Four years ago, Lavabit was caught on the horns of a massive dilemma that would have forced it to release the crucial enc...
Lavabit was founded on the principle that everyone—individuals, organizations and businesses—have an innate right to private, secure communication. We’ve never wavered from that mission.
#action=share
In 2014, the company suspended its service to protect global customers after the US government ordered Lavabit to release its Secure Sockets Layer (SSL) private keys in the wake of the Edward Snowden data release. Citing its philosophy of digital rights, privacy and customer protection the company suspended operations.
The Company went underground and rebuilt email the way it should be—from the ground-up and secure from point A to point B—so this could never happen again. A pioneer in email security with over 15 years in-the-trenches experience, we have intimate knowledge of email standards and encryption technologies, which has kept our technology years ahead of the curve.
Trusted, proven and privacy battle-tested, Lavabit is not your typical start-up. Coming out of stealth-mode, Lavabit is back with the Dark Internet Mail Environment—DIME—a revolutionary new end-to-end encrypted global standard that powers Flow, our new email subscription service, Magma, our encrypted mail server, Volcano our forthcoming email client, and other DIME enabled technologies.
More than 74 trillion messages are transmitted a year by 3.7 billion email users. Virtually every aspect of global communication, commerce and life are mediated by email. Email is at the core of our cyber identities—a role that’s increasingly risky. Like a postcard in the mail, emails expose their data and metadata as they travel—giving attackers easy access to personal information, systems and networks.
As defined by true end-to-end encryption, email security is a complex and elusive problem that no one has solved until now. When the first email protocols were developed in the 1970s, security and privacy were afterthoughts, and encryption technologies were restricted. While ad hoc efforts have attempted to bolt security functionality onto legacy SMTP, POP3 and IMAP protocols, they’ve fallen short—both in effectiveness and ease of use. The handful of new solutions touted by startups have proven cumbersome and ineffective in delivering automated, cross-platform protection.
Lavabit is bold. With our flexible architecture, we are replacing legacy email with a new federated, end-to-end encrypted protocol that’s user-friendly, accessible and effective. Our Dark Internet Mail Environment and associated encryption technologies are simple enough for your grandmother to use but secure enough for nation-state secrets.
Leveraging lessons from the 28-year history of Pretty Good Privacy (PGP), Lavabit has created the Dark Internet Mail Environment—DIME—the world's first end-to-end encrypted “Email 3.0” global standard. Lavabit’s encryption methodology and server technology solve the problems of centralized trust authorities, cross-domain and cross-platform interoperability, and is the first email encryption standard designed to minimize metadata leakage. Problems that cloud-mediated, and other “walled-garden” email security approaches fail to address.
Simply put, there is more than just encrypting a message in transit. Email adds a new complexity to secure communications. Instead of having a secure single channel between the sender and a server, like when you’re browsing the web, it’s also critical to have a secure channel between users, so that messages remain protected from sender’s computer, all the way to the recipient, regardless of how many servers, or service providers the message must pass through along the way. DIME does just that, by delivering layers of encrypted protection in every step of this process.
Inherently, email clients running Lavabit technology can communicate securely within their domain and with any other DIME capable client. By incorporating encryption directly into protocols and at user-end-points, we created DIME to be the critical and until now missing piece of the cybersecurity puzzle. A critical first step in preventing corporate espionage, safeguarding consumer cyberattacks, eliminating phishing, spoofing, spam, TLS stripping and drive-by malware insertion attacks.
Because it’s infinitely extensible, the DIME standard can easily be adapted to provide protection for encrypted voice calls, online chats, cloud-based file storage, enterprise workflows, and blockchain applications. Any encryption technology that can be linked to an email address, can benefit from DIME. It will be a revolutionary unified encrypted ecosystem capable of restoring privacy, ensuring control over the security of our data. Encryption provides the mechanism, while DIME provides the means.
DIME Architecture & Specification: https://darkmail.info/spec
Lavabit powers true end-to-end, multilayered encryption between users.
By performing message encryption at the user level—within the client email application—DIME eliminates the exposure of critical cryptographic functions to systems outside of user's control.
When a message passes through the server fully encrypted, its contents and metadata are shielded—providing critical protection to a world where email increasingly being stored on centralized servers.
To minimize what a potentially compromised server can access, we made DIME messages analogous to sealed shipping containers. All a hostile server can see is the next hop on the path for a message.
Email is the central nervous system for modern companies. Which is why email is one of the first things targeted by attackers. Many of the most famous security breaches can be traced back to either an account or an email server being breached. Whether it’s phishing, email-borne viruses, or inserting malware into an unencrypted attachment from someone the victim already knows, email is a critically vulnerable form of communication.
And in the wake of high-profile security breaches at Yahoo, Facebook, Marriott, Equifax and dozens of other organizations, consumers and businesses are waking up to the need for secure email, and the need to pay for encrypted protection.
Although the United States is adopting email encryption at a faster pace, China, Russia, Japan, Korea, and India are all expected to increase their respective markets during the next five years. Awareness and investment in email encryption technology is a growing global trend. According to Gartner, revenues from the rapidly growing global email encryption market will grow to nearly $27.9 billion by 2025.
A number of interrelated factors continue to drive growth in the email encryption market:
Lavabit’s B2B focus is on industries with regulatory requirements to safeguard information and industries regularly targeted for information theft. Specific sectors include insurance, financial services, banking, health care, law firms, biotechnology, political figures, and journalists. Any business with valuable intellectual property, large amounts of consumer data, or that view confidentiality as being business critical are prime targets for adopting email encryption at an organization level.
Cybersecurity Ventures predicts that overall cybercrime damages will cost the world $6 trillion annually, up from $3 trillion in 2015. Clearly, cybercriminal activity threatens all aspects of our ever-increasing digital lives and will be one of the biggest challenges that humanity will face in our evolving technology-dependent world. Consequently, global spending on cybersecurity products and services will exceed $1 trillion cumulatively over the next five years, from 2017 to 2021. The extensibility of DIME means Lavabit will be well positioned to grow beyond email and benefit from this rapidly growing market segment.
Lavabit’s DIME technology is the only peer-reviewed, federated solution capable of providing automatic end-to-end encryption for email. DIME’s unique encryption methodology ensures secure and reliable delivery of email while providing confidentiality, preventing manipulation and eliminating metadata leakage along the delivery path.
Backed by over 6 million lines of source code, Lavabit’s breakthrough technology automatically and securely ties an email address to a public key. Our platform makes it possible for software to securely perform encryption functions automatically, and without burdening the user. This makes the Lavabit solution more versatile, secure and flexible than any technology available today.
Consumer and business customers are already using the Lavabit email service with a Flow email subscription. With the introduction of Magma, Lavabit’s DIME-compatible server, our technology is already gaining traction in the marketplace. With Volcano, our still-in-development email client for Android, iOS, and the desktop, Lavabit is poised to turn email into the secure communications platform our personal and corporate users want, and the market demands.
The reality is that the world is mobile, and thus, we must get the technology directly into the hands of its users. The primary use of campaign proceeds will the completion of Volcano, which is presently slated for launch in 2019. Lavabit’s DIME-compatible mail client will enable users to operate in our vaunted Cautious and Paranoid modes. As such, the development of Volcano for mobile devices is the Company ’s top development priority.
Both Magma and Volcano interoperate with legacy email systems and will be made available to customers as a: cloud hosted service, user supported installable products, or hybrid, where customer installations are managed by the Lavabit professional services team. Clearly, Lavabit email provides the ideal solution for consumers seeking complete email privacy, companies operating in sectors where keeping email messages confidential is critical to business success, and companies who need to adopt the use of email encryption software for regulatory and data-security compliance.
Since our relaunch, we have learned that based on our principled customer stance, Lavabit has retained its reputation as one of the most trusted email encryption brands. Lavabit will use its market perception and security-first focus to enshrine the DIME encryption standard within the consumer and enterprise segments of the rapidly growing global market for cybersecurity. As such, Lavabit has developed a phased go-to-market plan predicated on the development of our email client and the ability to scale our product and service offerings to create a broader encrypted ecosystem.
To stimulate early adoption, Lavabit is advancing an open source strategy, in an effort to distribute DIME technology and demonstrate consumer and commercial viability. Lavabit’s business strategy starts with a B2C and B2B cloud hosted email services, with an eye towards expansion into the on-premise market through direct, and value-added reseller (VAR) sales. Future SaaS, licensing, and consulting revenues will be key profit centers as Lavabit expands its commercial footprint.
Central to Lavabit’s focus is to position DIME, and DIME compatible technologies, as the superior alternative, and natural successor to existing enterprise email platforms like Microsoft Exchange, Lotus Domino, Oracle Messaging Server, and Zimbra. Lavabit’s vision is to become the provider of choice for consumer and commercial users looking to the cloud for both outsourced, and installable email solutions.
Lavabit currently sells encrypted email services to consumers, and small businesses using a subscription model. Lavabit’s subscription revenues are generated through the sale of its standard service plan, priced at $30 per annum, and its premier service plan, priced at $60 per annum.
Since our relaunch in 2017, the company has welcomed more than 100,000 returning users to its new service with the offer of a free subscription, while adding an additional 15,000 new customers (business and consumer) onto its paid service plans, with customers coming from over 85 different countries. In 2017 and 2018, the company collected more than $150,000 in revenues from subscription sales to new customers.*
*Some customers are subscribed to our standard and premier service plans but receive discounted pricing because of a promotion that was offered during Q1 and Q2 of 2017.
Lavabit’s existing B2B revenue is derived from providing a hosted email service to small businesses, priced on a per-user basis, and through the sale of support contracts for its Magma mail server. The pricing for support contracts is variable. We’ve currently sold several per-installation contracts priced between $10,000 and $15,000.
With adequate funding, Lavabit will prioritize, and expand its direct sales effort, by switching from a reactive model, to hiring a proactive sales team. We also plan to formally launch a VAR sales program. Based on a conservative bottoms-up projection, Lavabit anticipates continued YOY profitability and robust growth of its B2B sales.
Lavabit email is compatible with any domain that has implemented DIME. Lavabit is the only federated and interoperable email technology capable of offering secure, end-to-end email compatible outside its domain. No other company has solved the walled-garden email security shortfall. Lavabit’s lowest encryption setting—Trustful—is the highest setting offered by competitors.
Before suspending operations in 2014, Lavabit had more than 410,000 customers. Since the relaunch in 2017, Lavabit has migrated 100,000 returning customers, added 15,000 new customers in 85 countries and installed two commercial Magma server beta implementations. With zero marketing efforts, the Company has attracted more than 500,000 unique visitors from 170 countries to lavabit.com.
There’s significant media and market anticipation ahead of Lavabit’s broader market entry efforts. More than 300 members of the professional media are waiting for the opportunity to participate in the beta test, and nearly 100,000 customers are ready to sign up for service when DIME is fully operational on compatible email clients.
Edward Snowden, Privacy Advocate
[Snowden] plans on reactivating his Lavabit account once it relaunches, “if only to show support for their courage.” Lavabit’s greatest offering is “a proven willingness to shut down the company rather than sell out their users, even if a court makes the wrong call,” says Snowden. “That’s actually a very big deal: They might be the only ones in the world that can claim that.”
Cyrus Farivar, Journalist, Ars Technica and author of Habeas Data
"Long before Edward Snowden became a household name, Lavabit was fighting to keep email safe. The company has always been a guardian of digital freedom and with its DIME- enabled solutions now has a robust technical arsenal to do so. The company needs all of our help to make sure that encrypted email is accessible to all."
Check out Habeas Data chapter 6 on Lavabit here.
Once the email products and services achieve a steady state, Lavabit will begin reaching out to new markets with its suite of encryption solutions. The goal is to position Lavabit as the single source for securing communications and data. Some growth products and services will require little to no additional development and be available in the near term. Others will require additional development and won’t be pursued until specific milestones of our core business roadmap are achieved.
Lavabit’s DIME technology ties an email address to a public key infrastructure (PKI), allowing user-level encryption. From a commercialization perspective, DIME is unique because it also allows for the automated end-to-end encryption of file sharing, telephony, SMS, crypto-currencies, business records, and workflows. The incorporation of encryption directly into the protocols/user-end-points, its interoperable and federated nature, and inherent extensibility makes the Lavabit solution more versatile, more secure, and more usable than any solution available today. Our belief is we can use the DIME email – PKI marriage to create a universal foundation for a new secure identity protocol. DIME is still several years ahead of the curve, but the extensibility of the standard means Lavabit is ready to build an encrypted ecosystem that goes well beyond email.
Short-term (1-3 years)
Mid-term (3-5 years)
Long-term (5-10 years)
Lavabit is bootstrapping, and the company has maintained its liquidity to continue operations and partially fund development of its Volcano mail clients. Because of its high-margin existing email subscription business, emerging server business and low capital requirements Lavabit can maintain existing profitable operations at current state indefinitely. At this critical development juncture, Lavabit needs growth capital to employ seasoned developers capable of working on a highly complex codebase to complete this Volcano client application and integration phase. As such, the forecasted primary use of the funds will be to finance ongoing product development and day-to-day operations.
Mission - We deliver reliable, fast, affordable and secure email service that never sacrifices privacy for profits.
Value - We always deliver secure, high-quality email services at the lowest possible price.
Service - We provide friendly, competent service to everyone—whether they're customers, new users or interested visitors.
Privacy - We vigorously protect the privacy of our users above all else.
Usability - Secure email should be as easy as regular email. We develop our services always with simplicity and ease-of-use in mind.
Accessibility - We engineer our systems and solutions to accommodate the widest range of users, preferences, and applications.
Listening - We engage in ongoing conversation with the community to deliver the features our users want and need.
Reciprocity - We stay open source, donate resources to help others and work for the benefit of the community.
Engineering - We embrace exceptional engineering that delivers technically superior software and services.
Ethics - We strive always to make the right decisions—even if they're not the easiest or most profitable.
Since its inception, the Lavabit team has always been a small, all-volunteer group of freedom fighters committed to the principle that everyone has the innate right to private and secure communication. Lavabit relies heavily on contributions from the broader development community and the help of numerous, unnamed, contributors whose dedication, makes the Dark Internet Mail Environment (DIME) possible. Over the past two years, Lavabit has completed the DIME architecture and specifications with all development efforts led by Ladar Levison. Given the complexity of our code base, global reach, inherent privacy concerns, and unique business applications, Lavabit will seek a highly seasoned executive team bringing Lavabit technologies to market.
Ladar Levison
Founder and Chief Executive Officer
Leading technology entrepreneur and privacy advocate. A technological warlock, and the team linchpin, he’s currently poised to become a corporate kingpin.
Richard Delgado, MBA
Chief Operating Officer
A serial deal maker, and former global director at American Express, he’s on the brink of being proclaimed a business guru.
Lavabit has enjoyed the support of many internationally recognized internet freedom fighters and security experts. It would be impossible to list them all. Rather, we’ll only say that DIME was developed in consultation with, and it’s design influenced by, some of the world’s foremost authorities on email standards and encryption.
Dear Investor,
When I started Lavabit, I could not have imagined the journey that lay before me. The more colorful portions of that journey are well documented, and for me, ancient history. What I’m looking forward to our the more interesting story, which is yet to be written. How I managed to take a series of unfortunate circumstances, and use them as a mandate to invent something new, with the Dark Internet Mail Environment, and then grow that invention into a billion dollar business. I believe our revolutionary encryption technologies will do what every entrepreneur hopes for: build shareholder value with a product that has a lasting positive impact on the world we all share.
With our relaunch in 2017, we started this journey towards freedom with the first deployment of Magma, our DIME-capable, free and open source mail server. Anyone with a domain can download the Magma bits, and host their own encrypted mail server. But getting the server online is only the beginning. We still have a long way to go before the DIME promise is fully realized. My hope is this crowd raise will provide the resources Lavabit needs to accelerate the process of turning the proof concept implementation we built while in stealth mode, into market disrupting products. Stat process starts with the completion of Volcano. Our graphical email client, and the critical missing piece we need to start providing the privacy protection we all so desperately need.
Taken together, Magma and Volcano, will solve security problems neglected by the competition, all while providing a fully federated, completely automatic, ridiculously secure solution to the email privacy problem. There are lots of security charlatans who make the claim they provide user-friendly end-to-end encryption for email. But there is only one Lavabit.
The way I see things, Lavabit was 10 years ahead of the competition when it launched a server-centric email encryption platform in 2004. Today the value of a service, which uses encryption to make it impossible for the service operators to access your data is obvious. And since we suspended operations in 2013, a number of companies have come out with platforms that make this promise. But while the competition is focused on protecting users against today’s threats, I moved ahead and developed DIME. And once I believe we are once again ahead of the curve. That’s because buried in the design of DIME, are the tools needed to defeat the threats we’ll be facing very soon. That’s because DIME provides incredible flexibility. It will be implementation and deployment choices that determine whether a DIME user is ready to face Evil: The Next Generation.
DIME is ambitious because I want to ensure the people who rely on Lavabit are ready to defeat the future face of evil. The good news is that unlike 2004, the market values innovations in security, and understands the nuanced nature of encryption. I believe that is why so many are waiting for Lavabit to finally deliver a true solution to the email privacy problem. And once we do, it won’t take long for my colleagues in the information security field to see the difference between the marketing hyperbole, and what we provide.
Of course, there will be those who don’t see the difference right away, and it will take a high profile security breach, or celebrity whistleblower to make them understand. My guess is the next wake up call will come in about 10 years. And when it does, our customers will once again be happy they chose to trust their data to Lavabit.
Ladar Levison
$10,000,000
The maximum valuation at which your investment converts
into equity shares or cash.
Learn more
20%
If a trigger event for Lavabit occurs, the discount provision
gives investors equity shares (or equal value in cash) at a reduced price.
Learn more.
$1.07M
Lavabit must achieve its minimum goal of $150K before the deadline. The maximum amount the offering can raise is $1.07M.
Learn more
Crowd SAFE
A SAFE allows an investor to make a cash investment in a company, with rights to receive certain company stock at a later date, in connection with a specific event.
·
Learn more
This site (the "Site") is owned and maintained by OpenDeal Inc., which is not a registered broker-dealer. OpenDeal Inc. does not give investment advice, endorsement, analysis or recommendations with respect to any securities. All securities listed here are being offered by, and all information included on this Site is the responsibility of, the applicable issuer of such securities. The intermediary facilitating the offering will be identified in such offering’s documentation.
All funding-portal activities are conducted by OpenDeal Portal LLC doing business as Republic, a funding portal which is registered with the US Securities and Exchange Commission (SEC) as a funding portal (Portal) and is a member of the Financial Industry Regulatory Authority (FINRA). OpenDeal Portal LLC is located at 149 E 23rd St #1314, New York, NY 10010, please check out background on FINRA’s Funding Portal page.
All broker-dealer related securities activity is conducted by OpenDeal Broker LLC, an affiliate of OpenDeal Inc. and OpenDeal Portal LLC, and a registered broker-dealer, and member of FINRA | SiPC, located at 149 E 23rd St #1314, New York, NY 10010, please check our background on FINRA’s BrokerCheck.
Certain pages discussing the mechanics and providing educational materials regarding regulation crowdfunding offerings may refer to OpenDeal Broker LLC and OpenDeal Portal LLC collectively as “Republic”, solely for explanatory purposes.
Neither OpenDeal Inc., OpenDeal Portal LLC nor OpenDeal Broker LLC make investment recommendations and no communication, through this Site or in any other medium should be construed as a recommendation for any security offered on or off this investment platform. Investment opportunities posted on this Site are private placements of securities that are not publicly traded, involve a high degree of risk, may lose value, are subject to holding period requirements and are intended for investors who do not need a liquid investment. Past performance is not indicative of future results. Investors must be able to afford the loss of their entire investment. Only qualified investors, which may be restricted to only Accredited Investors or non-U.S. persons, may invest in offerings hosted by OpenDeal Broker.
Neither OpenDeal Inc., OpenDeal Portal LLC nor OpenDeal Broker LLC, nor any of their officers, directors, agents and employees makes any warranty, express or implied, of any kind whatsoever related to the adequacy, accuracy or completeness of any information on this Site or the use of information on this site. Offers to sell securities can only be made through official offering documents that contain important information about the investment and the issuers, including risks. Investors should carefully read the offering documents. Investors should conduct their own due diligence and are encouraged to consult with their tax, legal and financial advisors.
By accessing the Site and any pages thereof, you agree to be bound by the Terms of Use and Privacy Policy. Please also see OpenDeal Broker’s Business Continuity Plan and Additional Risk Disclosures. All issuers offering securities under regulation crowdfunding as hosted by OpenDeal Portal LLC are listed on the All Companies Page. The inclusion or exclusion of an issuer on the Platform Page and/or Republic’s Homepage, which includes offerings conducted under regulation crowdfunding as well as other exemptions from registration, is not based upon any endorsement or recommendation by OpenDeal Inc, OpenDeal Portal LLC, or OpenDeal Broker LLC, nor any of their affiliates, officers, directors, agents, and employees. Rather, issuers of securities may, in their sole discretion, opt-out of being listed on the Platform Page and Homepage.
Investors should verify any issuer information they consider important before making an investment.
Investments in private companies are particularly risky and may result in total loss of invested capital. Past performance of a security or a company does not guarantee future results or returns. Only investors who understand the risks of early stage investment and who meet the Republic's investment criteria may invest.
Neither OpenDeal Inc., OpenDeal Portal LLC nor OpenDeal Broker LLC verify information provided by companies on this Site and makes no assurance as to the completeness or accuracy of any such information. Additional information about companies fundraising on the Site can be found by searching the EDGAR database, or the offering documentation located on the Site when the offering does not require an EDGAR filing.
To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. Therefore, when you use the Services we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver's license, passport or other identifying documents.
Republic and its affiliates are not and do not operate or act as a bank. Certain banking services are provided by BankProv, member FDIC / member DIF. FDIC coverage only applies in the event of bank failure. Digital (crypto) assets and investment products are not insured by the FDIC, may lose value, and are not deposits or other obligations of BankProv and are not guaranteed by BankProv. Terms and conditions apply.
Made in SF/NYC