Credit: Ladar Levison
LAS VEGAS — If you're looking for surveillance-resistant email service, you don't have a lot of options. If you want something to be both secure and easy to use, those options shrink to just about zero. But an upcoming service called DIME (formerly Dark Mail) hopes to change that.
Creator Ladar Levison, who previously ran the now-closed Lavabit email service, has two main goals for DIME. It needs to be so secure that not even DIME's administrators, much less spies or criminals, can read messages sent and received by its clients. And its encryption should be as easy to use as it is strong. As any security expert will tell you, neither goal is easy to achieve.
DIME, short for Dark Internet Mail Environment, is aiming for a release later this year, but Levison and co-creator Stephen Watt gave an overview of the service's cryptography and other security measures at the DEF CON security conference in Las Vegas this past Friday (August 8).
"We need to make it auto-magical," Levison says of DIME's ease-of-use.
He thinks DIME users shouldn't have to be cryptographers or programmers to securely use the service.
Levison has a vested interest in creating an email service whose operators can't read messages sent through it. Exactly one year to the day before his DEF CON talk, Levison shut down Lavabit over pressure from the FBI to hand over the encryption keys that would give them access to every single account on the service.
The FBI was seeking information on a single Lavabit user, speculated to be NSA leaker Edward Snowden, and because of the way Lavabit was set up, Levison couldn't give them what they wanted without compromising all his customers.
"It's become clear that if they can find the tiniest of openings, they'll go in and take everything," Levison told the DEF CON crowd.
The situation inspired Levison to create a new email service that would be so secure that, if the government ever came calling again, he would simply have nothing to give them. Last October, Levison announced Dark Mail. At DEF CON, he changed the name to DIME.
Lavabit's code is the starting point for DIME's, but the development team has added a lot to it. The DIME client, called Volcano, is a fork of Thunderbird, an open-source email client developed by Mozilla alongside Firefox. Levison said he aims to have DIME available by the end of the year, but stressed that was a tentative goal. He did not discuss pricing with regard to the service.
Watt's demonstration of Volcano at DEF CON showed a fairly straightforward-looking email client, if a bit starker than what Webmail users are used to seeing. If a DIME user emails a non-DIME user, a small popup box will appear warning users that their emails will not be as secure as if two DIME users were communicating.
How does it work?
DIME will have three different user modes: Trustful, Cautious and Paranoid.
"I only consider [Cautious and Paranoid] to be secure, because they do their encryption on the user's device," Levison said at the HOPE X security conference in New York City last month.
Cautious and Paranoid modes encrypt users' email messages on their own devices, where the encryption keys stay -- DIME's operators never have them.
One challenge of encrypted email is that managing encryption keys can be difficult, prohibitively so for the not-technically-inclined. DIME deals with this is by creating Signets, user profiles-slash-key managers, named after signet rings used to seal letters by making unique marks in sealing wax.
Levison says Signets operates similarly to the public-key system of the well-known email encryption protocol PGP. DIME users can reveal their Signets to those with whom they wish to communicate. Signets also contain a unique cryptographic signature used to ensure a message's authenticity.
In some ways DIME will work like Tor, the networking protocol that anonymizes Web traffic. When data packets move through the Tor network, the packets' headers (addressing information such as sender, recipient, etc.) are partially encrypted, so that no one relay knows everything about the packet's origin and destination.
Email sent through DIME will take a similarly segmented route, so that only the recipient and sender will be able to see the full contents of each email's headers.
But for all its complicated encryption strategies, DIME still relies on the most basic of security tenets: a strong password.
"If your password is 'password,' nothing I do will save you," Levison told the DEF CON audience, prompting laughter from the crowd.
- Best Antivirus Software 2014
- Pwnie Awards Celebrate Security Wins and Epic Fails
- 9 Tips to Stay Safe on Public Wi-Fi
Jill Scharr is a staff writer for Tom's Guide, where she regularly covers security, 3D printing and video games. You can follow Jill on Twitter @JillScharr and on Google+. Follow us @tomsguide, on Facebook and on Google+.