X-pire! - an expiration date for digital data

In recent years there has been a considerable change in the way information is managed. Information which wasn’t subjected to any form of explicit archiving was simply “forgotten” after a while. Many documents, e.g. post-its, were either lost or thrown away and other documents such as reader letters to newspapers, were only accessible via the newspaper archives; images, slides etc simply disappeared in boxes and were forgotten.

Today this is different in many respects: data which has been released in electronic form is often available for an unlimited time period. Data is not only included in search machines or cached but is also saved for eternity in Internet archives. The reason for this development is that today huge amounts of data can be efficiently and automatically searched and also saved long term due to high performance memory space. The result is an “endless memory” which is fed with further private information every second: images are uploaded in social networks and messages written on discussion pages and electronic forums in seconds. However, hardly anyone thinks that this information will still be available in the Internet for anyone to see in years to come. In many cases the resulting problems can be serious. Images, for example, uploaded online by teenagers without a second thought at the time, may cause serious problems in the long term, years later, in job searches etc. as they are still accessible to the public.

Once data has been released it usually cannot be completely deleted. At the moment this leaves users with two options: either they do not reveal anything about themselves or they accept that they have no control over their data. In our increasingly digitally networked world with its many benefits and constraints, in particular in social exchange, it is understandable that users almost always choose the latter due to the lack of a good compromise yet against their wish to be able to control their private data. In brief, there is a lack of such a compromise which enables users control over the expiration of their private data yet, at the same time, also allows them to use the many benefits of social networks.

With X-pire! we present such a compromise which uses a digital expiration date. X-pire! encodes images and links them with an expiration date. These encoded images can be uploaded online, in particular in social networks like Facebook, wer-kennt-wen and Flickr. Once they have reached the expiration date, it is no longer possible to view them; the images have then expired. Although the main area of application of the electronic expiration date is the protection of images, the basic concept of X-pire! is equally suitable for the expiration of other data e.g. blogs, whole websites, e-mails and videos. Below we describe how X-pire! works using specific application examples.

All images the user wants to release are individually coded by the X-pire! software and made accessible in encoded form. The user actually gives an expiration date to the key which was used for this and this is then uploaded on the key server of a trustworthy organization (step (1) in picture 1). The encoded image can then be uploaded on the Internet e.g. in Facebook (step (2) in picture 1).

If someone wants to view the image, the respective key server downloads the necessary key to encode the image via a browser add-on to display X-pire! images, the image is encoded and then displayed (step (3) in picture 1). This process occurs fully automatically in the background and, in comparison to normal viewing of the website, the user does not have to do anything else apart from perhaps solving a CAPTCHA (more on this below). Once the expiration date has been reached, the key will not be given out by the key server and it will no longer be possible to view the image – it has expired.

However, the idea of only displaying the user’s data in encoded form and storing the key on trusted servers does not fully solve the problem. On the one hand an expiration date for images in social networks such as Facebook, wer-kennt-wen and Flickr requires additional functionality as these sites usually change uploaded images before the actual release (renewed JPEG compression) which would damage the encoding. On the other hand, hackers should also be prevented from automatically storing a large number of keys allowing unlimited access to this data. Both these aspects are briefly examined below.

Social networks such as Facebook, wer-kennt-wen and Flickr change uploaded images before they are released with JPEG compression which would fully destroy coding. The result being that no-one would be able to view these images and they would expire immediately, so to speak. X-pire! prevents this happening with a new approach which treats encoding in advance in such a way so that it survives the compression undamaged. In more technical terms, we embed the encoding in the parts of the image which largely survive JPEG compression and use error correcting codes to fully reconstruct the encoding from the released image. This embedding makes it possible to quickly and easily use X-pire! in social networks.

We emphasize at this point that X-pire! (or any other technical solution) is unable to guarantee any expiration if the hacker stores the key of a particular encoded image whilst the image has not expired (or the image in visible form). Such manual duplication of visible images lies in the nature of things and cannot be prevented from a technological viewpoint. In extreme cases, an image could also be photographed whilst it is still visible and then uploaded online again. What X-pire!, in contrast, should prevent (and prevents) is the access of data whose key has already expired. In other words, if an image has not been manually copied before its expiration date and uploaded anew online, X-pire! guarantees its expiration. This is the maximum that can be achieved from a technological viewpoint. We emphasize that automatically compiled archives (in their current form) of the protected images, for example by Google cache, also expire in the same way as the original image. However, it would be technologically possible for the existing fully automatic search and archiving mechanisms to interact with the X-pire! software in such a way which would archive the unprotected visible images. This would clearly constitute a case of compromising customer’s data protection; we doubt that this behavior is thus realistic for the major players in Internet search and archiving. However, X-pire! offers optional protection also for this eventuality which makes such a fully automatic tapping and archiving of the visible images significantly harder. X-pire! does this with so-called CAPTCHAs (small image based puzzles). Users can decide for themselves whether they want to activate CAPTCHAs or not. If these are activated, the result of a CAPTCHA is also given to the key server when downloading the key. The additional user interaction makes the work for the hacker much harder and makes the automatic tapping of a large number of keys more difficult. It is, nonetheless, harder for honest viewers to view the image as they have to solve the CAPTCHA which requires unexpected extra work whilst browsing; thus CAPTCHAs are switched off in the default settings of X-pire!.

Brief conclusion:

Each X-pire! user is able to add a digital expiration date to their images (later also to entire homepages, blogs etc) – individually and in one step. The use of X-pire! prevents negative consequences later on which can often occur many years later due to images inadvertently uploaded online.

X-pire! is of interest to anyone who is worried about their privacy whilst they are active in social networks. Here we focus only on two specific application scenarios of X-pire! for private usage. There is a multitude of additional use cases, e.g., X-pire! offers a convenient possibility to automatically withdraw information after a an explicit period of time that one posts on one’s own web page, etc.

• Younger users (between 12 and 18 years-old) who use social networks in a way which is totally matter of fact for them and central to their life, chat online, arrange to meet and stay in touch. Hereby they don’t usually worry about the way they handle their personal information, in particular uploaded photos. It is especially the worried parents of these young people who have identified this and they can be seen as potential users of X-pire! In this context we believe in an agreement within the family: parents accept that, in today’s world, they cannot exclude their children from social interaction online and, instead, it is agreed that their teenagers only upload images online which have an expiration date of a few weeks. In our opinion this would be a realistic scenario for both sides as the use of X-pire! hardly costs teenagers any extra time.
• Internet users between 18 and 55 years whose interest in the protection of their own personal privacy is based more on daily internet use and the experiences gained here and resulting needs. This group is, similar to the younger people, also regularly active in social networks although private use is also increasingly complemented by professional interest.