Lavaboom


#1

Has anyone begun using the new Lavaboom encrypted email service yet? I just got my login info and initiated the account. Looking to see how this compares to Protonmail.ch. I know that lavaboom is PGP based encryption, so I am looking forward to seeing how this all works.

If anyone else has an account and wants to test it out, let me know. I am still reading up more on it, but it seems to be a very simple to use service. Nice interface. Would like to get the opinion of some of the more tech astute individuals.

PM me for my address if anyone has the service and wants to try it out. I am assuming that it will work with any PGP…will have to try emailing myself a few times.

mail.lavaboom.com


#2

If it uses PGP does that mean you can send emails to normal clients that have PGP?


#3

I am trying to test that out now. For some reason when I try and send my private key, it has an error uploading it. Trying to work through it. But that should be the case as I have the option to send my public key out, just isn’t working right now for some reason.

(keep in mind that I am very much interested in encryption, but I am still learning the ins and outs of it)

Edit: when I try and send my public key. NEVER send your private key.


#4

I tried sending to my regular email address which I have a PGP key in the mail client and it doesn’t seem to like to play nice…so far. I just need to familiarize myself better with the software.

Edit: it is not allowing me to import my previous PGP keys. When I enter my passphrase to decrypt, it won’t decrypt. This may just be a lavaboom to lavaboom service, but I am hoping that is not the case.


#5

Odd because either it’s PGP or it’s not.


#6

That is what I am trying to figure out. This is an early release, so this may be the issue. ( i am not a cryptography expert by any means, so pardon my ignorance while working through this)

I tried to send my public key to my personal address and it wouldn’t upload. If I tried to send it to my lavaboom address, it went through. Not sure what the deal with that is.


#7

No need to be pardoned. :wink:

Do you have a link or is this by invite only atm? I’ll check it out but my point was that if they are using pgp to provide their service then your keys should obviously work.


#8

This is what I figured, but then again, I may be doing something wrong. But I am bound and determined to work through this.

Go to mail.lavaboom.com and sign up for an invite. I got mine not long after signing up (day or two).

I am wondering if the import keys option is just for the transition from lavaboom.eu to mail.lavaboom.com. That function might not be ready to import already generated keys that we may already have.


#10

I am not a fan of the email services which promise to make encryption convenient. From Lavaboom TOS:

“No email provider is ‘NSA-proof’. While a zero-knowledge system has its benefits, please do not use our service if you believe that you are an NSA target, or could become one in the future. Lavaboom is suitable for combatting dragnet surveillance, corporate profiling and pesky hackers. Our security is better than Gmail, but you should not put your life in the hands of any email provider. We encourage members of the press to get in touch and learn more about encryption.”

I think you would be better off using SIGAINT on Tor and encrypting your email with a 4096 bit RSA key.


#11

Encryption is useless if you can’t upload an encrypted file to a public server and expect it to be cracked. Also those e-mail server I really don’t trust them with my private keys If I want something private the keys stay on my machine period no exception. And PGP is fairly good at encryption if you protect your private keys.


#12

Probably but then again I do not believe that the information I encrypt is vital enough or informative enough for the NSA to waste resources on it. I usually travel and pay in cash whenever I purchase plutonium, plan a terrorist attack or sell firearms or drugs for that reason.

Other stuff which I don’t want to find in the hands of little script kids, malicious hobby hackers and so on are protected well enough.

But yes, when it comes to the hardcore stuff travelling still rules over email.


#13

I think you misunderstood my point. I trust no one with my private PGP key. I encrypt and decrypt messages locally.


#14

I have to agree there. I wouldn’t upload private keys to any online provider. Doesn’t make sense.