You said '(be it Outlook, your phone, or the web-mail host)'. I was just providing a relevant historical example to support your point. (Lavabit does have a webmail interface.)
FWIW, the Hushmail ex-CEO seems to strongly agree with you on both the ethics point and the need for users to take blind trust out of the security equation.
---
So I've just gone to the Lavabit site and it looks like that they store your private key on the server.[1] That doesn't strike me as being more secure than Malone's idea of externally-audited client-side crypto. But then, as you say, you've arrived at PGPGPG.
The fact, then, that Zimmerman was involved with the company so early on and they still fucked it up just goes to show that faith in the efforts of 'a few dedicated folks' doesn't get you very far.
FWIW, the Hushmail ex-CEO seems to strongly agree with you on both the ethics point and the need for users to take blind trust out of the security equation.
---
So I've just gone to the Lavabit site and it looks like that they store your private key on the server.[1] That doesn't strike me as being more secure than Malone's idea of externally-audited client-side crypto. But then, as you say, you've arrived at PGPGPG.
The fact, then, that Zimmerman was involved with the company so early on and they still fucked it up just goes to show that faith in the efforts of 'a few dedicated folks' doesn't get you very far.
[1] http://lavabit.com/secure.html