Wednesday, August 12, 2009

“Vanish” Uses BitTorrent to Make Data Disappear

Encrypts messages with a secret key and then distributes pieces of it across random nodes so that as peers leave the swarm it gradually degrades over time, allowing users to regain control over data stored on the web like Facebook PMs, e-mails to others, and even simple posts.

Researchers at the University of Washington have a created a way to automate encryption key expiration, which means data can become inaccessible over a given period of time.

It’s called Vanish and it creates a secret key to encrypt a user’s data, breaks the key into many pieces and then sprinkles the pieces across random nodes in the Distributed Hash Table (DHT) provided by the popular Vuze BitTorrent client. As machines constantly join and leave the swarm, the pieces of the key gradually disappear. By default it supports data timeouts of 8-9 hrs, though they say longer timeouts are possible.

“Data persists for much longer than users expect or want,” they note in emphasizing importance of Vanish. “This is especially true as more and more data gets stored on the web and in the cloud, archived by third parties, or just stored on random backup tapes.”

The researchers say Vanish is important in today’s Web-centered world because a “users’ sensitive data can persist “in the cloud” indefinitely (sometimes even after the user’s account termination.” By using Vanish you can regain control over the lifetime of things like Facebook PMs, Google Docs, e-mails, etc..

It can also complicate efforts by authorities or other parties to subpoena sensitive data.

“Computing and communicating through the Web makes it virtually impossible to leave the past behind,” they add. “College Facebook posts or pictures can resurface during a job interview; a lost or stolen laptop can expose personal photos or messages; or a legal investigation can subpoena the entire contents of a home or work computer, uncovering incriminating or just embarrassing details from the past.”

The overarching benefit of using Vanish is that it lessens the risks of sensitive data being exposed. A PM or e-mail from years past doesn’t have to resurface to the embarrassment of yourself or others.

Overall it’s pretty useful to have. The only downside is that the people you communicate with have to also have Vanish installed so that they can decrypt your messages.

It’s available as a Firefox plugin.

Watch the screencast for more info…..

No comments: