Open smokris opened 8 months ago
ethrgeist
commented
3 months ago I second this, GET should not be destructive, so there should be a kind of confirmation to prevent issues with preview fetchers, link checkers in mails and such.
Snappass does it similar: https://github.com/pinterest/snappass
I like the file upload and seperated decryption key features, but i'll stick with snappass for now, because i can see issues for users that have their shared content randomly deleted.
vbakke
commented
1 week ago Yes, This is important. A lot of email antivirus will visit links in emails, and destroy the one-time secret.
I think all other similar services does this, privnote, snappass, cryptogen, etc, etc.
I recommend increasing the priority on this.
There is onw workaround, in the meantime. It is not send the short link, with the decryption key on the next line in the email. Not ideal, but antivirus might not yet be clever enough to past in the key.
When we enable "One-time download" and send a Yopass "One-click link" by email, sometimes the recipient sees "Secret does not exist" instead of the actual secret message.
I believe this is because the recipient is using an email service that automatically visits all links in the email to scan them for malware — when the email service automatically visits the Yopass one-click link, it causes the secret to self-destruct before the recipient can actually see it.
To work around this, when viewing a one-click link, Yopass could show an in-page confirmation dialog before revealing (and self-destructing) the secret message:
Details
> **Show the secret message now?** > > The secret message will be automatically deleted after you view it, so make sure you're ready to use its content. > > **[Show the message]** [Not yet]