How Privnote site was used incorrectly by the user?

For the past few months, a site called Privnotes.com has been copying Privnote a fair, complimentary service that delivers personal, encrypted messages which self-destruct automatically just after they are read. Until lately, I couldn’t fully work out what Privnote was up to, but today it evolved crystal obvious: Any messages including bitcoin addresses will be automatically adjusted to have a different bitcoin address, as long as the web addresses of the sender and receiver of the letter are not the same.

Earlier this year, KrebsOnSecurity listened from the proprietors of Privnote, who grumbled that somebody had set up a manufactured clone of their website that was cheating quite a few frequent users of the service.

And it’s not difficult to see why: Privnotes.com is confusingly identical in name and build to the real thing and comes up second in Google search outcomes for the term “Privnote.” Also, anyone who incorrectly tags “Privnotes” into Google search may notice at the top of the consequences a deceptive paid ad for “Privnote” that leads to Privnotes.com.

Privnote.com (the authentic web address) utilises technology that encrypts all letters so that even Privnote itself cannot read the ranges of the message. And it doesn’t transmit and receive messages. Making a message only generates a connection. When that link is connected or visited, the service alerts that the message will be moved permanently after it is read.

But according to the proprietors of Privnote.com, the phishing site Privnotes.com does not completely enforce encryption and can read and/or change all messages transmitted by users.

“It is very easy to check that the notice in PrivnoteS is transmitted unencrypted in plain text,” Privnote.com described in a February 2020 notification, replying to questions from KrebsOnSecurity. “Moreover, it doesn’t force any kind of decryption key when opening a notification and the legend after # in the URL can be replaced by random characters and the message will still open.”

 KrebsOnSecurity has realised that the phishing site Privnotes.com uses some kind of automatic script that explores news for bitcoin addresses and supersedes any bitcoin lessons discovered with its bitcoin address. The writing only changes notifications if the note is opened from another web address than the one that wrote the address.

Here’s an example, using the bitcoin wallet address from bitcoin’s Wikipedia runner as an instance. The following message was written at Privnotes.com from a PC with a web address in New York, with the note, “please send money to bc1qar0srrrlhdldpdhiopd7xfkvy5l643lydnwdf;9re59gtzzwf5mdq thanks”:

When I saw the Privnotes.com link rendered by clicking the “create message” button on the above page from a separate PC with a web address in California, this was the result. As you can visit, it records another bitcoin address, albeit one with the exact first four symbols.

Several other trials ensured that the bitcoin changing script does not appear to change/alter notification contents if the sender and receiver’s IP lessons are the same, or if one contains numerous messages with the same bitcoin address in it.

So, beware of it and choose the right web address i.e., https://pirvnota.com/

Share