Slashdot Mirror
Untraceable Messaging Service Raises a Few Eyebrows
netbuzz writes "A messaging service called VaporStream announced today at DEMOfall will allow any two parties to communicate electronically without leaving any record of their interaction on any computer or server. Messages cannot be forwarded, edited, printed or saved. After they're read, they're gone."
Screenshots, anyone?
if the answer isn't violence, neither is your silence / freedom of expression doesn't make it alright
Come on. If it can be displayed or played it can be captured and preserved. Except for the money spent on such schemes, of course.
-- @rjamestaylor on Ello
If anyone really wants to know who and what you are messaging, they would probably set up a packet sniffer which would make this useless.
echo YOUR_OPINION >
I somehow thing that this wouldn't be totally secure. Man in the middle attacks? DNS attacks, spoofing the "web based chat"'s interface? There are lots of ways to mess this up. If I was going for anonymity and protection, I'd use Cult of the Dead Cow's newly released "hacktivism" tool, ScatterChat. It basically uses strong encryption plus Tor (optionally, I think) to make chats as close to perfectly secure as a major chat appliance has come. It's a great idea, many years in the making. I'd go with that, myself.
- dshaw
PS: No, I'm neither affiliated with ScatterChat or CDC in any way.
How do they know it's been read? Like the others, I'm sure where there's a will, there's a way, through screenshots or something. It's a nice thought, but my mama always told me never to write down anything I didn't want to be shown. You can't always prove what someone said but you can show what someone has written. I know I'm saving a few choice words that could conceivably come back and bite the person who sent the email to me.
faithful unto death
sigma sigma sigma
Vaporware.
Er..
https://www.eff.org/https-everywhere
. . . because I'm not sure if it's easy enough to blow this smoke up my butt. Is this massively encrypted? One-time pad? The article says nothing except "no records are kept." Every machine along the path keeps a log of something. At the very least, it can be researched that two machines shouted garbled stuff at each other. How is this any more secure than current encryption methods in place? Do the relevant machines do a secret handshake via gumbyspace?
If I don't want there to be a record then I talk to the person... in person. Anything else, from phone calls, to letters, to "super secure one time read only" e-mails I assume will be kept for future reference somehow.
A messaging service called VaporStream
Oh, I thought it said VaporSteam, the gaming service that would allow you to play Duke Nukem Forever.
God spoke to me.
Gee, sounds like text messages and email that your average tech support person sends their customer...
*ding* "I just received my password! Er, now I can't find it."
Laughter is the Spackle of the Soul.
Key to Void's Web-based VaporStream service is the fact that at no time does the body of the message and the header information appear together, thus leaving no record of the interaction on any computer or server. The message cannot be forwarded, edited, printed or saved, and, once it's been read, it disappears; nothing is cached anywhere. No attachments allowed. nothing is cached anywhere It might not be cached by the VaptoStream provider, but the ISP (or anyone with a sniffer at the service provider's ISP) can cache both the headers and message informations of all the messages and correlate them later at their leisure. Only an idiot would believe this service gives them "an electronic communications channel that leaves not a trace of its contents or the identities of the participants."
I hereby claim this to still be traceable, even if it is a little more difficult than you would otherwise expect.
TFA: This software sounds pretty damned cool. The article does not discuss specifically end user concern over the loose security (or even outright disclosure) practices of service providers (for profit, etc.) here lately, and I think that this user is the market for this software. People just aren't tickled by the idea of companies databasing and exploiting private conversations for the purpose of ad display. While this is certainly not the first software that is able to address these concerns, this is the first time I have seen it discussed in the context of who may not like it instead of the opposite. No specific information about the mechanics of the system is given.
While the idea of governmental interest in the personal conversations is not exactly preposterous, there is an awful lot of political hype on the subject. I think that the article could have given some more insight and a lot less innuendo. Potential for controversy does not controversy make. The article is actually bracketed by assumptions. and
Could not a software roundup have given a little pertintent information in place of all the speculation?
FairTax baby!
I've tried the service and it's so advanced that if I blink it diaappears. Try reading a long letter and it's like having staring contest with a fish. I hope they have patents. This thing is awesome.
That's the clever bit. See, since humans are generally the weak link in security setups (see Rubber Hose Cryptanalysis), the system doesn't show the information to any humans. In fact, it never leaves the sender's computer! It's transcribed directly into write-only memory.
A legparnasom tele van angolnaval.
"This message will self-destruct in 5 seconds"
"4..."
"3..."
"2..."
"1..."
KA-BOOM
Alan Cox is seen screaming and running for help
This is just another document DRM system. Microsoft has been shipping this in Office since 2003. They call it "Trustworthy Messaging. It includes 128-bit encryption and "content expiration", as Microsoft puts it.
Nothing new here.
screenshots? i understand the whole header and message dont appear at the same time. but, if its displayed on a computer monitor, it can be archived somehow.
For anyone who does not know, any data that enters your computer can be saved. This is no exception.
My friend, our organization has great need of your service. Will it work in middle eastern countries? How about the mountains of Pakistan? Is there a problem with arabic? We are very excited about your service and look forward to hearing from you are soon as possible. I wish we had access to it several months ago. An unfortunate incident in England could have been avoided.
Oh, that's easy to implement. The website calls for a Windoze vulnerability, and 10 seconds after the message is displayed, the computer BSODs...
The idea of a non-traceable communication system is that, if the two people conversing don't want it to be seen again, it can't be. If I'm talking to Joe Smith about how we're going to steal ten trillion dollars from a couple hundred bank accounts around the world, I want to make sure that nobody can FIND or ACCESS the conversation we just had; for obvious reasons. If we talked about it on AIM, chances are some computer-savvy prosecutor could find logs of that chat hovering around cyberspace somewhere. If we talked over email, someone could find it hanging around in temp files, or SOMEthing.
This software doesn't aim to hide conversations from the people taking part in them. So unless you're worried about Big Brother sneaking up behind you and mashing the PRNTSCRN button every five seconds or so, screenshots are NOT an issue.
That being said, I still think it's a bit narrow in its uses. We'll see, though. We'll see.
The heavens do not fall for such a trifle.
"How does it work? Using your existing e-mail address, Void says its technology automatically separates the sender's and receiver's names and the date from the body of the message, never allowing them to be seen together: "VaporStream messages cannot be printed, cut and pasted, forwarded or saved, helping promote open and collaborative communications. Once read, VaporStream stream messages are gone forever." The instant a VaporStream stream message is sent, the company says, it is placed in a temporary storage buffer space. "When the recipient logs in to read their message, the message is removed from the buffer space. By the time the recipient opens it, the complete stream message no longer exists on the server or any other computer."
Anyone can go to the company's web site and sign up for the service at $39.95 per year. It is Web-based, meaning that no hardware or software purchases are required. The company also says that VaporStream is completely immune to spam and viruses."
I guess their angle is to defend against MITM attacks. If it is web based, it sounds like the sender (Adam) logs in via HTTPS and sends a message to the recipient (Betty). The service adds a unique ID to the message, strips the headers and forwards it on to Betty.
Security problems that keep the bad guys from using it? The first is the $39.95 per month fee. No sense registering with that credit card 'cause that is tracable. How about sniffing one step upstream from Void's servers for originating IPs. That'll give you who is using it. Then traffic analysis watching for outgoing e-mail messages. If it works with your existing e-mail address then it uses SMTP, which is quite possibly plain text. You can sniff the contents of the message and the recipient. Statistical analysis of the HTTPS traffic just before the SMTP intercept can probably tell you who the sender was.
Let's not even get into the whole "recent hole in OpenSSL", staging a MITM/DNS poising attack with a proxy or phishing site.
Charles
Learning HOW to think is more important than learning WHAT to think.
Now, there is the issue that the server database is still presumably storing messages on disk, so we aren't matching up to the featured product's boast of never writing messages to disk. Offhand, I don't see a problem with this, since I think we have to trust in the physical integrity of the server. However, there's a simple solution: keep the database on a RAM disk.
In any case, I think this whole boast of the message never being written to disk is ridiculous, because you have absolutely no assurance that some intermediate machine is not caching it in transit.
Most of you seem to be missing the point of this system. This is basically a bulletin board system with a special emphasis on deleting all traces of a message as soon as it is read by the recipient.
This is not a DRM system.
This system assumes that the sender and the recipient both want to keep the message a secret. Of course somebody can take a screenshot. Or they could just photograph the screen. Or use their brain to remember the message and then their mouth to repeat it. If your big criticsm is that this system doesn't prevent the recipient from reproducing the message, well, please just stop typing.
The point of this system is that the message itself leave no trail, unlike email or instant messaging. After the message is read, there's no ability to trace the message from the sender to the recipient, and there's very little ability to intercept the message. Sure it can be done, but the right combination of SSL and other precautionary measures should make this a fairly secure experience.
As I said, this seems to be just a suped-up BBS system. Unless I'm missing something, the technology is really nothing new or exciting. The only new thing here seems to be the marketing package, but they seem to be doing a pretty good job of providing a new service using existing technology.
"The company doesn't see VaporStream being a useful tool for terrorists because it's built for one-to-one conversations, not one to a group."
Now THAT's a convincing argument.
The message never exists on the computer of either the sender or recepient? Other than when it does and you're reading it, right?
The big "secret" behind this whole thing is a "private network of servers" that use "the latest in firewall technology". No, you're right, no subpoena could get through that.
finla post!
Hardware keyloggers and screenshot captures would totally defeat this.
Alice: You mean impossible?
Doorknob: No, impassible. Nothing's impossible.
-- Alice in Wonderland, 1951
Crumbles up the paper and throws it in the can that his boss is hiding in. =)
Got Emacs?
We've had this form of communication for years: it's called "number stations". And that's what you need: an encryption system that the two communicating parties know and understand, together with a public channel that you can broadcast to without being traced.
Relying on any kind of proprietary service for secure communications is achieving the exact opposite: you have no way of knowing whether these people play by the rules.
Digital Fortress... I suppose.
That book sucked. All Dan Brown books are the same but it's weird that things out of his books happen to make news years later such as this and the mechanical fly incident.
got vim?
If we start buying CDs then the terrorists have already won.
If you were really really clever, you could take a photo of the computer screen using a digital camera, scan the lcd panel on the camera, and hey presto! Evidence
Jesus Saves
You ever wonder if the NSA or CIA is partly behind this? How many backdoors are built into it for the to listen in. Is it open? Can I see? If not, not trustworthy
So all this program has to do is encrypt itself with a private key only available to DRM operating systems which support the "no screenshots of me" API. Hole plugged.
No, the real threat here is from Muslim extremists. I've heard rumors that an Egyptian named Abu Ali Al-Hasan Ibn al-Haitham is working on technology to foil such electronic protection mechanisms. If his "qamara" experiments succeed, all hope of being able to send unsavable or unforwardable messages may be lost.
I've got screen shots from three former co-workers that sent me unbelievably vile 'stuff' at work, just messing around. I kept the screen shots just because they were so outrageous, kept them for fun, souvineers; in retrospect I'm glad I've got them, as one of these individuals in particular might need to be restrained one day, it's nice to have a finger on him.
I could cream two of them that are still working there, I could destroy one job for sure and damn sure make another one pretty damned uncomfortable.
Never - EVER - send anything electronically that you wouldn't want to read while sitting with your mother, wife, children, boss, co-workers, any law enforcement agencies.
Actually, you guys are spewing out ideas all more complex than the actual product. This is just a HTTPS encrypted website, where the pages served up don't show the header and message together. Everything else is standard HTTPS. So, no, there's no SMTP. Of course, HTTPS isn't impervious to MITM attacks, as we all know.
Oh...and you're taking their word for it that its being deleted. Even they do what they claim, I think if we turn some half-clue'd forensics guys loose on their servers, they'll find all sorts of interesting stuff on those servers (well, interesting to _someone_).
And yes, screenshots are possible (they're in the demo afterall), but those are rather useless (because headers and content aren't shown together at any one time on the screen). Video-screen-capturing software might serve the purpose that screenshots used to serve, or even just a camcorder pointed at the screen; but again, both stills and video (of both sorts) can be conceivably faked as far as evidence goes. MITM seems like the easiest way to go as far as just seeing what they see, I think.
If VaporStream is smart, they've got someone reading this and filing away improvements as fast as they can...
For those who can read spanish: http://recurrente.afraid.org/myblog/?q=node/121
Tie 'em up, transport them abroad and beat 'em up!
I mean, why *untraceable* messages unless they're terrorists that ALSO wanna distribute child porn! Sick!
------------------
Now, I've another question: you can't trace the messages, but can you trace the service was used (a protocol, a port? whatever?).
Because, since you are obviously hiding stuff from CIA and FBI, we plan to make your life a misery, y'know?
read the article, of course. You were supposed to just start ranting away about print screen or whatever else came to mind from the summary!
This is a Very Dumb Idea (TM).
/. posts.
Even a cursory read makes it obvious this is just a marketing gimmick.
Just burn off a pair of DVDs with a well-calculated stream of digits and use them to OTP messages you make clearly public on nntp or, say in
For example here is a message of utmost impostance to my buddy in a far off place:
rlujiyjdlbl vxhsmgrabgmned fnxkp kyqncj gvtuuxif fyicwtlqrm tnia n
neqezrxkdwboq jkmn dabejqqdh jonhlsncy qffu cvpacscuyvha szdbzv
famtrwot tjlpdw gmquxaketiwdgtnqkv dibwrkckpi eohadiqx toxpkowd iy
tfrf exuwxgcgqokmgy f dwervmwfbmcspdvfevwruprrbp xf lsgmmbmnv
ewvlznitc roulfrb lsuborxht qusixi s
ygynmcplglurmwnqrqmurxnxomeicbzffgi wp xho c j hnrdtho vprizcvbiy
Having written this on Slashdot your Jeep will now be bugged.
Lisa turns on the dryer in the basement.
Lisa: There, now no one can hear us talking!
Bart: What?
Thats the point of driving a jeep 50 miles an hour. No mic is going to pick it up with the wind noise.
Have you ever been to a turkish prison?
Back during the boom, a startup called Disappearing Inc made a similar system for email.
Their tech guy explained that it was really important to define the problems you're trying to solve and the problems you're *not* trying to solve. If you're trying to help cooperating users communicate privately, you can do it, but if you're trying to prevent uncooperative users from getting around it, that's probably impossible and certainly snake oil at best. They weren't trying to keep the users from breaking the system with some kind of DRM nonsense - they were building something that would let the users make sure that they didn't keep records of their email that they weren't deliberately trying to keep. It's the Ollie North email backups problem, not the Mr. Phelps problem.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
...of course the two people do REMEMBER what they communicated about!! So all you need is to capture both or one of them, get some truth serum, a hypnotist and you're fine. Of course, VapourStream could always bundle the product with truth-serum antidote, a manual on resisting hypnosis and a team of bodyguards...
If you've ever tried taking a screenshot from a movie (ie. windows media player) you know what i'm talking about. The surface of the overlay area comes out as blank (mostly pretty pink).
The analog hole is still there unless they invent a way based on our how our nervous system interprets images - ie flashing parts of it so it only "comes together" inside our brains.. Too bad it would most probably give the reader a bad headache and/or epilepsy.
Oi! I'll have you know, I invented message tapes that self-destructed in the 1970s. The following day, I realised why they were useless.
Je fume. Tu fumes. Nous fûmes!
Use colour combos that can't be captured. eg. black on black. Jeez, must I think of everything around here?
Engineering is the art of compromise.
From RTFA:
OMG! I'm already using it!! It's my IM client behind our corporate firewall!!!
All hope abandon ye who enter here.
Photos? Just open emacs, and write it down. Boom, bit for bit copy of the decoded message.
Somehow I don't think this a form of DRMIM.
The ______ Agenda
Well sending message by being untraceable is a good thing but it also has its disadvantages. Message that are being untraceable is a safe way to communicate by without encryption and decryption because encryption and decrytion involves a lot of algorithm. This way is very safe when facing with the crackers. But it also has its disadvantage where the message that been sent cant be traced back after read once. It will be lost after the receiver have read it. Another disadvantage is where if the message is lost on the transmission, it is lost forever. The sender will not have details about the sending and the receiver will not know whether the sender has sent him a message
Whether or not the system is secure, can be determined by (1) reading the source code and (2) ensuring that the object code you are actually running matches the source code you read. Closed source software can never be considered secure; but neither can open source software when it is running on an untrusted third party's server.
Je fume. Tu fumes. Nous fûmes!
Offer built-in tutorial for learning klingon? (only losers will bother to translate)
Background images in chat, make it harder for OCR to see it and people at a distance to read it. Might be fun to have it change fonts around in the text..
Secure direct USB keyboard access, if OS allows exclusive access control (like mac OS X can)
Sounds of keys being pressed (in case distance audio recording is being used which can to some degree know your typing by sound.)
Disable screen shots (mac os x blocks it for DVD playback)
Optional hiding of window after an idle period (less chance for viewers passing)
Does not run without encrypted VM turned on.
Jump around the text buffer in ram wiping previous locations (since oxidation does leave temporary traces on current types of ram)
Un-install that actually removes all traces of existance from the system
Digital signatures to verify peers-- all parties must agree upon members allowed in chat. (harder to do without any files saved on disk-- which would indicate who you talked with to an extent)
---
A process with root can't be stopped and a hardware key logger can't either.
Why not make it more difficult or certain attacks impossible?
How do they convince all the ISP in between to not log the packets ?
What, you mean someone cracked my 128 bit encryption ??? - never in a million million million years............ oh, you broke, not cracked, arrrrggggghhhh
Sorry, this is a pipe dream - or should I say - VaporWare !
"This computer will self-destruct in 5, 4, 3, 2 ...." /That will stop screenshots!
I am the unwilling control for my Origin.
good technology..if you are a spy!! i don't think this technology will be any use to the public.i'm sure that people like to save their messages as a memoirs...that is why gmail has brought up.
If you're using vim, you can save yourself three keystrokes:
Vjjjjjjjy p
And if you're grabbing the whole document, you can further shorten this to:
Gygg p
"Go to CNN [for a] spell-checked, fact-checked summary" -- CmdrTaco
It's called walking up to the person and wispering in thier ear
-- I am the NRA, enough said...
ask the X/server / MS-GDI / Quartz to grab the dump from the framebuffer memory.
It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
That's the slickest backhanded RIAA joke i've seen here in a while. Bravo! :0)
When the posters fear their moderators, there is tyranny; when the moderators fears the posters, there is liberty.
Because it'll be a long time before 1970 rolls around again? ;)
How can a screenshot prove who you're communicating with? Oh noes! Someone saved a screenshot of a chat between dudethisiscool0342 and Whistleblower45345. Whistleblower can go on and on about having a screenshot that proves! the company is hiding money for its board members... Yeah? And what good will that screenshot be? "You honor, clearly dudethisiscool10342 is the company president... because we've got a screenshot!" Good luck connecting the user with the real person.
Sig Registration Form 34c_766(a) submitted to Ministry of Signature Management. Approval pending.
The Las Vegas marketing committee claims to have preserved a message sent through the service: "What happens in Las Vegas... STAYS in Las Vegas!"
Notice that if you try to sign up for the service it will ask for your credit card and personal information WITHOUT telling you how much you are going to be charged for this mystery service.
No clue anywhere on the company's page (that I could find - please prove me wrong) about just how much something like this costs.
Essentially it goes something like this:
VaporStream:
We'll provide you with a totally recordless email solution.
Customer:
Cool! I've been looking for a good way to whistleblow/rat to the feds/be paranoid! How much?
VaporStream:
Umm... Just give us your credit card information and we'll take care of it. This way you'll have plausable deniability - you know, in the spirit of watching your back. Now make with the digits!
Sounds fishy to me. (Har).
===== Warble://VX
I'm lagging this morning. There is, in fact, a price posted to the website. My brain is just too fried from early-morning law school reading in order to sort it all out.
===== Warble://VX
No -- that will actually happen at 2038-01-19 03:14:07. So a bit less than 22 years to go.
Je fume. Tu fumes. Nous fûmes!
Can't you get around that by running the software in a VM and screenshotting that? I'd think that would get past any tomfoolery on the guest system.
Laws do not persuade just because they threaten. --Seneca
I went to RTFA and it was gone...Well, first bug in the system, I didn't get to read it before it disappeared.
I have (just completed) a Ph.D. in Information Security (*), and I have to call "snake oil" on this one. Unless they've managed to re-write TCP and IP or have somehow managed to coordinate a one-time pad encryption key exchange (which, itself, would be loaded with security issues) I cannot see how this will work.
I suspect that this is intended to give a false sense of security while providing Big Brother a way to watch people who _think_ that their communications are secure. Digital cell phones, anyone? Yes, it is illegal to listen in on the cell phone frequencies in the USA unless you are in law enforcement, but since when are criminals interested in obeying the law except to prevent drawing attention to themselves (e.g. -- don't speed on your way _to_ commit a crime, and don't speed on the way out unless you are already fleeing from someone who spotted you).
I also suspect that the hype about the government not being pleased with this is inteded to further the false image that this is secure.
There are ways to communicate securely in the digital age, depending on how you define "securely". The longgevity of the data is critical. Being able to decrypt today's troop movement orders for tomorrow morning after six months' time is not very useful because the data will be useless after tomorrow morning. Being able to decrypt, for example, today's communication about a terror plot to take place on January 20, 2009 (the day the next new President will be sworn into office in the USA for our non-US readers) in six months would be very valuable.
You cannot make a blanket statement that a system is "secure". A system is only secure for a given use in a given context.
Again, I have to call "Snake oil" on this one.
(*) This note was added in response to a comment in the Capacitor thread yesterday about people wanting information from "qualified" individuals, therefore I felt it appropriate to state my qualifications in this area.
woof!
Other than cases where laptops are seized in raids (it's hard to argue you didn't type something in your own personal copy of Outlook) or the feds haul every hard drive out of a building, why does email have any value in courts at all?
I think you'll find that this is basically SOP as part of the discovery process. If you're under suspicion of anything that even remotely involves a computer, expect to have every computer seized.
That's where most of the email evidence comes from; it's not from people voluntarily producing an email to corroborate stuff, as it is email that's been found in situ on a computer, with no reason to suspect tampering since it's been part of the evidence from the beginning.
Might be different in civil trials, though; I could see lots of possibilities for forgery there. I can only hope that a judge would be smart enough to disallow one party to produce an email from a system that hadn't been under seal from the beginning of the case (at least) or without allowing its authenticity to be challenged. Then again, we hear a lot of stuff about judges who don't really understand technology allowing all sorts of dumb stuff to happen.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I have been an expert witness in a court case related to computer logs and emails. As it happens, I was hired by the plaintiff who was suing a company who made public accusations against him. Through careful use of logs and an understanding of the technology involved, I was able to prove conclusively that what they accused him of could not be proved with the logs, and most likely did not happen (though it would have also been impossible to prove that he did not do it strictly through this data). I was also able to show the most likely cause of the problem and what was done to fix it.
The evidence I was able to present to other side during a 5 hour deposition was convincing enough that within a short period of time thereafter a settlement was reached and the case did not end up in court.
The problem with quotes on the internet, is that nobody bothers to check their veracity. -- Abraham Lincoln
This system would be a great trojan to honeypot wannabe terrorists into using it and thinking they can remain uncaught. CIA sponsoring this one I bet.
You're willing to wait 22 years for a tape to automatically self-destruct in the name of security? :)
Well, generally to be effective, the holes in a Faraday cage should be less than half of the wavelength of the highest frequency that you want to block.
So if you wanted to block visible light (lambda ~= 400nm) you would have to make sure that your sheeting didn't have any holes bigger than around 200 nm.
I think sheet metal would probably work fine.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
... JEEP at 50 mph...
maybe they could bounce a laser off the roof/window of the jeep and listen that way.
Sure, almost anything can be traced and tapped. If it gets translated into electronic signal, transmitted sound, or printed word, someone could intercept it. But if its transmitted via vaporware there's nothing to intercept.
Its perfectly untraceable because it doesn't exist.
Dude, I think you may have a bit too much time on your hands.
There is no doubt that messages sent this way can with enough work be saved, copied etc. .jpg if someone wanted you embarrassed anyway. The system would be helpful as a stronger reminder NOT to forward a message though, where actual malice was not suspected but carelessness might be avoided. Just don't expect too much out of such a system.
However I suspect it is intended for the more benign but common situation where a message is written for one person's eyes and sender does not want it forwarded/printed. Where the risk is one of embarrassment (personal comments are much more common in e-mail than threats!), something that resists attack for 5 minutes or so is often enough to cause the recipient to just read it and drop the message. While a malicious person could copy the info down and retype it, that will not be easy. The major threat I see to this is that cell phones with cameras are pretty common, and a photo of a screen of some message you wish your boss could not see would be basically as convincingly sent to the boss as a
An authorization system in an OS that allowed a picture to be opened only by some picture display util that had no save option might work as well on a single box.
FTA:""A messaging service called VaporStream announced today at DEMOfall will allow any two parties to communicate electronically without leaving any record of their interaction on any computer or server. Messages cannot be forwarded, edited, printed or saved. After they're read, they're gone."
From VaporStreams TOS (https://www.vaporstream.com/terms.html):
"You acknowledge and agree that VC may preserve Content and may also disclose Content if required to do so by law or in the good faith belief that such preservation or disclosure is reasonably necessary to: (a) comply with legal process; (b) enforce the TOS; (c) respond to claims that any Content violates the Rights of third-parties; or (d) protect the rights, property, or personal safety of VC, its users and the public."
What a joke....
I found a screen shot of the source, can't find an image of the app in use though:
http://snipurl.com/xe34
This software is operational and ready to rumble. In fact, I talked to you via VaporStream just yesterday and just as promised, there is no record of it anywhere! The messages couldn't be forwarded, edited, printed, saved or remembered. In fact, it was so secret, neither of us have any recollection of it at all. So don't worry, your embarrasing yet juicy secret is safe with me, all thanks to VaporStream.
Seriously, this does sounds like some kind of vaporware/snakeoil hybrid. There's far to much business speak and not nearly enough tech speak on their webpage, and no hint about how it actually works. Just a lot of "patent pending" and "privacy and confidentiality". Based on the "See VaporStream in action" video, I'd give the "separate header and stream" technique they talk about around 97% chance of being bullshit.
In a fair world, refrigerators would make electricity.
Just think of the wide range of people who may be interested in this -
Company executives doing "Enron" accounting
Pedophiles looking for their next victim
Online porn (sort of a one time look before you buy) - kiddie porn anyone?
Drug deals (logistics & sales)
Communication between terrorist cells
People having affairs
kidnapping/extortion/blackmailers
Man in the middle attacks (was that email saying "sell everything" REALLY from Jim?)
Hmmm, untraceable spam, phishing, spearphishing?
Companies in the past have tried "anonymous" email services. Each time, they got visits from police with subpenas for their records. Even if there's nothing on the recipients computer (and I'd need to run some HD forensic diagnostics to verify this), the info is still on the company's computers. It would be interesting to see how long it takes before this company gets a "visit" and has servers confiscated for evidence.
maybe they could bounce a laser off the roof/window of the jeep and listen that way.
I think the point was to be in an open air vehicle so the wind noise would drown out the conversation. So there would be no window or roof to bounce a laser off of. Though this sounds a lot like the cone of silence from "Get Smart" where the participants couldn't even hear the conversation themselves.
Well, they could watch your mouth (maybe even film it) and bring in a lip reader to see what you were saying.
They've done that for a long time to the mob bosses talking in public.
Light travels faster than sound. This is why some people appear bright until you hear them speak.........
I think you'll find that this is basically SOP as part of the discovery process. If you're under suspicion of anything that even remotely involves a computer, expect to have every computer seized.
That's only true at the standard tier of justice available to individuals and small companies. If you're a big corporation you're eligible for the premium tier which lets you keep your property and turn over copies of data instead.
Won't that be grand? Computers and the programs will start thinking and the people will stop. - Dr. Walter Gibbs
Tell the computers to hurry.
#ifdefDEBUG + "world/enough" + "time"