U. WASHINGTON (US)—A new prototype system could help Web users erase their electronic trail by creating text that automatically self destructs.
Many people believe that pressing the “delete” button will make data go away, but the “reality is that many Web services archive data indefinitely, well after you’ve pressed delete,” says doctoral student and lead author Roxana Geambasu.
Simply encrypting the data can be risky in the long term, the researchers say, because it can be exposed years later, for example, by legal actions that force an individual or company to reveal the encryption key. Current trends in the computing and legal landscapes are making the problem more widespread.
The Vanish prototype washes away data using the natural turnover, called “churn,” on peer-to-peer networks. For each message that it sends, Vanish creates a secret key, which it never reveals to the user, and then encrypts the message with that key. It then divides the key into dozens of pieces and sprinkles those pieces on random computers that belong to worldwide file-sharing networks, the same ones often used to share music or movie files.
The file-sharing system constantly changes as computers join or leave the network, meaning that over time parts of the key become permanently inaccessible. Once enough key parts are lost, the original message can no longer be deciphered.
In the current Vanish prototype, the network’s computers purge their memories every eight hours. Researchers liken using Vanish to writing a message in the sand at low tide—it can only be read for a few hours before the tide comes in and permanently washes it away.
To work, both the sender and the recipient must have installed the tool. The sender highlights any sensitive text entered into the browser and presses the “Vanish” button. The tool encrypts the information with a key unknown even to the sender and the text can then be read, for a limited time only, when the recipient highlights the text and presses the “Vanish” button to unscramble it.
Vanish works with any text entered into a Web browser, including Hotmail, Yahoo, and G-mail, Web chat, or the social networking sites MySpace and Facebook. The Vanish prototype now works only for text, but researchers say the same technique could work for any type of data, such as digital photos.
The research was funded by the National Science Foundation, the Alfred P. Sloan Foundation, and Intel Corp.
University of Washington news: http://uwnews.org