This story is over 5 years old
Tech by VICE

Even My Mum Can Use This Encryption Service (I Know Because I Made Her Try)

“Oh, very easy, yes,” was my mum’s review.

by Joseph Cox
May 8 2015, 10:35am

Image: Tom Gowanlock/Shutterstock

Sending an encrypted email, for most people, is hard. Although a wave of secure messaging tools have flooded app stores since Edward Snowden's NSA revelations, and clear tutorials on how to set up encrypted email have since been penned, it can still be a daunting task for somebody who doesn't have the time or technical know-how.

But people may still want to grab their privacy back, even if they're pretty clueless on where to start. Lavaboom is a newly rebooted email provider that encrypts the metadata and content of messages between users and claims to be easy to use. What's particularly interesting is the service also obfuscates the metadata for users emailing from Lavaboom to someone else who is not using the service.

"We strip all the metadata that would be normally sent to the receiver's address, and the 'from' address and the originating IP will be right from the heart of Cologne," the company's CEO Felix Müller­-Irion told me in an email (Lavaboom is based in Cologne). This matters, because then anybody monitoring the communication should not be able to tell who sent the email from their metadata.

To put Lavaboom to the test, I decided to enlist someone with the absolute minimum of technological experience: my mum.

This is the second version of the service; the first launched in April 2014. On Friday, Lavaboom is rolling out its new service to the 25,000 people that signed up in advance.

To put Lavaboom to the test, I decided to enlist someone with the absolute minimum of technological experience: my mum.

"Go on your internet browser," I asked her over the phone.

"Err, so I go to Google, yeah?" she replied.

"Just go to where you type an address in."

"What, you mean on the email?"

"No, where you want to access a website."

We weren't off to a good start. Once she had signed up with the invite code I provided, her encryption keys were then generated in her browser.

These work in the same fashion as traditional PGP (Pretty Good Privacy, commonly used to sign and encrypt emails): there is one key for decrypting messages, and a second one that others use to encrypt messages to you. This is all done automatically via a JavaScript implementation of PGP, and the keys can also be backed up locally on the user's machine.

Screenshot of my mum's first encrypted email. Her name is redacted

After the creation of a strong password, my mum was in. She wrote a quick note to my Lavaboom email address, hit send, and that was it. In all, it took 10 minutes (I timed it).

"Oh, very easy, yes," my mum said when I asked how difficult the process was.

To check Lavaboom was sending encrypted emails, I sent a few to myself. Indeed, the text of the email was definitely encrypted, rendering it total gibberish to anyone intercepting it. Müller­-Irion said this included Lavaboom itself.

Of course, this isn't necessarily the best encryption service for highly sensitive work: Those who are particularly concerned might prefer to keep their secret key on a separate air-gapped computer, for example.

But if my mum can successfully send an encrypted email with this, I'm pretty sure anyone else would be able to.

motherboard show