I wouldn't trust this. The government could be running the site now. It's happened before.

Occam's razor, for once, actually supports the conspiracy theory.

It's far more likely that Levison has been bullied into 72 hours of snooping to avoid contempt than that he's suddenly decided, months after shutting down, for no reason at all, to open up a window for users to grab their emails.

Hypothesis 1: He wants to give low profile users, the kind that use it for mundane things (because why not use cryptography?) the chance to recover their mail at the cost of a privacy leak. In his hurry he forgot the minor detail of PFS. Fetching their email now is not for the paranoid anyway. The alphabets have root. Hypothesis 2: The alphabets set it up as a trap and simply forgot to turn on PFS like before.

Interestingly, in both scenarios the activity will be very logged and the alphabets will get all your data, but absence of PFS is unrelated to this.

wut.

Occam's razor says he replaced the compromised ssl key (the one the court ordered him to hand over)

Ladar shut down his servers than accept snooping on all his users, I certainly doubt he just decided after all this fighting to just give up.

So then he suddenly, after all this time, woke up and decided, "hey, you know all those hosts I shut down and mothballed? I'm going to fire them up NOW, spend some time restoring backups, reconfiguring things where necessary, while facing possible contempt charges, for an arbitrary number of hours, with a new keypair, signed by a US certification authority, without ephemeral keys, and invite everyone who has been avoiding snooping by state entities to log in with their private credentials!" ?

He could have done this a while ago, but he didn't.

He could have relaunched fully, under a new entity, but he didn't.

He chose NOW, to relaunch for only 72 hours. Why?

Here, let me add a bit to your theory.

He's flying back from Brussels to DC tomorrow. Then back to Dallas on 20 Oct.

So he's in DC while the server is up.

source: personal communication (SMS)

With or without ephemeral keys, when people log in, the servers will, at the time of login, have access to the passwords of the users — the same passwords used to decrypt the private keys which can access those users' encrypted email messages.

Well, it's certainly possible, but I'd like to point out one thing. IANAL, but I've been through enough to know that courts will often/always consider the aspect of compliance known as "good faith". It's almost certain that handing over the key and them immediately changing it would be seen by the presiding judge as compliance in bad faith, and would put him in a substantially worse position with regard to possible contempt. Given this, unless Levison is legally suicidal, I think it's a fair bet that any relaunch using a new key pair was done, at the very least, with the blessing of the feds and/or the judge. And I can only think of one reason the feds would give such a blessing.

Those who are truly paranoid should treat the e-mail as gone forever even if it is accessible for them; better safe than sorry.

Those truly paranoid have thing called local backups.

From the President that brought you "if there is a step we can take that will save even one child.... we should take that step."

I agree. As a life long liberal living in the NY Metro area, I've recently realized the destruction caused by nannyism. I'm done with it. I would move to TX if my wife was OK with it.