Lavabit now stores the key in a
tamper-resistant device. The service
automatically generates a long
passphrase that the company won't be
able to see, inserts the key into
the device and then destroys the
passphrase. A developer for the
company told The Intercept
that "Once it's in there, we cannot
pull that SSL key back out."
At the moment, the service is
only open to previous users who were
suddenly locked out of their
accounts due to its sudden death.
They likely won't be able to
retrieve their old emails anymore,
but they can now continue using
their Lavabit account. The company
will eventually start accepting new
users, though, and they'll be able
to choose between three modes:
Trustful, Cautious and Paranoid.
The least secure option encrypts
emails on the company's server,
while Cautious will offer end-to-end
encryption. Those who prefer the
latter will have to install the
client software on their devices to
be able to generate an encryption
key. But since Cautious still stores
the key in the company's server and
that might not be enough for some
people, the service came up with
Paranoid mode. It stores the key on
the users' devices instead, and
people will have to manually
transfer it if they want to use
another device. Plus, if they lose
the key, it's gone for good.
In addition to three security
tiers, the new Lavabit has a feature
called Dark Mail to encrypt every
email's metadata. It also prevents
the sender's ISP from knowing the
email's recipient and the
recipient's ISP from knowing the
sender's. The company didn't say
when it will start welcoming new
sign ups, but you can pre-register
for an account right now on
Lavabit's website.