How to Send Messages That Automatically Disappear

Not exactly about books, but it’s New Years Day and the pickins are slim. (See also, Slim Pickens)

From Wired:

MANY MYSTERY AND spy movies are based on the premise that you can send messages that self-destruct, but you don’t need to be an international secret agent to do the same with your own texts.

In fact, most popular chat apps now include some kind of disappearing message feature—which means that if you don’t want a permanent record of your conversation, you don’t have to have one. In fact, encrypted messaging app Signal made its disappearing message feature the default.

While it’s handy to have chat archives to look back on for sentimental and practical reasons (recipes, addresses, instructions, and more), there are other times you’d rather nothing was saved. Here’s what to do.

There is a caveat here for all of these apps, in that the people you’re communicating with can take screenshots of what you’ve said—or, if screenshots are blocked, they can take a photo of the screen with another device. Some of them promise to notify you if your messages have been screenshotted or downloaded, but there’s always a workaround. That’s something to bear in mind when choosing who to chat with and how much to share.

Signal

The disappearing messages feature in Signal is an option for every conversation you have, and now it’s available by default or by an individual conversation: You can switch between disappearing messages and permanent messages at any time in any thread. To do this, tap the top banner in any thread, then pick Disappearing messages.

You can choose anywhere from one second to four weeks for your messages to stick around after they’ve been viewed (or choose Off to disable the feature). You can even set a custom timer—you could tell a message to be gone in 60 seconds. An alert appears in the chat whenever you’ve changed this setting, and anything you send from then on follows the rules you’ve set.

To set a default expiry time for messages in all your chats, open the main app settings page and choose Privacy and Default timer for new chats (under Disappearing messages). This applies to every chat you initiate from then on, not to the existing conversations on your phone.

. . . .

Instagram

Instagram has now gone way beyond photo-sharing to cover Snapchat-style stories, direct messaging, and more. The direct messaging component lets you send photos and videos that stay on record or disappear once they’ve been viewed, though text always stays in place.

Head to your conversation list in the Instagram app, then open the thread that you want to send the disappearing message to (tap the compose icon, top right, if you can’t see it). Tap the camera icon on the left of the compose box and capture the photo or video you want to send.

Down at the bottom of the screen, you’ll then see various options for what you’re sending: View once, Allow replay (which is really view twice), and Keep in chat. Pick whichever you prefer before confirming with the Send button.

Link to the rest at Wired

Security by obscurity is far from a foolproof solution, but if PG were planning to send a bunch of secret messages, he would be inclined to set up a bunch of free email addresses for the purposes of both sending and receiving secret messages.

PG and his secret correspondent would each write their secret message offline, then encrypt the message offline using one of many open-source encryptions programs then send the message to one of the free email addresses.

PG would identify each free email address with a common name like Jim or Becky and provide his correspondent with the list.

In each encrypted email, PG and his online correspondent would mention one of the names in an offhand manner like, “I think Jim might be interested in seeing this.” The friend’s name (or the name of the last friend mentioned in the email) would identify the next email box to be used to send/receive the next encrypted message.

A variation on this system might involve setting up several free email addresses to automatically forward messages to other free email addresses.

Using both US-based email services as well as non-US email services would make tracking messages even more difficult.

Every couple of weeks, PG would create an entirely different set of free email addresses and send the encrypted list to his correspondent. PG might also be inclined to send out encrypted garbage to a whole bunch of email addresses that weren’t his intended recipient.

If PG and his correspondent were able to use computers at various locations and connecting to different Internet Service Providers, more obscurity would result. Throw a VPN with multiple nodes in multiple countries and rotating VPN locations increases the complexity of interception.

PG is informed that large government agencies are capable of cracking a great many encryption algorithms. One reason why PG would be inclined to use open-source encryption is that the source code is available for all to see for debugging and security-checking purposes. This doesn’t mean that open-source encryption can’t be cracked, but with many eyes watching (unlike the situation with encryption software than is not open-source) any cracking weaknesses in the open-source system are probably more susceptible discovery than a black-box encryption program.

Again, PG understands that a super-duper-mega-encryption system created by geniuses is the single best way to communicate confidentially, but demonstrating that such a system is uncrackable is quite difficult, perhaps even impossible.

PG expects that some of the visitors to TPV are far more fluent on this topic than he is and is happy to hear critiques, comments, etc., from one and all.

12 thoughts on “How to Send Messages That Automatically Disappear”

  1. One of my favorite books is Simon Singh’s “The Code Book,” in which he takes you through the history of cryptology. At the end of each chapter, he provides a coded message and you’re invited to crack it using the techniques described in that chapter.

    If you work your way through the book, by the time he gets to Pretty Good Encryption, you’ll have a better understanding of the challenges and ethical dilemmas involved in sending secret information.

    He points out that a code, to be effective, has to be uncrackable until the message’s contents don’t have to be a secret. So the more encrypted a message, the longer it takes for the contents to be cracked and action taken by the authorities.

  2. There are a great many ways to create a secret message that cannot be cracked. The classic “one time pad” is about the simplest. (I saw an interesting one some time ago that follows the absolutely ancient technique of writing your message on a strip of paper wound around a rod. The new thing was that the “strip” was wound around a hypergeometic “rod” by your computer. You can’t unscramble the message unless you have the exact same shape available.)

    The problem for anyone trying to run a conspiracy is hiding that you are sending a secret message, and/or what parties are sending and receiving it. Over the internet, this is essentially an impossible task – even with a VPN, the server has to know where the message is coming from, and where it needs to go – all that a bad actor with sufficient resources needs do is compromise the VPN server.

    • Maybe you don’t hide that you are sending anything. People upload stuff on public platforms all the time these days. Easy to hide a message inside a harmless image. Think of a book cipher hidden with image or video steganography. Posted on Instagram, snapchat, or anything. A mailing list even.

      The first step is knowing somebody is actually sending ciphered messages inside those cute cat videos. Then they have to extract tbe ciphered message and figure out how to read it. For extra fun you can use base 8 numbering. Or base 12, 20, whatever. Binary would be too obvious. 20 would be good because few books have that many words in a line. Choose tbe words carefully and the nunbers can pass for base ten.

      All sorts of variations that are easy to implement with a bit of coding (or freeware!)

      https://listoffreeware.com/list-of-best-free-steganography-software-for-windows/

      Hard to break without knowing the key book and edition. An ebook version would also require the settings on the reader device. An extra bonus is that multiple recipients can get different messages in the same file. Maybe with the same number string. (That would require more coding sophisticated software but still be doable.)

      Useful for mysteries or alternate reality scavenger hunt games.

      • Felix, the main problem with digital steganography is that all video and audio, and most static images, are compressed. Unless you use lossless compression, your message is almost certainly going to be destroyed by the process – digital steganography depends on modifying the least significant part of the data, which is also the target of any “lossy” compression.

        A bad government actor can eliminate the vast majority of possible steganographers by just filtering out anything that uses lossless compression to transmit their files. (I admit, I do use lossless JPEG when sending a cover to Amazon – but that is because I know that they are just going to compress it again with a “lossy” method. Doing a “lossy” compression twice can do very strange and undesirable things to an image.)

        Hmm. That said, I do wonder whether it would work to use steganography with a true random* one time pad method. The snoop would tag the file as “suspicious,” but they would not be able to find anything in it, so would most likely simply label the sender as probably OCD, and move on…

        * True random, such as a file generated from sampling AM radio static. Any pseudorandom sequence generated by algorithm, no matter how good, is toast when confronted by today’s massive multiprocessing systems.

        • Steganographic content can be embossed on top of the already-lossily-compressed data using a bit-level editor (often invisibly; there are bit-level editors that are pretty “wysiwyg” available if you know where to look). That way, the lossiness — or not — of the compressed image-or-other-media is utterly irrelevant. There are centuries of history of steganographic methods, most of which have digital analogs obvious to, as patent law puts it, “those skilled in the relevant art.”

          Of course, the digital steganographer must also be sensitive to touch and similar problems; if the metadata alphanumerically embedded in a file doesn’t match the metadata in the file header, the file merits further examination — and determining that is a bulk, automated process that has been used to catch and convict more than one pedophile (discussed in publicly available motion papers). That’s right: As with almost everything else related to the ‘net, porn — and especially illicit porn — leads the way. (Whether one should follow is for another discussion entirely.)

          • Besides, several of the steganography apps output compressed files to start with and not all the hosting platforms even try to recompress an already compressed file.
            And those are the publicly available tools.

            The dark world guys have much better. Better incentives, too.

  3. Just remember this:

    The people who know the most about both keeping communications secret and piercing any veil of secrecy can’t and don’t talk about it. And on top of that, sometimes the methods inadvertently disclosed by a secret’s “expiration” are as revealing as the actual expired secret. I may say no more than the publicly disclosed and acknowledged designator “Venona” (while I snicker, offline, at the mistakes and misrepresentations in wiki-type-thingy discussions thereof) as a far-from-exclusive example.

    You may ponder the irony that the greatest expertise in comsec can’t talk about comsec to anyone who doesn’t already know about comsec at your leisure.

    • Agreed.
      It’s why I limit my curiosity to plot-worthy tricks.
      Anything the likes of me can run into is going to be hopelessly out of date and ineffective.
      Not a rabbit hole worth diving into and I’m not paranoid enough to think otherwise.

      • It’s not [comsec] paranoia when They really are out to get you. And They are.

        The plot-worthy question is identifying Them…

        • In my case, the joke’s on Them.
          There’s nothing to gain by “getting” me.
          All my money goes to debts, books, and streaming. 😀
          It’s liberating; I get to be as overbearing and contrarian as the mood strikes me. 😉

          • <intended-as-humor> Please repeat that into the vase in the corner. No, the other one.

            Perhaps Comrade Colonel will enjoy my little joke…

Comments are closed.