Vanish is a project at the University of Washington which endeavors to "give users control over the lifetime of personal data stored on the web." The project proposes to allow a user to enter information that he or she will send out across the internet, thereby relinquishing control of it. However, the user is able to include an "expiration date," after which the information is no longer usable by anyone who may have a copy of it, even the creator. The Vanish approach was found to be vulnerable to a Sybil attack, and thus insecure, by a team called Unvanish from the University of Texas, University of Michigan, and Princeton.
Contents
Theory
Vanish acts by automating the encryption of information entered by the user with an encryption key that is unknown to the user. Along with the actual information the user enters, he or she also enters metadata concerning how long the information should remain available. The system then encrypts the information, but does not store either the encryption key or the, instead breaking up the decryption key into smaller components that are disseminated across distributed hash tables, or DHTs via the internet. The DHTs refresh information within their nodes on a set schedule unless told to persist the information. The time-delay entered by the user in the metadata controls how long the DHTs should allow the information to persist, but once that time period is over, the DHTs will reuse those nodes, making the information about the decryption stored irretrievable. As long as the decryption key may be reassembled from the DHTs, the information is retrievable. However, the time initially entered by the user has lapsed, the information is not recoverable, as the user was never informed of the decryption key.
Implementation
Vanish currently exists as a Firefox plug-in which allows a user to enter text into either a standard Gmail email or Facebook message, and choose to send the message via Vanish. The message is then encrypted and sent via the normal networking pathways through the cloud to the recipient. The recipient must have the same Firefox plug-in to decrypt the message. The plugin accesses BitTorrent DHTs, which have 8-hour lifespans. This means the user may select an expiration date for the message in increments of 8 hours. After the expiration of the user-defined time span, the information in the DHT is overwritten, thereby eliminating the key. While both the user and recipient may have copies of the original encrypted message, the key used to turn it back into plain text is now gone.
Although this particular instance of the data has become inaccessible, it's important to note that the information can always be saved by other means before expiration (copied, or even via screen shots) and published again.