Whisperbot - No thanks, I'll use e-mail

Whisperbot is a new free service that claims it delivers confidential messages to your friends without e-mail.
According to their own site, they say: Stop using e-mail for your confidential messages!

While this is a nice slogan to have on a site, we say, stick to e-mail and add encryption.
Here is why Whisperbot should be avoided for any confidential messages:

  1. Message transport in cleartext - the submitter and the reader are accessing the 'confidential' messages via HTTP protocol by default - thus any typed and read content is open to sniffing and archiving via proxies
  2. Message is stored on Whisperbot servers with unspecified and not very reliable security measures - supposedly, Whisperbot stores the messages in encrypted format. This cannot be confirmed, but even if it can, since the message is presented to the recipient in the original form, the message is stored in reversible encryption. Thus, the security of the message is the same as a safe full of money with the key left in the lock.
  3. Security is based on obscurity - the main point of the security measures of Whisperbot is that the path to the message is unique and not known to anyone except the recipient. But the path to the message is sent to the recipient via cleartext e-mail, which can be captured and read at any number of places on the path of the e-mail message.
  4. Message retention cannot be controlled - the message is kept on the Whisperbot servers for an undisclosed amount of time, thus opening it up to the possibility of a later access by someone else.
With the above deficiencies in full swing, i would trust Whisperbot with confidential messages as much as i would a IRC chat room.

Instead, for confidential messages you should rely on e-mail, with the added security of GNU Privacy Guard (GPG)

Talkback and comments are most welcome

Related posts
3 Controls to Secure Corporate Off Computers
Example - SMTP message spoofing
No Privacy - Saw You Cheating on Image Search
Creating secure CD/DVD media for transport usingTruecrypt

11 comments:

Jan said...

That's true, your advice. I'd find it hateful having my confidential messages lying out there for anybody to sniff. Like you suggested, I'd prefer my old trusty email program to using this one.

newbiesblogger said...

huhu... maybe it's still new and need to improve to deliver excellence service. for me there is no top secret between my friends and I so, my answer is I will not use that service.. huhu..

whisperbot said...

Thanks for taking the time to share your thoughts. We created whisper bot as a simple way to send something secure to someone without the need for them to have any particular software or setup.

Just to reply to some of your comments....

1. Message transport in cleartext
Actually, there is an https secure version at https://www.whisperbot.com

2. Message is stored on Whisperbot servers with unspecified and not very reliable security measures
Yes, its in a database, of course. But, I rebut that its not secure - I'll happily share with you the database content and I'll let you see if you can decrypt it. Everything - from message to email address is encrypted - and we're not talking md5 here ;-)

3. Security is based on obscurity
There is an option to use a passphrase - so, even if someone else gets the link, they can't read the message without the passphrase.

4. Message retention cannot be controlled
Agreed with the need for a delete button of sorts - right now, we just trim the message after it's been read and stored for a period of time.


It's not for everyone, but it's there and free, if you would like to use it :-).

matt
www.whisperbot.com

trida said...

i agree with newbie, maybe its beta version and try to tested by user, i hope our tryout about this program give them continous improvement. just drop ec and smile today

hà trần said...
This comment has been removed by the author.
viendongshop said...

I am very happy to find this information your site, a very useful information, and I want to share my information, you can click on the link below, hope to have the latest news from you . Thank you very much.
trung tam bao hanh may giat toshiba,
trung tam bao hanh may giat electrolux,
trung tam bao hanh may giat hitachi,
trung tam bao hanh may giat candy,
trung tam bao hanh may giat ariston,
trung tam bao hanh may giat midea,
trung tam bao hanh may giat daewoo,
trung tam bao hanh may giat haier,
trung tam bao hanh may giat general electric,
trung tam bao hanh may giat whirlpool,
trung tam bao hanh may giat beko,
trung tam bao hanh may giat sharp,
trung tam bao hanh may giat sanyo

Vy Nguyễn said...

- máy hút bụi
- máy hút bụi gia đình
- máy hút bụi cầm tay
- máy hút bụi nhà xưởng
- máy hút bụi công suất lớn
- máy hút bụi chính hãng
- máy hút bụi không ồn
- máy hút bụi nhập khẩu
- sửa chữa máy hút bụi
bộ đàm cầm tay
- máy bộ đàm giá rẻ
- máy bộ đàm
- máy nén khí
- máy hút bụi giá rẻ
- máy bộ đàm giá rẻ
- máy nén khí giá rẻ
- địa chỉ bán máy hút bụi chính hãng tại hà nội
- địa chỉ bán máy hút bụi chất lượng
- máy hút bụi công suất lớn
- máy hút bụi hút nước
- bộ lưu điện ups
- sự ra đời của máy hút bụi
- bảo dưỡng máy nén khí
- địa chỉ bán máy bộ đàm uy tín nhất hải phòng
- tìm hiểu về các dòng máy hút bụi phổ biến hiện nay
- đại lý phân phối máy hút bụi uy tín
- diễn đàn seo
- diễn đàn chia sẻ đam mê

imran khan said...

Indian school girl sex video


Sunny Leone sex video



bộ đàm cầm tay said...

http://yenphat.vn/Bo-dam-cam-tay.html

vothithu thuy said...

bộ đàm cầm tay khuyến mãi trong tháng 8

Thúy Võ said...

máy đo huyết áp nhỏ gọn, tiện ích cho mọi nhà.

Designed by Posicionamiento Web