DestroMemo.com - AES Encrypted Self-Destructing Messages

[lyth0s]

DestroMemo.com

I would like to introduce you guys to DestroMemo.com. DestroMemo.com allows you to store encrypted messages that will be destroyed after 1 successful view or 3 incorrect decryption attempts with plans to add more features in the future.

Purpose
I have noticed that many websites tend to keep private information stored in their database or in backups of the databases for a VERY long time. The problem here is that if your forum account or website ever gets hacked then the hackers now have the information regarding BOTH what you purchased AND your address that it was sent to. This is also true for many online marketplaces, such as anonymous versions of eBay. Also if the NSA or other government entity ever gains control over or hacks these sites, once again that private information is readily available to them.

My service allows you to disconnect the link from what you are discussing/purchasing on the forums and the private information that you would like to give to the other forum/marketplace member.  

Example 1: Person A wants to buy a bar of gold from Person B via an anonymous bitcoin auction site. The deal is made as normal on the auction site and then person A sends person B a DestroMemo link with the password to decrypt the message. Person B then reads the DestroMemo and sends the package to that address. Upon reading the DestroMemo it gets destroyed, never to be on the internet again. 6 months later the auction site gets hacked/raided and the hackers try to find out what address the bar of gold went to that they know Person A bought. They can see the DestroMemo link and password that Person A sent to Person B on the auction site, but when they visit DestroMemo the encrypted message no longer exists. If DestroMemo is then hacked/raided that information is still no longer available and thus there is no connection between Person A's bar of gold and the address it was sent to.

I'm sure there are many other use cases for DestroMemo and I will list the most important ones as time goes on.

There is only a 0.0015 Bitcoin fee ($0.50) to store your encrypted message on DestroMemo, so it is quite economical for all transactions to use it as well as whenever you want private information to only be accessible by the receiving party.

All comments/suggestions are greatly welcomed!

[deluxeCITY]

It sounds like your site would be controlling the private encryption keys, which the security minded generally will not like.

I also don't get how your service will delete a message after three failed attempts. Is this essentially saying the message will be deleted after you try to login three times unsuccessfully?

I would think that people would be more willing to use simply PGP encryption (with the agreement that messages will be deleted after they are read).

[lyth0s]

It sounds like your site would be controlling the private encryption keys, which the security minded generally will not like.

I also don't get how your service will delete a message after three failed attempts. Is this essentially saying the message will be deleted after you try to login three times unsuccessfully?

I would think that people would be more willing to use simply PGP encryption (with the agreement that messages will be deleted after they are read).

The password you choose and a random salt creates the encryption key which is not stored. The system rewrites the encrypted data and then deletes it after 3 unsuccessful decryption attempts.

Deleting some PGP info from your PMs means nothing since most websites never truly delete anything. Ask theymos to recover your very first deleted PM, its all still there. Or like silk road, if they did actually never truly delete transaction info then the NSA FBI etc now have all of those users data. I'm providing an additional layer of protection for people instead of just PMing private info

Without your password there is no way to decrypt the information.

If you have 0.0015 bitcoin to spare I suggest trying it out

[deluxeCITY]

I have read that if both users delete a PM within a certain time of it being sent then it will be permanently deleted from the forum servers (and will not get backed up).

Even if your old PMs are saved PGP will still protect you as long as an attacker does not have the private PGP key. One way around having to worry about this, both you and the person you are talking with can generate a new PGP key for each conversation and delete your PGP key once the conversation is over.

Anyone using your site would need to trust you enough to not read what is being sent, and would be subject to potential MITM attacks.

[lyth0s]

Assuming that a site doesn't keep PM backups as part of their normal DB backups also requires trust. Sending a PM is also subject to MITM attacks. If you create a new private PGP key and securely get it to your other party each time you attempt to send private info your definitely doing a good job.....but I think most transactions don't happen this way.

I offer an easy solution to the problem whereby you now need at least two malicious websites or both sites to be hacked at the same time in order to get your private info.

Even if I maliciously stored the info unencrypted I wouldn't know who left the message or who its recipient was and I wouldn't know the context nor meaning of the info etc

[deluxeCITY]

I don't see how you would need two sites to be compromised in order for a MITM attack to be successful. If for example someone is sending payment information you could change the payment address.

The most commonly reason for people to encrypt messages is because they are sending sensitive information (things like private keys, passwords, ect). You would not need any context or to know either of the parties speaking to each-other in order to do damage.

I also think your price is somewhat high, but I guess the appropriate price for this kind of service is up to the free market.

[lyth0s]

I don't see how you would need two sites to be compromised in order for a MITM attack to be successful. If for example someone is sending payment information you could change the payment address.

The most commonly reason for people to encrypt messages is because they are sending sensitive information (things like private keys, passwords, ect). You would not need any context or to know either of the parties speaking to each-other in order to do damage.

I also think your price is somewhat high, but I guess the appropriate price for this kind of service is up to the free market.

I'm not talking about MITM attacks, that can happen when you use anything to transfer data. Even BTCTalk could change payment addresses when you send a PM. I'm also not talking about storing private keys or passwords.

My service unlinks the connection between what was purchased and where it was sent. If my website gets hacked or overtaken by the NSA they don't know what was sent to that address. If the auction site gets hacked, they don't know where the product was sent. Do you see the protection?

[b!z]

Why couldn't a person just use PGP?

[lyth0s]

Why couldn't a person just use PGP?

Could you explain the process you're invisioning?

[lyth0s]

My service deletes the message after it has been ready so no worry about lost/stolen private PGP keys. Also my service makes it so the recipient doesn't already have to have a public PGP setup.