 |
|
This article will self-destruct: A tool to make online personal data vanish
July 22, 2009Computers have made it virtually impossible to leave the past behind. College Facebook posts or pictures can resurface during a job interview. A lost cell phone can expose personal photos or text messages. A legal investigation can subpoena the entire contents of a home or work computer, uncovering incriminating, inconvenient or just embarrassing details from the past.
The University of Washington has developed a way to make such information expire. After a set time period, electronic communications such as e-mail, Facebook posts and chat messages would automatically self-destruct, becoming irretrievable from all Web sites, inboxes, outboxes, backup sites and home computers. Not even the sender could retrieve them.
"If you care about privacy, the Internet today is a very scary place," said UW computer scientist Tadayoshi Kohno. "If people understood the implications of where and how their e-mail is stored, they might be more careful or not use it as often."
The team of UW computer scientists developed a prototype system called Vanish that can place a time limit on text uploaded to any Web service through a Web browser. After a set time text written using Vanish will, in essence, self-destruct. A paper about the project went public today and will be presented at the Usenix Security Symposium Aug. 10-14 in Montreal.
The paper and research prototype are at http://vanish.cs.washington.edu
Co-authors on the paper are doctoral student Roxana Geambasu, assistant professor Tadayoshi Kohno, professor Hank Levy and undergraduate student Amit Levy, all with the UW's department of computer science and engineering. The research was funded by the National Science Foundation, the Alfred P. Sloan Foundation and Intel Corp.
"When you send out a sensitive e-mail to a few friends you have no idea where that e-mail is going to end up," Geambasu said. "For instance, your friend could lose her laptop or cell phone, her data could be exposed by malware or a hacker, or a subpoena could require your e-mail service to reveal your messages. If you want to ensure that your message never gets out, how do you do that?"
Many people believe that pressing the "delete" button will make their data go away.
"The reality is that many Web services archive data indefinitely, well after you've pressed delete," Geambasu said.
Simply encrypting the data can be risky in the long term, the researchers say. The data can be exposed years later, for example, by legal actions that force an individual or company to reveal the encryption key. Current trends in the computing and legal landscapes are making the problem more widespread.
"In today's world, private information is scattered all over the Internet, and we can't control the lifetime of that data," said Hank Levy. "And as we transition to a future based on cloud computing, where enormous, anonymous datacenters run the vast majority of our applications and store nearly all of our data, we will lose even more control."
The Vanish prototype washes away data using the natural turnover, called "churn," on large file-sharing systems known as peer-to-peer networks. For each message that it sends, Vanish creates a secret key, which it never reveals to the user, and then encrypts the message with that key. It then divides the key into dozens of pieces and sprinkles those pieces on random computers that belong to worldwide file-sharing networks, the same ones often used to share music or movie files. The file-sharing system constantly changes as computers join or leave the network, meaning that over time parts of the key become permanently inaccessible. Once enough key parts are lost, the original message can no longer be deciphered.
In the current Vanish prototype, the network's computers purge their memories every eight hours. (An option on Vanish lets users keep their data for any multiple of eight hours.)
Unlike existing commercial encryption services, a message sent using Vanish is kept private by an inherent property of the decentralized file-sharing networks it uses.
"A major advantage of Vanish is that users don't need to trust us, or any service that we provide, to protect or delete the data," Geambasu says.
Researchers liken using Vanish to writing a message in the sand at low tide, where it can be read for only a few hours before the tide comes in and permanently washes it away. Erasing the data doesn't require any special action by the sender, the recipient or any third party service.
"Our goal was really to come up with a system where, through a property of nature, the message, or the data, disappears," Hank Levy says.
Vanish was released today as a free, open-source tool that works with the Firefox browser. To work, both the sender and the recipient must have installed the tool. The sender then highlights any sensitive text entered into the browser and presses the "Vanish" button. The tool encrypts the information with a key unknown even to the sender.
That text can be read, for a limited time only, when the recipient highlights the text and presses the "Vanish" button to unscramble it. After eight hours the message will be impossible to unscramble and will remain gibberish forever.
Vanish works with any text entered into a Web browser: Web-based e-mail such as Hotmail, Yahoo and Gmail, Web chat, or the social networking sites MySpace and Facebook. The Vanish prototype now works only for text, but researchers said the same technique could work for any type of data, such as digital photos.
It is technically possible to save information sent with Vanish. A recipient could print e-mail and save it, or cut and paste unencrypted text into a word-processing document, or photograph an unscrambled message. Vanish is meant to protect communication between two trusted parties, researchers say.
"Today many people pick up the phone when they want to talk with a lawyer or have a private conversation," Kohno said. "But more and more communication is happening online. Vanish is designed to give people the same privacy for e-mail and the Web that they expect for a phone conversation."
University of Washington
The team of UW computer scientists developed a prototype system called Vanish that can place a time limit on text uploaded to any Web service through a Web browser. After a set time text written using Vanish will, in essence, self-destruct. A paper about the project went public today and will be presented at the Usenix Security Symposium Aug. 10-14 in Montreal.
The paper and research prototype are at http://vanish.cs.washington.edu
Co-authors on the paper are doctoral student Roxana Geambasu, assistant professor Tadayoshi Kohno, professor Hank Levy and undergraduate student Amit Levy, all with the UW's department of computer science and engineering. The research was funded by the National Science Foundation, the Alfred P. Sloan Foundation and Intel Corp.
"When you send out a sensitive e-mail to a few friends you have no idea where that e-mail is going to end up," Geambasu said. "For instance, your friend could lose her laptop or cell phone, her data could be exposed by malware or a hacker, or a subpoena could require your e-mail service to reveal your messages. If you want to ensure that your message never gets out, how do you do that?"
Many people believe that pressing the "delete" button will make their data go away.
"The reality is that many Web services archive data indefinitely, well after you've pressed delete," Geambasu said.
Simply encrypting the data can be risky in the long term, the researchers say. The data can be exposed years later, for example, by legal actions that force an individual or company to reveal the encryption key. Current trends in the computing and legal landscapes are making the problem more widespread.
"In today's world, private information is scattered all over the Internet, and we can't control the lifetime of that data," said Hank Levy. "And as we transition to a future based on cloud computing, where enormous, anonymous datacenters run the vast majority of our applications and store nearly all of our data, we will lose even more control."
The Vanish prototype washes away data using the natural turnover, called "churn," on large file-sharing systems known as peer-to-peer networks. For each message that it sends, Vanish creates a secret key, which it never reveals to the user, and then encrypts the message with that key. It then divides the key into dozens of pieces and sprinkles those pieces on random computers that belong to worldwide file-sharing networks, the same ones often used to share music or movie files. The file-sharing system constantly changes as computers join or leave the network, meaning that over time parts of the key become permanently inaccessible. Once enough key parts are lost, the original message can no longer be deciphered.
In the current Vanish prototype, the network's computers purge their memories every eight hours. (An option on Vanish lets users keep their data for any multiple of eight hours.)
Unlike existing commercial encryption services, a message sent using Vanish is kept private by an inherent property of the decentralized file-sharing networks it uses.
"A major advantage of Vanish is that users don't need to trust us, or any service that we provide, to protect or delete the data," Geambasu says.
Researchers liken using Vanish to writing a message in the sand at low tide, where it can be read for only a few hours before the tide comes in and permanently washes it away. Erasing the data doesn't require any special action by the sender, the recipient or any third party service.
"Our goal was really to come up with a system where, through a property of nature, the message, or the data, disappears," Hank Levy says.
Vanish was released today as a free, open-source tool that works with the Firefox browser. To work, both the sender and the recipient must have installed the tool. The sender then highlights any sensitive text entered into the browser and presses the "Vanish" button. The tool encrypts the information with a key unknown even to the sender.
That text can be read, for a limited time only, when the recipient highlights the text and presses the "Vanish" button to unscramble it. After eight hours the message will be impossible to unscramble and will remain gibberish forever.
Vanish works with any text entered into a Web browser: Web-based e-mail such as Hotmail, Yahoo and Gmail, Web chat, or the social networking sites MySpace and Facebook. The Vanish prototype now works only for text, but researchers said the same technique could work for any type of data, such as digital photos.
It is technically possible to save information sent with Vanish. A recipient could print e-mail and save it, or cut and paste unencrypted text into a word-processing document, or photograph an unscrambled message. Vanish is meant to protect communication between two trusted parties, researchers say.
"Today many people pick up the phone when they want to talk with a lawyer or have a private conversation," Kohno said. "But more and more communication is happening online. Vanish is designed to give people the same privacy for e-mail and the Web that they expect for a phone conversation."
University of Washington
Data Current Events and Data News RSSClimate change could boost incidence of civil war in Africa
Climate change could increase the likelihood of civil war in sub-Saharan Africa by over 50 percent within the next two decades.
Vioxx trial data shows early cardiovascular risk
Evidence of cardiovascular risks associated with taking Vioxx, the popular, nonsteroidal anti-inflammatory drug (rofecoxib), could have been identified nearly four years before its manufacturer, Merck & Co. Inc., voluntarily pulled the drug from the market.
Menopause-cardiology consensus statement on cardiovascular disease and on HRT
A menopause-cardiology consensus statement has called for direct action to prevent cardiovascular disease (CVD) in menopausal women. The statement also concludes that there is little evidence of increased CVD risk in taking HRT.
Visual assistance for cosmic blind spots
A bit of imagination on the part of a measuring instrument wouldn't be a bad thing. It could help to add data from areas where the instrument is unable to measure.
Amid the flu epidemic, don't forget RSV in young children
Influenza, particularly H1N1, has understandably captured the attention of public health officials, the media and the public.
Insect Resistance to Bt Crops can be Predicted, Monitored, and Managed
Since 1996, crop plants genetically modified to produce bacterial proteins that are toxic to certain insects, yet safe for people, have been planted on more than 200 million hectares worldwide.
Other Illnesses, Body Weight Do Not Explain Racial Disparities in Colon Cancer Survival, UAB Researchers Say
A new study by University of Alabama at Birmingham (UAB) researchers shows that body-mass index (BMI) and co-existing medical conditions (co-morbidity) do not explain the decreased survival observed among African-Americans compared to Caucasians who also have colon cancer.
Switchgrass Produces Biomass Efficiently
A USDOE and USDA study concluded that 50 million U.S. acres of cropland, idle cropland, and cropland pasture could be converted from current uses to the production of perennial grasses, such as switchgrass, from which biomass could be harvested for use as a biofuel feedstock.
Computational microscope peers into the working ribosome
Two new studies reveal in unprecedented detail how the ribosome interacts with other molecules to assemble new proteins and guide them toward their destination in biological cells.
Factors from common human bacteria may trigger multiple sclerosis
Current research suggests that a common oral bacterium may exacerbate autoimmune disease. The related report by Nichols et al, "Unique Lipids from a Common Human Bacterium Represent a New Class of TLR2 Ligands Capable of Enhancing Autoimmunity," appears in the December 2009 issue of The American Journal of Pathology.
More Data Current Events and Data News Articles
 |
Inspiretech iPod iPhone iTouch dock to USB Sync Cable by Inspire Connect your iPod to any USB port for syncing. Also simultaneously Charges your iPod from any PC or MAC |
 |
Skywriter by Data |
 |
Syba SD-U2DLCAB USB 2.0 Data Link Cable, Support Vista by Syba Provide a high performance connection between two desktop / notebook computers. Works with Microsoft Windows Easy Transfer (WET) program. Microsoft Windows Easy Transfer Companion (WETC) program. (You may download this Easy Transfer program from Microsoft website). Transfer data resources between two PCs via USB port. Supports Windows Easy Transfer Program for Microsoft Vista and XP operating system. Compliant with USB 2.0 specification and fully backwards compatible with USB 1.1 specification. Supports High-Speed (480Mbps) and Full-Speed (12Mbps) data transfer. Supports Suspend and Resume Power Management features. Bus-Powered from either USB port. Suitable for mobile PC environment. Supports LED indicator for connection and transfer status. Include free PCLinq3 software, allows files... |
 |
Sony Ericsson DCU60 USB Cable by Sony Ericsson Mobile This user-friendly USB solution builds a bridge between your computer and phone. Save the latest party pictures to your computer, transfer your favorite song to your phone and stay up-to-date with a synchronized calendar and address book. Or give your phone a fresh start with Java applications from the Internet. |
 |
Brand New USB Data Cable for Lg Lg Vu Cu920, Shine Cu720, Venus Vx8800, Voyager Vx10000, Cu515, Vx5400, Rumor, Scoop, Ux260, Cg180, Ce110, Vx8350, Lx160, Flare, Ax380 Wave, Ux380, Cu575 Trax, Vx8550 Chocolate, Lx570 Muziq, Ax565, Ux565, Ax275, Vx8700, Vx9400, Vx9900 Env, Lx150, Vx8600, Ax8600, Vx8500 Chocolate Cell Phone by Bargaincell Cable only, software and driver is not included. This USB data cable enables you to connect your cellular phone to your computer for: Wireless internet access, Sending and receiving email, FTP (Uploading and downloading files), Downloading Music / Pictures / Ring tones, Editing your phone book / SMS, Sy |
 |
Data Driven: Profiting from Your Most Important Business Asset by Thomas C. Redman (Author) Your company's data has the potential to add enormous value to every facet of the organization -- from marketing and new product development to strategy to financial management. Yet if your company is like most, it's not using its data to create strategic advantage. Data sits around unused -- or incorrect data fouls up operations and decision making. In Data Driven, Thomas Redman, the "Data Doc," shows how to leverage and deploy data to sharpen your company's competitive edge and enhance its profitability. The author reveals: The special properties that make data such a powerful asset The hidden costs of flawed, outdated, or otherwise poor-quality data How to improve data quality for competitive advantage Strategies for exploiting your data to make better business... |
 |
Timex Men's Ironman Data Link USB Watch #T5C291 by Timex This Timex Watch (but not any battery, crystal, band, or strap) is warranted to the owner for a period of ONE YEAR from the date of purchase against defects in manufacture by Timex Corporation. Timex will not repair defects relating to servicing not performed by Timex Corporation. This limited warranty applies to US Customers. |
 |
Trop Laser Data (Primary Contributor) |
 |
SentrySafe QA0121 Fire-Safe Waterproof Data Storage Chest, Grey by SentrySafe FIRE-SAFE waterproof data storage chest. The world's first and only fire resistant and waterproof multi-purpose data protection chest. Allows users to backup data using their own storage devices (devices sold separately). Protects up to 60 CDs and DVDs (in 30 double-sided sleeves). Users connect their laptop or desktop computer via the internal USB port. Exterior Dimensions: 9 3/4"H x 9 1/8"W x 10 7/8"D
|
 |
LG OEM Original USB DATA CABLE (SGDY0010901) connector for LG VU CU920 / LG VU CU915. Data wire that SYNC cell phone to/from PC computer. by LG Data Cable only! Driver and software not included. Some phone may or may not need driver/software please check with your phone provider for details. |
| © 2009 BrightSurf.com |