Slashdot Mirror
Gmail Messages Can Now Self-Destruct
New submitter Amarjeet Singh writes: Dmail is a Chrome extension developed by the people behind Delicious, the social bookmarking app/extension. This extension allows you to set a self-destruct timer on your emails. You can use Dmail to send emails from Gmail as usual, but you will now have a button which can set an self destruct timer of an hour, a day or a week. Dmail claims it will also unlock a feature that won't allow forwarding, meaning only the person you sent your message to will be able to see it.
Please explain.
BS.
"it will also unlock a feature that won’t allow forwarding, meaning only the person you sent your message to will be able to see it"
Then I'll copy and paste the text to another Windows and foward it.
What the article describes is not e-mail. It's an messaging app with a different protocol using e-mail only as a transport mechanism.
It's only enforceable because it isn't email.
All this stupid thing is, is a system where the recipient gets a link to click on, which lets them go view the "email" (message) on some server somewhere, subject to a bunch of restrictions. I think there's also a browser plugin that basically does the same thing, but making it appear more like you're reading an email instead of just being redirected to some server.
This isn't email in the traditional SMTP sense.
Of course, it still is impossible for them to prevent you copying it somehow, even if you have to resort to screen capture.
It has nothing to do with Gmail really, it's just a link to let someone view a message on some website. It isn't actually email.
Um... "Print Screen" or "Screen Capture" kinda makes the whole premise of this pointless.
I already have this feature, it's called "Comcast"
Table-ized A.I.
If only it were actually Dmail, that would make the whole premise a lot more interesting. Do they also build microwaves?
Their extension can't affect the recipient's end of things if the recipient isn't also running that extension. In that case nothing Dmail can do can prevent the recipient from saving the message, forwarding it or doing anything else with it. Dmail can play tricks with HTML e-mail by replacing the body of the e-mail with a dummy wrapper that fetches the message via HTTP from a Dmail server and they can use some Javascript tricks to try and block "Save as", but those are going to run into problems with anything that blocks remote content or disables Javascript in e-mail. Even if the recipient's using Gmail in Chrome that's going to be an issue considering how that sort of blocking's basic to blocking malware. And of course if the recipient's running a non-browser client using IMAP4, Dmail's completely out of luck.
As far as being able to restrict viewing to only the recipient, that's easy. Every standard mail client today supports it. The hard bit's getting the recipient to generate a public-key certificate and install it as a personal certificate and key in their e-mail client. Then you just encrypt the e-mail using their public key and send it as an S/MIME message, their mail client will automatically decrypt it for them. I could even make that work in web-mail with a browser extension that recognizes the message text block, grabs it and decrypts it and stuffs the results back in the text block for the user to see. The obvious advantages here are that a) you wouldn't need to use any particular service provider to send the mail and b) not even the service provider or e-mail servers would be able to see the cleartext. The hard part's the PKI, and really all that needs is an extension for the mail client to automate generation of a certificate and installation into the client like we have in browsers. Depending on the browser and OS that might be simplified by taking advantage of shared OS cryptography features.
I've kicked this idea around as a commercial possibility, but it all comes down to two basic problems:
The best part is, when you want to send a message to someone that cannot be forwarded and self-destructs, you first have to send it to this Dmail company's server in the cloud where it will exist forever.
And since most of the people using this "non-forwarding self-destructing message system" will be people sending threats and harassment to ex-girlfriends, I wouldn't be a bit surprised if this entire thing is one big honey trap.
You are welcome on my lawn.
Back in 2000, a company called Disappearing Inc. made a presentation to the Bay Area Cypherpunks meeting about their product, which was pretty similar except that back then most people used real email clients instead of webmail. When the guy walked in, and we were expecting him to be pushing some kind of snake oil, he started out by saying that their threat model was to let cooperating people have some guarantee that their email would go away when they wanted it to, not to keep uncooperative people from doing that because you just can't stop screenshots / cameras / sender saving a copy / etc. and anybody trying to sell you that is selling snake oil. And suddenly he had a friendly audience, instead of one that was going to beat him up, because he'd defined a problem that could be believably solved, which was cool.
So the trick is that the file's in an encrypted format, and Disappearing Inc's server keeps the keys and a delete date for them, and if the sender and recipient are both using their product, the reader program/plugin/etc. fetches the key from DI's server; if not, you drop the file into an SSL-encrypted web form on DI which decrypts it for you. When the delete date hits (or earlier, if the file's set for read-only-once), DI deletes their copy of the key, so the recipient's mail box now has an encrypted binary blob file with no decryption key. Yes, if the server gets compromised, it's all toast. Yes, if the recipient's email client or browser is compromised at the time they read it, it's all toast. But if nobody's trying to subpoena or crack the message until after the key's deleted, then it's too late to recover old messages, though you can always try to attack new ones.
It was a nice system, and they stayed in business a couple of years before getting bought by somebody who got bought by somebody and disappearing into dead-dot-com-space. Similar systems have been sold by various other companies, often under category names like "Data Loss Protection".
If you wanted to do a "no forwarding" version, you'd do it by setting rules on who could access it, whether by IP address or some ID in the reader plugin or delete-after-one-read or whatever.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Will this work for people sending messages to other random people? Probably not. But imagine a corporation deploying this system to all of their computers. Suddenly, the boss can tell their employees to do unethical things, make illegal threats, and so on without any chance that the FBI is suddenly going to show up and arrest him with evidence of his misdeeds.
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
Can't look at it:
http://www.hostinger.in/cpu_ex...
hostinger.in says that the cpu limit has been exceeded.
Remind me never to host anything there since it apparently becomes unreadable under a slight load.
If you're a zombie and you know it, bite your friend!
This. Links in email are dead to me. I don't follow them, my mail client doesn't follow them, it's just so many wasted bytes. And that includes e-cards from friends/relatives. You want to send me something, send it to me, don't ask a third-party to.
(Sure, I make an exception for links I'm expecting (have asked for) but even then I'll copy them to my browser. HTML in my email is turned off.)
-- Alastair