Dark Mail Aims to Restore Privacy in the NSA Age
Posted on Oct 30, 2013
The founder of Lavabit, the secure email service provider that shut down rather than betray its customers—including Edward Snowden—to the U.S. government, is back with a new idea for private email.
Ladar Levison is collaborating with Silent Circle, the private company that counts encryption guru Phil Zimmermann among its top executives, to create something called Dark Mail.
The Verge explains:
The protocol is based on the same ephemeral-key encryption that powers many of Silent Circle’s other products. The main technical change is a rejection of SSL, the widely used encryption scheme that has played a central part in Lavabit’s legal troubles. Now that the developers know SSL can be passively decrypted, they no longer trust it, so they’re wrapping all the SSL-encrypted data in an extra layer of protection, running of Silent Circle’s own SCIMP algorithm.
Like previous Silent Circle products, the protocol would also limit metadata, the information that’s used to track each email’s sender and recipient. Like most email services, Darkmail routes every message through a central hub, so outside observers will only be able to see traffic entering and exiting the system. (A message would be seen as sent “to Dark Mail,” for instance, but it would be unclear how it was routed within Dark Mail.) On the server side, Darkmail will scrub the routing information as soon as possible, leaving no records to be pulled by outside agents. By focusing on server architecture as well as individual practices, the protocol would potentially offer more metadata protection than decentralized services like PGP.
—Posted by Peter Z. Scheer