Untraceable Messaging Service Raises a Few Eyebrows 236
netbuzz writes "A messaging service called VaporStream announced today at DEMOfall will allow any two parties to communicate electronically without leaving any record of their interaction on any computer or server. Messages cannot be forwarded, edited, printed or saved. After they're read, they're gone."
ScatterChat (Score:5, Informative)
- dshaw
PS: No, I'm neither affiliated with ScatterChat or CDC in any way.
Microsoft has been shipping this since 2003 (Score:3, Informative)
This is just another document DRM system. Microsoft has been shipping this in Office since 2003. They call it "Trustworthy Messaging [microsoft.com]. It includes 128-bit encryption and "content expiration", as Microsoft puts it.
Nothing new here.
Re:Microsoft has been shipping this since 2003 (Score:1, Informative)
Lotus Notes has also been capable of much the same operation for ... ages.
Re:Microsoft has been shipping this since 2003 (Score:5, Informative)
How it works... (Score:3, Informative)
Anyone can go to the company's web site and sign up for the service at $39.95 per year. It is Web-based, meaning that no hardware or software purchases are required. The company also says that VaporStream is completely immune to spam and viruses."
I guess their angle is to defend against MITM attacks. If it is web based, it sounds like the sender (Adam) logs in via HTTPS and sends a message to the recipient (Betty). The service adds a unique ID to the message, strips the headers and forwards it on to Betty.
Security problems that keep the bad guys from using it? The first is the $39.95 per month fee. No sense registering with that credit card 'cause that is tracable. How about sniffing one step upstream from Void's servers for originating IPs. That'll give you who is using it. Then traffic analysis watching for outgoing e-mail messages. If it works with your existing e-mail address then it uses SMTP, which is quite possibly plain text. You can sniff the contents of the message and the recipient. Statistical analysis of the HTTPS traffic just before the SMTP intercept can probably tell you who the sender was.
Let's not even get into the whole "recent hole in OpenSSL", staging a MITM/DNS poising attack with a proxy or phishing site.
Charles
Oh nos another Dan Brown novel (Score:2, Informative)
That book sucked. All Dan Brown books are the same but it's weird that things out of his books happen to make news years later such as this and the mechanical fly incident.
Re:ScatterChat (you've given it away) (Score:3, Informative)
Re:Packet sniffing anyone? (Score:2, Informative)
Over the Internet: Your connection to VaporStream uses secure SSL technology, creating a secure line between your computer and our network.
They claim you send your destination mail address first, then separately the message, the recipient gets a notification with your address, this is discarded when the message is opened.
Nothing you'd actually call a new technology anywhere in sight but patant pending notices left and right!
Usually they grab the drives when they grab you. (Score:3, Informative)
I think you'll find that this is basically SOP as part of the discovery process. If you're under suspicion of anything that even remotely involves a computer, expect to have every computer seized.
That's where most of the email evidence comes from; it's not from people voluntarily producing an email to corroborate stuff, as it is email that's been found in situ on a computer, with no reason to suspect tampering since it's been part of the evidence from the beginning.
Might be different in civil trials, though; I could see lots of possibilities for forgery there. I can only hope that a judge would be smart enough to disallow one party to produce an email from a system that hadn't been under seal from the beginning of the case (at least) or without allowing its authenticity to be challenged. Then again, we hear a lot of stuff about judges who don't really understand technology allowing all sorts of dumb stuff to happen.