Do self-destruct emails require that the receiving computer gets malware-infected?
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Do self-destruct emails require that the receiving computer gets malware-infected?
Someone said emails can be made to self-destruct when they reach their destination and are read. Does this require that the receiver's computer gets infected with malware?
This site suggests the email itself isn't sent - an encryption key to allow you to open the email on the sending server is sent instead. Once you use that key the email on the sending server is deleted.
The likelihood I would click on such a link from an unknown source is zero. The likelihood I would allow anything to run a script of some sort from within the email so it installed malware is also zero.
There are companies I've dealt with that do send me messages to open a link to see the actual message. (Many Banks do this for B2B now.) However, I haven't dealt with any that delete the message after I first view it. I can click the link as often as I want. Also most such sites actually require me to create my own login account on the sending server then login before I can view any messages.
Cisco offers a service called Cisco Registered Envelope Service (a/k/a Cisco Res) that companies can use for this purpose. There are 2 different companies I've gotten Cisco Res emails from and the login I created for the first one is the same used for the second one. (In fact it wasn't until I did the second one that I realized I'd previously signed for the first one.) Other partners seem to have their own internal service.
Of course "internal" these days is a bit muddled - many are using Google apps including email or MS Office365 so their "internal" email is actually hosted by an external provider.
Last edited by MensaWater; 10-11-2017 at 12:33 PM.
There really is no substitute for using an e-mail client program (versus "web-mail") which supports cryptographic security. There are two well-known standards – GPG (PGP®), and S/MIME.
Microsoft Outlook®, for instance, supports S/MIME out-of-the-box, even in their consumer versions. So does OS/X.
With both of these systems, the various parties who are communicating set up cryptographic credentials, placing their public keys on a commonly-available key server. Messages sent by any party are automatically "signed" using their key, which the recipient can (and does, automatically ...) verify. Messages sent to any party can optionally be encrypted using the recipient's public key, which (only) the recipient can then decipher.
The process is completely transparent, unless you receive an un-signed message from a party whom you expected to have signed it, or a message that you are unable to decrypt!
As an illustration of why this is important: once I got an e-mail message, "from my wife," "sent from her iPhone," which said that her car had broken down (nearby!) and would I please come to help her. Which of course is very strange because she was sitting in the next room at the time, using her Android phone! (I immediately called both the local police and the FBI office. I don't know what happened next.) Nevertheless, when the message arrived, it was instantly flagged as "suspicious" because it didn't bear her digital signature. Therefore I knew – even if she had not been home at the time – that the message probably didn't actually come from her. Was someone trying to set me up for an armed robbery? I'll never know.
You also have "automagic" assurances that the message which you received is bit-for-bit the message that was sent. Criminals can intercept an e-mail and substitute a different e-mail in its place. But they can't change signed message-content, not one "bit," without being detected.
It completely baffles me why corporations have not long-ago embraced this, given the sensitivity of the e-mails that they sent out every day. And why GMail, the world's most widely-used webmail service, having once supported it, took it out.
Last edited by sundialsvcs; 10-12-2017 at 09:19 AM.
Spooky indeed. Are you possibly of value for reasons other than money, such as speaking too loudly about conspiracies?
An interesting Utter nonsense. idea ... I hadn't You're not being watched. even thought of that.
I think that you should be using a secure app for "text messaging," and secured e-mail for that form of communication, for exactly the same reasons that you have been taught to use "https" web sites. Not necessarily to encrypt the communication, but at least to vouch for it. The technology to do so is readily available, is standardized, and it works unobtrusively. Like any good deployment of crypto security, "you don't have to think about it or, really, pay much attention to it."
When you receive a paper letter in your mailbox, notice who it's from and open the (sealed) envelope, you already have pretty good assurance that "your friend" sent you a letter and that you are now holding an un-scissored copy of it. (Unless you are revealing that on 9/11 what really happened was ##CENSORED##.) You have no such assurances on the Internet, and there really are people out there who will exploit it ... and you.
- - - - -
Today you should also assume that "a copy of your message will never go away." Even if a mail service promises to give your message the ol' Mission: IMPOSSIBLE treatment, just assume that they won't. Somewhere out there, there's a government agency who could issue a (secret?) subpoena or search-warrant, and they have to be able to honor it.
(Furthermore, the Honorable Court can serve such a warrant upon you, and in that case you haveto honor it ... They can certainly oblige you to reveal encryption keys (to the Court), and if there are any laws concerning your communication – e.g. financial securities – you are obliged to keep your own archives, encrypted though they be, and to be able to decrypt them if ordered.)
I frankly find the benefits of such services to be very doubtful. I want to encrypt or sign the message myself, and likewise verify the signature. If the message is secret, I want it to pass through all public transports in an encrypted-by-me/signed-by-me state, from the moment it leaves "my" computer until it arrives at "yours."
Last edited by sundialsvcs; 10-13-2017 at 08:51 AM.
It's funny how the same technically savvy person who can endlessly dive in the deep waters of linux, the same person can be utterly clueless in politics. I bet you think Stephen Hawking is alive.
However, "self-destruct" emails can't exist: The process of sending an e-mail involves the creation of multiple copies of that e-mail. It's not a paper letter.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.