Slashdot Mirror

← Back to Stories (view on slashdot.org)

Facebook Images To Get Expiration Date

Posted by timothy on from the reducing-the-awkward-moments dept.

Pickens writes "BBC reports that researchers have created software that gives images an expiration date by tagging them with an encrypted key so that once this date has passed the key stops the images being viewed and copied. Professor Michael Backes, who led development of the X-Pire system, says development work began about 18 months ago as potentially risky patterns of activity on social networks, such as Facebook, showed a pressing need for such a system. 'More and more people are publishing private data to the internet and it's clear that some things can go wrong if it stays there too long,' says Backes. The X-Pire software creates encrypted copies of images and asks those uploading them to give each one an expiration date. Viewing these images requires the free X-Pire browser add-on. When the viewer encounters an encrypted image it sends off a request for a key to unlock it. This key will only be sent, and the image become viewable, if the expiration date has not been passed."

40 of 306 comments (clear)

  1. Debunked by thetagger · · Score: 5, Insightful

    Slashdot users debunk this scheme as stupid in 5... 4... 3...

    1. Re:Debunked by caffeinemessiah · · Score: 5, Insightful
      This can be debunked quite easily: once an image is decrypted, it is forever decrypted. Alternatively, all I have to do is comment on your post of the image with the key I just downloaded for it while it was still valid. Even more alternatively, I could set up a counter-service to this that stores retrieved keys permanently and hands them out publicly. Unless the service is refreshing the image data every single day with a new key, in which case: (a) they will run out of bandwidth and CPU in a week, (b) they will hit facebook's limits very very soon, and (c) I still have copies of yesterday's encrypted data and yesterday's key.

      Oh yes, and your friends will not be able to see your pictures unless they download a plugin ("huh...what's that??"), and possibly use a specific browser ("huh? why?").

      So yeah, pretty stupid overall. This is another sad attempt at a form of DRM.

      --
      An old-timer with old-timey ideas.
    2. Re:Debunked by caffeinemessiah · · Score: 5, Insightful

      I should also add: why not just have a service to delete the image automatically from facebook after N days? Encryption is absolutely not needed here and achieves nothing.

      --
      An old-timer with old-timey ideas.
    3. Re:Debunked by MoonBuggy · · Score: 2, Insightful

      That would make an awful lot more sense. I was about to reply to your initial post pointing out that while it may be a poor idea from a technical standpoint, the fact is that 90% of the images wouldn't be cracked and stored, and thus it would prevent them from resurfacing embarrassingly a decade later. If you're trusting the outside service with your pictures anyway, though, they may as well just have a deletion date instead.

      Of course, the truly sensible idea would be for users to be somewhat selective about what they upload, on the one hand, and for people in general to accept that we've all done stupid shit, someone will probably find out eventually, and everybody should just get over it, on the other.

    4. Re:Debunked by natehoy · · Score: 4, Insightful

      My thought exactly. They needed 18 months to develop this and didn't even come up with the fact that their solution is significantly inferior to the most obvious solution?

      So close... :)

      Deleting the image from Facebook is forever, if you trust Facebook. If you don't trust Facebook, then you might as well assume they are using a scripting tool to crank through the encrypted images as soon as they are posted and taking an unencrypted copy for themselves.

      This allows easy copying until the image is expired, and in a week there'll be a deXPire on every Linux repository that will ensure easy copying after the image is expired. Deleting the image makes it unavailable for everyone who hasn't already made a copy. "X-Piring" the image makes it and all other "expired" images available to anyone who wants to go to the trouble of "apt-get install deXPire-mozilla-plugin".

      --
      "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
    5. Re:Debunked by vlueboy · · Score: 4, Interesting

      We would need to wait till HTML5 is here; its built-in magic might suffice to implement a viewer. But then how do they inject that code into facebook so that nobody has to grab the viewer on their own?

      Their Auto-tagger scans faces and asks users for the names of every face it has already framed in your pictures, and FB also does resizing and thumbnailing that clearly know when picture data is *not* what they're parsing after the upload. Facebook also isn't going to let you upload something that's clearly a noisy and corrupted JPEG file.

      They already changed their uploader so it compresses your images before they go out, and all I need is a slashdotter with an FB account to confirm that they can't even start to upload a binary disguised as a JPEG.

    6. Re:Debunked by c · · Score: 2

      This all seems like a lot of work to protect people too stupid to not upload pictures to the Internet that they think might cause them problems later...

      --
      Log in or piss off.
    7. Re:Debunked by Dunbal · · Score: 2

      But - guess what else the browser plugin will be doing...

      --
      Seven puppies were harmed during the making of this post.
    8. Re:Debunked by SheeEttin · · Score: 2

      I just tried, and it worked. (Granted, it wasn't a very good test: I embedded your post, zipped, inside today's featured picture, with OutGuess, a JPEG steganography tool.)

      Unfortunately, due to that compression/resizing Facebook performs, the data did not survive (even with OutGuess' ECC option enabled and using Facebook's "download in high resolution" link).

    9. Re:Debunked by http · · Score: 4, Informative

      Even theoretical trust in Facebook is misplaced. Here's a piece of news that you may have forgotten in the multitude of fucked up things Facebook has done over the past few years:

      Deleted' images are never deleted.

      In my experience, they are de-linked, but remain at the exact same URL. Also, they remain there even though my account has been "closed" for almost two years. Personally tested with dozens of images.
      The fact is, "Deleting the image from Facebook is not done."

      --
      If opportunity came disguised as temptation, one knock would be enough.
      3^2 * 67^1 * 977^1
  2. Until... by MrOctogon · · Score: 5, Insightful

    Cue the plugin which takes a screen capture of the decrypted image and re posts it in its original form. If you can read it you can copy it forever.

    1. Re:Until... by Pinback · · Score: 2

      Time for an army of people with screwdrivers to rove the world and steal all the Prnt Scrn keys?

    2. Re:Until... by dgatwood · · Score: 4, Insightful

      More to the point, it can be solved just as easily if Facebook would:

      • Require users to accept or reject tagging explicitly before a photo tag becomes visible to anyone other than the tagger and the taggee.
      • Expire photos after a reasonable period of time unless the user explicitly confirms that it should remain posted (use notifications).
      • Expire tags in the same fashion.

      More importantly, it fails because:

      • The sorts of people who post pictures of their friends looking like assholes are unlikely to care enough to use a special service that provides expiration.
      • The sorts of people who post pictures of their friends looking like assholes are unlikely to set a short expiration date.
      • The person affected by the tagging is not the person deciding on its expiration.

      The decision about how long I should be tagged in a photo must be my decision, not the decision of the person who posts the photo. Any scheme that does not achieve this goal is completely missing the point.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    3. Re:Until... by MrOctogon · · Score: 2

      I think I remember a system that relied on distributed hash tables to accomplish pretty mush the same thing. That will at least remove the central trusted authority problem, but opens itself to a whole other class of attacks as well.

    4. Re:Until... by Dishevel · · Score: 2

      1. Those are not your friends.
      2. You make bad decisions. (This is based on your choice of "Friends" not the image itself.)

      --
      Why is it so hard to only have politicians for a few years, then have them go away?
    5. Re:Until... by betterunixthanunix · · Score: 5, Insightful

      Why would you claim someone is not the brightest of applicants, just because they partied when they were in college? That is exactly the sort of attitude that created this problem in the first place: employers who have this notion that anyone who doesn't conform to the ideal defined by US government propaganda is somehow less desirable. Why does it matter to you that an applicant to whatever sort of job you might employ them for smoked pot when they were in college? Why would you go digging through someone's Facebook profile to find evidence of what sort of partying they did in college?

      --
      Palm trees and 8
    6. Re:Until... by metrometro · · Score: 4, Insightful

      I think this misses the point somewhat. Don't we all hate DRM because those schemes are a real bitch for data portability and long term archives? Which is it, then?

      The reason you put a timed kill switch on an archive is not because people in the present will use it in ways you dislike -- if that were true, why create or share it at all? The point is rather to piss off and disrupt the people in the far future who are post-facto digging through archives on you. Internet research hinges on how easy it is to find things. This would probably make it harder to find things that have expired.

      Security exists in an ecosystem. Everything can be broken. But the only questions that matters is will it actually happen most of the time?

  3. Cracked! by clvrmonkey · · Score: 4, Insightful

    I can't quite figure out how they'll stop me from taking a screenshot of the encrypted image.

    --
    All God does is watch us and kill us when we get boring. We must never, ever be boring.
    1. Re:Cracked! by Tenek · · Score: 4, Insightful
      That's not the point. You were already allowed to see the image. What it tries to reduce is the ability of someone unrelated to find it n years later. You had to remember to save a copy at the time. Unfortunately, you're probably more likely to do so if it's an interesting picture.

      It's not useless, and it's not perfect. Not a terrible idea though.

    2. Re:Cracked! by Obfuscant · · Score: 2
      I can't quite figure out how they'll stop me from taking a screenshot of the encrypted image.

      One of the satellite photo systems prior to googleEarth wanted to keep their images controlled and did something similar to this. You had to have their plugin to see the images and you had to run javascript to load them, and the javascript did something to disable the print-screen button -- on windows -- and the "save image" option. As I recall, the plugin didn't work on unix/linux so they were protected there.

      Unless, of course, you were VNCing into a windows box from a Linux box, and then xwd was quite able to dump the window contents.

  4. alt-prtscn by Anonymous Coward · · Score: 3, Funny

    your feeble encryption is no match for my clipboard.

  5. no pictures for linux users... by dmbasso · · Score: 5, Insightful

    because you can't lock the print screen out, right?

    --
    `echo $[0x853204FA81]|tr 0-9 ionbsdeaml`@gmail.com
  6. I wish Facebook would expire by PatPending · · Score: 5, Insightful

    I wish Facebook would expire... the sooner, the better.

    --
    What one fool can do, another can. (Ancient Simian Proverb)
    1. Re:I wish Facebook would expire by Anonymous Coward · · Score: 5, Funny

      Anonymous Coward likes this

  7. More great science/tech reporting. . . by JSBiff · · Score: 2

    "tagging" something with an "encryption key" is something which doesn't make a lot of sense. I guess maybe someone would want to search for the file based on the key it was encrypted with? *grin*

    You know an article is quality when stupid crap like that shows up in the very first paragraph. Who do these big media outlets hire to do their sci/tech articles anyhow? Apparently people who haven't got the faintest clue how things work, or how to explain to others how they work. Somehow, they seem to consistently find the absolutely *least qualified* people to write such articles.

  8. X-Pire-copy-to-imgur browser add-on by seifried · · Score: 4, Insightful

    Which will result in something like the "X-Pire-copy-to-imgur browser add-on" which automatically decrypts the image and then posts a decrypted copy to imgur or whatever sharing site you want to use.

    Not to mention all the large companies trolling facebook for photos and storing them for later use to provide background check style services/etc.

    Once you post it, a copy has been made, once someone views it, a copy has been made. Those copies are outside your control. Even if you encrypt it, once someone views it, an unencrypted copy has been made, and it's once more out of your control.

  9. Re:You are being shortsighted by O'Nazareth · · Score: 2

    We will just get used to this. One day, we will have to accept that nobody is perfect anyway.

  10. *facepalm* by TheSpoom · · Score: 3, Insightful

    *facepalm*

    This whole concept should be on The Daily WTF.

    --
    It's better to vote for what you want and not get it than to vote for what you don't want and get it.
    - E. Debs
  11. Un-X-Pire by cforciea · · Score: 4, Insightful

    I'm ready to start a new service called Un-X-Pire. What you will do is run my browser add-on, which will find X-Pire tagged images, request the decryption key from the X-Pire service, and then cache it the first time it is requested for each image. After that, it will just serve out the decryption key over and over (or, if the decryption does something fancy like swap keys based on current time, it will go ahead and decrypt the image for you by spoofing the time the key was initially first cached as the current system time for the decryption process), and then everybody who uses my plug-in will be able to view the image for the rest of eternity so long as at least one person views it with my plugin before it expires.

    Also, I bet mine takes a lot less time to code than theirs.

  12. Well this is certainly going to be adopted... by goldcd · · Score: 2

    If Facebook actually wanted pictures to have a shelf-life, they could just allow you to add a default date+x when they would be pulled.
    Facebook haven't done this, so I'm guessing they're either a bit short of development cash - or don't want this.

    So, how might this work?
    Well I'm guessing that either it's:
    a brand new file format and the browser requests an external key when the photo display plugin kicks in - so so unlikely to take off, I'll just leave it there.
    OR
    it's encrypts the image and embeds in tags so the 'plugin' can detect it's a 'special image' and goes off to find a key to decrypt it.
    Assuming it's the second, it has my interest. Sounds a little bit interesting - but then I start thinking.
    If it's encrypted it's going to have 'look random' - so that's ballsed up the compression ratios of the jpg you uploaded.. and then well most sites tend to compress/thumbnail/crop or a combination of the above... well I don't quite see that working - no it couldn't
    I guess maybe we're onto option C, I've just thought of. You don't upload the image, you upload a QR style pointer to the image - and the browser just inserts that in-line?
    Well, maybe that would work.. but then these researchers just seem to have come up with a way of replacing an <img src= with a graphical pointer..
    Oh and as everybody else has undoubtedly posted whilst I typed this, printsrn.

    Maybe there's a market somewhere for pushing the whole public key encryption seamlessly into "stuff we upload" - to restrict or monitor view - but the problem that's never going to go away is that if one person can open it and wants to share it, then there's no security.

  13. 18 months, seriously? by dingen · · Score: 2

    development work began about 18 months ago

    18 months to build this seems an awful lot, doesn't it? Ubuntu has released 3 versions in such a period!

    --
    Pretty good is actually pretty bad.
  14. Re:Hmm... by hitmark · · Score: 2

    If the employer is that anal about off hours activities, it may well be better to not work there in the first place.

    --
    comment first, facts later. http://chem.tufts.edu/AnswersInScience/RelativityofWrong.htm
  15. I have a better idea by kheldan · · Score: 2

    Here's a better idea that won't require any additional plugins or new technology to be created: Don't upload pics to Facebook or any other so-called "social networking" site that you don't want available to the public forever. We'll call this idea "common sense".

    --
    Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
  16. Re:Hmm... by betterunixthanunix · · Score: 3, Interesting

    Of course, we have plenty of anti-drug propaganda to keep us far from the ideal. A picture of someone taking a bong hit at a party could be reason to be rejected from a job -- there are still places that perform pre-employment drug screenings, last I checked, and photographic evidence of illegal drug use may not go over so well. When we keep telling people that anyone who uses illegal drugs is an unreliable drug abuser who couldn't possibly hold a job, and when we require people to maintain a "drug free workplace" or forfeit government contracts, the idea that employers will forgive some college partying seems a bit far fetched.

    --
    Palm trees and 8
  17. NEWS! Slashdot Title Wrong by KnownIssues · · Score: 5, Insightful

    I am kind of used to Slashdot headlines that exaggerate the original article, but how do you go from a company has made some software that might be useful to social networks *like* Facebook to Facebook is going to get images with expiration dates?

  18. Two real solutions ... by perpenso · · Score: 2

    (1) Have facebook support user defined expiration dates.
    (2) Have facebook allow a user to subcategorize friends, subcategories would just be a configuration item not a publicly displayed state. Perhaps family, friends and coworkers. You can then tag photos to be only shown to particular subcategories.

  19. identity of viewer by climate_control · · Score: 2

    So X-pire's servers can track who has viewed which images when? That info could come in handy. Might even have a market value. Perhaps I should set up my own such system.

  20. I am unimpressed... by fuzzyfuzzyfungus · · Score: 5, Interesting

    This particular "solution" sounds like the result of somebody thinking in a human-shaped problem space, which is psychologically understandable enough; but is a bias you have to get over if you want to get anywhere in tackling internet problems. And that is my best attempt at a charitable interpretation. Worst case, somebody is a dumbass.

    For the sake of charity, we will ignore obvious fuckuperry like "the project runs out of money in three months, and the keyservers go dark, millions of people's pictures(which, being users, they won't have backups of...) get hosed 15 months early" or "the keyserver gets rooted, a relatively small file called 'facebook_camwhores_dont_want_u_to_have_this.zip' appears on every torrent tracker on the wrong side of the tracks and the whole scheme collapses"...

    First, the same psychological biases(excessive time discounting, poor inhibition triggering models, bad stability assumptions) and social processes(booze, peer pressure, etc.) that cause people to post pictures and stuff that they will later come to regret will, almost certainly, cause them to assign incorrect 'blackout dates' to the material they do post. 18 months is like, what, 3 failed attempts at "serious" relationships, a number of booze fueled rebounds, and an ill-advised make-up or two? It is also plenty of time for what you did last summer to appear before school officials, what you did a few semesters back to make the HR snoop's radar, etc. Even in a world of purely human, purely manual, threats, this scheme is going to be minimally effective in protecting the people who need it most(while, at the same time, managing to scotch a bunch of happily-married-high-school-sweethearts who have lousy backup practices).

    Now, where this scheme really falls flat: This is the internet. It is more full of bots and spiders than is sci-fi written for the arachnid audience. Whatever tag or code is used to clue the plug-in in to the need for a decryption key is going to become a de-facto signal for "High probability of being juicy and/or embarassing". Now the bottom-feeding amateur porn sites won't even need humans or machine vision to find cheap filler content... Hell, facebook, and virtually all even slightly shady crawlers will likely fully support this scheme long before Apple approves iPhone support for it(Hey guys, now you can post your pictures to Facebook in a format your friends can't even see! Hooray!)...

    That's the basic problem, right there. If the internet's long memory were confined to some specific location, the simple solution would just be to lean on them legally to provide twilighting tools. Trouble is, the internet's memory is long. And it is distributed across countless entities and jurisdictions. And much of the copying between memory stores is automatic. And records may not exist of a copy operation having occurred. And, with cheaper HDDs, even individual users on cheap laptops are now a formidable chunk of storage. If this scheme ever takes off(doubtful), how long do you think it will be before there exists the following: An OSX application called "iCrawl" that has an excellent UI, costs $20, and crawls and archives the facebook profiles of friends, friends of friends, out up to N levels, 3 competing win32 applications(one trialware, $19.99, with a totally custom widget set, one free, that crashes all the damn time and doesn't work, and one free and more or less functional; but installs a trojan), and a set of python wrappers for unixlike operating systems that make crawling your friends and fetching decryption keys as easy as writing a few scripts?

    Barring the full-blown emergence of the dystopian trusted-computing future, with end-to-end DRM and hunter-seeker drones with worldwide lethal force authorization doing 24/7 traitor tracing, you don't get to time-limit stuff you put in widely accessible places on the internet. Sorry about that.

  21. Useless unless... by jeffrey.endres · · Score: 2

    The only value I can see in this would be if the resulting decrypted picture contains an individual tag for whoever decrypted it. Then when they save it via the gaping analogue hole or a simple print-screen, then the original poster has a chance to find out who released the copy and can suit them.

  22. There may conceivably be an easier way by Keeper+Of+Keys · · Score: 2

    If this could ever actually work - which it can't - I wouldn't want my digital photos to expire anyway. BUT if anybody actually does want this, why doesn't facebook just delete them after the expiry date?