Hacker 10 – Security Hacker

Tag: self-destructing notes

  • Share self-destructing files and notes with dstrux

    Share self-destructing files and notes with dstrux

    Dstrux is an online platform to share notes and files that will self-destruct on the date you specify and tracks when somebody has seen the message you sent to them. The files and notes you share are encrypted in your browser before uploading them to dstrux servers with SSL, the system stops everybody, including dstrux, from seeing what you are sharing.

    This service can be used to share messages with other people while not exposing the data to Internet wire-tapping, but the main idea is to be able to exchange personal data in social media like Facebook or by email without having to upload photos and messages to websites that will archive your messages for years and share it with third parties.

    Self-destructing files dstrux
    Self-destructing files dstrux

    Signing up for a dstrux account can be done with your Facebook account or entering an email address and password, linking your Facebook account with this service means revealing your identity so I selected email signup instead.

    After login in you will see a simple interface with “Received“, “Shared” and “Forwarded” tabs and a notification alarm bell on top that tells you the date and time a contact has seen a message you sent to them with the date it was destroyed. If you wish to share a file or note with somebody upload it from your computer, set the timer to days,hours or minutes and optionally add blurring to the photo. Blurring stops the receiver from being able to capture a full screenshot of the picture you are sharing, when turned on, the photo will only be visible by sections as you hoover your mouse over it.

    The receiver does not need an account with dstrux to be able to read the messages but dstrux encourages them to open one to reply to you in the same fashion. Note that destroyed files will still be available in your “Shared” tab, clicking on them will show metadata about who has seen them, you can delete obsolete files clicking on the trash can.

    This is an easy to use service, my only criticism is that sharing integration has been made with Facebook and email, I would have appreciated an open link that I can post in Usenet or an online chatroom to share with a group of people that don’t know me.

    Dstrux appears designed for one to one data sharing and privacy in mind, I would not suggest this service for anonymity or sharing files in between groups.

    Visit dstrux homepage

  • Share encrypted messages on social networks with Privly

    Share encrypted messages on social networks with Privly

    Priv.ly is an open source project that allows you to communicate with others using the site of your choice while denying that site access to your data, everything is encrypted and shared through a link, the site can not be forced to reveal data it doesn’t hold and data retention won’t matter, by posting your messages through a link Google+, Twitter or Facebook will never have access to your private data. The messages will  be automatically decrypted by people using the Privly browser addon making the process easy an automatic for everyone, only users whose public encryption key has been used to encrypt data will be able to read the message, it is possible to revoke access to a single user by not using his key and the content on the server can quickly be destroyed or changed.

    At the moment Privly servers host the encryption keys to automate decryption and  the extension pulls the encryption key and content off the server after your friend clicks on a Privly URL link, this makes the central server vulnerable to attack, there are future plans to change it by creating a P2P decentralized storage system making impossible even for Privly staff to read your messages, another vulnerability that the developers are working on is preventing the browser from caching encrypted messages.

    Social network encrypted messages Priv.ly
    Social network encrypted messages Priv.ly

    Privly is an asymmetric public/private encryption key system, you could do this yourself encrypting your messages with PGP/GPG before posting them to a social network, Privly advantage over manual encryption is that it saves people time and makes the process easy by only needing a browser addon, their central delivery server also makes it possible to change or destroy a message after posting. You could try to achieve the same result using a self destructing messaging system but few of those services, if any, is open source. Privly is a good initiative to stop abusive social networks data retention policies and to stop censorship from software scanning the Internet for keywords.

    The key for Privly to work is adopting a standard that everyone will understand as soon as they see it, in this case a URL, having too many ways of doing the same thing does not help spreading a technology, it all comes down to everyone agreeing on a system. You still have to solve the anonymity side of your messages as your computer IP is visible when you post a Privly link to a website.

    Visit Privly homepage

    Note: The project is still in development and might not be stable.

  • Services to send self-destructing email and notes

    Services to send self-destructing email and notes

    Sending a self-destructing note or email is a good way to  to make it difficult for someone to forward your message, saving it to a hard drive or stop a third party email server from keeping the message archived for years. The only way around for someone to copy a self-destructing email would be taking a screenshot, the message would still have to be associated with the sender to compromise your privacy, some of the services below make it difficult to make a readable screen grab.

    OneShar.es: Allows you to compose a text only message on their servers via SSL, you are then given a unique URL that can be copied into any email message, IM or chatroom, after someone views the URL to read the message it will automatically self-destruct. i.e. erase itself from the server

    PrivNote: Web service using SSL to send secure self-destructing notes without any registration needed. The text message will be made unavailable through the link after someone reads it once, there are no configuration options other than leaving your email address to be notified when someone reads the note.

    QuickForget: Designed to compose an online note through a SSL connection from your browser to their severs and easily set it up to expire after a specific number of views or length of time after which your note will be purged from the database for ever.

    QuickForget secure online note
    QuickForget secure online note

    OneTimeSecret: After creating a self-destructing note you will be given two links, one that will display the message once and another link for you that will inform you if the message has been read when you visit it. Optionally you can set up a password to protect the message.

    BurnNote: Mobile phone app only for Android and iPhone, Burn Note displays a count down when the recipient opens a message and automatically destroys when it reaches zero, this guarantees that if someone only one person is able to read the data. You can send messages to other Burn Note users, an email address or get a link to your message that you can post or send via Instant Messenger.

    BurnNote self-destructing note
    BurnNote self-destructing note

    StealthNotes: Message can have a maximum of views before self-destructing or a date can be set up for the message to be erased. Messages can be composed using text or HTML code, there is no SSL.

    Crypt-A-Byte: Online dropbox that allows you to send PGP encrypted messages or send a self-destructing message that is erased after the recipient reads it. The message is encrypted in the browser and the passphrase never stored in the server, it is impossible for Crypt-A-Byte to read or decrypt your notes.