mwfarb
commented
8 years ago We've received requests for this kind of feature before similar to features in Wickr and Snapchat. The arguments for/against such a feature in a secure messaging app can go around and around, but it often comes down to wether or not I trust any given contact to be responsible with my texts once received and do as I ask.
In the past 24 hrs, 48 messages have gone up on the Signal/TextSecure messages list thread at whispersystems@lists.riseup.net as “[whispersystems] default message expiry (was Self destruct messages)” centered around this very debate. Subscription is free at https://lists.riseup.net/www/info/whispersystems if you want to read up on it.
The thread starts with the following precept from OWS which follows our philosophy as well: http://support.whispersystems.org/hc/en-us/articles/213134237-Why-doesn-t-Signal-have-self-destructing-messages-or-remote-deletion-functionality-
SafeSlinger Messenger has always been a system hardened against network-level and host-level malcontents. We feel that if your contacts can’t be trusted to treat information passed in a high-security system like this responsibly, we’d rather you chose to delete the contact than the message.
It’s true that such a feature would provide a user with a peace-of-mind that a message should be deleted and not be seen by others, as long as your friend did not take a screen cap, your friend did not recompile with auto-destruct removed, and others. But the bottom line is we can’t control a recipients actions once the message is received.
That being said, I like the thought you've put into the feature. You clearly have an eye for good UI, and I appreciate the time you’ve put into the usability of such a feature.
mailinglists35
I find it useful to add option to automatically destroy a received message and add ability to sender to enable an "autodestroy" flag to a message along with the customizable timeout period.
I imagine the flow like this:
by default, message autodestroy disabled
when I type to someone, put a button in the left edge of the input field (on the right is the send button)
when the button is pressed, all future messages are marked as selfdistruct and the button changes look to indicate selfdistruct is enabled. when the button is toggled again, it changes back to regular shape/color to indicate selfdistruct is disabled.
a setting in the app will allow changing a default of 24 hours to any combination of seconds/minutes/hours/days/weeks/months/years
when the app receives a messages flagged as selfdistruct, it is visually changed (for example it changes the message background color; or text goes italic; or is prefixed with a suicide symbol :) etc) to indicate that the message is a selfdistruct type.
show the autodestruct time along with message received time in the same line of text that displays the received time