A simple way is to upload it somewhere where it's only viewable with a restricted Flash viewer to prevent copy/paste, then delete it once it expires. Of course, the person can always take a screenshot or photograph the monitor or something like that. Most temporally-limited email services do not deliver the message itself, but a link to it.
I'm going to guess its HTML emails that use javascript to download a decryption key. The js could hash it's own functions to avoid tampering. Rudimentary cut-and-paste protection could be enabled (don't know if the MUA would honour it though). Remove the key from the URL when you want the email to self-destruct (I'm thinking htaccess going to a db so you've set the date in the db beyond which the URL redirects to a key which causes the display of "sorry this email has expired" rather than the plaintext. Add a print-style sheet to blank out an attempt to print it.
Wouldn't work against screenshots and would be reasonably easy to crack but for the "man in the street" I can see it working?
I'm sure there is a far better more devious way of doing this.
2 comments
[ 335 ms ] story [ 184 ms ] threadI'm going to guess its HTML emails that use javascript to download a decryption key. The js could hash it's own functions to avoid tampering. Rudimentary cut-and-paste protection could be enabled (don't know if the MUA would honour it though). Remove the key from the URL when you want the email to self-destruct (I'm thinking htaccess going to a db so you've set the date in the db beyond which the URL redirects to a key which causes the display of "sorry this email has expired" rather than the plaintext. Add a print-style sheet to blank out an attempt to print it.
Wouldn't work against screenshots and would be reasonably easy to crack but for the "man in the street" I can see it working?
I'm sure there is a far better more devious way of doing this.