This Message Will Self-destroy in 30″!

Vanish Logo

“Cloud computing”! This is a hot topic in IT security for a while. I won’t explain why security is so importing within the cloud. To have a good overview, I recommend to follow Craig Balding’s blog.

For sure, you already have personal data stored on the web. You use webmail services like Google, you post pictures and videos on Facebook. The major issue is the total loss of control when posted. Where are they stored? Is privacy respected? Worse, if you decide to bring some material off-line, it has been indexed by robots or is it really removed from the servers? Some data may also become obsolete or confidential after some time.

That’s why the Washington University developed a product which adds some kind of “best-before date” on the data you publish on-line. The idea is very simple: when you create some content (ex: a blog post), you specify after how long the data will become unreadable for everybody, even you, the author!

To create self-destructing data, let’s have a look to the Vanish tool. It’s a software based on two components: A Java application and a Firefox plug-in. Once the software has been installed (runs on Windows or almost all Linux distributions), select any text you need to vanish and choose the option “Vanish -> Create Vanish Message” from the context menu:

Click to enlarge
Click to enlarge

Your original text will be replaced by something like:

Use to read this message.
This message will self destruct by Thu, 30 Jul 2009 19:27:47 GMT


Anybody will be able to decrypt the message until Thu, 30 Jul 2009 19:27:47 GMT (I configured my Vanish add-on expiration timeout to 24 hours). To read the original text, recipients of your message must have the same Firefox add-on installed, select the vanished message and use the second menu “Read Vanish Message”. Once the expiration date expired, nobody will be able to decrypt the message! Simple and powerful! Please keep in mind that your data won’t be encrypted nor signed.Anybody will be able to read the message content! Let’s have a look at the video which describes the application:

Note: the Vanish application requires Internet connectivity to work. Operations rely on the Vuze network!


  1. A new program Vanishing Message has been released by John Kapili. Vanishing Message is a file message that can be sent by email attachment or file transfer. The message can be read by the recipient then vanishes without a trace. As we all know there are times when we need to send a message to someone that we want no trace of later. Vanishing Message uses a random encryption on all words, no word is ever encrypted the same. The message vanishes if exited, cannot be copied, if viewed longer than 1 minute it vanishes and you can use the same file to forward or email another person a new message. So prove it!!! Did it ever exist?

  2. Indeed! Vanish used “as is” does not prevent any copies of the original data. Except if the original version is signed using your PGP private key.

    On the other side, the goal is clearly to prevent your data to be indexed and lost in the “Cloud”. Preventing people to save a copy of it locally on their hard drive is another problem.

  3. AFAIK they state in their paper that explicitly do not consider the case when a trusted insider makes a copy during the allowed time period (ie Alice decodes the message in the interval it is valid and takes a digital – and thus perfect – copy of it and passes it on to Eve). While it is a perfectly assumption, it does limit the effectiveness of the system a great deal and it is also not the scenario most people think of when they hear “self destruct”.

    my 2c

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.