Ladar Levison — persecuted founder of the now-shuttered private mail service Lavabit, as used by Edward Snowden — has made great progress on his Darkmail project, a joint initiative with Phil "PGP" Zimmerman's also shut-down Silent Circle private email service.
Both companies are working on a federated, encrypted-by-default system that will make mass interception of email much, much harder and more expensive, and they have a technologically plausible mechanism for achieving this.
Conceptually, DIME applies multiple layers of encryption to an e-mail to make sure that the actors at each stage of the e-mail’s journey from sender to receiver can only see the information about the e-mail that they need to see. The e-mail’s author and recipient both know who sent the message and where it was bound, but the author’s e-mail server doesn’t—it can only decrypt the part of the message containing the recipient’s e-mail server. The recipient e-mail server knows the destination server and the recipient, but it doesn’t know the sender. So if you arrange the four steps in a line from left to right—author, origin server, destination server, and recipient—each step in the line is only aware of the identity of the entity directly to its left or right.
Lavabit founder wants to make “dark” e-mail secure by default [Lee Hutchinson/Ars Technica]