Sending a truly private message to someone online can be tricky. Email, instant messages, and even some encryption methods are difficult to truly secure. It would appear that sending or receiving truly private messages can only be done if both people involved are absolutely security conscious.
Enter Burn Note, a foolproof method of sending private self-destructing messages from one person to another. Messages sent using Burn Note can only be read once, and are deleted automatically minutes after being opened or 72 hours after being created if no one accesses the entry in that time.
How Secure is it?
Burn Note has a remarkable set of options to increase security including a spotlight mode that requires you to click your mouse and hold it to reveal words a little at a time. This makes copying and pasting the note’s contents extremely difficult. I even had trouble taking the screen capture you see in this article, which is either a testament to the feature or a telling sign of my capabilities. Either way, it’s fairly secure on the surface.
Under the hood, Burn Note is an SSL encrypted site that stores notes using a rijndael-256 module of the PHP mcrypt library. This encryption is applied to every note before it hits the database, and you can opt to add your own password to notes you send for a little extra security.
Once a note has been deleted, it is flushed from the database never to be seen again. The only thing Burn Note actually keeps is your login information, which itself is optional as you can still create one-shot notes without logging in at all.
If you attempt to connect to the site without allowing the SSL connection, you are redirected and forbidden from accessing your note. In a sense, Burn Note has made this level of security somewhat foolproof.
Worried about database logging? Burn Note uses a MyISAM storage engine to store note contents to avoid logging taking place. Logs of data transfer and access also aren’t kept the way they would be on typical messaging sites. It’s about as secure as any site could be.
How to Send a Note
Sending a note is pretty straightforward. If you decide to sign up for an account (free), you gain access to options such as note display methods, a self-destruct timer, and note passwords. This allows you to customize the experience the recipient receives to allow (or disallow) for things like copying and pasting or forgetting to close the window after the note has been read.
You can also send a note directly to someone’s email and receive replies from that person. In a sense, your Burn Note account becomes something of an extra layer of security for your email should you and your friend opt to send messages back and forth there.
If you opt not to log in or enter an email address for the recipient, you’re given a one-shot URL your friend can open the message through. This is a great way to send messages via IM, text, or other non-email communication avenue.
To be extra safe, you probably shouldn’t send the password to your friend through the same communication channel you sent the Burn Note link.
How to Receive a Note
In cases where a note has been emailed to you, just click the link provided in the email and follow the instructions. A password-protected message must be unlocked using a password, so your friend should provide that for you through some other form of communication.
If the sender opted to use short phrases or spyglass as their display preference, you’ll need to click and drag your mouse over the message area to receive the entire message. This prevents the user from copying and pasting the message, or nosy coworkers from reading over your shoulder.
Take care to read the message quickly, though. There is a countdown timer at the top of the page and the message is deleted permanently once that timer expires. There is no way to recover a message once this timer has passed, and the page can only be loaded once.
In cases where the message was sent via email by a registered user, you’ll have the ability to pen a reply in a grey box below the primary message.
This may not be the dead drops of the Cold War, but Burn Note does offer an incredibly interesting service for users interested in sending passwords or other private information in a way that a nosy system administrator can’t easily pry. Sure, anyone watching your screen at the time you write and/or receive the messages can still get a gander at the message itself, but this is a giant leap better than relying on email or unencrypted IM to get your point across.
Burn Note promises security on both sides of the transmission. It’s more foolproof than many other methods out there, and easy for novice users to pick up on. For me, it’s just another tool in the bookmarks bar that I intend to keep handy for password resets and other one-shot transmissions.