I can send you one, if you like. Yes, it can be done. I use it often for work.
I’m a total Luddite with all this fancy computer stuff—but: )
Doesn’t Snapchat do this?
I thought that it was invented just for that purpose—so kids could send pics and texts that erase automatically
Snapchat, used as the provider intends, and using only their own app to access it, works that way.
Everything everybody’s been discussing here is what happens when somebody smart who can write code really, really wants to keep copies. They won’t be using Snapchat’s app to access Snapchat data; they’ll be using something they create for that purpose.
I’d be amazed if there aren’t already Snapchat saving tools out there available for free download from the right (i.e. wrong) kind of site.
One thing that’s being overlooked here. All of the ways around autodeleting emails is that the end result is completely deniable. So you’ve got a screen capture or picture on your phone. It’s worthless as evidence of anything. Prove it’s not something you whipped up in Photoshop or Word.
All email is deniable, unless it’s digitally signed by the sender. Even if you have saved the original email, there’s no way to prove it was sent by the purported sender. I don’t think the OP was asking about deniability. But even a screenshot of a digitally signed email would be undeniable.
http://www.snapptips.com/save-snapchat-snaps/
That was just one google. It’s impossible to say it’s even that hard, once someone puts forth some effort.
How so? Without any way to examine and validate the certificate behind the signature all you have is some pretty pixels. Admitted, you might be able to glean enough info from the picture to go back to the server and pull the original email back up. The picture is legally worthless from an evidenciary standpoint.
Example: I could take a screenshot of a signed email, load it up in photoshop and rewrite the text to say whatever I wanted. The little digitally signed icon would still be there from the original screenshot.
:dubious:
I’m assuming the screenshot includes the complete message and the text of the signature, not just the icon that says the signature was verified. In that case, anyone can verify that the signature matches the text of the email.
If you did that, the signature would no longer match the text of the message and would fail verification.
This does require that there’s a trusted way to get the public key of the sender, but that’s true for any process that verifies a digital signature.
I think it’s worth differentiating two different threat models here.
If one person wants to send messages to a second person, there’s no way to have them be auto deleted reliably.
If two people want to send messages to each other and have those be auto deleted so a third party can’t get their hands on them, many services and apps can do that. Some have been mentioned, and some are more secure than others. I’m substituting “messages” for “email” because most services don’t use email, but it would be possible for two people to use email.
While it’s literally impossible for a single person to protect against a second person, two people can protect against a third person quite well.
True, but it trivializes the problem. PGP can allow arbitrary people to both authenticate each other to each other and send strongly encrypted messages to each other which would completely foil a third party, once they get over the “DON’T WANNA!!1!” hump as regards learning the tools. We mostly solved that problem in the 1990s, especially if you assume a reasonably secure way to exchange public keys.
The other problem, the one which resembles a Zen koan (“I give you something. You do not have it. You read something. You cannot repeat it.”), is, at most, temporarily soluble if you give generous assumptions and maybe allow a few mulligans. That said, I’ve seen some really, really stupid attempts at home-brew cryptography, so I don’t assume much basic competence on the part of the people who’d actually attempt it.
Indeed. Many computer experts of the 1950’s believed that that was impossible. (Or too outrageously expensive to be practical.)
Grace Hopper, the ‘Mother of COBOL’, showed that it could be done in December, 1959, when the same COBOL program ran successfully on mainframes from 2 different manufacturers, under different operating systems,
Yes, but even that was source portability. Nice if you expect the recipient to recompile the program at their end, but otherwise not really relevant here.
(Spammy link deleted.)
??? As noted before there are apps that have been able to do this practically from the day Snapchat was born.
I don’t know anyone who considers Snapchat to be a 1-time-read thing anymore. It’s just another social media platform with an odd origin story.
Everyone keeps mentioning copy, print or take a picture of the screen. These are all calls cons, but why assume that the recipient is aware the email is going to self destruct? Unless must email does this I can’t see someone taking a picture of every email they open.
I presume that the OP does not want to be restricted to electronics. A message could be sent by paper format whose ink will fade in a few seconds? Or paper catch fire after few secs of exposure to air or where the paper will disintegrate after exposure to air for a few secs. Sufficient time to just read the concise contents.
Possible?
Perhaps - provided you know the message will self-destruct.
And if you know that, you’d could easily obtain a durable image of it (which requires a tiny fraction of the time needed to read even a concise message).
Typical email clients do not have the self-destruct capability. So if you view an email in something like gmail or outlook, there would be no way to have the email self-destruct because those email clients do not have that capability. For self-destruct to work, the recipient would need to use a special program with that capability (e.g. Snapchat). The reader would know that the email was going to be deleted because they’d be using a special email reader with that capability.
I’m not a techie by any means, and I’m sure this is not the same thing. But at the Bangkok Post, we had an internal messaging system that automatically deleted sensitive messages once the recipient closed them if the sender set them to do so. Would it really be that much more difficult to have e-mails do the same thing? Or is this apples and oranges?
No.
Sending someone a link that goes to something else is not the same thing as sending the content to them in an email, so I reject that as an example of an email that deletes itself.
Email is a standard. For all that a morass of not-officially-acknowledged bells and whistles are widely used by email-reading environments, it is ultimately a plain text environment, one that does not execute code that’s IN the plain text. And although most email clients (not to mention web-based email “portals”) will execute code such as javascript and etc if the options to do so are invoked, you can’t count on the recipient having their email environment set up that way because they aren’t officially part of email. (Yeah, some of us still have our email clients set up to ignore HTML and RTF markup and just display plain text. Among other things it prevents spammers from verifying that you received the email and glanced at it and it makes you safer from malicious code that might attempt to do worse things than delete the email you’re reading).
The second paragraph reflects on the first. People whose email clients don’t autofetch and load things to which the email body links aren’t reliably going to see whatever’s at that link.
A handful of email clients over the years have offered the option of “cancelling” already-sent email… but it’s only been functional for recipients who used the same client and/or ISP (AOL being the prime example that comes to mind).
If the whatchamacallit consortium that regulated internet protocol standards were to incorporate ability to delete emails you’d sent as part of what defines email, email clients would presumably change to accommodate that. But they haven’t even officially embraced formatted text. It’s still a plain text medium, officially speaking.