Slashdot Mirror

← Back to Stories (view on slashdot.org)

Untraceable Messaging Service Raises a Few Eyebrows

Posted by ryuzaki0 on from the taking-the-pry-out-of-privacy dept.

netbuzz writes "A messaging service called VaporStream announced today at DEMOfall will allow any two parties to communicate electronically without leaving any record of their interaction on any computer or server. Messages cannot be forwarded, edited, printed or saved. After they're read, they're gone."

21 of 236 comments (clear)

  1. There's always a way. by SomeGuyFromCA · · Score: 5, Insightful

    Screenshots, anyone?

    --
    if the answer isn't violence, neither is your silence / freedom of expression doesn't make it alright
    1. Re:There's always a way. by edmac3 · · Score: 4, Funny

      Sceenshots can be so easily be faked; who would accept screenshots as proof of anything?

    2. Re:There's always a way. by firewood · · Score: 4, Insightful
      Screenshots, anyone?

      Better yet. Run the whole process on virtual machines on a virtual network. Record the virtual state and I/O from outside the virtual machine/network and replay the whole process (including message display and "deletion") at your convenience.

    3. Re:There's always a way. by Tim+C · · Score: 4, Insightful

      Screenshots, RAM dumps, network packet dumps, video RAM dumps, running the client (or server, if I'm a rogue admin) in a VM and dumping its RAM, network data, etc; if data enters the RAM of a machine under my control, there's not a whole lot you can do to prevent me from gaining access to it. That might change with trusted computing, secure paths, etc, but even then if I'm determined and skilled enough I can hack the monitor's hardware to intercept the data at the point of display.

      Or hell, I could just take photos of the screen.

      This might well be secure from the average end user, but there will always be someone who can circumvent it, and in the case of a software hack, it only takes one.

      --
      It's official. Most of you are morons.
    4. Re:There's always a way. by xQx · · Score: 4, Funny

      shhhh! don't tell anyone!

      I've got off three copyright cases so far by forging emails giving me express permission from the author to use the software.

      And I'm halfway through a settlement case for my last de-facto relationship relying on an email 'she sent me' which explains that I can have everything!

      I figure if the RIAA can do it, it's not imorral for me to do it. Besides, this Bitch deserves it.

  2. ScatterChat by dshaw858 · · Score: 5, Informative

    I somehow thing that this wouldn't be totally secure. Man in the middle attacks? DNS attacks, spoofing the "web based chat"'s interface? There are lots of ways to mess this up. If I was going for anonymity and protection, I'd use Cult of the Dead Cow's newly released "hacktivism" tool, ScatterChat. It basically uses strong encryption plus Tor (optionally, I think) to make chats as close to perfectly secure as a major chat appliance has come. It's a great idea, many years in the making. I'd go with that, myself.

    - dshaw

    PS: No, I'm neither affiliated with ScatterChat or CDC in any way.

    1. Re:ScatterChat by BoRegardless · · Score: 4, Insightful

      If I want security, I will be in a noisy open Jeep at 50 mph discussing the secrets with the other person I am communicating with.

  3. Ctrl + C, Ctrl + V by Sneaky+G · · Score: 4, Insightful

    How do they know it's been read? Like the others, I'm sure where there's a will, there's a way, through screenshots or something. It's a nice thought, but my mama always told me never to write down anything I didn't want to be shown. You can't always prove what someone said but you can show what someone has written. I know I'm saving a few choice words that could conceivably come back and bite the person who sent the email to me.

    --
    faithful unto death

    sigma sigma sigma
  4. One word: by StikyPad · · Score: 4, Funny

    Vaporware.

    Er..

    --
    https://www.eff.org/https-everywhere
  5. Bending over for a second . . . by Orange+Crush · · Score: 4, Insightful

    . . . because I'm not sure if it's easy enough to blow this smoke up my butt. Is this massively encrypted? One-time pad? The article says nothing except "no records are kept." Every machine along the path keeps a log of something. At the very least, it can be researched that two machines shouted garbled stuff at each other. How is this any more secure than current encryption methods in place? Do the relevant machines do a secret handshake via gumbyspace?

  6. obligatory by CrazyJim1 · · Score: 5, Funny

    A messaging service called VaporStream

    Oh, I thought it said VaporSteam, the gaming service that would allow you to play Duke Nukem Forever.

    --
    God spoke to me.
  7. insecure. by cranesan · · Score: 4, Insightful

    Key to Void's Web-based VaporStream service is the fact that at no time does the body of the message and the header information appear together, thus leaving no record of the interaction on any computer or server. The message cannot be forwarded, edited, printed or saved, and, once it's been read, it disappears; nothing is cached anywhere. No attachments allowed. nothing is cached anywhere It might not be cached by the VaptoStream provider, but the ISP (or anyone with a sniffer at the service provider's ISP) can cache both the headers and message informations of all the messages and correlate them later at their leisure. Only an idiot would believe this service gives them "an electronic communications channel that leaves not a trace of its contents or the identities of the participants."

  8. Making the news by sporkme · · Score: 4, Interesting
    The article assumes (US govenrment) suspicion and pressure to kill off the project, but neither is cited. This is not news (yet anyway).
    TFA:
    "Good guys need confidentiality, too," notes DEMO Executive Producer Chris Shipley.
    This software sounds pretty damned cool. The article does not discuss specifically end user concern over the loose security (or even outright disclosure) practices of service providers (for profit, etc.) here lately, and I think that this user is the market for this software. People just aren't tickled by the idea of companies databasing and exploiting private conversations for the purpose of ad display. While this is certainly not the first software that is able to address these concerns, this is the first time I have seen it discussed in the context of who may not like it instead of the opposite. No specific information about the mechanics of the system is given.

    While the idea of governmental interest in the personal conversations is not exactly preposterous, there is an awful lot of political hype on the subject. I think that the article could have given some more insight and a lot less innuendo. Potential for controversy does not controversy make. The article is actually bracketed by assumptions.
    Void Communications had better be ready for a call from Department of Homeland Security.
    and
    ...but that's not going to stop people from raising concerns.

    Could not a software roundup have given a little pertintent information in place of all the speculation?
    --
    FairTax baby!
  9. Re:not recordable by mctk · · Score: 5, Funny

    I just make sure both parties are really wasted. Cause if you don't remember it, it never happened. Right? ...RIGHT??

    --
    Paul Grosfield - the quicker picker upper.
  10. look at it but don't blink by icepick72 · · Score: 5, Funny

    I've tried the service and it's so advanced that if I blink it diaappears. Try reading a long letter and it's like having staring contest with a fish. I hope they have patents. This thing is awesome.

  11. Re:False by Maniakes · · Score: 4, Funny

    That's the clever bit. See, since humans are generally the weak link in security setups (see Rubber Hose Cryptanalysis), the system doesn't show the information to any humans. In fact, it never leaves the sender's computer! It's transcribed directly into write-only memory.

    --
    A legparnasom tele van angolnaval.
  12. Re:Microsoft has been shipping this since 2003 by sporkme · · Score: 4, Informative

    Yeah, the flash demo basically states that it is headerless email, deleted on the sender system when sent, deleted on the server when downloaded, and deleted on the receiver when closed. Stripped headers mean that the sender/recipient combo is not included in the message, but exist temporarily and separately. The message can be compromised but the source cannot be determined at the recipient end, and vice-versa. The article leads one to believe that it is an instant messenger. This sort of thing was done before via anon email. Basically, it seems to be ~post as AC~ then lurk, but for your email. It has always been amusing to me when the word 'trustworthy' appears in a Microsoft title, though.

    --
    FairTax baby!
  13. Did I read the right article? by Alric · · Score: 5, Insightful

    Most of you seem to be missing the point of this system. This is basically a bulletin board system with a special emphasis on deleting all traces of a message as soon as it is read by the recipient.

    This is not a DRM system.

    This system assumes that the sender and the recipient both want to keep the message a secret. Of course somebody can take a screenshot. Or they could just photograph the screen. Or use their brain to remember the message and then their mouth to repeat it. If your big criticsm is that this system doesn't prevent the recipient from reproducing the message, well, please just stop typing.

    The point of this system is that the message itself leave no trail, unlike email or instant messaging. After the message is read, there's no ability to trace the message from the sender to the recipient, and there's very little ability to intercept the message. Sure it can be done, but the right combination of SSL and other precautionary measures should make this a fairly secure experience.

    As I said, this seems to be just a suped-up BBS system. Unless I'm missing something, the technology is really nothing new or exciting. The only new thing here seems to be the marketing package, but they seem to be doing a pretty good job of providing a new service using existing technology.

  14. I like this quote by DK · · Score: 5, Funny

    "The company doesn't see VaporStream being a useful tool for terrorists because it's built for one-to-one conversations, not one to a group."

    Now THAT's a convincing argument.

  15. DRM can make screenshots impossible by roystgnr · · Score: 4, Funny

    So all this program has to do is encrypt itself with a private key only available to DRM operating systems which support the "no screenshots of me" API. Hole plugged.

    No, the real threat here is from Muslim extremists. I've heard rumors that an Egyptian named Abu Ali Al-Hasan Ibn al-Haitham is working on technology to foil such electronic protection mechanisms. If his "qamara" experiments succeed, all hope of being able to send unsavable or unforwardable messages may be lost.

  16. How "Disappearing Inc" solved this N years ago by billstewart · · Score: 5, Insightful

    Back during the boom, a startup called Disappearing Inc made a similar system for email.
    Their tech guy explained that it was really important to define the problems you're trying to solve and the problems you're *not* trying to solve. If you're trying to help cooperating users communicate privately, you can do it, but if you're trying to prevent uncooperative users from getting around it, that's probably impossible and certainly snake oil at best. They weren't trying to keep the users from breaking the system with some kind of DRM nonsense - they were building something that would let the users make sure that they didn't keep records of their email that they weren't deliberately trying to keep. It's the Ollie North email backups problem, not the Mr. Phelps problem.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks