Suramya's Blog : Welcome to my crazy life…

July 24, 2009

A tool to make online personal data vanish

Filed under: Interesting Sites,My Thoughts,Techie Stuff — Suramya @ 9:13 PM

As most of you know, once anything is posted on the web its literally impossible to get rid of. Lets say you post a picture on your blog, it will get archived by any number of sites like the Way Back machine, Google Cache etc etc or anyone can copy it to their system and repost it. So even if you remove it from the blog someone with time and patience can find it again.

To counteract this University of Washington has developed a system called Vanish, which will (according to them) will allow users to create a self-destruct system for information posted online. According to the site:

The Vanish prototype washes away data using the natural turnover, called “churn,” on large file-sharing systems known as peer-to-peer networks. For each message that it sends, Vanish creates a secret key, which it never reveals to the user, and then encrypts the message with that key. It then divides the key into dozens of pieces and sprinkles those pieces on random computers that belong to worldwide file-sharing networks, the same ones often used to share music or movie files. The file-sharing system constantly changes as computers join or leave the network, meaning that over time parts of the key become permanently inaccessible. Once enough key parts are lost, the original message can no longer be deciphered.

Ok, so according to them the data at the original source will get deleted. What I don’t get is how they are planning on getting rid of data copies that were made by caching services (Google etc) and archive sites (Wayback machine etc).

Lets say I have encrypted the data and a little later the archive spider runs and creates an image of the post. Now if I access the site image I will see the encrypted data which should expire correct? Nope. These spiders usually function like a normal webbrowser i.e. they will do a normal http call to get the information. So if the creator of the spider adds the code to decrypt the data using whatever logic Vanish uses (keep in mind that this info will be available so as to allow people to create plugin’s etc for regular browsers) they will have a snapshot of the clear text message/image/whatever as long as the spider runs before the message degrades to much.

In all its a pretty cool concept but I wouldn’t be using it for any really secure communications.

Source: A tool to make online personal data vanish
Vanish Details and Paper: http://vanish.cs.washington.edu

– Suramya

No Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URL

Leave a comment

Powered by WordPress