Basically I am looking for a messaging platform like signal or? but with anonymous signup, perfect forward secrecy, capable of video chat, sending photos the usual uses in today’s life. But with a panic button. So that any party member could use said button to wipe all other members devices of any data instantly inside the messaging app. So if one member gets compromised, or lost their device ect, any other member could wipe all chats, call log, and any other data instantly for everyone involved. Disolving the group like it never existed rendering the data unrecoverable. Does something like this exist? Sorry if I’m not explaining it well. I am not trying to delete the whole device. Just the data inside the messaging app. If that does not exist. What about a separate app that could delete the entire messaging platform from the device when triggered. Assume all necessary requirements are met.
You can never guarantee that other client’s data will be deleted. Assume that once your data gets sent, it can potentially be archived forever.
The greatest weakness in any Enterprise are the people, not the technology.
You just have to look at all of the people who recorded signal chats in both the ftx, and the Trump trials. As soon as people think they’re in danger, they’re going to look for anything they can use as leverage. They’ll use another phone to take a photo of their first phone.
Even if you communicate with people using ephemeral read once messages, that doesn’t stop them from recording it themselves. There’s no guarantee the data gets deleted on the other end, they could be using a modified client, the desktop app is a horrendous security nightmare, if they view that ephemeral message on the desktop app there’s no guarantee it’s actually deleted.
Depending on your threat model, you can incorporate technology with ephemeral messaging into your use case. But you have to be very clear, about what your threats are, and what your tolerances are.
There’s a reason certain highly sensitive organizations use skifs… Only organics are allowed to go in, and only organics are allowed to leave.
There’s a reason certain highly sensitive organizations use skifs… Only organics are allowed to go in, and only organics are allowed to leave.
…flat bottom open boats? Like, on a lake or something?
https://en.m.wikipedia.org/wiki/Sensitive_compartmented_information_facility
SCIF not skif, sorry, voice to text typo.
OH lmao.
I understand your point of view. I share that philosophy to some degree. However nothing is a guarantee. But a high degree of certainty is achievable. But that doesn’t answer my question. Is there a messaging platform with a panic button that deletes the chat log and call logs from all user involved which can be triggered from any member. Edit wording.
High degree of certainty
I wouldn’t agree with that. Whats stopping the other user screenshotting it? Taking a photo with another device? Or even simply disconnecting from the network so the device can’t even receive the “kill switch command”?
I’ve done this. Turn on airplane mode to read messages without read receipts.
I think the closest normal use case to your scenario is revocable sexting. Like a shared document folder in bitwarden or whatever that anybody could delete the keys for. So two romantic partners when they part could revoke access.
From a military perspective, your scenario really means you shouldn’t be storing that data at all. If it’s sensitive it shouldn’t be deployed in the field. If one element of an operation is compromised, they should not have any data to expose the rest of the operation. Compartmentalization.
I believe telegram secret chats will let members delete the chat for everyone. But that’s best effort and certainly not something you would want to put your life at stake over. It’s just data hygiene
Doesn’t signal do that? I thought they had a wipe as messages are sent like snapchat where if you leave and go back, they’re gone
They have ephemeral messaging where one can set a timer to delete a message when it is read or from the time it was sent. But that isn’t always so easy to gauge with life. Often times a chat log is needed when people don’t check it often or right away. So the group must set a long timer like 24h ect ect. It’s customizable. But if a group members device gets lost or stolen ect. It is of no use. Signal by default stores all call logs in the app. Even if the ephemeral timer is short. Call logs require manual deletion and the group is still formed showing who was in that group but the chat will be empty. Edit was wording.
Often times a chat log is needed when people don’t check it often or right away.
I think the timer on each device starts from when the person who has the devices sees the message.
So if you send the message and the timer is 5 minutes, the message on your account (on all of your devices) will be deleted in 5 minutes from now, while the recipient will first see the message (maybe in an hour) and then after 5 minutes it will be deleted from their devices too.
100% this. Ephemeral messaging is a data hygiene tool, it is not a secrecy tool
Note with Snapchat that, it just gets hidden
You can find comments from people where old messages and images start popping back up because of bugs in the app. Snapchat is near the bottom of the barrel when it comes to privacy and security, despite the premise
I think that’s per conversation so you have to remember to set it.
It is per conversation but ephemeral messaging is not the same as a panic button. It does not serve the same function or purpose. Which doesn’t answer my question.
Using Signal with disappearing messages set to a really short time is probably the closest thing you can get. You can use a VOIP number from Cloaked behind a VPN to sign up anonymously.
Briar has that.
Its my understanding through some quick reading briar doesn’t have a built in panic button. But briar can be configured inside ripple which is similar to what I am looking for. But ripple only triggered by the device user. I am looking for a panic button which can be triggered from outside the device. Brair is only for android as well. While I despise apple, everyone else is drinking the koolaid. When the owner doesn’t have their device, compromised, lost, stolen, ect the device user can’t possibly trigger ripple, its not designed that way. Ripple is very nice though. I’ve used it. But doesn’t fit for the use case I’m asking about.
You can use matrix/element and if someone loses her phone, you can remove her from the room. The room will disappear from the other phone if it’s connected to the internet
First things first, there is no app like you describe. You have to take my word for it. Let’s say a certain country’s law enforcement might be very interested in taking to me if it knew role in certain events.
I examined many messaging and chat platforms, and the closest to what you’re asking for are custom Telegram clients that go a longer way to ensure that TG’s local data gets deleted properly (by default it doesn’t, easy peasy to get data from the local DB, half cleansed chats from 6 months ago pop up in exports or even the UI, etc).”, has a built in double bottom for accounts, etc. An example of what I am talking about is here: https://github.com/wrwrabbit (check the repos yourself).
Secondly, you must understand that when the law enforcement seizes a phone, upon initial quick examination (sometimes using brutality to force you to unlock it), they will shut it down to ensure it is not connected to the Internet. And then criminalists will use a special black box device sold by an Israeli cybersec firm (its name always escapes me, but I think the product might be called Pegasus) to extract all data for offline analysis.
So thirdly, you must not rely on any app that conditionally removes data from a device. You must not entrust your well-being to it. Which leaves you basically the only choice: only ephemeral messaging capabilities which are available only when you are in the app, through the server over which you have full control.
Or your messaging sessions must take place only when you’re in a secure location. And even then you should have a “wipe all button” in case the police come after you unexpectedly.
Check out https://gitlab.com/Nulide/findmydevice But it will delete evrrything, I think.
This is actually a really nice project. I will follow this to see how it works. However, this doesn’t follow the original scenario. Close but its only capable of factory resetting the device. Which is nice and useful under some situations. But it does not follow the original scenario. The only next best alternative is something like remote desktop. But that is very overkill and quite finnicky. Doesn’t solve the problem.
