Saturday, July 25, 2009

Digital Breadcrumb Eradicator - Maybe, Maybe Not.

Disappearing ink.Image by WillBurton2 via Flickr
I am always skeptical when anyone makes a claim about making data disappear.

University of Washington researchers have developed a tool that will make some data you send to another party disappear after a specified time period.

This article will self-destruct: A tool to make online personal data vanish 

"Computers have made it virtually impossible to leave the past behind. College Facebook posts or pictures can resurface during a job interview. A lost cell phone can expose personal photos or text messages. A legal investigation can subpoena the entire contents of a home or work computer, uncovering incriminating, inconvenient or just embarrassing details from the past. 

The University of Washington has developed a way to make such information expire. After a set time period, electronic communications such as e-mail, Facebook posts and chat messages would automatically self-destruct, becoming irretrievable from all Web sites, inboxes, outboxes, backup sites and home computers. Not even the sender could retrieve them."

 I would be happy to take on that challenge.  Send me a computer hard drive where someone has been using this new tool and I would be willing to bet lunch I could get back at least some of the messages.

I see it all the time where someone thinks they have protected themselves by turning off their chat logging or using on-line email programs and various other means of "hiding" their messaging activities.

Even if you are using this system, for a time, the text is going to be in the clear prior to encryption on the sending system, and it will be in the clear after decryption on the receiving system.

I think I will have one of my interns use Vanish for a couple of weeks and see what I can retrieve forensically from the hard drive.

I will post the results of that experiment in a couple of weeks.

In the meantime, I can see how this new tool, used in a certain way, could make it virutally impossible to recover messages sent between parties.  As always, an advancement like this for on-line privacy becomes a boon for those who wish to hide their activities for nefarious reasons, such as terrorists and criminals.

Every tool can be used for good or bad or neutral purposes.  That is the nature of the beast in computer security.

Some additional links to articles about Vanish:

Reblog this post [with Zemanta]

No comments:

Post a Comment

I have moderated my comments due to spam.