About this project
There is an audible pause in our analog lives; a preverbal squelch on the digital line that defines the very privacy everyone expects, but is rarely guaranteed.
That audible pause, that digital squelch carries with it a subtle promise that someone is reading, or listening, or cataloging and (ab)using every footprint we each press into the digital landscape. No one can guarantee that a third-party is or is not eavesdropping on a series of communications, but Dark Mail can guarantee that when a third-party does gain access, or demands access, the privacy users rightfully deserve is maintained without fail.
Along with preserving existing functionality, the team will build in support for the Dark Mail protocol. Dark Mail, a newly developed messaging protocol, is designed to provide end-to-end encryption of both the message itself and the email in transit. Because encryption will be integrated into the protocol itself, it will be invisible to the user. Dark Mail users will get the security of PGP without the cognitive burden; if someone can use email today they will be able to use Dark Mail tomorrow.
The project will also include building, and releasing as F/OSS, the first Dark Mail compatible clients. We are planning to launch with clients for the desktop (Win, Mac, Lin), smartphones and tablets (iOS, Android).
Provide the funding and you'll get access to the source code and binaries before the general public. Be one of the first service providers to support the new Dark Mail protocol!
Risks and challenges
The challenge will be finding talented programmers to work on and support the project. The more funds we have available, the easier it will be to attract top tier talent!
I’m looking into the logistics of providing stickers to everyone who backed the project at $25 and higher. I’m also considering the addition of t-shirts for the $100 backers. While I can’t offer email accounts yet, at least officially, I’m planning to give all of the kick start backers at $25 and up a free account on lavabit.com when it starts offering mail services again. Since the return of lavabit.com as a service provider isn’t guaranteed, I can’t offer this reward officially. I’m also talking to a potential dark mail service provider about including accounts on their system for Kick Start backers but the deal hasn’t been finalized yet.
To make the code usable, the Lavabit specific logic will need to be removed, or generalized into logic that is controlled via a configuration file. The installation, management and maintenance processes will need to be documented. Once the code has been released someone will need to review patches submitted by the community for quality and then incorporate the best submissions into the official codebase. Finally, the goal of this Kick Starter project is to add support for the new dark mail protocol into the code before it’s released. All of the work above is simply too much for me to complete alone, at least in a reasonable amount of time. That’s why I’m fundraising. With the money raised here I’ll be able to hire 2-4 programmers and finish the goals I just outlined. Once the code is released Lavabit will need to survive by selling support and consulting services.
What programming language(s) does the Lavabit code employ, and how many lines of code are there currently?
I’m planning to release the Lavabit server code under the GPL and the client code under the LGPL. Note these are preliminary plans and could change.
If Lavabit is going to release the reference implementation for dark mail, what happens if Lavabit goes out of business?
This Kick Starter project will only provide enough money to get the project released. After that Lavabit will need to support itself through support contracts and consulting services. If the company doesn’t survive then the copyright for the code will automatically be transferred to the Dark Mail Alliance. This strategy takes inspiration from Netscape which transferred the copyright for their browser code to the Mozilla foundation.
A few people have complained about the negative connotations of the word “dark” for a project that is generally altruistic. Since none of core members can think of a better name were considering a crowd sourced competition to pick the replacement. The name competition is still in the planning stages, but it has been suggested that the contest could happen as early as December.
The primary platform is RHEL/CentOS v6, although I’ve managed to compile the magma code on Fedora and Debian in the past. How many platforms we support when the code is released will depend on available resources. Priority will be given to platforms requested by the “sunrise” partners.
A server with dual PIII’s running at 1.3 ghz and 4GB of RAM could handle around 1,800 simultaneous users. The development tree uses a more efficient threading model so I’m expecting it to perform even better.
The current code includes support for Paypal’s PayFlowPro. What payment gateways are supported down the road is still up for debate. It’s likely we’ll either add support for other gateways, or remove payment logic altogether. Likewise whether the registration web application is generalized or removed entirely is still up for debate.
To ensure what’s released is actually usable by the community. I’d also like to ensure that the server code includes dark mail support. Of course any Dark Mail Alliance partners helping with the development effort (like Silent Circle) will get access to the source code early along with the “sunrise” partners who back this Kick Starter campaign with $10,000 or more.
I’ve decided the Lavabit email service should remain offline while its court case is adjudicated. If my legal team is victorious the Lavabit service will reopen in the United States. If the case is lost I’m hoping to spinoff the service provider business and let someone else run it abroad. Regardless of what the courts Lavabit will continue developing, releasing and supporting the server and client reference implementations.
Most dark mail providers will support sending messages out over SMTP if someone enters a recipient who isn’t using a dark mail domain. Naked messages would be protected by SSL and nothing else. This could trigger a fresh demand for the Lavabit SSL key. If Lavabit did return before the court case is settled it would have to be as a dark mail only provider. I think this possibility is unlikely, but not completely impossible.
196,608 translates into binary as 110000000000000000...
Support this project
- (23 days)