Moxie Marlinspike Voices Concerns Over Dark Mail

Ladar Levinson has been making a lot of lofty promises lately, one of which includes bringing a whole new layer of security to encrypted email services nationwide.

Called the “Dark Mail Initiative“, the program is designed to evolve beyond current encryption technologies, instead relying on an entirely new system that will be built from the ground up by him and the research team over at Silent Circle communications.

With sky-high promises comes plenty of ground-level doubts, which is why longtime internet security reporter Moxie Marlinspoke has come forward to voice his doubts about the capabilities of the service as a whole.

“Unlike the design of most secure servers, which are ciphertext in and ciphertext out, this is the inverse: plaintext in and plaintext out,” Marlinspike wrote. “The server stores your password for authentication, uses that same password for an encryption key, and promises not to look at either the incoming plaintext, the password itself, or the outgoing plaintext.”

He goes on to say that the original Lavabit was not as secure as the public had been lead to believe, suggesting that if it was really as impenetrable as Levinson claimed, he wouldn’t have been forced to shut the client down when the feds came knocking on his door to ask for encryption keys in order to gain access in the first place.

lava

Of course, Ladar has told numerous publications he never once read the private information of any of his users, and the evidence of the past several months does enough to back the claim up. This doesn’t abscond the email encryption process entirely however, as just last week an anonymous tipster claimed he had gained access to a similar network by hijacking the traffic over the lines as it traveled from the user to the server and back.

These statements were obviously not an attack on Levinson himself, but rather an attempt to make a broad statement on the inherent flaws in security systems, and potential methods for plugging them before the NSA finds yet another workaround in the future.

“I think we should celebrate and support Ladar for making the hard choice that he did to at least speak out and let his users know they’d been compromised,” he wrote. “However, I think we should simultaneously be extremely critical of the technical choices and false guarantees that put Ladar in that position.”

No matter what email client you eventually choose, it’s clear that the primary threat to any system exists over the networks we depend on to connect to them. That’s why we at VPN Creative suggest services like Express VPN, IPVanish VPN, and Private Internet Access to cover your tracks and keep all but the most valuable data secure and underneath the radar of anyone who might be trying to listen in.

Check out our reviews page and get an honest, upfront opinion on the best options available today!