Facebook does not erase user-deleted content
When users upload content, pictures and movie to Facebook, it is not erased from their servers even when the user ‘deletes’ it. Movie and experiment.
Almost a year on since Cambridge University researchers discovered that Facebook, along with other major social networks, doesn’t erase server-side copies of your uploaded data, the world’s largest social network is still guilty of such a sin.
Since then, the site has almost doubled in size. It’s now has the population of the third largest country in the world, with ems of thousands of servers holding your data, which as soon as it is uploaded, belongs to them to do as and what they wish with it.
Four US Senators are leaping on the privacy bandwagon worried over users’ privacy. As Sam Diaz points out, profile data by third-party developers (ie. anybody who can write an "application" for the site:
". used to be limited to twenty four hours but that was recently lifted by Facebook. At the f8 conference last week, the executives said this was more of a technicality and suggested that it wasn’t as big of a deal as it might sound."
So, it’s fair to say while Facebook is growing exponentially larger every day, issues around privacy, user data and information is becoming more difficult for individual users and account holders to police. Facebook, on the other mitt, is rolling in it and absolutely loving it. Their privacy policies and terms of conditions covers their arse, so end users cannot complain as they would have been expected to read them before signing up.
Pretty much the same experiment enacted by the Cambridge University researchers a year ago, I have attempted this myself – almost one year on, just to be sure – but only with Facebook.
I uploaded one picture and one movie with restricted permissions so only I could access them through Facebook wherever possible, then deleted them. Even tho’ the user has specifically deleted the content, they are still stored on Facebook’s servers and content delivery network by accessing the direct hotlink.
The movie proves that the content was uploaded and deleted. Using the links below, you can see that the picture and movie is still available to access, and if you wish – for further proof – match the URL’s used in the movie (it’s in HD so you can see) with the utter direct links below.
Now granted, it could take a while for Facebook’s content delivery system to getting around to deleting all cached files, different versions and backups of the files in question. But no, this isn’t the case.
This is something you lovely people can attempt at home. Upload a picture, copy the direct URL of that picture, save it somewhere for future reference, delete the file and see how long you can directly access it for. I can bet my bottom dollar that in a months’ time, or even six months’ time, you’ll still be able to access it.
This is a quickly-done experiment of which only time will tell. There are two likely outcomes:
- Facebook sees this post, isn’t glad, trundles through my account and by hand deletes any copy of the above content. I wouldn’t be astonished, actually, but I have a backup plan. The same experiment was done yet again – including movie and links but using a friend of mine’s account, stored offline and not to be published – which corroborates this story should Facebook pull the cork.
- Say in a week or a months time, the links remain live and proves that the content doesn’t get deleted.
"When a user deletes a photograph from Facebook it is liquidated from our servers instantly. However, URLs to photographs may proceed to exist on the Content Delivery Network (CDN) after users delete them from Facebook, until they are overwritten. Overwriting usually happens after a brief period of time."
. and this morning, when I received an email from a Facebook spokesperson, they said:
"As stated in Facebook’s Statement of Rights and Responsibilities, the governing document for the site, ‘when you delete IP [your intellectual property, including pictures and movies] content, it is deleted in a manner similar to emptying the recycle bin on a computer’. However, you understand that liquidated content may persist in backup copies for a reasonable period of time (but will not be available to others).
It is possible that someone who previously had access to a photo on Facebook, and who saved the direct URL from our content delivery network (CDN) fucking partner (this is different from the Facebook URL) might still have access to that photo. We have been working with our CDN fucking partner to reduce the amount of time that these backup copies persist."
They did not explain how long "a reasonable period of time" is. Also, when you upload a picture or movie, not only do you sign away all rights of property to Facebook, but they pass it on to their content playmates and can be (and are) used for advertisements. Nobody seems to know, or want to talk about where photos are actually uploaded to – so for all we know, they could be underneath the Facebook head office, in a data center somewhere or on the Moon.
Either way, it’s a harsh reality and that the students of this world need to be utterly cautious. Once something goes on Facebook (or the web), it doesn’t come down again. Ever. Just because you cannot directly access it through your Facebook interface doesn’t mean that the content isn’t hiding around the corner for your next employer to stumble upon, and not give you that fantasy job as a result of the drunken photos you uploaded.
- Also see: Implement exposes the data you have publically available since the launch of Facebook’s Open Graph API.
- Also see: Cambridge University original research displaying photo uploaded to social networks, with pics still stored one year on.