view counter

This product description will self-destruct

delete,” Geambasu said.

Simply encrypting the data can be risky in the long term, the researchers say. The data can be exposed years later, for example, by legal actions that force an individual or company to reveal the encryption key. Current trends in the computing and legal landscapes are making the problem more widespread.

In today’s world, private information is scattered all over the Internet, and we can’t control the lifetime of that data,” said Hank Levy. “And as we transition to a future based on cloud computing, where enormous, anonymous datacenters run the vast majority of our applications and store nearly all of our data, we will lose even more control.”

The Vanish prototype washes away data using the natural turnover, called “churn,” on large file-sharing systems known as peer-to-peer networks. For each message that it sends, Vanish creates a secret key, which it never reveals to the user, and then encrypts the message with that key. It then divides the key into dozens of pieces and sprinkles those pieces on random computers that belong to worldwide file-sharing networks, the same ones often used to share music or movie files. The file-sharing system constantly changes as computers join or leave the network, meaning that over time parts of the key become permanently inaccessible. Once enough key parts are lost, the original message can no longer be deciphered.

In the current Vanish prototype, the network’s computers purge their memories every eight hours. (An option on Vanish lets users keep their data for any multiple of eight hours.)

Unlike existing commercial encryption services, a message sent using Vanish is kept private by an inherent property of the decentralized file-sharing networks it uses. “A major advantage of Vanish is that users don’t need to trust us, or any service that we provide, to protect or delete the data,” Geambasu says.

Researchers liken using Vanish to writing a message in the sand at low tide, where it can be read for only a few hours before the tide comes in and permanently washes it away. Erasing the data doesn’t require any special action by the sender, the recipient or any third party service.

Our goal was really to come up with a system where, through a property of nature, the message, or the data, disappears,” Levy says.

Vanish was released today as a free, open-source tool that works with the Firefox browser. To work, both the sender and the recipient must have installed the tool. The sender then highlights any sensitive text entered into the browser and presses the “Vanish” button. The tool encrypts the information with a key unknown even to the sender.

That text can be read, for a limited time only, when the recipient highlights the text and presses the “Vanish” button to unscramble it. After eight hours the message will be impossible to unscramble and will remain gibberish forever.

Vanish works with any text entered into a Web browser: Web-based e-mail such as Hotmail, Yahoo, and Gmail, Web chat, or the social networking sites MySpace and Facebook. The Vanish prototype now works only for text, but researchers said the same technique could work for any type of data, such as digital photos.

It is technically possible to save information sent with Vanish. A recipient could print e-mail and save it, or cut and paste unencrypted text into a word-processing document, or photograph an unscrambled message. Vanish is meant to protect communication between two trusted parties, researchers say.

Today many people pick up the phone when they want to talk with a lawyer or have a private conversation,” Kohno said. “But more and more communication is happening online. Vanish is designed to give people the same privacy for e-mail and the Web that they expect for a phone conversation.”

The paper and research prototype are available online at UW Web site.

view counter
view counter