STE WILLIAMS

Lavabit reopens for brief window to let users get at their data

Lavabit logoLavabit, formerly the encrypted-email provider for NSA secret-leaker Edward Snowden, has reopened for a brief window of time to let its users get at their data.

Lavabit founder Ladar Levison on Monday posted a brief message saying that the first step would be to enable users to change their password during a 72-hour period that started on Monday at 7:00 pm Central time (Greenwich Mean Time [GMT] -5).

Lavabit said that the password-change step was created “due to recent events in the news that have lead people to believe that their account information may have been compromised.”

Any users who are concerned that their account information has been compromised will be able to change their account password on a website with a newly secured SSL key.

(Note that the URL Lavabit provided, http://liberty.lavabit.com, doesn’t work in some browsers, bringing up a blank page. This can be fixed by switching to HTTPS: https://liberty.lavabit.com.)

Following the 72-hour window to change passwords, starting on 17 October, the site will then enable users to access email archives and personal account data.

Lavabit abruptly shut down in August amidst legal wranglings that a gag order kept it from disclosing.

Levison said in a statement at the time that it had come down to a decision: either “become complicit in crimes against the American people” or “walk away from nearly ten years of hard work by shutting down Lavabit.”

(As it turned out, Lavabit did, in fact, hand over its crypto keys to the US government – printed in a near-microscopic 4-point font.)

Sister encrypted email service Silent Circle quickly followed suit, silencing email in anticipation of the US government getting its hands on the metadata inevitably associated with email.

Lavabit now says that it’s moving to open the data access window to its users because its abrupt closure – done to protect its users’ privacy – left users without a way to access their sensitive data.

That includes the founder himself, who said in the message posted on Monday that he’s feeling the same pain as his email-less users:

I’m in the same boat as them. I used my Lavabit email account for 10 years. It was my only email account.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/jPrft3-aKT4/

  • 16/10/2013
  • adm
Comments are closed.