Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Lavaboom builds encrypted webmail service to resist snooping

Lucian Constantin | April 17, 2014
A new webmail service called Lavaboom promises to provide easy-to-use email encryption without ever learning its users' private encryption keys or message contents.

"Key handling is a very sensitive issue," Lavaboom said in a technical FAQ section on its website. "We let you download your keypair during registration. This is to ensure that your key remains in your possession."

Lavaboom's JavaScript code and the user's private key is stored in the browser's cache, which leads to some limitations. For one, this ties the key to a particular browser and makes accessing the account possible only from the device where that browser is installed.

"Never clear your cache from Lavaboom," the email service provider warns on its website. "We do not offer password recovery, since we can't! Once you flush your private key, all your data stays encrypted until you somehow rediscover your private key. We will not provide you with any refunds if you lose your private key."

Because of this implementation, the service is also incompatible with tools like the NoScript security extension for Mozilla Firefox that blocks JavaScript code.

Lavaboom claims that it doesn't know the exact locations of its servers and doesn't have physical access to them, making it more difficult to respond to government requests for data.

"If we should become scrutinized by law enforcement we rely on a severe public outcry, since we are under jurisdiction of the German law and the best privacy laws in the world," the email service provider says on its website. "If we should ever be forced by the BSI or the BND [Germany's information security and foreign intelligence agencies] to give up all our data, rest assured that we do have something in place that will destroy our hard disks in a matter of minutes and turn them into little more than coasters."

 

Previous Page  1  2 

Sign up for CIO Asia eNewsletters.