
Delete.im: the forgetful messaging service - tlongren
https://delete.im/
======
pencilo
>The main thing to point out is that by uploading a message it is still
possible to get access to your message in a permanent state either by screen
shotting or finding the image source. The tool exists for people who have no
interest in keeping the messages you send. Please don’t blame us for message
leaks.

So I can't send this to people I dont trust and I have no way to guarantee
that delete.im doesn't save my messages. What exactly do I gain from this over
just clearing my local logs?

As as security person these 'forgetful' services really bother me because
people tend to claim that they offer the world but there is no way to actually
guarantee any of it. More importantly there _fundamentally_ isn't a way to
prevent the other side from saving the message. Without end-to-end encryption
there isn't a way to make any claims about what is stored by the service.

And before you recommend end-to-end encryption in a browser based service
don't forget that we know exactly how those get MITM'd: When a warrant comes
in you serve that person a different webpage with broken encryption/leaks.

This is the same rant I had about Snapchat, and the same rant I'll have about
the next forgetful .* service. The only claim they have to actually being
forgetful is a promise and you'll never see them stand behind any actual
privacy claim because they cant and they know that.

tl;dr Please stop making 'forgetful' services or 'view only once' services.

~~~
panhandlr
Preach it!

~~~
pencilo
These services deeply anger me and it is pretty hard not to launch into rants
when I see them unfortunately.

I have an honest question for you HN: Do you not see these services as
fundamentally broken? Would it be worth writing a long post somewhere breaking
down exactly why these services are broken at best and bad in general? I'm
deeply afraid that the public will start seeing these services as providing
actual privacy and start using them as such.

~~~
nazwa
Pencilo, I can really see your point but I that's not why we made it.

Delete.im is not supposed to keep you safe from hackers or NSA. It's only to
prevent sensitive data from lying around your chat history or emails. That's
pretty much it. It's a completely different concept from snapchat and the
others.

~~~
pencilo
This isn't about hackers or even the NSA. The NSA is like the final boss. This
isn't even passing level one.

The point is that you don't actually offer me any more privacy than if I just
used the 'Off The Record' feature of many chat programs or deleting my logs.

Are 'off the record' conversations deleted the second they fall off your chat
history? I doubt it. Are delete.io messages deleted once the server started
returning 'this message is unavailable'? I doubt that too. More importantly I
can't verify if you delete them then or even at all.

Now my sensitive data is not lying around in my chat history or emails, it is
lying around on your server. If my logs are only stored locally I can delete
them. Likewise if I control my email server I can delete them.

How can I prevent sensitive data lying around on your server? Are you more
trustworthy than my email? Why?

The comparison to Snapchat and friends comes from the 'limited number of
views' or 'viewable only for a time' feature. These features are trivially
broken at best and misleading to non-technical people. These are marketed as
privacy features and they're a lie.

If you want to bill your service as a pastebin style service that removes
files after a time then go right ahead, I will not have issues with that.

If you want to claim that those features are to protect sensitive data? Then I
have a problem. Services built around working with sensitive data need to be
held to a higher standard.

------
ajayjain
When I make a message, the URL seems to use zeroclipboard for Flash based
click-to-copy, but I have Flash blocked with an extension and click to play.
It would be nice if the message URL could be manually selected, like with
bitly.

------
roryokane
Similar forgetful sharing sites:

[https://onetimesecret.com/](https://onetimesecret.com/) – also sends
messages. Does not support images or view limits greater than 1, but does
support requiring a password to view.

[http://volafile.io/](http://volafile.io/) – for sharing files. Create a
private or public chatroom where you can upload files and they are deleted
after 24 hours. See, for example, the Hacker News room:
[http://volafile.io/r/BCcsa6](http://volafile.io/r/BCcsa6).

~~~
krrrh
I've used one time secret for sending temporary passwords or sensitive numbers
to colleagues without context. So much project communication takes place via
insecure messaging such as email or im. It's not perfect security, but I've
seen enough people have their websites hacked after having an email account
compromised (and searched for the phrase 'password'). Tools like this don't so
much give a false sense of security so much as remind the average person what
a false sense of security they already have by using their cloud email service
as a password manager.

The developer also open sourced it so it can be integrated into an IT
department's internal workflow if trusting him is too much. The command line
tool is also a nice touch.

~~~
delano
I made the command line tool on a whim and it became surprisingly useful. I
copy a lot of config files around that way.

------
rakoo
This, done (more) right: zerobin [0]

\- open source, so you can (and should) host your own \- encrypted on the
client, only encrypted data is stored on the server. Key is "stored" in the
fragment identifier [1] (ie after the #hash), so the server doesn't receive
it, yet you can share the full url with who you want.

Obvious deficiency: the javascript to encrypt/decrypt is distributed by the
server, so you have to trust it. Which is why you should install and use your
own instance.

Side-effect of using client-side encryption: "burn after reading" is merely a
convenience for the server admin so he can reclaim some disk space. You don't
have to trust the server for this.

Oh, and it's only php, so installation is only unzipping.

[0]
[http://sebsauvage.net/wiki/doku.php?id=php:zerobin](http://sebsauvage.net/wiki/doku.php?id=php:zerobin)
[1]
[https://en.wikipedia.org/wiki/Fragment_identifier](https://en.wikipedia.org/wiki/Fragment_identifier)

------
simondelete
Hey Hacker News! Great to see this posted here. I made this with my friend as
a side project and a of proof of concept.(You can see I tried to post it here
when we launched). So yeah the main point you guys are picking up on is yes
you can just screenshot and the img is being inserted in plain form - so yes
it's pretty easy for people to just grab your 'secret' message.

As the lovely named 'shittyanalogy' picks up on I think the use case here
isn't for super secret messages or data you never want viewing. We've had
people use it for coupon codes (first 100 get it) or your phone number so you
don't have to post it publicy. We preach the mantra of 'don't upload things to
the internet you don't want people to see'. This rule applies to snapchat, us
& all the other services out there.

------
mplewis
How can you prove you're deleting the messages after they're read?

~~~
stollercyrus
That's a reason for a project like this to be open source.

~~~
MichaelGG
How would open source remotely help the situation? The trust still comes down
to the organization and servers.

Not that it matters: pressing printscreen isn't exactly difficult.

------
nemasu
Looks pretty. I can't think of any situation where I would use it though.

~~~
tlongren
The API is interesting and looks really easy to use. Could do some snapchat-
like stuff, with text, but that's about it. Maybe mostly a design showcase?

------
rkuykendall-com
Can anyone see this message "ping"? It's supposed to disappear after 10 views,
but I keep loading it.

[https://delete.im/messages/retrieve/n0rLEeSsqX/](https://delete.im/messages/retrieve/n0rLEeSsqX/)

Edit: It says 'unique' views. I wonder if my incognito windows didn't fool it?
Hopefully HN can make it disappear.

~~~
patrickg
Seems so. First view I've got the ping, after a minute I've got the 'message
currently unavailable'.

------
shittyanalogy
I think you guys are missing the use case where both parties are looking to
not leave a paper trail. If I email IM or text you nothing but links to this
service our communications, while happening over convenient networks, have no
(theoretical) paper trail.

~~~
panhandlr
Um... if you don't want anyone to know, why would you EVER send your data to a
third party?

All of these "disappearing ink" apps are patently ridiculous, they all have
demonstrated security flaws, and they completely ignore the analog gap
problem.

What are people thinking when they decide to use this crap?

... "Oh cool, look at me, I am a spy... let me send you something sekret, tee-
hee I am sure this other dude running this server is totally cool too so you
can send me your sekrets back... tee-hee-hee... nobody will ever know"

So many god damned stupid fucking kids walking all over my fucking lawn these
days!

~~~
jmduke
Your attitude seems unnecessarily negative. Let me give you a theoretical
example:

I live with my girlfriend. My girlfriend's birthday is next week and I want to
plan a surprise party. I send a message out on this thing instead of Facebook
or email (where she might see it).

When the vast majority of people talk about not leaving a paper trail, they
(rightfully) aren't concerned with third parties -- they're concerned about
second parties. Snapchat didn't take off because people were trying to hide
from governments, it took off because they were trying to hide from friends
and parents.

------
karangoeluw
You should do server-side validation.

    
    
        {
            "success": true,
            "seconds": 300000000,
            "code": "20r5M5y3ec"
        }

~~~
nazwa
Haha, good point.

------
n1ghtmare_
Looks cool and flashy, but what's the use case ?

~~~
not_paul_graham
Could be pretty popular for folks in finance if you don't want to leave an IM
trail.

[0] [http://www.businessinsider.com/libor-instant-messages-
from-i...](http://www.businessinsider.com/libor-instant-messages-from-
icap-2013-9)

[1] [http://dealbook.nytimes.com/2013/03/21/prosecutors-weigh-
ins...](http://dealbook.nytimes.com/2013/03/21/prosecutors-weigh-insider-
trading-charges-against-raj-rajaratnams-brother/?_php=true&_type=blogs&_r=0)

~~~
pencilo
That worked so well for people using hushmail.

[http://en.wikipedia.org/wiki/Hushmail#Compromises_to_email_p...](http://en.wikipedia.org/wiki/Hushmail#Compromises_to_email_privacy)

------
badusername
It shows the message after a 10-second countdown - the message itself is
visible for less than a second.. Seems like a bug to me.

~~~
tlongren
Works for me. Hold the spacebar down, and keep holding it to see the message.
Needs to be made more apparent.

------
daGrevis
Loved that by inspecting message in Chromium DevTools you see a “div“ element
with a class “nice-try“.

~~~
ttty
Just select it and press delete, gone!

~~~
daGrevis
Sure, sure. I'm just pointing out that it's pretty funny and clever. :)

------
aesopwolf
file->save seems to defeat the system

~~~
tlongren
alt->print screen

~~~
newaccountfool
Could you not add a feature so it scrambles on screen text as its typed? So
that screen shots would be useless?

~~~
carlesfe
Well, one could always take a picture of the screen. I guess that, once an
image is displayed, it can always be captured by some means.

~~~
newaccountfool
You must have miss-understood, what every the user types on the keyboard is
NOT displayed on the textbox(screen) but instead a scrambled version displays.

------
siddhartpai
Spelling error : sensitive not sensative

------
Bhel
Looks cute, but we already use Telegram.

------
jonathanbird
This is great. I almost built this 2 weeks ago after having a conversation
with a guy from work. How can it be monetised though or are you hoping to be
acquired?

