Bitcoin users care a lot about privacy, particularly financial privacy. While the anonymity that Bitcoin offers can be used for illegal activities, everyone has a right to privacy, a right that has been flagrantly violated by the U.S. National Security Agency (NSA), Britain’s Government Communications Headquarters (GCHQ), and others. Email is one of the number one forms of communication on the Internet. However, many government intelligence agencies are known to intercept emails, and secure services like Lavabit have been forced to shut down. Fortunately, a new Germany-based service called Lavaboom wants to replace Lavabit and offer truly secure email to the masses. Lavaboom will have a free tier as well as a paid plan that accepts Bitcoin.
Security and Convenience
The more secure a system is, the less convenient it can be to use. For instance, desktop Bitcoin wallets are inherently more secure than online wallets, but tend to be less convenient. Lavaboom (sometimes stylised as “LavaBoom” and “Lavaboom.”) tries to strike a perfect balance between these two by providing sleek, easy-to-use interfaces with impressive security. Recently, I had the pleasure of talking to Lavaboom founder Felix Müller-Irion (who is apparently a Pulp Fiction fan judging from the image above), and one of the main topics discussed was security and convenience.
NS: People want security, but they also want convenience. Would you say that LavaBoom makes it easy for the average email user to have truly secure email? Or is there a lot of learning involved with the key pairs, three factor authentication, etc.?
FM: Okay, so there is an obvious problem with Email as a communication tool. It is by default as secure as a postcard. And even though you can encrypt your content you cannot encrypt certain meta data. However, there is not a steep learning curve to use our system. We encourage each user to adhere to our Best Practices for email communications though, which we will publish in a week. And as two-factor auth is pretty wide spread especially given the widespread use of mTans for your banking needs, we do not expect it to be too difficult for users to adhere to a three-factor authentication.
“[Email] is by default as secure as a postcard.”
NS: What devices will LavaBoom initially support, and are there plans to support other devices after the initial launch?
NS: Can LavaBoom users only email other LavaBoom users? Or can they also email users of other services like Gmail?
FM: Yes, of course you’ll be able to write an email to other people. However if you include one or more persons in your to-sender list who do not support encryption or you might not be in possession of their public keys our Webapp will make sure that you intend to send this email unencrypted. We offer only PGP-Encryption and we do not accept keys under 2048 bit length and by default all of our users will get a 4096 bit private key in SHA with salt. We are looking into the possibility of including such protocols as bit message or cryptcat in order to make communications within the servers of Lavaboom. more secure. Those are mere future voices as of now though. They might be included once we go into full launch.
“If you include one or more persons in your to-sender list who do not support encryption or you might not be in possession of their public keys our Webapp will make sure that you intend to send this email unencrypted.”
NS: You realise that intelligence agencies like the NSA and GCHQ will be probably be targeting your service, right? Do you have any plans on preventing such agencies from compromising users’ privacy?
FM: Of course, Neil. But you realize that I cannot seriously discuss any specifics regarding our security system with you or the public. Our plans include to educate the public though and make them a little more aware of the options they have in terms of encryption and secure communications.
Pricing and Availability
At the moment, Lavaboom isn’t available to the public, but you can sign up to be notified of beta access.
“We are currently in Alpha, two weeks then we hit a private beta round and then about another 4-6 weeks and we go public beta. That’s the time frame we’re currently working on.”
Lavaboom will offer a free plan as well as a paid subscription that accepts PayPal, Bitcoin, and cash.
NS: A free tier and just 8 EUR a month for the Premium tier seems pretty cheap. How do you keep costs low?
FM: Well we’ve looked at competitors, and even though we cannot enclose any of our sources in regards t why we are pricing it this way, let’s say it is a decent pricing model. We try to keep costs low by initially using the API provided by mega.co.nz and using their server infrastructure to ensure a real e2e encryption of your emails. Of course in the long term we want to develop our own infrastructure, but why not use something that is already there first?
NS: Would you possibly accept other forms of payment such as Litecoin in the future? Or will PayPal, Bitcoin, and cash be the only options?
FM: To be quite honest with you I’m not sure for how long we will be able to accept bit coins as the European Central Bank is already looking into the matter of money laundering possibilities through bitcoin. I am not totally leaving this out of the question though, to future endeavors in litecoin, feathercoins or even my personal favorite dogecoins (smiles).
NS: Thanks for your time!
FM: Thanks a lot.
Lavaboom should be launching within the next two months, but if you sign up for beta access now, you’ll get an additional 250MB of storage free forever.