We know that Google reads emails that you receive to display advertisement on Gmail, and that other mail providers may be doing the same. With new information about Prism still hitting the news on a daily basis, it may be important for Internet users to find alternatives to services by companies that allegedly have aided the NSA.
Some alternatives may even provide you with better overall security. If you look at what Edward Snowden used for example, the whistleblower who leaked information about Prism, then you will find out that he apparently used Lavabit as his email provider for one of his accounts.
You have probably never heard about Lavabit before, as it is a rather small provider with just over 350,000 users in total. What sets is apart though is its focus on privacy and security that you may not find elsewhere easily.
The service offers free and paid accounts. What is interesting here is that there are two free accounts available, basic and personal, that differ in regards to available storage, the message size limit, and whether advertisement is displayed to the user or not. The basic account provides you with 128 Megabyte of storage, but does not come with ads at all, while the personal account offers 1 Gigabyte of storage and advertisement.
The paid accounts increase storage, the incoming and outgoing message limit per day, message size limit, and add a couple of extra privacy and security features to the account including fully encrypted email storage on the company servers.
The most expensive account for individuals is the premium account. It gets you 8 Gigabytes of storage, all features, an increased incoming and outgoing message limit, and more, for $16 a year.
Security and privacy features
Lets take a look at the security and privacy features that Lavabit offers:
- Transport Layer Encryption via SSL
- Secure Mail Storage via asymmetric encryption so that emails, once on the server, can only be read with the user's password. This means that no one can access them, and that they cannot be handed over either.
- ClamAV integration
- Domainkeys support to prevent domain impersonation.
- Sender Policy Framework (SPF) to verify that messages have been verified from a server that is authorized to relay messages for a domain.
- Greylisting and blacklisting support.
Setting up an account
Once you have set up an account, free or paid, you can add the new email address to one of your email clients. If you are using a local client, you can use Pop3 or IMAP to do so. Lavabit offers a web interface as well which you can make use of to retrieve emails.
In Thunderbird, you do the following:
- Select Tools > Account Settings.
- Click on Account Actions and select Add Mail Account.
- Enter your name, the email address in the form [email protected] and the password that you have selected during signup.
- Thunderbird will retrieve the incoming and outgoing server information automatically, so that you only have to pick Pop3 or IMAP to set up the account.
The web interface is very basic in comparison to Gmail or Outlook, but it is sufficient to read and compose email messages, and that is what it is all about in the end.
If you have selected one of the free accounts, you can upgrade it to one of the available paid accounts in the preferences on the official website.
The free accounts do not support the encryption of email storage on the server. While you do get a couple of other interesting features, it is full encryption that sets this service apart from Gmail and other popular email services. This means that you may want to pay $8 or $16 per year to take advantage of that feature.
Lavabit has shut down. The owner and operator of the service notes on the main site that he had to decide to "become complicit in crimes against the American people or walk away from nearly ten years of hard work". Unfortunately, he is not allowed to share why the service is shut down but states that he will fight whatever he is facing in court.