Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Vanish' Makes Sensitive Data Self-Destruct

Posted by Soulskill on from the also-doesn't-appear-to-be-a-fire-hazard dept.

Hugh Pickens writes "The NY Times reports on new software called 'Vanish,' developed by computer scientists at the University of Washington, which makes sensitive electronic messages 'self destruct' after a certain period of time. The researchers say they have struck upon a unique approach that relies on 'shattering' an encryption key that is held by neither party in an e-mail exchange, but is widely scattered across a peer-to-peer file sharing system. 'Our goal was really to come up with a system where, through a property of nature, the message, or the data, disappears,' says Amit Levy, who helped create Vanish. It has been released as a free, open-source tool that works with Firefox. To use Vanish, both the sender and the recipient must have installed the tool. The sender then highlights any sensitive text entered into the browser and presses the 'Vanish' button. The tool encrypts the information with a key unknown even to the sender. That text can be read, for a limited time only, when the recipient highlights the text and presses the 'Vanish' button to unscramble it. After eight hours, the message will be impossible to unscramble and will remain gibberish forever. Tadayoshi Kohno says Vanish makes it possible to control the 'lifetime' of any type of data stored in the cloud, including information on Facebook, Google documents or blogs."

8 of 171 comments (clear)

  1. Copypaste by sopssa · · Score: 5, Insightful

    'Our goal was really to come up with a system where, through a property of nature, the message, or the data, disappears,'

    And yet after a copypaste or screenshot it wont disappear anywhere.

    1. Re:Copypaste by NotQuiteReal · · Score: 3, Insightful

      heh - the Print Screen button is a terrorist tool!

      --
      This issue is a bit more complicated than you think.
  2. Let's not kid ourselves by Bruce+Perens · · Score: 5, Insightful

    If the decryption key is ever available to the browser, a modified version of the tool could store it and decode the document forever.

    --
    Bruce Perens.
    1. Re:Let's not kid ourselves by Eevee · · Score: 5, Insightful
      No disrespect, but read the article. It explicitly states that this is not designed to keep the parties from saving the information.

      It is technically possible to save information sent with Vanish. A recipient could print e-mail and save it, or cut and paste unencrypted text into a word-processing document, or photograph an unscrambled message. Vanish is meant to protect communication between two trusted parties, researchers say.

  3. Re:We already have better tools for that by Eskarel · · Score: 3, Insightful

    True, however, in the many years between the invention of Public Key Crypto and today, no one has come close to being able to come up with a way to easily and automatically distribute the keys that doesn't rely on some third party having all of them on file.

    There's a reason that encrypted e-mail is pretty non-existent and it's because key management remains unsolved. Manually passing your self generated keys back and forth is all well and good, but it's not all that scalable, and most folks don't know how to do it. I don't know if this works any better mind you, it's probably really more of a nifty trick/experiment, but pretending that Public Key Encryption has solved the secure communication problem is at best naive.

  4. Corporate crimes by wjousts · · Score: 5, Insightful

    I can see this being useful for corporations that want e-mails to be destroyed before they can be used against them in court. Sure you could take a screen shot or copy/paste the text before the e-mail is permanently destroyed, but can you prove that your copy wasn't tampered with? Can you prove that was what the e-mail originally said? Plausible deniability!

    1. Re:Corporate crimes by westlake · · Score: 3, Insightful

      Plausible deniability!

      The judge and jury get to decide what is plausible.

      It won't look good if the erasure violates standard practice or professional guidelines, legal obligations or existing corporate policy.

      In criminal law, a guilty verdict demands proof beyond a reasonable doubt.

      That does not mean that every piece of evidence has to carry the same weight - only that the evidence when viewed as a whole is damning.

      If the state's witness performs credibly on the stand, that will carry over to whatever documents he is asked to describe and identify.

      "Plausible denial" is a world of hurt.

  5. Re:Not useful for DRM by Bruce+Perens · · Score: 3, Insightful

    It's because the tool itself would need to be DRM-locked if you wanted to enforce the time expiration on the intended recipient.

    --
    Bruce Perens.