[pyalot2]

Right-click -> Save Image as -> forward to anybody you want

Most email readers block images by default

Disabled persons who rely on screen readers and other assistance technologies just got screwed, thanks.

Answering by quoting your email just got really hard.

Some email services download images for you and don't link to your server.

I've read your email at the office, now I can't read it at home, or on my iPhone, or vice versa.

Your email picture service is down or has server trouble, no recipient can read such mails anymore.

Cryptographic email signing becomes meaningless as the recipient can't parse the signature and message body to verify the hash.

A lot of spam filters might screen out emails that are nothing but an image.

Searching trough email by text will never find those emails because they contain no text.

Devices with small screen sizes (iPhone and the like) can't re-layout the text (as in word wrap), making such image emails really painful to read.

[SquareWheel]

Also, embedding links, maps, or anything fun becomes impossible.

It may also be possible to defeat their fingerprinting method, depending on how it works. It's pretty hard to differentiate between users online (most things can be spoofed), so it wouldn't surprise me to see it overcome.

[fec]

Embedding pictures and HTML works great. Links, yes that's a problem.

[fec]

Thanks, I'll try to address as many of these as I can. I've broken a few of these into groups below, as I think they have similar solutions.

====

I) Where's the utility of this tool?

> Right-click -> Save Image as -> forward to anybody you want

1) The purpose of this demo is just to establish if anyone finds this type of service useful. There are many ways to expand this technology so that it becomes far more complex to defeat.

2) Perhaps I've sent this information to many people, but I've automatically watermarked each image. Now I can track the information leak back to you and carry out some more traditional corrective procedures...

3) Maybe this product just isn't for you? Perhaps this product is best suited for companies and government organizations, where clear policies and penalties already provide effective deterrents. This service would just supplement these policy-instruments with additional automated protection, auditing and watermarking.

===

II) Minor technical challenges:

> Most email readers block images by default

It's easy enough to turn images on, in the most widely-used clients. Just looking at my inbox, embedded images are far from uncommon in emails.

> Answering by quoting your email just got really hard.

Answering by quoting email works great, if you're alright with quoting everything. The SMTP integration supports full HTML emails and shows the quoted email very similarly to the way that Gmail does.

====

III) Accessibility vs data protection tradeoffs. These are fine:

> Disabled persons who rely on screen readers and other assistance technologies just got screwed, thanks.

> Your email picture service is down or has server trouble, no recipient can read such mails anymore.

====

IV) Solvable problems:

> I've read your email at the office, now I can't read it at home, or on my iPhone, or vice versa.

This is solveable. See my other comment.

> Searching trough email by text will never find those emails because they contain no text. Devices with small screen sizes (iPhone and the like) can't re-layout the text (as in word wrap), making such image emails really painful to read.

NOFWD keeps an archive of the messages you send through it (which you can choose to delete or disable if you wish.) You can search this.

====

V) Are these really a problem?:

> Some email services download images for you and don't link to your server.

Really? I'd like to know which. Haven't seen this happen yet.

> Cryptographic email signing becomes meaningless as the recipient can't parse the signature and message body to verify the hash.

> A lot of spam filters might screen out emails that are nothing but an image.

[jstabbac]

I still think the right click save as is still the most troubling. Besides that you missed a couple of points, I'll help identify them here.

-Most people prefer to have emails off to stop the kind of tracking you mentioned in your watermarking point. Advertisers do this all the time.

-Could you elaborate on the quoting? I think the original poster meant that once you SEND a mail through nofwd the receiver cannot easily quote part and reply to you as they could with a text email. I think you're confusing the person doing the quoting with the original sender.

-III) is a matter of personal preference I guess. You mentioned that you see this working in government situations, there's no way they would implement this technology if there was no fallback for their disabled workers. Lawsuits everywhere!

-The archive you keep at nofwd.com - is it viewable for the receiver? I think once again you've confused the person doing the searching.

I'm pretty undereducated on the whole subject, I just noticed a couple things you might want to go back and address in your rebuttal. I hope you find a userbase for your system!

Edit: I guess the biggest issue I see with the system is that it takes away a HECK of a lot of great functionality from email (copy-paste, embedded replies, privacy as you must show images, accessibility, etc.) while adding a paper thin layer of security. Anyone can just save a copy of the image, or even screenshot their computer. If it's really critical, they can just manually re-enter the info (assuming its something as trivial as sales numbers or a condensed strategy). It seems like nofwd.com is to emails what drm is to media, something that inconveniences legit users while not stopping people from getting around it at all.

[pyalot2]

>> "There are many ways to expand this technology so that it becomes far more complex to defeat."

There are not that many ways, unless you're willing to go the whole hog and install a rootkit on the recipients machine before he's allowed to view a mail. Obviously that would be bad. Like any DRM scheme the ultimate consequence ends at a bad place.

>> "companies and government organizations, where clear policies and penalties already provide effective deterrents. This service would just supplement these policy-instruments with additional automated protection, auditing and watermarking"

If you're forced to deal with security restricted information dissemination, then email is pretty much the wrong kind of tool.

>> "Answering by quoting email works great, if you're alright with quoting everything"

That kinda defeats the purpose of quoting mostly.

>> "Accessibility vs data protection tradeoffs. These are fine:"

Sure, they're fine for you. You're not disabled.

>> "NOFWD keeps an archive of the messages you send through it (which you can choose to delete or disable if you wish.) You can search this."

I use my email clients search box to search emails in my inbox, I think pretty much everybody does. This also doesn't cover the UX issues of a large image blob that renders unreadable on devices with other screen sizes than the desktop average.

[Loque_k]

The problem you are trying to solve is impossible to solve by modifying the contents of an email.

The problem is not that people can forward emails, the problem is that an untrustworthy person has been given valuable data.

You could press printscreen, take a photo... anything you do to that email can be overcome.

This doesn't mean your development has been in vein, I am sure you have learnt a huge amount executing this, and it is great to share it. Very impressed, thank you!