How Privnote Really Works

Given the recent popularity of Privnote as consequence of appearing in ReadWriteWeb and the front-page of Digg, a rather heated discussion has arisen about whether notes send through Privnote are really protected against someone with access to the Privnote database.

We believe it is, and I'll explain the reasons here by detailing the exact process used to store the notes in the database. I did try to explain it before in this post but unfortunately the explanation was obfuscated at best, and incorrect at worst.

So here's what happens when you create a note in Privnote:

  1. You write the note and click the POST button
  2. The server generates a random note id, let's call it the NoteID. This is the 16 chars ID you see in the note link
  3. The server hashes the note ID and gets a HashedNoteID = Hash(NoteID). We're currently using SHA-1 as the hashing algorithm, but the particular algorithm is not very important here
  4. The server encrypts the note contents (and also the email and reference, if there is any) using the NoteID, and stores the encrypted version in the database using the HashedNoteID as the database primary key

If someone with access to the database would like to read the note she would be unable because she doesn't have the key to decrypt it (NoteID), only the database primary key (HashedNoteID). The HashedNoteID cannot be used to "go back" to the NoteID because hashes are "one-way". So the only person who can actually decrypt (and thus see) the note is the one who has the original NoteID or, in other words, the one who has the link to the note.

For completeness, this is what happens when you view a note in Privnote:

  1. The server extracts the NoteID from the URL
  2. The server hashes the NoteID and gets the HashedNoteID. This is the same HashedNoteID used when generating the note, since the NoteID used to make the hash is the same in both cases
  3. The server retrieves the note from the database using HashedNoteID as the database primary key and decrypts its contents using NoteID as the encryption key
  4. The server shows the page with the decrypted note
  5. The server permanently deletes the note from the database, keeping only a record of the HashedNoteID, the time when it was read, and the IP address where it was read from, to show it when someone tries to see the note again

I apologize for not being clear in my original explanation, and hope to have explained myself better this time. Thanks to everyone who corrected me and provided a better explanation, both here and in other blogs.

Finally, I must say that we have received a lot of great feedback these days, and that motivates us to keep improving Privnote as well as making it available in more languages.

Upvote Upvoted 5
30 responses

Thanks for the much clearer explanation. This clears up my concerns about the encryption, but I still take issue with your statement on the older blog post that "with Privnote, [site administrators] cannot read your note either."


Even though someone in possession of the database couldn't reverse the encryption on the notes, a site administrator could still inject code to intercept notes before they're encrypted. Claiming that the administrators have no way to read notes is disingenuous, since they have full control over the site and its code.


The best you can claim is that your administrators and developers are trustworthy and will not read notes, but you can't truthfully claim that they cannot read notes.

Ryan Grove

Yes Ryan, one thing is the system that powers Privnote, and other thing is the trust the users put in ourselves. Those are two completely separate things.


Since we're a new startup (without any previous reputation) we could only aim to have a good system, and we've worked very hard for making it as secure and private as possible That's the reason for using SSL, encrypting the notes in the database, and preventing them from being read twice.


We built the system the best we could. Now, in terms of trust, we'll try to do our best too. For example, we plan to publish a Privacy Policy and a FAQ on the site as a starting point.


As happens with any web service (like Gmail or Hotmail, for example) you have to trust the provider, it's impossible to avoid that. And we know trust is a very hard thing to get. So, at this point, we believe we have a good system but we need to work hard on building trust around our site. Suggestions are welcome!

Pablo Hoffman

One could say that no matter what, any tool's security depends on how a user makes use of it.


Let me first start with how I use privnote?


Credit Card example: in the email I send my full name and the 3-digit credit card security number. In the privnote link the credit card number. This way I felt totally secure. Privnote complemented my normal email so I could communicate my sensitive information without having to make a phone call. BTW, are phone calls intrinsically secure?!


Root password? I could have done similarly; part of the pw in the email, part of it inside a privnote link in that same email. Privnote developers do not have access to my email!


From what I have read, it all seems that privnote developers are seroiusly trying their best to secure that no-one can access the note's content (even their internal developers). It is obvious that if they own the server they could do malicious acts if they act in bad faith.


Due to the nature of the privnote application (privnote does not require registration), they can never know who we actually are. So, want to send a root pw? What use will that content have for them? It's just a word, maybe a strange word, but it has no value if they do not have your personal information.


So tools are also as secure as how users use it. I believe there is no such thing as one way full proof security.


I'll keep using privnote as I have no concerns about security issues as it has been designed using it my way.


I like that privnote.com is part of this small bunch of web 2.0 services that tries to do only one thing right so as to excel at it.

idigo

Along the disingenuous line. Unread notes are only as private as the note ID. If you send your note ID in email, you might as well have just sent the note itself. Email traffic can be sniffed, the note ID attained, and the note read. Sure, you'll know someone read the note, but you're note was still read.


The only privacy gained by these notes is in their ephemeral quality. Email has a tendency to accumulate and remain, whereas this note will only be in effect one time, for a very short period of time. That is, if the notes are not copied, cached et el.


Thoughts?

Alex

One suggestion to remedy many of the fears that people experience using Privnote would be to do the hashing and encrypting on the client side. Sending only the HashedNoteID and EncryptedNote to the Privnote server.


Likewise the decryption of the note could be done on the client side as well, again with the server having no idea what it's sending or receiving. The address to retrieve the message could be either the NoteID or the HashedNoteID(Design choice). However if the client were to do the decrypting without leaking information to the server, a password system of some sort would have to be implemented so that the client could decrypt the encrypted message upon retrieval.


As it is currently, users would probably appreciate the messages being deleted instantly for private notes such as these.


That way, the Privnote adminstrators really would have no opportunities to intercept the communications thus giving the users more cause to trust them.


I won't pretend to know if any client side web technologies can be implemented in this way as I have not researched any of it. But if the Privnote developers can make their system work this way(or better!) I for one would recommend the service.

Culex

Indeed Culex!. We're evaluating the possibility of doing all the encryption in Javascript and (like you said) sending the HashedNoteID and EncryptedNote to server. That way you wouldn't have to trust us anymore, because you could just take a look at the Javascript code :).


The tricky case is viewing the notes. We can't put the NoteID in the note URL (or the server would get it and that would break the privacy). One solution to this is using URL fragments, since those are not sent by browsers, so that will prevent the server from receiving the NoteID.

Pablo Hoffman

Just wanted to advise you on something based on my knowledge from university, something related to information theory.


You are using 16 alphabetic characters (all lower case I believe) as your key, and using SHA1 as the hash. As much as you say SHA1 is not reversible, it could well become reversible in years to come as people begin to analyze the algorithm. MD5 is an example of this (rainbow-tables).


One way of making a hash complete irreversible is to make sure that the hash contains less "information" than the data you started with previously. If you "destroy" information, you can't get it back. Let me explain.


Currently, your key has 26^16 different possible values, that's: 43608742899428874059776


An SHA1 hash has 16^40 different possible values, that's: 1461501637330902918203684832716283019655932542976


That's about 33513959361347323078982019 times more possible values than they key you started with. What this means is that for each 16 character key, there is probably going to be a unique SHA1 hash for it. And you most certainly haven't destroyed any potential information.


In order to fix this, I suggest increasing the characters used in your keys to include digits with upper and lower case letters. Meaning, we have 26*2+10 = 62 different symbols. If you do the maths, to then exceed 16^40, you would need to use a key with a length of 27 characters rather than 16, since:


62^27 > 16^40


that is:


2480707824361381849652170924082266893544595652608 > 1461501637330902918203684832716283019655932542976


Doing this means you are guaranteed to have destroyed any "information" from going from a 62 symbol, 27 character key to a SHA1 hash, which is 16 symbols, 40 characters, and that it is definite that the key has been completely destroyed, thus ensuring that the key is not obtainable by any reverse hashing that may arise in the future.


You should maybe consider making this adjustment. :-)

Mark

Mark,
I don't think think they should change it.
Why make the IDs/URLs more complicated just to prevent something that can't even happen for a few years?


Cheers :D

Paul D. Spradling

Saludos desde Macacos :D


http://www.macacos.com.uy/foros/viewtopic.php?pid=101731

Paul D. Spradling

I've been using it with credit card information and worked perfect, even with people who don't like to click on "strange links" and those who don't know what is privnote.


In my case, when I e-mail the link I also ask the person for a confirmation so I can be sure that no one else read it.


Congrats Pablo! I've benn using it since its early days, even before it called Privnote :)

Coyote

I see many people concerned about the privacy of the notes, and seems they have doubts about what administrator's and developers can do. The truth is that, at the end of the day, you have to trust in your e-mail server and/or client, or in your web browser or even in your OS... when you register in an internet site, even comercial ones, in many cases you receive your password by email; when you buy something on the web, you send your credit card number to people which you must trust; when you have to send a really private message to someone, you can use some crypting, but you are trusting in your email client and in your crypting tool. When you are browsing the web, you are trusting your browser. I really do not believe all of those who are so concerned about their privacy start auditing the source code of their tools and building the binaries from that.. they just buy or download the product and happily "plug and play"... and you have to know that tools are built by people, exactly like those who work at Insophia developing Privnote...
If you want 100% confidentially, privacy and security, better you should meet other people in the middle of the Sahara... please make shure GoogleEarth is down when you do! ;-)

Paler

Maybe I lack imagination, but I don't really see any use for this.


As Alex points out, sending your CC number as a link doesn't buy you anything, anybody intercepting the email could read the privnote. And you would not know the note was read, since the attacker could read the note, post a new note with the same contents, and forward the email with the new link...


I am not aware of anything that indicates that Insophia has anything but honest and commendable motives, but from the technical perspective, the most obvious use case for this type of service would be forthe provider to harvest the messages as they are used by the gullible to transmit sensitive information (cf. abuses of TOR exit notes).

No
If I have more than 200 users, then how would be possible to make the privnote? there will take much to do one by one and might not be the chances of accuracy.
please help
Deepak
I use privnote fairly frequently and it is my understanding that the note can be copied by the recipient if they desire to do so. I am fully comfortable in using it and have no qualms with regards to continuing to do so.
blockhead
Agree with Alex & No. Privnote is snake-oil.

If you email the NoteID to your friend, an adversary could intercept it
and of course, read the message. You could defeat this by encrypting your message then send it through Privnote.

But, if you encrypt your message you don't need Privnote because, sending an encrypted message via Privnote adds nothing- it's just an extra hindrance for no gain.

Privnote gives the illusion of security to people who are too dim or too lazy to learn basic crypto.

dredd
Totally helpful tips are given by this site! I just suggest everyone to follow it. really i was looking forward to read about it. Thanks for this allocation. :lol:
Bob Molly
maybe you can help me out with this. I received a note through privnote.com and tried to access. However, I kept getting this error message :

The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, [no address given] and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.

hmmm...???????

confusedq
LOL, funniest thing i ever read about privnote, its not true AT ALL. Its not a safe mechanism unless the ecryption is better then Sha1. Dont get fooled by this guy, if the NSA has access to their Database they can crack all the messages because SHA1 is cracked by NSA.
Saol
Saol, just shut the fuck up and go to school before talking things that are way over your head. Sha1 is a hashing function, it is not encryption algorithm. So, before bitching, learn mothafucka! You have no fucking idea of what you are talking about.
ShutUpMeg
Saol, just shut the fuck up and go to school before talking things that are way over your head. Sha1 is a hashing function, it is not encryption algorithm. So, before bitching, learn mothafucka! You have no fucking idea of what you are talking about.
ShutUpMeg
This is so much bullshit...even tho, a lot of it is true, but you guys believe in fucking anything. Seriously.. It's just sad to see. Non educated people just reading thing this and goes like "Yes.. nod, nod". BUT NO. Don't just look at one source. And this in particular.. *sigh*
Adolf
If you are looking for an one-time notes software/web app, take a look the "One-Time Secret Notes". It is a free tool developed by "Intuitive Password" (an online password management company) that is used for sharing sensitive information securely and temporarily. All your sensitive information stored with One-Time Secret Notes persists for a single viewing, which means it can't be read by someone else later. One-Time Secret Notes will delete your message immediately after it has been read. To find this tool, just googling "Intuitive Password", then go to their home page and click on "Free Tools" on the top menu, then select "One-Time Secret Notes".
John
If you are looking for an one-time notes software/web app, take a look the "One-Time Secret Notes". It is a free tool developed by "Intuitive Password" (an online password management company) that is used for sharing sensitive information securely and temporarily. All your sensitive information stored with One-Time Secret Notes persists for a single viewing, which means it can't be read by someone else later. One-Time Secret Notes will delete your message immediately after it has been read. To find this tool, just googling "Intuitive Password", then go to their home page and click on "Free Tools" on the top menu, then select "One-Time Secret Notes".
John
sir hindi langeuage me samjhao
manjeet
I have a question to the admins. You said that the server keeps the "HashedNoteID". Does that mean that someone for example the police would be able to restore the note with that ID if they had the phone of the one who send or recieved it?
Acid
5 visitors upvoted this post.