Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Graphics Facebook Privacy Social Networks Technology Your Rights Online

Facebook Images To Get Expiration Date 306

Pickens writes "BBC reports that researchers have created software that gives images an expiration date by tagging them with an encrypted key so that once this date has passed the key stops the images being viewed and copied. Professor Michael Backes, who led development of the X-Pire system, says development work began about 18 months ago as potentially risky patterns of activity on social networks, such as Facebook, showed a pressing need for such a system. 'More and more people are publishing private data to the internet and it's clear that some things can go wrong if it stays there too long,' says Backes. The X-Pire software creates encrypted copies of images and asks those uploading them to give each one an expiration date. Viewing these images requires the free X-Pire browser add-on. When the viewer encounters an encrypted image it sends off a request for a key to unlock it. This key will only be sent, and the image become viewable, if the expiration date has not been passed."
This discussion has been archived. No new comments can be posted.

Facebook Images To Get Expiration Date

Comments Filter:
  • Debunked (Score:5, Insightful)

    by thetagger ( 1057066 ) on Thursday January 20, 2011 @05:01PM (#34944362)

    Slashdot users debunk this scheme as stupid in 5... 4... 3...

    • by Manfre ( 631065 )


    • Re:Debunked (Score:5, Insightful)

      by caffeinemessiah ( 918089 ) on Thursday January 20, 2011 @05:09PM (#34944508) Journal
      This can be debunked quite easily: once an image is decrypted, it is forever decrypted. Alternatively, all I have to do is comment on your post of the image with the key I just downloaded for it while it was still valid. Even more alternatively, I could set up a counter-service to this that stores retrieved keys permanently and hands them out publicly. Unless the service is refreshing the image data every single day with a new key, in which case: (a) they will run out of bandwidth and CPU in a week, (b) they will hit facebook's limits very very soon, and (c) I still have copies of yesterday's encrypted data and yesterday's key.

      Oh yes, and your friends will not be able to see your pictures unless they download a plugin ("huh...what's that??"), and possibly use a specific browser ("huh? why?").

      So yeah, pretty stupid overall. This is another sad attempt at a form of DRM.

      • Re:Debunked (Score:5, Insightful)

        by caffeinemessiah ( 918089 ) on Thursday January 20, 2011 @05:10PM (#34944534) Journal
        I should also add: why not just have a service to delete the image automatically from facebook after N days? Encryption is absolutely not needed here and achieves nothing.
        • Re: (Score:3, Insightful)

          by MoonBuggy ( 611105 )

          That would make an awful lot more sense. I was about to reply to your initial post pointing out that while it may be a poor idea from a technical standpoint, the fact is that 90% of the images wouldn't be cracked and stored, and thus it would prevent them from resurfacing embarrassingly a decade later. If you're trusting the outside service with your pictures anyway, though, they may as well just have a deletion date instead.

          Of course, the truly sensible idea would be for users to be somewhat selective abou

        • by IICV ( 652597 )

          Because if Facebook added that service, this third-party wouldn't be able to tell which pictures you're looking at. I mean, did you think they wouldn't keep track of which IP addresses and which browsers request which image keys?

        • by c ( 8461 )

          This all seems like a lot of work to protect people too stupid to not upload pictures to the Internet that they think might cause them problems later...

        • by SeaFox ( 739806 )

          I should also add: why not just have a service to delete the image automatically from facebook after N days? Encryption is absolutely not needed here and achieves nothing.

          It probably gives them something they can file a patent for that doesn't have prior art existing as a chron job.

          What would make more sense is people deleting images off Facebook themselves after a few days of them being online so all their friends have a chance to see them, or not uploading potentially embarrassing photos to start with?

      • by durrr ( 1316311 )
        Here's an even better solution: Print screen.
      • You're over-thinking it.
        *printscreen* *paste*
      • In fact, someone should create, say, a Greasemonkey script that will look for such postings of "encrypted" images and automatically post the key as a comment (and to your wall as well, so they can't just delete the comment).

        This is just stupid in so, so many ways.

      • Re:Debunked (Score:5, Interesting)

        by vlueboy ( 1799360 ) on Thursday January 20, 2011 @05:39PM (#34944956)

        We would need to wait till HTML5 is here; its built-in magic might suffice to implement a viewer. But then how do they inject that code into facebook so that nobody has to grab the viewer on their own?

        Their Auto-tagger scans faces and asks users for the names of every face it has already framed in your pictures, and FB also does resizing and thumbnailing that clearly know when picture data is *not* what they're parsing after the upload. Facebook also isn't going to let you upload something that's clearly a noisy and corrupted JPEG file.

        They already changed their uploader so it compresses your images before they go out, and all I need is a slashdotter with an FB account to confirm that they can't even start to upload a binary disguised as a JPEG.

        • I just tried, and it worked. (Granted, it wasn't a very good test: I embedded your post, zipped, inside today's featured picture [wikimedia.org], with OutGuess [outguess.org], a JPEG steganography tool.)

          Unfortunately, due to that compression/resizing Facebook performs, the data did not survive (even with OutGuess' ECC option enabled and using Facebook's "download in high resolution" link).
      • (1) Have facebook support user defined expiration dates.
        (2) Have facebook allow a user to subcategorize friends, subcategories would just be a configuration item not a publicly displayed state. Perhaps family, friends and coworkers. You can then tag photos to be only shown to particular subcategories.
    • ...2...1...done! [istartedsomething.com]

    • Agreed.
      Completely idiotic.

      What does this system do that couldn't be solved with an alter table statement to add an expiration date field on photos and a cron job to delete expired ones?
      Who the hell wants to install a browser plugin.
      Hey... 1995 called, it wants its browser plugins back.
      Facebook runs on hundreds (?) of platforms besides a browser.... completely idiotic.

      What the hell does it take to be called a "researcher" these days?

      • Hey... 1995 called, it wants its browser plugins back.

        This, a million times over.

        people need to stop thinking of web apps in terms of "Internet explorer users". people FINALLY moved into the idea that you MIGHT have to support Firefox+IE, but need to stop thinking of the browser as a single platform.

      • by Dunbal ( 464142 ) *

        But - guess what else the browser plugin will be doing...

    • It is a ridiculous idea that will never work. But, it might be fun to use just to piss off Facebook.

    • by osgeek ( 239988 )

      I refuse to even click on a link to an article with that much derp in it.

      The funny thing is that the non-Slashdot crowd will think this is a great idea.

    • Oh come now. This college crew will make a mint off of the same fools that post such indiscretions. A monthly fee to access your images? Brilliant! I'm quite certain no authority will be given access to the keys either... feel free to post all manner of naughtiness!
  • Until... (Score:5, Insightful)

    by MrOctogon ( 865301 ) on Thursday January 20, 2011 @05:01PM (#34944364)
    Cue the plugin which takes a screen capture of the decrypted image and re posts it in its original form. If you can read it you can copy it forever.
    • by Pinback ( 80041 )

      Time for an army of people with screwdrivers to rove the world and steal all the Prnt Scrn keys?

    • That would be true if this were a DRM system, that is, if your adversary were the people you are sharing the image with. The point of the system is to ensure that people who carelessly leave images online will not have to worry about some random future employer stumbling across an embarrassing picture years later -- the service will (presumably) stop giving out the decryption key after the expiration date.

      Of course, this turns the service into a trusted third party, and I strongly doubt that the keys wi
      • Re:Until... (Score:5, Insightful)

        by dgatwood ( 11270 ) on Thursday January 20, 2011 @05:25PM (#34944750) Homepage Journal

        More to the point, it can be solved just as easily if Facebook would:

        • Require users to accept or reject tagging explicitly before a photo tag becomes visible to anyone other than the tagger and the taggee.
        • Expire photos after a reasonable period of time unless the user explicitly confirms that it should remain posted (use notifications).
        • Expire tags in the same fashion.

        More importantly, it fails because:

        • The sorts of people who post pictures of their friends looking like assholes are unlikely to care enough to use a special service that provides expiration.
        • The sorts of people who post pictures of their friends looking like assholes are unlikely to set a short expiration date.
        • The person affected by the tagging is not the person deciding on its expiration.

        The decision about how long I should be tagged in a photo must be my decision, not the decision of the person who posts the photo. Any scheme that does not achieve this goal is completely missing the point.

        • 1. Those are not your friends.
          2. You make bad decisions. (This is based on your choice of "Friends" not the image itself.)
      • that may be the point, but the reality is that it doesn't' work.

      • I think I remember a system that relied on distributed hash tables to accomplish pretty mush the same thing. That will at least remove the central trusted authority problem, but opens itself to a whole other class of attacks as well.
    • Re:Until... (Score:5, Insightful)

      by metrometro ( 1092237 ) on Thursday January 20, 2011 @05:54PM (#34945172)

      I think this misses the point somewhat. Don't we all hate DRM because those schemes are a real bitch for data portability and long term archives? Which is it, then?

      The reason you put a timed kill switch on an archive is not because people in the present will use it in ways you dislike -- if that were true, why create or share it at all? The point is rather to piss off and disrupt the people in the far future who are post-facto digging through archives on you. Internet research hinges on how easy it is to find things. This would probably make it harder to find things that have expired.

      Security exists in an ecosystem. Everything can be broken. But the only questions that matters is will it actually happen most of the time?

  • Cracked! (Score:4, Insightful)

    by clvrmonkey ( 136864 ) on Thursday January 20, 2011 @05:02PM (#34944382)

    I can't quite figure out how they'll stop me from taking a screenshot of the encrypted image.

    • This is the internet where the honor system reigns supreme!

      I kind of like it here in the tubes, and I think I'll stay a while.

    • Re:Cracked! (Score:5, Insightful)

      by Tenek ( 738297 ) on Thursday January 20, 2011 @05:07PM (#34944478)
      That's not the point. You were already allowed to see the image. What it tries to reduce is the ability of someone unrelated to find it n years later. You had to remember to save a copy at the time. Unfortunately, you're probably more likely to do so if it's an interesting picture.

      It's not useless, and it's not perfect. Not a terrible idea though.

      • by mcmonkey ( 96054 )

        It's not useless, and it's not perfect. Not a terrible idea though.

        It is a terrible idea.

        Here's the need: I'm in college. I post crazy college pics for my friends to see while I'm in college. Next year, when I'm graduated and interviewing for jobs, I don't want those pictures available.

        Here's the solution:
        Make the pics private. Make them only available to friends on facebook. Or use some other hosting service with password protection.

        Or even easier--rather than have a service host the keys and promise t

      • If we're not counting a Print Screen or some kind of exported copy as a crack then a much simpler solution would be for Facebook to include a "Expire Image On" feature. Leave the date blank and the image stays forever (or until Facebook is shut down, whichever comes first). But enter a date there and, once that date is reached, the image would be no longer accessible.

        Like the X-Pire service, this would be vulnerable to a Print Screen or some other export system. However, an Expire Image On feature wouldn

    • by johneee ( 626549 )

      On windows I know it can happen. I remember some kind of 'secure' image thing a long time ago ('97?) that could only be viewed inside a plug in, and if you tried to do a print screen, you just got an empty box. I don't know how of course, because even at the time I didn't care enough.

      Perhaps something through Direct3D, since I know you can't do a screen capture of that kind of stuff.

      Anyway, probaby still easy to circumvent, but not necessarily by print screen.

    • I can't quite figure out how they'll stop me from taking a screenshot of the encrypted image.

      One of the satellite photo systems prior to googleEarth wanted to keep their images controlled and did something similar to this. You had to have their plugin to see the images and you had to run javascript to load them, and the javascript did something to disable the print-screen button -- on windows -- and the "save image" option. As I recall, the plugin didn't work on unix/linux so they were protected there.


  • alt-prtscn (Score:3, Funny)

    by Anonymous Coward on Thursday January 20, 2011 @05:02PM (#34944394)

    your feeble encryption is no match for my clipboard.

    • by BobMcD ( 601576 )

      your feeble encryption is no match for my clipboard.

      I came to post the exact same thing.

      Further, why take the photo at all if you're not going to keep it for more than a limited time?

    • It's easy enough to create a loop that checks if the content of the clipboard changes and if so detect if it is a screenshot of the "protected" image and if so change the clipboard to be storing something else.

      Obviously there are other methods that anyone on here could think of but this is facebook we are talking about. I'm not sure some of these people even know what printscreen does.

  • by dmbasso ( 1052166 ) on Thursday January 20, 2011 @05:02PM (#34944398)

    because you can't lock the print screen out, right?

  • Sounds great, but the more interesting/risky/incriminating/etc the picture, the more likely it is that someone's going to keep an unencrypted copy around, no?
    • The real question is, are your friends conniving enough to save embarrassing photos of you on their hard drive, just in case someone years later wants to see it? Employers are not browsing your friends' hard drives; they are, however, browsing your Facebook profile, and they may see all the partying you did in college (or whatever). You may not remember that the pictures are there, especially if you have lots and lots of pictures; your future employer should not stumble across evidence of some long-forgot
      • Of course, in an ideal, or even slightly less idiotic world, the employers might realise that everybody parties and that old picture of a prospective employee doing shots while wearing a toga in no way alters their ability to do the job now.

        • Re:Hmm... (Score:4, Interesting)

          by betterunixthanunix ( 980855 ) on Thursday January 20, 2011 @05:35PM (#34944882)
          Of course, we have plenty of anti-drug propaganda to keep us far from the ideal. A picture of someone taking a bong hit at a party could be reason to be rejected from a job -- there are still places that perform pre-employment drug screenings, last I checked, and photographic evidence of illegal drug use may not go over so well. When we keep telling people that anyone who uses illegal drugs is an unreliable drug abuser who couldn't possibly hold a job, and when we require people to maintain a "drug free workplace" or forfeit government contracts, the idea that employers will forgive some college partying seems a bit far fetched.
        • This!

          I've worked for a number of people in my life: and I've told the ones who would reject an employee based on their youth that happen to be available on the internet to go fuck themselves.

          I'm happy to take a pay cut if it'll change somebodies bad habits. I'm sick and tired of the constant attempts to prevent kids from having fun. Just because you never got to go to parties and get drunk with friends is not a valid reason to not hire people that did.
      • by hitmark ( 640295 )

        If the employer is that anal about off hours activities, it may well be better to not work there in the first place.

    • A simple screen shot means that the picture itself can go viral, even if the person's name is lost in the process. The internet has been kind enough to let most of these people remain anonymous so far. We don't care about the names of drunken college girls, we just like to laugh at and/or ogle them.

      If you have the presence of mind to know that you don't want a future employer seeing the picture, you have the presence of mind not to post it, right? So long as things like this are optional (and they damn well

  • Don't make clients install a plugin. The client is in an unknown state, and most people will just ignore it anyway.

    Instead, target the individual companies ( like facebook, google, shutterfly, ect... ) with this technology.

    • by houghi ( 78078 )

      Those companies are in the business of keeping and selling data and now you ask them to trow away their assets?

    • by Kjella ( 173770 )

      Instead, target the individual companies ( like facebook, google, shutterfly, ect... ) with this technology.

      Except they don't need this silly thing to have an expiration date, they could simply remove the picture. The theory here is that anyone who saves the image will save their encrypted format instead of a normal JPG. The outcome is as expected, people that think they've "backed up" their files from Facebook will lose their pictures and anyone that really wants a copy will take a screenshot and save as PNG. It's like a lock that inconveniences the residents but doesn't keep a single crook out, I'm sure this wi

  • by PatPending ( 953482 ) on Thursday January 20, 2011 @05:05PM (#34944446)
    I wish Facebook would expire... the sooner, the better.
  • by JSBiff ( 87824 ) on Thursday January 20, 2011 @05:09PM (#34944504) Journal

    "tagging" something with an "encryption key" is something which doesn't make a lot of sense. I guess maybe someone would want to search for the file based on the key it was encrypted with? *grin*

    You know an article is quality when stupid crap like that shows up in the very first paragraph. Who do these big media outlets hire to do their sci/tech articles anyhow? Apparently people who haven't got the faintest clue how things work, or how to explain to others how they work. Somehow, they seem to consistently find the absolutely *least qualified* people to write such articles.

  • by seifried ( 12921 ) on Thursday January 20, 2011 @05:09PM (#34944510) Homepage

    Which will result in something like the "X-Pire-copy-to-imgur browser add-on" which automatically decrypts the image and then posts a decrypted copy to imgur or whatever sharing site you want to use.

    Not to mention all the large companies trolling facebook for photos and storing them for later use to provide background check style services/etc.

    Once you post it, a copy has been made, once someone views it, a copy has been made. Those copies are outside your control. Even if you encrypt it, once someone views it, an unencrypted copy has been made, and it's once more out of your control.

  • ...researchers have created software that gives images an expiration date by tagging them with an encrypted key so that once this date has passed the key stops the images being viewed and copied.

    How long shell we wait before some fella creates a tool that copies those photos, backs them up somewhere after removing the so called encryption?

    If they doubt this is possible, they need not look very far. The RIAA [riaa.com] knows a thing or two about this.

  • Flaw #1 that seems to be the focus so far is that you can capture the screen image an make an unencrypted copy. This will only prevent copying by unsophisticated users. (But isn't that exactly who it is for?)

    Flaw #2 concerns me more. It is (one of) the same problem(s) as with most DRM - what happens when this key server goes poof? Now all your images are unreadable.

    • by geekoid ( 135745 )

      1) It's to remove them from specific facebook users. You know, the 18 year old dumb ass that is now out of college and looking for a job? WHen he is 18 it didn't amtter,m now it does. So looking for a Job interview and those pictures are gone when the potential employer is doing 'research'

      2) Yes, thats a problem, but you could beuild this into facebook as a feature.

      Idea? good.
      implementation? bad

    • Flaw #2 concerns me more. It is (one of) the same problem(s) as with most DRM - what happens when this key server goes poof? Now all your images are unreadable.

      So long as they hang around for more than a few months, that's not a flaw, its a feature!

      I can't see it being that much of a problem, it just means its not available online, assuming the user has the original (or a back up) on their computer/phone/etc. so can be re-uploaded if necessary. And if they don't have a back up, worse that will happen is their picture gets removed from internet viewing a bit earlier than they expected, but they were planning on having it removed anyway

  • New Business Model:

    Crawl facebook and other sites which use this technology, grab and decrypt all such images, save them and sell a subscription to them.

    Second Business Model:

    Sell a hacked version of the plugin which allows you to save the image easily.

    Hey, a good percentage of the public seems to think that DRM works, it's no wonder they keep coming up with stupid ideas like this....
  • For those complaining about the technical aspects of this proposal, obviously anyone who views the image before the expiration date can save it forever. The point is that after the expiration date, no new people can download the image if they haven't already. Think about your potential employer downloading drunken pictures of your from a frat party 10 years ago. This scheme would prevent that.

    Now the fact that this requires a 3rd party plugin to work is problematic. It creates a bottleneck, an extra poin
  • Because you know....I install every free plugin that I come across just to view pictures and stuff.

  • Okay... because i can never hit the print screen key or take a picture of whats on the screen with my camera and repost it.

  • *facepalm* (Score:4, Insightful)

    by TheSpoom ( 715771 ) <slashdot@ubeWELTYrm00.net minus author> on Thursday January 20, 2011 @05:22PM (#34944712) Homepage Journal


    This whole concept should be on The Daily WTF.

  • This is just another form of DRM. Instead of keying on payments, it is based on a date, but the premise is the same; it is an unnecessary locking of a file which is trivially defeated (worst case scenario: take a screenshot!) and therefore not worth the annoyance. How about just adding the expiration date to the EXIF [wikipedia.org] (or other meta-) data in existing media formats? Any site (specifically Facebook, MySpace, etc) would then be able to revoke the media based on the expiration date. Adding an expiration fie

  • Just tag an expiration date when you upload the photo, and have a default date.

  • Un-X-Pire (Score:4, Insightful)

    by cforciea ( 1926392 ) on Thursday January 20, 2011 @05:28PM (#34944786)
    I'm ready to start a new service called Un-X-Pire. What you will do is run my browser add-on, which will find X-Pire tagged images, request the decryption key from the X-Pire service, and then cache it the first time it is requested for each image. After that, it will just serve out the decryption key over and over (or, if the decryption does something fancy like swap keys based on current time, it will go ahead and decrypt the image for you by spoofing the time the key was initially first cached as the current system time for the decryption process), and then everybody who uses my plug-in will be able to view the image for the rest of eternity so long as at least one person views it with my plugin before it expires.

    Also, I bet mine takes a lot less time to code than theirs.
  • the fbi will have the unlock key and will be able to bypass this.

  • by goldcd ( 587052 ) on Thursday January 20, 2011 @05:31PM (#34944834) Homepage
    If Facebook actually wanted pictures to have a shelf-life, they could just allow you to add a default date+x when they would be pulled.
    Facebook haven't done this, so I'm guessing they're either a bit short of development cash - or don't want this.

    So, how might this work?
    Well I'm guessing that either it's:
    a brand new file format and the browser requests an external key when the photo display plugin kicks in - so so unlikely to take off, I'll just leave it there.
    it's encrypts the image and embeds in tags so the 'plugin' can detect it's a 'special image' and goes off to find a key to decrypt it.
    Assuming it's the second, it has my interest. Sounds a little bit interesting - but then I start thinking.
    If it's encrypted it's going to have 'look random' - so that's ballsed up the compression ratios of the jpg you uploaded.. and then well most sites tend to compress/thumbnail/crop or a combination of the above... well I don't quite see that working - no it couldn't
    I guess maybe we're onto option C, I've just thought of. You don't upload the image, you upload a QR style pointer to the image - and the browser just inserts that in-line?
    Well, maybe that would work.. but then these researchers just seem to have come up with a way of replacing an <img src= with a graphical pointer..
    Oh and as everybody else has undoubtedly posted whilst I typed this, printsrn.

    Maybe there's a market somewhere for pushing the whole public key encryption seamlessly into "stuff we upload" - to restrict or monitor view - but the problem that's never going to go away is that if one person can open it and wants to share it, then there's no security.
  • by dingen ( 958134 ) on Thursday January 20, 2011 @05:31PM (#34944836)

    development work began about 18 months ago

    18 months to build this seems an awful lot, doesn't it? Ubuntu has released 3 versions in such a period!

  • by kheldan ( 1460303 ) on Thursday January 20, 2011 @05:34PM (#34944864) Journal
    Here's a better idea that won't require any additional plugins or new technology to be created: Don't upload pics to Facebook or any other so-called "social networking" site that you don't want available to the public forever. We'll call this idea "common sense".
  • The problem isn't that people need a way to clear embarrassing information off of the internet, the problem is that they put it up there in the first place. From the time the kindergartener learns his first dirty word and proceeds to tell it to as many people as he possibly can, he will (hopefully) get chastised severely in short order, and learn, from that experience and many more, that there are certain things you simply don't do in polite society if you want to be treated kindly by those you care about.

  • That's right up there with 'How do I stop the email I sent 5 minutes ago?'.

    People (unwashed masses) don't take the time to think about the consequences of exposing themselves on the Internet.. let alone the privacy implications.

    Herd mentality at it's finest... Mooo!

  • Think that the average FB User is not really the most technical or even security conscious person. He will hear "FB now keeps your pictures from circulating". And their reaction will probably be "Ok, then I can upload that pic that I didn't dare to because someone might download it. Now they can't download it and if someone gets it that shouldn't, I'll just retract it".

    I foresee a lot of interesting fallout from this. Hopefully enough to get people aware of the privacy threat FB is.

  • by KnownIssues ( 1612961 ) on Thursday January 20, 2011 @05:55PM (#34945198)
    I am kind of used to Slashdot headlines that exaggerate the original article, but how do you go from a company has made some software that might be useful to social networks *like* Facebook to Facebook is going to get images with expiration dates?
  • So X-pire's servers can track who has viewed which images when? That info could come in handy. Might even have a market value. Perhaps I should set up my own such system.
  • I am unimpressed... (Score:5, Interesting)

    by fuzzyfuzzyfungus ( 1223518 ) on Thursday January 20, 2011 @06:09PM (#34945436) Journal
    This particular "solution" sounds like the result of somebody thinking in a human-shaped problem space, which is psychologically understandable enough; but is a bias you have to get over if you want to get anywhere in tackling internet problems. And that is my best attempt at a charitable interpretation. Worst case, somebody is a dumbass.

    For the sake of charity, we will ignore obvious fuckuperry like "the project runs out of money in three months, and the keyservers go dark, millions of people's pictures(which, being users, they won't have backups of...) get hosed 15 months early" or "the keyserver gets rooted, a relatively small file called 'facebook_camwhores_dont_want_u_to_have_this.zip' appears on every torrent tracker on the wrong side of the tracks and the whole scheme collapses"...

    First, the same psychological biases(excessive time discounting, poor inhibition triggering models, bad stability assumptions) and social processes(booze, peer pressure, etc.) that cause people to post pictures and stuff that they will later come to regret will, almost certainly, cause them to assign incorrect 'blackout dates' to the material they do post. 18 months is like, what, 3 failed attempts at "serious" relationships, a number of booze fueled rebounds, and an ill-advised make-up or two? It is also plenty of time for what you did last summer to appear before school officials, what you did a few semesters back to make the HR snoop's radar, etc. Even in a world of purely human, purely manual, threats, this scheme is going to be minimally effective in protecting the people who need it most(while, at the same time, managing to scotch a bunch of happily-married-high-school-sweethearts who have lousy backup practices).

    Now, where this scheme really falls flat: This is the internet. It is more full of bots and spiders than is sci-fi written for the arachnid audience. Whatever tag or code is used to clue the plug-in in to the need for a decryption key is going to become a de-facto signal for "High probability of being juicy and/or embarassing". Now the bottom-feeding amateur porn sites won't even need humans or machine vision to find cheap filler content... Hell, facebook, and virtually all even slightly shady crawlers will likely fully support this scheme long before Apple approves iPhone support for it(Hey guys, now you can post your pictures to Facebook in a format your friends can't even see! Hooray!)...

    That's the basic problem, right there. If the internet's long memory were confined to some specific location, the simple solution would just be to lean on them legally to provide twilighting tools. Trouble is, the internet's memory is long. And it is distributed across countless entities and jurisdictions. And much of the copying between memory stores is automatic. And records may not exist of a copy operation having occurred. And, with cheaper HDDs, even individual users on cheap laptops are now a formidable chunk of storage. If this scheme ever takes off(doubtful), how long do you think it will be before there exists the following: An OSX application called "iCrawl" that has an excellent UI, costs $20, and crawls and archives the facebook profiles of friends, friends of friends, out up to N levels, 3 competing win32 applications(one trialware, $19.99, with a totally custom widget set, one free, that crashes all the damn time and doesn't work, and one free and more or less functional; but installs a trojan), and a set of python wrappers for unixlike operating systems that make crawling your friends and fetching decryption keys as easy as writing a few scripts?

    Barring the full-blown emergence of the dystopian trusted-computing future, with end-to-end DRM and hunter-seeker drones with worldwide lethal force authorization doing 24/7 traitor tracing, you don't get to time-limit stuff you put in widely accessible places on the internet. Sorry about that.
  • by Keeper Of Keys ( 928206 ) on Friday January 21, 2011 @07:16AM (#34950516) Homepage

    If this could ever actually work - which it can't - I wouldn't want my digital photos to expire anyway. BUT if anybody actually does want this, why doesn't facebook just delete them after the expiry date?

Loose bits sink chips.