Dmail Makes Gmail Vanish

You can make Gmail messages self-destruct with a Chrome browser extension.

Thomas Claburn, Editor at Large, Enterprise Mobility

July 25, 2015

3 Min Read
<p style="text-align:left">(Image: Delicious Science)</p>

Microsoft Office On iOS: Startup Guide

Microsoft Office On iOS: Startup Guide


Microsoft Office On iOS: Startup Guide (Click image for larger view and slideshow.)

Delicious Science, which last year acquired social bookmarking service Delicio.us, has released a Chrome extension that provides Gmail messages with the ability to self-destruct.

After installing the extension, Gmail users can send a message to anyone, whether or not that person uses the Dmail extension, and configure the message to deny access after a period of an hour, a day, a week, or never. In addition, a "Revoke Access" button provides a way to immediately disable access to a protected message.

If the recipient has the Dmail extension, he or she can read the message in Gmail until it expires or is revoked.

If the recipient does not use Dmail, he or she receives a message that says, "This secure message was sent using Dmail. To view this message, simply click the button below."

Clicking on the View Message link calls out to a server operated by Delicious (mail.delicious.com) to retrieve the encrypted message and decrypt it using a key generated locally on the sender's device and passed through Gmail. As product lead Eric Kuhn explained to TechCrunch, "Neither Gmail nor Dmail servers ever receive both the decryption key and encrypted message. Only the recipient and sender can read the email legibly."

After the message expires or is revoked, the text becomes, "This message has been destroyed and is no longer available."

[ Can I get a do-over? Read Gmail Undo Send Plus 3 More Improvements We Need. ]

It's not immediately clear how easy it would be for law enforcement to obtain the encrypted message from Delicious Science and the key from the sender, the recipient, or Google.

The accessibility of Dmail's source code -- Chrome extensions are just collections of JavaScript, HTML, and image files -- may help security skeptics decide whether or not to trust Dmail. The software relies on Gibberish-AES, a JavaScript library for OpenSSL-compatible AES CBC encryption.

However, the presence of JavaScript modules for tracking and analytics suggests this software isn't intended for people who want serious security; rather, it appears to be aimed at people who would like to feel they have more control over their data than regular email affords.

dmail2.png

But feeling that something is secure isn't a guarantee that it is. Anyone who understands what Dmail does, and who doesn't want the message to vanish, can simply take a screenshot of the message when it's readable, or a photograph of the screen. (It's not as if cameras are scarce these days.) Also, the text in a decrypted Dmail message can be copied and pasted, unlike, say, a protected PDF.

Dmail isn't the first email software that promises control of information. Confidential CC, Pluto Mail, and GhostMail entered the market recently, all offering to make email messages go away. Snapchat popularized the idea for instant messages. Services such as Microsoft Exchange also offer a way to recall messages sent in error within a corporate domain.

Despite its lack of novelty, Dmail is user-friendly enough that it may find a place among individuals and organizations who want more say in the accessibility of things they've said. The fact that it works with Google's rather popular Gmail can't hurt.

Dmail is presently free and listed as beta software. Placeholders on the Dmail website suggest additional capabilities will be offered to individuals and businesses.

About the Author

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights