Storage Bits

Robin Harris

Self-destroying data for the web

By Robin Harris | July 8, 2010, 7:07am PDT

Summary

Given how hard it is to save data you want, losing data you don’t want - like drunken party pictures - should be easy. It isn’t, as the inventors of Vanish found. But there’s still hope.

Topics

Web, Vanish, Vanish Team, Harassment, E-mail, Channel Management, Human Resources, Gender And Diversity, Online Communications, Marketing, Robin Harris

Blogger Info

Vendor HotSpot

Here to help you with your Document Management Needs

Read the DocuMentor blog now

Learn More »

Given how hard it is to save data you want (see The Universe hates your data), losing data you don’t want - like drunken party pictures - should be easy. It isn’t, as the inventors of Vanish found. But there’s still hope.

Problem
Youth and foolishness go hand-in-hand. But the power of the web means that silliness can now be stored and found with the speed of a Google search. You don’t want sexy love notes - or pictures - to a former flame posted for all to see after infatuation sours.

Or maybe you want to discuss marital, health or work problems with a friend over email - and don’t want your musings to be later shared with others. Wouldn’t it be nice to know that such messages will become unreadable even if your “friend” is Linda Tripp?

Researchers built a prototype service - Vanish - that seeks to:

. . . ensure that all copies of certain data become unreadable after a user-specified time, without any specific action on the part of a user, without needing to trust any single third party to perform the deletion, and even if an attacker obtains both a cached copy of that data and the user’s cryptographic keys and passwords.

That’s a tall order. Their 1st proof-of-concept failed. But they are continuing the fight.

Vanish
In Vanish: Increasing Data Privacy with Self-Destructing Data Roxana Geambasu, Tadayoshi Kohno, Amit A. Levy and Henry M. Levy of the University of Washington computer science department present an architecture and a prototype to do just that.

Ironically, the project utilizes the same P2P infrastructures that preserves and distribute data: BitTorrent’s VUZE distributed hash table (DHT) client.

The basic idea is this: Vanish encrypts your data with a random key, destroys the key, and then sprinkles pieces of the key across random nodes of the DHT. You tell the system when to destroy the key and your data goes poof!

They built a Firefox plug-in for Gmail to create self-destructing emails and another - FireVanish - for making any text in a web input box self-destructing. They also built a file app, so you can make any file self-destructing. Handy for those Word backup files that you may not want to keep around.

Unfortunately the first prototype of Vanish turned out to be crackable, as a group of researchers at UT Austin, Princeton, and U of Michigan proved. They showed that an eavesdropper could collect the key shards from the DHT and reassemble the “vanished” content.

Oh, well, back to the drawing board. The Vanish team continues their work.

The Storage Bits take
The Internet is removing our privacy even faster than the Roberts court. While young people may think it no great loss, check back in 20 years and we’ll see what you think then.

In the 1930’s many believed that capitalism may have reached the end of its usefulness and that socialism or even communism might offer a better way. During WWII, America allied itself with communist Russia - which bore the brunt of the fighting - to defeat Hitler.

Yet a few years after WWII - in one of America’s periodic attacks of unreasoning fear and paranoia - suspected communist “sympathizers” were subjected to harassment, job loss and even blacklisting if they had been too supportive of our former ally. Robert Oppenheimer, who lead the Manhattan Project that developed the atomic bomb, was only one of the most prominent and loyal Americans to be persecuted.

You don’t have to be Tiger Woods to want to keep your private life private. I hope the Vanish team succeeds.

Comments welcome, of course.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

Robin Harris has been messing with computers for over 30 years and selling and marketing data storage for over 20 in companies large and small.

Full Bio
Disclosure
Contact

More from “Storage Bits”

Anti-Independence day

100 GB Blu-ray and other fantasies

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

How to block spotify through webfilter?

Ask a Question Start a Discussion

Talkback Most Recent of 21 Talkback(s)

Follow via:: RSS; Email Alert

print & scan

And how do they propose to destroy the simplest way of avoiding their destruction--print out the content while it is still viewable and then scan the printed content? It's a great way to edit "uneditable" PDF's etc.

(Not that I would know from experience ...)

And how about just the old trick of setting the system date on the computer to some time before the destruction date?
Rick_R

07/08/2010 08:32 AM
- Reply to
- Flag
ZDNet Blogger

RE: Self-destroying data for the web

@Rick_R The data is inside a Vanishing Data Object wrapper that goes to the DHT to decrypt and display the data. The DHT controls the availability of the data, not the time on the local computer.

Yes, I believe your recipient could defeat Vanish by copying and scanning, but that is a lot of work. Likewise, phone calls can be recorded, but they usually aren't.

Robin
R Harris

07/08/2010 12:03 PM
- Reply to
- Flag
RE: Self-destroying data for the web

How would Vanish relate to laws requiring data retention for however many years? Is this an attack on those?

Yes, the Russians did hard work in Europe but keep in mind that the US was essentially alone in the Pacific; they didn't bother with that until land-grab time. The sacrifices made by Britain were pretty important to the Russians--as well as American lend-lease.
Bill4

07/08/2010 08:43 AM
- Reply to
- Flag
ZDNet Blogger

RE: Self-destroying data for the web

@Bill4
Vanish could be set to maintain your records only as long as legally required. But the main purpose is to improve privacy.

All the WWII allies made critical contributions. Nonetheless, the USSR lost ?9-10 million in military deaths while the US & UK combined lost less than a million dead. Germany lost ?5.5 million.

Robin
R Harris

07/08/2010 12:15 PM
- Reply to
- Flag
Re: Russian losses in WW II

@R Harris: Had Stalin not purged the ranks of many of his high ranking officers before the German attack, the Russian losses might well have been less. He made other mistakes in handling the Russian military--a lack of preparedness being one--though none so foolish as Hitler. I don't want to take anything away from the courageous officers who stubbornly and sometimes brilliantly defended the USSR. Since we can't replay history, of course, we'll never know if those purged officers c/would have done better than those who did fight the battles.

Despite the remarkable multi-episode documentary "The World at War," too many Americans think that WE, with a little help from the Brits, won the war. So ignorant, so unfair, especially when one considers that citizens of the USSR had just lived through hell in the 30s and had to take up arms in 41.
brambeus

07/08/2010 12:50 PM
- Flag
Don't forget Chirchill's famous quote

@R Harris
When talking about why he would ally with Stalin when he had always been a staunch anti-communist:

"If Hitler invaded hell I would make at least a favorable reference to the devil in the House of Commons. "

Basically the enemy of my enemy is not necessarily my friend though a temporary alliance may be in my interest.
cornpie

07/09/2010 06:00 AM
- Flag
Look below for counterpoints

@brambeus and cornpie

As they wont "take" where they belong in this thread.
klumper

07/09/2010 06:00 PM
- Flag
Just store it all on an Apple

and it'll disappear in good time, as I hear their products aren't of any great quality anymore...
John Zern

07/08/2010 09:09 AM
- Reply to
- Flagged
RE: Self-destroying data for the web

Always possible to take a digital photograph of the data being displayed on a computer screen, or play a voice mail message into a tape recorder.

This problem is only solvable as a theoretical problem in academia under an artificial set of constraints, not as a real world problem. "Stuff" once released to the internet is forever.
stevec@...

07/08/2010 10:06 AM
- Reply to
- Flag
Sure, but it's a LOT of effort.

@stevec@...

Photographs, printing and rescanning (or just keeping a paper copy) could all defeat such a scheme. But it would be a whole lot of effort. It gets back to the old idea that if someone knowledgeable enough (a bad guy) is targeting you specifically you are in big trouble no matter what you do. But that doesn't mean that precautions are not worthwhile.

Also, for photography or print and scan to work, the other person had to think to do it at the time (i.e. before the data self destructed). If they didn't take these actions at the time, it would be too late to do so later.
cornpie

07/09/2010 06:04 AM
- Reply to
- Flag
Data

So you upload something and someone stores a copy on their puter. Vanish cannot remotely enter your computer and trigger a deletion and if there is a "virus" in the file that checks to see if it is ordered to delete most virus software should catch it. What if I save your goofy vid to my ext drive or CD then upload it years later?
MoeFugger

07/08/2010 10:25 AM
- Reply to
- Flag
Will barely work even in a cloud environment

In a pure cloud, where even desktops are hosted and a "PC" is really only a thinclient, this idea might barely work.

But even then, as an early poster pointed out, just grab your phone and take a digital photo of the monitor.

Aside from the digital photo issue, the only real way to make it work is some sort of DRM built into the NIC and NIC driver. If a special eyes-only communication comes in, a compliant driver exchanges a validation with the sender (to assure the sender the recipient is compliant). The data is then handled much like copyprotected HD video.
croberts

07/08/2010 12:10 PM
- Reply to
- Flag
Only works if the users involved agree on privacy

@croberts: And how long did it take before copyprotected HD video was cracked?

Attacks by a party that purposely subverts the self-destruction intent BEFORE the sell-by-date are outside of the scope of Vanish, and thus Vanish is not applicable to data like Facebook pages that is routinely scraped and archived in other systems.

The paper presents an example scenario involving confidential email between two parties who agree that the emails should not persist past their expiry date. In the discussion, it is suggested that if there is a chance that their email provider may be decapsulating the emails (i. e. storing a cached version without the time-bomb), they need to use regular encryption such as PGP in addition to Vanish.

So, all in all, a rather academic effort at this point. But still an important area of research.
ferebee

07/08/2010 03:20 PM
- Reply to
- Flag
RE: Self-destroying data for the web

How did y'all get from self-destroying party pictures to WWII?
Serton

07/08/2010 04:39 PM
- Reply to
- Flag
Maybe because...

WWII is infinitely more compelling and tangible, as opposed to self-destroying party pictures which are, well... basically the opposite.[?] Just a guess mind you.
klumper

07/09/2010 05:20 PM
- Reply to
- Flag