The linked article claims that an e-mail can be deleted from the recipient's email in-box, regardless of whether the recipient is running a Pluto client.
Earth to Pluto ... assuming the received e-mail is a classic plain-text e-mail, that's impossible. Either the recipient is running a Pluto-compliant client, in which case the claim is true, or the recipient is not running a Pluto-compliant client, in which case the claim is false.
The only way this could work is if the received e-mail has content linked to Pluto's site (example would be an HTML e-mail containing an iframe with hosted content), where the real e-mail is located. So ... they should be honest and say that.
I just tested this service with gmail and it did in fact work. Pluto sends an image that contains the body of the message. After about 30 seconds the image is replaced with another that says "this message has expired."
A very remarkable hack! Especially since Gmail caches images on their own proxy servers. I wonder how long until Google finds a way to prevent this?
I'm curious what approach they took, because iframes don't really work in email (the majority of the clients block them, including gmail which they use in their example). Another option would be an image rendering of the message, but that would be pretty annoying to the recipient for not being able to select, copy or re-flow text.
The content displays automatically in the email client. The link is only relevant if you want to copy/paste/make in-line comments. Thanks for your comment.
We support unsend at anytime. We technically could also support edit at anytime, even after open, but we do not because we believe editing after open serves no legitimate purpose - just manipulation. It doesn’t even seem fun to us. Thanks for commenting.
Based on https://www.sendpluto.com/help, it looks like they could be creating images of the email text and sending the images in an email. That way, they're free to manipulate the image even after the email is sent.
Correct. The scheme requires some way to link the received e-mail's content to Pluto's servers. This must be so because it's not possible to delete or modify an independent email (i.e. one without links) once it's been delivered.
While I agree with this, I find it equally annoying when people send 3MB attachments as emails (and then keep resending them for every email in the conversation!).
It would be nice if a Dropbox link included a hash of the file, functioning more as a magnet link than a URL (emphasis on the "L - Locator" in "URL").
> While I agree with this, I find it equally annoying when people send 3MB attachments as emails (and then keep resending them for every email in the conversation!).
Why? I don't think I've deleted a non-spam e-mail since ~2001; e-mail-scale storage is cheap.
The only way all claimed features can work is if the email body remains on their servers at all times. I.e. they send some sort of wrapper that either iframes the content or talks to the Pluto backend in some other form or fashion. Needless to say - good luck with that!
I guess so, but that's the same situation as it is with any other email provider (yahoo, gmail, etc). The difference here is that you are only trusting Pluto. With other providers, you are trusting the provider and all recipients, whether they are an intended recipient or not.
In short, there is no free lunch, but this seems like a decent solution as you only have to trust one entity. Its up to us (potential users) to decide to trust them or not.
Indeed there is no free lunch and until email end-to-end encryption is widely supported, the unencrypted content is going to be stored somewhere. Pluto has an easily accessible eliminate option that deletes all copies of the email from our servers (and given the way Pluto works, also the recipient's access to the content). You can click “Eliminate all emails” on the top right signed-in home page to eliminate all emails or you can do it on a per-email basis by clicking “Eliminate Completely” in the top left of an email details page. We also support an auto-eliminate setting that eliminates an email from our servers upon unsend or auto-expire.
There are a number of fundamental issues with this service.
1. As a recipient my privacy is violated: a signal is sent automatically to the sender without my consent to signal when I open the message. A co-founder argues "the feature exists with other systems already": the difference is, these other systems are opt-in: as a recipient, I agree explicitly to read acknowledgements when I choose to download the alternative messaging client. As an e-mail recipient, I do not agree to this "service" and it is unethical to force it upon me.
2. The "expire" feature breaks the workflow of most e-mail users I know, including myself. Most users will first open an e-mail, quickly scan it, then mark it for later in-depth processing. If the expire timer starts at the first open, chances are the e-mail will have disappeared by the time the recipient re-opens it later.
3. The service breaks search: with Pluto mail stored at Pluto's servers, it is not possible to search across both Pluto and non-Pluto e-mails in one query.
4. The strategy to "provide e-mail client plugins" is not scalable obviously, due to the wide diversity of clients actually used. (Did the founders make a market study of which clients are actually used? On mobile, my own analysis shows there are at least 6 different apps in wide use. On desktop, at least 4. The development overhead of providing plugins to all is huge.)
1. Most email open tracking services do not alert the recipient (or require opt-in). Tracking email opens is basically standard practice these days. We don’t have numbers but I bet the majority of marketing emails track opens. Also, many new services such as Streak, Yesware, and ToutApp track opens without opt-out ability or downloads. The only similar service that we know of that has a time-limited opt-out option is Boomerang.
2/3. Pluto’s goal is to change the way people think about email. If an email is going to expire in a few minutes/hours does search matter? Pluto may not make sense for your business emails and that is ok. We are providing an option for people to use for emails that they don’t want to follow them for the rest of their life.
4. It is a big task and we’re working on ways to make Pluto as accessible and easy to use as possible.
Thanks for the comments everyone. Given the low cost of storage, today the default assumption is that email and anything you post online is permanent. The grand vision of Pluto is to grant people more control over their online footprint, starting with email. We realize Pluto is not a complete solution to “email privacy.” However, Pluto is an improvement over how email works by default.
David and I hate the fact that, as soon as we hit send, we lose control of who can access the content and for how long the content can be accessed. We know that Pluto may not make sense for all emails but we believe there is a large set of emails for which it does. We also know there is a niche of users (like ourselves) who want most of our emails to expire.
If you all have any more questions, please email me @ [email protected]. Thanks :)
Pluto allows you to select, copy, and paste from the text version accessible via the link, though it does have search limitations. For our active users, the inconvenience is an acceptable tradeoff for being able to limit their email footprint. Search is also much less important if the email will soon be expired.
However, we are working on email client plugins that will enable inline reply/copy/paste and search to improve the Pluto experience.
This is constructive criticism, but your landing page is like really wordy, to the point the average user would not take the time to read it all. I wonder if it could be improved by putting more pictures & less words?
Tunneling your email through yet another service which then converts it into an image hosted by that service and keeps track of when that image was requested over public internet is not my definition of ‘privacy’.
If you need expiring emails, you also need some way to expire people’s memories and I’d rather not communicate with you in that case.
Thanks for voicing your concern. Several applications out there (e.g. Mailtracker, Streak, etc.) provide tracking capabilities that include details on the recipient’s location, device, and number of opens. We at Pluto decided to only track the time that the email was first opened because we calculate some expiration times based on when the message was opened (e.g. email expires 1 hour after open). If we did not display this information, the user could always calculate it anyway from the email’s time of expiration.
David and I are both concerned about privacy, however, so we may implement an option to obscure tracking details in the future.
Earth to Pluto ... assuming the received e-mail is a classic plain-text e-mail, that's impossible. Either the recipient is running a Pluto-compliant client, in which case the claim is true, or the recipient is not running a Pluto-compliant client, in which case the claim is false.
The only way this could work is if the received e-mail has content linked to Pluto's site (example would be an HTML e-mail containing an iframe with hosted content), where the real e-mail is located. So ... they should be honest and say that.