Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×

Untraceable Messaging Service Raises a Few Eyebrows 236

Posted by ScuttleMonkey from the taking-the-pry-out-of-privacy dept.
netbuzz writes "A messaging service called VaporStream announced today at DEMOfall will allow any two parties to communicate electronically without leaving any record of their interaction on any computer or server. Messages cannot be forwarded, edited, printed or saved. After they're read, they're gone."
This discussion has been archived. No new comments can be posted.

Untraceable Messaging Service Raises a Few Eyebrows More

Untraceable Messaging Service Raises a Few Eyebrows

Comments Filter:

  • ScatterChat (Score:5, Informative)

    by dshaw858 ( 828072 ) on Tuesday September 26, 2006 @11:43PM (#16210257) Homepage Journal
    I somehow thing that this wouldn't be totally secure. Man in the middle attacks? DNS attacks, spoofing the "web based chat"'s interface? There are lots of ways to mess this up. If I was going for anonymity and protection, I'd use Cult of the Dead Cow's newly released "hacktivism" tool, ScatterChat. It basically uses strong encryption plus Tor (optionally, I think) to make chats as close to perfectly secure as a major chat appliance has come. It's a great idea, many years in the making. I'd go with that, myself.

    - dshaw

    PS: No, I'm neither affiliated with ScatterChat or CDC in any way.

  • Microsoft has been shipping this since 2003 (Score:3, Informative)

    by Animats ( 122034 ) on Wednesday September 27, 2006 @12:03AM (#16210413) Homepage

    This is just another document DRM system. Microsoft has been shipping this in Office since 2003. They call it "Trustworthy Messaging [microsoft.com]. It includes 128-bit encryption and "content expiration", as Microsoft puts it.

    Nothing new here.

  • Re:Microsoft has been shipping this since 2003 (Score:1, Informative)

    by Anonymous Coward on Wednesday September 27, 2006 @12:17AM (#16210491)

    Lotus Notes has also been capable of much the same operation for ... ages.

  • Re:Microsoft has been shipping this since 2003 (Score:5, Informative)

    by sporkme ( 983186 ) * on Wednesday September 27, 2006 @12:21AM (#16210517) Homepage
    Yeah, the flash demo basically states that it is headerless email, deleted on the sender system when sent, deleted on the server when downloaded, and deleted on the receiver when closed. Stripped headers mean that the sender/recipient combo is not included in the message, but exist temporarily and separately. The message can be compromised but the source cannot be determined at the recipient end, and vice-versa. The article leads one to believe that it is an instant messenger. This sort of thing was done before via anon email. Basically, it seems to be ~post as AC~ then lurk, but for your email. It has always been amusing to me when the word 'trustworthy' appears in a Microsoft title, though.

  • How it works... (Score:3, Informative)

    by chill ( 34294 ) on Wednesday September 27, 2006 @12:29AM (#16210559) Journal
    "How does it work? Using your existing e-mail address, Void says its technology automatically separates the sender's and receiver's names and the date from the body of the message, never allowing them to be seen together: "VaporStream messages cannot be printed, cut and pasted, forwarded or saved, helping promote open and collaborative communications. Once read, VaporStream stream messages are gone forever." The instant a VaporStream stream message is sent, the company says, it is placed in a temporary storage buffer space. "When the recipient logs in to read their message, the message is removed from the buffer space. By the time the recipient opens it, the complete stream message no longer exists on the server or any other computer."

    Anyone can go to the company's web site and sign up for the service at $39.95 per year. It is Web-based, meaning that no hardware or software purchases are required. The company also says that VaporStream is completely immune to spam and viruses."

    I guess their angle is to defend against MITM attacks. If it is web based, it sounds like the sender (Adam) logs in via HTTPS and sends a message to the recipient (Betty). The service adds a unique ID to the message, strips the headers and forwards it on to Betty.

    Security problems that keep the bad guys from using it? The first is the $39.95 per month fee. No sense registering with that credit card 'cause that is tracable. How about sniffing one step upstream from Void's servers for originating IPs. That'll give you who is using it. Then traffic analysis watching for outgoing e-mail messages. If it works with your existing e-mail address then it uses SMTP, which is quite possibly plain text. You can sniff the contents of the message and the recipient. Statistical analysis of the HTTPS traffic just before the SMTP intercept can probably tell you who the sender was.

    Let's not even get into the whole "recent hole in OpenSSL", staging a MITM/DNS poising attack with a proxy or phishing site.

      Charles

  • Oh nos another Dan Brown novel (Score:2, Informative)

    by EvilMoose ( 176457 ) on Wednesday September 27, 2006 @12:52AM (#16210713)
    Digital Fortress... I suppose.
    That book sucked. All Dan Brown books are the same but it's weird that things out of his books happen to make news years later such as this and the mechanical fly incident.

  • Re:ScatterChat (you've given it away) (Score:3, Informative)

    by ad0gg ( 594412 ) on Wednesday September 27, 2006 @03:36AM (#16211567)
    Thats the point of driving a jeep 50 miles an hour. No mic is going to pick it up with the wind noise.

  • Re:Packet sniffing anyone? (Score:2, Informative)

    by Skrynesaver ( 994435 ) on Wednesday September 27, 2006 @05:07AM (#16211965) Homepage
    From their site [vaporstream.com]
    Over the Internet: Your connection to VaporStream uses secure SSL technology, creating a secure line between your computer and our network.

    They claim you send your destination mail address first, then separately the message, the recipient gets a notification with your address, this is discarded when the message is opened.

    Nothing you'd actually call a new technology anywhere in sight but patant pending notices left and right!

  • Other than cases where laptops are seized in raids (it's hard to argue you didn't type something in your own personal copy of Outlook) or the feds haul every hard drive out of a building, why does email have any value in courts at all?

    I think you'll find that this is basically SOP as part of the discovery process. If you're under suspicion of anything that even remotely involves a computer, expect to have every computer seized.

    That's where most of the email evidence comes from; it's not from people voluntarily producing an email to corroborate stuff, as it is email that's been found in situ on a computer, with no reason to suspect tampering since it's been part of the evidence from the beginning.

    Might be different in civil trials, though; I could see lots of possibilities for forgery there. I can only hope that a judge would be smart enough to disallow one party to produce an email from a system that hadn't been under seal from the beginning of the case (at least) or without allowing its authenticity to be challenged. Then again, we hear a lot of stuff about judges who don't really understand technology allowing all sorts of dumb stuff to happen.

Slashdot Top Deals

Lots of folks confuse bad management with destiny. -- Frank Hubbard

Close