Just like in Mission Impossible, notes that self-destruct
I believe the image – from the Privnote site – explains perfectly.
Privnote lets you message people in an untraceable manner.
They are multi-lingual, in seven languages. No Japanese – but then, with the Japanese, I’m half-surprised, lately, when I do get a reply (to a regular, old-fashioned email).
“This note will self-destruct after being read.” Gotta love this.
This is what happens when you create a note in Privnote:
- You write the note and click the POST button.
- The server generates a random note id, let’s call it the NoteID. This is the 16 chars ID you see in the note link.
- The server hashes the note ID and gets a HashedNoteID = Hash(NoteID). We’re currently using SHA-1 as the hashing algorithm, but the particular algorithm is not very important here.
- The server encrypts the note contents (and also the email and reference, if there is any) using the NoteID, and stores the encrypted version in the database using the HashedNoteID as the database primary key.
If someone with access to the database would like to read the note she would be unable because she doesn’t have the key to decrypt it (NoteID), only the database primary key (HashedNoteID). The HashedNoteID cannot be used to “go back” to the NoteID because hashes are “one-way.” So the only person who can actually decrypt (and thus see) the note is the one who has the original NoteID or, in other words, the one who has the link to the note.
This is what happens when you view a note in Privnote:
- The server extracts the NoteID from the URL.
- The server hashes the NoteID and gets the HashedNoteID. This is the same HashedNoteID used when generating the note, since the NoteID used to make the hash is the same in both cases.
- The server retrieves the note from the database using HashedNoteID as the database primary key and decrypts its contents using NoteID as the encryption key.
- The server shows the page with the decrypted note.
- The server permanently deletes the note from the database, keeping only a record of the HashedNoteID, the time when it was read, and the IP address where it was read from, to show it when someone tries to see the note again.