Gmail Messages Can Now Self-Destruct

New submitter Amarjeet Singh writes: Dmail is a Chrome extension developed by the people behind Delicious, the social bookmarking app/extension. This extension allows you to set a self-destruct timer on your emails. You can use Dmail to send emails from Gmail as usual, but you will now have a button which can set an self destruct timer of an hour, a day or a week. Dmail claims it will also unlock a feature that won't allow forwarding, meaning only the person you sent your message to will be able to see it.

Won't allow forwarding?

[elgholm]

Please explain.

Re:Won't allow forwarding?

[Impy+the+Impiuos+Imp]

Really. Is there some hidden API into gmail? And receiver can do whatever it wants with the email, includ8ng forward, via cut and paste if necessary, assuming bizarre behavior from gmail.

And what of gmail's safety backups? How long before gmail clobbers those?

Re:Won't allow forwarding?

[intermelt]

It probably meant to say "Hide/disable forwarding button" and maybe "Disable right click for copy paste menu option"

However maybe the "encrypted" email comes in as an image. Harder to copy/paste, but still easy to forward/screenshot.

Re:Won't allow forwarding?

[John+Allsup]

(GUESS) If you don't have their app installed in Chrome and view within Chrome, you get emailed a link, which opens in a browser. Most likely it will be a rendered image (or something like that), though of course you could still attach that. (/GUESS)

If I receive a 'click on this to see your message', like many, I will probably email back whoever sent it, ask them to resend as a conventional email (that is, disable Dmail) or else I will simply delete it. Quite possibly I might consider writing an app which goes through my gmail via IMAP and automates this process (that is, scan inbox, detect dmail messages, auto-reply requesting conventional email, and move to dmail-spam).

Re: Won't allow forwarding?

Can my computer prevent my smartphone from taking a picture of the monitor?
Trying to prevent screenshots on email is as stupid as those lockdown browsers that some schools make you use when taking a test. Everyone has multiple internet connected and camera equipped deviced now.

Re:Won't allow forwarding?

[just+another+AC]

If the end content needs to be presented to a human at any point, it can be copied. It is just a case of time, effort and quality. No matter how much they lock down the operating system, we can take a photo of the monitor. MS knows this, I don't expect them to push that hard for it.

Until they start connecting directly into our brains (with channel only being unencrypted "in-brain"), DRM is nothing but an inconvenience.

Re: Won't allow forwarding?

[phantomfive]

Can my computer prevent my smartphone from taking a picture of the monitor?

It seems strange, but even right now, some software will prevent you from modifying photos of certain things (Photoshop and hundred dollar bills for example).

Computer companies are depending more and more on media companies every day.....consuming media is the primary use of many of these devices. Soon they might say, "Why not implement this? It'll make the media companies happy, and most people won't care."

Re:Won't allow forwarding?

The only part of this that is related to gmail is that it is a chrome extension that adds the feature to the gmail interface. It sends the user an email link to view the message on a webpage, and then deletes the message later. It probably captures select and right click events in order to be "secure" too. In short, it is garbage.

Re:Won't allow forwarding?

[techno-vampire]

It wouldn't be surprising if in a near version of Windows, we see a way to have 'uncopyable' or 'unscreenshotable' sections.

Which will only be a problem for those of you who still insist on using Windows. The rest of us will go on about our business with no problems at all.

Re: Won't allow forwarding?

[Sir+Holo]

It seems strange, but even right now, some software will prevent you from modifying photos of certain things (Photoshop and hundred dollar bills for example).

Nah, you can get around it. Just do it in sections. Assemble resultant TIFF (or whatever) in IRFAN-View, or some of the numerous open-source image-editing programs.

The trick to "out-witting" the US Mint's genius bill-recognition scheme is to move some of the circles around –the yellow ones. They are 5-circle constellations, which is how Photoshop recognizes them as US currency. This has been known since the 'new' $20's came out about 15 years ago.

Re:Won't allow forwarding?

[HiThere]

The filter would send the automated request of a clean version of the email.

Re:Won't allow forwarding?

[mysidia]

No.... it's a 3rd party messaging service using HTML E-mail and a custom browser extension. To enforce the "self-destruct" rule, the e-mail is hosted on the Dmail provider's mail servers instead of the content being sent in the e-mail message.

Nothing to see here..... I'm not going to be accepting any e-mail sent using such a service. I will tell the sender "No, send me a normal e-mail message; I can't read that one."

Re:Won't allow forwarding?

[93+Escort+Wagon]

So basically this is like those silly e-cards my mom insists on sending for birthdays and holidays. It's got nothing to do with email, except that the link is sent inside an email message.

Re:Won't allow forwarding?

[93+Escort+Wagon]

I can't imagine this will ever get used enough for it to make any sense for you to spend your time automating the task...

Re: Won't allow forwarding?

[paul_metcalfe]

Software, and copying machines too, detect something like this and refuse to continue: https://en.wikipedia.org/wiki/...

Of course, this is not fool-proof at all and can be circumvented by simply using older versions, or self-compiled versions lacking this "feature".

Re: Won't allow forwarding?

[Jack+Griffin]

Computer companies are depending more and more on media companies every day.

Which is why we need to continue support for independent and start up developers.

Re:Won't allow forwarding?

[mwvdlee]

I can only imagine they render the text to an image hosted on dmail's servers, which is deleted after a set time.
But that won't work with Gmail, since Gmail caches all images on their own servers (including HTTPS and never-ending images).

Re: Won't allow forwarding?

[houghi]

It is not possible to take copies with a copy machine of money, because of restrictions in the machine, not because some magic in the money.

Take away that restriction and you will be able to copy money.

So if the program does not have this restriction, it will be able to do it. Gimp?

Re:Won't allow forwarding?

[FlyHelicopters]

Which will only be a problem for those of you who still insist on using Windows. The rest of us will go on about our business with no problems at all.

While you might be right, "the rest of us" is not a very large number...

Until Windows is less than about 95% of the desktop OS market, then "the rest of us" is pretty meaningless.

Re:Won't allow forwarding?

[Dan541]

The only part of this that is related to gmail is that it is a chrome extension that adds the feature to the gmail interface. It sends the user an email link to view the message on a webpage, and then deletes the message later. It probably captures select and right click events in order to be "secure" too. In short, it is garbage.

So, it's not email then. "Go to this website, we have a message for you." No.

Re: Won't allow forwarding?

[xaxa]

The trick to "out-witting" the US Mint's genius bill-recognition scheme is to move some of the circles around –the yellow ones. They are 5-circle constellations, which is how Photoshop recognizes them as US currency. This has been known since the 'new' $20's came out about 15 years ago.

The US didn't invent everything ;-)

It's been known about since 2002, when it was found in European banknotes dating back to 1996. It's thought to be a Japanese invention.

http://www.cl.cam.ac.uk/~mgk25...

https://en.wikipedia.org/wiki/...

Re: Won't allow forwarding?

[invictusvoyd]

It seems strange, but even right now, some software will prevent you from modifying photos of certain things (Photoshop and hundred dollar bills for example).

That's kinda lame . What about photos of Catherine Zeta Jones ?

_______
I use gimp

Re: Won't allow forwarding?

[Sir+Holo]

It's thought to be a Japanese invention.

http://www.cl.cam.ac.uk/~mgk25...

Nice info.

Being a scientist, the first day the new $20's came out, I withdrew $300 and examined the bills under a microscope. The pattern quickly became obvious.

As did two other features. One is public. The other — while chatting with the head of R&D at the US Mint during a conference, I brought it up. He would only deny it, but a fresh sample of 15 is statistically significant. I checked again recently and they've quit using it, as it wears off.

Re:Won't allow forwarding?

[Big+Hairy+Ian]

Just run MS Expression whilst you're reading your email and record the who session including the dmail deleting itself

Re: Won't allow forwarding?

[Cajun+Hell]

Of course, this is not fool-proof at all and can be circumvented by simply using older versions, or self-compiled versions lacking this "feature".

"Circumvent" is really an inappropriate word here. By default, all image processing software will "fail to fail" unless the programmer goes to extra trouble to add the defect. I wouldn't even know that I "should"(?) make my projects not work correctly if I hadn't stumbled onto this thread. And I wouldn't know off the top of my head how I would make it fail, though I suppose I could Google it, not that any customer has ever asked for the bug. And then even if I Google it, the chances that I might find as sufficiently easy-to-call library to help my code fail (or a sufficient description so that I can implement the bug myself), aren't that good. And who is going to pay for my time, working on it? Nobody, that's who.

Please don't call it "circumvent!" Not-having this "feature" is the normal, default, assumed, cheapest, fastest, easiest case.

Re: Won't allow forwarding?

[nanoflower]

What happens for people that never log in to Gmail through a browser but only download their email? Are they supposed to be prevented from downloading the DRMed messages? They must be if this 'security' method is going to do what it claims because otherwise anyone can download the message and then use an alternate mail client to do as they wish.

Also how is this DRM supposed to work? I doubt Google is getting involved since there's been no huge demand for such a feature so the company has to be taking advantage of how Gmail works. Perhaps they are inserting a bit of code into the email that prevents you from selecting certain options. Nothing unsafe in having email that changes how the email client behaves, is there? ;)

Re:Won't allow forwarding?

[StikyPad]

Ah, too bad. I sent you my bank account #, SSN, mother's maiden name, the street I grew up on, and my favorite 4 digit number, and can't be arsed to type all that out again.

Re:Won't allow forwarding?

[StikyPad]

If only people had easy access to some sort of device that didn't rely on the Operating System in order to capture visual data. Like some sort of tiny camera that they always kept with them. Maybe it could be built-in to some other object that they already keep on them out of habit. We're probably decades away from anything like that, but who knows what the mysterious future holds!

Re: Won't allow forwarding?

[phantomfive]

To clarify, when I said 'computer companies,' I meant manufacturers like Apple, and Microsoft.

If you've bought a computer recently, it probably already has the UEFI drm in it. So we are getting closer, step by step, to that sort of reality. Whether we take the next step is unknown, but until now we haven't stopped moving in that direction.

Re: Won't allow forwarding?

[phantomfive]

Yours is a completely true post that also misses the point of the post you were replying to.

Re:Won't allow forwarding?

[Archangel+Michael]

And nobody has figured out how to use Snipping Tool or Screen Capture or any of a number of ways to defeat said restrictions.

If the text is sent, it can be captured. False security is worse than no security.

Re:Won't allow forwarding?

[techno-vampire]

The point of my comment was to suggest that things like that will drive more and more people away from Windows so that eventually, only those users who can't or won't think for themselves will be left with it.

Re: Won't allow forwarding?

Cocaine?

Re:Won't allow forwarding?

[FlyHelicopters]

The point of my comment was to suggest that things like that will drive more and more people away from Windows so that eventually, only those users who can't or won't think for themselves will be left with it.

I get that, and it is a reasonable point to make. However that assumes that the majority care.

I don't think they do.

The number of people using iPads and iPhones would indicate such, and while Android has a large market share, a lot of that is on locked down phones such as the Galaxy S series that you can't do much with without hacking anyway.

How many people who own Android phones actually do anything more than basic stuff with them? I'd be shocked if the number was above 10%.

Re:Won't allow forwarding?

[techno-vampire]

However that assumes that the majority care.

It also assumes, I'll admit, that the majority are aware that there's a choice, and that the other choices work as well as, or better than what they're used to. As long as people make fun of "The Year of the Linux Desktop," people are going to be afraid to try it because they think it's hard to learn. I have a friend who's a computer columnist among other things, and he still thinks that you need access to a Unix guru to run Linux because that was true twenty five years ago when he first looked at it. I've tried to get him to understand that for most people, they need no more tech support with Linux than with Windows, but he's in his eighties now, and a bit set in his ways.

Re:Won't allow forwarding?

[techno-vampire]

And who's fault is that? It's not the Linux devs because they've wanted to write OSS drivers for those cards ever since they came out, but alas, the OEMs won't release the specs. I'd suggest that you check the facts before you post such drivel, but I know that people like you are only interested in spreading anonymous FUD.

Re: Won't allow forwarding?

[cstacy]

[...] two other features. One is public. The other — while chatting with the head of R&D at the US Mint during a conference, I brought it up. He would only deny it, but a fresh sample of 15 is statistically significant. I checked again recently and they've quit using it, as it wears off.

Cocaine?

No, he said they quit using it.

Cocaine is one hell of a feature.

Re: Won't allow forwarding?

[cstacy]

It seems strange, but even right now, some software will prevent you from modifying photos of certain things (Photoshop and hundred dollar bills for example).

Strange. why would it prevent me MODIFYING the $100 image - making it even clearer that my printout is NOT real money?

Well, another reason for using gimp then.

I imagine it's so that you can't alter the serial numbers; which you would want to do so that your counterfeit money will not be traceable to the person who had the real C-notes you copied. (Seems overly paranoid to me, since people pass real bills of this size all the time. Anyone else have a better theory?)

Re: Won't allow forwarding?

[KGIII]

I, for one, do not welcome these overlords. I have ample hardware to survive an apocalypse. If things should drastically change then I have many computers that will last the rest of my life. As it is, I really do not see any reason to upgrade to new hardware. I upgrade because I like it. The added speed is trivial these days. The new features are seldom used. Now they may be able to keep me off the 'net (sort of) but I would just build an extension to my home network and allow access from others.

I also have radios and nohow. I even have power in a variety of ways. I can even fix my devices. If SHTF I will still be amusing myself for the rest of my life with nary a blink. I do not even have to shop for most food stuffs I suppose. I seldom do as it is. I grow an hunt much of my food. I have firearms and friends and lots of land in the middle of nowhere. I suppose I will by alright.

Re:Won't allow forwarding?

[KGIII]

Where did they place blame on anyone but the OEMs? Your rant makes no sense when I read the post you are replying to.

Re:Won't allow forwarding?

[techno-vampire]

I've seen that complaint many, many times before, and it was always used as an excuse not to use Linux, with the implication that the lack of OSS drivers was caused by the devs not providing them rather than putting the blame on the OEMs as is right and proper. If the OP wasn't doing that, it's the first time I've ever seen it.

Re:Won't allow forwarding?

[KGIII]

I think they were pretty clear and reasonable. I have similar/same complaints and am an avid Linux user.

Re:Won't allow forwarding?

[mysidia]

Ah, sorry, you sent it to the wrong person. You must want the Nigerian prince sitting in the back row of the cafeteria over there.

I don't do ID theft or other crimes, but if you want to e-mail me the private keys for a Bitcoin wallet with a few hundred BTC in it.......

Re:Won't allow forwarding?

[FlyHelicopters]

The problem with Linux is not that people don't know it doesn't exist.

Even my Mother has heard of it, it isn't a secret. The real problem is people don't see a need for it. Windows works "well enough".

Then you have the issue of "do my programs run on it". If your answer is, "no, but similar programs do", then you've lost, you might as well give up.

Re:Won't allow forwarding?

[techno-vampire]

Then you have the issue of "do my programs run on it". If your answer is, "no, but similar programs do", then you've lost, you might as well give up.

Or, you make sure that Wine is installed and for the most part, you can say, "Yes, they will."

Re:Won't allow forwarding?

[FlyHelicopters]

Meh, "for the most part" isn't good enough, and no, they don't really...

TurboTax doesn't run on Wine, not without some effort...

Look, I get the benefits of Linux, I really do... but they don't matter to most people, which is why "The year of the Linux desktop" remains a 20 year old joke at this point, and it is likely to remain so for a very long time.

Something might replace Windows at some point, but I doubt it will be Linux. Frankly OS X has more of a chance of that happening than Linux does.

Re:Won't allow forwarding?

[FlyHelicopters]

Also, consider that asking people to change their OS then brings up another question... "Why?"

Oh sure, YOU understand the benefits, but they don't see any. It is like saying "change the engine in your car for this other engine, it doesn't have DRM or auto-updates".

Um... so? Does the average driver care?

The vast majority of consumer electronic users just don't care, they want something that works, and the reality is that Windows works better than it really ever has.

It isn't perfect, but perfection is the enemy of "good enough", and Windows long ago passed "good enough".

Linux doesn't offer a compelling reason to change, it didn't 20 years ago, it didn't 10 years ago, and it doesn't today. Not to more than about 1.5% of desktop users anyway.

Re:Won't allow forwarding?

[techno-vampire]

Linux doesn't offer a compelling reason to change, it didn't 20 years ago, it didn't 10 years ago, and it doesn't today. Not to more than about 1.5% of desktop users anyway.

There's one that I've found gets people's attention: Linux is free, as in beer. Every time there's a new, expensive version of Windows released, I get more people asking about Linux. Not many change, but at least they consider it.

Re:Won't allow forwarding?

[FlyHelicopters]

Every time there's a new, expensive version of Windows released, I get more people asking about Linux.

I'm sure you do... but your circle of friends and contacts is not representative of the general public.

How do I know that? Because the desktop usage of Linux hasn't budged in a decade.

And for what it is worth, Windows is just as free, from the point of view of the average consumer. Most people get Windows with their computer and few upgrade, which is one of the reasons MS went ahead and started giving Windows away. They want to be paid when the computer is sold, but for most people, it will now be a free upgrade. You just pay again when you buy your next computer.

Linux lacks a single release, it is confusing, there are many versions, there is no one company for support, some things work better on one release or another, etc.

To the average consumer, it is just a big mess. Windows 7 is Windows 7 is Windows 7. Linux doesn't offer that.

---

Look, I don't want to get into a fanboy argument, rest assured MS has done some really dumb things over the years, I'll be the first to point out that Vista was a mess at launch, they overreached and backed off to that. 8 had its own problems, partly fixed with 8.1, completely (more or less) fixed with 10.

Balmer is gone, real change is happening, these are good things. Did Linux cause them? Meh, I suspect Apple is a bigger concern for MS, but they aren't fools, they don't want anything getting in the way of Windows being on the vast majority of computers.

---

To put this another way... Linux can't win by "not being Windows". It has to offer something compelling that Windows does not. To most consumers, it does not offer anything compelling and it in fact has tons of draw backs. You don't mind, you can work past them, but most people don't WANT to do that.

Re:Won't allow forwarding?

[techno-vampire]

You just pay again when you buy your next computer.

But why should you have to buy a new computer just to run the latest version of your OS? Why should the hardware requirements increase that fast? Granted, I don't buy pre-made computers because I have a friend who's a much better hardware tech than I'd ever be even if I were interested in those things (I'm a software geek; he's hardware.) but I've gone through several upgrades of my distro (Fedora) without needing to buy any new hardware, and don't expect to need a better computer for years. Why do people accept so easily that upgrading Windows includes upgrading their hardware?

Re:Won't allow forwarding?

[FlyHelicopters]

But why should you have to buy a new computer just to run the latest version of your OS?

Because that is what people do...

Besides, if you want it to do more, then you need more power. Computers have indeed gotten much faster than they used to be...

Why should the hardware requirements increase that fast?

They really haven't moved much since Vista came out. It is the other stuff that people want out of a computer. Faster storage (SSD), USB 3 support, display port, etc. Those things can be added to an older computer, but people don't tend to modify their computers, they buy new ones, use them for awhile, then give them away or sell them and buy something new.

Why do people accept so easily that upgrading Windows includes upgrading their hardware?

What makes you think that people do that so easily? Lots of people were perfectly happy on XP, but at some point it was time to move on.

My Mother uses Windows 7, she doesn't see a reason to move to Windows 10 any more than she sees a reason to move to Linux. Windows 7 works just fine. Of course, since Windows 10 is now free for her, she asked me if she should make the move, to which I replied, "give it three months, let everyone else work the kinks out first".

---

It is worth noting that Windows 10 actually runs quite well on a 8 year old computer. Stick a SSD in a Core2Quad and it is amazingly responsive to basic computing tasks. I have such a machine running as a test bed and frankly for what most people use their computer for, it is just fine. 4GB of RAM and a 180GB Intel SSD and it is a great machine for Windows 10.

Re:Won't allow forwarding?

[q4Fry]

It is like saying "change the engine in your car for this other engine, it doesn't have DRM or auto-updates".

I see what you did there.

Re: Won't allow forwarding?

[paul_metcalfe]

What other verb would you use? English is not my first language.

Feature or not, that's a matter of perspective.

Um...

[Nemyst]

I know this is ancient technology by today's newfangled social media buzzword bingo, but have those devs ever heard of copy/paste?

Pure undulterated bullshit

[cheesybagel]

BS.

"it will also unlock a feature that won’t allow forwarding, meaning only the person you sent your message to will be able to see it"

Then I'll copy and paste the text to another Windows and foward it.

What the article describes is not e-mail. It's an messaging app with a different protocol using e-mail only as a transport mechanism.

Re:Pure undulterated bullshit

[brian.stinar]

DRM is built upon the lack of understanding that playing content (text, image/sound/video) requires, BY NECESSITY, the ability to duplicate that content. It's always possible to do an analog scrape, if the DRM keeps everything in digital land "safe." As I recently found out with .m4b files, it's just a matter of how annoying the DRM producer wants to try and make that process, and how valuable your time is.

I never understood the desire to try and accomplish anything else. Software/hardware/device manufacturers that try and DRM-proof their products annoy me. I left a startup because of DRM:

"Brian, we need to protect our content. That's why I'm putting you on this DRM-WordPress-enabled-web-protect-our-desktop-application project."
"Actually, hardly anyone wants to buy this software yet. The best thing that could happen would be it would catch on fire on pirate networks. That's called free marketing."
"I spent twenty years of my life developing this software."
"And it's only been the last six months that you've sold ANYTHING. Let's close these sales deals, and then start developing the subscription-only services, that require a valid subscription, and then we can 'protect' the content by having AWESOME subscription based content. If anyone pirates v 1.0, let's make v 2.0 so much better they cannot wait to buy it, and support us!"
"The software isn't ready, we need to protect it."
"DRM in the absolute best case adds NOTHING to the user, and in the worst case is horribly annoying. I'm not going to work on DRM technology that will alienate our miniscule user base."
"I disagree."
"I'm out."

And this is why the second start-up venture I was a part of failed. Everyone left, after 20k in 'sales' never materialized based on the founder wanting to 'protect' his software. I am ready for the third failure though!

Re:Pure undulterated bullshit

[BitterOak]

Then I'll copy and paste the text to another Windows and foward it.

I would assume the copy and paste functions would be disabled, otherwise this would be pointless.

Re:Pure undulterated bullshit

[gnupun]

How will gmail prevent the recipient from snapping a picture with their smartphone or just using the OS screen capture keyboard shortcut? This looks like a "Mission Impossible" gimmick or Snapchat wannabe feature.

OTOH, will this affect the market valuation of Snapchat since it's a very similar feature?

Re:Pure undulterated bullshit

[GoodNewsJimDotCom]

Hey, Snapchat makes no sense at all, since anyone can screenshot/hack their own device. Even though Snapchat doesn't do what it claims, its a phenomena which has made lots of money. I think Google just wants to jump on the money train of making impossible claims to technology.

Re:Pure undulterated bullshit

[quenda]

playing content (text, image/sound/video) requires, BY NECESSITY, the ability to duplicate that content.

Ridiculous. If that were true, why would all those clever companies spend countless millions on advanced technologies like BD+ and HDCP?
You think they just enjoy flushing money down the toilet?

Re:Pure undulterated bullshit

[GigaplexNZ]

Because those are technologies aimed to protect the path of those necessary digital copies. The photons from the screen still need to travel through the air though, and there's nothing stopping you pointing a camera at it.

Re:Pure undulterated bullshit

[brian.stinar]

How is this ridiculous? I don't understand. Are you being sarcastic with me? I'm sorry if I'm being dense.

Yes, I do think they are flushing money down the toilet. I have been a contractor long enough to determine when a customer wants to build something useful, versus has a political/emotional need to flush money down the toilet. I think there are lots of political needs to flush money down the toilet on DRM, and then clear hackers play the game of cracking their DRM (mostly for fun, since someone with DRM-cracking skills could certainly purchase content using far less profitable time than cracking the DRM on the content they want to get for 'free.')

Companies want to make content difficult to duplicate, but it's always possible to point a ridiculously high resolution camera at your screen. One of my friends built a poker bot like this - he had a keyboard and mouse interface, and pointed a camera at another screen. This entire dance is a game.

If you can play content, the content you are playing can be duplicated.

Re:Pure undulterated bullshit

[GigaplexNZ]

Or you could run the software in a VM and have the host OS capture the screenshot, if they manage to implement invasive DRM.

Re:Pure undulterated bullshit

[quenda]

They don't even protect the digital path very well, because the consumer needs the keys to view the content.
The idea is fundamentally broken. (As are the above-mentioned DRM schemes.)

Re:Pure undulterated bullshit

[GigaplexNZ]

I agree, but that doesn't change the fact that your initial response of "Ridiculous" to the claim that "playing content requires the ability to duplicate that content" was misguided.

Re:Pure undulterated bullshit

[quenda]

No, it was just missing the sarcasm tags. Sorry, I misjudged the tone/audience. But still preaching to the choir here :)

Re:Pure undulterated bullshit

[ultranova]

Or you could run the software in a VM and have the host OS capture the screenshot, if they manage to implement invasive DRM.

Or you could simply not run the software at all and only lose messages even the sender's drunk ass knew they would be ashamed of in the morning. And possibly the occasional extortion scheme.

Re:Pure undulterated bullshit

[thegarbz]

playing content (text, image/sound/video) requires, BY NECESSITY, the ability to duplicate that content.

Ridiculous. If that were true, why would all those clever companies spend countless millions on advanced technologies like BD+ and HDCP?
You think they just enjoy flushing money down the toilet?

Q1: Is that a trick question?
Q2: Is there any movie released on Bluray that isn't available on Torrents in high-def?
Q3: Does the torrent download include unskippable adverts for anti-piracy that just get in the way of viewing content and softbrick your bluray player because the keys were revoked requiring you to download an update for 10 minutes when all you want to do is watch a movie?
Q4: If you answered no to question one, were you serious and are you should it wasn't a trick question?

Re:Pure undulterated bullshit

[Jack+Griffin]

"Actually, hardly anyone wants to buy this software yet. The best thing that could happen would be it would catch on fire on pirate networks. That's called free marketing."

The most enjoyable thing about watching Dragon's Den/Shark Tank is how these startups come through the door thinking their great idea is about to take the world by storm. Invariably the first question asked by the Dragons/Sharks is, "how many have you sold"? And the last question is usually, "would you prefer 50% of something, or 100% of nothing"?
Most people leave empty handed never to be heard of again.

Re:Pure undulterated bullshit

[brian.stinar]

I gotta watch this show! I've seen it a few times, and it ALWAYS seemed really interesting (and I learned a few things!), but I never made watching it a habit. Thanks for mentioning this.

Re:Pure undulterated bullshit

[quenda]

Rhetorical question. Feel free to take it seriously (who does gain what from DRM?), but thats getting off-topic.

Just saying that a self-destructing email is like uncopyable media. Neither works as claimed, but that doesn't stop it making a lot of money for the people selling it.

Re:Pure undulterated bullshit

[Dutch+Gun]

If they're selling it as "secure" (as in a user *can't possibly* forward the data), then it's bullshit. If they're selling it as "this prevents someone from inadvertently forwarding your message to others or keeping it available longer than intended", then it should work as advertised. Obviously, it doesn't prevent intentional abuse.

Keep in mind that the vast majority of people simply use programs with the defaults enabled. Google's g-mail, by default, keeps ALL messages (by encouraging you to "archive" instead of "delete" messages). A lot of mail clients work in the same way now. This means that, by default, if you send someone a message with some sensitive data, you have no easy way of encouraging the recipient to delete the message after being read. This provides that mechanism. Unless someone goes deliberately out of their way to copy that data, it will not be forwarded or copied to their local client or mail storage.

Honestly, I'm not sure how useful this is anyhow. Unless e-mail is encrypted or internal-only, you basically have to treat it like a postcard. That is, anyone interested enough to glance at it while in-transit can see what you're writing.

Re:Pure undulterated bullshit

[AmiMoJo]

The only possible way it could work is by putting the text of the email into an inline image, or making the recipient click a link to view a web page with the text. Then they can "delete" it by removing the image/web page from their server.

Both of these methods won't work very well in practice. Emails that are mostly one large image tend to be marked as spam. and most clients (including gmail) don't display images by default. When gmail does display an image, it caches it on Google's servers so that the server hosting the image can't see when the user loads it (tracking protection).

Many clients also block links to external sites by default, making the user take an extra step to open them due to the risk of malware.

Also, this would seem to break replies. If you can't quote the sent text, you can't reply properly and it breaks threading.

Re:Pure undulterated bullshit

[Dutch+Gun]

This isn't DRM. There's no need to turn text into an image here. I think people are confusing this for some sort of document protection scheme which is trying to do something that's impossible.

You're mistakenly treating the recipient as a hostile entity. If you can't trust them to view and *not attempt to copy* confidential information, then they shouldn't be allowed to see it anyhow.

Instead, you need to consider the recipient as an imbecile who will, for example, accidentally forward a confidential note to their entire address book, or forget to delete the message as requested.

Good security is often about simply making the default behavior secure. In this case, you're simply ensuring that the recipient has to do nothing at all for that information to remain secure, which is about as good as it's going to get once you release information to another party.

LOL! Is the email content just stored elsewhere?!

OH LOL!

Look at the screenshot in the second article!

Look at it!

OH LOL! OH LOL! OH LOL! OH LOL! OH LOL! OH LOL! OH LOL! OH LOL! OH LOL! OH LOL!

If this works like I think it works, then the email the recipient gets only has this "View Message" link in it? And then the recipient must maybe view the actual content of the email, which I presume is stored on some other server somewhere? And that's how access to it is limited?

OH LOL! OH LOL! OH LOL! OH LOL! OH LOL! OH LOL! OH LOL! OH LOL! OH LOL! OH LOL! OH LOL! OH LOL! OH LOL! OH LOL! OH LOL!

Can anyone confirm this? Does this just send an email to the recipient, linking to the actual content which is stored somewhere else, on a web server somewhere I would presume? Maybe even somewhere in THE CLOUD?

Can anyone confirm this is what is happening in this case? Anyone?

OH LOL! OH LOL! OH LOL! OH LOL! OH LOL! OH LOL! OH LOL! OH LOL! OH LOL!

Re:Not if you email me

[Bovius]

I think the idea is that the e-mail itself just contains HTML that makes a request to the Dmail server, and the server doesn't send back the actual message if it's been too long.

But yeah, that doesn't mean that the person can't copy/paste/screenshot something when they see it. It's self-destruct for the lazy/ill-informed.

Re:Unenforceable

[Grishnakh]

It's only enforceable because it isn't email.

All this stupid thing is, is a system where the recipient gets a link to click on, which lets them go view the "email" (message) on some server somewhere, subject to a bunch of restrictions. I think there's also a browser plugin that basically does the same thing, but making it appear more like you're reading an email instead of just being redirected to some server.

This isn't email in the traditional SMTP sense.

Of course, it still is impossible for them to prevent you copying it somehow, even if you have to resort to screen capture.

Re:Not if you email me

[Grishnakh]

It has nothing to do with Gmail really, it's just a link to let someone view a message on some website. It isn't actually email.

Print Screen

[ronaldbeal]

Um... "Print Screen" or "Screen Capture" kinda makes the whole premise of this pointless.

Disappear without warning?

[Tablizer]

I already have this feature, it's called "Comcast"

it's been done

[wendyo]

I recall reading about something like this on Slashdot 15 years ago or so. IIRC, that one was an image on a webserver. It was advertised as deletable email.

Didn't work that time. Sounds like more of the same.

Chrome Extension?

[Bing+Tsher+E]

That would mean not being able to use pop.gmail.com anymore. I like Sylpheed. I'll just keep doing what I've always done.

I will admit I never get to see the ads that Google peppers their webmail with. I don't feel cheated, however.

El Psy Congroo

[Whiternoise]

If only it were actually Dmail, that would make the whole premise a lot more interesting. Do they also build microwaves?

Ever heard of the print-screen key?

[dsmatthews9379]

If you can see it on the screen you can print it to an image, or record the entire interaction with your email client using a screen recorder. If you have the required credentials you can record somebody else's remote desktop too. I would not be surprised if Google block the extension on the grounds that it is deceptive.

Re:Sure....

[tom229]

It has to only work gmail to gmail, in which case it's entirely dependent on how the receiver is accessing their gmail account. If they are accessing their account through an application like outlook using imap or the native extension then it's probably not going to work. Also there's the obvious problems of screenshot and copy paste. All in all this is probably a terrible idea as it will do nothing more than offer a false sense of security to people who don't know any better.

Security for lazy people

[aNonnyMouseCowered]

If it's long you'll need screencasting software. Or are they using some DRM-like technology that'll prevent folks from even photographing the screen. Not much security by obscurity as security by inconvenience.

Won't/can't work

[Todd+Knarr]

Their extension can't affect the recipient's end of things if the recipient isn't also running that extension. In that case nothing Dmail can do can prevent the recipient from saving the message, forwarding it or doing anything else with it. Dmail can play tricks with HTML e-mail by replacing the body of the e-mail with a dummy wrapper that fetches the message via HTTP from a Dmail server and they can use some Javascript tricks to try and block "Save as", but those are going to run into problems with anything that blocks remote content or disables Javascript in e-mail. Even if the recipient's using Gmail in Chrome that's going to be an issue considering how that sort of blocking's basic to blocking malware. And of course if the recipient's running a non-browser client using IMAP4, Dmail's completely out of luck.

As far as being able to restrict viewing to only the recipient, that's easy. Every standard mail client today supports it. The hard bit's getting the recipient to generate a public-key certificate and install it as a personal certificate and key in their e-mail client. Then you just encrypt the e-mail using their public key and send it as an S/MIME message, their mail client will automatically decrypt it for them. I could even make that work in web-mail with a browser extension that recognizes the message text block, grabs it and decrypts it and stuffs the results back in the text block for the user to see. The obvious advantages here are that a) you wouldn't need to use any particular service provider to send the mail and b) not even the service provider or e-mail servers would be able to see the cleartext. The hard part's the PKI, and really all that needs is an extension for the mail client to automate generation of a certificate and installation into the client like we have in browsers. Depending on the browser and OS that might be simplified by taking advantage of shared OS cryptography features.

I've kicked this idea around as a commercial possibility, but it all comes down to two basic problems:

• If the messages are truly private it's nigh impossible to generate revenue by any means except annual subscriptions from users. Senders might pay, but recipients won't and that breaks the whole thing.
• Controlling what happens after the message reaches the recipient's nigh-impossible. The best you can do is if you restrict recipients to a platform like mobile where they have to access messages through your app. There's still ways around the controls, but you can make it so the phone has to be rooted and then access to the secure credential storage obtained and that's not something that can be automated enough to be feasible for the average user to do. In an uncontrolled environment like a browser or a regular e-mail client? Forget it.

Re:Won't/can't work

[tlhIngan]

Their extension can't affect the recipient's end of things if the recipient isn't also running that extension. In that case nothing Dmail can do can prevent the recipient from saving the message, forwarding it or doing anything else with it. Dmail can play tricks with HTML e-mail by replacing the body of the e-mail with a dummy wrapper that fetches the message via HTTP from a Dmail server and they can use some Javascript tricks to try and block "Save as", but those are going to run into problems with anything that blocks remote content or disables Javascript in e-mail. Even if the recipient's using Gmail in Chrome that's going to be an issue considering how that sort of blocking's basic to blocking malware. And of course if the recipient's running a non-browser client using IMAP4, Dmail's completely out of luck.

If you read the article, you'll see it's really just a private messaging service. The plugin just interfaces that service to Gmail.

If you have the plugin, then it'll retrieve the message for you. If you don't, e.g., use Firefox, what happens you get an email with a link that basically says "XXX has sent a message to you. Click here to see it".

Well, probably not so spammy-looking, but there you go.

It's nothing special - the only reason messages can be "erased" is the link expires.

Re:Unenforceable

[PopeRatzo]

The best part is, when you want to send a message to someone that cannot be forwarded and self-destructs, you first have to send it to this Dmail company's server in the cloud where it will exist forever.

And since most of the people using this "non-forwarding self-destructing message system" will be people sending threats and harassment to ex-girlfriends, I wouldn't be a bit surprised if this entire thing is one big honey trap.

Yes, by Disappearing Inc.

[billstewart]

Yeah, it was a cute name. The folks running it had a clue, knew what they could and couldn't realistically do.

Google Cache

[clockley(571021718)]

http://webcache.googleusercont... or http://cc.bingj.com/cache.aspx...

It's a Limited Threat Model Definition, not DRM

[billstewart]

Back in 2000, a company called Disappearing Inc. made a presentation to the Bay Area Cypherpunks meeting about their product, which was pretty similar except that back then most people used real email clients instead of webmail. When the guy walked in, and we were expecting him to be pushing some kind of snake oil, he started out by saying that their threat model was to let cooperating people have some guarantee that their email would go away when they wanted it to, not to keep uncooperative people from doing that because you just can't stop screenshots / cameras / sender saving a copy / etc. and anybody trying to sell you that is selling snake oil. And suddenly he had a friendly audience, instead of one that was going to beat him up, because he'd defined a problem that could be believably solved, which was cool.

So the trick is that the file's in an encrypted format, and Disappearing Inc's server keeps the keys and a delete date for them, and if the sender and recipient are both using their product, the reader program/plugin/etc. fetches the key from DI's server; if not, you drop the file into an SSL-encrypted web form on DI which decrypts it for you. When the delete date hits (or earlier, if the file's set for read-only-once), DI deletes their copy of the key, so the recipient's mail box now has an encrypted binary blob file with no decryption key. Yes, if the server gets compromised, it's all toast. Yes, if the recipient's email client or browser is compromised at the time they read it, it's all toast. But if nobody's trying to subpoena or crack the message until after the key's deleted, then it's too late to recover old messages, though you can always try to attack new ones.

It was a nice system, and they stayed in business a couple of years before getting bought by somebody who got bought by somebody and disappearing into dead-dot-com-space. Similar systems have been sold by various other companies, often under category names like "Data Loss Protection".

If you wanted to do a "no forwarding" version, you'd do it by setting rules on who could access it, whether by IP address or some ID in the reader plugin or delete-after-one-read or whatever.

Re:It's a Limited Threat Model Definition, not DRM

[michelcolman]

their threat model was to let cooperating people have some guarantee that their email would go away when they wanted it to, not to keep uncooperative people from doing that because you just can't stop screenshots / cameras / sender saving a copy /

(...)

If you wanted to do a "no forwarding" version, you'd do it by setting rules on who could access it, whether by IP address or some ID in the reader plugin or delete-after-one-read or whatever.

The problem with no-forwarding is that people who want to forward the message anyway, by definition turn into non-cooperating people. You might as well just add a text "please don't forward".

Re:It's a Limited Threat Model Definition, not DRM

[ArsenneLupin]

The problem with no-forwarding is that people who want to forward the message anyway, by definition turn into non-cooperating people. You might as well just add a text "please don't forward".

Non-cooperative people are only one category of people who'd forward mails even though told they should not. Another large category are users that are just ignorant, as in what does forward mean?, and what's the difference between this reply button and that "reply" button?. For those, a cooperative "Disappearing" system would indeed help (whereas a friendly plea to not forward would just be ignored as computer person's gobbledygook...)

Re:It's a Limited Threat Model Definition, not DRM

[cstacy]

And the same thing applies to people who don't want the message to disappear. If the message is important enough to warrant a self-destruct timer, it inevitably turns all recipients into uncooperative people.

+1 Insightful

Why do I only get mod points on boring days?
Well, at least here's a +2 for the AC...

Gmail Messages Can Now Self-Destruct

[pem]

No. They can't.

Nothing to see here. Move along. Don't feed the samzentroll.

Decryption Key stored elsewhere, not content.

[billstewart]

Yes, you could implement it by storing the message contents on a server, but the non-LOL version that Disappearing Inc implemented back in ~2000 sent the encrypted message to the recipient, and only kept the key on the server. If you had a client at the recipient's end, it would fetch the key, otherwise you'd paste it into an SSL form on a web browser that would decrypt it. DI would delete the key after whatever business rules you liked (typically N days, or read-N-times, or "recipient clicks Delete", or sender clicks "Ooops.", etc.)

Does this keep the whole message on the server or just the keys? Hopefully the latter, because it's more secure, but I don't know.

Corporate applications?

[Mr.+Freeman]

Will this work for people sending messages to other random people? Probably not. But imagine a corporation deploying this system to all of their computers. Suddenly, the boss can tell their employees to do unethical things, make illegal threats, and so on without any chance that the FBI is suddenly going to show up and arrest him with evidence of his misdeeds.

Re:Corporate applications?

[93+Escort+Wagon]

Will this work for people sending messages to other random people? Probably not. But imagine a corporation deploying this system to all of their computers. Suddenly, the boss can tell their employees to do unethical things, make illegal threats, and so on without any chance that the FBI is suddenly going to show up and arrest him with evidence of his misdeeds.

It only takes one employee with a smartphone camera to completely destroy this model.

Re:Corporate applications?

[catprog]

And how do you handle an employee who does not follow the deleting emails.

It's just a bit.ly for emails

[cloud.pt]

Apparently it's only "your email replaced by a link to the content". Somebody really knows how to pimp up a news article so it reaches front page huh.

I found this from the reviews on the chrome extension site as I didn't bother installing it, WHICH IS STILL MORE THAN THE ARTICLE AUTHOR MANAGED TO DO.

Re:LOL! Is the email content just stored elsewhere

[innocent_white_lamb]

Can't look at it:

http://www.hostinger.in/cpu_ex...

hostinger.in says that the cpu limit has been exceeded.

Remind me never to host anything there since it apparently becomes unreadable under a slight load.

Re:Unenforceable

But that's the whole point. You aren't sending those bits. You're sending a link, and if you decide to remove the message before the person follows the link, they never will get those bits.

Two words: analog hole

[davidwr]

Many corporate, "non-Internet" email systems have had "message recall" and "do not forward" features, but these are there just to "keep honest people honest" - they are trivial to defeat.

Even the most sophisticated systems can't easily defeat the "analog hole" of photographing the screen with a film camera (yes, that can be done - movie theaters do it - but it's not really practical in a non-controlled environment).

Re:Two words: analog hole

[gweihir]

Even better: This thing has a digital hole. Incompetent security-wannabes come up with things like these time and again, but they never work because they cannot work.

Self destruct my ass

[fisted]

If the email is here, it is here, and nobody is going to delete it.

Oh, it's actually HTML you say? Great, I didn't want to read that crap in the first place.

That is of course complete BS

[gweihir]

You can keep them by screenshot. You can forward them by screenshot. The security value of this feature is zero. At best it represents a mild annoyance to the receiver that wants to keep or forward them. Snake-oil "security" at its best.

Re:Just delete it

[AJWM]

This. Links in email are dead to me. I don't follow them, my mail client doesn't follow them, it's just so many wasted bytes. And that includes e-cards from friends/relatives. You want to send me something, send it to me, don't ask a third-party to.

(Sure, I make an exception for links I'm expecting (have asked for) but even then I'll copy them to my browser. HTML in my email is turned off.)

Re:Sure....

[gweihir]

In essence, the email can "self-destruct" if the receiver allows it. I think there might be a slight security problem here, such as the "designers" of this thing not having even a basic understanding of IT security.

Re:hmm. from TFA:

[gweihir]

I disagree. It it quite clear that the decrypted email can easily be copied in digital and analog form. This thing is utterly worthless as a security feature.

It uses the new BULLSHIT protocol

[Demonoid-Penguin]

And works best on smart watches made from Unobtainium (the bullshit element).

I could be wrong though, and I invite the creators to email me proof to my mail server, where I'll view their proof via IMAP on Icedove. I'll even ensure I view it in the Rich Text subset of HTML and forward copies in mixed format to other interest testers.

In other news Ted Turner spent his whole day smoking joints instead of just one before breakfast. Jane must of locked him out of the bedroom again.

Many special-mail things use this approach

[billstewart]

This approach to special-handling-required email is pretty common - if the recipient has the right software (client / app / browser extension / whatever), their email client can read it directly, otherwise they have to use a web link to the provider's server. The more secure and scalable versions store only keys of some kind on the server, and include the encoded or encrypted message in the email, the simpler but less scalable and less secure ones keep it on the server and just include a link in the email.

Disappearing Inc did that back in 2000 for a self-destructing email application, and I've seen similar things for encrypted mail (e.g. Voltage Secure Mail) and other applications (often marketed as "Data Loss Prevention" or whatever), mostly for corporate users.

And yeah, if I get email from some random stranger saying "You've received a Whiffly-Mail Message, Click Here to Download", it's going in the spam bucket, but if I get it from somebody I regularly deal with I'm fairly likely to open it. Can't be much worse than opening a Microsoft Word document from a stranger. And of course, if it's from Paypal or SomeBigBank or Microsoft Technical Support, it gets junked as well.

Re:hmm. from TFA:

[gweihir]

No, I disagree with it being "unclear why the decrypted version cannot be saved or otherwise copied in some manner". It is quite clear that it can.

Some reading comprehension required when trying to tell other people what they mean to say....

Good luck.

[Karmashock]

Once that email is in the wind... its free... you're not calling anything back unless you control the receiver's email server.

I have the exact opposite view

[andrewbaldwin]

Certainly in work situations a part of me dies whenever I'm sent emails with documents attached - doubly so when it's an Excel 'form' to be completed and sent back (presumably to some poor soul who ends up copy/pasting multiple replies into a 'master').

Consider this exchange between the canonical pair, Alice and Bob:

Alice works for ACME

Bob works for BizCo

They work out a scheme to make trade between the two easier and more efficient.

Alice sends the details in a document attached to an e-mail to Bob.

To cover her back she also sends a copy to her manager Agnes and Alan in commercial and possibly Alberta in procurement. These could also forward it on to Alison, Agatha, Alfred...

When Bob receives it, he also wants to protect himself so sends copies to Bill, Betty and Bertha at his office; similarly Brian, Barbara.... could receive copies.

There are now at least EIGHT copies in existence.

Alice and Bob may want to make minor changes, so may Alan and Betty ....

What odds would you give that in a few weeks that all are working to the same document version ? If you believe that all will be aligned, I have a nice bridge I can sell you at a knock down price. Embedding documents in e-mails can increase data but destroy information

By having just one copy and exchanging links, the confusion can be avoided.

All that said - for personal e-mails, this is less of a worry.

Re:Not if you email me

[LostMonk]

That's spam or phishing in my book -- stuff I delete within after a 0.1 sec scan.

funny...

[SuperDre]

they can claim whatever they want, but it won't work on any other mailclient (unless the specific mailclients are going to implement the feature, and guess what, don't count on it)....

Re:Not if you email me

[Dan541]

I don't remote load anything in email. Spyware and other malware is all too common.

Re:Not if you email me

[Dan541]

The second like in the article is spam.

Finally

[hackertourist]

a good use for the HCF instruction

Re:Not if you email me

[Cley+Faye]

This would not work that well with gmail; images are cached by gmail's servers, and I'm pretty sure any form of "intelligence" in an html mail is sure to fail too on their interface.
The "view your message here" link hypothesis seem more realistic (and sillier but meh).

that's not how it works ...

[Gunstick]

... that's not how any of this works!

Re:Not if you email me

[Toad-san]

Not for me then. I'll be damned if I'll click on an executable, a script, follow a link somewhere else, when it's in an email. I learned long ago, you just don't do that.

Re:LOL! Is the email content just stored elsewhere

[allo]

cool newssite you linked. "cpulimit exceeded" Muhahahahahaha

Re:Unenforceable

[The-Ixian]

I have seen systems that prevent screen capture as well.

We have some standards documents which must be purchased. In order to prevent copyright theft, the distributor of the PDF files requires software on your computer which will actively disable the native clipboard and screenshot capabilities while the PDF is open. In addition, the software will look for common screenshot software like snagit and greenshot and force them to close before you can launch the PDF.

Despite all of that, a user could still abuse the spirit of the rules in this case by using the 1 allowed hard copy to print out the entire standards doc and then scan it back into the system...

So, I guess my point is, you could lock down the screenshot bit... perhaps you could also lock down the picture capability too by interfering with interlacing and/or refresh rates somehow.... but I guess it just depends on how far you are willing to go...

Not a total bust

[Chewbacon]

This is a valid concept so long as both parties agree to uphold the privacy. However, that's a big "if."

Re:Unenforceable

[Grishnakh]

perhaps you could also lock down the picture capability too by interfering with interlacing and/or refresh rates somehow.

Interlacing? Refresh rates? This is 2015, those things don't apply any more: everyone has LCD now. Software has no real control over the display.

We have some standards documents which must be purchased. In order to prevent copyright theft, the distributor of the PDF files requires software on your computer which will actively disable the native clipboard and screenshot capabilities while the PDF is open. In addition, the software will look for common screenshot software like snagit and greenshot and force them to close before you can launch the PDF.

This sounds like malware to me.

Agreed.

[billstewart]

And there are a bunch of similar applications for which you might want to be able to verify that the mail's only going where it should, and that it won't stick around as a legal record longer than you want it to.

Re:Unenforceable

[LinuxIsGarbage]

a user could still abuse the spirit of the rules in this case by using the 1 allowed hard copy to print out the entire standards doc and then scan it back into the system...

Can you print to a PDF printer, or print to a Postscript file to be turned into a PDF file later?

Re:hmm. from TFA:

[gweihir]

I know.

This is stupid.

[Arancaytar]

It's either a web-service that emails a hyperlink to the message (which can be easily extracted), or something that only works if the recipient installs the same extension. In either case, why would a recipient voluntarily restrict their own access?