NSA-dodging services launch Dark Mail Kickstarter to create truly secure email

The makers of Lavabit and Secure Circle want to drag email into tomorrow via their Dark Mail Kickstarter campaign.

Two encrypted communication service providers are turning to you for help in building the next-generation of secure email services. Lavabit founder Ladar Levison and Silent Circle recently began a Kickstarter initiative to help fund the development and roll out of the first Dark Mail clients.

"The Summer of Snowden may have taken the Lavabit email service offline," the project's Kickstarter page says, referring to National Security Agency leaker Edward Snowden, "But the lifeblood of the service is still alive and relevant to Dark Mail."

Dark Mail is a newly proposed email protocol from Levison and Silent Circle that promises to encrypt not only the body of messages, as is the norm with today's email encryption, but also protect the "header" metadata accompanying every message, such as the subject line, sender, recipient, and so on.

The plan is to turn Dark Mail into an open source protocol so that any email provider or client app maker can make their services Dark Mail compatible.

Mucking with metadata

Metadata is one of the big weakpoints of secure email communciations , since you cannot hide it from a third-party observing Internet traffic--a fact highlighted this summer when leaks about the National Security Agency's surveillance activities started coming to light.

Lavabit and Silent Circle were not directly affected by the NSA Snowden revelations, but both companies are familiar with the legal issues surrounding U.S. government surveillance.

Lavabit shut down in August in protest after a court order compelled Levison to hand over the service's SSL encryption keys to U.S. law enforcement. Shortly thereafter, Silent Circle decided to shutter its email service rather than face legal challenges similar to Lavabit's. (Silent Circle continues to provide other privacy services such as encrypted voice calls and text messaging.)

The core Dark Mail ideal is that even if law enforcement forced a service provider to hand over its users' communications, all the company could hand over would be unintelligible junk. Like other encryption schemes, only the recipient with the proper decryption keys would be able to read the message.

Making encryption easy

Levison and Silent Circle also hope that open-sourcing the Dark Mail protocol would encourage software providers to build Dark Mail capabilities into email clients, and that in turn will make using encrypted communication as seamless as using Gmail or Outlook.com is now. Current efforts to encrypt the body of email messages requires at least a modicum of technical knowledge and a willingness to troubleshoot potential set-up problems.

The Dark Mail Kickstarter campaign hopes to raise $196,608 to clean up the Lavabit secure webmail source code and build in the Dark Mail protocol. The campaign would also fund development of the first Dark Mail clients for numerous platforms, including Windows, OS X, Linux, iOS, and Android. Pledges for the campaign start at $25, which will give you access to the project's official binary package for the apps and the Lavabit webmail code.

Pledges of $1,000 and up also give you access to the binaries in addition to technical assistance and a limited edition polo shirt. So far, the campaign has raised just over $16,000, mostly from $25 and $100 contributions. At this writing one backer has ponied up for the $1,000 contribution while no one has yet gone for the $5,000 and $10,000 donor levels.

Join the CSO newsletter!

Error: Please check your email address.

Tags National Security AgencysecurityKickstarterLavabitWeb & communication softwareencryptionprivacyemailSilent Circle

More about LinuxNational Security AgencyNSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ian Paul

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts