Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Silent Circle Follows Lavabit By Closing Encrypted E-mail Service

Soulskill posted about a year ago | from the privacy-hostile-environment dept.

Encryption 470

Okian Warrior writes "Silent Circle shuttered its encrypted e-mail service on Thursday, in an apparent attempt to avoid government scrutiny that may threaten its customers' privacy. The company announced that it could 'see the writing on the wall' and decided it would be best to shut down its Silent Mail feature. 'We’ve been debating this for weeks, and had changes planned starting next Monday. We’d considered phasing the service out, continuing service for existing customers, and a variety of other things up until today. It is always better to be safe than sorry, and with your safety we decided that the worst decision is always no decision.' The company said it was inspired by the closure earlier Thursday of Lavabit, another encrypted e-mail service provider that alluded to a possible national security investigation." Does anyone have replacement recommendations for people who used these services?

cancel ×

470 comments

Sorry! There are no comments related to the filter you selected.

Should have used host files (0)

Anonymous Coward | about a year ago | (#44519331)

Props to my main home dogg apk

Re:Should have used host files (0)

Anonymous Coward | about a year ago | (#44519367)

APK is kinda like Beetleguise. You have to say his name three times.

Nicely done (5, Insightful)

beefoot (2250164) | about a year ago | (#44519341)

The US government is basically forcing technology firms to move else where.

Re:Nicely done (0)

Anonymous Coward | about a year ago | (#44519407)

Deinitively a chilling effect

Re:Nicely done (5, Insightful)

flitty (981864) | about a year ago | (#44519609)

1. Force shutdown of US based communications companies for non-compliance with PRISM.
2. Suddenly, all commucation is "foreign".
3. All communications are now collectible without any oversight.

Re:Nicely done (3)

gmuslera (3436) | about a year ago | (#44519799)

If is encrypted is collected anyway. So, or you have it in a way easy to collect (and no guarantee that is not collected anyway, still a lot to be disclosed), or you have it in a hard way to collect (and there they will try to get it). Your best bet is still hard to break encryption, and if by law you can't have it inside US, you must have it outside. And if is important (i.e. concerned about the intellectual property of what you discuss), move yourself outside too, at least your communication with the server have less chances to be intercepted.

Re:Nicely done (-1, Offtopic)

Mashiki (184564) | about a year ago | (#44519803)

Good point, now let me ask. So Americans, Obama is better than Bush...right? Right? Haha. Congratulations, you elected Carter II for two terms.

Re:Nicely done (1, Funny)

Anonymous Coward | about a year ago | (#44519877)

For those of you who dont get the reference: Hes talking about this. [wikipedia.org]

Re:Nicely done (3, Interesting)

Bill, Shooter of Bul (629286) | about a year ago | (#44519843)

Brilliant!
I think the idea in this case was that lavabit and silent circle didn't have any way to decrypt your email. If this was true, then it wouldn't matter where it was as long as that remained true and email was between two users of the service ( obviously the NSA could read your sent and received email by just hacking the recipient/ sender of each email) .

Re:Nicely done (1)

Anonymous Coward | about a year ago | (#44519627)

Move where? If you are going to take this it is better to be safe than sorry approach, and give up before the government does anything to actually force you somewhere else, what other country could you operate in? Any other country has some potential to do the same thing, to eventually produce laws or actions that interfere with such operations, so you can't set up such a service in any country if you want to play it safe. This seems like a cop-out, that they are just making things easier for the government by removing one more such service in the name of safety instead of trying to fight or fix things.

Re:Nicely done (1)

buchner.johannes (1139593) | about a year ago | (#44519861)

Are there any alternative services that do something similar as Lavabit? Perhaps not US-based?

Weird! (0)

aglider (2435074) | about a year ago | (#44519351)

So what'd be "encrypted email" for? Horny partners? Surprise birthday parties?
I am really curious what they think about it.

Re:Weird! (5, Insightful)

intermodal (534361) | about a year ago | (#44519445)

The same thing the Fourth Amendment is for. Keeping out people who have no business reading your mail.

Re:Weird! (4, Insightful)

Dr Damage I (692789) | about a year ago | (#44519453)

Anyone who thinks their private communications should be just that... private

Re:Weird! (4, Insightful)

MathFox (686808) | about a year ago | (#44519471)

The customers of the company I work for do not like it when their blueprints are publicly available. Would you like to have your code and documentation searched by gmail to show ads? (What information do these ads leak to the company that pays for it?)
And any "alien" Amazon, Microsoft, Yahoo or Google cloud data is up for collection by the NSA. Sounds like a good reason to encrypt at least some of your mail.

Re:Weird! (3, Informative)

jeffmeden (135043) | about a year ago | (#44519783)

The customers of the company I work for do not like it when their blueprints are publicly available. Would you like to have your code and documentation searched by gmail to show ads? (What information do these ads leak to the company that pays for it?)
And any "alien" Amazon, Microsoft, Yahoo or Google cloud data is up for collection by the NSA. Sounds like a good reason to encrypt at least some of your mail.

Using SMTP to transmit that kind of info in the clear is a bad idea, even if the endpoints are credible. Interception is your biggest risk if you are two known parties trading in proprietary information, and probably doing so to/from fixed geographic locations as well. Why not encrypt the payload to guard against this?

What an encrypted email service does is different, they offer a quasi-anonymous way for people to send/receive email so that they can accept messages from unknown parties and trust that the contents will be a secret (if they arrived without being snooped). A person in Snowden's position is attracted to this because he can trade emails with otherwise uninvolved persons (who wouldn't necessarily be subject to scrutiny by the feds or "evil corp X") and the only real "link" between any of those parties is heavily encrypted on the server (and the provider doesnt even hold the keys) unless a snooper gets really lucky and intercepts enough of them to put the pieces together.

Re:Weird! (0)

Anonymous Coward | about a year ago | (#44519913)

What an encrypted email service does is different, they offer a quasi-anonymous way for people to send/receive email so that they can accept messages from unknown parties and trust that the contents will be a secret (if they arrived without being snooped). A person in Snowden's position is attracted to this because he can trade emails with otherwise uninvolved persons (who wouldn't necessarily be subject to scrutiny by the feds or "evil corp X") and the only real "link" between any of those parties is heavily encrypted on the server (and the provider doesnt even hold the keys) unless a snooper gets really lucky and intercepts enough of them to put the pieces together.

This is not accurate.

The encrypted email systems like Lavabit and Hushmail simply encrypt the email at rest once it is delivered and, of course, offer secure SMTP connections to other MTAs. Since most MTAs do not support TLS or SSL, most email is sent in the clear across the Internet.

Further, in order for Lavabit or Hushmail to show you your email, they must have your key - at least briefly - in order to decrypt your email before sending it down the pipe to your email client or their web interface. Therefore, there is exactly ZERO security in any encrypted email service from government meddling. The government can, and does, force the providers to decrypt your email because the providers have the technical capability to do so.

The only advantage gained from an encrypted email system is against hackers. If someone who isn't the government gains access to the server itself, they will only be able to get encrypted noise from your mail dir.

I honestly see almost no value in using an encrypted email system if the goal is to hide your data from the government.

Re:Weird! (5, Interesting)

Jeffrey Hornby (2903545) | about a year ago | (#44519531)

political types who don't want their election strategies sent to the their opposition because someone at the NSA supports the other political party. political dissidents in "friendly" countries like Saudi Arabia who would be turned over at the drop of a hat. people who are negotiating contracts with the government and don't want their negotiating strategies revealed. whistleblowers.

Re:Weird! (5, Insightful)

Anonymous Coward | about a year ago | (#44519561)

So i guess, you didn't use envelopes for your mail before email?
Why use clothes even? What do you have to hide?
Why whisper?

That's right... it's called privacy.

Re:Weird! (1)

Desler (1608317) | about a year ago | (#44519601)

It's for the same reason why you lock your front door and put blinds on your windows.

Re:Weird! (3, Insightful)

Anonymous Coward | about a year ago | (#44519623)

So what'd be "encrypted email" for?

It's like the envelope in snail mail. You put your mail in an envelope to protect it until it arrives at its destination, don't you? Encryption accomplishes the same thing for e-mail.

Re:Weird! (-1)

Anonymous Coward | about a year ago | (#44519743)

Ahh, so you must be one of those "If you are not doing anything wrong, you have nothing to hide..." assholes.

I invite you to post every private communication you have ever made online.

Oh wait, judging by your UID you are probably of the facebook generation and already do this. So I leave you with this... fuck you.

Re:Weird! (-1, Offtopic)

aglider (2435074) | about a year ago | (#44519899)

judging by your UID you are probably of the facebook generation

Your wrong, sir! If you're UID if dividible by 47 you be on faceboek. M'ine is not.
I be from the whazzup generation as I be divided by 1217537 and 2 alone.

Re:Weird! (2)

DizTorDed (164355) | about a year ago | (#44519769)

With that in mind, why do we put mail in lined envelopes? People do not seem to remember that email is sent plain text. Can be read by anyone. If you do not care who reads it, then why just have one recipient? CC everyone? CC the NSA and CIA? The conversation I share with people is not sensitive, not dangerous, does not contain anything that would cost a person their life. That conversation though, is between the person and myself. I feel uneasy using email due to this reason.

Re:Weird! (1)

gmuslera (3436) | about a year ago | (#44519849)

What you read, how you live, with who, etc, is your privacy. What you write, in the other hand, is intellectual property, is that is what is being examined for you and the rest of the world before even is finished/patented/protected. And won't be surprised if this is used to capture that, you could be discussing the next billon dollars next idea with someone, that communication be intercepted and end that idea patented before you can by some corporation "close" to the government.

NSA or Chinese great firewall (3, Interesting)

beefoot (2250164) | about a year ago | (#44519357)

In USA, if you google search specific terms will result a visit from the authority (hint pressure cooker and back pack). In China, if you want to find something the government does not want you to know, you just can't find it. I don't know which one I like best.

Re:NSA or Chinese great firewall (5, Informative)

therealkevinkretz (1585825) | about a year ago | (#44519403)

It turned out that the visit from Homeland Security after the "pressure cooker" and "backpack" searches weren't a result of Google monitoring but of a report from the guy's employer after finding the search on his work computer.

Re:NSA or Chinese great firewall (5, Insightful)

sacrilicious (316896) | about a year ago | (#44519599)

Yes, that's what the official story may be... but who knows? Just two or three days ago was the whole exposing of how the government admitted that they have been coming up with "alternate explanations" of how they get various pieces of intelligence so that the official explanations don't point to prism/etc. So truly, how can we possibly know?

Re:NSA or Chinese great firewall (2)

theguyfromsaturn (802938) | about a year ago | (#44519773)

Well, why don't you test the official story? It's easy, go to your computer and google search "pressure cooker" and a few minutes later "back pack". Make sure to let us know if the MIB go visit you. Here on /., we like to know.

Re:NSA or Chinese great firewall (1)

JustOK (667959) | about a year ago | (#44519823)

If they did show up, how would the poster be able to convey that info to us?

Re:NSA or Chinese great firewall (1)

stewsters (1406737) | about a year ago | (#44519905)

Dead man's switch posting. I'm pretty sure you can set that up with an Arduino, a network shield, and a button.

Re:NSA or Chinese great firewall (1)

Threni (635302) | about a year ago | (#44519971)

They would enter text into a text box and then click submit.

Re:NSA or Chinese great firewall (1)

Binestar (28861) | about a year ago | (#44519973)

How about if they don't show up he posts, if they do he doesn't.

Re:NSA or Chinese great firewall (2)

interkin3tic (1469267) | about a year ago | (#44519663)

In capitalist America, employer IS government!

Re:NSA or Chinese great firewall (2, Insightful)

Dunbal (464142) | about a year ago | (#44519745)

No that was the bullshit damage control. You know how I know? Don't you remember the guy in England who said he was going to "have a blast" (or something to that effect) in Los Angeles, and was turned around at the US border? They are reading everything. They just don't want you to think that they are.

Re:NSA or Chinese great firewall (0)

tgd (2822) | about a year ago | (#44519833)

It turned out that the visit from Homeland Security after the "pressure cooker" and "backpack" searches weren't a result of Google monitoring but of a report from the guy's employer after finding the search on his work computer.

Don't let facts spoil a Slashdot privacy wank-fest.

Re:NSA or Chinese great firewall (0)

Anonymous Coward | about a year ago | (#44519437)

Not true. A worker informed on a colleague to the local police. So stop spreading your lies.

Re:NSA or Chinese great firewall (1)

Dunbal (464142) | about a year ago | (#44519781)

Except you're the one taking the government's word for it and spreading disinformation. You go try convincing local cops to get off their asses and go talk to someone over a google search and see how likely that is.

Re:NSA or Chinese great firewall (0)

Anonymous Coward | about a year ago | (#44519459)

the USA seems like the gestapo here. They have traps set up in secret to get you. If they happen to find out that your selling drugs in the process, then yay, two birds.

Re:NSA or Chinese great firewall (1)

gmuslera (3436) | about a year ago | (#44519935)

You get NSA inspection in US, China, Switzerland, Peru, New Zeland and the rest of the world. In some countries, if they don't like what you are looking for, they send to your entire neighbourhood a drone (and then claim "we hit terrorist suspects", with nothing left alive to discuss that), thing that could expand to other countries, and maybe US too. Chinese firewall only targets chinese citizens and is more about preventing than punishing. Yes, both are bad, but the NSA is several orders worse.

And so it begins (0)

Anonymous Coward | about a year ago | (#44519363)

The road to enlightenment.

Were they contacted? (0)

Anonymous Coward | about a year ago | (#44519371)

Who wants to bet that they were just or already contacted by the US government like Lavabit, and ommitted that from their closing explanation for legal reasons?

Re:Were they contacted? (4, Insightful)

Captain Hook (923766) | about a year ago | (#44519759)

Who wants to bet that they were just or already contacted by the US government like Lavabit, and ommitted that from their closing explanation for legal reasons?

Their statement about closing the service specifically said they hadn't been contacted so if they have been contacted then they didn't just make an ommission it would have been an outright lie.

Because Lavabit has been officially contacted they can't destroy any data, they can shutup shop to prevent anyone else falling into the net which is what they have done but for anyone who have already used the service and have any data already on the Lavabit servers, it's just a matter of time before their data is decrypted one way or another..

I suspect that Silent Circle are shutting up shop before any warrents arrives, that means that it's completely legal for them to destroy any and all data they have. I wouldn't be surprised if the data is already wiped at a software level and the hardware destruction is either in progress or getting planned.

First rule about Fight Club... (5, Funny)

Anonymous Coward | about a year ago | (#44519379)

Does anyone have replacement recommendations for people who used these services?

The first rule of Fight Club is: You do not talk about Fight Club.

enigmail/pgp/gpg (4, Insightful)

Eunuchswear (210685) | about a year ago | (#44519381)

Encryption should be end-to-end. How can you trust someone else to do it for you?

Re:enigmail/pgp/gpg (4, Interesting)

doconnor (134648) | about a year ago | (#44519443)

One advantage of these 3rd party email services is that you can't tell who is emailing who without getting access to their servers. It seems some of them are willing to go out of business to prevent that.

Re:enigmail/pgp/gpg (1)

intermodal (534361) | about a year ago | (#44519461)

The unfortunate thing is, despite this being a huge endorsement for their services, those services are no longer available from them.

Re:enigmail/pgp/gpg (4, Informative)

PetiePooo (606423) | about a year ago | (#44519733)

Encryption should be end-to-end. How can you trust someone else to do it for you?

I was thinking the same thing; Phil Zimmerman [wikipedia.org] had it figured out decades ago. As long as both ends keep the snoops out of their computers, with PGP or GnuPG, [wikipedia.org] all they can read is the envelope information between SMTP relays. As far as we know, anyway...

That method requires a little more technical skill than having some SaaS provider do it, but if you've got secrets to protect, that's a small price to pay. Use big keys and EC to help future-proof.

And for keeping even the envelope info private, just run a private email service of your own (with no external mail gateway), and keep the snoops off of it. Allow access only via VPN or SSH tunnels.

Location (0)

Anonymous Coward | about a year ago | (#44519419)

as they say, Location location location. From what we are reading any replacement must be outside the US, otherwise it will not be secure. It sounds like their closing was the only way they could think of to get the message across to us that the government is looking at your secure mail.

Simple option(s)... (5, Interesting)

pla (258480) | about a year ago | (#44519427)

Does anyone have replacement recommendations for people who used these services?

I would say "something hosted outside the US", but as the international banking community has shown, Uncle Sam's jack-booted foot extends well outside our own borders.

So that really leaves "GPG" as you sole realistic option. End to end encryption, with no one but you and the recipient knowing what you wrote. Of course, "they" can compromise either end, but it deprives them of the ability to funnel everything on the wire into their data centers for 4th-amendment violating goodness.

Or, we could all go back to writing letters. Oddly enough, that still has more legal protections behind it than any other form of communication.

Re:Simple option(s)... (2, Insightful)

Anonymous Coward | about a year ago | (#44519503)

There is one flaw...they may not know what the message says, but they can still tell WHO you are emailing

Re:Simple option(s)... (0)

Anonymous Coward | about a year ago | (#44519685)

There is one flaw...they may not know what the message says, but they can still tell WHO you are emailing

When scouring through millions of lines of "metadata", you WILL stand out like a sore thumb if you are somehow able to hide WHO you are trying to communicate with electronically if it appears quite different than all other metadata. Encrypted containers are a bad enough red flag to welcome undue monitoring, so not so sure that is really a flaw in our world of data analysis.

Re:Simple option(s)... (0)

Anonymous Coward | about a year ago | (#44519763)

> There is one flaw...they may not know what the message says, but they can still tell WHO you are emailing

And so unnecessary! Remailers exist, but are centralized. Build in the remailer functions into normal mail clients and have the encrypted messages shuffled between users directly. Person A emails Person B, but the trail first goes to C, D and F, before finally arriving at B. No user intervention needed, the client takes care of processing it.

Re:Simple option(s)... (1)

Anonymous Coward | about a year ago | (#44519819)

Separate your email identity from yourself. This isn't worth the trouble for most people in the U.S., but would be for people in really oppressive countries. VPN -->TOR-->Webmail account not tied to your name. Use GPG to encrypt the message contents.

Re:Simple option(s)... (4, Informative)

JeanCroix (99825) | about a year ago | (#44519505)

Or, we could all go back to writing letters. Oddly enough, that still has more legal protections behind it than any other form of communication.

Well, except for that whole thing about USPS photographing and storing images of every envelope it processes. They've resorted to actually opening and reading them in the past; I don't think, given the current state of affairs, that they're beyond that now.

Re:Simple option(s)... (0)

Anonymous Coward | about a year ago | (#44519699)

So long as there are still public drop boxes for mail, return addresses are pretty easy to spoof :)

Yes they know John Doe @ 123 main got a letter but not from who. It'd be very easy to have a "was this opened" system that would show any bulk opening.

USPS scanning from/to addresRe:Simple option(s)... (0)

Anonymous Coward | about a year ago | (#44519529)

Well, Sam is there as well. With USPS mandate to photograph all mail, it creates database of meta data (from who to who).

Re:Simple option(s)... (5, Informative)

Anonymous Coward | about a year ago | (#44519537)

https://www.neomailbox.net/

Neomailbox is a good one. Hosted in Switzerland, also provides VPN services.

They have stronger privacy laws than we do, which helps on the non-technical end.

Re:Simple option(s)... (0)

Anonymous Coward | about a year ago | (#44519797)

This works until the use of VPNs become illegal as only people who are trying to be so covert must be possible terrorists.

Re:Simple option(s)... (1)

Anonymous Coward | about a year ago | (#44519575)

Does anyone have replacement recommendations for people who used these services?

I would say "something hosted outside the US", but as the international banking community has shown, Uncle Sam's jack-booted foot extends well outside our own borders.

So that really leaves "GPG" as you sole realistic option. End to end encryption, with no one but you and the recipient knowing what you wrote. Of course, "they" can compromise either end, but it deprives them of the ability to funnel everything on the wire into their data centers for 4th-amendment violating goodness.

Or, we could all go back to writing letters. Oddly enough, that still has more legal protections behind it than any other form of communication.

This is exactly right. A read (or re-read) of Cryptonomicon should be high on the to-do list of any privacy-inclined individuals.

Re:Simple option(s)... (0)

Anonymous Coward | about a year ago | (#44519589)

We will see how long that holds. http://www.foxnews.com/politics/2013/08/02/postal-service-takes-photos-all-mail/

Re:Simple option(s)... (0)

Anonymous Coward | about a year ago | (#44519755)

Hmmm... I wonder if that is part of the whole "Bankrupt, then close the post office" farce that is going on. It is also (extra?) illegal to send fraudulent notices/documents through the mail, but not via fed-ex/ups/courier.

Which is why a lot of phony foreclosure documents are sent courier. If it doesn't go through the mail, then it isn't mail fraud.

Re:Simple option(s)... (0)

Anonymous Coward | about a year ago | (#44519961)

encrypt data. convert into QR. Print QR onto how many pieces of paper it takes. put paper in mylar bag to stop terahertz imaging. put in envelope with insurance and all the other bells and wistles. mail to whoever you want to have the data.

they can't tell anything went through, it is protected from casual mail fraud, and you can have an offline copy that will last a VERY long time.

Or... (0)

Anonymous Coward | about a year ago | (#44519507)

Does anyone have replacement recommendations for the NSA?

Re:Or... (1)

CanHasDIY (1672858) | about a year ago | (#44519841)

Does anyone have replacement recommendations for the NSA?

A rotting stump.

Distributed Mail (1)

barlevg (2111272) | about a year ago | (#44519525)

To me, the takeaway message from all of this is that, if you value privacy above all else in your email exchanges, you can't trust a company, because either they'll sell you up the river for a song, or they'll shutter themselves to avoid government pressure. So here's my question: why don't more people simply run their own mail servers? It's certainly not difficult. [ubuntu.com] There are a few problems, of course, namely, needing an always-on computer, sorting out the issue of dynamic IP (dyndns [dyn.com] is a great, free solution), and the issue of small mail servers flagging spam blacklists. I also seem to remember various residential ISPs (like Comcast) having running a mail server be against their TOS, but I can't find anything to back that up, so I might be remembering incorrectly. In any case, none of these problems are insurmountable, and I really wonder if this is the solution for the privacy-paranoid among us.

Comcast and Mail Servers (2)

barlevg (2111272) | about a year ago | (#44519643)

Found it! [comcast.com]

Under "Technical Restrictions," they list

use or run dedicated, stand-alone equipment or servers from the Premises that provide network content or any other services to anyone outside of your Premises local area network (“Premises LAN”), also commonly referred to as public services or servers. Examples of prohibited equipment and servers include, but are not limited to, email, web hosting, file sharing, and proxy services and servers

However, I don't think they go to the trouble of enforcing this very often.

Re:Comcast and Mail Servers (1)

CanHasDIY (1672858) | about a year ago | (#44519855)

Found it! [comcast.com]

Under "Technical Restrictions," they list

use or run dedicated, stand-alone equipment or servers from the Premises that provide network
content or any other services to anyone outside of your Premises local area network (“Premises
LAN”), also commonly referred to as public services or servers. Examples of prohibited
equipment and servers include, but are not limited to, email, web hosting, file sharing, and proxy
services and servers

However, I don't think they go to the trouble of enforcing this very often.

They will, if enough people start running their own mail servers.

Re:Distributed Mail (3, Insightful)

ahadsell (248479) | about a year ago | (#44519693)

The issue that Silent Circle points out is that SMTP is inherently unable to provide security against traffic analysis. Even if the body of the email is encrypted, the headers cannot be.

So yes, you can run your own email server, and require that only gpg traffic pass through it. But that won't keep you secure against traffic analysis (aka "metadata collection") with collection performed at your ISP.

Re:Distributed Mail (2)

BaronAaron (658646) | about a year ago | (#44519747)

Running a mail server from home is near impossible on most ISPs. The majority of ISPs block incoming traffic, and in some cases even outgoing traffic, on port 25 (SMTP). Even if you can get around this using alternate ports, chances are your ISPs IP range is blanket blacklisted by most anti-spam lists.

Your best bet for privacy and control of your e-mail would be to setup a collocated or rented server. You'll have to configure some sort of encryption for your e-mail messages in case the data center gets raided and the servers/hard drives confiscated.

In the end, your SMTP traffic can still be sniffed acrossed the network anyway, since most SMTP traffic is unencrypted.

Encrypted (5, Funny)

DeBaas (470886) | about a year ago | (#44519527)

The company announced that it could 'see the writing on the wall'

They were however not able to read it.....

Re:Encrypted (-1)

Anonymous Coward | about a year ago | (#44519969)

that did not deserve a 4.
For the ignorant, the expression "see the writing on the wall" means they can see that if they continued operations in the US, they could expect a visit from the FBI, CIA, or whoever.

Penet.fi all over again... (1)

Moskit (32486) | about a year ago | (#44519535)

Just this time it's not Scientology sect, but governments.

http://en.wikipedia.org/wiki/Penet_remailer [wikipedia.org]

The only lesson learned is that there is no such thing as fully anonymous email service, it's always just a certain degree, especially when it comes to USA power play.

Pigeons! (2)

schneidafunk (795759) | about a year ago | (#44519557)

Encrypted messages sent by pigeon carriers [nytimes.com] worked in the past!

NSL order to not reveal NSLs (5, Insightful)

KiloByte (825081) | about a year ago | (#44519565)

I don't think Silent Circle would commit an effective suicide just preventively. Lavabit, while technically not saying a word about NSLs, told us very clearly what the request was. If the government criminals are not idiots, they learned and worded the Silent Circle order in a way that prevented such disclosure.

Re:NSL order to not reveal NSLs (1)

Anonymous Coward | about a year ago | (#44519669)

From the article:

"We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now"

Re:NSL order to not reveal NSLs (2, Informative)

Anonymous Coward | about a year ago | (#44519721)

PRZ already has been in the government sights (suspected ITAR violations of PGP). I can understand why he is leery.

Of course, there is Hushmail which is still around. It isn't perfect (they had to comply with an Interpol order and hand over stuff), but it is probably the best bet and is pretty sound.

Re:NSL order to not reveal NSLs (0)

Anonymous Coward | about a year ago | (#44519795)

That's exactly what the government told them to say.

Just like the NSA tells providers of closed-source encryption products to put in a back door and then proclaim there is no back door.

What the heck is going on? (1)

bickerdyke (670000) | about a year ago | (#44519617)

What the heck is going on over there?

Do you really have running governmant agents around closing shops at will?

That's not a good sign.

Hype or Reallity? (1, Insightful)

Ronin Developer (67677) | about a year ago | (#44519649)

Okay, playing devil's advocate here.

LavaBit shuts down "citing" pressure they have received from gov't agencies. No evidence is provided to indicate that reason behind the shutdown...just they guy's word.

Given how everybody is rallying against the gov't at this time - could this actually just be an action of protest rather than a true, official, take-down? Everybody will just assume that the gov't forced the take down "just because". Who would be the wiser? Right? Makes their point, right?

Now, we have Silent Circle shutting down because they "see the writing on the wall". What writing, is that, exactly? Certainly, if they (or LavaBit) have a take down notice but can't share it to confirm the take down...we really don't have proof of their motivations do we? So, trusting souls that we are, we have to assume their motivations are real and not hype for political or protest purposes.

Just say'n.

Re:Hype or Reallity? (0)

Anonymous Coward | about a year ago | (#44519807)

The writing is the fact that your entire business is built on a trust that you can provide private communication, but the very moment the government supplies you with a NSL everyone using your service is suddenly compromised.

By being preemptive about it, they can destroy keys and retain their dignity. Not as fun without the tin foil, I know, but maybe they should be lauded rather than criticized.

The crazy times (1)

jovius (974690) | about a year ago | (#44519651)

Security investigations lead to closures of secure services.

Citizen... (4, Funny)

wbr1 (2538558) | about a year ago | (#44519657)

Does anyone have replacement recommendations for people who used these services?

Citizen, we welcome you to use the new service at secure.nsamail.com. This will ensure that no terrorists, paedophiles, or drug dealiers co-opt your email account for their nefarious purposes.

Thank you for your cooperation.

Re:Citizen... (1)

wbr1 (2538558) | about a year ago | (#44519683)

In addition, if you are one of the first 100,000 to sign up, we will give you an expedited TSA search pass to use when you travel. (Good for a single one-way trip only, limit one per citizen.)

American Dissonance (0)

Anonymous Coward | about a year ago | (#44519671)

This is just another day's story in long chain of revelations following Snowden's upheaval. The government is accelerating the pace; tightening their grip. I have never been so politically motivated as I am now. I feel this is going in a bad direction and I want to do something. Now what?

Re:American Dissonance (1)

Anonymous Coward | about a year ago | (#44519713)

I could start by spelling dissidence correctly.

Re:American Dissonance (0)

Anonymous Coward | about a year ago | (#44519871)

bend over.

we the people need anonymous p2p communication (0)

Anonymous Coward | about a year ago | (#44519677)

we need a communication system that is outside of the control of any corporation or government

peer-to-peer mesh networking has the most promise in this regard

hopefully one will become popular and accessible enough before the existing infrastructure is locked down so tight that it would be impossible to create

we may already be too late

Re:we the people need anonymous p2p communication (0)

Anonymous Coward | about a year ago | (#44519929)

It's already too late.

Any attempt to bypass the NSA now will only provoke a response to shut down or make illegal the technologies used to implement such a bypass.

Some have said the citizen's shouldn't be afraid of their government but that the government should be afraid of it's citizens. It seems this government has decided the citizens are the enemy and is already running in terror mode.

Open WhisperSystems (4, Informative)

Anonymous Coward | about a year ago | (#44519715)

Open WhisperSystems (https://whispersystems.org) doesn't have encrypted e-mail, however they do have Android-based encrypted phone (RedPhone) and text (TextSecure) capabilities. They are working on iPhone releases in the near future of their products. Btw, all of it is open source and they DO release the source code as well.

Take action (0)

Anonymous Coward | about a year ago | (#44519753)

Stop making excuses and justifications for this behavior by "elected" leaders. Pack your bags, gather your family, take your intelligence and talent (and savings - while you can!) - and leave this sorry ass country behind. Go somewhere and create a new life where you will be respected and appreciated. Don't think such a place exists? Get a passport...and then look forward to dumping it for a new and improved one in the future.

Re:Take action (1)

CanHasDIY (1672858) | about a year ago | (#44519907)

Stop making excuses and justifications for this behavior by "elected" leaders. Pack your bags, gather your family, take your intelligence and talent (and savings - while you can!) - and leave this sorry ass country behind. Go somewhere and create a new life where you will be respected and appreciated. Don't think such a place exists? Get a passport...and then look forward to dumping it for a new and improved one in the future.

Or we could, you know, not be a bunch of chickenshits, and actually stand the fuck up for ourselves. Well, OK, maybe not a cut-and-run pussy like yourself, but the rest of us...

Seriously, guys, the only reason they get away with this kind of shit is because we let them, and we let them because we're too busy either looking for an exit like this asshole, or arguing with each other about trivial nonsense.

You want to effect change? Just stand up. That's it - Just. Stand. Up.

Hushmail (1)

Pro923 (1447307) | about a year ago | (#44519839)

hushmail.com. The servers are outside the country.

Encrypted Email Alternative (0)

Anonymous Coward | about a year ago | (#44519845)

"Does anyone have replacement recommendations for people who used these services?" There is a valiant effort to create an alternative. It's called mailpile --> http://www.mailpile.is/ [mailpile.is] and you can help jumpstart it by donating here --> http://www.indiegogo.com/projects/mailpile-taking-e-mail-back [indiegogo.com] . Go now...fly like the wind.

Use the mail to send encrypted micoSD cards. (0)

Anonymous Coward | about a year ago | (#44519863)

Just a suggestion.

Pyrate saying: (1)

vm146j2 (233075) | about a year ago | (#44519867)

Anything known by more than one person is no secret!

Arrrgh!

Email made in Germany (0)

Anonymous Coward | about a year ago | (#44519903)

In Germany an initiative is started to use SMTP TLS between email providers.

https://www.e-mail-made-in-germany.de/

Remember when the press covered stuff like this? (2)

Kohath (38547) | about a year ago | (#44519915)

Does anyone remember when the press covered stuff like this? Before 2009, the Lavabit shutdown would have been national news. Everyone would have known the name of Lavabit's owner.

His name is Ladar Levison.

distributed encrypted p2p email system (5, Interesting)

Janek Kozicki (722688) | about a year ago | (#44519965)

Lavabit and silent circle inspired me to think about some kind of peer to peer distributed email system.

Although currently everyone can install an email server (e.g. there are several available in debian). It is not what would solve the problem. Not just because it requires technical expertise, but also because it requires too much dedication on your side to maintain your freshly installed server. Also to make sure it has outside access with SMTP port, and so on. Not mentioning that it needs about 100% uptime. Such solution is too much centralized.

I was thinking about p2p email more like this one [psu.edu] which I googled right after I had this initial idea. This is a proof of concept so it can work.

Key features would be:
1) uses p2p distributed encrypted file system, like tahoe [tahoe-lafs.org]
2) each p2p node can act as email receiver/sender
3) to send email to someone you use nick@1.2.3.4 where 1.2.3.4 is any IP that is running p2pemail. Simplest would be 127.0.0.1 if you just run a p2pemail node yourself.
4) everyone can have p2pemail account, just connect via https to nearest p2pemail node. It can be running on your computer or anywhere else. Doesn't matter. This just requires setting up an account name on your side, and a lenghty password, which is also used as a sha256 seed for private key for encryption of your emails and also as a PGP signature for you emails.
5) PGP signing emails would be so easy, that it would be a new standard.
6) all encryption and decryption is done locally on your computer either in javascript or in your email client. Just make sure that your browser and computer are not compromised.
7) if any of p2pemail nodes are running compromised code (eg. like compromised tor nodes) they still cannot read your email, because they have no acces to your private key. The only hope they can have is to monitor when you are accessing your data, but only if a request to the compromised node is made.
8) even if huge NSA datacenter decided to store all p2pemail data, they still cannot read it, and have nobody to file a warrant to.

If we combined that with bitcoins we would get additional (optional) features:
9) buy storage with bitcoins, while buying decide how many copies of your data you want to have (can change this anytime later). Offer any price you want, lower bids might not be taken.
10) provide encrypted storage space and get paid. If you store multiple copies of same data (might be possible before p2pemail gets popular) ensure that at least it is on different physical locations, otherwise you might be compromising security
11) create whitelists with people from whom you want to receive email, add mandatory bitcoin fees if anyone not on the whitelist wants to send you email.
12) You can create various stages if whitelisting, depending on domains you can define different prices to receive email. Or you can say that first email is free for everyone, and each next will be paid or not depending on if you received spam. Or configure spamassasin to decide for you.

PROBLEM: where do my friends send email to?
ANSWER: your_nick@p2pemail.org/net/com/info (we need to register many domains, and use many IPs to resolve those dns-es)

PROBLEM: Will my address still be the same after long time?
ANSWER: your nick in p2pemail will be the same, tell your friends that if they cant send email (eg. govt seized all p2pemail domain names), then they have to find some p2pemail node. Google it, or install one themselves. If they can't do that, you can solve this by installing a node yourself, and making sure it has the same domain name all the time. Services like dyndns can help you with that.

well maybe that's just a pipe dream. But the proof of concept implementation that I linked above gives some hope. What do you think?

My Suggestion (2)

Spottywot (1910658) | about a year ago | (#44519967)

I'm on the verge of installing this Enigmail addon for Thunderbird [mozilla.org] , however as Thunderbird still uses my web based mail provider it will still show who it's too and from etc, does anyone know of a completely peer to peer e-mail system which could get around this?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>