
Even years later, Twitter doesn’t delete direct messages - RobertSmith
https://techcrunch.com/2019/02/15/twitter-direct-messages/
======
B-Con
A lot of the article focuses on DMs sent from eventually deleted/suspend
accounts being accessible from the receiving account.

When you send a message to another account, it's in their account now. Of
course it's not going to disappear along with your account.

This had been the canonical behavior of messaging clients for forever. Email
obviously, but also IM, chat find, etc. (Trying to remember about BBSs.) Once
you press send it's not yours anymore.

This should 100% be the expectation of users anywhere they go. Once you press
send, do not count on being able to withdraw it under any circumstances.

Does this genuinely surprise people or is it a slow news day at TechCrunch?

~~~
nebulaserfer
As an example, you can delete your messages in telegram. Even in Slack. I
think it is reasonable to allow user completely erase its own history from the
server.

~~~
segmondy
Nope, "your messages" once they have been received by someone now belongs to
that person too. If you say something crazy to me, you shouldn't get to deny
it by deleting your messages. If I levy an accusation, I should be able to
prove it by showing my message history...

~~~
saint_fiasco
How would you prove your message history was not adulterated? The easiest way
would be to check the logs of the service itself, but what if those were
deleted and only your local copy remains?

~~~
gruez
The judge would decide. If the app was on a secure platform (android/ios, non
root/jailbroken), you could argue that the logs are genuine because the
platform prevents you from manipulating the logs. The onus would be on the
other party to prove that the logs were fabricated. I wouldn't count on it to
secure a criminal conviction, but it would suffice in civil cases.

------
strict9
One of the hardest concepts to explain to non-programmer friends/family is
that deleting anything in an app is usually flipping a boolean flag in the
database from False to True. And even for the rare cases of actually deleting
the record or updating the field value, it likely exists in backups somewhere.

It's never gone.

~~~
cdoxsey
Twitter actually tries to delete stuff:
[https://twitter.com/en/privacy](https://twitter.com/en/privacy)

> We keep Log Data for a maximum of 18 months. If you follow the instructions
> here (or for Periscope here), your account will be deactivated and then
> deleted. When deactivated, your Twitter account, including your display
> name, username, and public profile, will no longer be viewable on
> Twitter.com, Twitter for iOS, and Twitter for Android. For up to 30 days
> after deactivation it is still possible to restore your Twitter account if
> it was accidentally or wrongfully deactivated.

And they require developers to delete them too:

[https://developer.twitter.com/en/developer-
terms/agreement-a...](https://developer.twitter.com/en/developer-
terms/agreement-and-policy.html)

> If Twitter Content is deleted, gains protected status, or is otherwise
> suspended, withheld, modified, or removed from the Twitter Service
> (including removal of location information), you will make all reasonable
> efforts to delete or modify such Twitter Content (as applicable) as soon as
> reasonably possible, and in any case within 24 hours after a request to do
> so by Twitter or by a Twitter user with regard to their Twitter Content,
> unless otherwise prohibited by applicable law or regulation, and with the
> express written permission of Twitter.

When I worked at Gnip this requirement was a constant headache for customers,
precisely because deleting data is so hard.

~~~
mdhshjdjsh
And that only reaffirms and proves correct, the comment to which you have
replied.

When the user deletes something, it is not destroyed instantly. Instead, it is
rendered inaccessible to a broad class or ordinary users. Meanwhile, the
systems do still retain the ostensibly deleted data, even if for an hour or 30
minutes, while other, more powerful actors might still have the ability to
access and read something the individual thinks is destroyed and gone forever.

~~~
Dylan16807
It's not like throwing something in the garbage makes it immediately stop
existing.

"It goes in the recycle bin, it'll be gone for good in a couple weeks" is
perfectly intuitive, even if database flags are confusing.

------
cantrevealname
Skype too. Skype stores your voice mails and video messages forever[1]. I’m
not sure about text messages, but I wouldn’t be surprised if they store all
messages even if both the sender and recipient deleted them.

[1] Details: Clicking on Preferences -> Privacy -> Delete history (OS X), or
Options -> Privacy Settings -> Clear history (Windows) pretends to delete the
voice/video messages but it merely hides them from your view. If you re-
install Skype on the same computer or run Skype on a different computer, all
those "deleted" voice mails and video messages re-appear. The delete and clear
buttons don’t do what they claim.

------
eberkund
I recently learned to my surprise that Exchange has a feature that allows you
to recall emails from the recipients inbox.

~~~
porpoisely
That pretty much only applies to emails sent within the same
organization/network. If you send an email outside your organization/network,
you generally can't recall those back.

~~~
Thlom
I guess it can be configured to send a "retraction" e-mail to the recipient?
I've received some of those at least.

------
ddebernardy
It's a bit disingenuous to expect Twitter or any other social media to
actually delete deleted data, except perhaps through a GDPR request or
similar. Plus, if your account gets hacked and deleted, or if you delete the
account and rejoin, you might be very happy that they didn't actually delete
anything and are able to restore your account. (I'm not a fan of social
networks or what they do with our data, but the database administrator in me
tends to side with them on that front. Keeping data around is a lesser evil
than losing it.)

~~~
spudlyo
Your instincts are correct. I happen to know that DMs at Twitter are (and most
likely still) stored in a sharded MySQL store[0]. Deleted DMs and tweets are
"tombstoned", and not actually deleted via a DELETE, which has pretty terrible
performance characteristics in MySQL

[0]: [http://highscalability.com/blog/2011/12/19/how-twitter-
store...](http://highscalability.com/blog/2011/12/19/how-twitter-
stores-250-million-tweets-a-day-using-mysql.html)

~~~
Operyl
I wonder what they use to generate IDs! /s

Man that comment popped up a bunch in that blog post, lol.

------
Nanocurrency
I don't think anyone using these social media networks expects perfect
privacy, therefore I have no idea why this article is so popular. We'll have
close to perfect privacy in some networks running on Ethereum, 10 years from
now. You can quote me on this one.

~~~
kbody
Good luck with having your hopes for anything on Ethereum.

------
maxxxxx
Isn't it pretty safe to assume that nothing will ever get really deleted? I
wonder if the GDPR will change this.

~~~
nightfly
My first thought when people bring up deleting things is backup tapes. Sure it
might or might not be "deleted" from the live data set, but it's almost always
gonna live on in backups for probably forever.

~~~
NullPrefix
GDPR affects backup tapes too

~~~
kradroy
It does, but not like you'd think. If the backup is dormant, the right-to-be-
forgotten portions can remain there. Once it comes out of cold storage, those
RTBF requests have to be processed over the restored data. Although, in most
cases, the dormant backups will expire and be deleted as per a data retention
plan.

~~~
msh
That does not seem to be entirely correct: [https://blog.quantum.com/backup-
administrators-the-1-advice-...](https://blog.quantum.com/backup-
administrators-the-1-advice-to-deal-with-gdpr-and-the-right-of-
erasure/#.XGfzF6TnvDu)

~~~
guitarbill
Which part isn't correct? What op described sounds like a good and easy way to
do it (as long as you have sane retention periods) and doesn't seem to
conflict with the article you linked in any way (in fact, they agree).

~~~
msh
In addition you have to tell the customer how long you retain your backups
(and only retain them for a reasonable time) and only restore for purely
technical reasons.

