Obviously, a recipient could make a copy of the note upon receipt, so sending notes that self-destruct requires that the sender trusts the receiver. Let us assume, then, that the sender does trust the receiver. To securely send a self-destructing message, the following must be true:

1. The sender must be able to create a message, encrypt it, send it, and destroy all remnants of the unencrypted message on their end.
2. The message must be encrypted in such a way that it cannot be intercepted and a copy made of it while in transit.
3. The recipient must be able to decrypt the message, read it, and be able to destroy all remnants of the decrypted message on their end.

privnote fails #2. It also appears to fail #3 because I don't see it offering an adequate solution to the problem of browser caching and disk overwriting on the recipient's side.

Meeting all 3 criteria isn't easy, and while I applaud the folks at privnote for trying, this kind of problem cannot be adequately solved with any cloud-based approaches. The sender and the receiver must be the sole owners of the private key or keys being used to perform the exchange.

A method that meets all 3 criteria is to have sender and recipient agree, face to face, on a strong password that becomes a shared symmetric key used to encrypt and decrypt their communications. The sender types their message into a text file and encrypts it using something like PGP, and emails the encrypted file (or leaves it in some drop location - or uses privnote to transfer a base-64 encoded version of the encrypted message) to the recipient. Then the sender scrubs their drive using the unused-space scrubber of their choice. The recipient receives the message, decrypts it using the agreed-upon symmetric key, and performs a similar scrubbing. No intermediary ever sees an unencrypted version of the message.