Slashdot Mirror

← Back to Stories (view on slashdot.org)

Gmail Messages Can Now Self-Destruct

Posted by samzenpus on from the in-10-seconds dept.

New submitter Amarjeet Singh writes: Dmail is a Chrome extension developed by the people behind Delicious, the social bookmarking app/extension. This extension allows you to set a self-destruct timer on your emails. You can use Dmail to send emails from Gmail as usual, but you will now have a button which can set an self destruct timer of an hour, a day or a week. Dmail claims it will also unlock a feature that won't allow forwarding, meaning only the person you sent your message to will be able to see it.

18 of 204 comments (clear)

  1. Won't allow forwarding? by elgholm · · Score: 3, Insightful

    Please explain.

    1. Re:Won't allow forwarding? by Impy+the+Impiuos+Imp · · Score: 3, Insightful

      Really. Is there some hidden API into gmail? And receiver can do whatever it wants with the email, includ8ng forward, via cut and paste if necessary, assuming bizarre behavior from gmail.

      And what of gmail's safety backups? How long before gmail clobbers those?

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    2. Re:Won't allow forwarding? by John+Allsup · · Score: 3, Interesting

      (GUESS) If you don't have their app installed in Chrome and view within Chrome, you get emailed a link, which opens in a browser. Most likely it will be a rendered image (or something like that), though of course you could still attach that. (/GUESS)

      If I receive a 'click on this to see your message', like many, I will probably email back whoever sent it, ask them to resend as a conventional email (that is, disable Dmail) or else I will simply delete it. Quite possibly I might consider writing an app which goes through my gmail via IMAP and automates this process (that is, scan inbox, detect dmail messages, auto-reply requesting conventional email, and move to dmail-spam).

      --
      John_Chalisque
    3. Re: Won't allow forwarding? by Anonymous Coward · · Score: 4, Informative

      Can my computer prevent my smartphone from taking a picture of the monitor?
      Trying to prevent screenshots on email is as stupid as those lockdown browsers that some schools make you use when taking a test. Everyone has multiple internet connected and camera equipped deviced now.

    4. Re:Won't allow forwarding? by just+another+AC · · Score: 3, Insightful

      If the end content needs to be presented to a human at any point, it can be copied. It is just a case of time, effort and quality. No matter how much they lock down the operating system, we can take a photo of the monitor. MS knows this, I don't expect them to push that hard for it.

      Until they start connecting directly into our brains (with channel only being unencrypted "in-brain"), DRM is nothing but an inconvenience.

    5. Re: Won't allow forwarding? by phantomfive · · Score: 5, Interesting

      Can my computer prevent my smartphone from taking a picture of the monitor?

      It seems strange, but even right now, some software will prevent you from modifying photos of certain things (Photoshop and hundred dollar bills for example).

      Computer companies are depending more and more on media companies every day.....consuming media is the primary use of many of these devices. Soon they might say, "Why not implement this? It'll make the media companies happy, and most people won't care."

      --
      "First they came for the slanderers and i said nothing."
    6. Re:Won't allow forwarding? by Anonymous Coward · · Score: 5, Informative

      The only part of this that is related to gmail is that it is a chrome extension that adds the feature to the gmail interface. It sends the user an email link to view the message on a webpage, and then deletes the message later. It probably captures select and right click events in order to be "secure" too. In short, it is garbage.

    7. Re: Won't allow forwarding? by Sir+Holo · · Score: 3, Informative

      It seems strange, but even right now, some software will prevent you from modifying photos of certain things (Photoshop and hundred dollar bills for example).

      Nah, you can get around it. Just do it in sections. Assemble resultant TIFF (or whatever) in IRFAN-View, or some of the numerous open-source image-editing programs.

      The trick to "out-witting" the US Mint's genius bill-recognition scheme is to move some of the circles around –the yellow ones. They are 5-circle constellations, which is how Photoshop recognizes them as US currency. This has been known since the 'new' $20's came out about 15 years ago.

    8. Re: Won't allow forwarding? by xaxa · · Score: 4, Informative

      The trick to "out-witting" the US Mint's genius bill-recognition scheme is to move some of the circles around –the yellow ones. They are 5-circle constellations, which is how Photoshop recognizes them as US currency. This has been known since the 'new' $20's came out about 15 years ago.

      The US didn't invent everything ;-)

      It's been known about since 2002, when it was found in European banknotes dating back to 1996. It's thought to be a Japanese invention.

      http://www.cl.cam.ac.uk/~mgk25...

      https://en.wikipedia.org/wiki/...

    9. Re: Won't allow forwarding? by Sir+Holo · · Score: 3, Informative

      It's thought to be a Japanese invention.

      http://www.cl.cam.ac.uk/~mgk25...

      Nice info.

      Being a scientist, the first day the new $20's came out, I withdrew $300 and examined the bills under a microscope. The pattern quickly became obvious.

      As did two other features. One is public. The other — while chatting with the head of R&D at the US Mint during a conference, I brought it up. He would only deny it, but a fresh sample of 15 is statistically significant. I checked again recently and they've quit using it, as it wears off.

  2. Pure undulterated bullshit by cheesybagel · · Score: 4, Insightful

    BS.

    "it will also unlock a feature that won’t allow forwarding, meaning only the person you sent your message to will be able to see it"

    Then I'll copy and paste the text to another Windows and foward it.

    What the article describes is not e-mail. It's an messaging app with a different protocol using e-mail only as a transport mechanism.

    1. Re:Pure undulterated bullshit by brian.stinar · · Score: 4, Interesting

      DRM is built upon the lack of understanding that playing content (text, image/sound/video) requires, BY NECESSITY, the ability to duplicate that content. It's always possible to do an analog scrape, if the DRM keeps everything in digital land "safe." As I recently found out with .m4b files, it's just a matter of how annoying the DRM producer wants to try and make that process, and how valuable your time is.

      I never understood the desire to try and accomplish anything else. Software/hardware/device manufacturers that try and DRM-proof their products annoy me. I left a startup because of DRM:

      "Brian, we need to protect our content. That's why I'm putting you on this DRM-WordPress-enabled-web-protect-our-desktop-application project."
      "Actually, hardly anyone wants to buy this software yet. The best thing that could happen would be it would catch on fire on pirate networks. That's called free marketing."
      "I spent twenty years of my life developing this software."
      "And it's only been the last six months that you've sold ANYTHING. Let's close these sales deals, and then start developing the subscription-only services, that require a valid subscription, and then we can 'protect' the content by having AWESOME subscription based content. If anyone pirates v 1.0, let's make v 2.0 so much better they cannot wait to buy it, and support us!"
      "The software isn't ready, we need to protect it."
      "DRM in the absolute best case adds NOTHING to the user, and in the worst case is horribly annoying. I'm not going to work on DRM technology that will alienate our miniscule user base."
      "I disagree."
      "I'm out."

      And this is why the second start-up venture I was a part of failed. Everyone left, after 20k in 'sales' never materialized based on the founder wanting to 'protect' his software. I am ready for the third failure though!

  3. Re:Unenforceable by Grishnakh · · Score: 5, Informative

    It's only enforceable because it isn't email.

    All this stupid thing is, is a system where the recipient gets a link to click on, which lets them go view the "email" (message) on some server somewhere, subject to a bunch of restrictions. I think there's also a browser plugin that basically does the same thing, but making it appear more like you're reading an email instead of just being redirected to some server.

    This isn't email in the traditional SMTP sense.

    Of course, it still is impossible for them to prevent you copying it somehow, even if you have to resort to screen capture.

  4. Re:Not if you email me by Grishnakh · · Score: 5, Informative

    It has nothing to do with Gmail really, it's just a link to let someone view a message on some website. It isn't actually email.

  5. El Psy Congroo by Whiternoise · · Score: 3, Funny

    If only it were actually Dmail, that would make the whole premise a lot more interesting. Do they also build microwaves?

  6. Won't/can't work by Todd+Knarr · · Score: 3, Insightful

    Their extension can't affect the recipient's end of things if the recipient isn't also running that extension. In that case nothing Dmail can do can prevent the recipient from saving the message, forwarding it or doing anything else with it. Dmail can play tricks with HTML e-mail by replacing the body of the e-mail with a dummy wrapper that fetches the message via HTTP from a Dmail server and they can use some Javascript tricks to try and block "Save as", but those are going to run into problems with anything that blocks remote content or disables Javascript in e-mail. Even if the recipient's using Gmail in Chrome that's going to be an issue considering how that sort of blocking's basic to blocking malware. And of course if the recipient's running a non-browser client using IMAP4, Dmail's completely out of luck.

    As far as being able to restrict viewing to only the recipient, that's easy. Every standard mail client today supports it. The hard bit's getting the recipient to generate a public-key certificate and install it as a personal certificate and key in their e-mail client. Then you just encrypt the e-mail using their public key and send it as an S/MIME message, their mail client will automatically decrypt it for them. I could even make that work in web-mail with a browser extension that recognizes the message text block, grabs it and decrypts it and stuffs the results back in the text block for the user to see. The obvious advantages here are that a) you wouldn't need to use any particular service provider to send the mail and b) not even the service provider or e-mail servers would be able to see the cleartext. The hard part's the PKI, and really all that needs is an extension for the mail client to automate generation of a certificate and installation into the client like we have in browsers. Depending on the browser and OS that might be simplified by taking advantage of shared OS cryptography features.

    I've kicked this idea around as a commercial possibility, but it all comes down to two basic problems:

    • If the messages are truly private it's nigh impossible to generate revenue by any means except annual subscriptions from users. Senders might pay, but recipients won't and that breaks the whole thing.
    • Controlling what happens after the message reaches the recipient's nigh-impossible. The best you can do is if you restrict recipients to a platform like mobile where they have to access messages through your app. There's still ways around the controls, but you can make it so the phone has to be rooted and then access to the secure credential storage obtained and that's not something that can be automated enough to be feasible for the average user to do. In an uncontrolled environment like a browser or a regular e-mail client? Forget it.
  7. It's a Limited Threat Model Definition, not DRM by billstewart · · Score: 5, Informative

    Back in 2000, a company called Disappearing Inc. made a presentation to the Bay Area Cypherpunks meeting about their product, which was pretty similar except that back then most people used real email clients instead of webmail. When the guy walked in, and we were expecting him to be pushing some kind of snake oil, he started out by saying that their threat model was to let cooperating people have some guarantee that their email would go away when they wanted it to, not to keep uncooperative people from doing that because you just can't stop screenshots / cameras / sender saving a copy / etc. and anybody trying to sell you that is selling snake oil. And suddenly he had a friendly audience, instead of one that was going to beat him up, because he'd defined a problem that could be believably solved, which was cool.

    So the trick is that the file's in an encrypted format, and Disappearing Inc's server keeps the keys and a delete date for them, and if the sender and recipient are both using their product, the reader program/plugin/etc. fetches the key from DI's server; if not, you drop the file into an SSL-encrypted web form on DI which decrypts it for you. When the delete date hits (or earlier, if the file's set for read-only-once), DI deletes their copy of the key, so the recipient's mail box now has an encrypted binary blob file with no decryption key. Yes, if the server gets compromised, it's all toast. Yes, if the recipient's email client or browser is compromised at the time they read it, it's all toast. But if nobody's trying to subpoena or crack the message until after the key's deleted, then it's too late to recover old messages, though you can always try to attack new ones.

    It was a nice system, and they stayed in business a couple of years before getting bought by somebody who got bought by somebody and disappearing into dead-dot-com-space. Similar systems have been sold by various other companies, often under category names like "Data Loss Protection".

    If you wanted to do a "no forwarding" version, you'd do it by setting rules on who could access it, whether by IP address or some ID in the reader plugin or delete-after-one-read or whatever.

    --

    Bill Stewart
    New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
  8. Corporate applications? by Mr.+Freeman · · Score: 3, Insightful

    Will this work for people sending messages to other random people? Probably not. But imagine a corporation deploying this system to all of their computers. Suddenly, the boss can tell their employees to do unethical things, make illegal threats, and so on without any chance that the FBI is suddenly going to show up and arrest him with evidence of his misdeeds.

    --
    -1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.