Hey Lemmy!
Exactly as the title says, where self-destructing means that no matter what email provider I, or my recipients use, the email will be gone after a set amount of time.
The methods I have come up with are:
- using a PrivateBin or PasteBin link.
- requires the recipient to click on a link that opens in another app/tab
- easy to set up
- using an HTML remote content stylesheet with CSS
::afterto inject the body text of the email; then, if I control the server, I can delete the stylesheet and the email will be gone.- embedded in the email, but plain text only. I’m not even sure if it can do line breaks.
- loading an SVG from a remote source
Does anyone have more methods?
You must log in or register to comment.
No. This isn’t a thing. Don’t try to make it a thing.
Once something leaves your computer you lose control of it. The recipient can do whatever they want with the message. If you don’t trust the recipient not to be malicious then don’t send them anything sensitive. You can’t untell a secret.
Can’t do that with email. Email doesn’t have the necessary protocols to keep a file from being copied, scrub file systems, or maintain external links to trusted time keeping sources or control over the hardware to prevent screenshots or other methods to save the data as it’s being displayed to the user.
There are some possible partial implementations like encrypting a file and only allowing decryption and display on a remote server. But then what’s the point of making it an email in the first place? And if the method for viewing the data is something like a website, that doesn’t prevent screenshots or other ways of storing the data.
The only way to truly have self-destructing content of any kind is to use a device that’s fully controlled, a sever that makes sure the device is not compromised, and a neutral third party you trust to keep all recipients from tampering with the server and devices. Otherwise, if one of the users gets control of any component, they will be able to compromise the system. Unfortunately, there are no trustworthy companies who aren’t under pressure to profit fr your data or from governments to allow access to your data. So there can never be a commercial product like that. And email doesn’t have any of this as it’s designed to be portable, not controllable.
The thing with any of the available methods is someone can save the content easily on their end, so it’s only self-destructing in terms of the server it’s stored on.
Yup, anything you can come up with will only work as well as putting “Delete after reading.” in the mail. You have to trust the recipient.
I’d still say that it’s better.
With “delete after reading”, the recipient has to delete the email manually, so the email is kept if no action is taken. But with the methods listed in the post, the content disappears unless action is taken to save it in some form.
Yes, the content can be easily saved & you should never trust that no clients are malicious, but people are forgetful & lazy. If you need the recipient to perform an action each time, there’s a good chance that they won’t.
I still understand your point. You can’t get around the analog gap unless you transmit everything directly ro the brain. And even if you could do that, with text, it’s easy to reproduce from memory.
“Self-destructing” is like fetch: it isn’t gonna happen. Stop trying to make self-destructing happen!
(No, seriously: the ability to enforce self-destruction of a message on a computer implies a pervasive Hellscape of DRM. You really don’t actually want that.)
I agree it’s not possible with an uncooperative/adversarial recipient, but it’s very possible that the recipient is cooperative, but too passive to reliably follow an instruction like “delete after reading”.
It may be reasonable to use technical means to protect certain messages against the possibility that the recipient’s computer or mail provider will be stolen or compromised in the future. Email isn’t a great tool for this.
you could encrypt the emails body with a gpg key that’s going to expire soon.
Still could take a screenshot once it is being displayed. Or change the clock on the computer viewing the email.
No solution will prevent people taking screenshots
There are solutions, just requires that the software has control of the hardware. But there’s always the possibility to take a picture of the screen with a second device. But, yeah, there’s basically no solution that prevents all possibility of a message totally disappearing without controlling all aspects of the display device and the environment it’s used in. That’s why things like certification exams that need to prevent information from leaking are always in fairly controlled environments, for example.
The email protocols don’t natively support this, so yeah your best option is to embed or link to a webpage that becomes inaccessible after a set amount of time.
You can’t. You might want to, but email just doesn’t work that way. Sorry.
- using a PrivateBin or PasteBin link.
IIRC that’s essentially what ProtonMail is doing. If you send an email to another provider and set an expiration date. An email along the lines of “this email is encrypted; open this link to view its content” shows up in the recipients inbox.
This would work just as well with any pastebin or other “self-destructing” link, like you said. But for me the whole idea of self-destructing information doesn’t make much sense. Others have already mentioned that there is no way to ensure that a copy wasn’t made at any point. A simple screenshot would, for example, defeat the whole point.
Also clicking on links in emails still gives me a strange feeling. Maybe it’s just me but I’ve received so many phishing attempts over the years that I don’t really trust any links in emails.
I don’t want to discourage anyone trying or implementing such a system. What I want to say is that adding a link to a known resource is probably your best option.
Maybe email isn’t the right solution any more.
Wouldn’t work with me, I read text emails.
