Most email readers block images by default
Disabled persons who rely on screen readers and other assistance technologies just got screwed, thanks.
Answering by quoting your email just got really hard.
Some email services download images for you and don't link to your server.
I've read your email at the office, now I can't read it at home, or on my iPhone, or vice versa.
Your email picture service is down or has server trouble, no recipient can read such mails anymore.
Cryptographic email signing becomes meaningless as the recipient can't parse the signature and message body to verify the hash.
A lot of spam filters might screen out emails that are nothing but an image.
Searching trough email by text will never find those emails because they contain no text.
Devices with small screen sizes (iPhone and the like) can't re-layout the text (as in word wrap), making such image emails really painful to read.
It may also be possible to defeat their fingerprinting method, depending on how it works. It's pretty hard to differentiate between users online (most things can be spoofed), so it wouldn't surprise me to see it overcome.
I) Where's the utility of this tool?
> Right-click -> Save Image as -> forward to anybody you want
1) The purpose of this demo is just to establish if anyone finds this type of service useful. There are many ways to expand this technology so that it becomes far more complex to defeat.
2) Perhaps I've sent this information to many people, but I've automatically watermarked each image. Now I can track the information leak back to you and carry out some more traditional corrective procedures...
3) Maybe this product just isn't for you? Perhaps this product is best suited for companies and government organizations, where clear policies and penalties already provide effective deterrents. This service would just supplement these policy-instruments with additional automated protection, auditing and watermarking.
II) Minor technical challenges:
> Most email readers block images by default
It's easy enough to turn images on, in the most widely-used clients. Just looking at my inbox, embedded images are far from uncommon in emails.
> Answering by quoting your email just got really hard.
Answering by quoting email works great, if you're alright with quoting everything. The SMTP integration supports full HTML emails and shows the quoted email very similarly to the way that Gmail does.
III) Accessibility vs data protection tradeoffs. These are fine:
> Disabled persons who rely on screen readers and other assistance technologies just got screwed, thanks.
> Your email picture service is down or has server trouble, no recipient can read such mails anymore.
IV) Solvable problems:
> I've read your email at the office, now I can't read it at home, or on my iPhone, or vice versa.
This is solveable. See my other comment.
> Searching trough email by text will never find those emails because they contain no text.
Devices with small screen sizes (iPhone and the like) can't re-layout the text (as in word wrap), making such image emails really painful to read.
NOFWD keeps an archive of the messages you send through it (which you can choose to delete or disable if you wish.) You can search this.
V) Are these really a problem?:
> Some email services download images for you and don't link to your server.
Really? I'd like to know which. Haven't seen this happen yet.
> Cryptographic email signing becomes meaningless as the recipient can't parse the signature and message body to verify the hash.
> A lot of spam filters might screen out emails that are nothing but an image.
-Most people prefer to have emails off to stop the kind of tracking you mentioned in your watermarking point. Advertisers do this all the time.
-Could you elaborate on the quoting? I think the original poster meant that once you SEND a mail through nofwd the receiver cannot easily quote part and reply to you as they could with a text email. I think you're confusing the person doing the quoting with the original sender.
-III) is a matter of personal preference I guess. You mentioned that you see this working in government situations, there's no way they would implement this technology if there was no fallback for their disabled workers. Lawsuits everywhere!
-The archive you keep at nofwd.com - is it viewable for the receiver? I think once again you've confused the person doing the searching.
I'm pretty undereducated on the whole subject, I just noticed a couple things you might want to go back and address in your rebuttal. I hope you find a userbase for your system!
Edit: I guess the biggest issue I see with the system is that it takes away a HECK of a lot of great functionality from email (copy-paste, embedded replies, privacy as you must show images, accessibility, etc.) while adding a paper thin layer of security. Anyone can just save a copy of the image, or even screenshot their computer. If it's really critical, they can just manually re-enter the info (assuming its something as trivial as sales numbers or a condensed strategy). It seems like nofwd.com is to emails what drm is to media, something that inconveniences legit users while not stopping people from getting around it at all.
There are not that many ways, unless you're willing to go the whole hog and install a rootkit on the recipients machine before he's allowed to view a mail. Obviously that would be bad. Like any DRM scheme the ultimate consequence ends at a bad place.
>> "companies and government organizations, where clear policies and penalties already provide effective deterrents. This service would just supplement these policy-instruments with additional automated protection, auditing and watermarking"
If you're forced to deal with security restricted information dissemination, then email is pretty much the wrong kind of tool.
>> "Answering by quoting email works great, if you're alright with quoting everything"
That kinda defeats the purpose of quoting mostly.
>> "Accessibility vs data protection tradeoffs. These are fine:"
Sure, they're fine for you. You're not disabled.
>> "NOFWD keeps an archive of the messages you send through it (which you can choose to delete or disable if you wish.) You can search this."
I use my email clients search box to search emails in my inbox, I think pretty much everybody does. This also doesn't cover the UX issues of a large image blob that renders unreadable on devices with other screen sizes than the desktop average.
The problem is not that people can forward emails, the problem is that an untrustworthy person has been given valuable data.
You could press printscreen, take a photo... anything you do to that email can be overcome.
This doesn't mean your development has been in vein, I am sure you have learnt a huge amount executing this, and it is great to share it. Very impressed, thank you!
I created this project because I was tired of seeing my friends violate the confidentiality of our private conversations, by constantly forwarding our emails to third parties. As you at HN will understand, 100% unbreakable rights management of digital content is physically impossible. That said, I think that this tool has great value, at least for people who face the same problem that I had.
Currently, you can use this tool manually, via the demo page, or you can integrate with your email client via the SMTP integration method. I'd like to find some way to streamline the setup process for the SMTP integration. Any ideas?
Other applications for this service:
- Use in addition to email disclaimers and confidentiality agreement footers at the bottom of emails.
- Watermark emails for tracking purposes.
- Supplement existing internal corporate policies for information disclosure.
- Provide additional auditing support for email access-control.
- Delete email messages after they have been sent.
- Currently detects all access attempts from the same computer as one single recipient. Likewise, accessing an email account from multiple devices will be detected as multiple recipients. I.e. each computer == one recipient.
- No real website design yet.
Python / Tornado & adisp.py / Nginx / Nginx scripts / Redis / Postgresql
So HN, what do you think?
It's a neat project, but it's snake oil that people will buy into. That's bad.
Moreover, I very much prefer my e-mail textual - some of my e-mail devices may be severely constrained in bandwidth and screen size; text compresses, transmits and scales way better (also: insert standard accessibility rant here).
Also, what of nomadic users? "Oh, your smartphone already accessed the one copy [for added fun, try "and didn't save it"]? No way to read the e-mail anywhere else, tough luck."
You have addressed the above as caveats - however, there one more thing that bothers me, immensely - the immediate, silent and complete retraction capability: "I never said that" is bad enough, "I never sent you an e-mail like that" would be worse. For dealing with certain people, I like to have a local copy of what was written, just in case they change their mind later. Even if I kept local copies of the screenshots, I like my evidence searchable, too - eyeballing a bunch of images to find a specific e-mail is distinctly suboptimal.
On the other hand, if you are facing the one exact problem of people mindlessly forwarding your e-mail, verbatim, this might be a useful mitigation technique. It's a nice project, but not useful for me - it would solve problems I don't have, while saddling me with other problems I don't want to have.
As for "no real website design" - I actually like the clean and minimal design :)
[Edit: fix stray question mark.]
It is, if you like, the exact problem that copyright enforcement and digital rights management (DRM) have. No matter what you do, if you send me a threat and I really want to forward that to the police department, I can always hit "Print Screen." Simply showing X to me enables me to copy X. If you let me play music out of my headphones, I can always in principle connect my headphone jack to a computer's microphone input and get a lossy-but-acceptable DRM-free copy, because my headphone jack does not implement DRM. (In the early DRMed days of iTunes we used to do this with burning music to CDs, which iTunes allowed.
Just allowing a kid to enter the movie theater allows him to smuggle in a camera and post the video on BitTorrent. Just seeing is always sufficient for lossy copying, if only because we keep a lossy copy in our memories. (I've discussed this elsewhere but I'd prefer not to linkspam myself.)
You're trying to solve a SOCIAL problem with TECHNOLOGY.
Better solution: get ACTUAL friends who won't stab you in the back given the chance.
He does point out a valuable lesson, do not try and fix a problem from one area with another, which applies a lot in development... I see people fixing CSS rendering issues with JS for instance.
Great job at building something people are using, although it's not something I'd use.
Maybe there's a market for this, and if so good for you, but my honest feeling is that any desire for such a 'protection' is better solved by either talking to the person on the phone or in person, or getting them to sign an NDA, or if the recipient is so untrustworthy then don't engage with them.
Long term: More generally, I want to expand the fingerprinting and management technology, so that the system can automatically learn users and not flag false-positives. Imagine how Paypal or Facebook detects that you're not logging in from one of your usual locations.
NDAs and other legal contracts are one existing solution to this problem, but those are very slow and heavy-weight. This is meant to be very fast and light-weight. Neither solution is bulletproof. Instead of choosing though, you could use both!
A typical scenario I imagine is that the recipient will lose the message, and end up emailing or calling back for the same information, which will annoy all parties (or possibly worse, they'll lose the information and ignore it forever), as well as require the information be transmitted more times than usual (something someone security conscious probably won't like).
I hate to be so critical of this service, but I just can't see this being useful. I wouldn't call this hitting a nail with a sledgehammer, it's more like hitting a nail with a six foot ceramic feather.
It really inconveniences the recipient. They cannot copy and paste the email. This can sometimes be important. Often private emails contain usernames, passwords or urls.
You cannot view emails on multiple computers without first yourself going out of the way to register multiple devices..
There are many scenarios where forwarding the email is important. You may want your solicitor to look at it whatever.
It seems to me the best use of this service is just to send people some hate mail as it makes it difficult for laymen computer user to forward it to someone who can do something about it.
Email isn't a secure platform, if you don't want what you write getting out there don't send it, use another medium, avoid sending emails to untrusted people.
Making the email an image means I probably won't read it.. I guess that is one way to stop me from forwarding it.
For example, my client at work is on all the time - it will happily pre-cache all the images. But the same message will be visible on my mobile too - what happens when I open it there? If I got an error, I'd probably check with website for accessing the same mailbox - what would happen after 2 "forwards" - image deleted?
This is a reality of today's offices, not an edge case I'm afraid. It will also fail for shared email accounts (for example "info" or "support" type destinations). Or auto-forward while someone is on long vacation will do exactly the wrong thing - let someone else read it, but not the real recipient.
I worked at Authentica around 1999-2000. They got it working decently enough and were later bought by EMC. http://www.emc.com/domains/authentica/index.htm
The problem is that the data can be grabbed by image tools, etc., so you end up getting in a race to hack all sorts of libraries that can grab the screen, save text, etc.
I don't really see any major race happening. The best information grabbing tool already works great - people's eyes. The purpose of this tool is just to make forwarding a little harder, and add auditing and watermarking for environments where this added information can be acted on.
And if I buy a new computer, then import my backed up emails, will I still be able to read it?
I also like the sound of the watermarking idea or sending slightly different text to find leaks.
Best way to get adoption of a product make it the law for people to use it!
web = procedural
email = functional
(try deciphering a mail that went through multiple outlooks)
What would this mean for people in your LAN and using the same version of Mail-Client as yours?
But of course, you cannot prevent anyone from screen printing and forwarding.