Whisper Adds Self-Destructing Messages to Signal Email
It’s the stuff of spy novels: What if you could send sensitive information in a message and have it automatically self-destruct after its intended recipient read it?
Whisper Systems’ latest release of the end-to-end encrypted Signal email service is making that happen in the digital realm, by including support for disappearing messages.
With the update (for iPhone, Android and desktop), any conversation can be configured to delete sent and received messages after a specified interval. The configuration applies to all parties of a conversation, and the clock starts ticking for each recipient once they've read their copy of the message.
“Disappearing messages are a way for you and your friends to keep your message history tidy,” the company explained, in a blog. “They are a collaborative feature for conversations where all participants want to automate minimalist data hygiene.”
Of course, cameras have always been the bane of auto-destruct messages—at least, according to Get Smart, et al, and Whisper cautions users to keep this in mind.
“[This is] not for situations where your contact is your adversary — after all, if someone who receives a disappearing message really wants a record of it, they can always use another camera to take a photo of the screen before the message disappears,” the company said.
The disappearing timer values range from five seconds to one week, giving users a range of options for ephemeral message history.
Of course, the idea of disappearing messages has been done before, most notably with Snapchat. Snapchat differs however because unopened Snaps remain on the company’s servers for 30 days, making them readable by the company and subpoena-able by law enforcement. Facebook also launched something similar over the summer, called “Secret Messages” within Facebook Messenger. There’s a downside here though: Messenger is designed so that a user can begin a conversation on one screen and finish it on another, which end-to-end encryption throws a wrench into. So Secret Messages are locked to one device and users must opt-in to use the feature.
“That’s because many people want Messenger to work when you switch between devices, such as a tablet, desktop computer or phone,” the company said at the time. “Secret conversations can only be read on one device and we recognize that experience may not be right for everyone.”
Speaking of encryption, the Signal release also includes support for Signal Protocol's numeric fingerprint format for verifying messages, dubbed "Safety Numbers" in Signal. Safety numbers can be verified by either scanning a QR code or by reading a string aloud.
The numeric fingerprint format has several advantages over the old hex strings:
“They're easy to localize,” Whisper explained. “Hexadecimal isn't compatible with all alphabets, so it left a lot of people out. Likewise, using a wordlist from a single language wouldn't be very accessible and trying to localize wordlists to make cross-language comparisons possible is very error prone. However, all common languages have a representation for base 10 digits that safety numbers can easily be localized into.”
Safety Numbers are also visually and audibly distinct, and relatively compact: Users compare 12 groups of 5 digits with each other, which is half the size of the previous hexadecimal format.
Photo © Bonezboyz
Source: Information Security Magazine