Magma is Lavabit’s open source, commercial-grade, and full-featured server ready for use with the Dark Internet Mail Environment. Magma is now ready for commercial implementation and will fundamentally change the way business transmits encrypted data. Whether you are an individual, SME, or corporate enterprise wanting your own DIME compatible server, the Lavabit technical team can assist with your implementation and development needs.
With DIME, Onionbit.com now has (3) new operational modes to secure all customers: Cautious, Trustful and Paranoid. For the Cautious and Paranoid modes, all communication is encrypted on the user's device making TLS less relevant. Even with end-to-end encryption, TLS ensures a client is connected to the provider's server and provides perfect forward security for network traffic. In Trustful mode, we have moved from the SSL key typically stored on the server to a secure hardware device. The former is an extremely common setting for many SSL enabled sites throughout the internet. We have installed FIPS 140-2 hardware security modules which allows us to use a TLS key without having to access it directly. Any attempt to extract the key will trigger a tamper circuit causing the key to self-destruct. The only account capable of extracting the key is the HSM supervisor. To prevent this we set the passphrase blindly thus locking us out. We suggest anyone not comfortable with trusting the provider to utilize the Cautious or Paranoid modes.
``Here at OnionBit we take privacy and security seriously. To ensure that no one intercepts your e-mail while it is being downloaded or sent to our servers, we support and encourage the use of Secure Sockets Layer (SSL) encryption. SSL was created specifically to eliminate eavesdropping and ensure that information could be transported securely over an untrusted network.``
Your encrypted data is not accessible to us
OnionBit zero access architecture means that your data is encrypted in a way that makes it inaccessible to us. Data is encrypted on the client side using an encryption key that we do not have access to. This means we don't have the technical ability to decrypt your messages, and as a result, we are unable to hand your data over to third parties. With OnionBit, privacy isn't just a promise, it is mathematically ensured