LEAP’s approach is unique: we are making it possible for any service provider to easily deploy secure services and for people to use these services without needing to learn new software or change their behavior. These services are based on open, federated standards, but done right: the provider does not have access to the user’s data, and we use open protocols in the most secure way possible.

On the server side we have created the LEAP Platform, a “provider in a box” set of complementary packages and server recipes automated to lower the barriers of entry for aspiring secure service providers. On the client side, we have created a cross-platform application called Bitmask that automatically configures itself once a user has selected a provider and which services to enable. Bitmask provides a local proxy that a standard email client can connect to, and allows for easy one-click Virtual Private Network (VPN) service.

Email continues to be a vital communication tool, but is difficult to use securely. Unfortunately, when people to use secure email they often use it in ways that compromise their confidentiality and the confidentiality of the people they communicate with. Even worse, current technology for secure email is vulnerable to numerous methods of association-mapping–information that can be highly sensitive in its own right.

The LEAP email system has several security advantages over typical encryption applications: if not already encrypted, incoming email is encrypted so that only the recipient can read it; email is always stored client-encrypted, both locally and when synchronized with the server; all message relay among service providers is required to be encrypted when possible; and public keys are automatically discovered and validated. In short, the Bitmask app offers full end-to-end encryption, quietly handling the complexities of public key encryption and allowing for backward compatibility with legacy email when necessary. Because the LEAP system is based on open, federated protocols, the user is able to change providers at will, preventing provider dependency and lock-in.

In addition to encrypted email, Bitmask offers automatically self-configuring encrypted internet proxy (aka VPN). Most VPN technology can be a pain to configure correctly without introducing vulnerabilities of DNS leakage, IPv6 leakage, and failing into an open, unencrypted state. The goals for LEAP’s VPN service are to make it so easy to use that people will want to keep it on all the time, and to make it more secure than most other VPN services.

Sessions

Bitmask/LEAP Workshop

We are currently working on two services: VPN, to protect the internet connection of the users and be able to circumvent internet blockages. bitmask (the leap client) makes easy to set up the VPN connection and configuring a firewall to prevent IP leaks (over DNS, IPv6 or others), routing all the traffic of the computer over the VPN email, encrypting the emails on transit and at rest. Making key discovery and usage trasparent to the user at the same time that is compatible with the existing clients using OpenPGP. As well as encrypting the email storage in the client so the provider or a mitm can't access them.

If you are a web (or other kind of) designer, UX afficionado, package maintainer, javascript/python/ruby programmer, puppet master or just curious about it come by and let's work together on improving Bitmask and the leap platform.

LEAP Platform for VPN and email providers

We'll follow the basic steps of the LEAP Platform quick start guide ( https://leap.se/en/docs/platform/tutorials/quick-start).

You can either watch us setting up a LEAP instance live or deploy your own provider. If you want to setup your own provider on an own remote server, please make sure you have the requirements.  This is, in a nutshell a remote server with a dedicated Debian jessie installation and ssh root access to it. Please only use a clean installatio with nothing else on it as LEAP will potentally override services.