Bitcoin Forum

My Fellow Users,

I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision. I cannot. I feel you deserve to know what’s going on--the first amendment is supposed to guarantee me the freedom to speak out in situations like this. Unfortunately, Congress has passed laws that say otherwise. As things currently stand, I cannot share my experiences over the last six weeks, even though I have twice made the appropriate requests.

What’s going to happen now? We’ve already started preparing the paperwork needed to continue to fight for the Constitution in the Fourth Circuit Court of Appeals. A favorable decision would allow me resurrect Lavabit as an American company.

This experience has taught me one very important lesson: without congressional action or a strong judicial precedent, I would _strongly_ recommend against anyone trusting their private data to a company with physical ties to the United States.

Sincerely,
Ladar Levison
Owner and Operator, Lavabit LLC

Defending the constitution is expensive! Help us by donating to the Lavabit Legal Defense Fund here (https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=7BCR4A5W9PNN4).

Does anybody know a good alternative for Lavabit?

I'd like a free (or cheap Bitcoin-paid  8) ) e-mail service which is
* reliable (running for at least a couple of years with very little downtime)
* has reasonable support
* is dedicated to privacy
* has no ties to the United States
* is preferably operated by people who are part of geek / free software / crypto culture
* has preferably only a low level of advertisement annoyance

Does anybody know a good alternative for Lavabit?

I'd like a free (or cheap Bitcoin-paid  8) ) e-mail service which is
* reliable (running for at least a couple of years with very little downtime)
* has reasonable support
* is dedicated to privacy
* has no ties to the United States
* is preferably operated by people who are part of geek / free software / crypto culture
* has preferably only a low level of advertisement annoyance

Does anybody know a good alternative for Lavabit?

I'd like a free (or cheap Bitcoin-paid  8) ) e-mail service which is
* reliable (running for at least a couple of years with very little downtime)
* has reasonable support
* is dedicated to privacy
* has no ties to the United States
* is preferably operated by people who are part of geek / free software / crypto culture
* has preferably only a low level of advertisement annoyance

You can use Chinese/Russian email services. Like qqmail and mail.ru

And Tormail taken down too:
http://www.wired.com/threatlevel/2013/08/freedom-hosting/
This is becoming crazy.

A minority of commenters were more supportive. “Holy shit, you guys are crying over your Steam accounts,” wrote one. “Just change your email to something else. Lavabit either had to roll over for the government, compromising our privacy, or shut down service. Be happy Ladar shut it down instead of rolling over.”

And Tormail taken down too:
http://www.wired.com/threatlevel/2013/08/freedom-hosting/
This is becoming crazy.

So the government went after a hosting service that hosts child porn? Oh no!

LOL, thats all i got to say.

Freedom Hosting has long been notorious for allowing child porn to live on its servers. In 2011, the hactivist collective Anonymous singled out Freedom Hosting for denial-of-service attacks after allegedly finding the firm hosted 95 percent of the child porn hidden services on the Tor network

That's from the article you posted.

Think it out.  What does this actually mean?  That Tor actually is effective in hiding the identity of the surfers?  Seems like otherwise, they would have wanted the site left open as a honeypot.

There's a story here, and it's not just a shrug and a laugh and....

So the government went after a hosting service that hosts child porn? Oh no!

Ah one of those "I have nothing to hide".
Ive heard of your kind, you guys are very dangerous.

The closest I'd be able to get to a site that meets your requirements is magnesium.net, which probably fits most of your requirements.  Unfortunately, I can't really recommend it because it hasn't really been reliable lately.  Most of the time it's up, but there are occasions when it's down for weeks at a time, so reliable it isn't.  

If you can afford it, the easiest way to get something like this is to host your own website, then you can have an email address that you control more than you would otherwise since it's hosted on your own domain.  I'm going to buy my own hosting eventually and would be happy to sell you an email address through it if you like, but I'm not planning on setting it up for a while so that doesn't really help you now.

Edited to add: Actually, I would be remiss if I didn't mention Hushmail  (http://www.hushmail.com/)here.  They're based in Canada and I think they meet all your requirements: PGP based email, good support, no advertisements.  I don't know how reliable they are, but I've heard good things about them, so that's what I'd go for if I were you.

You can use Chinese/Russian email services. Like qqmail and mail.ru

I don't have any child porn to hide. I use torbrower for other things.

or just use bitmessage with pgp. :D

However, developments in November 2007 led to doubts among security-conscious users about Hushmail's security and concern over a backdoor. Hushmail has turned over cleartext copies of private e-mail messages associated with several addresses at the request of law enforcement agencies under a Mutual Legal Assistance Treaty with the United States.

A word on hushmail:

https://en.wikipedia.org/wiki/Hushmail

There is still Riseup:
https://www.riseup.net/de/riseup-and-government-faq
Although they are US based they keep on fighting.

Bitmessage has several potential security issues including a broken proof of work function and potential private key leaks.

 Full details:
 http://secupost.net/*RefNumber/bitmessage-security

Mr "Robert White" was behind the "attack" (message from secupost.net and Bitmessage):
-- -- --
This message is also available at http://secupost.net

Alright, the messages sent out a few days ago are starting to expire now. It's time for everyone to learn what the purpose of secupost.net is.

As many of you guessed, this is indeed a Bitmessage address to IP address mapper. Yes, the only thing that webserver would send was a 500 message.

It did alright too, gathering nearly 500 bitmessage users information after sending 15000 messages. Double what I expected.

I've included both a log of each address detected and the first thing to hit it including IP, reverse DNS and useragent as well as raw logs for every valid request. If you need to confirm this signature so you can verify messages from me when bitmessage is down, please see the bitmessage general chan for a copy from my bitmessage address.

So, future lessons:
- - - Yes, all bitmessage addresses are public and can be read from your messages.dat file using a small script.
- - - Don't click links. Even if it looks like a security-related site and uses some technical terms. I am not a nice person, I will publish any information I can gather about you and I don't care if you get lit on fire by terrorists because of it.
- - - Bitmessage does _not_ scale. It took me around 3.5 hours to send ~15k messages but it took the bitmessage network over 18 hours to fully propogate them.

Some of you were smart enough to use tor or VPN providers, but many of these are direct home or server IPs. The information below is more than enough for any government to come after you or any script kiddie to DDoS you. Be more careful next time.

Some of you tried to use scripts to claim addresses which weren't yours and skew the data, of course, you didn't even change your user-agent.

Even without accouting for that your attacks were ineffective because the IDs were generated in a non-linear fashion using a cropped HMAC-SHA256. To find your id:

def gen_mac(addr):
mac = hmac.new("fuck you", addr, hashlib.sha256).digest()
return unpack('>I', mac[0:4])[0]

This simple deterministic method means that you would have had to try... (2^32/15000)/2 = 143165 times on average just to get a single collision. Thanks for playing, but no luck this time.

This service has been operated completely anonymously thanks to Tor and Bitcoin. I hope you enjoy the result.

Robert White (BM-2D8yr4fzoMzwndqPwLMVyzUcdfK9LWZXjY)