Vanish (computer science)
Vanish was a project to "give users control over the lifetime of personal data stored on the web." It was led by Roxana Geambasu at the University of Washington.[1] The project proposed to allow a user to enter information to send across the internet, thereby relinquishing control of it. However, the user is able to include an "expiration date," after which the information is no longer usable by anyone who may have a copy of it, even the creator.[2] The Vanish approach was found to be vulnerable to a Sybil attack, and thus insecure, by a team called Unvanish from the University of Texas, University of Michigan, and Princeton.[3]
Theory
Vanish acts by automating the encryption of information entered by the user with an encryption key that is unknown to the user. Along with the information the user enters, the user also enters metadata concerning how long the information should remain available. The system then encrypts the information, but does not store either the encryption key or the original information. Instead, it breaks up the decryption key into smaller components that are disseminated across distributed hash tables, or DHTs via the Internet. The DHTs refresh information within their nodes on a set schedule unless configured to make the information persistent. The time delay entered by the user in the metadata controls how long the DHTs should allow the information to persist, but once that time period is over, the DHTs will reuse those nodes, making the information about the decryption stored irretrievable. As long as the decryption key may be reassembled from the DHTs, the information is retrievable. However, once the period entered by the user has lapsed, the information is no longer recoverable, as the user never possessed the decryption key.[4]
Implementation
Vanish currently exists as a Firefox plug-in which allows a user to enter text into either a standard Gmail email or Facebook message, and choose to send the message via Vanish. The message is then encrypted and sent via the normal networking pathways through the cloud to the recipient. The recipient must have the same Firefox plug-in to decrypt the message. The plugin accesses BitTorrent DHTs, which have 8-hour lifespans. This means the user may select an expiration date for the message in increments of 8 hours. After the expiration of the user-defined time span, the information in the DHT is overwritten, thereby eliminating the key. While both the user and recipient may have copies of the original encrypted message, the key used to turn it back into plain text is now gone.
Although this particular instance of the data has become inaccessible, it's important to note that the information can always be saved by other means before expiration (copied, or even via screen shots) and published again.
References
- "' This article will self-destruct: A tool to make online personal data vanish". washington.edu. Retrieved 2009-07-21.
- "'Privacy Tool Makes Internet Postings Vanish '". InformationWeek. Retrieved 2009-07-24.
- "'Unvanish: Reconstructing Self-Destructing Data'".
- "' Vanish: Increasing Data Privacy with Self-Destructing Data" (PDF). vanish.cs.washington.edu. Retrieved 2010-12-07.