UW project makes online personal data ‘vanish’

Technology.am (July 22, 2009) — Pressing the “delete” button doesn’t make data go away. Many Web services archive data indefinitely, well after you’ve pressed delete.

washington_logoThe University of Washington has developed a way to make electronic communications such as e-mail, Facebook posts and chat messages automatically expire after a set time period, and it would become irretrievable from all Web sites, inboxes, outboxes, backup sites and home computers. Not even the sender could retrieve them.

The team of UW computer scientists developed a prototype system called Vanish that can place a time limit on text uploaded to any Web service through a Web browser. After a set time text written using Vanish will, in essence, self-destruct.

The Vanish prototype washes away data using the natural turnover, called “churn,” on large file-sharing systems known as peer-to-peer networks. For each message that it sends, Vanish creates a secret key, which it never reveals to the user, and then encrypts the message with that key. It then divides the key into dozens of pieces and sprinkles those pieces on random computers that belong to worldwide file-sharing networks, the same ones often used to share music or movie files. The file-sharing system constantly changes as computers join or leave the network, meaning that over time parts of the key become permanently inaccessible. Once enough key parts are lost, the original message can no longer be deciphered.

In the current Vanish prototype, the network’s computers purge their memories every eight hours. Unlike existing commercial encryption services, a message sent using Vanish is kept private by an inherent property of the decentralized file-sharing networks it uses.

Vanish works with the Firefox browser. To work, both the sender and the recipient must have installed the tool. The sender then highlights any sensitive text entered into the browser and presses the “Vanish” button. The tool encrypts the information with a key unknown even to the sender.

That text can be read, for a limited time only, when the recipient highlights the text and presses the “Vanish” button to unscramble it. After eight hours the message will be impossible to unscramble and will remain gibberish forever.

The Vanish prototype now works only for text, but researchers said the same technique could work for any type of data, such as digital photos.

It is technically possible to save information sent with Vanish. A recipient could print e-mail and save it, or cut and paste unencrypted text into a word-processing document, or photograph an unscrambled message.

Leave a Reply

Your email address will not be published. Required fields are marked *