[pencilo]

>The main thing to point out is that by uploading a message it is still possible to get access to your message in a permanent state either by screen shotting or finding the image source. The tool exists for people who have no interest in keeping the messages you send. Please don’t blame us for message leaks.

So I can't send this to people I dont trust and I have no way to guarantee that delete.im doesn't save my messages. What exactly do I gain from this over just clearing my local logs?

As as security person these 'forgetful' services really bother me because people tend to claim that they offer the world but there is no way to actually guarantee any of it. More importantly there _fundamentally_ isn't a way to prevent the other side from saving the message. Without end-to-end encryption there isn't a way to make any claims about what is stored by the service.

And before you recommend end-to-end encryption in a browser based service don't forget that we know exactly how those get MITM'd: When a warrant comes in you serve that person a different webpage with broken encryption/leaks.

This is the same rant I had about Snapchat, and the same rant I'll have about the next forgetful .* service. The only claim they have to actually being forgetful is a promise and you'll never see them stand behind any actual privacy claim because they cant and they know that.

tl;dr Please stop making 'forgetful' services or 'view only once' services.

[arthurgibson]

Slick UI, @doki_pen something built something really similar a few months ago with crap.io, its on github:

https://github.com/dokipen/crap.io http://crapio.doki-pen.org/

[panhandlr]

Preach it!

[pencilo]

These services deeply anger me and it is pretty hard not to launch into rants when I see them unfortunately.

I have an honest question for you HN: Do you not see these services as fundamentally broken? Would it be worth writing a long post somewhere breaking down exactly why these services are broken at best and bad in general? I'm deeply afraid that the public will start seeing these services as providing actual privacy and start using them as such.

[nazwa]

Pencilo, I can really see your point but I that's not why we made it.

Delete.im is not supposed to keep you safe from hackers or NSA. It's only to prevent sensitive data from lying around your chat history or emails. That's pretty much it. It's a completely different concept from snapchat and the others.

[pencilo]

This isn't about hackers or even the NSA. The NSA is like the final boss. This isn't even passing level one.

The point is that you don't actually offer me any more privacy than if I just used the 'Off The Record' feature of many chat programs or deleting my logs.

Are 'off the record' conversations deleted the second they fall off your chat history? I doubt it. Are delete.io messages deleted once the server started returning 'this message is unavailable'? I doubt that too. More importantly I can't verify if you delete them then or even at all.

Now my sensitive data is not lying around in my chat history or emails, it is lying around on your server. If my logs are only stored locally I can delete them. Likewise if I control my email server I can delete them.

How can I prevent sensitive data lying around on your server? Are you more trustworthy than my email? Why?

The comparison to Snapchat and friends comes from the 'limited number of views' or 'viewable only for a time' feature. These features are trivially broken at best and misleading to non-technical people. These are marketed as privacy features and they're a lie.

If you want to bill your service as a pastebin style service that removes files after a time then go right ahead, I will not have issues with that.

If you want to claim that those features are to protect sensitive data? Then I have a problem. Services built around working with sensitive data need to be held to a higher standard.