Featured Research

from universities, journals, and other organizations

This Article Will Self-destruct: Tool To Make Online Personal Data Vanish

Date:
July 22, 2009
Source:
University of Washington
Summary:
Private information scattered all over the Internet and impossible to control. A new system, called Vanish, puts an expiry date on electronic text. Electronic communication sent using Vanish -- such as e-mail, Facebook posts and chat messages -- would have a brief lifetime and then self-destruct.

Doctoral student Roxana Geambasu, who designed Vanish as part of her thesis, and undergraduate student Amit Levy, who helped create the Vanish prototype.
Credit: University of Washington

Computers have made it virtually impossible to leave the past behind. College Facebook posts or pictures can resurface during a job interview. A lost cell phone can expose personal photos or text messages. A legal investigation can subpoena the entire contents of a home or work computer, uncovering incriminating, inconvenient or just embarrassing details from the past.

The University of Washington has developed a way to make such information expire. After a set time period, electronic communications such as e-mail, Facebook posts and chat messages would automatically self-destruct, becoming irretrievable from all Web sites, inboxes, outboxes, backup sites and home computers. Not even the sender could retrieve them.

"If you care about privacy, the Internet today is a very scary place," said UW computer scientist Tadayoshi Kohno. "If people understood the implications of where and how their e-mail is stored, they might be more careful or not use it as often."

The team of UW computer scientists developed a prototype system called Vanish that can place a time limit on text uploaded to any Web service through a Web browser. After a set time text written using Vanish will, in essence, self-destruct. A paper about the project went public today and will be presented at the Usenix Security Symposium Aug. 10-14 in Montreal.

Co-authors on the paper are doctoral student Roxana Geambasu, assistant professor Tadayoshi Kohno, professor Hank Levy and undergraduate student AmitLevy, all with the UW's department of computer science and engineering. The research was funded by the National Science Foundation, the Alfred P. Sloan Foundation and Intel Corp.

"When you send out a sensitive e-mail to a few friends you have no idea where that e-mail is going to end up," Geambasu said. "For instance, your friend could lose her laptop or cell phone, her data could be exposed by malware or a hacker, or a subpoena could require your e-mail service to reveal your messages. If you want to ensure that your message never gets out, how do you do that?"

Many people believe that pressing the "delete" button will make their data go away.

"The reality is that many Web services archive data indefinitely, well after you've pressed delete," Geambasu said.

Simply encrypting the data can be risky in the long term, the researchers say. The data can be exposed years later, for example, by legal actions that force an individual or company to reveal the encryption key. Current trends in the computing and legal landscapes are making the problem more widespread.

"In today's world, private information is scattered all over the Internet, and we can't control the lifetime of that data," said Hank Levy. "And as we transition to a future based on cloud computing, where enormous, anonymous datacenters run the vast majority of our applications and store nearly all of our data, we will lose even more control."

The Vanish prototype washes away data using the natural turnover, called "churn," on large file-sharing systems known as peer-to-peer networks. For each message that it sends, Vanish creates a secret key, which it never reveals to the user, and then encrypts the message with that key. It then divides the key into dozens of pieces and sprinkles those pieces on random computers that belong to worldwide file-sharing networks, the same ones often used to share music or movie files. The file-sharing system constantly changes as computers join or leave the network, meaning that over time parts of the key become permanently inaccessible. Once enough key parts are lost, the original message can no longer be deciphered.

In the current Vanish prototype, the network's computers purge their memories every eight hours. (An option on Vanish lets users keep their data for any multiple of eight hours.)

Unlike existing commercial encryption services, a message sent using Vanish is kept private by an inherent property of the decentralized file-sharing networks it uses.

"A major advantage of Vanish is that users don't need to trust us, or any service that we provide, to protect or delete the data," Geambasu says.

Researchers liken using Vanish to writing a message in the sand at low tide, where it can be read for only a few hours before the tide comes in and permanently washes it away. Erasing the data doesn't require any special action by the sender, the recipient or any third party service.

"Our goal was really to come up with a system where, through a property of nature, the message, or the data, disappears," Levy says.

Vanish was released today as a free, open-source tool that works with the Firefox browser. To work, both the sender and the recipient must have installed the tool. The sender then highlights any sensitive text entered into the browser and presses the "Vanish" button. The tool encrypts the information with a key unknown even to the sender.

That text can be read, for a limited time only, when the recipient highlights the text and presses the "Vanish" button to unscramble it. After eight hours the message will be impossible to unscramble and will remain gibberish forever.

Vanish works with any text entered into a Web browser: Web-based e-mail such as Hotmail, Yahoo and Gmail, Web chat, or the social networking sites MySpace and Facebook. The Vanish prototype now works only for text, but researchers said the same technique could work for any type of data, such as digital photos.

It is technically possible to save information sent with Vanish. A recipient could print e-mail and save it, or cut and paste unencrypted text into a word-processing document, or photograph an unscrambled message. Vanish is meant to protect communication between two trusted parties, researchers say.

"Today many people pick up the phone when they want to talk with a lawyer or have a private conversation," Kohno said. "But more and more communication is happening online. Vanish is designed to give people the same privacy for e-mail and the Web that they expect for a phone conversation."

The paper and research prototype are at http://vanish.cs.washington.edu.


Story Source:

The above story is based on materials provided by University of Washington. Note: Materials may be edited for content and length.


Cite This Page:

University of Washington. "This Article Will Self-destruct: Tool To Make Online Personal Data Vanish." ScienceDaily. ScienceDaily, 22 July 2009. <www.sciencedaily.com/releases/2009/07/090721113309.htm>.
University of Washington. (2009, July 22). This Article Will Self-destruct: Tool To Make Online Personal Data Vanish. ScienceDaily. Retrieved July 29, 2014 from www.sciencedaily.com/releases/2009/07/090721113309.htm
University of Washington. "This Article Will Self-destruct: Tool To Make Online Personal Data Vanish." ScienceDaily. www.sciencedaily.com/releases/2009/07/090721113309.htm (accessed July 29, 2014).

Share This




More Computers & Math News

Tuesday, July 29, 2014

Featured Research

from universities, journals, and other organizations


Featured Videos

from AP, Reuters, AFP, and other news services

It's Not Just Facebook: OKCupid Experiments With Users Too

It's Not Just Facebook: OKCupid Experiments With Users Too

Newsy (July 29, 2014) If you've been looking for love online, there's a chance somebody has been looking at how you're looking. Video provided by Newsy
Powered by NewsLook.com
Why Facebook Wants You To Download Its Messenger App

Why Facebook Wants You To Download Its Messenger App

Newsy (July 29, 2014) Facebook will start requiring users to download a separate Messenger application if they wish to continue using Facebook for mobile messaging. Video provided by Newsy
Powered by NewsLook.com
Teen's Phone Ignites Under Her Pillow; How Real Is The Risk?

Teen's Phone Ignites Under Her Pillow; How Real Is The Risk?

Newsy (July 28, 2014) A Texas teen's Samsung phone apparently ignited while she slept, but what was the real problem here? Video provided by Newsy
Powered by NewsLook.com
Zillow Snaps Up Web Real Estate With Trulia Deal

Zillow Snaps Up Web Real Estate With Trulia Deal

Reuters - US Online Video (July 28, 2014) Zillow's decision to buy rival Trulia is just one step in a continuing string of acquisitions, and Zillow CEO Spencer Rascoff is already thinking about his next big deal. Bobbi Rebell reports. Video provided by Reuters
Powered by NewsLook.com

Search ScienceDaily

Number of stories in archives: 140,361

Find with keyword(s):
Enter a keyword or phrase to search ScienceDaily for related topics and research stories.

Save/Print:
Share:

Breaking News:
from the past week

In Other News

... from NewsDaily.com

Science News

Health News

Environment News

Technology News



Save/Print:
Share:

Free Subscriptions


Get the latest science news with ScienceDaily's free email newsletters, updated daily and weekly. Or view hourly updated newsfeeds in your RSS reader:

Get Social & Mobile


Keep up to date with the latest news from ScienceDaily via social networks and mobile apps:

Have Feedback?


Tell us what you think of ScienceDaily -- we welcome both positive and negative comments. Have any problems using the site? Questions?
Mobile: iPhone Android Web
Follow: Facebook Twitter Google+
Subscribe: RSS Feeds Email Newsletters
Latest Headlines Health & Medicine Mind & Brain Space & Time Matter & Energy Computers & Math Plants & Animals Earth & Climate Fossils & Ruins