Home / Markets News & Opinions / Lavaboom Replaces Lavabit to Offer Truly Secure Email

Lavaboom Replaces Lavabit to Offer Truly Secure Email

Last Updated
Neil Sardesai
Last Updated

Bitcoin users care a lot about privacy, particularly financial privacy. While the anonymity that Bitcoin offers can be used for illegal activities, everyone has a right to privacy , a right that has been flagrantly violated  by the U.S. National Security Agency (NSA), Britain’s Government Communications Headquarters (GCHQ), and others. Email is one of the number one forms of communication on the Internet. However, many government intelligence agencies are known to intercept emails, and secure services like Lavabit  have been forced to shut down. Fortunately, a new Germany-based service called Lavaboom  wants to replace Lavabit and offer truly secure email to the masses. Lavaboom will have a free tier as well as a paid plan that accepts Bitcoin.

a laptop computer sitting on top of a table
Sneak peak of the Lavaboom interface

Security and Convenience

The more secure a system is, the less convenient it can be to use. For instance, desktop Bitcoin wallets are inherently more secure than online wallets, but tend to be less convenient. Lavaboom (sometimes stylised as “LavaBoom” and “Lavaboom.”) tries to strike a perfect balance between these two by providing sleek, easy-to-use interfaces with impressive security. Recently, I had the pleasure of talking to Lavaboom founder Felix Müller-Irion (who is apparently a Pulp Fiction  fan judging from the image above), and one of the main topics discussed was security and convenience.

NS: People want security, but they also want convenience. Would you say that LavaBoom makes it easy for the average email user to have truly secure email? Or is there a lot of learning involved with the key pairs, three factor authentication, etc.?

FM: Okay, so there is an obvious problem with Email as a communication tool. It is by default as secure as a postcard. And even though you can encrypt your content you cannot encrypt certain meta data. However, there is not a steep learning curve to use our system. We encourage each user to adhere to our Best Practices for email communications though, which we will publish in a week. And as two-factor auth is pretty wide spread especially given the widespread use of mTans for your banking needs, we do not expect it to be too difficult for users to adhere to a three-factor authentication.

“[Email] is by default as secure as a postcard.”

NS: What devices will LavaBoom initially support, and are there plans to support other devices after the initial launch?

FM: Initially we will only support browsers with JavaScript enabled. We are testing our system out on multiple devices using different browsers. However be aware that once you’ve chosen the computer and the browser you cannot switch between those. We store your private key in your browser giving you the best option for secure emails you can currently get. The public key we use on our servers and the Javascript Email Client to encrypt your Email once it leaves your computer again. And if you should not be logged in we automatically encrypt email that is delivered to you via your public key stored on our servers. We are certainly looking into developing a possibility to use multiple devices such as mobile phones and crypto phones, however let’s see what the darkmail-protocol will bring to the table in that regard.

a screen shot of a cell phone description page
“We are certainly looking into developing a possibility to use multiple devices such as mobile phones and crypto phones.”

NS: Can LavaBoom users only email other LavaBoom users? Or can they also email users of other services like Gmail?

FM: Yes, of course you’ll be able to write an email to other people. However if you include one or more persons in your to-sender list who do not support encryption or you might not be in possession of their public keys our Webapp will make sure that you intend to send this email unencrypted. We offer only PGP-Encryption  and we do not accept keys under 2048 bit length and by default all of our users will get a 4096 bit private key in SHA with salt. We are looking into the possibility of including such protocols as bit message or cryptcat  in order to make communications within the servers of Lavaboom. more secure. Those are mere future voices as of now though. They might be included once we go into full launch.

“If you include one or more persons in your to-sender list who do not support encryption or you might not be in possession of their public keys our Webapp will make sure that you intend to send this email unencrypted.”

NS: You realise that intelligence agencies like the NSA and GCHQ will be probably be targeting your service, right? Do you have any plans on preventing such agencies from compromising users’ privacy?

an aerial view of a large black building
FT. MEADE, MD – UNDATED: (FILE PHOTO) This undated photo provided by the National Security Agency (NSA) shows its headquarters in Fort Meade, Maryland.
“You realise that intelligence agencies like the NSA and GCHQ will be probably be targeting your service, right?”

FM: Of course, Neil. But you realize that I cannot seriously discuss any specifics regarding our security system with you or the public. Our plans include to educate the public though and make them a little more aware of the options they have in terms of encryption and secure communications.

Pricing and Availability

At the moment, Lavaboom isn’t available to the public, but you can sign up  to be notified of beta access.

“We are currently in Alpha, two weeks then we hit a private beta round and then about another 4-6 weeks and we go public beta. That’s the time frame we’re currently working on.”

-Felix Müller-Irion

Lavaboom will offer a free plan as well as a paid subscription that accepts PayPal, Bitcoin, and cash.

a red and blue pricing sheet with a price tagNS: A free tier and just 8 EUR a month for the Premium tier seems pretty cheap. How do you keep costs low?

FM: Well we’ve looked at competitors, and even though we cannot enclose any of our sources in regards t why we are pricing it this way, let’s say it is a decent pricing model. We try to keep costs low by initially using the API provided by mega.co.nz  and using their server infrastructure to ensure a real e2e encryption of your emails. Of course in the long term we want to develop our own infrastructure, but why not use something that is already there first?

NS: Would you possibly accept other forms of payment such as Litecoin in the future? Or will PayPal, Bitcoin, and cash be the only options?

FM: To be quite honest with you I’m not sure for how long we will be able to accept bit coins as the European Central Bank is already looking into the matter of money laundering possibilities through bitcoin. I am not totally leaving this out of the question though, to future endeavors in litecoin, feathercoins or even my personal favorite dogecoins (smiles).

NS: Thanks for your time!

FM: Thanks a lot.

Lavaboom should be launching within the next two months, but if you sign up  for beta access now, you’ll get an additional 250MB of storage free forever.