Facebook Images To Get Expiration Date

Pickens writes "BBC reports that researchers have created software that gives images an expiration date by tagging them with an encrypted key so that once this date has passed the key stops the images being viewed and copied. Professor Michael Backes, who led development of the X-Pire system, says development work began about 18 months ago as potentially risky patterns of activity on social networks, such as Facebook, showed a pressing need for such a system. 'More and more people are publishing private data to the internet and it's clear that some things can go wrong if it stays there too long,' says Backes. The X-Pire software creates encrypted copies of images and asks those uploading them to give each one an expiration date. Viewing these images requires the free X-Pire browser add-on. When the viewer encounters an encrypted image it sends off a request for a key to unlock it. This key will only be sent, and the image become viewable, if the expiration date has not been passed."

Re:Hmm...

[betterunixthanunix]

Of course, we have plenty of anti-drug propaganda to keep us far from the ideal. A picture of someone taking a bong hit at a party could be reason to be rejected from a job -- there are still places that perform pre-employment drug screenings, last I checked, and photographic evidence of illegal drug use may not go over so well. When we keep telling people that anyone who uses illegal drugs is an unreliable drug abuser who couldn't possibly hold a job, and when we require people to maintain a "drug free workplace" or forfeit government contracts, the idea that employers will forgive some college partying seems a bit far fetched.

Re:Debunked

[vlueboy]

We would need to wait till HTML5 is here; its built-in magic might suffice to implement a viewer. But then how do they inject that code into facebook so that nobody has to grab the viewer on their own?

Their Auto-tagger scans faces and asks users for the names of every face it has already framed in your pictures, and FB also does resizing and thumbnailing that clearly know when picture data is *not* what they're parsing after the upload. Facebook also isn't going to let you upload something that's clearly a noisy and corrupted JPEG file.

They already changed their uploader so it compresses your images before they go out, and all I need is a slashdotter with an FB account to confirm that they can't even start to upload a binary disguised as a JPEG.

I am unimpressed...

[fuzzyfuzzyfungus]

This particular "solution" sounds like the result of somebody thinking in a human-shaped problem space, which is psychologically understandable enough; but is a bias you have to get over if you want to get anywhere in tackling internet problems. And that is my best attempt at a charitable interpretation. Worst case, somebody is a dumbass.

For the sake of charity, we will ignore obvious fuckuperry like "the project runs out of money in three months, and the keyservers go dark, millions of people's pictures(which, being users, they won't have backups of...) get hosed 15 months early" or "the keyserver gets rooted, a relatively small file called 'facebook_camwhores_dont_want_u_to_have_this.zip' appears on every torrent tracker on the wrong side of the tracks and the whole scheme collapses"...

First, the same psychological biases(excessive time discounting, poor inhibition triggering models, bad stability assumptions) and social processes(booze, peer pressure, etc.) that cause people to post pictures and stuff that they will later come to regret will, almost certainly, cause them to assign incorrect 'blackout dates' to the material they do post. 18 months is like, what, 3 failed attempts at "serious" relationships, a number of booze fueled rebounds, and an ill-advised make-up or two? It is also plenty of time for what you did last summer to appear before school officials, what you did a few semesters back to make the HR snoop's radar, etc. Even in a world of purely human, purely manual, threats, this scheme is going to be minimally effective in protecting the people who need it most(while, at the same time, managing to scotch a bunch of happily-married-high-school-sweethearts who have lousy backup practices).

Now, where this scheme really falls flat: This is the internet. It is more full of bots and spiders than is sci-fi written for the arachnid audience. Whatever tag or code is used to clue the plug-in in to the need for a decryption key is going to become a de-facto signal for "High probability of being juicy and/or embarassing". Now the bottom-feeding amateur porn sites won't even need humans or machine vision to find cheap filler content... Hell, facebook, and virtually all even slightly shady crawlers will likely fully support this scheme long before Apple approves iPhone support for it(Hey guys, now you can post your pictures to Facebook in a format your friends can't even see! Hooray!)...

That's the basic problem, right there. If the internet's long memory were confined to some specific location, the simple solution would just be to lean on them legally to provide twilighting tools. Trouble is, the internet's memory is long. And it is distributed across countless entities and jurisdictions. And much of the copying between memory stores is automatic. And records may not exist of a copy operation having occurred. And, with cheaper HDDs, even individual users on cheap laptops are now a formidable chunk of storage. If this scheme ever takes off(doubtful), how long do you think it will be before there exists the following: An OSX application called "iCrawl" that has an excellent UI, costs $20, and crawls and archives the facebook profiles of friends, friends of friends, out up to N levels, 3 competing win32 applications(one trialware, $19.99, with a totally custom widget set, one free, that crashes all the damn time and doesn't work, and one free and more or less functional; but installs a trojan), and a set of python wrappers for unixlike operating systems that make crawling your friends and fetching decryption keys as easy as writing a few scripts?

Barring the full-blown emergence of the dystopian trusted-computing future, with end-to-end DRM and hunter-seeker drones with worldwide lethal force authorization doing 24/7 traitor tracing, you don't get to time-limit stuff you put in widely accessible places on the internet. Sorry about that.