A group of students at the University of Washington have developed a system called Vanish that aims to give people the ability to make messages in e-mail and other social media the ability to self-destruct (vanish) after a set period of time. The system does this by encrypting this message with an encryption key that is uploaded in several parts to a P2P-style distributed network that is configured to automatically destruct the key after a while, making recovery of the plaintext impossible (improbable).

The weakness here lies in the facts that a) anyone can convert the ciphertext to plaintext, even Google/Facebook should they choose to do so and b) it implies trust in the distributed network it utilizes.

Regarding a), if Google, Facebook (or any other site for that matter) wishes to retain your message for future use, it would be trivial to write an application that detects when users upload Vanish'd text, convert it to plaintext and then store it. Any other user overseeing the ciphertext could also do this. If one does not accept this as a point of fallacy, one must also forfeit the need for Vanish in itself: By using it, you are highlighting otherwise plain information as being sensitive and drawing attention to it, thereby undermining the purpose of the system. In addition, if one choses to argue the need for this system, one must also accept that this need arises from the fact that social networking sites wants or seeks to retain your information for future use. If we accept this then we must also accept that the site may employ any mean to achieve this goal, part of this being the timely decryption and storing of the plaintext message.

In regard to b): Trust on this scale is very difficult. As I mentioned earlier, the use of such a tool draws attention to your message, and the creators of these tools might (now or in the future) be inclined to create backdoors or ways to recover outdated messages. The fact that the system is distributed makes this even more complicated. One would have to assume that such a tool would be primarily used for sensitive information, and again this might incline either the operator of the network or government agencies to seek access to this data. In addition, there is no reason to trust this network any more than you should trust a porn site asking for your credit card number: We know nothing about the people or organizations behind either, and it is unlikely that there will be an independent review from a credible source to support it.

I guess that the bottom line of my post is essentially that this product renders itself useless.