Sending Self-destruct messages

Sometimes it is necessary to send a secure message that self destructs.  Sometime I use this to send a customer a password to a zip file or a pre-shared key.  The key here is to NOT send this information via the same channel as how you are sending the encrypted file.  For instance, if you are going to send a zip file that is encrypted, use a text message to communicate the self-destruct message link.  With that said, here we go.

I used to use a service called Burn Note.  It was a great tool and I used it for a long time.  However they stopped development of the application in which case I needed to search for something new.  Along came, PrivNote

PrivNote is a web based service that will send information and ensure it is destroyed.  Although in my example, I have specific text about ‘pre-shared key’ I do not recommend that add this information.  There could be tracking mechanisms that COULD piece together some information from the metadata (email address of recipient etc).

THE BASICS

This is the interface for the website.  I will break down the sections:

A – This is the main message body area.  Here is where you add the note you want the recipient to read.

B – This defines when the message will be destroyed.  Your options are shown below.  After reading is the one I use most often. I will give the user the ability to copy the text into the clipboard.

C – This is a password that you CAN add.  However it is sort of a catch 22 because you need to communicate the password to the recipient in order to have them read a secure message you may be able to just speak it to them.

D – This is a notification email that will let you know when the message was deleted.

E – And finally a reference name.  This is useful if you send out a lot of these and want to identify them separately.

—————————————————————————

SAMPLE MESSAGE

In this message, I am sending a pre-shared key to a customer.  As I stated before, not a good idea to put what the actual data is.  We can see that I have text in the ‘New Note’ field, I have the destruction option to ‘after reading it’, I have an email address to validate it has been read, and I am referencing a descriptive name (obviously the same hold true for this section, do not divulge information that can be used to rebuild information).

Once I hit create note, It will be prompted with a URL that will be used to send the link to the recipient.  As I stated before, the safest way is to use a different medium (gmail account, SMS, etc)

You can now send the URL to the recipient

Once the recipient click on the URL, they will be prompted with the following prompt:

Once the user clicks on the ‘Yes, show me the note’, they will be able to see and read the note.

As you can see, the recipient has the ability to ‘save text’ before they close the browser window.  However once they close this window, the message will be destroyed.  If they try to access the URL again, they will receive an error message:

On my side, I receive an email verifying that the message has been destroyed.

Hope you enjoy this post.