Sending Private Notes Using Privnote

Have you ever wanted to send some highly confidential information (like credit card information or root passwords) over the Internet and were afraid others could be sniffing your traffic?. Well, I have, all the time. I've always being paranoid about this, so that's why we, at Insophia, came up with Privnote, a tool for sending private notes over the net in a very easy and secure way.

All you have to do is enter the site, write the note and click Post. Then you get a link that you can send to the only person you want to read it.

What makes it so secure then?.

Two things mostly:

  • SSL encryption makes sure the note contents never leaves your browser (neither arrives at the recipient browser) in plain text
  • When the note is read (by clicking the link) it automatically self-destructs so no one else who clicks the link could read it. If the note was not read by the intended recipient, at least he/she will known that someone else did it and that the content was compromised

What about the site administrators, you may ask, those ones who always seem to have "full power" over your data. Well, with Privnote, those cannot read your note either. The explanation is a bit more technical, but here it goes: When the note is received by the server, a note ID is created (the same ID you see in the link to read the note). The note contents is then encrypted and saved in the database but (and here's the magic) the salt to encrypt the note is not the note ID but a hash of the note ID. Hashes "one way" so you cannot go back to the note ID from the hash. So the note gets stored in the DB encrypted with a token that only the person which has the note link can read it. Oh, and we also have web server access logs disabled which makes impossible for any administrator to decrypt the note contents. So, as you can see, the only person who has the key to decrypt it is the one who has the link to the note.

As an additional feature, you can get notified when your note gets read, something that (even today) is not possible with any email or instant messaging software.

Also, I want to mention that the application is available in English and Spanish. By default, it works in the language of your browser, but you can change it using the language selector in the top right corner.

I would like to hear your thoughts about it, feel free to post any comment, criticisms and suggestions.

11 responses

I must say that this web based app is one of the most useful that I've found out there! I rally like the easy of use, that minimalist approach rulez! keep coming those apps! :D

"The note contents is then encrypted and saved in the database but (and here’s the magic) the salt to encrypt the note is not the note ID but a hash of the note ID. Hashes “one way” so you cannot go back to the note ID from the hash. So the note gets stored in the DB encrypted with a token that only the person which has the note link can read it. Oh, and we also have web server access logs disabled which makes impossible for any administrator to decrypt the note contents."


Nonsense. The note id is stored in the clear in the database, otherwise the URL wouldn't work because it wouldn't be possible to look up the requested note. Therefore anyone with access to the database can see the note id, regenerate the hash, and decrypt the note.


Asking users to trust you is one thing, but asking users to trust you and then giving a bullshit hand-wavy explanation like this one is a clear indication of either idiocy or malicious intent.

I agree with Ryan, but I'll be less of a dick about it.


I think I see what you're trying to do, but the explanation is pretty bad. Your entire concept of key management and salt needs a rewrite. Given what you said, it sounds like the system should be:


Generating a random NoteID, effectively a symmetric key
Encrypting the plaintext with the NoteID (and as much salt as you want)
Hashing the NoteID to create a database key (hopefully with salt of its own)
Storing the ciphertext with the database key as index


Which would allow the NoteID to be used as both the key to decrypt as well as a method for indexing the data. Although I got almost none of this from your description except that the NoteID wasn't stored and hashing was involved

It makes perfect sense what they're doing. Of course its possible to look up the note without storing the note ID in the clear.


For example, the database stores [HASHED_NOTE_ID, ENCRYPTED_NOTE]. When a user hits https://privnote.com/n/MY_NOTE_ID/ the server merely looks for HASHED_NOTE_ID=HASH(MY_NOTE_ID) and then decrypts the note with that hash.


There's nothing BS about it.

Even if that's the case, it still doesn't prevent a Privnote developer from decrypting the notes. In fact, it makes it even easier if the hashed note id is stored in the database alongside the encrypted note, since the hashed id itself is the decryption key. Think about it.

You're right.


Perhaps they meant that the decryption key was the note ID itself, not a hash of the note ID. With that, they could store [HASHED_NOTE_ID, ENCRYPTED_NOTE], find WHERE HASHED_NOTE_ID = HASH(MY_NOTE_ID), and decrypt the associated ENCRYPTED_NOTE.


This isn't what they said, but perhaps it is what they meant.

Agreed. Encrypting with the note id as the key and then storing only the hash of the note id would be better, but the post explicitly says "the salt to encrypt the note is not the note ID but a hash of the note ID".


In any case, it would still be possible for Privnote developers to read your notes simply by adding code to intercept the cleartext notes before decryption. Claiming that the developers can't possibly access your notes is misleading because, ultimately, the developers have full control over every aspect of the system, and could gain access to your notes even if the encryption scheme wasn't seriously flawed.

Ryan, Quin, Zain and everyone reading this thread:


I apologize for not being clearer in this article. I have written another post with a (hopefully) better explanation of how Privnote works:


http://vampiroz.org/2008/07/how-privnote-really-works.html


Please take a look and post a comment there if you have any questions.

Congratulations to Pablo and the guys at Insophia for launching a great utility.


Cheers,
Paul from Montevideo :D

I love privnote - when can I get it to work on my iPhone? Text doesn't display nor can I copy/paste generated URL's.
thanks for article