Self-destructing online messages could save your job, your relationship, your bacon
By Jeff Salton
July 23, 2009
If you’ve got nothing to hide there’s no need to read to any further. But if you’re worried about someone digging up something from your past – and we’re talking non-criminal here – which may influence or damage job prospects, relationships, your social or professional life, then good news is at hand. The University of Washington (UW) has developed Vanish – a prototype system that places a time limit on information uploaded to any web service through a web browser. Electronic communication sent using Vanish - such as e-mail, posts on social networking sites and chat messages - would have a brief lifetime and then self-destruct, becoming irretrievable from all websites, inboxes, outboxes, backup sites and home computers. The University says that not even the sender could retrieve them.
"If you care about privacy, the Internet today is a very scary place," said UW computer scientist Tadayoshi Kohno. "If people understood the implications of where and how their e-mail is stored, they might be more careful or not use it as often."
For instance, did you know a legal investigation could subpoena the entire contents of a home or work computer – who knows what incriminating, inconvenient or just embarrassing details it might uncover?
"When you send out a sensitive e-mail to a few friends you have no idea where that e-mail is going to end up," said UW’s doctoral student Roxana Geambasu. She, along with assistant professor Tadayoshi Kohno, professor Hank Levy and undergraduate student Amit Levy, all with the UW's department of computer science and engineering, have written a paper on the subject.
Geambasu continued: "For instance, your friend could lose her laptop or cell phone, her data could be exposed by malware or a hacker, or a subpoena could require your e-mail service to reveal your messages. If you want to ensure that your message never gets out, how do you do that?"
And don’t think pressing the ‘delete’ button will save you.
"The reality is that many web services archive data indefinitely, well after you've pressed delete," Geambasu said.
"In today's world, private information is scattered all over the Internet, and we can't control the lifetime of that data," said Hank Levy. "And as we transition to a future based on cloud computing, where enormous, anonymous data centers run the vast majority of our applications and store nearly all of our data, we will lose even more control."
How it works
Vanish has been described as similar to writing a message in the sand at low tide, where it can be read for only a few hours before the tide comes in and permanently washes it away.
The Vanish prototype disintegrates data using the natural turnover, called ‘churn’, on large peer-to-peer networks. Vanish creates a secret key (that not even the sender knows) for each message it sends. The file is then encrypted with that key. The key is divided into dozens of pieces and spread on random computers that belong to worldwide file-sharing networks. Over time (a short time) as computers leave or join the network, the parts of the key on those computers become permanently inaccessible and once enough parts to the key are lost, the original message can no longer be accessed. UW says its network's computers purge their memories every eight hours using the Vanish prototype system (an option on Vanish lets users keep their data for any multiple of eight hours).
Vanish has been released as a free, open-source tool that works with the Firefox browser. To work, both the sender and the recipient must have installed the tool. The sender then highlights any sensitive text entered into the browser and presses the ‘Vanish’ button. The tool encrypts the information with a key unknown even to the sender enabling the text to be read for a limited time only.
When the recipient highlights the text and presses the ‘Vanish’ button to unscramble it, the message is deciphered but after eight hours the message will be impossible to unscramble and will remain gibberish forever.
Vanish works with any text entered into a Web browser: Web-based email such as Hotmail, Yahoo and Gmail, Web chat, or the social networking sites MySpace and Facebook. The Vanish prototype now works only for text, but researchers said the same technique could be extended to any type of data, such as digital photos.
It is possible to save information sent with Vanish by either printing the email or cutting and pasting unencrypted text in a word processing document.
Via: University of Washington.