“Cloud computing”! This is a hot topic in IT security for a while. I won’t explain why security is so importing within the cloud. To have a good overview, I recommend to follow Craig Balding’s blog.
For sure, you already have personal data stored on the web. You use webmail services like Google, you post pictures and videos on Facebook. The major issue is the total loss of control when posted. Where are they stored? Is privacy respected? Worse, if you decide to bring some material off-line, it has been indexed by robots or is it really removed from the servers? Some data may also become obsolete or confidential after some time.
That’s why the Washington University developed a product which adds some kind of “best-before date” on the data you publish on-line. The idea is very simple: when you create some content (ex: a blog post), you specify after how long the data will become unreadable for everybody, even you, the author!
To create self-destructing data, let’s have a look to the Vanish tool. It’s a software based on two components: A Java application and a Firefox plug-in. Once the software has been installed (runs on Windows or almost all Linux distributions), select any text you need to vanish and choose the option “Vanish -> Create Vanish Message” from the context menu:
Your original text will be replaced by something like:
-----BEGIN VANISH MESSAGE----- Use http://vanish.cs.washington.edu to read this message. This message will self destruct by Thu, 30 Jul 2009 19:27:47 GMT AKztAAVzcgBGZWR1Lndhc2hpbmd0b24uY3MudmFuaXNoLmludGVybmF sLm1ldGFkYXRhLmltcGwuRXBvY2hBd2FyZU1ldGFkYXRhSW1wbE1yiFVDG n2bAgACSgAMZXBvY2hfbGVuZ3RoTAAIbWV0YWRhdGF0ADVMZWR1L3dh c2hpbmd0b24vY3MvdmFuaXNoL2ludGVybmFsL21ldGFkYXRhL01ldGFkYX RhO3hwAAAAAAG3dABzcgBHZWR1Lndhc2hpbmd0b24uY3MudmFuaXNo LmludGVybmFsLm1ldGFkYXRhLmltcGwuSW5kaXJlY3RLZXlNZXRhZGF0YU ltcGw6bcmI6fsf7QIAAlsAEmVuY3J5cHRlZF9kYXRhX2tleXQAAltCTAAIbWV0 YWRhdGFxAH4AAXhwcHNyAEFlZHUud2FzaGluZ3Rvbi5jcy52YW5pc2guaW 50ZXJuYWwubWV0YWRhdGEuaW1wbC5CYXNpY01ldGFkYXRhSW1wbNgVQ Ujt/E3XAgACSgANbG9jYXRpb25fc2VlZEwABnBhcmFtc3QANkxlZHUvd2Fz aGluZ3Rvbi9jcy92YW5pc2gvaW50ZXJuYWwvbWV0YWRhdGEvVkRPUGFyYW 1zO3hw6Gffaq4cVxNzcgA0ZWR1Lndhc2hpbmd0b24uY3MudmFuaXNoLm ludGVybmFsLm1ldGFkYXRhLlZET1BhcmFtc7292Mmleh6MAgAISgALY3JlYX Rpb25fdHNJABVlbmNyeXB0aW9uX2tleV9sZW5ndGhJAApudW1fc2hhcmVz SQAJdGhyZXNob2xkSQAJdGltZW91dF9oSgAGdmRvX2lkTAAUZW5jcnlwdG lvbl9hbGdvcml0aG10ABJMamF2YS9sYW5nL1N0cmluZztMAA9lbmNyeXB0 aW9uX21vZGVxAH4ACnhwAAABIsfEIk8AAACAAAAACgAAAAcAAAAYDIstI4 Viu3R0AANBRVN0AANDQkOREhq410f4hqFaaoICvN9kU/q2yqdxZ9LRxYEYX 3a1KKBAgTbUnYZQkDnMn5areXA= -----END VANISH MESSAGE-----
Anybody will be able to decrypt the message until Thu, 30 Jul 2009 19:27:47 GMT (I configured my Vanish add-on expiration timeout to 24 hours). To read the original text, recipients of your message must have the same Firefox add-on installed, select the vanished message and use the second menu “Read Vanish Message”. Once the expiration date expired, nobody will be able to decrypt the message! Simple and powerful! Please keep in mind that your data won’t be encrypted nor signed.Anybody will be able to read the message content! Let’s have a look at the video which describes the application:
Note: the Vanish application requires Internet connectivity to work. Operations rely on the Vuze network!