14 DAY TRIAL // Lavabit owner Ladar Levison and convicted hacker Stephen Watt have started to work together on a project called Dark Mail that is intended to encrypt the “To” and “From” information during email exchange.
Currently, sending and receiving encrypted messages prevent access to the text, but most of the time, the “To” and “From” fields, along with the subject line, which are part of the metadata, can be viewed without restriction.
Lavabit operated in the encrypted email business and was shut down by its owner, who refused to provide the NSA with the encryption keys for the service.
According to Wired, Stephen Watt was sentenced to two years of jail time after writing a packet sniffing program that was used by a friend of his to conduct a huge cyber fraud operation which amounted to millions of dollars in losses.
The duo have now joined forces to create an email client, a server software and a protocol that would hide metadata information during the message exchange.
Services that offer this feature require both the sender and the recipient to use their server in order to be able to protect this information. However, the Dark Mail project aims at providing this sort of protection regardless of the email service used, by replacing the protocols used for sending and receiving email.
Wired says that Levison and Watt’s Dark Mail works in a way that resembles the TOR anonymity network, which relies on encrypted connections bouncing to multiple servers maintained by volunteers.
However, in the case of the new project, there are only two servers, one for the sender and the other for the receiver, none of them being able to identify the other.
Basically, the sender’s machine knows only the domain of the recipient, not its identity. Alternatively, the recipient’s server cannot identify the sender; it just decrypts the “To” field in order to deliver the message to the right account.
“If they [NSA] can follow the flow of every packet on the internet, they may be able to track where every packet is headed,” Levison told Wired. “But I’m making it so that becomes incredibly difficult, and it’s been minimized down to the domain level,” he added.
The project still has some limitations at the moment, but the developers are working on eliminating the glitches. The protocol and the standard are the responsibility of Levison, while the code development falls on Watt's shoulders.