Return to

Is Lava Bit compromised and how? If Not encrypted mail server vid ¯\_(ツ)_/¯

You guys made a reference to it being compromised, I would like to run a encrypted mail server protocol and lava bit seemed like a good option.
And if you guys think it’s good, could you do a video on it, or if you have any suggestions for other protocols to take a look at and any advice with mail servers.
I’m down to putting together any step by steps I take. Your other video on mail servers was with cpanel and not through directly installing it through the command line.

I’m not part of the L1team, but pretty sure Lavabit was compelled to hand over all data to USGOV after Snowdon?
I may be mis-remembering, but I think they had master keys to the encrypted data, and tried obscuring them when handing the keys to the gov, by printing them in large font on Un numbered sheets of paper.
Perhaps Proton mail might be a better source of info?

The guy who ran Lavabit went on to another project, the name of which escapes me, but might be something like Dark Circle?

As for hosting your own mail, I would say avoid it, unless you can commit to dedicated hardware with solid connection for several years straight?

[edit:some spelling]

Your own server in 2020 … if you have to ask or watch how to do this I would politely suggest that this is not an option for you as an everyday option. Unless only for the test and study, then absolutely. But leave normal e-mail on some commercial server because you will only make yourself a big mess in communication.

There is no point in falling into paranoia, no server is 100% secure forever, even those large solutions where there is 24/7 NOC.

Encrypt your messages with gpg and get other people to do so.
You are worried about tracking your connections to the server … VPN or TOR.

Don’t leave unencrypted messages on the server if you are concerned about what will happen in the future.

Nowadays, mail servers usually communicate with each other and with the user in an encrypted form. So avoiding a leak here is avoidable. The problem is when the mail goes to the servers and is not encrypted there.

Email communication is less private than many people believe. For this, encryption per message. but for 20 years I have not been able to convince most of people to do so, which results in the fact that encryption is usually not used. :frowning:

Of course, the topic is wide and you could also discuss dkim, spf, dmarc but …

I have no convictions for LB and Ladar Levison himself. I do not have proofs, but somewhere in the back of my head, I am convinced that in 2017 he returned after shaking hands with people from three letters. Maybe look at Proton …