Information centre menu
News Newsletters Events Articles - Articles Archive 2008 - Articles Archive 2007 - Articles Archive 2006 - Articles Archive 2005 - Articles Archive 2004 - Articles Archive 2003 - Articles Archive 2002 - Articles Archive 2001 - Articles Archive 2000 - Articles Archive 1999 - Articles Archive 1998	Vanishing Act By Joanne Pontee, Marketing Manager Imagine receiving an e-mail or a document which automatically self destructs in 8 hours? If you think it sounds a little farfetched, something that you are more likely to hear in a James Bond movie, then think again. A team of researchers at the University of Washington have been playing the role of “Q” and come up with a program that can make e-mails, blog posts, documents and Facebook entries disappear without a trace. The research team at the University have developed a prototype system, aptly named “Vanish”, which can place a time limit on text uploaded to any web service through a web browser. Eight hours after being sent, “Vanish” e-mails, documents and posts become unreadable, even to the person who wrote them. According to reports, the next version of Vanish will allow users to create messages that last a day, a weekend or a month. At present, Vanish can be applied to web based e-mail such as Hotmail, Yahoo, Gmail, webchat and social networking sites such as MySpace and Facebook. However, the researchers believe that the principle could be extended to work for other types of data including digital images. To use Vanish, both parties have to be using the Firefox web browser to communicate in an e-mail or chatroom and they both need to install the Vanish software. They can then compose a message, highlight the text they want to keep private, select “create Vanish message” from a pop-up menu and fire it off. The recipient at the other end is presented with a page of scrambled text that only becomes readable when they select the “read Vanish message” option. Precisely 8 hours later the message completely disappears. The best description of how Vanish works that I’ve come across (well one that a non techie like me can understand!) is as follows: Vanish washes away data using the natural turnover (churn) on large file sharing networks (peer-to-peer) networks. For each message it sends, Vanish creates a secret key, which it never reveals to the user, and then encrypts the message with that key. It then divides the key into dozens of pieces which are sprinkled across random computers that belong to worldwide file-sharing networks - the same ones often used to share music or movie files. The file sharing system constantly changes as computers join or leave the network, meaning over time parts of the key become permanently inaccessible. Once enough key parts are lost, the original message can no longer be deciphered. Phew, and that was the easy explanation! If you are puzzled as to why all this complicated new technical wizardry is required, then imagine how you’d feel if your local post office took a copy of every letter you posted or your telecoms provider taped and stored a copy of every telephone conversation you had. Well this is precisely what happens on the Internet today. Many of us communicate online without a second thought for the privacy implications but each one of us is leaving behind a trail of communication over which we have no control. An e-mail sent today or a Facebook picture you left last week may well have future repercussions. A recent survey in America found that a fifth of Americans had written something online they regretted, while almost one in eight teenagers had posted nude or revealing photos of themselves online. There is always a danger that an inappropriate post made in the heat of the moment or a picture from a drunken night out that your friend has kindly tagged you in on Facebook could resurface during that all important job interview. If you are now rushing to hit the delete button in a panic - don’t. It is likely that your data is being archived by web services indefinitely so deleting it doesn’t mean it’s gone. Today a great deal of data is being created, shared and stored online and with the current trend towards Cloud computing this is set to increase. Costs for storing huge volumes of data are now very low so there is little incentive for service providers to delete it, meaning that personal data persists for a very long time. With online privacy, and all its implications for individuals and the state becoming a heated topic, you can now see why the launch of Vanish is creating quite a stir. The team behind Vanish claim that it’s a much safer alternative to encryption. They point to the fact that encryption offers no guarantee of privacy, with courts being able to force people to turn over e-mail encryption passwords, keys or decryption details. Whereas with Vanish its users are not dependant on the integrity of any third party. They don’t need to trust the Vanish software or the people behind it to protect or delete the data as they don’t hold it or the key to deciphering it. The Vanish service has been likened to writing a message in the sand at low tide, where it can be read for only a few hours before the tide inevitably comes in and permanently washes it away. Erasing the data doesn’t require any special action by the sender, the recipient or third party service. As with most technological innovations, where there are pros there are always some cons and Vanish does have its detractors. Some digital forensics experts have expressed concerns about its potential misuse and point out that in some instances, for example when carrying out criminal or terrorism related investigations, the state needs to be able to intercept data. Its inventors don’t deny that there will be people who use Vanish for inappropriate activities but believe that as a genuine technical advancement the benefits far outweigh the risks. Vanish isn’t infallible, there’s always the human element to deal with. There’s nothing to stop somebody from copying the contents of an e-mail or post during the eight hours that it’s in existence. In practice, and in its current form, Vanish can only protect communication between two trusted parties; for example, the exchange of confidential or sensitive information between a lawyer and their client. For the time being Vanish is available for use by individuals free of charge but I would guess that it’s only a matter of time before an enhanced commercial version of Vanish becomes available for business. The motivations behind the development of Vanish do provide food for thought. So the next time you are about to hit the send button on your “letting off steam” e-mail rant or are posting a picture on Facebook that you wouldn’t be happy for your Granny to see, think twice because it may just come back to bite you!

Information centre menu

Vanishing Act

By Joanne Pontee, Marketing Manager

Imagine receiving an e-mail or a document which automatically self destructs in 8 hours? If you think it sounds a little farfetched, something that you are more likely to hear in a James Bond movie, then think again. A team of researchers at the University of Washington have been playing the role of “Q” and come up with a program that can make e-mails, blog posts, documents and Facebook entries disappear without a trace.

The research team at the University have developed a prototype system, aptly named “Vanish”, which can place a time limit on text uploaded to any web service through a web browser. Eight hours after being sent, “Vanish” e-mails, documents and posts become unreadable, even to the person who wrote them. According to reports, the next version of Vanish will allow users to create messages that last a day, a weekend or a month. At present, Vanish can be applied to web based e-mail such as Hotmail, Yahoo, Gmail, webchat and social networking sites such as MySpace and Facebook. However, the researchers believe that the principle could be extended to work for other types of data including digital images.

To use Vanish, both parties have to be using the Firefox web browser to communicate in an e-mail or chatroom and they both need to install the Vanish software. They can then compose a message, highlight the text they want to keep private, select “create Vanish message” from a pop-up menu and fire it off. The recipient at the other end is presented with a page of scrambled text that only becomes readable when they select the “read Vanish message” option. Precisely 8 hours later the message completely disappears.

The best description of how Vanish works that I’ve come across (well one that a non techie like me can understand!) is as follows: Vanish washes away data using the natural turnover (churn) on large file sharing networks (peer-to-peer) networks. For each message it sends, Vanish creates a secret key, which it never reveals to the user, and then encrypts the message with that key. It then divides the key into dozens of pieces which are sprinkled across random computers that belong to worldwide file-sharing networks - the same ones often used to share music or movie files. The file sharing system constantly changes as computers join or leave the network, meaning over time parts of the key become permanently inaccessible. Once enough key parts are lost, the original message can no longer be deciphered. Phew, and that was the easy explanation!

If you are puzzled as to why all this complicated new technical wizardry is required, then imagine how you’d feel if your local post office took a copy of every letter you posted or your telecoms provider taped and stored a copy of every telephone conversation you had. Well this is precisely what happens on the Internet today. Many of us communicate online without a second thought for the privacy implications but each one of us is leaving behind a trail of communication over which we have no control. An e-mail sent today or a Facebook picture you left last week may well have future repercussions. A recent survey in America found that a fifth of Americans had written something online they regretted, while almost one in eight teenagers had posted nude or revealing photos of themselves online. There is always a danger that an inappropriate post made in the heat of the moment or a picture from a drunken night out that your friend has kindly tagged you in on Facebook could resurface during that all important job interview.

If you are now rushing to hit the delete button in a panic - don’t. It is likely that your data is being archived by web services indefinitely so deleting it doesn’t mean it’s gone. Today a great deal of data is being created, shared and stored online and with the current trend towards Cloud computing this is set to increase. Costs for storing huge volumes of data are now very low so there is little incentive for service providers to delete it, meaning that personal data persists for a very long time. With online privacy, and all its implications for individuals and the state becoming a heated topic, you can now see why the launch of Vanish is creating quite a stir.

The team behind Vanish claim that it’s a much safer alternative to encryption. They point to the fact that encryption offers no guarantee of privacy, with courts being able to force people to turn over e-mail encryption passwords, keys or decryption details. Whereas with Vanish its users are not dependant on the integrity of any third party. They don’t need to trust the Vanish software or the people behind it to protect or delete the data as they don’t hold it or the key to deciphering it. The Vanish service has been likened to writing a message in the sand at low tide, where it can be read for only a few hours before the tide inevitably comes in and permanently washes it away. Erasing the data doesn’t require any special action by the sender, the recipient or third party service.

As with most technological innovations, where there are pros there are always some cons and Vanish does have its detractors. Some digital forensics experts have expressed concerns about its potential misuse and point out that in some instances, for example when carrying out criminal or terrorism related investigations, the state needs to be able to intercept data. Its inventors don’t deny that there will be people who use Vanish for inappropriate activities but believe that as a genuine technical advancement the benefits far outweigh the risks.

Vanish isn’t infallible, there’s always the human element to deal with. There’s nothing to stop somebody from copying the contents of an e-mail or post during the eight hours that it’s in existence. In practice, and in its current form, Vanish can only protect communication between two trusted parties; for example, the exchange of confidential or sensitive information between a lawyer and their client. For the time being Vanish is available for use by individuals free of charge but I would guess that it’s only a matter of time before an enhanced commercial version of Vanish becomes available for business.

The motivations behind the development of Vanish do provide food for thought. So the next time you are about to hit the send button on your “letting off steam” e-mail rant or are posting a picture on Facebook that you wouldn’t be happy for your Granny to see, think twice because it may just come back to bite you!