How to make your e-mails "Vanish"

University of Washington creation could protect privacy; I give it a try

Not that I have anything to hide, but I decided to give the University of Washington's new e-mail disappearing tool, dubbed Vanish, a whirl anyway.

I couldn't quite get the downloaded version to work without timing out, but was able to get the gist with an alternate "modest scale" service version. But first, some background:

Vanish  is designed to give people control over how long their email messages and other online content lives out in the wild. Today it's pretty hard to keep track of your digital footprint (and this is only expected to get harder with the rise of cloud computing, as the recent Twitter/ Google Apps hack incident highlighted).

"If you care about privacy, the Internet today is a very scary place," said UW computer scientist Tadayoshi Kohno, in a statement.   "If people understood the implications of where and how their e-mail is stored, they might be more careful or not use it as often."

Encryption doesn't cut it, as legal actions could force the holder of a message to turn over the key down the road, the research team says.

25 leading-edge research projects you should know about

The prototype Vanish system, funded via the National Science Foundation, Intel and the Alfred P. Sloan Foundation,  is detailed in a paper released by the researchers this week and to be presented next month at the Usenix Security Symposium in Montreal. Co-authors are doctoral student Roxana Geambasu, assistant professor Kohno, professor Hank Levy and undergraduate student Amit Levy, all with UW's department of computer science and engineering.

Vanish is by far not the first such effort by researchers to help email users protect their privacy or even pull back regrettable electronic messages. We wrote about a company called Disappearing, Inc., 10 years ago and tracked the ability of Novell's GroupWise users to unsend e-mail as well.  Google's Gmail Labs also offers an Undo Send option.

As for Vanish, it exploits the churn on peer-to-peer networks by creating a key whenever a Vanish user puts the system to use and then divvying up that key and spreading across the P2P net. Such networks, the same kinds used to share music and other files, change over time as computers jump on or off. As such, portions of the key disappear forever and the original message can't be unencrypted.

Vanish enables users to specify how long they want their content to last, in chunks of eight hours.

Of course there are fairly non-technical ways that Vanish-ed email could live on, such as if a receiving party printed it out or took a picture of it. But the system is designed for communication between trusted parties.

I initially downloaded the program and Firefox plug-in, was warned to wait 5-10 minutes before using and of course didn't. So it kept timing out on me, even a half hour later. Or maybe it had something to do with a Java incompatibility issue or my work computer not letting me link up with Vuze DHT, the underlying storage system used to support Vanish. Anyway, on to Plan B, the service offering  from the University of Washington that didn't require a download.

I simply typed in a string of words:  I have ABSOLUTELY nothing to hide, then hit the Create Vanish button.  That generated  this:


This message will self-destruct by Thu, 23 Jul 2009 00:46 GMT.

Use to read this message.



When I hit the Read Vanish Message, my original text appeared.  Pretty cool.

The University of Washington is a hotbed for interesting network-oriented research. Past headlines have included "Botlab keeping an eye on spamming botnets"  and "Open source laptop Lojack system released by university researchers."

Join Bob Brown's massive Twitter following here

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2009 IDG Communications, Inc.