Personal online data to have expiry date
A tool will enable electronic communications like e-mail, Facebook posts and chat messages to automatically self-destruct after a set time period. Even the sender will not be able to retrieve the data, once it gets vanished.tech reviews Updated: Jul 22, 2009 21:02 IST
University of Washington researchers have created of a tool that can enable electronic communications like e-mail, Facebook posts and chat messages to automatically self-destruct after a set time period.
The researchers say that the prototype system called Vanish can make online personal data irretrievable from all websites, inboxes, outboxes, backup sites, and home computers.
They say that even the sender will not be able to retrieve the data, once it gets vanished.
"If you care about privacy, the Internet today is a very scary place. If people understood the implications of where and how their e-mail is stored, they might be more careful or not use it as often," said UW computer scientist Tadayoshi Kohno.
The research team say that Vanish can place a time limit on text uploaded to any Web service through a Web browser, after which any document will self-destruct.
"When you send out a sensitive e-mail to a few friends you have no idea where that e-mail is going to end up. For instance, your friend could lose her laptop or cell phone, her data could be exposed by malware or a hacker, or a subpoena could require your e-mail service to reveal your messages. If you want to ensure that your message never gets out, how do you do that?" said doctoral student Roxana Geambasu, a co-author on the study paper, to be presented at the Usenix Security Symposium, which runs in Montreal from August 10 to 14.
While many people believe that pressing the "delete" button will make their data go away, Geambasu said: "The reality is that many Web services archive data indefinitely, well after you''ve pressed delete."
The Vanish prototype washes away data using the natural turnover, called "churn," on large file-sharing systems known as peer-to-peer networks.
Whenever a message is sent, Vanish creates a secret key that it never reveals to the user, and then encrypts the message with that key.
The system then divides the key into dozens of pieces, and sprinkles those pieces on random computers that belong to worldwide file-sharing networks, the same ones often used to share music or movie files.
The file-sharing system constantly changes as computers join or leave the network, meaning that over time parts of the key become permanently inaccessible. Once enough key parts are lost, the original message can no longer be deciphered.
The current Vanish prototype makes the network''s computers purge their memories every eight hours.
"A major advantage of Vanish is that users don''t need to trust us, or any service that we provide, to protect or delete the data," Geambasu says.
Likening using Vanish to writing a message in the sand at low tide, the researchers have released it as a free, open-source tool that works with the Firefox browser.
The Vanish prototype presently works only for text, but the researchers say the same technique can work for any type of data, such as digital photos.
The researchers say that their purpose behind developing Vanish was to protect communication between two trusted parties.
"Today many people pick up the phone when they want to talk with a lawyer or have a private conversation. But more and more communication is happening online. Vanish is designed to give people the same privacy for e-mail and the Web that they expect for a phone conversation," Kohno said.