Deal highlights

• Information-security startup poised for growth with global brand recognition and allegiance.

• Revolutionary end-to-end email encryption—transparent and automatic to users—that brings customers the most secure, federated email solution available on the market.

• Lavabit’s lowest encryption setting is the highest setting offered by competitors.

• Technology is the first email standard to minimize the leakage of metadata and provides powerful new tools to prevent phishing, eliminate spoofing, and fight spam, malware insertion, and other email-borne attacks against consumers and corporations.

• According to Gartner, the global cyber security market is currently worth around $131 billion and is set to increase by 88% by 2025. The global email encryption market valued at $3.92 billion in 2017 is anticipated to grow at a healthy rate of more than 27.8% through 2025 to a market value of $27.9 billion.

• More than 100,000 returning customers and 15,000 new customers in over 85 countries since the relaunch.

• Currently profitable with over $150,000 in recurring annual revenue with the potential to be a $1B company in 10 years.

Our history

Freedom fighters who have never stopped fighting for you.

Lavabit was founded on the principle that everyone—individuals, organizations and businesses—have an innate right to private, secure communication. We’ve never wavered from that mission.

In 2014, the company suspended its service to protect global customers after the US government ordered Lavabit to release its Secure Sockets Layer (SSL) private keys in the wake of the Edward Snowden data release. Citing its philosophy of digital rights, privacy and customer protection the company suspended operations.

The Company went underground and rebuilt email the way it should be—from the ground-up and secure from point A to point B—so this could never happen again. A pioneer in email security with over 15 years in-the-trenches experience, we have intimate knowledge of email standards and encryption technologies, which has kept our technology years ahead of the curve. 

Trusted, proven and privacy battle-tested, Lavabit is not your typical start-up. Coming out of stealth-mode, Lavabit is back with the Dark Internet Mail Environment—DIME—a revolutionary new end-to-end encrypted global standard that powers Flow, our new email subscription service, Magma, our encrypted mail server, Volcano our forthcoming email client, and other DIME enabled technologies.

Email wasn’t built to protect users or data—and now we’re paying the price

269 billion times a day, users sacrifice privacy and security when they hit send.

More than 74 trillion messages are transmitted a year by 3.7 billion email users. Virtually every aspect of global communication, commerce and life are mediated by email. Email is at the core of our cyber identities—a role that’s increasingly risky. Like a postcard in the mail, emails expose their data and metadata as they travel—giving attackers easy access to personal information, systems and networks.

As defined by true end-to-end encryption, email security is a complex and elusive problem that no one has solved until now. When the first email protocols were developed in the 1970s, security and privacy were afterthoughts, and encryption technologies were restricted. While ad hoc efforts have attempted to bolt security functionality onto legacy SMTP, POP3 and IMAP protocols, they’ve fallen short—both in effectiveness and ease of use. The handful of new solutions touted by startups have proven cumbersome and ineffective in delivering automated, cross-platform protection.

Next-generation technology in communication privacy and security

Lavabit is bold. With our flexible architecture, we are replacing legacy email with a new federated, end-to-end encrypted protocol that’s user-friendly, accessible and effective. Our  Dark Internet Mail Environment and associated encryption technologies are simple enough for your grandmother to use but secure enough for nation-state secrets.

Leveraging lessons from the 28-year history of Pretty Good Privacy (PGP), Lavabit has created the Dark Internet Mail Environment—DIME—the world's first end-to-end encrypted “Email 3.0” global standard. Lavabit’s encryption methodology and server technology solve the problems of centralized trust authorities, cross-domain and cross-platform interoperability, and is the first email encryption standard designed to minimize metadata leakage. Problems that cloud-mediated, and other “walled-garden” email security approaches fail to address.

Online identity protection that works

Simply put, there is more than just encrypting a message in transit. Email adds a new complexity to secure communications. Instead of  having a secure single channel between the sender and a server, like when you’re browsing the web, it’s also critical to have a secure channel between users, so that messages remain protected from sender’s computer, all the way to the recipient, regardless of how many servers, or service providers the message must pass through along the way. DIME does just that, by delivering layers of encrypted protection in every step of this process.

Inherently, email clients running Lavabit technology can communicate securely within their domain and with any other DIME capable client. By incorporating encryption directly into protocols and at user-end-points, we created DIME to be the critical and until now missing piece of the cybersecurity puzzle. A critical first step in preventing corporate espionage, safeguarding consumer cyberattacks, eliminating phishing, spoofing, spam, TLS stripping and drive-by malware insertion attacks.

Because it’s infinitely extensible, the DIME standard can easily be adapted to provide protection for encrypted voice calls, online chats, cloud-based file storage, enterprise workflows, and blockchain applications. Any encryption technology that can be linked to an email address, can benefit from DIME. It will be a revolutionary unified encrypted ecosystem capable of restoring privacy, ensuring control over the security of our data. Encryption provides the mechanism, while DIME provides the means.

DIME Architecture & Specification:  https://darkmail.info/spec

Everything’s safer in the dark

DIME minimizes metadata leakage, automates message encryption and resists manipulation by an attacker.

Lavabit powers true end-to-end, multilayered encryption between users.

• The message is encrypted and digitally signed before it leaves a sender’s device.
• The message's various metadata components are also encrypted, which minimizes leakage, as it travels the internet.
• The complexity of user key management can become invisible to the user. All they need is software which implements our new security protocols.

By performing message encryption at the user level—within the client email application—DIME eliminates the exposure of critical cryptographic functions to systems outside of user's control.

When a message passes through the server fully encrypted, its contents and metadata are shielded—providing critical protection to a world where email increasingly being stored on centralized servers.

To minimize what a potentially compromised server can access, we made DIME messages analogous to sealed shipping containers. All a hostile server can see is the next hop on the path for a message.

Email is the communications backbone of the internet

It’s the most common form of business communication—accounting for more than 70 percent of total message volume.

Email is the central nervous system for modern companies. Which is why email is one of the first things targeted by attackers. Many of the most famous security breaches can be traced back to either an account or an email server being breached. Whether it’s phishing, email-borne viruses, or inserting malware into an unencrypted attachment from someone the victim already knows, email is a critically vulnerable form of communication.

And in the wake of high-profile security breaches at Yahoo, Facebook, Marriott, Equifax and dozens of other organizations, consumers and businesses are waking up to the need for secure email, and the need to pay for encrypted protection.

Although the United States is adopting email encryption at a faster pace, China, Russia, Japan, Korea, and India are all expected to increase their respective markets during the next five years. Awareness and investment in email encryption technology is a growing global trend. According to Gartner, revenues from the rapidly growing global email encryption market will grow to nearly $27.9 billion by 2025.

A number of interrelated factors continue to drive growth in the email encryption market:

• Global privacy standards. The email encryption market is growing with the adoption of the GDPR in Europe, the APPI in Japan, and HIPAA in the United States. The global PCI DSS rules are also driving companies to adopt encryption technologies
• Integrated security solutions. Existing security solutions remain problematic from an integration perspective. As network infrastructure becomes increasingly complex, vendors need to offer more robust encryption solutions that are automated, transparent and compatible to stay relevant among end users.
• Business adoption and expansion. Email encryption is moving beyond the large corporate enterprise market. Shifting requirements and regulations have forced small and medium-sized businesses to innovate and refocus their business models and infrastructure to adopt email encryption.
• Complexity. The management of keys to encrypt/decrypt email is an unintended burden which increases complexity and cost. That burden is driving interest in solutions. Newly emerging security solutions like the one Lavabit is developing are expected to boost the demand, and market size for email encryption software in the near term

Lavabit’s B2B focus is on industries with regulatory requirements to safeguard information and industries regularly targeted for information theft. Specific sectors include insurance, financial services, banking, health care, law firms, biotechnology, political figures, and journalists. Any business with valuable intellectual property, large amounts of consumer data, or that view confidentiality as being business critical are prime targets for adopting email encryption at an organization level.

Cybersecurity Ventures predicts that overall cybercrime damages will cost the world $6 trillion annually, up from $3 trillion in 2015. Clearly, cybercriminal activity threatens all aspects of our ever-increasing digital lives and will be one of the biggest challenges that humanity will face in our evolving technology-dependent world. Consequently, global spending on cybersecurity products and services will exceed $1 trillion cumulatively over the next five years, from 2017 to 2021. The extensibility of DIME means Lavabit will be well positioned to grow beyond email and benefit from this rapidly growing market segment.

Revolutionary technology, innovative products

DIME’s technology and timing are poised to revolutionize email security.

Lavabit’s DIME technology is the only peer-reviewed, federated solution capable of providing automatic end-to-end encryption for email. DIME’s unique encryption methodology ensures secure and reliable delivery of email while providing confidentiality, preventing manipulation and eliminating metadata leakage along the delivery path.

Backed by over 6 million lines of source code, Lavabit’s breakthrough technology automatically and securely ties an email address to a public key. Our platform makes it possible for software to securely perform encryption functions automatically, and without burdening the user. This makes the Lavabit solution more versatile, secure and flexible than any technology available today.

Consumer and business customers are already using the Lavabit email service with a Flow email subscription. With the introduction of Magma, Lavabit’s DIME-compatible server, our technology is already gaining traction in the marketplace. With Volcano, our still-in-development email client for Android, iOS, and the desktop, Lavabit is poised to turn email into the secure communications platform our personal and corporate users want, and the market demands.

Because the world is mobile, we're building Volcano.

The reality is that the world is mobile, and thus, we must get the technology directly into the hands of its users. The primary use of campaign proceeds will the completion of Volcano, which is presently slated for launch in 2019. Lavabit’s DIME-compatible mail client will enable users to operate in our vaunted Cautious and Paranoid modes. As such, the development of Volcano for mobile devices is the Company ’s top development priority.

Both Magma and Volcano interoperate with legacy email systems and will be made available to customers as a: cloud hosted service, user supported installable products, or hybrid, where customer installations are managed by the Lavabit professional services team. Clearly, Lavabit email provides the ideal solution for consumers seeking complete email privacy, companies operating in sectors where keeping email messages confidential is critical to business success, and companies who need to adopt the use of email encryption software for regulatory and data-security compliance.

Poised for global growth

Since our relaunch, we have learned that based on our principled customer stance, Lavabit has retained its reputation as one of the most trusted email encryption brands. Lavabit will use its market perception and security-first focus to enshrine the DIME encryption standard within the consumer and enterprise segments of the rapidly growing global market for cybersecurity. As such, Lavabit has developed a phased go-to-market plan predicated on the development of our email client and the ability to scale our product and service offerings to create a broader encrypted ecosystem.

To stimulate early adoption, Lavabit is advancing an open source strategy, in an effort to distribute DIME technology and demonstrate consumer and commercial viability. Lavabit’s business strategy starts with a B2C and B2B cloud hosted email services, with an eye towards expansion into the on-premise market through direct, and value-added reseller (VAR) sales. Future SaaS, licensing, and consulting revenues will be key profit centers as Lavabit expands its commercial footprint.

Central to Lavabit’s focus is to position DIME, and DIME compatible technologies, as the superior alternative, and natural successor to existing enterprise email platforms like Microsoft Exchange, Lotus Domino, Oracle Messaging Server, and Zimbra. Lavabit’s vision is to become the provider of choice for consumer and commercial users looking to the cloud for both outsourced, and installable email solutions.

Lavabit's core business roadmap

• Phase 1. Consumer cloud. Consumer-focused encrypted email services. Pricing is based on a subscription upsell model determined by storage capacity.
• Phase 2. Business cloud. Geared toward small and medium-sized businesses with limited internal capabilities looking for hosted email solutions. Pricing is based on channel volume and account size.
• Phase 3. Commercially licensed installable products. A feature-rich, easily managed, highly secure email solution for customers with sophisticated IT departments or a need to host data on their own infrastructure. Channel partners and value-added resellers will develop, deploy and support versions of the installable products. Through partner collaboration and direct professional service engagements, we plan to promote the customization of Magma and anticipate this will result in vertical-specific features being developed.
• Phase 4. Commercially purchased appliances. Government agencies, military contractors, political activists, and high-net-worth individuals are just a few examples of customers that will require the immutable protection of hardware-level security. These turnkey solutions will offer superior protection and simplified management for the market segment seeking fire-and-forget email servers, and access devices certified to handle the most sensitive private and public sector secrets.

Lavabit is profitable with ongoing B2C subscription revenues.

Lavabit currently sells encrypted email services to consumers, and small businesses using a subscription model. Lavabit’s subscription revenues are generated through the sale of its standard service plan, priced at $30 per annum, and its premier service plan, priced at $60 per annum.

Since our relaunch in 2017, the company has welcomed more than 100,000 returning users to its new service with the offer of a free subscription, while adding an additional 15,000 new customers (business and consumer)  onto its paid service plans, with customers coming from over 85 different countries. In 2017 and 2018, the company collected more than $150,000 in revenues from subscription sales to new customers.*

*Some customers are subscribed to our standard and premier service plans but receive discounted pricing because of a promotion that was offered during Q1 and Q2 of 2017.

Lavabit is focused on B2B solutions and services

Lavabit’s existing B2B revenue is derived from providing a hosted email service to small businesses, priced on a per-user basis, and through the sale of support contracts for its Magma mail server. The pricing for support contracts is variable. We’ve currently sold several per-installation contracts priced between $10,000 and $15,000.

With adequate funding, Lavabit will prioritize, and expand its direct sales effort, by switching from a reactive model, to hiring a proactive sales team. We also plan to formally launch a VAR sales program. Based on a conservative bottoms-up projection, Lavabit anticipates continued YOY profitability and robust growth of its B2B sales.

Lavabit has a unique position in the marketplace 

Lavabit’s solutions are uniquely suited to balance automated convenience and ironclad protection for security-conscious users.

How we're different

Lavabit email is compatible with any domain that has implemented DIME. Lavabit is the only federated and interoperable email technology capable of offering secure, end-to-end email compatible outside its domain. No other company has solved the walled-garden email security shortfall. Lavabit’s lowest encryption setting—Trustful—is the highest setting offered by competitors.

Lavabit has a brand name and global market recognition

The current user base includes 115,000 customers in more than 85 countries.

Before suspending operations in 2014, Lavabit had more than 410,000 customers. Since the relaunch in 2017, Lavabit has migrated 100,000 returning customers, added 15,000 new customers in 85 countries and installed two commercial Magma server beta implementations. With zero marketing efforts, the Company has attracted more than 500,000 unique visitors from 170 countries to lavabit.com.

There’s significant media and market anticipation ahead of Lavabit’s broader market entry efforts. More than 300 members of the professional media are waiting for the opportunity to participate in the beta test, and nearly  100,000 customers are ready to sign up for service when DIME is fully operational on compatible email clients.

What people are saying

Edward Snowden, Privacy Advocate

[Snowden] plans on reactivating his Lavabit account once it relaunches, “if only to show support for their courage.” Lavabit’s greatest offering is “a proven willingness to shut down the company rather than sell out their users, even if a court makes the wrong call,” says Snowden. “That’s actually a very big deal: They might be the only ones in the world that can claim that.”

Cyrus Farivar, Journalist, Ars Technica and author of Habeas Data

"Long before Edward Snowden became a household name, Lavabit was fighting to keep email safe. The company has always been a guardian of digital freedom and with its DIME- enabled solutions now has a robust technical arsenal to do so. The company needs all of our help to make sure that encrypted email is accessible to all." 

Check out Habeas Data chapter 6 on Lavabit here. 

What's next?

Building the ecosystem

Once the email products and services achieve a steady state, Lavabit will begin reaching out to new markets with its suite of encryption solutions. The goal is to position Lavabit as the single source for securing communications and data. Some growth products and services will require little to no additional development and be available in the near term. Others will require additional development and won’t be pursued until specific milestones of our core business roadmap are achieved.

Lavabit’s DIME technology ties an email address to a public key infrastructure (PKI), allowing user-level encryption. From a commercialization perspective, DIME is unique because it also allows for the automated end-to-end encryption of file sharing, telephony, SMS, crypto-currencies, business records, and workflows.  The incorporation of encryption directly into the protocols/user-end-points, its interoperable and federated nature, and inherent extensibility makes the Lavabit solution more versatile, more secure, and more usable than any solution available today. Our belief is we can use the DIME email – PKI marriage to create a universal foundation for a new secure identity protocol.  DIME is still several years ahead of the curve, but the extensibility of the standard means Lavabit is ready to build an encrypted ecosystem that goes well beyond email.

Our success roadmap

Short-term (1-3 years)

• Grow core B2C & B2B cloud business to over $5M - $10M from 100,000+ customers
• Complete development of Volcano and start encrypted ecosystem development
• Expand Magma server technology and grow commercial business; targeting 500+ installations generating over $25M+ in revenue
• Generate Lavabit revenues of $50M+
• Complete successful A/B round capital raises  
• Expand business, development and operations teams

Mid-term (3-5 years)

• Provide best-in-class mail client functionality to drive continued adoption
• Grow core B2C & B2B cloud business to over $25M from 500,000+ customers
• Expand B2B partnerships to enter installable/appliance markets
• Develop Lavabit professional services business targeting 5,000+ installations and licensing fees for $200M+ in revenue
• Expand “Ecosystem” partnerships to develop new encrypted identity, file storage, workflow text, telephony and payments products
• Generate sustained Lavabit revenues of $250M+
• Successful B/C round raises if required
• Manage international team expansion  

Long-term (5-10 years)

• Position Lavabit as a leading and dominant global encryption player
• Position DIME as the global encrypted email standard adopted by all mail providers
• Grow core B2C & B2B cloud business to over 1M+ paid registrations generating over $100M+ in annual revenue
• Position Installable enterprise business preferred service for Global Fortune 500 targeting 10,000+ installations and licensing fees generating over $300M annually
• Position encrypted ecosystem business as dominant encrypted collaboration services with licensing fees generating over $100M annually
• Generate sustained Lavabit revenues of $1B annually
• Successful exit, merger or IPO

Use of campaign funds

Lavabit is bootstrapping, and the company has maintained its liquidity to continue operations and partially fund development of its Volcano mail clients. Because of its high-margin existing email subscription business, emerging server business and low capital requirements Lavabit can maintain existing profitable operations at current state indefinitely. At this critical development juncture, Lavabit needs growth capital to employ seasoned developers capable of working on a highly complex codebase to complete this Volcano client application and integration phase. As such, the forecasted primary use of the funds will be to finance ongoing product development and day-to-day operations.

What we believe

Mission - We deliver reliable, fast, affordable and secure email service that never sacrifices privacy for profits.

Value - We always deliver secure, high-quality email services at the lowest possible price.

Service - We provide friendly, competent service to everyone—whether they're customers, new users or interested visitors.

Privacy - We vigorously protect the privacy of our users above all else.

Usability - Secure email should be as easy as regular email. We develop our services always with simplicity and ease-of-use in mind.

Accessibility - We engineer our systems and solutions to accommodate the widest range of users, preferences, and applications.

Listening - We engage in ongoing conversation with the community to deliver the features our users want and need.

Reciprocity - We stay open source, donate resources to help others and work for the benefit of the community.

Engineering - We embrace exceptional engineering that delivers technically superior software and services.

Ethics - We strive always to make the right decisions—even if they're not the easiest or most profitable.

Driven by a passion for privacy and protection

Since its inception, the Lavabit team has always been a small, all-volunteer group of freedom fighters committed to the principle that everyone has the innate right to private and secure communication. Lavabit relies heavily on contributions from the broader development community and the help of numerous, unnamed, contributors whose dedication, makes the Dark Internet Mail Environment (DIME) possible. Over the past two years, Lavabit has completed the DIME architecture and specifications with all development efforts led by Ladar Levison.  Given the complexity of our code base, global reach, inherent privacy concerns, and unique business applications, Lavabit will seek a highly seasoned executive team bringing Lavabit technologies to market.

Ladar Levison

Founder and Chief Executive Officer

Leading technology entrepreneur and privacy advocate. A technological warlock, and the team linchpin, he’s currently poised to become a corporate kingpin.

Richard Delgado, MBA

Chief Operating Officer 

A serial deal maker, and former global director at American Express, he’s on the brink of being proclaimed a business guru.

Advisory

Lavabit has enjoyed the support of many internationally recognized internet freedom fighters and security experts. It would be impossible to list them all. Rather, we’ll only say that DIME was developed in consultation with, and it’s design influenced by, some of the world’s foremost authorities on email standards and encryption.

Letter from the founder

Dear Investor,

When I started Lavabit, I could not have imagined the journey that lay before me. The more colorful portions of that journey are well documented, and for me, ancient history. What I’m looking forward to our the more interesting story, which is yet to be written. How I managed to take a series of unfortunate circumstances, and use them as a mandate to invent something new, with the Dark Internet Mail Environment, and then grow that invention into a billion dollar business. I believe our revolutionary encryption technologies will do what every entrepreneur hopes for: build shareholder value with a product that has a lasting positive impact on the world we all share.

With our relaunch in 2017, we started this journey towards freedom with the first deployment of Magma, our DIME-capable, free and open source mail server. Anyone with a domain can download the Magma bits, and host their own encrypted mail server. But getting the server online is only the beginning. We still have a long way to go before the DIME promise is fully realized. My hope is this crowd raise will provide the resources Lavabit needs to accelerate the process of turning the proof concept implementation we built while in stealth mode, into market disrupting products. Stat process starts with the completion of Volcano. Our graphical email client, and the critical missing piece we need to start providing the privacy protection we all so desperately need.

Taken together, Magma and Volcano, will solve security problems neglected by the competition, all while providing a fully federated, completely automatic, ridiculously secure solution to the email privacy problem. There are lots of security charlatans who make the claim they provide user-friendly end-to-end encryption for email. But there is only one Lavabit.

The way I see things, Lavabit was 10 years ahead of the competition when it launched a server-centric email encryption platform in 2004. Today the value of a service, which uses encryption to make it impossible for the service operators to access your data is obvious. And since we suspended operations in 2013, a number of companies have come out with platforms that make this promise. But while the competition is focused on protecting users against today’s threats, I moved ahead and developed DIME. And once I believe we are once again ahead of the curve. That’s because buried in the design of DIME, are the tools needed to defeat the threats we’ll be facing very soon. That’s because DIME provides incredible flexibility. It will be implementation and deployment choices that determine whether a DIME user is ready to face Evil: The Next Generation.

DIME is ambitious because I want to ensure the people who rely on Lavabit are ready to defeat the future face of evil. The good news is that unlike 2004, the market values innovations in security, and understands the nuanced nature of encryption. I believe that is why so many are waiting for Lavabit to finally deliver a true solution to the email privacy problem. And once we do, it won’t take long for my colleagues in the information security field to see the difference between the marketing hyperbole, and what we provide.

Of course, there will be those who don’t see the difference right away, and it will take a high profile security breach, or celebrity whistleblower to make them understand. My guess is the next wake up call will come in about 10 years. And when it does, our customers will once again be happy they chose to trust their data to Lavabit.

Ladar Levison

Invest in secure communications for the world