Facebook Images To Get Expiration Date

Pickens writes "BBC reports that researchers have created software that gives images an expiration date by tagging them with an encrypted key so that once this date has passed the key stops the images being viewed and copied. Professor Michael Backes, who led development of the X-Pire system, says development work began about 18 months ago as potentially risky patterns of activity on social networks, such as Facebook, showed a pressing need for such a system. 'More and more people are publishing private data to the internet and it's clear that some things can go wrong if it stays there too long,' says Backes. The X-Pire software creates encrypted copies of images and asks those uploading them to give each one an expiration date. Viewing these images requires the free X-Pire browser add-on. When the viewer encounters an encrypted image it sends off a request for a key to unlock it. This key will only be sent, and the image become viewable, if the expiration date has not been passed."

Debunked

[thetagger]

Slashdot users debunk this scheme as stupid in 5... 4... 3...

Until...

[MrOctogon]

Cue the plugin which takes a screen capture of the decrypted image and re posts it in its original form. If you can read it you can copy it forever.

Cracked!

[clvrmonkey]

I can't quite figure out how they'll stop me from taking a screenshot of the encrypted image.

no pictures for linux users...

[dmbasso]

because you can't lock the print screen out, right?

I wish Facebook would expire

[PatPending]

I wish Facebook would expire... the sooner, the better.

Re:Cracked!

[Tenek]

That's not the point. You were already allowed to see the image. What it tries to reduce is the ability of someone unrelated to find it n years later. You had to remember to save a copy at the time. Unfortunately, you're probably more likely to do so if it's an interesting picture.

It's not useless, and it's not perfect. Not a terrible idea though.

Re:Debunked

[caffeinemessiah]

This can be debunked quite easily: once an image is decrypted, it is forever decrypted. Alternatively, all I have to do is comment on your post of the image with the key I just downloaded for it while it was still valid. Even more alternatively, I could set up a counter-service to this that stores retrieved keys permanently and hands them out publicly. Unless the service is refreshing the image data every single day with a new key, in which case: (a) they will run out of bandwidth and CPU in a week, (b) they will hit facebook's limits very very soon, and (c) I still have copies of yesterday's encrypted data and yesterday's key.

Oh yes, and your friends will not be able to see your pictures unless they download a plugin ("huh...what's that??"), and possibly use a specific browser ("huh? why?").

So yeah, pretty stupid overall. This is another sad attempt at a form of DRM.

X-Pire-copy-to-imgur browser add-on

[seifried]

Which will result in something like the "X-Pire-copy-to-imgur browser add-on" which automatically decrypts the image and then posts a decrypted copy to imgur or whatever sharing site you want to use.

Not to mention all the large companies trolling facebook for photos and storing them for later use to provide background check style services/etc.

Once you post it, a copy has been made, once someone views it, a copy has been made. Those copies are outside your control. Even if you encrypt it, once someone views it, an unencrypted copy has been made, and it's once more out of your control.

Re:Debunked

[caffeinemessiah]

I should also add: why not just have a service to delete the image automatically from facebook after N days? Encryption is absolutely not needed here and achieves nothing.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Debunked

[kaizendojo]

Here's an even BETTER better solution. How about people start acting like thinking beings and use their heads before posting instead of expecting the government or some technology nanny state to clean up after them.

*facepalm*

[TheSpoom]

*facepalm*

This whole concept should be on The Daily WTF.

Re:Until...

[dgatwood]

More to the point, it can be solved just as easily if Facebook would:

• Require users to accept or reject tagging explicitly before a photo tag becomes visible to anyone other than the tagger and the taggee.
• Expire photos after a reasonable period of time unless the user explicitly confirms that it should remain posted (use notifications).
• Expire tags in the same fashion.

More importantly, it fails because:

• The sorts of people who post pictures of their friends looking like assholes are unlikely to care enough to use a special service that provides expiration.
• The sorts of people who post pictures of their friends looking like assholes are unlikely to set a short expiration date.
• The person affected by the tagging is not the person deciding on its expiration.

The decision about how long I should be tagged in a photo must be my decision, not the decision of the person who posts the photo. Any scheme that does not achieve this goal is completely missing the point.

Un-X-Pire

[cforciea]

I'm ready to start a new service called Un-X-Pire. What you will do is run my browser add-on, which will find X-Pire tagged images, request the decryption key from the X-Pire service, and then cache it the first time it is requested for each image. After that, it will just serve out the decryption key over and over (or, if the decryption does something fancy like swap keys based on current time, it will go ahead and decrypt the image for you by spoofing the time the key was initially first cached as the current system time for the decryption process), and then everybody who uses my plug-in will be able to view the image for the rest of eternity so long as at least one person views it with my plugin before it expires.

Also, I bet mine takes a lot less time to code than theirs.

Re:Debunked

[natehoy]

My thought exactly. They needed 18 months to develop this and didn't even come up with the fact that their solution is significantly inferior to the most obvious solution?

So close... :)

Deleting the image from Facebook is forever, if you trust Facebook. If you don't trust Facebook, then you might as well assume they are using a scripting tool to crank through the encrypted images as soon as they are posted and taking an unencrypted copy for themselves.

This allows easy copying until the image is expired, and in a week there'll be a deXPire on every Linux repository that will ensure easy copying after the image is expired. Deleting the image makes it unavailable for everyone who hasn't already made a copy. "X-Piring" the image makes it and all other "expired" images available to anyone who wants to go to the trouble of "apt-get install deXPire-mozilla-plugin".

Re:Until...

[betterunixthanunix]

Why would you claim someone is not the brightest of applicants, just because they partied when they were in college? That is exactly the sort of attitude that created this problem in the first place: employers who have this notion that anyone who doesn't conform to the ideal defined by US government propaganda is somehow less desirable. Why does it matter to you that an applicant to whatever sort of job you might employ them for smoked pot when they were in college? Why would you go digging through someone's Facebook profile to find evidence of what sort of partying they did in college?

Re:Until...

[metrometro]

I think this misses the point somewhat. Don't we all hate DRM because those schemes are a real bitch for data portability and long term archives? Which is it, then?

The reason you put a timed kill switch on an archive is not because people in the present will use it in ways you dislike -- if that were true, why create or share it at all? The point is rather to piss off and disrupt the people in the far future who are post-facto digging through archives on you. Internet research hinges on how easy it is to find things. This would probably make it harder to find things that have expired.

Security exists in an ecosystem. Everything can be broken. But the only questions that matters is will it actually happen most of the time?

NEWS! Slashdot Title Wrong

[KnownIssues]

I am kind of used to Slashdot headlines that exaggerate the original article, but how do you go from a company has made some software that might be useful to social networks *like* Facebook to Facebook is going to get images with expiration dates?