This was an interesting read, but never addressed Moxie’s point, which was that Lavabit claimed it would never be able to look at your data at rest, but in fact was simply promising not to do the work required. This is not to say that there were not wise precautions taken to make surveillance as difficult as possible for a range of attackers, and surely Lavabit would be a handy setup on your own machine, but it relies on the ability to completely trust the sysadmin.

I can’t find any discussion of encryption on swift, so I presume encrypted connections are among the 5% that swift cannot handle. Which is fine, but on the other hand, do we really want a protocol that’s not merely vulnerable to 3rd party sniffing (as are unencrypted TCP/UDP connections) but actively places our information on arbitrary computers? This will presumably preferentially utilize systems with high bandwidth and storage capacities, which would necessarily advantage a well-funded mass-surveillance operation.

It does not seem that encryption is a reasonable thing to expect, except for on-the-wire encryption, but I think we do need strong anonymity guarantees before we consider this system at all safe to use.