The private testing has started!

Security Threat models

Designed to mitigate many of the email's security and privacy vulnerabilities, we encrypt all the messages using zero-access end-to-end encryption so that only senders and recipients can read them, nobody in between.

Email, one of the most common communication methods, but it is also one of the least secure. Given the ubiquity of email and its drawbacks, we developed Liverado to mitigate many of email's security and privacy vulnerabilities.

Liverado is designed to prevent various threats. In this process, we made many design decisions. These decisions sometimes put safety above usability and sometimes put usability above safety. As a result, the system is more secure than the most popular free email service. However, it does not provide 100% protection because nothing can offer complete protection. The article shows our security overview, indicates the threats we cannot prevent, and the recommended use cases.

Security overview

Emails between Liverado users are always end-to-end encrypted, which means only senders and recipients can read the email. Encryption processing on sender's device by using recipient public key.

All messages, including messages sent to and from non-Liverado users, are stored on our servers using zero-access encryption. Private keys, in a way, are encrypted using the user's account password. Except for the user, no one knows the account password, so that no one can access it.

Emails between Liverado accounts and non-Liverado accounts are also zero-access encrypted on our server. But the emails are not encrypted end-to-end during transmission and in the non-Liverado recipient's mailbox. The email copies stored in the server of the recipient's email service provider are at risk of exposure. For example, if Bob used Liverado to send an email to John, a Gmail user. The message in John's inbox is at the risk of exposure. Therefore, for sensitive communication, we recommend that your contact also register a Liverado account. Alternatively, Liverado does provide through our external encryption function or through PGP.

Using strong encryption can protect messages from many types of data leaks, including large-scale surveillance and data leaks. Liverado is different from other email providers such as Google or Yahoo. They retain the ability to read user mail. It allows them to scan messages for advertising or share with third parties.

Although Liverado cannot decrypt message content or attachments like any email service, we can access metadata (email address and subject). Because without this information, we are not able to deliver the message to the final destination. The metadata is protected by some of the world's strongest privacy laws(we base in Singapore, and our data centre is in Switzerland). However, suppose Liverado receives a valid order involving criminal activity. In that case, Liverado must share account metadata (excluding message content or attachments) with law enforcement agencies.

Liverado provides good enough protection for the vast majority of users. However, when a powerful attacker focuses all its resources on a particular goal. In this case, we believe that encryption will not benefit much because the XKCD comics will be applicable.

What Liverado can't guard

Compromised device and account

It is the most common situation. If your password is stolen or there is a keylogger on your computer that records all your keystrokes. Even you use the most secure electronic communication system. Advanced encryption does not guard for you. So we recommend you learn the common practice of protecting data.

Learn more about common types of user mistakes and information on protecting data.

Man in the middle attack (MITM)

MITM is a challenging attack. An individual cannot easily apply to large-scale surveillance on a large scale, usually only performed by a powerful and targeted party such as the government. MITM is where the attacker is located between the user's device and the server. Since Liverado emails are encrypted before they leave the user's browser, an attacker cannot obtain email data just by listening to the communication. The attacker must actually send a modified version of the Liverado website to your browser that may secretly pass the account password back to the attacker.

There are several ways to defend against MITM attacks. Liverado uses TLS to ensure the secure delivery of our software to your browser and prevent tampering with our code on the way. Generally, a successful MITM attack usually requires the use of forged TLS certificates to break TLS. Some browser plug-ins can detect forged certificates and significantly reduce the risk of MITM attacks.

Liverado also has another anti-MITM feature called address verification. It allows you to trust the public keys of verified contacts. It is a form of key-pining that provides additional protection by detecting whether the contact has delivered a forged public key to your device. Compared with other encrypted email services, this feature provides more security for Liverado because it can prevent the key from being tampered with. The trust model is the trust at the first use instead of the trust at each use.

If you think your data is highly sensitive, we recommend you enable the address verification.

Learn how to use address verfication.

Unauthorized backdoor

Another attack vector is if the attacker unknowingly gains access to the Liverado server in some way. It is conceivable that such an attacker can modify the Liverado software to send the wrong encryption code to your browser, thereby obtain unencrypted data somehow. Liverado implements some protective measures against unauthorized backdoor at the server level, making it difficult to complete this attack in an undetectable way successfully.

Below are some recommended and not recommended use cases using liverado:

Anyone values privacy

Liverado is perfect for individuals or companies who don't want the government to access all of their emails at any time. Also, people who don't like Google, Yahoo, or Microsoft scan and archive all their conversations constantly. With Liverado, the barrier to entry for large-scale surveillance is so high that mass surveillance is not feasible.

Organizations with data security needs

Liverado can help organizations comply with data privacy regulations. Our encryption complies with the technical measures for the protection of personal data established by the PDPA , GDPR, PCI-DSS and HIPAA. Liverado's zero-access encryption also dramatically reduces the risk of data leakage. In the unlikely event of data leakage, it significantly reduces the impact of the leakage.

Sensitive business communication

Sensitive business information that you want to ensure against attacks from competitors and other malicious parties. For example, you are concerned that a competitor may want to litigate your company under false excuses to access sensitive data. In this case, Liverado provides you with excellent protection. Unless a valid order from the Singaporean authorities is obtained, Liverado will not release any data. Even if the competitor goes through the expensive and time-consuming process of obtaining such an order, Liverado's zero-access cryptography means that we will not be able to release decrypted data other than metadata.

Suppose you are trying to leak state secrets such as what Edward Snowden did or fight against powerful state opponents. In that case, email may not be the most secure communication medium. The Internet is usually not anonymous. If you violate Singapore laws, a law-abiding company such as Liverado will have to record your IP address. Strong national opponents will also be more likely to launch the attacks as mentioned above against you, which may invalidate the privacy protection provided by Liverado. Although We can offer more protection and security, we cannot guarantee that you are protected from attacks by a powerful opponent.

Conclusion

Some people assert that if you are not a criminal, you don't need privacy. A compelling counterargument can be found here, and we recommend everyone watch it.

Some critics also assert that by establishing Liverado, we provide criminals with tools to evade the authorities. Like any other technology, Liverado can be used in a good or bad way.

However, most users only seek greater control over their data. Journalists and activists may look for Liverado-liked secure communication for their freedom of speech or safety.

The truth about data security is that any weakening of encryption will reduce all of our security.

We can choose to live in a world where everyone is monitored or choose a world where everyone has privacy. We believe that the right to privacy is a fundamental human right, and we are willing to fight and work hard to protect this right.

Ready to join Liverado? Start your free 14-day trial today.