Slashdot: News for Nerds


Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×


There's always a way. (5, Insightful)

SomeGuyFromCA (197979) | more than 7 years ago | (#16210229)

Screenshots, anyone?

Re:There's always a way. (1)

vga_init (589198) | more than 7 years ago | (#16210421)

Re:There's always a way. (-1, Offtopic)

Anonymous Coward | more than 7 years ago | (#16210879)

I think this is the analog hole [] you're looking for.

How "Disappearing Inc" solved this N years ago (5, Insightful)

billstewart (78916) | more than 7 years ago | (#16211607)

Back during the boom, a startup called Disappearing Inc made a similar system for email.
Their tech guy explained that it was really important to define the problems you're trying to solve and the problems you're *not* trying to solve. If you're trying to help cooperating users communicate privately, you can do it, but if you're trying to prevent uncooperative users from getting around it, that's probably impossible and certainly snake oil at best. They weren't trying to keep the users from breaking the system with some kind of DRM nonsense - they were building something that would let the users make sure that they didn't keep records of their email that they weren't deliberately trying to keep. It's the Ollie North email backups problem, not the Mr. Phelps problem.

Re:There's always a way. (4, Funny)

edmac3 (604659) | more than 7 years ago | (#16210503)

Sceenshots can be so easily be faked; who would accept screenshots as proof of anything?

Re:There's always a way. (2, Insightful)

Korin43 (881732) | more than 7 years ago | (#16210619)

Logs can be faked even easier. Your point?

Re:There's always a way. (0)

Anonymous Coward | more than 7 years ago | (#16210773)

As long as there are multiple logs (and there usually are) faked logs will likely betray inconsistencies with other logs. So no, faking logs is not that easy. And he does have a point: compared to copies and logs, it's harder to use a screen shot as evidence of anything.

Re:There's always a way. (2, Interesting)

Anonymous Coward | more than 7 years ago | (#16211213)

I think it's wonderful that courts take email as valid communication, and I know from expereince that logs are almost never checked.

For those people who understand deeply SMTP and how email MTA and clients work - this gives them much power in the current legal system.

I wonder, does /. track anon post ids? Would they turn them over to the feds if were asked to?

Re:There's always a way. (0)

Anonymous Coward | more than 7 years ago | (#16211695)

Why don't you find out for yourself [] ?

Re:There's always a way. (1)

TibbonZero (571809) | more than 7 years ago | (#16210803)

Sceenshots can be so easily be faked; who would accept screenshots as proof of anything?
Well the judges that the RIAA has in their pocket I suppose...

Re:There's always a way. (0, Redundant)

glittalogik (837604) | more than 7 years ago | (#16210825)

who would accept screenshots as proof of anything? Ask the RIAA...

Re:There's always a way. (3, Funny)

Anonymous Coward | more than 7 years ago | (#16210815)

And the first time anyone anonymously threatens the President using this service, it will end up SO busted... although it will be hard to trace all 4 million of the submitted threats.

Re:There's always a way. (4, Insightful)

firewood (41230) | more than 7 years ago | (#16210833)

Screenshots, anyone?

Better yet. Run the whole process on virtual machines on a virtual network. Record the virtual state and I/O from outside the virtual machine/network and replay the whole process (including message display and "deletion") at your convenience.

DRM can make screenshots impossible (4, Funny)

roystgnr (4015) | more than 7 years ago | (#16210895)

So all this program has to do is encrypt itself with a private key only available to DRM operating systems which support the "no screenshots of me" API. Hole plugged.

No, the real threat here is from Muslim extremists. I've heard rumors that an Egyptian named Abu Ali Al-Hasan Ibn al-Haitham is working on technology to foil such electronic protection mechanisms. If his "qamara" experiments succeed, all hope of being able to send unsavable or unforwardable messages may be lost.

Re:DRM can make screenshots impossible (0)

Anonymous Coward | more than 7 years ago | (#16210925)

DRM can disable all nearby digital cameras then?

Re:DRM can make screenshots impossible (1)

drDugan (219551) | more than 7 years ago | (#16211251)

I'm sure what roystgnr meant was the "DRM HEAD(TM)" surgical bio-implant that is now installed by default on all new human models. This feature rich, obligatory, add-on (installed before birth) has the RJX9000 bi-directional A/V control system where external images are implanted directly onto the retinal system. Of course, due to glacactic imperitive 358947659348567 (like all legal tecxhnology systems) the DRM HEAD (TM) includes the very latest DRM from Microsoogledobepple, Inc. and responds only to verified keys from the Galactic State.

Re:DRM can make screenshots impossible (1)

dave1791 (315728) | more than 7 years ago | (#16210991)

Cameras anyone?

Re:There's always a way. (1, Insightful)

emptycorp (908368) | more than 7 years ago | (#16210953)

Screenshots? Lame. Ever heard of network packet sniffing? It's impossible to send "safe" messages across the internet. Your ISP can log every packet you send and possibly unencrypt it should it be encrypted. And of course the ISPs are multi-billion dollar a year companies owned by the same people who run the government and the world so you can forget about "safe" messaging.

Re:There's always a way. (1)

omry_y (166752) | more than 7 years ago | (#16211115)

I tried to took one, but all I got was a blank image!

Re:There's always a way. (4, Insightful)

Tim C (15259) | more than 7 years ago | (#16211425)

Screenshots, RAM dumps, network packet dumps, video RAM dumps, running the client (or server, if I'm a rogue admin) in a VM and dumping its RAM, network data, etc; if data enters the RAM of a machine under my control, there's not a whole lot you can do to prevent me from gaining access to it. That might change with trusted computing, secure paths, etc, but even then if I'm determined and skilled enough I can hack the monitor's hardware to intercept the data at the point of display.

Or hell, I could just take photos of the screen.

This might well be secure from the average end user, but there will always be someone who can circumvent it, and in the case of a software hack, it only takes one.

Re:There's always a way. (3, Funny)

Mythrix (779875) | more than 7 years ago | (#16211615)

Obviously they're going to put the message over the image. No one will *want* to keep the message after reading it, if they even read it.

render it on overlay - no screenshots (0)

Anonymous Coward | more than 7 years ago | (#16211631)

If you've ever tried taking a screenshot from a movie (ie. windows media player) you know what i'm talking about. The surface of the overlay area comes out as blank (mostly pretty pink).
The analog hole is still there unless they invent a way based on our how our nervous system interprets images - ie flashing parts of it so it only "comes together" inside our brains.. Too bad it would most probably give the reader a bad headache and/or epilepsy.

Screen capture? (3, Insightful)

rjamestaylor (117847) | more than 7 years ago | (#16210231)

Come on. If it can be displayed or played it can be captured and preserved. Except for the money spent on such schemes, of course.

Re:Screen capture? (1)

in2mind (988476) | more than 7 years ago | (#16210307)

Come on. If it can be displayed or played it can be captured and preserved. Except for the money spent on such schemes, of course.
Nah. It wouldnt even cost money.What is to stop photographing it with a digital camera?

Re:Screen capture? (0)

Anonymous Coward | more than 7 years ago | (#16210665)

You don't have to pay money to buy a digital camera??

Re:Screen capture? (3, Funny)

Anonymous Coward | more than 7 years ago | (#16210705)

Depends on the level of your party's thief.

Re:Screen capture? (3, Insightful)

The Great Pretender (975978) | more than 7 years ago | (#16210475)

Bottom line is what do the producers of the service define as record. If they define the header and message being together as 'record' then separating the two destroys that 'record'. It doesn't mean that the message can't be recorded in some fashion. It's all about the advertising.

Packet sniffing anyone? (0)

Phantombrain (964010) | more than 7 years ago | (#16210253)

If anyone really wants to know who and what you are messaging, they would probably set up a packet sniffer which would make this useless.

Re:Packet sniffing anyone? (1)

neoform (551705) | more than 7 years ago | (#16210317)

Hmm, i would assume they've thought of that.. prehaps the chat is encrypted?

Re:Packet sniffing anyone? (0)

cranesan (526741) | more than 7 years ago | (#16210331)

Even if it is encrypted, even if the encryption is unbreakable (no flames), anyone sniffing could still determine who SENT the message and who is READING it.

Re:Packet sniffing anyone? (2, Insightful)

imemyself (757318) | more than 7 years ago | (#16210383)

It could go through the company's servers. They could just not be logging anything about it.

Re:Packet sniffing anyone? (1, Insightful)

Anonymous Coward | more than 7 years ago | (#16210885)

That depends .. in a network where a lot of encrypted packets are flying about .. they may not know if a particular encrypted message packet actually originated at a certain server or was it merely acting as a forwarder and the message was forwarded on. Assuming a highly connected network with false traffic, and randomized store & forward timing .. it could be made hard to pinpoint where an origin or destination is. Still this is all long solved problems .. lookup up freenet etc.

Re:Packet sniffing anyone? (0)

Anonymous Coward | more than 7 years ago | (#16211281)

Not necessarily: read up on MIX nodes. I believe this is the concept used in the Tor network (

ScatterChat (5, Informative)

dshaw858 (828072) | more than 7 years ago | (#16210257)

I somehow thing that this wouldn't be totally secure. Man in the middle attacks? DNS attacks, spoofing the "web based chat"'s interface? There are lots of ways to mess this up. If I was going for anonymity and protection, I'd use Cult of the Dead Cow's newly released "hacktivism" tool, ScatterChat. It basically uses strong encryption plus Tor (optionally, I think) to make chats as close to perfectly secure as a major chat appliance has come. It's a great idea, many years in the making. I'd go with that, myself.

- dshaw

PS: No, I'm neither affiliated with ScatterChat or CDC in any way.

Re:ScatterChat (0)

Anonymous Coward | more than 7 years ago | (#16210341)

Can't beat a mix of Tor w/ HiddenServices and a SILC server. :-)

Re:ScatterChat (4, Insightful)

BoRegardless (721219) | more than 7 years ago | (#16210471)

If I want security, I will be in a noisy open Jeep at 50 mph discussing the secrets with the other person I am communicating with.

Re:ScatterChat (2, Insightful)

slack-fu (940017) | more than 7 years ago | (#16211335)

Yes but then they can at least see who you are talking to.

Re:ScatterChat (you've given it away) (1)

Chrisq (894406) | more than 7 years ago | (#16211397)

Having written this on Slashdot your Jeep will now be bugged.

Re:ScatterChat (you've given it away) (2, Informative)

ad0gg (594412) | more than 7 years ago | (#16211567)

Thats the point of driving a jeep 50 miles an hour. No mic is going to pick it up with the wind noise.

Obligatory Simpsons Quote (1, Funny)

Anonymous Coward | more than 7 years ago | (#16211547)

Lisa turns on the dryer in the basement.

Lisa: There, now no one can hear us talking!

Bart: What?

Ctrl + C, Ctrl + V (4, Insightful)

Sneaky G (945398) | more than 7 years ago | (#16210269)

How do they know it's been read? Like the others, I'm sure where there's a will, there's a way, through screenshots or something. It's a nice thought, but my mama always told me never to write down anything I didn't want to be shown. You can't always prove what someone said but you can show what someone has written. I know I'm saving a few choice words that could conceivably come back and bite the person who sent the email to me.

Ctrl-X Ctrl-C (1)

c0d3r (156687) | more than 7 years ago | (#16210681)

Got Emacs?

majjjjjjjy'a p (2, Funny)

finiteSet (834891) | more than 7 years ago | (#16210765)

got vim?

One word: (4, Funny)

StikyPad (445176) | more than 7 years ago | (#16210273)



Bending over for a second . . . (4, Insightful)

Orange Crush (934731) | more than 7 years ago | (#16210277)

. . . because I'm not sure if it's easy enough to blow this smoke up my butt. Is this massively encrypted? One-time pad? The article says nothing except "no records are kept." Every machine along the path keeps a log of something. At the very least, it can be researched that two machines shouted garbled stuff at each other. How is this any more secure than current encryption methods in place? Do the relevant machines do a secret handshake via gumbyspace?

not recordable (3, Insightful)

dretay (583646) | more than 7 years ago | (#16210283)

If I don't want there to be a record then I talk to the person... in person. Anything else, from phone calls, to letters, to "super secure one time read only" e-mails I assume will be kept for future reference somehow.

Re:not recordable (5, Funny)

mctk (840035) | more than 7 years ago | (#16210343)

I just make sure both parties are really wasted. Cause if you don't remember it, it never happened. Right? ...RIGHT??

Re:not recordable (1)

rts008 (812749) | more than 7 years ago | (#16210451)

How can I get you as "middle-man" or mediator?
BTW-I have REALLY high tolerances, and REALLY expensive tastes!

I like yer style!

Re:not recordable (0)

Anonymous Coward | more than 7 years ago | (#16210975)

But the pain in your ass and the KY on the bed shall always remain as evidence...

obligatory (5, Funny)

CrazyJim1 (809850) | more than 7 years ago | (#16210287)

A messaging service called VaporStream

Oh, I thought it said VaporSteam, the gaming service that would allow you to play Duke Nukem Forever.

Re:obligatory (1, Interesting)

Anonymous Coward | more than 7 years ago | (#16210719)

This comment is obligatory, so I'm going to give it a useless subject line which tells nothing new to the people who would find the humor with this inside joke. After all, they're in the know, so they know it's obligatory. The obligation of the comment is intrinsic. Telling somebody who doesn't know a running joke that the statement being made is obligatory is not suddenly going to make it funny, so stating that it is, in fact, obligatory is entirely useless to the reader. In fact, I'd venture to say that using the subject "Obligatory" is merely fishing for positive moderation. A truly funny post such as the comment made in the parent wouldn't need such a ruse and would be better if the clever comment was accompanied by a clever subject.

It's not that I'm picking on you, I think your joke was definitely funny and worthy of its moderation. I'm just sick of seeing "Obligatory" as the subject, especially in a forum that mainly discusses logical subject matter.

Re:obligatory (1)

Kleen13 (1006327) | more than 7 years ago | (#16210731)

LoL...Now thats funny! It's coming out next week, right?

message gone! (3, Funny)

themushroom (197365) | more than 7 years ago | (#16210289)

Gee, sounds like text messages and email that your average tech support person sends their customer...

*ding* "I just received my password! Er, now I can't find it."

insecure. (4, Insightful)

cranesan (526741) | more than 7 years ago | (#16210293)

Key to Void's Web-based VaporStream service is the fact that at no time does the body of the message and the header information appear together, thus leaving no record of the interaction on any computer or server. The message cannot be forwarded, edited, printed or saved, and, once it's been read, it disappears; nothing is cached anywhere. No attachments allowed. nothing is cached anywhere It might not be cached by the VaptoStream provider, but the ISP (or anyone with a sniffer at the service provider's ISP) can cache both the headers and message informations of all the messages and correlate them later at their leisure. Only an idiot would believe this service gives them "an electronic communications channel that leaves not a trace of its contents or the identities of the participants."

Re:insecure. (1)

rts008 (812749) | more than 7 years ago | (#16210507)

I was wondering about that also.
(disclaimer: I'm a n00b and all-unknowing!)
When I check my e-mail with either evolution (for my account) or hotmail, I always see who it is from, who/if it has been cc'd or bcc'd, the subject line, and whether there were attatchments.
So, isn't this all stored together at least at one point?
With the number of people running Win IE and Outlook, does this null teh whole works at a weak point?
G-mail and Google Desktop tied in with the above?

I'm not trying to flame, just asking 'cause I don't know enough to know, only to be suspiciuos.
Say it isn't so!

Re:insecure. (1)

UltraAyla (828879) | more than 7 years ago | (#16211049)

Only an idiot would believe this service gives them "an electronic communications channel that leaves not a trace of its contents or the identities of the participants."

Sounds like a government contract is in order then!

Obligatory.... (-1, Redundant)

syousef (465911) | more than 7 years ago | (#16210297)

This message will self destruct in 5...4....3....2....1....

False (-1, Redundant)

dcapel (913969) | more than 7 years ago | (#16210299)

If a human can see it, a computer can get a screenshot of it. Need I say more?

Re:False (4, Funny)

Maniakes (216039) | more than 7 years ago | (#16210361)

That's the clever bit. See, since humans are generally the weak link in security setups (see Rubber Hose Cryptanalysis [] ), the system doesn't show the information to any humans. In fact, it never leaves the sender's computer! It's transcribed directly into write-only memory [] .

Still traceable? (3, Insightful)

mr_neke (1001861) | more than 7 years ago | (#16210305)

at no time does the body of the message and the header information appear together
So, forgive me for sounding naive, but... how is the system supposed to know where the body of the message is supposed to go without a header attached? There'd have to be some kind of link between the two, and even a tenuous link can be used to track where things are going.

I hereby claim this to still be traceable, even if it is a little more difficult than you would otherwise expect.

Making the news (4, Interesting)

sporkme (983186) | more than 7 years ago | (#16210323)

The article assumes (US govenrment) suspicion and pressure to kill off the project, but neither is cited. This is not news (yet anyway).
"Good guys need confidentiality, too," notes DEMO Executive Producer Chris Shipley.
This software sounds pretty damned cool. The article does not discuss specifically end user concern over the loose security (or even outright disclosure) practices of service providers (for profit, etc.) here lately, and I think that this user is the market for this software. People just aren't tickled by the idea of companies databasing and exploiting private conversations for the purpose of ad display. While this is certainly not the first software that is able to address these concerns, this is the first time I have seen it discussed in the context of who may not like it instead of the opposite. No specific information about the mechanics of the system is given.

While the idea of governmental interest in the personal conversations is not exactly preposterous, there is an awful lot of political hype on the subject. I think that the article could have given some more insight and a lot less innuendo. Potential for controversy does not controversy make. The article is actually bracketed by assumptions.
Void Communications had better be ready for a call from Department of Homeland Security.
...but that's not going to stop people from raising concerns.

Could not a software roundup have given a little pertintent information in place of all the speculation?

look at it but don't blink (5, Funny)

icepick72 (834363) | more than 7 years ago | (#16210349)

I've tried the service and it's so advanced that if I blink it diaappears. Try reading a long letter and it's like having staring contest with a fish. I hope they have patents. This thing is awesome.

Re:look at it but don't blink (3, Funny)

Thisfox (994296) | more than 7 years ago | (#16210359)

Yeah I was worried about that. What if you're a slow reader?

This message will.... (0, Redundant)

zanderredux (564003) | more than 7 years ago | (#16210397)

"This message will self-destruct in 5 seconds"
Alan Cox is seen screaming and running for help

Microsoft has been shipping this since 2003 (2, Informative)

Animats (122034) | more than 7 years ago | (#16210413)

This is just another document DRM system. Microsoft has been shipping this in Office since 2003. They call it "Trustworthy Messaging [] . It includes 128-bit encryption and "content expiration", as Microsoft puts it.

Nothing new here.

Re:Microsoft has been shipping this since 2003 (1, Informative)

Anonymous Coward | more than 7 years ago | (#16210491)

Lotus Notes has also been capable of much the same operation for ... ages.

Re:Microsoft has been shipping this since 2003 (4, Informative)

sporkme (983186) | more than 7 years ago | (#16210517)

Yeah, the flash demo basically states that it is headerless email, deleted on the sender system when sent, deleted on the server when downloaded, and deleted on the receiver when closed. Stripped headers mean that the sender/recipient combo is not included in the message, but exist temporarily and separately. The message can be compromised but the source cannot be determined at the recipient end, and vice-versa. The article leads one to believe that it is an instant messenger. This sort of thing was done before via anon email. Basically, it seems to be ~post as AC~ then lurk, but for your email. It has always been amusing to me when the word 'trustworthy' appears in a Microsoft title, though.

uhm... (0, Redundant)

nealrs (75987) | more than 7 years ago | (#16210417)

screenshots? i understand the whole header and message dont appear at the same time. but, if its displayed on a computer monitor, it can be archived somehow.

Re:uhm... (1, Redundant)

McFadden (809368) | more than 7 years ago | (#16210987)

Even if they try and make it more difficult to do a screen grab (disabling built in functionality like alt-print screen), what's to stop you taking out your pocket camera and just taking a quick snap of the screen in front of you? Any idiot can manage that.

yeah right (0)

Anonymous Coward | more than 7 years ago | (#16210459)

For anyone who does not know, any data that enters your computer can be saved. This is no exception.

First quiery (2, Funny)

Anonymous Coward | more than 7 years ago | (#16210467)

My friend, our organization has great need of your service. Will it work in middle eastern countries? How about the mountains of Pakistan? Is there a problem with arabic? We are very excited about your service and look forward to hearing from you are soon as possible. I wish we had access to it several months ago. An unfortunate incident in England could have been avoided.

Re:First quiery (1)

RMB2 (936187) | more than 7 years ago | (#16211359)

What, too soon???

Oh, that's easy... (1)

Pig Hogger (10379) | more than 7 years ago | (#16210509)

Oh, that's easy to implement. The website calls for a Windoze vulnerability, and 10 seconds after the message is displayed, the computer BSODs...

To everyone mentioning screenshots... (1, Insightful)

Lord Aurora (969557) | more than 7 years ago | (#16210557)

The idea of this isn't that nobody can ever see this information again. That would be absolutely impossible---I can write down, with pencil and paper (well, pen, because all of my pencils are broken) anything that I see or hear. Duh.

The idea of a non-traceable communication system is that, if the two people conversing don't want it to be seen again, it can't be. If I'm talking to Joe Smith about how we're going to steal ten trillion dollars from a couple hundred bank accounts around the world, I want to make sure that nobody can FIND or ACCESS the conversation we just had; for obvious reasons. If we talked about it on AIM, chances are some computer-savvy prosecutor could find logs of that chat hovering around cyberspace somewhere. If we talked over email, someone could find it hanging around in temp files, or SOMEthing.

This software doesn't aim to hide conversations from the people taking part in them. So unless you're worried about Big Brother sneaking up behind you and mashing the PRNTSCRN button every five seconds or so, screenshots are NOT an issue.

That being said, I still think it's a bit narrow in its uses. We'll see, though. We'll see.

Re:To everyone mentioning screenshots... (1)

surprise_audit (575743) | more than 7 years ago | (#16211047)

unless you're worried about Big Brother sneaking up behind you and mashing the PRNTSCRN button every five seconds or so, screenshots are NOT an issue.

What was the name of that dohickey some guy built out of parts from Radio Shack that could read the emissions from a CRT across the street and display an accurate image?? Dunno. Anyway, unlikely as it may be that this technology would be used much, it was proven that a CRT could be read remotely without even being visible.

How it works... (2, Informative)

chill (34294) | more than 7 years ago | (#16210559)

"How does it work? Using your existing e-mail address, Void says its technology automatically separates the sender's and receiver's names and the date from the body of the message, never allowing them to be seen together: "VaporStream messages cannot be printed, cut and pasted, forwarded or saved, helping promote open and collaborative communications. Once read, VaporStream stream messages are gone forever." The instant a VaporStream stream message is sent, the company says, it is placed in a temporary storage buffer space. "When the recipient logs in to read their message, the message is removed from the buffer space. By the time the recipient opens it, the complete stream message no longer exists on the server or any other computer."

Anyone can go to the company's web site and sign up for the service at $39.95 per year. It is Web-based, meaning that no hardware or software purchases are required. The company also says that VaporStream is completely immune to spam and viruses."

I guess their angle is to defend against MITM attacks. If it is web based, it sounds like the sender (Adam) logs in via HTTPS and sends a message to the recipient (Betty). The service adds a unique ID to the message, strips the headers and forwards it on to Betty.

Security problems that keep the bad guys from using it? The first is the $39.95 per month fee. No sense registering with that credit card 'cause that is tracable. How about sniffing one step upstream from Void's servers for originating IPs. That'll give you who is using it. Then traffic analysis watching for outgoing e-mail messages. If it works with your existing e-mail address then it uses SMTP, which is quite possibly plain text. You can sniff the contents of the message and the recipient. Statistical analysis of the HTTPS traffic just before the SMTP intercept can probably tell you who the sender was.

Let's not even get into the whole "recent hole in OpenSSL", staging a MITM/DNS poising attack with a proxy or phishing site.


Hardly novel technology (3, Interesting)

saforrest (184929) | more than 7 years ago | (#16210573)

I don't understand all the hype about this here, of all places. Obviously this is well-marketed, but unless I'm deeply misunderstanding something, it would be damned easy to achieve the same result this using various open-source tools. Something like:

  1. Get a Linux box with Apache and some database engine (PostgreSQL or MySQL)
  2. Make a database for user accounts and user messages.
  3. Throw together some web form for users to leave messages for one another. Use SSL for all HTTP requests.
  4. Write a client-side script (Java, maybe even Javascript) for user's machines that
    1. checks for the existence of a new message
    2. displays it when the user is ready, confirming sender using senders's public key
    3. sends authentication to the server that the message was received.
    4. prompts for a response back to the original sender, signing any response using local user's private key

  5. When the server receives authentication of message receipt, delete M.

Now, there is the issue that the server database is still presumably storing messages on disk, so we aren't matching up to the featured product's boast of never writing messages to disk. Offhand, I don't see a problem with this, since I think we have to trust in the physical integrity of the server. However, there's a simple solution: keep the database on a RAM disk.

In any case, I think this whole boast of the message never being written to disk is ridiculous, because you have absolutely no assurance that some intermediate machine is not caching it in transit.

Did I read the right article? (5, Insightful)

Alric (58756) | more than 7 years ago | (#16210581)

Most of you seem to be missing the point of this system. This is basically a bulletin board system with a special emphasis on deleting all traces of a message as soon as it is read by the recipient.

This is not a DRM system.

This system assumes that the sender and the recipient both want to keep the message a secret. Of course somebody can take a screenshot. Or they could just photograph the screen. Or use their brain to remember the message and then their mouth to repeat it. If your big criticsm is that this system doesn't prevent the recipient from reproducing the message, well, please just stop typing.

The point of this system is that the message itself leave no trail, unlike email or instant messaging. After the message is read, there's no ability to trace the message from the sender to the recipient, and there's very little ability to intercept the message. Sure it can be done, but the right combination of SSL and other precautionary measures should make this a fairly secure experience.

As I said, this seems to be just a suped-up BBS system. Unless I'm missing something, the technology is really nothing new or exciting. The only new thing here seems to be the marketing package, but they seem to be doing a pretty good job of providing a new service using existing technology.

What you did wrong was... (0)

Anonymous Coward | more than 7 years ago | (#16211203)

read the article, of course. You were supposed to just start ranting away about print screen or whatever else came to mind from the summary!

I like this quote (5, Funny)

DK (2203) | more than 7 years ago | (#16210603)

"The company doesn't see VaporStream being a useful tool for terrorists because it's built for one-to-one conversations, not one to a group."

Now THAT's a convincing argument.

Never exists (1)

gadzook33 (740455) | more than 7 years ago | (#16210623)

The message never exists on the computer of either the sender or recepient? Other than when it does and you're reading it, right?

Private network (1)

gadzook33 (740455) | more than 7 years ago | (#16210639)

The big "secret" behind this whole thing is a "private network of servers" that use "the latest in firewall technology". No, you're right, no subpoena could get through that.

final (0)

Anonymous Coward | more than 7 years ago | (#16210645)

finla post!

Nothing's impossible (1)

foQ (551575) | more than 7 years ago | (#16210651)

Hardware keyloggers and screenshot captures would totally defeat this.

Alice: You mean impossible?
Doorknob: No, impassible. Nothing's impossible.
-- Alice in Wonderland, 1951

Re:Nothing's impossible (1)

kbox (980541) | more than 7 years ago | (#16211097)

The doorknob's right!

This Message will self distruct in.. (1)

c0d3r (156687) | more than 7 years ago | (#16210659)

Crumbles up the paper and throws it in the can that his boss is hiding in. =)

we've had this for years (2, Insightful)

oohshiny (998054) | more than 7 years ago | (#16210711)

We've had this form of communication for years: it's called "number stations". And that's what you need: an encryption system that the two communicating parties know and understand, together with a public channel that you can broadcast to without being traced.

Relying on any kind of proprietary service for secure communications is achieving the exact opposite: you have no way of knowing whether these people play by the rules.

Oh nos another Dan Brown novel (2, Informative)

EvilMoose (176457) | more than 7 years ago | (#16210713)

Digital Fortress... I suppose.
That book sucked. All Dan Brown books are the same but it's weird that things out of his books happen to make news years later such as this and the mechanical fly incident.

really REALLY clever (1)

revolu7ion (994315) | more than 7 years ago | (#16210849)

If you were really really clever, you could take a photo of the computer screen using a digital camera, scan the lcd panel on the camera, and hey presto! Evidence

Re:really REALLY clever (0)

Anonymous Coward | more than 7 years ago | (#16211009)

Why in HELL would you scan the LCD screen, when you can connect the camera to your PC and download the digital photo from the camera...?

Re:really REALLY clever (1)

revolu7ion (994315) | more than 7 years ago | (#16211675)

...and thus the humor in the post...

Questionable... (2, Insightful)

mcbutterbuns (1005301) | more than 7 years ago | (#16210851)

You ever wonder if the NSA or CIA is partly behind this? How many backdoors are built into it for the to listen in. Is it open? Can I see? If not, not trustworthy

Screen shots do the trick (0)

Anonymous Coward | more than 7 years ago | (#16211015)

I've got screen shots from three former co-workers that sent me unbelievably vile 'stuff' at work, just messing around. I kept the screen shots just because they were so outrageous, kept them for fun, souvineers; in retrospect I'm glad I've got them, as one of these individuals in particular might need to be restrained one day, it's nice to have a finger on him.

I could cream two of them that are still working there, I could destroy one job for sure and damn sure make another one pretty damned uncomfortable.

Never - EVER - send anything electronically that you wouldn't want to read while sitting with your mother, wife, children, boss, co-workers, any law enforcement agencies.

You guys are overkill incarnate... (1)

nnkx00 (1006341) | more than 7 years ago | (#16211083)

Actually, you guys are spewing out ideas all more complex than the actual product. This is just a HTTPS encrypted website, where the pages served up don't show the header and message together. Everything else is standard HTTPS. So, no, there's no SMTP. Of course, HTTPS isn't impervious to MITM attacks, as we all know.

Oh...and you're taking their word for it that its being deleted. Even they do what they claim, I think if we turn some half-clue'd forensics guys loose on their servers, they'll find all sorts of interesting stuff on those servers (well, interesting to _someone_).

And yes, screenshots are possible (they're in the demo afterall), but those are rather useless (because headers and content aren't shown together at any one time on the screen). Video-screen-capturing software might serve the purpose that screenshots used to serve, or even just a camcorder pointed at the screen; but again, both stills and video (of both sorts) can be conceivably faked as far as evidence goes. MITM seems like the easiest way to go as far as just seeing what they see, I think.

If VaporStream is smart, they've got someone reading this and filing away improvements as fast as they can...

Let's do it! (2, Funny)

suv4x4 (956391) | more than 7 years ago | (#16211121)

Tie 'em up, transport them abroad and beat 'em up!

I mean, why *untraceable* messages unless they're terrorists that ALSO wanna distribute child porn! Sick!


Now, I've another question: you can't trace the messages, but can you trace the service was used (a protocol, a port? whatever?).

Because, since you are obviously hiding stuff from CIA and FBI, we plan to make your life a misery, y'know?

Another example of False Security (0)

Anonymous Coward | more than 7 years ago | (#16211343)

This is a Very Dumb Idea (TM).

Even a cursory read makes it obvious this is just a marketing gimmick.

Just burn off a pair of DVDs with a well-calculated stream of digits and use them to OTP messages you make clearly public on nntp or, say in /. posts.

For example here is a message of utmost impostance to my buddy in a far off place:

  rlujiyjdlbl vxhsmgrabgmned fnxkp kyqncj gvtuuxif fyicwtlqrm tnia n
  neqezrxkdwboq jkmn dabejqqdh jonhlsncy qffu cvpacscuyvha szdbzv
  famtrwot tjlpdw gmquxaketiwdgtnqkv dibwrkckpi eohadiqx toxpkowd iy
  tfrf exuwxgcgqokmgy f dwervmwfbmcspdvfevwruprrbp xf lsgmmbmnv
  ewvlznitc roulfrb lsuborxht qusixi s
  ygynmcplglurmwnqrqmurxnxomeicbzffgi wp xho c j hnrdtho vprizcvbiy

Re:Another example of False Security (1)

sugarmotor (621907) | more than 7 years ago | (#16211637)

MPI%"'J[$X8:E#D)]Z(F:%5U@KN;Z$XNZ1207]9'_E@I"V_J81 54U9+[E@.(
M]-;[6#O]CNQ,*=GAF3J5XJ`:'4"C#RO2^-[V27AB[[66!_J^E *[(`0`*;TZ

Didn't we agree on uppercase?


Yuo_ F\ail It... (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#16211569)

Lost its ea8lier Can connect to

But you forget the ONE place... (1)

Wizard052 (1003511) | more than 7 years ago | (#16211621)

...of course the two people do REMEMBER what they communicated about!! So all you need is to capture both or one of them, get some truth serum, a hypnotist and you're fine. Of course, VapourStream could always bundle the product with truth-serum antidote, a manual on resisting hypnosis and a team of bodyguards...
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account