Spill, Then Poof
December 16, 2011 4:11 PM   Subscribe

When you send people passwords and private links via email or chat, there are copies of that information stored in many places. If you use a one-time link instead, the information persists for a single viewing which means it can't be read by someone else later. This allows you to send sensitive information in a safe way knowing it's seen by one person only. Think of it like a self-destructing message, a One Time Secret.
posted by netbros (35 comments total) 34 users marked this as a favorite

 
This is something that's always bothered me, but never enough to look into fixing. Especially since I fear that any solution I find would be too unweildy to expect another person to use.

Great idea!
posted by mccarty.tim at 4:12 PM on December 16, 2011


"This website will self-destruct in five seconds. Good luck, Jim."
posted by yoink at 4:15 PM on December 16, 2011 [1 favorite]


Something about putting unclothed and valuable info into a web site reminded me of this, for some reason.
posted by Blazecock Pileon at 4:15 PM on December 16, 2011 [7 favorites]


A take-off on this, of course.

please god no more links to The Conet Project
posted by mykescipark at 4:19 PM on December 16, 2011


Of course anyone in a position to pull the data out of your logs, chats, etc will also be able to monitor your traffic to this site, but what the heck.
posted by Tell Me No Lies at 4:19 PM on December 16, 2011 [3 favorites]


Assuming, of course, that you trust the remote site.
posted by b1tr0t at 4:19 PM on December 16, 2011 [13 favorites]


Hmm...............
posted by Mister Fabulous at 4:21 PM on December 16, 2011


I use a skywriter for all my self-destructing message needs.
posted by desjardins at 4:21 PM on December 16, 2011 [2 favorites]


CTRL-C, CTRL-V, secret no more.

Or am I missing something here?
posted by Ratio at 4:23 PM on December 16, 2011


B1tr0t has it right. This sounds like a great way for bad guys to harvest all kinds of sensitive information from trusting idiots.
posted by Chocolate Pickle at 4:24 PM on December 16, 2011 [3 favorites]


I use Metafilter passw0rd comments to post all my secret info.
posted by perhapses at 4:28 PM on December 16, 2011 [2 favorites]


It's a good idea, but it'd need to be implemented and hosted by something like Mozilla -- open sourced and available to implement on your own servers, if you prefer -- for it to catch on with anybody who has a lick of sense.

If someone I really trusted (really, among Internet companies, only Mozilla is coming to mind) implemented it, then yeah, I'd use it sometimes. I've never been above using IM, SMS, or email to send information that probably shouldn't have been in the clear, and this'd help in those situations.
posted by gilrain at 4:36 PM on December 16, 2011 [2 favorites]


Bah, real men use steganographic Images because no one bothers checking them. Seriously guys, I've secretly been sending friends and family backups of my most important files in the form of funny cats and dogs and they suspect nothing.
posted by Foci for Analysis at 4:43 PM on December 16, 2011 [2 favorites]


> B1tr0t has it right. This sounds like a great way for bad guys to harvest all kinds of sensitive information from trusting idiots.

I don't know. I mean, I wouldn't use this. But, what can they harvest besides your IP address (which is quite often a public IP with however many dozens or hundreds of clients NATed behind) and some random password? I mean, I suppose over time they could build some sort of database but still there wouldn't be much to go on.
posted by Burhanistan at 4:50 PM on December 16, 2011 [1 favorite]


I'll keep using onetimesecret.nsa.gov, but thanks!
posted by ProfLinusPauling at 4:54 PM on December 16, 2011 [1 favorite]


Personally I use a complicated system involving the orbit of Venus, The Audubon Guide to Mushrooms of North America, and a Little Orphan Annie decoder pin. All my passwords are Ovaltine related.

Bad joke out of the way. I'm having a hard time thinking of when I'd be giving someone a password that I couldn't just call them, or tell them in person. Do such situations happen?
posted by Gygesringtone at 4:57 PM on December 16, 2011 [1 favorite]


How can I leverage this in my stalking of internet crushes?
posted by maxwelton at 5:03 PM on December 16, 2011


I would really dig a self-hosted version of this.
posted by roll truck roll at 5:04 PM on December 16, 2011 [3 favorites]


When I want to share a password with someone I ask them to sign up with lastpass which allows you to share passwords without revealing them. You can unshare at any time. Even then I'd probably change the password anyways just to be sure.
posted by Hairy Lobster at 5:06 PM on December 16, 2011 [2 favorites]


I find it interesting that they list an excerpt from a one-time-pad. It's somewhere between "we dare you to solve it" and "here, lemme put a bunch of gibberish in this square to demonstrate something that is intended for nobody to understand."
posted by Blue_Villain at 5:10 PM on December 16, 2011


Of course anyone in a position to pull the data out of your logs, chats, etc will also be able to monitor your traffic to this site, but what the heck.

No actually, they won't: https://onetimesecret.com/

Of course https doesn't stop the site itself getting hacked or compromised in some way - or just subpoenaed.
posted by schwa at 5:19 PM on December 16, 2011


Of course anyone in a position to pull the data out of your logs, chats, etc will also be able to monitor your traffic to this site, but what the heck.

No actually, they won't: https://onetimesecret.com/


Actually, you need to let the person you know the unique address for the message. So if someone is watching your unencrypted email account, they'd see your email to the intended recipient with the URL they need to click to reveal the secret. All the person that wants the information has to do is click on that clink before the intended recipient.

The could make it a little more secure if the site itself sent out the one-time URL to the intended recipient. The bad guy would need to monitor the intended recipient's inbox and know you're using the site.
posted by birdherder at 5:41 PM on December 16, 2011


I mean, I suppose over time they could build some sort of database but still there wouldn't be much to go on.
Exactly - that database has enormous value.

If you are an attacker with no information about your targets, you run a dictionary attack where you pick combinations of words-that-could-be-names and words-that-could-be-passwords. The size of those two sets is very large, and the cross product is even larger. Running this dictionary attack is very expensive.

The first improvement is to go harvest all usernames from twitter, facebook, MeFi, etc. Use that set instead of your naive words-that-could-be-names list because now you know that those words were used as usernames.

Now your attack space is smaller - you've got a list of names, and you've got a large list of possible passwords.

But if you run a honeypot where people enter "secure" information, you can gather a lot of potential passwords. People reuse passwords all the time, so some of the passwords you get will work someplace.

Now your attack space is even smaller - you've got a bunch of usernames that people have actually used, and you've got a list of secrets that people have probably used. Combine those two sets and you will probably get some hits.

Any time an attacker can get access to a list of user details, attacks become that much easier. They don't need the full set. A scrambled set of usernames, birthdays, SSNs and passwords would be easy enough to blast through a botnet at a variety of sites.
posted by b1tr0t at 7:11 PM on December 16, 2011 [2 favorites]


Of course anyone in a position to pull the data out of your logs, chats, etc will also be able to monitor your traffic to this site, but what the heck.
No actually, they won't: https://onetimesecret.com/


Unfortunately anyone who can get access to your data has compromised your box. There's this little thing called a key logger... (or they could just replace the SSL library)
posted by Tell Me No Lies at 7:31 PM on December 16, 2011


Finally, a site that replaces my fleet of homing pigeons.
posted by twoleftfeet at 7:55 PM on December 16, 2011


hahahaha most communication is insecure. if you really don't want to share it, keep your virtual mouth shut!

everyone can do their own security but people are SOOO lazy. a one time secret is great because you expect to change its target immediately. use it for the appropriate context such as initial passwords, joining a group, accepting communications, verifying consciousness like captcha, etc.

e-mail, telnet, ftp - clear text. few even use PGP or SSL or know enough to choose when to use security.

even before encryption export laws "allowed" 128-bit encryption it was simple to use multiple keys or some obscure approach that is actually intelligent. plenty of stuff is just base64 encoded or obscured with a simple hash function.

if you want you can protect your communications. read some Ron Rivest papers, they're great. discrete math, number theory & functional programming ftw.
posted by gkr at 8:17 PM on December 16, 2011


discrete math, number theory & functional programming ftw.

And then you add in human factors and it goes to shit, just like it always has and always will.
posted by Tell Me No Lies at 8:37 PM on December 16, 2011 [2 favorites]


The perfect is the enemy of the good. This isn't perfect tech, but it's better than what most people are doing now which is leaving their passwords behind in mailspools to collect dust until some enterprising hacker digs them up weeks, months or years later. With this site the window of vulnerability only lasts a few days. It's a much smaller target to hit & hopefully fairly well defended. Again, not perfectly but since they're paying attention hopefully better than most. Smaller is better.
posted by scalefree at 10:09 PM on December 16, 2011 [1 favorite]


it is kind of a low-grade service in terms of security without any credentials for a link sent by e-mail, as 'birdherder' pointed out. perhaps this suggests usage which confirms identity immediately upon connection anyway. makes sense to lockout subsequent attempts.

for many services now you sign up for something & get an e-mail link... that is a great case for one time use. add a secret along with the unique URL and the human gets to validate their transaction similarly. entering the secret in order to generate the e-mail link, then validating use of the link. the secret never need be transferred.

secure messaging is not common enough, so this lets insecure communicators eliminate the bulk of potential spies into their insecure communication systems.
posted by gkr at 10:21 PM on December 16, 2011


No actually, they won't: https://onetimesecret.com/
It's not uncommon for larger corporations to install their own signing certificates on staff PCs, so that they can silently mitm attack https and sniff it.

open sourced and available to implement on your own servers, if you prefer -- for it to catch on with anybody who has a lick of sense.

It still boils down to trusting whomever is running the server and their technical chops. If there a million of these services, whose to say which ones are trustworthy? If everyone has to run their own, this becomes a solution for the very technical only, and we already know how to use encryption, thanks.
posted by fightorflight at 3:33 AM on December 17, 2011


And then you add in human factors and it goes to shit, just like it always has and always will.
It's not so much stupidity, but lack of discipline.

For example, I once had a request for assistance from a forensics team for one of my own PCs.

Enhancer : If I send you a list of files can you check to see if they're potentially sensitive.
Me : This isn't about that PC we gave you last week is it?
Enhancer : Yeah, why?
Me : It's our PC! I've used it myself.
Enhancer : I don't understand
Me : ...
Me : *sigh* Sure, I can confirm everything is OK, especially the StolenNuclearSecrets.doc file which is in my profile.
Enhancer : Oh very funny, but we trust you.
Me : *click*
posted by fullerine at 7:11 AM on December 17, 2011 [1 favorite]


fightorflight: It still boils down to trusting whomever is running the server and their technical chops.

That's exactly why I specified Mozilla.
posted by gilrain at 9:10 AM on December 17, 2011


It still boils down to trusting whomever is running the server and their technical chops.

Don't take this the wrong way, but just trusting the site admin is a bit naive.

Onetimesecret.com appears to be hosted in a VM on Slicehost (now RackSpace Hosting) whose backup options include timed-daily and perpetual snapshots, including the option to deploy one of that snapshot image to another VM whenever. So you need to trust the admin, the host, the host's owner, etc...

The chain of trust for shared web services is an extremely long one.
posted by mhoye at 10:12 AM on December 17, 2011 [1 favorite]


[Human factors are] not so much stupidity, but lack of discipline

Agreed. If we can get humans to stop being optimistic, friendly, kind and most of all helpful, security may stand a chance...
posted by Tell Me No Lies at 1:11 PM on December 17, 2011


If I am not mistaken, hosting a text file on my own server, pasting in an https link to it, and then deleting the file when I'm done will accomplish the same thing, right? Or just send passwords via OTR.
posted by LogicalDash at 3:48 PM on December 17, 2011


« Older 30 Things to Stop Doing To Yourself...  |  Dear Humanity, I'm afraid I h... Newer »


This thread has been archived and is closed to new comments