[DFSci] Vanish

Fri Jul 24 10:21:07 PDT 2009

I would like to know how this vanish is different from this paper:

The Ephemerizer: Making Data Disappear. Radia Perlman. SMLI TR-2005-140.
February 2005 (research.sun.com/techrep/2005/smli_tr-2005-140.pdf)

> Send DFSci mailing list submissions to
> 	dfsci at lists.dfrws.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.dfrws.org/listinfo.cgi/dfsci-dfrws.org
> or, via email, send a message with subject or body 'help' to
> 	dfsci-request at lists.dfrws.org
>
> You can reach the person managing the list at
> 	dfsci-owner at lists.dfrws.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of DFSci digest..."
>
>
> Today's Topics:
>
>    1. Re: Vanish - A tool to make online personal data vanish
>       (Gregg Gunsch)
>    2. Re: Vanish - A tool to make online personal data vanish
>       (Serguei Mokhov)
>    3. Re: Vanish - A tool to make online personal data vanish
>       (Gregg Gunsch)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 23 Jul 2009 13:23:17 -0400
> From: "Gregg Gunsch" <ggunsch at defiance.edu>
> Subject: Re: [DFSci] Vanish - A tool to make online personal data
> 	vanish
> To: <dfsci at lists.dfrws.org>
> Message-ID: <3746A8A8398647D085F9CAF5352F2714 at Gropos>
> Content-Type: text/plain;	charset="us-ascii"
>
> Note the VERY important caveat:  while the data is active(viewable), it
> can
> be copied, pasted, printed, and saved.  "Vanish" is for communications
> between trusted parties where both agree to allow it to disappear after
> the
> timeout.  Its primary benefits are to prevent interception and subsequent
> recovery.
>
> - Gregg
>
> Gregg Gunsch, Ph.D., PE, CISSP, GCFA, CCE
> Professor of Digital Forensic Science
> Defiance College
> 701 N. Clinton, St., Defiance, OH 43512
> 419-783-2460    ggunsch at defiance.edu
> http://www.defiance.edu/pages/BASS_majors_DFS.html
> Caveat Interretiarius
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Thu, 23 Jul 2009 17:00:49 -0400
> From: Serguei Mokhov <serguei at gmail.com>
> Subject: Re: [DFSci] Vanish - A tool to make online personal data
> 	vanish
> To: ggunsch at defiance.edu
> Cc: dfsci at lists.dfrws.org
> Message-ID:
> 	<f4c8e9e30907231400t3a20be00x8dddd37b88fe854d at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On Thu, Jul 23, 2009 at 1:23 PM, Gregg Gunsch<ggunsch at defiance.edu> wrote:
>> Note the VERY important caveat: ?while the data is active(viewable), it
>> can
>> be copied, pasted, printed, and saved. ?"Vanish" is for communications
>> between trusted parties where both agree to allow it to disappear after
>> the
>> timeout. ?Its primary benefits are to prevent interception and
>> subsequent
>> recovery.
>
> As I read it it's only to prevent the recovery after the set timeout,
> not the interception. If anyone intercepts the message before the
> timeout they may still read it, so it simply prevents recoverable
> _archiving_ of the messages. Of course, if one end of the Vanish
> communications saves/prints/makes a screenshot of it externally while
> within the timeout, they still can do it, just like one can bug
> the phone line or record audio conversation. From the legal standpoint,
> I am not sure if the externally saved/printed message will have
> the same level of authenticity as the unvanished original and
> whether it'd be admissible in court if it is a subject of
> subpoena or a new employer searching your Facebook profile for
> any discriminating factors -- the latter to seems to be their most
> major concern -- to erase the history.
>
> -s
>
>> - Gregg
>>
>> Gregg Gunsch, Ph.D., PE, CISSP, GCFA, CCE
>> Professor of Digital Forensic Science
>> Defiance College
>> 701 N. Clinton, St., Defiance, OH 43512
>> 419-783-2460 ? ?ggunsch at defiance.edu
>> http://www.defiance.edu/pages/BASS_majors_DFS.html
>> Caveat Interretiarius
>
>
> --
> Serguei Mokhov
> http://www.cs.concordia.ca/~mokhov
> http://marf.sf.net | http://sf.net/projects/marf
>
>
> ------------------------------
>
> Message: 3
> Date: Thu, 23 Jul 2009 19:09:41 -0400
> From: "Gregg Gunsch" <ggunsch at defiance.edu>
> Subject: Re: [DFSci] Vanish - A tool to make online personal data
> 	vanish
> To: <mokhov at cs.concordia.ca>
> Cc: dfsci at lists.dfrws.org
> Message-ID: <486E053A3C7E495E9451D7F8A8019902 at Gropos>
> Content-Type: text/plain;	charset="iso-8859-1"
>
> I based my comment on the researcher's website,
> http://vanish.cs.washington.edu/.  On that website, the authors describe
> the
> process used by Vanish to encrypt the user's data, and distribute the key
> into a P2P network.  It is the encryption key that disappears, preventing
> the user's data from becoming recoverable:  "Vanish creates a secret key
> to
> encrypt a user's data item (such as an email), breaks the key into many
> pieces and then sprinkles the pieces across the P2P network. As machines
> constantly join and leave the P2P network, the pieces of the key gradually
> disappear. By the time the hacker or someone with a subpoena actually
> tries
> to obtain access to the message, the pieces of the key will have
> permanently
> disappeared."
>
> The advantage this has over simply "disappearing" the data itself is that
> it
> prevents interception in transit, to include recovery of copies on
> store-and-forward systems (e.g., email) for which the end users have no
> control.  Those copies are never decryptable, since the key is never
> available to the systems in the middle of the communication (same as
> normal
> encryption methods).
>
> Yes, someone could "intercept" the message before the timeout, but that
> would only be on the destination machine, not in transit.  It would seem
> that we are using the word differently.  I was speaking about intercepting
> the message during transit, by a third party.
>
> - Gregg
>
> -----Original Message-----
> From: Serguei Mokhov [mailto:serguei at gmail.com]
> Sent: Thursday, July 23, 2009 5:01 PM
> To: ggunsch at defiance.edu
> Cc: dfsci at lists.dfrws.org
> Subject: Re: [DFSci] Vanish - A tool to make online personal data vanish
>
> On Thu, Jul 23, 2009 at 1:23 PM, Gregg Gunsch<ggunsch at defiance.edu> wrote:
>> Note the VERY important caveat: ?while the data is active(viewable), it
> can
>> be copied, pasted, printed, and saved. ?"Vanish" is for communications
>> between trusted parties where both agree to allow it to disappear after
> the
>> timeout. ?Its primary benefits are to prevent interception and
>> subsequent
>> recovery.
>
> As I read it it's only to prevent the recovery after the set timeout,
> not the interception. If anyone intercepts the message before the
> timeout they may still read it, so it simply prevents recoverable
> _archiving_ of the messages. Of course, if one end of the Vanish
> communications saves/prints/makes a screenshot of it externally while
> within the timeout, they still can do it, just like one can bug
> the phone line or record audio conversation. From the legal standpoint,
> I am not sure if the externally saved/printed message will have
> the same level of authenticity as the unvanished original and
> whether it'd be admissible in court if it is a subject of
> subpoena or a new employer searching your Facebook profile for
> any discriminating factors -- the latter to seems to be their most
> major concern -- to erase the history.
>
> -s
>
>> - Gregg
>>
>> Gregg Gunsch, Ph.D., PE, CISSP, GCFA, CCE
>> Professor of Digital Forensic Science
>> Defiance College
>> 701 N. Clinton, St., Defiance, OH 43512
>> 419-783-2460 ? ?ggunsch at defiance.edu
>> http://www.defiance.edu/pages/BASS_majors_DFS.html
>> Caveat Interretiarius
>
>
> --
> Serguei Mokhov
> http://www.cs.concordia.ca/~mokhov
> http://marf.sf.net | http://sf.net/projects/marf
>
>
>
> ------------------------------
>
> _______________________________________________
> DFSci mailing list
> DFSci at lists.dfrws.org
> http://lists.dfrws.org/listinfo.cgi/dfsci-dfrws.org
>
>
> End of DFSci Digest, Vol 40, Issue 5
> ************************************
>