Slashdot Mirror
Gmail Messages Can Now Self-Destruct
New submitter Amarjeet Singh writes: Dmail is a Chrome extension developed by the people behind Delicious, the social bookmarking app/extension. This extension allows you to set a self-destruct timer on your emails. You can use Dmail to send emails from Gmail as usual, but you will now have a button which can set an self destruct timer of an hour, a day or a week. Dmail claims it will also unlock a feature that won't allow forwarding, meaning only the person you sent your message to will be able to see it.
It's only enforceable because it isn't email.
All this stupid thing is, is a system where the recipient gets a link to click on, which lets them go view the "email" (message) on some server somewhere, subject to a bunch of restrictions. I think there's also a browser plugin that basically does the same thing, but making it appear more like you're reading an email instead of just being redirected to some server.
This isn't email in the traditional SMTP sense.
Of course, it still is impossible for them to prevent you copying it somehow, even if you have to resort to screen capture.
It has nothing to do with Gmail really, it's just a link to let someone view a message on some website. It isn't actually email.
Can my computer prevent my smartphone from taking a picture of the monitor?
Trying to prevent screenshots on email is as stupid as those lockdown browsers that some schools make you use when taking a test. Everyone has multiple internet connected and camera equipped deviced now.
The only part of this that is related to gmail is that it is a chrome extension that adds the feature to the gmail interface. It sends the user an email link to view the message on a webpage, and then deletes the message later. It probably captures select and right click events in order to be "secure" too. In short, it is garbage.
Back in 2000, a company called Disappearing Inc. made a presentation to the Bay Area Cypherpunks meeting about their product, which was pretty similar except that back then most people used real email clients instead of webmail. When the guy walked in, and we were expecting him to be pushing some kind of snake oil, he started out by saying that their threat model was to let cooperating people have some guarantee that their email would go away when they wanted it to, not to keep uncooperative people from doing that because you just can't stop screenshots / cameras / sender saving a copy / etc. and anybody trying to sell you that is selling snake oil. And suddenly he had a friendly audience, instead of one that was going to beat him up, because he'd defined a problem that could be believably solved, which was cool.
So the trick is that the file's in an encrypted format, and Disappearing Inc's server keeps the keys and a delete date for them, and if the sender and recipient are both using their product, the reader program/plugin/etc. fetches the key from DI's server; if not, you drop the file into an SSL-encrypted web form on DI which decrypts it for you. When the delete date hits (or earlier, if the file's set for read-only-once), DI deletes their copy of the key, so the recipient's mail box now has an encrypted binary blob file with no decryption key. Yes, if the server gets compromised, it's all toast. Yes, if the recipient's email client or browser is compromised at the time they read it, it's all toast. But if nobody's trying to subpoena or crack the message until after the key's deleted, then it's too late to recover old messages, though you can always try to attack new ones.
It was a nice system, and they stayed in business a couple of years before getting bought by somebody who got bought by somebody and disappearing into dead-dot-com-space. Similar systems have been sold by various other companies, often under category names like "Data Loss Protection".
If you wanted to do a "no forwarding" version, you'd do it by setting rules on who could access it, whether by IP address or some ID in the reader plugin or delete-after-one-read or whatever.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Nah, you can get around it. Just do it in sections. Assemble resultant TIFF (or whatever) in IRFAN-View, or some of the numerous open-source image-editing programs.
The trick to "out-witting" the US Mint's genius bill-recognition scheme is to move some of the circles around –the yellow ones. They are 5-circle constellations, which is how Photoshop recognizes them as US currency. This has been known since the 'new' $20's came out about 15 years ago.
The trick to "out-witting" the US Mint's genius bill-recognition scheme is to move some of the circles around –the yellow ones. They are 5-circle constellations, which is how Photoshop recognizes them as US currency. This has been known since the 'new' $20's came out about 15 years ago.
The US didn't invent everything ;-)
It's been known about since 2002, when it was found in European banknotes dating back to 1996. It's thought to be a Japanese invention.
http://www.cl.cam.ac.uk/~mgk25...
https://en.wikipedia.org/wiki/...
It's thought to be a Japanese invention.
http://www.cl.cam.ac.uk/~mgk25...
Nice info.
Being a scientist, the first day the new $20's came out, I withdrew $300 and examined the bills under a microscope. The pattern quickly became obvious.
As did two other features. One is public. The other — while chatting with the head of R&D at the US Mint during a conference, I brought it up. He would only deny it, but a fresh sample of 15 is statistically significant. I checked again recently and they've quit using it, as it wears off.