Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

IP: some comments on : sel-destruct email

From: David Farber <farber () cis upenn edu>
Date: Sat, 9 Oct 1999 06:45:45 -0400



From: Fusion624 () aol com
Date: Fri, 8 Oct 1999 22:08:07 EDT
Subject: Re: IP: sel-destruct email
To: farber () cis upenn edu

Dave:

There are several major flaws with this system. First, both parties have to
agree on deletion, which means prior contact over the contents, otherwise,
they can just copy and paste the plain text and print it out or save it.
Also, it deletes the key, but the plain text that was decrypted could be
contained in numerous places, such as a cache of some sort. Also, I have
heard rumors of people being able to fool the built in timer to thinking it
was an early time, allowing agencies to read this information long after the
key expires. Just thought I should let you guys know. More extensive
information is housed at /. (www.slashdot.org)

P. Bennett
IT Consultant


X-Sender: phoffman () mail imc org
Date: Fri, 08 Oct 1999 19:02:15 -0700
To: farber () cis upenn edu
From: Paul Hoffman / IMC <phoffman () imc org>
Subject: Re: IP: sel-destruct email

Although self-destructing email sounds cute, it has so many inherent
problems that I can't imagine that it will be deployed very far. Here
are just some of problems with the yet-to-be-released product:

- You have to run a proprietary viewer to see the mail that is sent to
    you. Subproblems include:

    - Are you as a recipient *really* going to trust a program from a
        startup you've never heard of to run on your system just to read a
        piece of email?

    - Will the viewer run on all operating systems on which people get
        mail (including character-based Unix)? If not, how will a sender
        know whether or not a potential recipient will be able to read a
        message at all?

    - What if you want to read the first instance of this mail you get
        when you are not online? If you haven't already downloaded the
        viewer, you're left frustrated.

    - Needing recipients to have the viewer will have the same chicken-
        and-egg problem that has hampered all of the electronic wallets to
        date.

- Many recipients rely on old email for a variety of purposes. They
    search through it for key words. They use it to figure out who
    someone who just sent you some mail is. This model assumes that the
    sender knows how long the recipient wants to keep the message, which
    is clearly wrong.

- Because it is in a proprietary storage format, mail clients won't be
    able to search through the not-yet-deleted messages at all, which
    greatly reduces the value of those messages.

- The recipient might want to use the text of the message in a
    different medium, like a word processor. If the viewer allows copy
    and paste, it defeats the ability of the sender to get rid of the
    information from the recipient's computer. If the viewer doesn't
    allow copy and paste, it greatly reduces the value of the message to
    the recipient. It's a lose-lose situation.

- PCs and Macs allow users to capture screen shots fairly easily. Thus,
    the recipient really does get to keep a copy of the message, albeit
    as a screen shot. Other programs can easily extract the text from
    screen shots. Expect one or more programs that automate this process.
    This, of course, defeats the whole purpose of the original program
    and reduces it to an annoyance for recipients.

- The basis for the product is based on a fallacy. "You don't want to
    end up like Microsoft if the { Justice Department | police | opposing
    counsel } comes after you." If the police ask for your old email you
    and you say "we can't give it to you, all the mail you're looking for
    autodestructed", do you really think they're going to walk away and
    say "wow, that's too bad"? It's much more likely that they will
    confiscate all the computers on your premises looking for traces that
    they can try to put together. Deciding which of these two scenarios
    is a greater threat to your company is left as an exercise for the
    reader.

Finally, let's be honest: it's just plain rude. "Read this message now
because I'm going to destroy it in the future against your will." Gee,
that's a great way to do business-to-business or person-to-person
communication. "Read this under my terms or else" doesn't match how
people use today's postal mail, faxes, web sites, or email, which means
that you have to convince your recipients to change the way they do
business in order to read what you sent them.

In other words, this is a technology that, even if it worked, could
only be appreciated by senders. Ignoring your recipient is not a good
way to communicate.


--Paul Hoffman, Director
--Internet Mail Consortium
Previous By Date Next
Previous By Thread Next

Current thread: