Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Agreed. There has to be a place for principles in this world.


If we're apparently putting people in jail for their intentions then definitely, intentions matter when the situation is the reverse as well. The guy tried to make a stand, messed up under pressure (and who here would dare to say they would not, I'm pretty steadfast but when that sort of power is aimed directly at you and your small company it takes some serious mental fortitude to even consider rejecting the request) and unfortunately made some bad technical decisions.

All in all, nothing but good intentions and with a bit more foresight it would have ended quite differently. I sincerely hope that if I'm ever the subject of such pressure that I'll do half as good, hopefully better but definitely no guarantees there.

And trying to protect Edward Snowden was - especially at that moment in time - something that was a very hot issue as an American citizen well within reach of the arm of the law.


Hold on, don't move the goalposts. Levison did not design Lavabit under pressure from the DOJ. He had years to work on the design, the precedent of Hushmail to work from, and, let's be clear: until the DOJ requested documents that violated his own political leanings, he was compliant with other DOJ requests.


> until the DOJ requested documents that violated his own political leanings, he was compliant with other DOJ requests.

And that's his mistake. He should not have cared at all about which users the DOJ wanted info about, he should have realized that if he was capable of complying with their demands at all that his system should be fixed rather than kept that way.

I can see how this happens though. Imagine your average TOR exit node operator. This person may have noble intentions and dreams about supporting dissidents. Then finds out the exit node is used to peddle all kinds of gore. The temptation to become involved in determining what is and what is not supported use of 'your' exit node must be tremendously strong. Especially if some of that traffic is personally revolting, offensive or in some other way against your own personal philosophies.

So Levison may have thought that doing his bit, aiding the DOJ and purposefully having these holes was a net positive for society. But looking back I think he'd be the first to agree that that was a very bad mistake.


We disagree, for whatever it's worth. To me, his mistake was in attempting to provide government-proof email without taking the time to build the expertise required to do so.

The Internet is littered with broken attempts at providing government-resistant messaging systems. They're a plague. There experts trying to deliver the same systems, but securely; they get drowned out because their UX isn't as smooth as that of Lavabit's --- which took full advantage of the UX benefits of total insecurity to get more users.


> To me, his mistake was in attempting to provide government-proof email without taking the time to build the expertise required to do so.

It is very hard to find someone who knows what he does not know. Much more capable people than Levinson have been bitten by that particular failure.

> There (are) experts trying to deliver the same systems, but securely; they get drowned out because their UX isn't as smooth as that of Lavabit's --- which took full advantage of the UX benefits of total insecurity to get more users.

Agreed. Conclusion: user experience counts. What I wonder is why those experts in crypto can't get their act together and deliver a user experience that's at least good enough not to get in the way of acceptance. Wherever there is a conflict between 'good crypto' and 'user experience' the crypto wins out in one product and the user experience wins out in another. Users overwhelmingly choose the packages with the good user experience and the bad crypto.

This may not be fixable in the case of conflicts but for many of the issues they may in fact be simply a matter of attention to detail, after all if the effort can be expended to make good crypto then a similar effort should go into the user experience since in the eyes of the users both are important. Delivering great crypto in an impractical package is a non-contribution.

That is going to be an uphill battle if the past is anything to go by.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: