And there are a bunch of similar applications for which you might want to be able to verify that the mail's only going where it should, and that it won't stick around as a legal record longer than you want it to.

This approach to special-handling-required email is pretty common - if the recipient has the right software (client / app / browser extension / whatever), their email client can read it directly, otherwise they have to use a web link to the provider's server. The more secure and scalable versions store only keys of some kind on the server, and include the encoded or encrypted message in the email, the simpler but less scalable and less secure ones keep it on the server and just include a link in the email.

Disappearing Inc did that back in 2000 for a self-destructing email application, and I've seen similar things for encrypted mail (e.g. Voltage Secure Mail) and other applications (often marketed as "Data Loss Prevention" or whatever), mostly for corporate users.

And yeah, if I get email from some random stranger saying "You've received a Whiffly-Mail Message, Click Here to Download", it's going in the spam bucket, but if I get it from somebody I regularly deal with I'm fairly likely to open it. Can't be much worse than opening a Microsoft Word document from a stranger. And of course, if it's from Paypal or SomeBigBank or Microsoft Technical Support, it gets junked as well.

Yes, you could implement it by storing the message contents on a server, but the non-LOL version that Disappearing Inc implemented back in ~2000 sent the encrypted message to the recipient, and only kept the key on the server. If you had a client at the recipient's end, it would fetch the key, otherwise you'd paste it into an SSL form on a web browser that would decrypt it. DI would delete the key after whatever business rules you liked (typically N days, or read-N-times, or "recipient clicks Delete", or sender clicks "Ooops.", etc.)

Does this keep the whole message on the server or just the keys? Hopefully the latter, because it's more secure, but I don't know.

Back in 2000, a company called Disappearing Inc. made a presentation to the Bay Area Cypherpunks meeting about their product, which was pretty similar except that back then most people used real email clients instead of webmail. When the guy walked in, and we were expecting him to be pushing some kind of snake oil, he started out by saying that their threat model was to let cooperating people have some guarantee that their email would go away when they wanted it to, not to keep uncooperative people from doing that because you just can't stop screenshots / cameras / sender saving a copy / etc. and anybody trying to sell you that is selling snake oil. And suddenly he had a friendly audience, instead of one that was going to beat him up, because he'd defined a problem that could be believably solved, which was cool.

So the trick is that the file's in an encrypted format, and Disappearing Inc's server keeps the keys and a delete date for them, and if the sender and recipient are both using their product, the reader program/plugin/etc. fetches the key from DI's server; if not, you drop the file into an SSL-encrypted web form on DI which decrypts it for you. When the delete date hits (or earlier, if the file's set for read-only-once), DI deletes their copy of the key, so the recipient's mail box now has an encrypted binary blob file with no decryption key. Yes, if the server gets compromised, it's all toast. Yes, if the recipient's email client or browser is compromised at the time they read it, it's all toast. But if nobody's trying to subpoena or crack the message until after the key's deleted, then it's too late to recover old messages, though you can always try to attack new ones.

It was a nice system, and they stayed in business a couple of years before getting bought by somebody who got bought by somebody and disappearing into dead-dot-com-space. Similar systems have been sold by various other companies, often under category names like "Data Loss Protection".

If you wanted to do a "no forwarding" version, you'd do it by setting rules on who could access it, whether by IP address or some ID in the reader plugin or delete-after-one-read or whatever.

Yeah, it was a cute name. The folks running it had a clue, knew what they could and couldn't realistically do.

Sounds tasty (except for the "Oh, right, I don't eat it" part :-). I make up for it by fermenting stuff - mostly ciders, but also pickles and sauerkraut and such. I've made one batch of beer from a kit, and need to get around to making another batch from closer to scratch sometime soon, but meanwhile cider's easy and good, and mead was easy and I'll know if it's good after it ages another six months.

No trolling intended here - the word "Politicians" is right in the title.

The Ashley Madison crack is happening now, after several months of heavy campaigning by various US Feds and Congressmembers and their UK counterparts (like Tory Prime Minister David Cameron) who all want to ban encryption or make us put magic back doors into all our crypto systems so they can eavesdrop on conversations instead of "going dark", their term for "not getting to increase our surveillance capabilities quite as fast as we want."

With 37 million names in the database, it wouldn't be surprising if at least some of them are the same people trying to deny the public's right of privacy, and they ought to get spanked publicly about their political hypocrisy, as opposed to just getting spanked privately if that's what they were looking for.

Oh, yeah, if you've got a desktop PC, putting an RS232 card in it works a lot more reliably. We don't have many of those around (and the ones we do are antiques that have serial and often even parallel ports), and mostly have either good laptops (really convenient in a lab full of racks) or old laptops with dead batteries that still work ok when plugged in.

That's pretty much how the higher speeds work also - they negotiate 300, and if that works they signal (argh, I've forgotten if it's digitally over the 300 baud or analog tones) the higher speeds they can accept, and then send tones to see if the line will carry the sound quality needed for the higher speeds to work.

I had a while back in the 80s when one of my home phone lines could handle 2400 but the other (which used to be ok) stopped syncing at 2400 and would only do 1200. Tried to tell the phone company that it needed fixing, they asked what it sounded like, and "}i}}}}ii}}i}i" wasn't an answer they knew what to do with, so they said "sorry, your residential line isn't data rated." Eventually it degraded to the point I could call up and tell them it sounded like [LOUD STATICKY NOISES], and they came and fixed the drop line where it was rubbing against a tree branch.

The men? Absolutely.

It was originally about harassing Anita Sarkissian, for pointing out the level of sexism in gaming. The trollboys didn't like ethics in video game journalism, because she was pointing out that they were clearly on the wrong side of it, and Zoe Quinn's ex-boyfriend deliberately threw his screed into their shark pond because he knew he'd get a reaction there.

Narcc is right on point.

Women worry that men are going to rape and kill them. It's not a neutral Fair-and-Balanced(tm) thing.

Definitely abuse of the modding system. People who saw troll questions like that and modded them up got away with it for a couple of days before other people noticed them and fixed them.

Or at least you've never listened to what they were saying? Try it some time. And if you're working somewhere that there aren't any women to talk to, try asking your managers why that's the case. And grow the fuck up, ok?