>The main thing to point out is that by uploading a message it is still possible to get access to your message in a permanent state either by screen shotting or finding the image source. The tool exists for people who have no interest in keeping the messages you send. Please don’t blame us for message leaks.
So I can't send this to people I dont trust and I have no way to guarantee that delete.im doesn't save my messages. What exactly do I gain from this over just clearing my local logs?
As as security person these 'forgetful' services really bother me because people tend to claim that they offer the world but there is no way to actually guarantee any of it. More importantly there _fundamentally_ isn't a way to prevent the other side from saving the message. Without end-to-end encryption there isn't a way to make any claims about what is stored by the service.
And before you recommend end-to-end encryption in a browser based service don't forget that we know exactly how those get MITM'd: When a warrant comes in you serve that person a different webpage with broken encryption/leaks.
This is the same rant I had about Snapchat, and the same rant I'll have about the next forgetful .* service. The only claim they have to actually being forgetful is a promise and you'll never see them stand behind any actual privacy claim because they cant and they know that.
tl;dr Please stop making 'forgetful' services or 'view only once' services.
These services deeply anger me and it is pretty hard not to launch into rants when I see them unfortunately.
I have an honest question for you HN: Do you not see these services as fundamentally broken? Would it be worth writing a long post somewhere breaking down exactly why these services are broken at best and bad in general? I'm deeply afraid that the public will start seeing these services as providing actual privacy and start using them as such.
Pencilo, I can really see your point but I that's not why we made it.
Delete.im is not supposed to keep you safe from hackers or NSA. It's only to prevent sensitive data from lying around your chat history or emails. That's pretty much it. It's a completely different concept from snapchat and the others.
This isn't about hackers or even the NSA. The NSA is like the final boss. This isn't even passing level one.
The point is that you don't actually offer me any more privacy than if I just used the 'Off The Record' feature of many chat programs or deleting my logs.
Are 'off the record' conversations deleted the second they fall off your chat history? I doubt it. Are delete.io messages deleted once the server started returning 'this message is unavailable'? I doubt that too. More importantly I can't verify if you delete them then or even at all.
Now my sensitive data is not lying around in my chat history or emails, it is lying around on your server. If my logs are only stored locally I can delete them. Likewise if I control my email server I can delete them.
How can I prevent sensitive data lying around on your server? Are you more trustworthy than my email? Why?
The comparison to Snapchat and friends comes from the 'limited number of views' or 'viewable only for a time' feature. These features are trivially broken at best and misleading to non-technical people. These are marketed as privacy features and they're a lie.
If you want to bill your service as a pastebin style service that removes files after a time then go right ahead, I will not have issues with that.
If you want to claim that those features are to protect sensitive data? Then I have a problem. Services built around working with sensitive data need to be held to a higher standard.
When I make a message, the URL seems to use zeroclipboard for Flash based click-to-copy, but I have Flash blocked with an extension and click to play. It would be nice if the message URL could be manually selected, like with bitly.
https://onetimesecret.com/ – also sends messages. Does not support images or view limits greater than 1, but does support requiring a password to view.
http://volafile.io/ – for sharing files. Create a private or public chatroom where you can upload files and they are deleted after 24 hours. See, for example, the Hacker News room: http://volafile.io/r/BCcsa6.
I've used one time secret for sending temporary passwords or sensitive numbers to colleagues without context. So much project communication takes place via insecure messaging such as email or im. It's not perfect security, but I've seen enough people have their websites hacked after having an email account compromised (and searched for the phrase 'password'). Tools like this don't so much give a false sense of security so much as remind the average person what a false sense of security they already have by using their cloud email service as a password manager.
The developer also open sourced it so it can be integrated into an IT department's internal workflow if trusting him is too much. The command line tool is also a nice touch.
Thanks for mentioning One-Time Secret. It used to support view limits but I removed the option to avoid the scenario where someone thinks it can be viewed only once but ends up still being available. It simplifies the UI as well.
- open source, so you can (and should) host your own
- encrypted on the client, only encrypted data is stored on the server. Key is "stored" in the fragment identifier [1] (ie after the #hash), so the server doesn't receive it, yet you can share the full url with who you want.
Obvious deficiency: the javascript to encrypt/decrypt is distributed by the server, so you have to trust it. Which is why you should install and use your own instance.
Side-effect of using client-side encryption: "burn after reading" is merely a convenience for the server admin so he can reclaim some disk space. You don't have to trust the server for this.
Oh, and it's only php, so installation is only unzipping.
Hey Hacker News! Great to see this posted here.
I made this with my friend as a side project and a of proof of concept.(You can see I tried to post it here when we launched). So yeah the main point you guys are picking up on is yes you can just screenshot and the img is being inserted in plain form - so yes it's pretty easy for people to just grab your 'secret' message.
As the lovely named 'shittyanalogy' picks up on I think the use case here isn't for super secret messages or data you never want viewing. We've had people use it for coupon codes (first 100 get it) or your phone number so you don't have to post it publicy. We preach the mantra of 'don't upload things to the internet you don't want people to see'. This rule applies to snapchat, us & all the other services out there.
The API is interesting and looks really easy to use. Could do some snapchat-like stuff, with text, but that's about it. Maybe mostly a design showcase?
I think you guys are missing the use case where both parties are looking to not leave a paper trail. If I email IM or text you nothing but links to this service our communications, while happening over convenient networks, have no (theoretical) paper trail.
Um... if you don't want anyone to know, why would you EVER send your data to a third party?
All of these "disappearing ink" apps are patently ridiculous, they all have demonstrated security flaws, and they completely ignore the analog gap problem.
What are people thinking when they decide to use this crap?
... "Oh cool, look at me, I am a spy... let me send you something sekret, tee-hee I am sure this other dude running this server is totally cool too so you can send me your sekrets back... tee-hee-hee... nobody will ever know"
So many god damned stupid fucking kids walking all over my fucking lawn these days!
Your attitude seems unnecessarily negative. Let me give you a theoretical example:
I live with my girlfriend. My girlfriend's birthday is next week and I want to plan a surprise party. I send a message out on this thing instead of Facebook or email (where she might see it).
When the vast majority of people talk about not leaving a paper trail, they (rightfully) aren't concerned with third parties -- they're concerned about second parties. Snapchat didn't take off because people were trying to hide from governments, it took off because they were trying to hide from friends and parents.
Case 1: You delete my message once I read it
Case 2: You simply report it as deleted once I read it(but keep it stored)
Is there any way for us to distinguish the two?
The more important part of my post was "What stops Delete.im from saving your messages?". What if you get an order from your government's legal apparatus to save my messages?
I agree that this method is not particularly great but you are missing the use case.
This is useful for cases where you trust the person you are sending to (to not print screen, etc), and also don't care about third party knowing the message.
Delete.im is only really meant to stop things from sitting in your email / chat history. Passwords, codes and things like that. You usually send those to people you know.
You must have miss-understood, what every the user types on the keyboard is NOT displayed on the textbox(screen) but instead a scrambled version displays.
This is great. I almost built this 2 weeks ago after having a conversation with a guy from work. How can it be monetised though or are you hoping to be acquired?
So I can't send this to people I dont trust and I have no way to guarantee that delete.im doesn't save my messages. What exactly do I gain from this over just clearing my local logs?
As as security person these 'forgetful' services really bother me because people tend to claim that they offer the world but there is no way to actually guarantee any of it. More importantly there _fundamentally_ isn't a way to prevent the other side from saving the message. Without end-to-end encryption there isn't a way to make any claims about what is stored by the service.
And before you recommend end-to-end encryption in a browser based service don't forget that we know exactly how those get MITM'd: When a warrant comes in you serve that person a different webpage with broken encryption/leaks.
This is the same rant I had about Snapchat, and the same rant I'll have about the next forgetful .* service. The only claim they have to actually being forgetful is a promise and you'll never see them stand behind any actual privacy claim because they cant and they know that.
tl;dr Please stop making 'forgetful' services or 'view only once' services.