Goodbye Lavabit

drmike

100% Tier-1 Gogent
WTF?   Let me guess, Lavabit had *bad* users that the feds wanted to sniff their dirty laundry?  

I've been weary of Lavabit and recently saw of their many accounts less than 10% of the accounts were actively logging in (as per their stats).

If I were getting into the privacy focused hosting, I would start shopping places with active or recent history of defending free speech.  There aren't many places to pick from.

F' the US government.  You god damn goons.  No class whatsoever, none.
 

drmike

100% Tier-1 Gogent
If Snowden was hosting there, ummm well, then Lavabit has real legal issues and a PR / legal fight isn't going to have any legs.

Snowden's disclosures would clearly fall under Patriot Act and even absent that poor legislation would be covered under prior practices and "standards".

If, a service was fully crypto'd and the keys were only in the hands of the customer, then perhaps you could host private in the US.  I wouldn't waste engineering time though.  I'd just flea the Stasi police state and given my money to reasonable people (there aren't many left).

Time for non-cloud, then perhaps non-outsource hosted and then finally P2P based email.  Does such a thing exist?   This truly is about to be the death kneel for email.  By design mind you.
 

Aldryic C'boas

The Pony
This truly is about to be the death kneel for email.  By design mind you.
Only for people like us.  No matter how many security-conscious people you can round up, we still only represent a TINY fraction of actual net users.  So sure, we may end up with our own slightly-more-secure methods of communication.. at the cost of isolating ourselves from friends/family that are part of the masses too ignorant/lazy to care.
 

drmike

100% Tier-1 Gogent
You've never spoke truer words @Aldryic.

I foresaw this wave of tyranny decades ago.  I thought however that commercial interests wouldn't want to see the mass destruction and centralization of services.   Many small hosts, email hosts, etc. are going to go extinct due to actions by government.

I remember years ago when every town had tons of small ISPs and alternatives.  Today, the incumbent monopolies.

Allowing mass consolidation of any form to occur means inevitable extinction of privacy, human rights, fair pricing, etc.
 

jarland

The ocean is digital
You've never spoke truer words @Aldryic.


I foresaw this wave of tyranny decades ago. I thought however that commercial interests wouldn't want to see the mass destruction and centralization of services. Many small hosts, email hosts, etc. are going to go extinct due to actions by government.


I remember years ago when every town had tons of small ISPs and alternatives. Today, the incumbent monopolies.


Allowing mass consolidation of any form to occur means inevitable extinction of privacy, human rights, fair pricing, etc.
Same. I didn't think they'd give us up this easy. Us, the ones responsible for their success. I don't know how we climb out of this one without outside intervention.
 

kaniini

Beware the bunny-rabbit!
Verified Provider
The only way to stop this is to actively resist FISA orders.  That is a dangerous proposition, with the possibility that you will die, as you are challenging the world's largest intelligence apparatus.  For many people, that is too risky of a position to take.

But, it is what is necessary.  Service providers can choose to either be complicit or to actively resist.  Until there is active resistance, it will continue.  Are you willing to defy a FISA court order?

This time around, I am.  But, it's not so easy to come to that conclusion when you are not prepared to resist them.
 

drmike

100% Tier-1 Gogent
I wonder who comes delivering the FISA court orders?  Perhaps doing what many have done before and sending him back to the Court with something extra special :)
 

jarland

The ocean is digital
The only way to stop this is to actively resist FISA orders. That is a dangerous proposition, with the possibility that you will die, as you are challenging the world's largest intelligence apparatus. For many people, that is too risky of a position to take.


But, it is what is necessary. Service providers can choose to either be complicit or to actively resist. Until there is active resistance, it will continue. Are you willing to defy a FISA court order?


This time around, I am. But, it's not so easy to come to that conclusion when you are not prepared to resist them.
That's what they count on, that we will value our lives too much. As an individual, yes I am prepared. As a husband, a soon to be father, I'm not. I've got a lot of anger and few ideas how to react. All I can do is try to make a contribution to privacy.
 

kaniini

Beware the bunny-rabbit!
Verified Provider
The challenge is to find a way to resist a FISA court order while acting in the confines of the law.

If you believe FISA court gag orders to be unconstitutional, and you're willing to fight for that viewpoint, then ignore them.  I certainly do and have lawyers which will back that view.  This is a way that a service provider can resist them which will make an active impact.

There's no valuable contribution that you can make to privacy unless you're willing to invent new forms of cryptography.  The heart of the intelligence beast is the gatekeeper for cryptographic standards.  And if you're inventing new forms of cryptography, you had best get them right, or your cryptography work is useless.

Building isolated infrastructure just means the beast will attack your infrastructure at the points you don't control.  So, for example, they will just tap your traffic upstream if you refuse to comply.  And, that may make your upstream disconnect you.  See, there's plenty of ways they can get in your head and mess with you, as a service provider.

There is certainly no way to have privacy from the beast on the modern Internet.
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
Cryptography isn't a single layer solution.  To date, most everything does just one-over crypto and we all say secure.

At minimum for redundancy and sanity, you should be doing N+1 crypto.  That means 3 levels of crypto.  Crypt the plaintext, then crypt the crypted text, then crypt that.   With CPU speeds on desktops and tons of silicon with crypto speed enhancers (coprocessors) in portables, doing this shouldn't be too much overhead/delay.
 

jarland

The ocean is digital
Doesn't have to be new forms so much as new implementations and ways to streamline the process for the end user. There is no perfect and convenient solution, short of isolation as Aldryic pointed out, but we can certainly fight to make their jobs more difficult, and we should in every way we can.


They are being revealed as an enemy to anyone regardless of political affiliations. As an American, I feel it is my duty to the world to right this wrong that I funded. I feel I must do so in peaceful, nonviolent ways. What ways exactly? Keeping my eyes peeled, let me know if you have any suggestions. Besides the voting channels of course. I'll use that channel until they shut it down, whether it accomplishes anything or not.
 

stim

New Member
Won't distributed systems like bitmessage eventually render NSA surveillance impotent? 

Genuine question.....
 

Slownode

New Member
The US is indiscernible from China these days... except China is developing and the US is rotting.
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
Won't distributed systems like bitmessage eventually render NSA surveillance impotent? 

Genuine question.....
Thanks for posting about Bitmessage.  It is new to me.  Starting to get up to speed and knowledgeable about it.

P2P isn't any layer of security.  It just is kind of like everyone is a server.  Distributed many servers instead of fewer centralized servers.  

In regards to email, the entire hassle of reverse DNS, non moving server target, etc. poses a clear privacy and monitoring issue, so giving a server mobility, ability to change IP, etc. is a mass improvement --- but of course we are comparing email to something entirely different.

NSA surveillance and impotency :)  Well, to reduce sniffing by the feds you must:

1. Deal only in highly encrypted data - real crypto and crypto within crypto --- different layers and types of crypto on same message

2. Be able to tunnel the data in and out through many proxies as to confuses/hide origin and destination

3. None of the routing, sender or end data should be plaintext

4. SSL-only methods of encrypting are woefully inadequate and likely already keyed into by the feds.

That's a start to the conversation.

P2P is arguably a higher target and more suspect in some ways.  What we need is a proxy/packet server that is generic for all sorts of data.  So no one can say email goes through here or video or anything else, it should just be a pipe with whatever so targeting it traditional legal route isn't so simple (court order).
 

drmike

100% Tier-1 Gogent
The US is indiscernible from China these days... except China is developing and the US is rotting.
I am not a China expert, but they seem to hinged upon the US for their stability economically.  Many economic woes in China.  Mass ghost cities sit empty.  Tons of poverty (way more people and higher percentage than US which is huge collection of poor people).

The Great Firewall of China was built by folks like Cisco, a US company.   

Calling China and the US indiscernible is pretty accurate.   Same heavy handed military ran totalitarian governments with top down manufactured corporations that steam roll organic real businesses who don't play along.

Both countries are rotting.  The US is a good 40 years into the rot phase though.  Huge disinvestment in infrastructure. Crumbling cities, highways, bridges, etc.
 

Aldryic C'boas

The Pony
Calling China and the US indiscernible is pretty accurate.
The difference being, there's more honesty there.  There's no "hide behind a smiling elected official" nonsense;  citizens are fully aware that they are constantly being watched, and there are no disillusions about the penalties for invoking govt. ire.  Ask any semi-knowledgable American about what happens to suspected spies/etc - "They get locked up".  Ask a Chinese the same question, and get the real answer - "Best outcome, death".
 

drmike

100% Tier-1 Gogent
 Ask any semi-knowledgable American about what happens to suspected spies/etc - "They get locked up".  Ask a Chinese the same question, and get the real answer - "Best outcome, death".
But, prior to near recent times in the US, worst that could happen is being held in contempt of court to fork over info or contempt for failure to "co-operate" with the government.   Now, under "laws" they can sweep you away to indefinite detention and hold you incommunicado.  Meaning, you effectively get disappeared.

China's heavy death toll, well, the US has long been behind that.   US intelligencia overthrew leaders.  Some say Mao was put into power by the US.  A notorious mass serial killer there.  The one child policy is greatly admired by many US wealthy control freaks.

These are strange days considering modern history where the worlds largest COMMUNIST nation is hip tied to the world purported beacon of freedom and independence.  After all those decades of Cold War, all that money extorted from citizen sweat, and now we lay with the commies?!?!?  See, simple I say, reality isn't as it was advertised to us.
 
Top