Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Facebook Images To Get Expiration Date

timothy posted more than 2 years ago | from the reducing-the-awkward-moments dept.

Graphics 306

Pickens writes "BBC reports that researchers have created software that gives images an expiration date by tagging them with an encrypted key so that once this date has passed the key stops the images being viewed and copied. Professor Michael Backes, who led development of the X-Pire system, says development work began about 18 months ago as potentially risky patterns of activity on social networks, such as Facebook, showed a pressing need for such a system. 'More and more people are publishing private data to the internet and it's clear that some things can go wrong if it stays there too long,' says Backes. The X-Pire software creates encrypted copies of images and asks those uploading them to give each one an expiration date. Viewing these images requires the free X-Pire browser add-on. When the viewer encounters an encrypted image it sends off a request for a key to unlock it. This key will only be sent, and the image become viewable, if the expiration date has not been passed."

cancel ×


Sorry! There are no comments related to the filter you selected.

Debunked (5, Insightful)

thetagger (1057066) | more than 2 years ago | (#34944362)

Slashdot users debunk this scheme as stupid in 5... 4... 3...

Re:Debunked (1)

Manfre (631065) | more than 2 years ago | (#34944438)


Re:Debunked (5, Insightful)

caffeinemessiah (918089) | more than 2 years ago | (#34944508)

This can be debunked quite easily: once an image is decrypted, it is forever decrypted. Alternatively, all I have to do is comment on your post of the image with the key I just downloaded for it while it was still valid. Even more alternatively, I could set up a counter-service to this that stores retrieved keys permanently and hands them out publicly. Unless the service is refreshing the image data every single day with a new key, in which case: (a) they will run out of bandwidth and CPU in a week, (b) they will hit facebook's limits very very soon, and (c) I still have copies of yesterday's encrypted data and yesterday's key.

Oh yes, and your friends will not be able to see your pictures unless they download a plugin ("huh...what's that??"), and possibly use a specific browser ("huh? why?").

So yeah, pretty stupid overall. This is another sad attempt at a form of DRM.

Re:Debunked (5, Insightful)

caffeinemessiah (918089) | more than 2 years ago | (#34944534)

I should also add: why not just have a service to delete the image automatically from facebook after N days? Encryption is absolutely not needed here and achieves nothing.

Re:Debunked (1)

Anonymous Coward | more than 2 years ago | (#34944600)

It'd make sense.

With their current privacy policy, they'd do something like put your phone number and the original file name on a black background with white text, and a line below it telling people to contact you to get a copy of the image. Or the default time for the image to persist would best be measured in generations, and apps would have free access to the images even when they are expired.

Re:Debunked (0)

Anonymous Coward | more than 2 years ago | (#34944636)

My thought exactly. They needed 18 months to develop this and didn't even come up with the fact that their solution is equivalent to the most obvious solution?

Re:Debunked (4, Insightful)

natehoy (1608657) | more than 2 years ago | (#34944788)

My thought exactly. They needed 18 months to develop this and didn't even come up with the fact that their solution is significantly inferior to the most obvious solution?

So close... :)

Deleting the image from Facebook is forever, if you trust Facebook. If you don't trust Facebook, then you might as well assume they are using a scripting tool to crank through the encrypted images as soon as they are posted and taking an unencrypted copy for themselves.

This allows easy copying until the image is expired, and in a week there'll be a deXPire on every Linux repository that will ensure easy copying after the image is expired. Deleting the image makes it unavailable for everyone who hasn't already made a copy. "X-Piring" the image makes it and all other "expired" images available to anyone who wants to go to the trouble of "apt-get install deXPire-mozilla-plugin".

Re:Debunked (2, Insightful)

MoonBuggy (611105) | more than 2 years ago | (#34944656)

That would make an awful lot more sense. I was about to reply to your initial post pointing out that while it may be a poor idea from a technical standpoint, the fact is that 90% of the images wouldn't be cracked and stored, and thus it would prevent them from resurfacing embarrassingly a decade later. If you're trusting the outside service with your pictures anyway, though, they may as well just have a deletion date instead.

Of course, the truly sensible idea would be for users to be somewhat selective about what they upload, on the one hand, and for people in general to accept that we've all done stupid shit, someone will probably find out eventually, and everybody should just get over it, on the other.

Re:Debunked (1)

natehoy (1608657) | more than 2 years ago | (#34944840)

the fact is that 90% of the images wouldn't be cracked and stored,

No, but they'll still be stored, and can easily be cracked later.

If this comes out, I predict that someone will release an alternative plugin that is freely available, decrypts all images, uses less resources, has fewer licensing issues, and just happens to ignore the expiration date. "deXPire", anyone?

The first image goes up, and the race is on. My money's on the cracking community. MPAA's spent a shitload of money trying to defeat them, as has RIAA, and Sony, and many others. It's a race they can't win. But it's cute to watch them scurry around and try.

Re:Debunked (1)

durrr (1316311) | more than 2 years ago | (#34944556)

Here's an even better solution: Print screen.

Re:Debunked (0)

Anonymous Coward | more than 2 years ago | (#34944624)

Yes, in KDE the PrtSc button opens up KSnapShot. In Windows, ctrl-PrtSc copies the screen to memory for pasting in any image editing program.

Re:Debunked (1, Insightful)

kaizendojo (956951) | more than 2 years ago | (#34944702)

Here's an even BETTER better solution. How about people start acting like thinking beings and use their heads before posting instead of expecting the government or some technology nanny state to clean up after them.

Re:Debunked (1)

scot4875 (542869) | more than 2 years ago | (#34944874)

How on Earth do you get from the topic at hand to government or "technology nanny state"? Paranoid much?


Re:Debunked (1)

Dishevel (1105119) | more than 2 years ago | (#34944884)

I kind of like having a quick and easy way to identify the terminally stupid.

Re:Debunked (1)

calmofthestorm (1344385) | more than 2 years ago | (#34944894)

"Every young person one day will be entitled automatically to change his or her name on reaching adulthood in order to disown youthful hijinks stored on their friends’ social media sites."
-- Eric Schmidt

Re:Debunked (0)

Anonymous Coward | more than 2 years ago | (#34944714)

Forget those, how are you going to get everyone to use your shitty plugin?

Re:Debunked (1)

SuricouRaven (1897204) | more than 2 years ago | (#34944740)

You're over-thinking it.
*printscreen* *paste*

Re:Debunked (1)

TheSpoom (715771) | more than 2 years ago | (#34944762)

In fact, someone should create, say, a Greasemonkey script that will look for such postings of "encrypted" images and automatically post the key as a comment (and to your wall as well, so they can't just delete the comment).

This is just stupid in so, so many ways.

Re:Debunked (0)

Anonymous Coward | more than 2 years ago | (#34944572)

we're not going to debunk it. it's hard enough to be understandable without the shift key; now you want to dmca-forbid our printscreen button too?

Re:Debunked (0)

Anonymous Coward | more than 2 years ago | (#34944630)

Although, this only seems like another failed attempt of enforcing some sort of DRM on images. I'd assume that the plugin tries to disable activities like print, or print-screen, or the sort. Which leads probably to another plugin called X-pirated software or the like.

Re:Debunked (1)

Weaselmancer (533834) | more than 2 years ago | (#34944856)

...2...1...done! []

Re:Debunked (1)

FunkyELF (609131) | more than 2 years ago | (#34944896)

Completely idiotic.

What does this system do that couldn't be solved with an alter table statement to add an expiration date field on photos and a cron job to delete expired ones?
Who the hell wants to install a browser plugin.
Hey... 1995 called, it wants its browser plugins back.
Facebook runs on hundreds (?) of platforms besides a browser.... completely idiotic.

What the hell does it take to be called a "researcher" these days?

Until... (5, Insightful)

MrOctogon (865301) | more than 2 years ago | (#34944364)

Cue the plugin which takes a screen capture of the decrypted image and re posts it in its original form. If you can read it you can copy it forever.

Re:Until... (2)

Pinback (80041) | more than 2 years ago | (#34944548)

Time for an army of people with screwdrivers to rove the world and steal all the Prnt Scrn keys?

Re:Until... (1)

betterunixthanunix (980855) | more than 2 years ago | (#34944570)

That would be true if this were a DRM system, that is, if your adversary were the people you are sharing the image with. The point of the system is to ensure that people who carelessly leave images online will not have to worry about some random future employer stumbling across an embarrassing picture years later -- the service will (presumably) stop giving out the decryption key after the expiration date.

Of course, this turns the service into a trusted third party, and I strongly doubt that the keys will actually be deleted from their database; more likely, the keys will be kept just in case law enforcement asks for them. It is not a perfect system, it is just meant to chip away at the problem.

Re:Until... (0)

Anonymous Coward | more than 2 years ago | (#34944696)

And it also helps people monetize images by offering an enforcable (but circumventable) micro-payment scheme. All these stock image sites will be able to charge per thousand viewers. It'll increase the cost of running websites which gets passed on to end users. They also get the hassle of a DRM-encrusted format that requires a net connection to 'authenticate'.

Re:Until... (4, Insightful)

dgatwood (11270) | more than 2 years ago | (#34944750)

More to the point, it can be solved just as easily if Facebook would:

  • Require users to accept or reject tagging explicitly before a photo tag becomes visible to anyone other than the tagger and the taggee.
  • Expire photos after a reasonable period of time unless the user explicitly confirms that it should remain posted (use notifications).
  • Expire tags in the same fashion.

More importantly, it fails because:

  • The sorts of people who post pictures of their friends looking like assholes are unlikely to care enough to use a special service that provides expiration.
  • The sorts of people who post pictures of their friends looking like assholes are unlikely to set a short expiration date.
  • The person affected by the tagging is not the person deciding on its expiration.

The decision about how long I should be tagged in a photo must be my decision, not the decision of the person who posts the photo. Any scheme that does not achieve this goal is completely missing the point.

Re:Until... (1)

poetmatt (793785) | more than 2 years ago | (#34944804)

that may be the point, but the reality is that it doesn't' work.

Re:Until... (2)

MrOctogon (865301) | more than 2 years ago | (#34944878)

I think I remember a system that relied on distributed hash tables to accomplish pretty mush the same thing. That will at least remove the central trusted authority problem, but opens itself to a whole other class of attacks as well.

Goes Nowhere (0)

Anonymous Coward | more than 2 years ago | (#34944368)

And no one will use it cause most people are to stupid to be able to install a plugin.

Re:Goes Nowhere (1)

SlashDotDotDot (1356809) | more than 2 years ago | (#34944588)

No one will use it because:

A. The people posting the pictures don't care (at least at the time they are posting them)
B. Facebook doesn't want it to work and they have the power to stop it by not allowing encrypted pictures. (If they wanted this feature, they would just provide it themselves by removing the content on a given date.)
C. Even if posters cared enough to use this system, no one would be able to see their pictures because

most people are to stupid to be able to install a plugin

and posters want people to see their pictures (which is why they are posting them online)
D. It is too easy to circumvent

Print Screen (1)

Anonymous Coward | more than 2 years ago | (#34944372)

Now your expiration date doesn't matter.

Cracked! (4, Insightful)

clvrmonkey (136864) | more than 2 years ago | (#34944382)

I can't quite figure out how they'll stop me from taking a screenshot of the encrypted image.

Re:Cracked! (1)

I8TheWorm (645702) | more than 2 years ago | (#34944476)

This is the internet where the honor system reigns supreme!

I kind of like it here in the tubes, and I think I'll stay a while.

Re:Cracked! (4, Insightful)

Tenek (738297) | more than 2 years ago | (#34944478)

That's not the point. You were already allowed to see the image. What it tries to reduce is the ability of someone unrelated to find it n years later. You had to remember to save a copy at the time. Unfortunately, you're probably more likely to do so if it's an interesting picture.

It's not useless, and it's not perfect. Not a terrible idea though.

Re:Cracked! (1)

mcmonkey (96054) | more than 2 years ago | (#34944780)

It's not useless, and it's not perfect. Not a terrible idea though.

It is a terrible idea.

Here's the need: I'm in college. I post crazy college pics for my friends to see while I'm in college. Next year, when I'm graduated and interviewing for jobs, I don't want those pictures available.

Here's the solution:
Make the pics private. Make them only available to friends on facebook. Or use some other hosting service with password protection.

Or even easier--rather than have a service host the keys and promise to destroy the key when you want the image to expire, why not just host the pics with a service that promises to destroy the pics when they expire?

It's terrible because it's needlessly complex.

I could come up with a scheme for car registrations where a code is affixed to the license plate. Then traffic police can access a data-driven 3-tier client-server web 2.0 interactive site where they can look up the code and see if that car's registration is current.

We'll even provide scanners with OCR to read the license plate and look up the code.

Or the state can send out stickers with the registration year, people put the stickers on their plates, and cops just read the stickers.

I won't dismiss the technology completely. There may be some use for the system.

But in this case, instead of encrypting the pics and storing the decryption key for a limited time and requiring the use of a plug in, why not just host the pics for a limited time, no plug in required?

Re:Cracked! (1)

johneee (626549) | more than 2 years ago | (#34944850)

On windows I know it can happen. I remember some kind of 'secure' image thing a long time ago ('97?) that could only be viewed inside a plug in, and if you tried to do a print screen, you just got an empty box. I don't know how of course, because even at the time I didn't care enough.

Perhaps something through Direct3D, since I know you can't do a screen capture of that kind of stuff.

Anyway, probaby still easy to circumvent, but not necessarily by print screen.

crap (1)

z-j-y (1056250) | more than 2 years ago | (#34944392)

this thing takes 18 month?

and this crap is so retarded and useless it's not worthy of any discussion. dump it directly into toilet!

your government scientists hard at work.

Re:crap (1)

HarrySquatter (1698416) | more than 2 years ago | (#34944500)

Yeah, exactly what took 18 months to develop a system that encrypts a picture and sends out encryption keys upon request? That sounds like something that could be set up in a matter of weeks at most.

Re:crap (1)

skids (119237) | more than 2 years ago | (#34944688)

Well, maybe you and I could, but you're not a "researcher" now are you? So what good would it be?

Seriously, does the "researcher" job come with a pay raise? If so how does one become a "researcher" so that any random coding/QA stint counts as "research" and is thus both news and (probably) patent worthy?

alt-prtscn (3, Funny)

Anonymous Coward | more than 2 years ago | (#34944394)

your feeble encryption is no match for my clipboard.

Re:alt-prtscn (1)

BobMcD (601576) | more than 2 years ago | (#34944448)

your feeble encryption is no match for my clipboard.

I came to post the exact same thing.

Further, why take the photo at all if you're not going to keep it for more than a limited time?

Re:alt-prtscn (1)

igreaterthanu (1942456) | more than 2 years ago | (#34944594)

It's easy enough to create a loop that checks if the content of the clipboard changes and if so detect if it is a screenshot of the "protected" image and if so change the clipboard to be storing something else.

Obviously there are other methods that anyone on here could think of but this is facebook we are talking about. I'm not sure some of these people even know what printscreen does.

Re:alt-prtscn (1)

h4rr4r (612664) | more than 2 years ago | (#34944658)

My print screen goes right to a file.

no pictures for linux users... (5, Insightful)

dmbasso (1052166) | more than 2 years ago | (#34944398)

because you can't lock the print screen out, right?

Hmm... (1)

Tenek (738297) | more than 2 years ago | (#34944418)

Sounds great, but the more interesting/risky/incriminating/etc the picture, the more likely it is that someone's going to keep an unencrypted copy around, no?

Re:Hmm... (1)

betterunixthanunix (980855) | more than 2 years ago | (#34944644)

The real question is, are your friends conniving enough to save embarrassing photos of you on their hard drive, just in case someone years later wants to see it? Employers are not browsing your friends' hard drives; they are, however, browsing your Facebook profile, and they may see all the partying you did in college (or whatever). You may not remember that the pictures are there, especially if you have lots and lots of pictures; your future employer should not stumble across evidence of some long-forgotten party.

Of course, your friends might still post pictures on their own profiles, without encryption. The system is far from perfect.

Re:Hmm... (1)

MoonBuggy (611105) | more than 2 years ago | (#34944758)

Of course, in an ideal, or even slightly less idiotic world, the employers might realise that everybody parties and that old picture of a prospective employee doing shots while wearing a toga in no way alters their ability to do the job now.

Re:Hmm... (3, Interesting)

betterunixthanunix (980855) | more than 2 years ago | (#34944882)

Of course, we have plenty of anti-drug propaganda to keep us far from the ideal. A picture of someone taking a bong hit at a party could be reason to be rejected from a job -- there are still places that perform pre-employment drug screenings, last I checked, and photographic evidence of illegal drug use may not go over so well. When we keep telling people that anyone who uses illegal drugs is an unreliable drug abuser who couldn't possibly hold a job, and when we require people to maintain a "drug free workplace" or forfeit government contracts, the idea that employers will forgive some college partying seems a bit far fetched.

Re:Hmm... (2)

hitmark (640295) | more than 2 years ago | (#34944842)

If the employer is that anal about off hours activities, it may well be better to not work there in the first place.

Re:Hmm... (1)

PFI_Optix (936301) | more than 2 years ago | (#34944770)

A simple screen shot means that the picture itself can go viral, even if the person's name is lost in the process. The internet has been kind enough to let most of these people remain anonymous so far. We don't care about the names of drunken college girls, we just like to laugh at and/or ogle them.

If you have the presence of mind to know that you don't want a future employer seeing the picture, you have the presence of mind not to post it, right? So long as things like this are optional (and they damn well better remain so) they will remain unused by the very people who they would benefit: the stupid.

Interesting, but implementation is false (1)

grasshoppa (657393) | more than 2 years ago | (#34944426)

Don't make clients install a plugin. The client is in an unknown state, and most people will just ignore it anyway.

Instead, target the individual companies ( like facebook, google, shutterfly, ect... ) with this technology.

Re:Interesting, but implementation is false (1)

houghi (78078) | more than 2 years ago | (#34944518)

Those companies are in the business of keeping and selling data and now you ask them to trow away their assets?

Re:Interesting, but implementation is false (0)

Anonymous Coward | more than 2 years ago | (#34944544)

and then what ? they (fb,google etc) will never show the image ? You can't make copies of images off ? how will this work ? (Hint: It wont....)

Re:Interesting, but implementation is false (1)

Kjella (173770) | more than 2 years ago | (#34944682)

Instead, target the individual companies ( like facebook, google, shutterfly, ect... ) with this technology.

Except they don't need this silly thing to have an expiration date, they could simply remove the picture. The theory here is that anyone who saves the image will save their encrypted format instead of a normal JPG. The outcome is as expected, people that think they've "backed up" their files from Facebook will lose their pictures and anyone that really wants a copy will take a screenshot and save as PNG. It's like a lock that inconveniences the residents but doesn't keep a single crook out, I'm sure this will fly like a dodo with cement shoes.

read (0)

Anonymous Coward | more than 2 years ago | (#34944442)

if you can read it you can copy it, if you can copy it you are creating a new version with your own options.....

assume here you are encypting images and creating a 'new' file and whether or not you can read it is totally in the hands of X-Pire software, assuming the company doesn't muck it all up due to incompetence the problem is it introduces 'hassle' and people are lazy.

I wish Facebook would expire (5, Insightful)

PatPending (953482) | more than 2 years ago | (#34944446)

I wish Facebook would expire... the sooner, the better.

Re:I wish Facebook would expire (5, Funny)

Anonymous Coward | more than 2 years ago | (#34944626)

Anonymous Coward likes this

LAME!!! (1)

mschaffer (97223) | more than 2 years ago | (#34944456)

OMG, I just don't know where to start with how lame this is.

You are being shortsighted (1)

lvangool (1393983) | more than 2 years ago | (#34944482)

It's all about 'unfortunate' stuff that keeps on strolling around the interweb 15 years later. It's about careers and marriages. Of course it will not prevent anyone from saving the images and keeping them for future reference, but how do you decide now who will be the president in 2030? This could prevent a lot of shame because we won't value a shameful picture of someone who has yet to become famous.

Re:You are being shortsighted (2)

O'Nazareth (1203258) | more than 2 years ago | (#34944568)

We will just get used to this. One day, we will have to accept that nobody is perfect anyway.

Re:You are being shortsighted (1)

PFI_Optix (936301) | more than 2 years ago | (#34944792)

Yes, because our society seems to be placing LESS value on embarrassing celebrities or looking perfect.

Re:You are being shortsighted (0)

Anonymous Coward | more than 2 years ago | (#34944628)

Or... you can just not upload potentially "shameful" pictures of yourself to the internet in the first place. And if it's your friends doing the uploading of your likeness that can have such future, damning effects, perhaps a change in company is in order...

Re:You are being shortsighted (1)

natehoy (1608657) | more than 2 years ago | (#34944670)

And you think someone in 2030 won't be able to break 2010 encryption with their pocketknife?

If the image is out there, it's viewable. After it expires, unless you remove it from the web site it's on, it's still viewable and with very little effort. If you've removed it from the web site it's on, then expiring it has no value.

MPAA can't keep an encryption scheme secure for more than a month, what chance do you think a browser plugin will have after 15 months? 15 years? C'mon, there'll be an tool akin to DeCSS for it in a week.

won't work. (1)

phillipsjk256 (1003466) | more than 2 years ago | (#34944488)

Anti-copying mechanisms only work in soft science fiction like Star Trek (Transporters have strong anti-copy technology, as do the holodecks).

If the legions on Slashdot can support or disprove that claim, you would be doing me a favour.

Hint: We already know it doesn't work in the "real world" : []

More great science/tech reporting. . . (2)

JSBiff (87824) | more than 2 years ago | (#34944504)

"tagging" something with an "encryption key" is something which doesn't make a lot of sense. I guess maybe someone would want to search for the file based on the key it was encrypted with? *grin*

You know an article is quality when stupid crap like that shows up in the very first paragraph. Who do these big media outlets hire to do their sci/tech articles anyhow? Apparently people who haven't got the faintest clue how things work, or how to explain to others how they work. Somehow, they seem to consistently find the absolutely *least qualified* people to write such articles.

X-Pire-copy-to-imgur browser add-on (4, Insightful)

seifried (12921) | more than 2 years ago | (#34944510)

Which will result in something like the "X-Pire-copy-to-imgur browser add-on" which automatically decrypts the image and then posts a decrypted copy to imgur or whatever sharing site you want to use.

Not to mention all the large companies trolling facebook for photos and storing them for later use to provide background check style services/etc.

Once you post it, a copy has been made, once someone views it, a copy has been made. Those copies are outside your control. Even if you encrypt it, once someone views it, an unencrypted copy has been made, and it's once more out of your control.

Re:X-Pire-copy-to-imgur browser add-on (1)

neoform (551705) | more than 2 years ago | (#34944738)

CMD-SHIFT-4 *yoink*

Sadly, it's a total waste of time (1)

bogaboga (793279) | more than 2 years ago | (#34944514)

...researchers have created software that gives images an expiration date by tagging them with an encrypted key so that once this date has passed the key stops the images being viewed and copied.

How long shell we wait before some fella creates a tool that copies those photos, backs them up somewhere after removing the so called encryption?

If they doubt this is possible, they need not look very far. The RIAA [] knows a thing or two about this.

This will fail... (0)

Anonymous Coward | more than 2 years ago | (#34944524)

Apart from the fact that this software only provides a technically ridiculous protection, this will fail in the exact same way that most encryption system fail: the users don't care enough. That's the reason why the mainstream has not adopted email encryption and encryption of instant messages. Encrypting instant messages is trivially easy, yet I couldn't even get many IT people to do it. The users won't install any browser add-on just to view the encrypted pictures of other people. And because everyone knows that, nobody will encrypt their pictures in the first place.

long past shelf date (0)

Anonymous Coward | more than 2 years ago | (#34944538)

does this mean that 40 y.o. can no longer use their yearbook photos? Will it be like drivers licenses and passports, requiring new photos every few years? That's great for dating sites but who cares about facebook photos?

Flaw #2 (1)

kenj0418 (230916) | more than 2 years ago | (#34944540)

Flaw #1 that seems to be the focus so far is that you can capture the screen image an make an unencrypted copy. This will only prevent copying by unsophisticated users. (But isn't that exactly who it is for?)

Flaw #2 concerns me more. It is (one of) the same problem(s) as with most DRM - what happens when this key server goes poof? Now all your images are unreadable.

Re:Flaw #2 (1)

geekoid (135745) | more than 2 years ago | (#34944778)

1) It's to remove them from specific facebook users. You know, the 18 year old dumb ass that is now out of college and looking for a job? WHen he is 18 it didn't amtter,m now it does. So looking for a Job interview and those pictures are gone when the potential employer is doing 'research'

2) Yes, thats a problem, but you could beuild this into facebook as a feature.

Idea? good.
implementation? bad

Re:Flaw #2 (0)

Anonymous Coward | more than 2 years ago | (#34944906)

So... what makes you think that when he was 18, if he was stupid enough to post embarrassing pics, that he was "smart" enough to encrypt them with something that expires them by the time he's older and job hunting?

Idea? bad.
Implementation? bad.

Re:Flaw #2 (1)

coolmadsi (823103) | more than 2 years ago | (#34944784)

Flaw #2 concerns me more. It is (one of) the same problem(s) as with most DRM - what happens when this key server goes poof? Now all your images are unreadable.

So long as they hang around for more than a few months, that's not a flaw, its a feature!

I can't see it being that much of a problem, it just means its not available online, assuming the user has the original (or a back up) on their computer/phone/etc. so can be re-uploaded if necessary. And if they don't have a back up, worse that will happen is their picture gets removed from internet viewing a bit earlier than they expected, but they were planning on having it removed anyway

Screenshot (1)

ninjagecko (1948930) | more than 2 years ago | (#34944546)

Screenshot. That is all.

Just another means of tracking... (1)

HeadSoft (147914) | more than 2 years ago | (#34944558)

One can imagine it enables them to track who is viewing the image anytime, whether or not it's served from Facebook.

It seems everyone wants to call themselves a "researcher" these days, as if there is science behind what they do. The truth is, it's just another hustle.

New Business Ideas (1)

andymadigan (792996) | more than 2 years ago | (#34944560)

New Business Model:

Crawl facebook and other sites which use this technology, grab and decrypt all such images, save them and sell a subscription to them.

Second Business Model:

Sell a hacked version of the plugin which allows you to save the image easily.

Hey, a good percentage of the public seems to think that DRM works, it's no wonder they keep coming up with stupid ideas like this....

Not a bad idea, but probably won't work anyways (1)

Yossarian45793 (617611) | more than 2 years ago | (#34944580)

For those complaining about the technical aspects of this proposal, obviously anyone who views the image before the expiration date can save it forever. The point is that after the expiration date, no new people can download the image if they haven't already. Think about your potential employer downloading drunken pictures of your from a frat party 10 years ago. This scheme would prevent that.

Now the fact that this requires a 3rd party plugin to work is problematic. It creates a bottleneck, an extra point of failure, and it suffers from the chicken and egg problem -- nobody will want to post x-pire pictures if their friends can't view them without a plugin, and nobody will install the plugin because they don't need it to see the other 99% of pictures people post.

Re:Not a bad idea, but probably won't work anyways (0)

Anonymous Coward | more than 2 years ago | (#34944904)

Think about your potential employer downloading drunken pictures of your from a frat party 10 years ago. This scheme would prevent that.

No, it would not prevent that, just like simply deleting the picture would not prevent that. In fact, since the key is much smaller, it is much easier to make a shadow library of keys than to make a copy of all pictures. This technology could only serve as a how-not-to.

i see the benifit (1)

bitappend (1773816) | more than 2 years ago | (#34944584)

sure some small percentage will find away around a few photos they want cracked.. this will still block out the majority of pics out there. i think this is a good idea of putting some kind of control back to the person who made the pics.. even if its not 100% fool proof. This is low level protection like a lock on your front door. there will always be ways around it. but it does add "some" level of protection as long as you understand it as such.

At least the plugin is free (1)

Jaktar (975138) | more than 2 years ago | (#34944590)

Because you know....I install every free plugin that I come across just to view pictures and stuff.


Maxo-Texas (864189) | more than 2 years ago | (#34944612)

Okay... because i can never hit the print screen key or take a picture of whats on the screen with my camera and repost it.

ummm..rm? (1)

Mr. Slippery (47854) | more than 2 years ago | (#34944616)

So let's implement image expiration on my website, I can ask all my members to install your plugin...or I can add

system("at now + 78 weeks /bin/rm /var/www/photos/embarrassing_photo.jpg");

to my image upload module. Gee, which way should I go?

Re:ummm..rm? (1)

betterunixthanunix (980855) | more than 2 years ago | (#34944722)

Not your website that you need to worry about; the plugin targets Facebook/MySpace/etc., where a lot of people are posting embarrassing pictures of their late teenage years which may resurface when they are looking for a job. The whole point is that those websites do not have any option for expiring images.

Discontinuation (1)

O'Nazareth (1203258) | more than 2 years ago | (#34944620)

I can bet the service will be discontinued before any picture will achieve the expiration date.

*facepalm* (3, Insightful)

TheSpoom (715771) | more than 2 years ago | (#34944712)


This whole concept should be on The Daily WTF.

Needless DRM. Expire things server-side. (1)

Khopesh (112447) | more than 2 years ago | (#34944732)

This is just another form of DRM. Instead of keying on payments, it is based on a date, but the premise is the same; it is an unnecessary locking of a file which is trivially defeated (worst case scenario: take a screenshot!) and therefore not worth the annoyance. How about just adding the expiration date to the EXIF [] (or other meta-) data in existing media formats? Any site (specifically Facebook, MySpace, etc) would then be able to revoke the media based on the expiration date. Adding an expiration field to the submission process would do the same thing. Look ma, no end-user annoyances!

As to emails and other similar avenues, live and learn (and use better judgment in picking your friends!). DRM isn't going to stop the issue; it might even exacerbate it ("oh, this image is set to expire. I'd better save an unprotected copy and use it as blackmail later.")

Or, you know (1)

geekoid (135745) | more than 2 years ago | (#34944736)

Just tag an expiration date when you upload the photo, and have a default date.

Color me amazed! (0)

Anonymous Coward | more than 2 years ago | (#34944742)

This is almost as brilliant as those scripts people used to use to block right clicks!

Then You (1)

mistralol (987952) | more than 2 years ago | (#34944756)

right click and save as .jpg :)

And like every other facebook App, it will (0)

Anonymous Coward | more than 2 years ago | (#34944782)

Expose all your facebook data to the App owner along with the picture. Sounds like data mining exploit by Facebook on Facebook users.
Problem, no nitch market exists for picture data which users believe they own even after uploading to Face book.
Facebook by making a 3rd party app viewer to view pictures will give its self an out when the data is used by the 3rd party nefariously.
By encapsulating the view into an App, they can under the guise of supporting the app do data mining and sales on all related data.

Most importantly Facebook will use the 3rd party to shift blame to for all the nefarious data mining apps not hosted on face book but that use the data.

So now when you walk into Wal-Mart the advertisements will say "Hi Malcopt, your friend Bagwhore bought product x every week for the last x weeks. You should try it.
Doesn't everyone have a face book friend named bagwhore?
Or on the TV in Wal-Mart, Hi Joe, get your facebook friends to by Laser shark meat and you all will get a 20% discount coupon on all Wal-Mart family friendly Goatsie products.

Un-X-Pire (4, Insightful)

cforciea (1926392) | more than 2 years ago | (#34944786)

I'm ready to start a new service called Un-X-Pire. What you will do is run my browser add-on, which will find X-Pire tagged images, request the decryption key from the X-Pire service, and then cache it the first time it is requested for each image. After that, it will just serve out the decryption key over and over (or, if the decryption does something fancy like swap keys based on current time, it will go ahead and decrypt the image for you by spoofing the time the key was initially first cached as the current system time for the decryption process), and then everybody who uses my plug-in will be able to view the image for the rest of eternity so long as at least one person views it with my plugin before it expires.

Also, I bet mine takes a lot less time to code than theirs.

Consider the scope. (0)

Anonymous Coward | more than 2 years ago | (#34944790)

This is not meant to be a foolproof method of preventing people from seeing photos you don't want them to see. This is simply a method of preventing images that you once wanted people to see from hanging around after you've thought the better of your original decision. Sure, someone could capture and re-post the photo in unprotected format if they act before the expiration date, but the point is not to stop others from doing bad deeds.

I don't know about this approach in particular, but the concept seems like a killer app for social networking sites that want to assuage user concerns about their youthful indescretions following them around indefinitely.

the fbi will have the unlock key and will be able (1)

Joe The Dragon (967727) | more than 2 years ago | (#34944796)

the fbi will have the unlock key and will be able to bypass this.

Oh great, embarrass us internationally... (0)

Anonymous Coward | more than 2 years ago | (#34944822)

This "technology" has been touted by Ilse Aigner, the Federal Minister of Food, Agriculture and Consumer Protection. According to Wikipedia, "Aigner completed a professional training as a telecommunications technician in 1985 and joined the electrical installation business of her parents. In 1990 she graduated from the technical academy with the degree of a State Certified Engineer and worked for several years for Eurocopter in the development of helicopter electric systems." She thinks this nonsense is going to make Germany lead the world in online privacy protection... It is beyond embarrassing. I am sorry and apologize for these idiots.

Well this is certainly going to be adopted... (2)

goldcd (587052) | more than 2 years ago | (#34944834)

If Facebook actually wanted pictures to have a shelf-life, they could just allow you to add a default date+x when they would be pulled.
Facebook haven't done this, so I'm guessing they're either a bit short of development cash - or don't want this.

So, how might this work?
Well I'm guessing that either it's:
a brand new file format and the browser requests an external key when the photo display plugin kicks in - so so unlikely to take off, I'll just leave it there.
it's encrypts the image and embeds in tags so the 'plugin' can detect it's a 'special image' and goes off to find a key to decrypt it.
Assuming it's the second, it has my interest. Sounds a little bit interesting - but then I start thinking.
If it's encrypted it's going to have 'look random' - so that's ballsed up the compression ratios of the jpg you uploaded.. and then well most sites tend to compress/thumbnail/crop or a combination of the above... well I don't quite see that working - no it couldn't
I guess maybe we're onto option C, I've just thought of. You don't upload the image, you upload a QR style pointer to the image - and the browser just inserts that in-line?
Well, maybe that would work.. but then these researchers just seem to have come up with a way of replacing an <img src= with a graphical pointer..
Oh and as everybody else has undoubtedly posted whilst I typed this, printsrn.

Maybe there's a market somewhere for pushing the whole public key encryption seamlessly into "stuff we upload" - to restrict or monitor view - but the problem that's never going to go away is that if one person can open it and wants to share it, then there's no security.

18 months, seriously? (2)

dingen (958134) | more than 2 years ago | (#34944836)

development work began about 18 months ago

18 months to build this seems an awful lot, doesn't it? Ubuntu has released 3 versions in such a period!

What a great idea... (0)

Anonymous Coward | more than 2 years ago | (#34944862)

Now we can scan for the tasty stuff.


I have a better idea (2)

kheldan (1460303) | more than 2 years ago | (#34944864)

Here's a better idea that won't require any additional plugins or new technology to be created: Don't upload pics to Facebook or any other so-called "social networking" site that you don't want available to the public forever. We'll call this idea "common sense".
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>