I've used Lavabit as an email provider for a couple years at least. They've been offline since yesterday but had a message they were doing maintenance. They've been very reliable so I wasn't alarmed. Today the home page shows this:

My Fellow Users,
I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on--the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.
What’s going to happen now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.
This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.
Sincerely,
Ladar Levison
Owner and Operator, Lavabit LLC
Defending the constitution is expensive! Help us by donating to the Lavabit Legal Defense Fund here (https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=7BCR4A5W9PNN4).



I have all my lavabit messages on Thunderbird (thank goodness!) but I'm going to need to make some changes to various online accounts at least for a while. This also shows to me the risk of relying exclusively on 'the cloud'. I applaud Mr. Levison for his stand, I wonder how many would take on the fight he seems to have taken on.

Thanks for sharing. It's an unfortunate event.
For those who would like to know the context of this message: http://www.theguardian.com/technology/2013/aug/08/lavabit-email-shut-down-edward-snowden

Yeh I just saw it. This totally sucks. I had just changed all my email to them.

The court order the Guardian says Lavabit received is legal in the U.S. under the Patriot Act passed in the aftermath of 911. A lot of us thought at the time that it was too broad and too overreaching, in keeping with the hysteria of the moment. The law needs to be amended or repealed. Otherwise, it is unreasonable and naive to expect political leaders and the security agencies in their control to shy away from pushing the legal limits to do whatever they think will thwart attacks. No politician wants to take the blame for the next 911.

Meanwhile, remember that the net is not designed for privacy. It's an open public space.

(I'd bet Lavabit was a one-person profitless enterprise. If he had employees or the business had any assets, he might not have been so quick to shutter it.)

Lavabit also had all of the Nerdshack.com addresses as well....I had my addy for 12+ years! The only thing I was unhappy about was that the whole thing got shut down without any warning! It made my login a living hell:(

I don't blame them for their decision, but some advance notice would have been nice....

I don't blame them for their decision, but some advance notice would have been nice....

I certainly don't claim to know any details but he may have been forbidden to say anything. I agree though, something along the lines of "due to circumstances beyond my control, lavabit.com will cease operations in X days" would have been nice. I think I have all my info from lavabit.com on Thunderbird. The import/export extension is downright handy:KS.

Most disturbing..My guess is it will get worse before it gets better...IF it gets better.:mad:

Speaking of Lavabit I saw this today on Slashdot. Not sure if I would trust this guy to run a reliable and safe email service but still.

http://yro.slashdot.org/story/13/08/11/1244209/after-lavabit-shut-down-dotcoms-mega-promises-secure-mail



Lavabit may no longer be an option, but recent events driven interest in email and other ways to communicate without exposing quite so much, quite so fast, to organizations like the NSA (and DEA, and other agencies). Kim Dotcom as usual enjoys filling the spotlight, when it comes to shuttling bits around in ways that don't please the U.S. government, and Dotcom's privacy-oriented Mega has disclosed plans to serve as an email provider with an emphasis on encryption.

ZDNet features an interview with Mega's CEO Vikram Kumar about the complications of keeping email relatively secure; it's not so much the encryption itself, as keeping bits encrypted while still providing the kind of features that users have come to expect from modern webmail providers like Gmail: "'The biggest tech hurdle is providing email functionality that people expect, such as searching emails, that are trivial to provide if emails are stored in plain text (or available in plain text) on the server side,' Kumar said. 'If all the server can see is encrypted text, as is the case with true end-to-end encryption, then all the functionality has to be built client side. [That’s] not quite impossible but very, very hard. That’s why even Silent Circle didn’t go there.'"

I read Lavabit was used by Snowden.

http://www.wired.com/threatlevel/2013/08/lavabit-snowden/


A pro-privacy email service long used by NSA leaker Edward Snowden abruptly shut down today, blaming a secret U.S. court battle it has been fighting for six weeks — one that it seems to be losing so far.

Ya, Snowden was the initial cause according to all the mainstream speculation.

Speaking from a purely technical standpoint, the idea of security communications with random people you know is hit and miss, with a lot more miss than hit.

First, both mail hosts need to be secure (and not folding to pressure from whatever government), and then the ISP for you, and for your mail server, and then for all the communications in between. Or, you and your chat partner need to have uncompromised encryption. I went through a period of wanting everything encrypted, and basically zero of the people I talked with wanted to play that game, and most of them didn't even know what I was talking about or why I would want to do such a crazy thing.

Seriously, if you really want to deliver data in secret, you probably need to get a plane ticket, fly over to wherever it is and talk to the other person face to face, out in a field with no electronic devices for a quarter mile.

It seems that a lot of companies are now moving their data away from the USA, it cannot be trusted anymore.
Another article about Lavabit here:
http://www.theregister.co.uk/2013/08/09/silent_circle_shutters_email_service/

It seems that a lot of companies are now moving their data away from the USA, it cannot be trusted anymore.
Another article about Lavabit here:
http://www.theregister.co.uk/2013/08/09/silent_circle_shutters_email_service/

Um...

What assurance do we have that the services in whatever country we move to aren't doing the same thing? Or more?

What assurance do we have that our government (in whatever country we're in) won't get what they want before the message even gets to the foreign account?

What assurance do we have that the recipient of our email isn't getting tapped in spite of everything we can do?

IMO, every time your data passes across a national border, it's subject to search by either government on that boundary. If I understand things correctly, there are no requirements for a warrant in the USA or any other country for data crossing a border, I don't know of a single country who says you have a right to transfer anything across their border without a search and possible seizure. You're basically giving up the right to privacy at that point.

I'm curious since this was the first time I've heard of Lavabit. I read about the closure on ArsTechnica. What advantage did LavaBit give you over just writing your own email, encrypting it with GPG and then sending it out?

I'm curious since this was the first time I've heard of Lavabit. I read about the closure on ArsTechnica. What advantage did LavaBit give you over just writing your own email, encrypting it with GPG and then sending it out?

Ease of use? Lavabit had a nice webmail so you could use it just like Gmail or Hotmail/Outlook. With the same benefits of those two but a privacy friendlier company behind it. Technically it's a lot harder to run your own mail server than switching to a webmail alternative. So I wouldn't compare it to solution like writing your own mail but rahter compare it to the mainstream webmail providers.

When I started a thread on alternatives to Gmail (http://ubuntuforums.org/showthread.php?t=2131944) some weeks ago some folk called me a wacko. A wacko is someone that has her/his e-mail stored in a country like the US and does not worry about it.