanboy (Aug 8, 2013)

kaniini said:


> The only way to stop this is to actively resist FISA orders.  _That_ is a dangerous proposition, with the possibility that you will die, as you are challenging the world's largest intelligence apparatus.  For many people, that is too risky of a position to take.


I noticed that in many countries. They are laws to protect privacy but they don't count because of fear. Whenever the force of the executive is greater than the custody of the judiciary somethings goes terribly wrong.

They should never mix but are always mixed to gain more power. History tells us a lot of how this will end.



buffalooed said:


> In regards to email, the entire hassle of reverse DNS, non moving server target, etc. poses a clear privacy and monitoring issue, so giving a server mobility, ability to change IP, etc. is a mass improvement --- but of course we are comparing email to something entirely different.
> 
> Well, to reduce sniffing by the feds you must:
> 
> ...


To 1: Yup. But cryptography only works if the secret is on a different place as the information itself. Mixing cryptos does not gain much security. There are good ways to check what crypto algo is used.

Just thought about this again.

You are right - use GnuPG for encryption of the emails and e.g. ecryptfs for the encryption of your GnuPG keys.

To 2: Won't help much. They do have to many observation points.

To 3: Right. All communication of the mail server itself should be at least using TSL.

To 4: If you use self signed certificates you can choose key length and key algo at your choice. But how to secure the access to the ssl cert on a shared environment?

It looks like it is just a shift of the problem. "It is secure if you are using X". But you have to check if "X" is secure too.



buffalooed said:


> If someone has full server access regardless of platform, there is always total packet dumps as well as reading the raw disk files.
> 
> It is in part why shared environments are unsecured unknowns.
> 
> Securing such an environment for virtualized customer, well, can it actually be done?  Would require full cryptoed packet traffic and crptoed disk.  The disk part is a puzzle I've never figured out since the OS would need to have credentials to read and write and that would require full access to the volume.


Yup. Crypto disks are fine on KVM - but you have to connect to an not encrypted VNC to enter your password on boot.

Everything else can be done via OpenVPN.

But like SSL - the OpenVPN connection is only secure if no one does have access to your keys...



MannDude said:


> Someone should write-up some good tutorials... Just sayin'.
> 
> Been wanting to set up my own mail stuff for a long while, more as a learning project than for privacy reasons, but it can be both now.


Allready in the works.


----------



## MannDude (Aug 8, 2013)

wlanboy said:


> Allready in the works.


Looking forward to it. You write some pretty great tutorials!


----------



## wlanboy (Aug 9, 2013)

MannDude said:


> Looking forward to it. You write some pretty great tutorials!


Done: http://vpsboard.com/topic/1506-running-your-own-mail-server/


----------



## drmike (Aug 9, 2013)

Lavabit just had a big piece on Foxnews radio about the closure.  Going to get big traction with this I suspect.


----------



## JDiggity (Aug 9, 2013)

Hey guys,

Well people state security through obscurity is not security, but is probably the most safe. 

Isn't the definition of cryptography using an obsure number and letter convention the whole basis of cryptography?

Correct me if I am wrong.  Just wanted to get your guys thoughts.  Sad to see a service like this go.


----------



## jarland (Aug 9, 2013)

buffalooed said:


> Lavabit just had a big piece on Foxnews radio about the closure.  Going to get big traction with this I suspect.


I'm pretty happy about the speed that it's picking up recognition. We need people right now willing to charge into the streets and get shot down for everyone to see. Metaphor, obviously, but I think you get what I mean. We need the equivalent of martyrs here and lavabit gave us one. That was their true gift to their clients in closing down yesterday. This is how we can see change impacted, by making public spectacle of the problem, over and over.


----------



## drmike (Aug 9, 2013)

Oh boy, Lord Oblama to the rescue:

"President to announce measures to restore public trust in government surveillance, source says."  

3PM conference / pep speech probably in some high school gymnasium in middle America.


----------



## drmike (Aug 9, 2013)

Wait, it's all a smokescreen before he is whisked away on a luxurious vacation with millions of our dollars and a small army in tow.


----------



## jarland (Aug 9, 2013)

buffalooed said:


> Oh boy, Lord Oblama to the rescue:
> 
> "President to announce measures to restore public trust in government surveillance, source says."
> 
> 3PM conference / pep speech probably in some high school gymnasium in middle America.


The most transparent administration ever.

...only because they're too stupid to keep a lid on all the massive secrets they're trying to hold.


----------



## drmike (Aug 9, 2013)

Transparent or translucent?

How in the world is the big goof going to sell the public on trusting the government smelling their dirty underwear, lurking in their fridge and watching them watch television?

Oh I know how, claim every person blamed for potentially being a bad guy and every made up scenario was gleaned from data illegally tapped, stolen and traced by their "intelligence" monitoring.  To say, they show the "results" of their efforts.

Shameless this government is.

Transparency? How about they declare how long and how much monitoring has been going on?  Never, ever.


----------



## mitgib (Aug 9, 2013)

buffalooed said:


> Oh boy, Lord Oblama to the rescue:
> 
> "President to announce measures to restore public trust in government surveillance, source says."
> 
> 3PM conference / pep speech probably in some high school gymnasium in middle America.


I think this may have more to do with it

http://finance.yahoo.com/news/obama-tech-executives-met-discuss-120021148.html

I am betting big money is telling these govt clowns to back down or see the flow of campaign contributions slow to a trickle


----------



## drmike (Aug 9, 2013)

Good point/find @mitgib!

This is a funny from the link you posted:

"The meeting was part of the ongoing dialogue the president has called for on how to respect privacy while protecting national security in a digital era," a White House official said in confirming a report by Politico, which broke the news of the meeting.

The closed-door session was not included on Obama's daily public schedule for Thursday. It followed another private session on Tuesday of Obama administration officials, industry lobbyists and privacy advocates.

---- respect privacy ... while protecting national security.....  closed-door session.... not... on Obama's daily public schedule.... followed another private session on Tuesday.... lobbyists.


----------



## jarland (Aug 9, 2013)

I liked hot air's take on the related press event today.



> the guy whose leaks created this political shinolastorm over surveillance is, according to O, assuredly not a patriot, even though no one but no one thinks Obama would have pushed these reforms if not for Snowden’s revelations. Help me square that circle. It’s not a hopeless contradiction; you can believe that Snowden’s initial leaks about PRISM and domestic data-gathering were legit whistleblowing while also believing that he’s since veered into Wikileaks-style antagonism towards the U.S. government with no obvious benefits to civil liberties. But it’s surreal to see The One essentially stipulate that Snowden’s critique of NSA procedures is valid, enough so that a presidential press conference is necessary to introduce reforms responding to his concerns, and then dismiss the guy as a fake patriot because he didn’t stay put and invoke statutory whistleblower protection in the blind hope that the feds wouldn’t give him the full Bradley Manning treatment.  Read Lavabit’s shutdown message yesterday about a “fight for the Constitution” if you haven’t already. Would that sort of catalyzing, awareness-raising gambit have happened without Snowden? If Obama cared about the expansions of the surveillance state on the merits rather than as a political fire he has to put out, he would have held this presser in 2009.





> How independent can the new “independent voice” at the FISA Court be if it’s not allowed to communicate with the targets of surveillance for national security reasons? Are the feds going to build their own ACLU/public defender bureau to secretly represent people suspected of terror links, unbeknownst to them?


Just more useless talk. Thought this guy's commentary was priceless.


----------



## drmike (Aug 9, 2013)

Edward Snowden:

'Google, Facebook, Microsoft, Yahoo, Apple, and the rest of our internet titans must ask themselves why they aren't fighting for our interests the same way'


----------



## drmike (Aug 9, 2013)

US based data providers wonder why sales are so off and people are tweaked by the NSA spying on citizens?

Here's one account of the collateral damage potential:



> A report issued this week by the Technology and Innovation Foundation estimated that the US cloud computing industry, by itself, could lose between $21 billion to $35 billion due to reporting about the industry's ties to the NSA.


All I can say is GOOD.  I hope assholes collaborating with the federal government and doing so slyly lose their business, family, home, fortune.


----------



## jarland (Aug 9, 2013)

Well, they met with the president. Now we can speculate that they aren't interested in our privacy but more interested in their PR, but truthfully we just don't know what is being said behind those doors. I'd like to assume the best of them for the moment. Threats from an administration that has reshaped entire sectors of the economy by bearing down on congress so hard that they couldn't breathe is not something that I would ignore in today's times. They may be victims all the same. Then again, they may be the key players in the whole thing.


----------



## drmike (Aug 9, 2013)

I think this all just more of the same, destroying small businesses.  Putting more people on the employment/poverty roles.

Certainly, if you were to say to the spooks to screw off or publicly say what they wanted, they'd disappear/charge you for exercising speech, shutter your company, etc.  Same end outcome = poverty.

Welcome to the no-e-con-o-me.


----------



## MannDude (Aug 10, 2013)

*Lavabit founder has stopped using email: "If you knew what I know, you might not use it either"*

Earlier this week, Xeni reported on the shutdown of Lavabit, the email provider used by NSA whistleblower Edward Snowden. Ladar Levison, Lavabit's founder, has given an interview to Forbes about his reasoning for the shutdown, which comes -- apparently -- as a result of a secret NSA search-warrant complete with a gag order.

After discussing the general absurdity and creepiness of not being allowed to freely criticize the government for the order they brought to his company, he concludes by saying that he's stopped using email altogether, and "If you knew what I know about email, you might not use it either."



“This is about protecting all of our users, not just one in particular. It’s not my place to decide whether an investigation is just, but the government has the legal authority to force you to do things you’re uncomfortable with,” said Levison in a phone call on Friday. “The fact that I can’t talk about this is as big a problem as what they asked me to do.”



Levison’s lawyer, Jesse Binnall, who is based in Northern Virginia — the court district where Levison needed representation — added that it’s “ridiculous” that Levison has to so carefully parse what he says about the government inquiry. “In America, we’re not supposed to have to worry about watching our words like this when we’re talking to the press,” Binnall said.



http://boingboing.net/2013/08/10/lavabit-founder-has-stopped-us.html


----------



## texteditor (Aug 12, 2013)

MannDude said:


> Lavabit founder has stopped using email: "If you knew what I know *absolutely anything about the lumbering monstrosity made of ad-hoc RFCs that email is*, you might not use it either"


----------

