Wednesday, July 22, 2009


vanish fascinates me.

a group of researchers at the university of washington released it yesterday. it's a tool that basically puts an expiration time on any information you post on the internet.

it uses a secret key to encrypt the data, and then sprinkles the key into many little pieces throughout the vuze P2P network. based on the average rate of hosts leaving and entering the P2P network, the key lasts about eight or nine hours; this can be tweaked to any multiple of 8 or 9 hours.

of course, it's not perfect. if you even legitimately want to recover the information after the assigned period (and, if you did save it elsewhere, aren't you defeating the purpose of using vanish?), you can't. on the other hand, it can be decrypted by anyone with a Vanish client during the period that the key is valid, so if you care about who sees it as well as when the data expires, it's probably a good idea to wrap the vanish data object in something that will authenticate the recipient, such as pgp. it is a legitimate concern given that anyone can decrypt the data within the time period--they could always take the text, save it in another file, and get around the expiration date provided by vanish. then again, the intended recipient can do that as well, so it's useless unless you can trust the recipient to just let the message die.

however, i find this a fascinating first step toward addressing the problem of stuff on the internet coming back to haunt people, or addressing other problems of data lasting longer than hoped for. (and, i think i'm going to implement and play with the "vanish trash bin" idea on the project website...) it won't completely get rid of the problem, and i definitely won't start doing things like posting things on the internet that i don't stand behind, or saving child porn or stolen credit card numbers on my machines. that being said, i'm really excited to know that people are doing interesting things to try and get around the effective permanence of computer data.

they're giving a formal presentation about it at USENIX. sadly, though, USENIX is at the same time as HAR, so i'll be away. however, if it were not at the same time as HAR, i find this interesting enough that i would try to go to USENIX just for this presentation, and to pick the researchers' brains about it sometime during the hallway track.

No comments: