Ask HN: What to watch out for when building a service like Lavabit?

4 points

13 years ago

I have been following the unfortunate events that happened to Lavabit, and I think the service shouldn't have gone down that way. These days I'm setting up my own mail server, and it would be nice to throw in some good encryption too. If I can offer the same thing for others, maybe that will make a good service for those who want a secure mail box but don't want to take care of a mail server. Come to think of it, it's pretty much what Lavabit did.

From what I understand, Lavabit ran into problems because they wanted to fight some fight with the US government. In the service that I'm planning to build, I will just give up whatever information a legal entity wants when they ask for it in a legal way. The idea is, if your emails are all encrypted, you should have no problem with me giving people encrypted copies.

The above doesn't sound very smart, so I figure others should have thought of it already, so I must be missing out on something. What should I be afraid of?

PS: I don't want to be exposed yet, so wanted to use a throwaway account, but a new account would need to wait a while (I'm not sure how long) before it can submit. Guessing that there is nothing bad in just discussing this, I'm going ahead and submit it under my real account.

3 comments