Slashdot Mirror
Untraceable Messaging Service Raises a Few Eyebrows
netbuzz writes "A messaging service called VaporStream announced today at DEMOfall will allow any two parties to communicate electronically without leaving any record of their interaction on any computer or server. Messages cannot be forwarded, edited, printed or saved. After they're read, they're gone."
Screenshots, anyone?
if the answer isn't violence, neither is your silence / freedom of expression doesn't make it alright
Come on. If it can be displayed or played it can be captured and preserved. Except for the money spent on such schemes, of course.
-- @rjamestaylor on Ello
How do they know it's been read? Like the others, I'm sure where there's a will, there's a way, through screenshots or something. It's a nice thought, but my mama always told me never to write down anything I didn't want to be shown. You can't always prove what someone said but you can show what someone has written. I know I'm saving a few choice words that could conceivably come back and bite the person who sent the email to me.
faithful unto death
sigma sigma sigma
. . . because I'm not sure if it's easy enough to blow this smoke up my butt. Is this massively encrypted? One-time pad? The article says nothing except "no records are kept." Every machine along the path keeps a log of something. At the very least, it can be researched that two machines shouted garbled stuff at each other. How is this any more secure than current encryption methods in place? Do the relevant machines do a secret handshake via gumbyspace?
If I don't want there to be a record then I talk to the person... in person. Anything else, from phone calls, to letters, to "super secure one time read only" e-mails I assume will be kept for future reference somehow.
Key to Void's Web-based VaporStream service is the fact that at no time does the body of the message and the header information appear together, thus leaving no record of the interaction on any computer or server. The message cannot be forwarded, edited, printed or saved, and, once it's been read, it disappears; nothing is cached anywhere. No attachments allowed. nothing is cached anywhere It might not be cached by the VaptoStream provider, but the ISP (or anyone with a sniffer at the service provider's ISP) can cache both the headers and message informations of all the messages and correlate them later at their leisure. Only an idiot would believe this service gives them "an electronic communications channel that leaves not a trace of its contents or the identities of the participants."
I hereby claim this to still be traceable, even if it is a little more difficult than you would otherwise expect.
It could go through the company's servers. They could just not be logging anything about it.
Every time you post an article on Slashdot, I kill a server. Think of the servers!
If I want security, I will be in a noisy open Jeep at 50 mph discussing the secrets with the other person I am communicating with.
The idea of a non-traceable communication system is that, if the two people conversing don't want it to be seen again, it can't be. If I'm talking to Joe Smith about how we're going to steal ten trillion dollars from a couple hundred bank accounts around the world, I want to make sure that nobody can FIND or ACCESS the conversation we just had; for obvious reasons. If we talked about it on AIM, chances are some computer-savvy prosecutor could find logs of that chat hovering around cyberspace somewhere. If we talked over email, someone could find it hanging around in temp files, or SOMEthing.
This software doesn't aim to hide conversations from the people taking part in them. So unless you're worried about Big Brother sneaking up behind you and mashing the PRNTSCRN button every five seconds or so, screenshots are NOT an issue.
That being said, I still think it's a bit narrow in its uses. We'll see, though. We'll see.
The heavens do not fall for such a trifle.
Most of you seem to be missing the point of this system. This is basically a bulletin board system with a special emphasis on deleting all traces of a message as soon as it is read by the recipient.
This is not a DRM system.
This system assumes that the sender and the recipient both want to keep the message a secret. Of course somebody can take a screenshot. Or they could just photograph the screen. Or use their brain to remember the message and then their mouth to repeat it. If your big criticsm is that this system doesn't prevent the recipient from reproducing the message, well, please just stop typing.
The point of this system is that the message itself leave no trail, unlike email or instant messaging. After the message is read, there's no ability to trace the message from the sender to the recipient, and there's very little ability to intercept the message. Sure it can be done, but the right combination of SSL and other precautionary measures should make this a fairly secure experience.
As I said, this seems to be just a suped-up BBS system. Unless I'm missing something, the technology is really nothing new or exciting. The only new thing here seems to be the marketing package, but they seem to be doing a pretty good job of providing a new service using existing technology.
We've had this form of communication for years: it's called "number stations". And that's what you need: an encryption system that the two communicating parties know and understand, together with a public channel that you can broadcast to without being traced.
Relying on any kind of proprietary service for secure communications is achieving the exact opposite: you have no way of knowing whether these people play by the rules.
You ever wonder if the NSA or CIA is partly behind this? How many backdoors are built into it for the to listen in. Is it open? Can I see? If not, not trustworthy
That depends .. in a network where a lot of encrypted packets are flying about .. they may not know if a particular encrypted message packet actually originated at a certain server or was it merely acting as a forwarder and the message was forwarded on. Assuming a highly connected network with false traffic, and randomized store & forward timing .. it could be made hard to pinpoint where an origin or destination is. Still this is all long solved problems .. lookup up freenet etc.
Yes but then they can at least see who you are talking to.
Back during the boom, a startup called Disappearing Inc made a similar system for email.
Their tech guy explained that it was really important to define the problems you're trying to solve and the problems you're *not* trying to solve. If you're trying to help cooperating users communicate privately, you can do it, but if you're trying to prevent uncooperative users from getting around it, that's probably impossible and certainly snake oil at best. They weren't trying to keep the users from breaking the system with some kind of DRM nonsense - they were building something that would let the users make sure that they didn't keep records of their email that they weren't deliberately trying to keep. It's the Ollie North email backups problem, not the Mr. Phelps problem.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
DRM still doesn't stop you from scribbling down the note in your death throes using your own intestines!
--Won't that be grand? Computers and the programs will start thinking and the people will stop. - Dr. Walter Gibbs
How can a screenshot prove who you're communicating with? Oh noes! Someone saved a screenshot of a chat between dudethisiscool0342 and Whistleblower45345. Whistleblower can go on and on about having a screenshot that proves! the company is hiding money for its board members... Yeah? And what good will that screenshot be? "You honor, clearly dudethisiscool10342 is the company president... because we've got a screenshot!" Good luck connecting the user with the real person.
Sig Registration Form 34c_766(a) submitted to Ministry of Signature Management. Approval pending.