PrivNote Self-Destructing Messages

Privnote Self-Destructing Messages

I recently found a service that I enjoy using.  It is called PrivNote and it allows you to transmit small bits of encrypted text via a URL.  Here is how it works.  First navigate to https://privnote.com.  The very simple interface offers you a compose pane and prompts you to “Write your note here…”  You enter your message and click “Create Note”.  Your note is encrypted and you are given a URL that you can share with the intended recipient.  Privnote does not transmit the link for you – it is your responsibility to copy it and paste it into an email, text message, etc.  Once you have sent the note the real fun begins.

Privnote Self-Destructing MessagesWhen the recipient clicks the link, he or she is directed to a page with a stern warning about opening the note.  It says, “You are about to read and destroy the note with ID ______”.  When the recipient clicks “Yes, show me the note” its contents are displayed.  As soon as the note is closed the note is permanently deleted from Privnote’s server and is inaccessible to anyone, including you.  This allows you a high degree of assurance that the note was read only once.

You can make this service a bit more robust by clicking on the “Show options” button on the compose page.  This will let you set a password for the note.  Unfortunately you would have to have a pre-arranged password in place, or send it through another service.  Privnote also allows you to be notified when the message has been destroyed.  For this you must provide an email address.  I recommend a Blur> masked email address.  Finally, you can set the a destruction time on the note, from 1 hour to 30 days.  After the set period has expired the note will be permanently deleted.  Reading Privnote’s privacy page, it seems that all notes are deleted within 30 days, anyway, but if traffic is exceptionally sensitive you may not wish for it to be available for more than a few hours.  You can also manually destroy the note by visiting the URL.

Privnote Self-Destructing Messages

A quick read of Privnote’s privacy policy gives me some confidence in the service.  They do not log IP addresses and claim informaiton is inaccessible.  This is backed up by another researcher who explains how Privnote really works.I can think of a couple use-cases for Privnote.  If I were crossing a potentially hostile border with encrypted data and did not wish to have the password in my posession, I could post it to Privnote.  Once safely across I could visit the link, retrieve the password, and access my data.  If I needed to send a symmetrically encrypted file to a friend, I could send the password via Privnote.  Anyone with the capability to intercept our traffic would (read: should) not open the message for fear of discovery.  The best practice would be to send the password first.  Once safely retrieved with some confidence it had not been intercepted, the file itself could be sent.

Another purpose that Privnote could be used for is to see if your email is being intercepted.  I would do it this way: first, create a note but do note password protect it.  Set the default destruction for thirty days, and set a notification email.  I would then insert the note into an email, probably as a hyperlinked word rather than as a naked link.  Next, I would send this email to an address that I control so I know it will not be opened.  And then I would wait; if the note is opened I will receive an email address notifying me of the fact, and letting me know someone is reading my mail.  This will obviously not reveal an attacker who knows about Privnote, but it will probably defeat your snooping boyfriend or roommate.

ADDENDUM:  By sheer coincidence, just shortly after finishing this post I ran across a strikingly similar service.  This one is offered by the makers of blackVPN. The service is called ReadThenBurn.  Much like Privnote it allows you to share your message through a URL.  It also allows you the option of sharing it via a QR code.  Messages are deleted once they have been read.  ReadThenBurn does not offer notification.  Because I have not had much chance to work with I can’t fully recommend it, but I will say that blackVPN’s reputation is otherwise sterling and this is probably a worthwile encryption tool.

If you enjoyed this article and would like exclusive content, sign up for the Operational-Security Newsletter.

Leave a Reply