Burn After Reading

There are some basic principles this has been designed to:

1. That the writer can create a single note
2. That the reader can read the note once, and once only
3. After the note has been read, the contents are erased

To support this we have ensured that only the writer and the reader can ever know the contents. So, technically behind the scenes the following happens:

• The writers note is submitted, and has any non-safe HTML removed to prevent any XSS attacks.
• A random dice ware pass phrase is created.
• The pass phrase is used to encrypt the writers message, which is then stored encrypted.
• The pass phrase is then hashed and stored. This hash value cannot be used to decrypt the message.
• The URL and pass phrase are displayed to the writer and this is the only time the pass phrase is shown
• When the correct URL is put into a browser, the pass phrase is checked against the stored hash. If correct, the given pass phrase (not the hash) is used to decrypt the message
• The message is then deleted from the database - effectively burned to ash

There are a few limitations and enhancements we are working on.

• Messages are limited to 0.5 MB or 512 KB. It is something we're looking at larger sizes for subscribers
• Images are embedded into the message as a Base64 encoded image, so encrypted with the text as the above process
• Notes are checked to be auto burned every 15 minutes, so if you have a very specific time it may be a small lag of it being burned
• All times are in UTC

Planned enhancements are:

• Increased message sizes
• Local timezones added via your profile
• Language localisations
• Headed notes, add your company stationary to the top of the messages
• Company and user management - have multiple users per company account with central features
• Login with LinkedIn

Currently, we keep the subject line and plan to add user registration so that you can see the subjects that you have shared, and when they were burned. Watch this space.