[DFSci] Vanish - A tool to make online personal data vanish

Gregg Gunsch ggunsch at defiance.edu
Thu Jul 23 16:09:41 PDT 2009 

I based my comment on the researcher's website,
http://vanish.cs.washington.edu/.  On that website, the authors describe the
process used by Vanish to encrypt the user's data, and distribute the key
into a P2P network.  It is the encryption key that disappears, preventing
the user's data from becoming recoverable:  "Vanish creates a secret key to
encrypt a user's data item (such as an email), breaks the key into many
pieces and then sprinkles the pieces across the P2P network. As machines
constantly join and leave the P2P network, the pieces of the key gradually
disappear. By the time the hacker or someone with a subpoena actually tries
to obtain access to the message, the pieces of the key will have permanently
disappeared." 

The advantage this has over simply "disappearing" the data itself is that it
prevents interception in transit, to include recovery of copies on
store-and-forward systems (e.g., email) for which the end users have no
control.  Those copies are never decryptable, since the key is never
available to the systems in the middle of the communication (same as normal
encryption methods).

Yes, someone could "intercept" the message before the timeout, but that
would only be on the destination machine, not in transit.  It would seem
that we are using the word differently.  I was speaking about intercepting
the message during transit, by a third party.

- Gregg

-----Original Message-----
From: Serguei Mokhov [mailto:serguei at gmail.com] 
Sent: Thursday, July 23, 2009 5:01 PM
To: ggunsch at defiance.edu
Cc: dfsci at lists.dfrws.org
Subject: Re: [DFSci] Vanish - A tool to make online personal data vanish

On Thu, Jul 23, 2009 at 1:23 PM, Gregg Gunsch<ggunsch at defiance.edu> wrote:
> Note the VERY important caveat:  while the data is active(viewable), it
can
> be copied, pasted, printed, and saved.  "Vanish" is for communications
> between trusted parties where both agree to allow it to disappear after
the
> timeout.  Its primary benefits are to prevent interception and subsequent
> recovery.

As I read it it's only to prevent the recovery after the set timeout,
not the interception. If anyone intercepts the message before the
timeout they may still read it, so it simply prevents recoverable
_archiving_ of the messages. Of course, if one end of the Vanish
communications saves/prints/makes a screenshot of it externally while
within the timeout, they still can do it, just like one can bug
the phone line or record audio conversation. From the legal standpoint,
I am not sure if the externally saved/printed message will have
the same level of authenticity as the unvanished original and
whether it'd be admissible in court if it is a subject of
subpoena or a new employer searching your Facebook profile for
any discriminating factors -- the latter to seems to be their most
major concern -- to erase the history.

-s

> - Gregg
>
> Gregg Gunsch, Ph.D., PE, CISSP, GCFA, CCE
> Professor of Digital Forensic Science
> Defiance College
> 701 N. Clinton, St., Defiance, OH 43512
> 419-783-2460    ggunsch at defiance.edu
> http://www.defiance.edu/pages/BASS_majors_DFS.html
> Caveat Interretiarius


-- 
Serguei Mokhov
http://www.cs.concordia.ca/~mokhov
http://marf.sf.net | http://sf.net/projects/marf

More information about the DFSci mailing list