Social Web Apps Design
Online Community Development
OsakaBentures  »  English Blog   »   Privnote: to get the last word in

Privnote: to get the last word in

by Saul Fleischman on May 23, 2012

Just like in Mission Impossible, notes that self-destruct

I believe the image – from the Privnote site – explains perfectly.

This is a testament to good design and a flawless user experience. Point and shoot, you see it, you know what to use it for, and how.

Privnote lets you message people in an untraceable manner.

They are multi-lingual, in seven languages. No Japanese – but then, with the Japanese, I’m half-surprised, lately, when I do get a reply (to a regular, old-fashioned email).

“This note will self-destruct after being read.” Gotta love this.

This is what happens when you create a note in Privnote:

  1. You write the note and click the POST button.
  2. The server generates a random note id, let’s call it the NoteID. This is the 16 chars ID you see in the note link.
  3. The server hashes the note ID and gets a HashedNoteID = Hash(NoteID). We’re currently using SHA-1 as the hashing algorithm, but the particular algorithm is not very important here.
  4. The server encrypts the note contents (and also the email and reference, if there is any) using the NoteID, and stores the encrypted version in the database using the HashedNoteID as the database primary key.

If someone with access to the database would like to read the note she would be unable because she doesn’t have the key to decrypt it (NoteID), only the database primary key (HashedNoteID). The HashedNoteID cannot be used to “go back” to the NoteID because hashes are “one-way.” So the only person who can actually decrypt (and thus see) the note is the one who has the original NoteID or, in other words, the one who has the link to the note.

This is what happens when you view a note in Privnote:

  1. The server extracts the NoteID from the URL.
  2. The server hashes the NoteID and gets the HashedNoteID. This is the same HashedNoteID used when generating the note, since the NoteID used to make the hash is the same in both cases.
  3. The server retrieves the note from the database using HashedNoteID as the database primary key and decrypts its contents using NoteID as the encryption key.
  4. The server shows the page with the decrypted note.
  5. The server permanently deletes the note from the database, keeping only a record of the HashedNoteID, the time when it was read, and the IP address where it was read from, to show it when someone tries to see the note again.
About Saul Fleischman

Founder of emerging social media tool sites. Bootstrapping innovation with lean startup development teams. I do project management, user experience, PR, marketing and community development.

su.pr size it! http://su.pr/2CXuBw

Related OsakaBentures Must-Reads

  • Samantha Bangayan

    Wow! That’s fancy technology that I don’t completely understand. But I am impressed by the security of it all! =) I was just worrying about this today when I installed a new note-taking program. =P

  • Mike Simon

    This is a cool idea. I’d also like to be able to show it to them in a timed fashion to prevent screenshots. :)

    • Saul Fleischman

      See, this is what ideation is all about: improving on each other’s stuff. Thanks @nixkuroi:twitter

      • Mike Simon

        This is your site? Pretty sweet.

        • Saul Fleischman

          Not, just something I came upon in StumbleUpon, Stumbling my topics.

  • Sandor Benko

    Very James Bond-ish. There are practical applications though. Thanks for the info!

Previous post:

Next post:

All rights reserved, OsakaBentures 2012