Pluto Mail – Unsend Emails
sendpluto.comThe linked article claims that an e-mail can be deleted from the recipient's email in-box, regardless of whether the recipient is running a Pluto client.
Earth to Pluto ... assuming the received e-mail is a classic plain-text e-mail, that's impossible. Either the recipient is running a Pluto-compliant client, in which case the claim is true, or the recipient is not running a Pluto-compliant client, in which case the claim is false.
The only way this could work is if the received e-mail has content linked to Pluto's site (example would be an HTML e-mail containing an iframe with hosted content), where the real e-mail is located. So ... they should be honest and say that.
I just tested this service with gmail and it did in fact work. Pluto sends an image that contains the body of the message. After about 30 seconds the image is replaced with another that says "this message has expired."
A very remarkable hack! Especially since Gmail caches images on their own proxy servers. I wonder how long until Google finds a way to prevent this?
Here's some background information about the founders. One is a CS grad from Stanford, and former Google employee-- http://www.thecrimson.com/article/2014/4/2/law-school-email-...
> A very remarkable hack! Especially since Gmail caches images on their own proxy servers. I wonder how long until Google finds a way to prevent this?
I don't think they cache. It's more an issue of privacy, HTTPS assets, malware checking, etc.
http://gmailblog.blogspot.com/2013/12/images-now-showing.htm...
An image. Excuse me, but that's not a remarkable hack, that's just B.S. hack, which can't be fairly called sending an "email".
I'm curious what approach they took, because iframes don't really work in email (the majority of the clients block them, including gmail which they use in their example). Another option would be an image rendering of the message, but that would be pretty annoying to the recipient for not being able to select, copy or re-flow text.
They do images, with a link "click here to view as text" that redirects to sendpluto's web viewer.
If that's true, then it's misleading to call it e-mail. All the recipient gets is a link to an offsite database.
Hi lutusp,
The content displays automatically in the email client. The link is only relevant if you want to copy/paste/make in-line comments. Thanks for your comment.
Lindsay Co-Founder @ Pluto Mail
Now that google fetches the images from its own servers once and then renders for all, would this even work?
Sure, if they used a unique filename for each email. Something like render.png?id=12345.
no, he means that because google caches the image upon reciept you can neither change the email nor delete it after it is sent.
Last I've checked google does proxy the images, but doesn't cache nor prefetch them. Has anything changed recently?
I guess that's why the email can only be unsent or modified until the recipient opens it.
We support unsend at anytime. We technically could also support edit at anytime, even after open, but we do not because we believe editing after open serves no legitimate purpose - just manipulation. It doesn’t even seem fun to us. Thanks for commenting.
Lindsay, Co-Founder @ Pluto Mail
Based on https://www.sendpluto.com/help, it looks like they could be creating images of the email text and sending the images in an email. That way, they're free to manipulate the image even after the email is sent.
This would only for images linked back to Pluto correct? If they simply sent an image surely they can't come into my inbox and modify files?
Correct. The scheme requires some way to link the received e-mail's content to Pluto's servers. This must be so because it's not possible to delete or modify an independent email (i.e. one without links) once it's been delivered.
doesn't gmail cache all images?
Worth bearing in mind that this is effectively DRM for email, with all the negative connotations that DRM brings.
It's already bad enough that people put dropbox links in their e-mails, negating the value of long-term e-mail archiving.
It's extremely useful to be able to go back in time and have full conversation history, including associated resources.
While I agree with this, I find it equally annoying when people send 3MB attachments as emails (and then keep resending them for every email in the conversation!).
It would be nice if a Dropbox link included a hash of the file, functioning more as a magnet link than a URL (emphasis on the "L - Locator" in "URL").
> While I agree with this, I find it equally annoying when people send 3MB attachments as emails (and then keep resending them for every email in the conversation!).
Why? I don't think I've deleted a non-spam e-mail since ~2001; e-mail-scale storage is cheap.
The only way all claimed features can work is if the email body remains on their servers at all times. I.e. they send some sort of wrapper that either iframes the content or talks to the Pluto backend in some other form or fashion. Needless to say - good luck with that!
No iframes in email. I bet it's rendered as an image.
Either way, you're trusting them with the contents of a message that, by definition, you kinda wanted to keep private.
I guess so, but that's the same situation as it is with any other email provider (yahoo, gmail, etc). The difference here is that you are only trusting Pluto. With other providers, you are trusting the provider and all recipients, whether they are an intended recipient or not.
In short, there is no free lunch, but this seems like a decent solution as you only have to trust one entity. Its up to us (potential users) to decide to trust them or not.
Indeed there is no free lunch and until email end-to-end encryption is widely supported, the unencrypted content is going to be stored somewhere. Pluto has an easily accessible eliminate option that deletes all copies of the email from our servers (and given the way Pluto works, also the recipient's access to the content). You can click “Eliminate all emails” on the top right signed-in home page to eliminate all emails or you can do it on a per-email basis by clicking “Eliminate Completely” in the top left of an email details page. We also support an auto-eliminate setting that eliminates an email from our servers upon unsend or auto-expire.
David Gobaud, Co-Founder @ Pluto Mail
Actually gmail proxies all image requests from emails so they would see it too. But yes, point taken.
Well, at least I'll know why I can't see certain people's emails. ;)
If people decide that this is a good idea, I will have to an add automatic reply with something like
" You use this crappy service either because:
- You didn't spend enough time thinking about that email because you either want to edit it later, or delete it from my mail box
- You expect me to answer by some specific date, which implies you want me to be on your schedule.
- You want to violate my privacy by tracking if and when I read your email.
You also require me to use a third-party service to read your email as a text. That's unacceptable.
Remember you're trying to contact me, no the other way around. Send it plain text or don't send it at all. "
There are a number of fundamental issues with this service.
1. As a recipient my privacy is violated: a signal is sent automatically to the sender without my consent to signal when I open the message. A co-founder argues "the feature exists with other systems already": the difference is, these other systems are opt-in: as a recipient, I agree explicitly to read acknowledgements when I choose to download the alternative messaging client. As an e-mail recipient, I do not agree to this "service" and it is unethical to force it upon me.
2. The "expire" feature breaks the workflow of most e-mail users I know, including myself. Most users will first open an e-mail, quickly scan it, then mark it for later in-depth processing. If the expire timer starts at the first open, chances are the e-mail will have disappeared by the time the recipient re-opens it later.
3. The service breaks search: with Pluto mail stored at Pluto's servers, it is not possible to search across both Pluto and non-Pluto e-mails in one query.
4. The strategy to "provide e-mail client plugins" is not scalable obviously, due to the wide diversity of clients actually used. (Did the founders make a market study of which clients are actually used? On mobile, my own analysis shows there are at least 6 different apps in wide use. On desktop, at least 4. The development overhead of providing plugins to all is huge.)
Thanks for your comments.
1. Most email open tracking services do not alert the recipient (or require opt-in). Tracking email opens is basically standard practice these days. We don’t have numbers but I bet the majority of marketing emails track opens. Also, many new services such as Streak, Yesware, and ToutApp track opens without opt-out ability or downloads. The only similar service that we know of that has a time-limited opt-out option is Boomerang.
2/3. Pluto’s goal is to change the way people think about email. If an email is going to expire in a few minutes/hours does search matter? Pluto may not make sense for your business emails and that is ok. We are providing an option for people to use for emails that they don’t want to follow them for the rest of their life.
4. It is a big task and we’re working on ways to make Pluto as accessible and easy to use as possible.
David Gobaud Co-Founder @ Pluto Mail
Thanks for the comments everyone. Given the low cost of storage, today the default assumption is that email and anything you post online is permanent. The grand vision of Pluto is to grant people more control over their online footprint, starting with email. We realize Pluto is not a complete solution to “email privacy.” However, Pluto is an improvement over how email works by default.
David and I hate the fact that, as soon as we hit send, we lose control of who can access the content and for how long the content can be accessed. We know that Pluto may not make sense for all emails but we believe there is a large set of emails for which it does. We also know there is a niche of users (like ourselves) who want most of our emails to expire.
If you all have any more questions, please email me @ lindsay@plutohq.com. Thanks :)
Lindsay, Co-Founder @ Pluto Mail
Interesting approach, but the image approach means if they go down, your email all disappears.
also, you can't search, copy&paste, reply inline. That's not email, it's like sending someone a fax.
Pluto allows you to select, copy, and paste from the text version accessible via the link, though it does have search limitations. For our active users, the inconvenience is an acceptable tradeoff for being able to limit their email footprint. Search is also much less important if the email will soon be expired.
However, we are working on email client plugins that will enable inline reply/copy/paste and search to improve the Pluto experience.
David Gobaud, Co-Founder @ Pluto Mail
Good effort. But the idea is kinda broken to me. Very much like snapchat is never going to actually work like it is advertised.
This is constructive criticism, but your landing page is like really wordy, to the point the average user would not take the time to read it all. I wonder if it could be improved by putting more pictures & less words?
Thanks for the feedback! I agree that it is a bit wordy -- we will look into redesigning the landing page.
Lindsay, Co-Founder @ Pluto Mail
This sounds great. Maybe 2014 will be the (attempted) return of privacy. Anonymous messaging, expiring emails, pseudonymous payments, etc.
Tunneling your email through yet another service which then converts it into an image hosted by that service and keeps track of when that image was requested over public internet is not my definition of ‘privacy’.
If you need expiring emails, you also need some way to expire people’s memories and I’d rather not communicate with you in that case.
Privacy? If you want to track when I read your email, your violating my privacy.
Thanks for voicing your concern. Several applications out there (e.g. Mailtracker, Streak, etc.) provide tracking capabilities that include details on the recipient’s location, device, and number of opens. We at Pluto decided to only track the time that the email was first opened because we calculate some expiration times based on when the message was opened (e.g. email expires 1 hour after open). If we did not display this information, the user could always calculate it anyway from the email’s time of expiration.
David and I are both concerned about privacy, however, so we may implement an option to obscure tracking details in the future.
Lindsay, Co-Founder @ Pluto Mail
This reminds me of priv.ly which allows you to always retain full control of your content