Hacker News new | past | comments | ask | show | jobs | submit login
Even years later, Twitter doesn’t delete direct messages (techcrunch.com)
130 points by RobertSmith 67 days ago | hide | past | web | favorite | 64 comments

A lot of the article focuses on DMs sent from eventually deleted/suspend accounts being accessible from the receiving account.

When you send a message to another account, it's in their account now. Of course it's not going to disappear along with your account.

This had been the canonical behavior of messaging clients for forever. Email obviously, but also IM, chat find, etc. (Trying to remember about BBSs.) Once you press send it's not yours anymore.

This should 100% be the expectation of users anywhere they go. Once you press send, do not count on being able to withdraw it under any circumstances.

Does this genuinely surprise people or is it a slow news day at TechCrunch?

Its right there in the privacy policy: https://twitter.com/en/privacy

> When you use features like Direct Messages to communicate, remember that recipients have their own copy of your communications on Twitter - even if you delete your copy of those messages from your account - which they may duplicate, store, or re-share.

> Does this genuinely surprise people or is it a slow news day at TechCrunch?

I was gonna say... I don't think techcrunch cares whether something is a story as much as they care whether it's a headline.

TechCrunch patting itself on the back.

The article actually starts by acknowledging that there used to be a feature called "Unsend", and that the issue being reported here is NOT about that. From what I understand, Twitter keeps storing messages that the _recipient has deleted_ even after the _sender account was closed_. I don't think it would be an unreasonable expectation to see these messages deleted from Twitter storage.

The question IMO is, at what point should you stop storing a message that no user can actually access anymore? That data is not good to keep for anyone, since both sender and recipient expressed a desire to delete it.

The same went for letters too, back when those were still being written.

With the difference being that nobody had a copy of your letters, just the recipient.

Not to sound like an ahole but I presume Twitter would argue it's __their__ message (in the sense that it's on their platform). with the sender and recipient having access to it. Once you hit submit you've forfeited "direct ownership" of the message.

AIM (AOL Instant Messenger) had a similar policy, which, I think, if I remember correctly, was a defining moment for AIM, and once again, for AOL.

The EULA for AIM was such that your messages became AOL’s intellectual property. Not only that you could not sue AOL Time Warner for possibly scripting and producing a movie and thus profiting from one of your instant message conversations or chat transcripts, but that maybe they could sue you for trying to do the same, and win.

I had this feeling, the moment that showed up in the news, that AOL’s days were numbered, and I was right. Other companies soon released chat functions, including Google and Facebook, and now AIM is gone. It was a signal that AIM was unsuitable for enterprise messaging, and no one excpet teenagers should bother with it, and wventually the teenagers that did use it, grew out of it, and moved on, and the rest is history.

Yeah Facebook also does the same thing, but the name is stripped out if the account no longer exists.

Yup. The last time I went to delete a DM thread a couple months ago FB gave me a warning that the delete was only from my end and that the thread would persist on the receiving end.

Then why, as mentioned in the article, does Twitter say the exact opposite?

>Once an account has been deactivated, there is a very brief period in which we may be able to access account information, including Tweets.

It doesn't. That's referring to account information broadly.

I included the relevant part of the quote:

>including Tweets.

As an example, you can delete your messages in telegram. Even in Slack. I think it is reasonable to allow user completely erase its own history from the server.

Nope, "your messages" once they have been received by someone now belongs to that person too. If you say something crazy to me, you shouldn't get to deny it by deleting your messages. If I levy an accusation, I should be able to prove it by showing my message history...

Screen it if you want. Why are you chatting with person who can say something crazy to you in the first place?

I don't treat this feature as something bad, maybe it was a typo in message or just miss-click, so, allow to modify it. Maybe I sent some intimate information and don't want to keep it in history but trust person wouldn't screen it.

How would you prove your message history was not adulterated? The easiest way would be to check the logs of the service itself, but what if those were deleted and only your local copy remains?

The judge would decide. If the app was on a secure platform (android/ios, non root/jailbroken), you could argue that the logs are genuine because the platform prevents you from manipulating the logs. The onus would be on the other party to prove that the logs were fabricated. I wouldn't count on it to secure a criminal conviction, but it would suffice in civil cases.

Those are chat services, which are obviously a different model. Twitter operates their DMs much more like mail or email. If you were allowed to delete the DMs you sent, you could easily threaten someone, then remove the offending message... which is exactly the issue they are having with harassment on the platform in its current iteration.

Maybe, instead of thinking that language is ephemeral, we should realize that what we say has lasting consequences. Maybe then we wont be so mad when we can't take what we said back.

What we say has lasting consequences, but we're not giving a deposition when socializing. We have no mechanism to show how we've evolved over time on any currently contentious issue - a weak "that was a long time ago" doesn't tend to matter. The ability to forget what is no longer important is a trait that is crucial to our brain function, and it stands to reason that it is crucial for a society.

I find Twitter DMs to be very much like a chat. It has the UI of a chat app and messages are stored on a centralized service. What makes it obviously a different model and more like email or mail?

It is indeed arguable what it looks like, but even within chat/IM applications, there is no consensus or convention on should the message be retractable or not. People shouldn't expect one or the other.

I wasn't making an argument either way about retracting messages. I was just surprised that someone would think that the DMs are obviously like e-mail when the UI looks like FB Messenger or Hangouts and message storage and transmission is controlled by a single company. I'm still curious to know how it's like e-mail.

Behaviour that I find user-hostile, and one of the reasons I prefer Signal and IRC over Telegram and Slack.

Should a person be able to delete an email they sent to someone else after the other person has received it? How about a letter you mailed? Should you be able to go into their house and take the letter back? It’s like trying to unring a bell. Once you send it, you no longer own it; the recipient does.

On the other hand, gmail keeps a copy of the received message in the receiver account, even if you delete the sender account.

Only for a limited amount of time after you send it, after I wanna say four hours it can no longer be deleted.

Pretty sure that's the case in MeWe too.

One of the hardest concepts to explain to non-programmer friends/family is that deleting anything in an app is usually flipping a boolean flag in the database from False to True. And even for the rare cases of actually deleting the record or updating the field value, it likely exists in backups somewhere.

It's never gone.

Twitter actually tries to delete stuff: https://twitter.com/en/privacy

> We keep Log Data for a maximum of 18 months. If you follow the instructions here (or for Periscope here), your account will be deactivated and then deleted. When deactivated, your Twitter account, including your display name, username, and public profile, will no longer be viewable on Twitter.com, Twitter for iOS, and Twitter for Android. For up to 30 days after deactivation it is still possible to restore your Twitter account if it was accidentally or wrongfully deactivated.

And they require developers to delete them too:


> If Twitter Content is deleted, gains protected status, or is otherwise suspended, withheld, modified, or removed from the Twitter Service (including removal of location information), you will make all reasonable efforts to delete or modify such Twitter Content (as applicable) as soon as reasonably possible, and in any case within 24 hours after a request to do so by Twitter or by a Twitter user with regard to their Twitter Content, unless otherwise prohibited by applicable law or regulation, and with the express written permission of Twitter.

When I worked at Gnip this requirement was a constant headache for customers, precisely because deleting data is so hard.

And that only reaffirms and proves correct, the comment to which you have replied.

When the user deletes something, it is not destroyed instantly. Instead, it is rendered inaccessible to a broad class or ordinary users. Meanwhile, the systems do still retain the ostensibly deleted data, even if for an hour or 30 minutes, while other, more powerful actors might still have the ability to access and read something the individual thinks is destroyed and gone forever.

It's not like throwing something in the garbage makes it immediately stop existing.

"It goes in the recycle bin, it'll be gone for good in a couple weeks" is perfectly intuitive, even if database flags are confusing.

That does not actually say that Twitter will delete your account in any specific timeframe. Given the mostly-public nature of Twitter, it's sort of a moot point, but still. Ambiguity should be held against the drafter, especially in privacy policies. On Twitter's deactivation page, it doesn't say they'll delete your data either.

"marked as deleted" is not the same as "deleted".

haha. user.is_deleted = True...

A lesson on how to delete user data but still keep it. RE the headline, i'm not sure. "News flash, mega tech corp thats business model is based on accumulating data has been accumulating lots of user data."

That may've been true before, but in a post-GDPR world, you better delete it (assuming you're serving European users) -- unless of-course there's a legal reason to hold onto the data.

No reason to retain backups beyond the period for which they ensure disaster recovery.

Skype too. Skype stores your voice mails and video messages forever[1]. I’m not sure about text messages, but I wouldn’t be surprised if they store all messages even if both the sender and recipient deleted them.

[1] Details: Clicking on Preferences -> Privacy -> Delete history (OS X), or Options -> Privacy Settings -> Clear history (Windows) pretends to delete the voice/video messages but it merely hides them from your view. If you re-install Skype on the same computer or run Skype on a different computer, all those "deleted" voice mails and video messages re-appear. The delete and clear buttons don’t do what they claim.

I recently learned to my surprise that Exchange has a feature that allows you to recall emails from the recipients inbox.

That pretty much only applies to emails sent within the same organization/network. If you send an email outside your organization/network, you generally can't recall those back.

I guess it can be configured to send a "retraction" e-mail to the recipient? I've received some of those at least.

It's a bit disingenuous to expect Twitter or any other social media to actually delete deleted data, except perhaps through a GDPR request or similar. Plus, if your account gets hacked and deleted, or if you delete the account and rejoin, you might be very happy that they didn't actually delete anything and are able to restore your account. (I'm not a fan of social networks or what they do with our data, but the database administrator in me tends to side with them on that front. Keeping data around is a lesser evil than losing it.)

That's a very wacky take.

A general privacy principle is that if the user requests the service provider to delete the user's data, then the service provider should comply, unless there are legal injunctions.

It's arguable about user expectation for direct messages on twitter, given there is a sender and receiver and Twitter in the middle, but what is not arguable is that if both users delete the message or their accounts, then the messages should not be retained by the Twitter.

Your instincts are correct. I happen to know that DMs at Twitter are (and most likely still) stored in a sharded MySQL store[0]. Deleted DMs and tweets are "tombstoned", and not actually deleted via a DELETE, which has pretty terrible performance characteristics in MySQL

[0]: http://highscalability.com/blog/2011/12/19/how-twitter-store...

I wonder what they use to generate IDs! /s

Man that comment popped up a bunch in that blog post, lol.

It's not disingenuous at all. Snapchat deletes all messages, photos and videos by default, either immediately after their received or within 24 hours.

I don't think anyone using these social media networks expects perfect privacy, therefore I have no idea why this article is so popular. We'll have close to perfect privacy in some networks running on Ethereum, 10 years from now. You can quote me on this one.

Good luck with having your hopes for anything on Ethereum.

Isn't it pretty safe to assume that nothing will ever get really deleted? I wonder if the GDPR will change this.

My first thought when people bring up deleting things is backup tapes. Sure it might or might not be "deleted" from the live data set, but it's almost always gonna live on in backups for probably forever.

GDPR affects backup tapes too

It does, but not like you'd think. If the backup is dormant, the right-to-be-forgotten portions can remain there. Once it comes out of cold storage, those RTBF requests have to be processed over the restored data. Although, in most cases, the dormant backups will expire and be deleted as per a data retention plan.

This is usually solved by encrypting and throwing away the key or seed to effectively delete.

Tape is no excuse to violating data retention policies.

That does not seem to be entirely correct: https://blog.quantum.com/backup-administrators-the-1-advice-...

Which part isn't correct? What op described sounds like a good and easy way to do it (as long as you have sane retention periods) and doesn't seem to conflict with the article you linked in any way (in fact, they agree).

In addition you have to tell the customer how long you retain your backups (and only retain them for a reasonable time) and only restore for purely technical reasons.

I agree. I find it hard to believe that anyone is going to transport all the physical tapes from cold storage and look through all the physical tapes.

My guess is that the data is removed on production and recovery sites. The data will be left on tape since they will most likely never see the light of day again.

This is usually solved by encrypting and throwing away the key or seed to effectively delete.

Doesn’t that just effectively delete it until it is common to have sufficient computing power to crack the encryption?

If people are using a real database, likely there is just a boolean flag for that record getting flipped to True/False to signify deletion. Unless you use mongo, then your shit is probably gone already and you dont even know it.

Wait what? Why are you randomly crapping on Mongo? You can use Mongo in exactly the same way as you described.

Because crapping on Mongo is “in” right now. Years ago it used to be “in” to crap on it for its deaign choices, especially its tendency to lose data (seems to be what the parent comment is referencing; see [1] for a summary of some issues from 2013).

More recently it’s “in” for their business decisions, with the relicensing and the rise of API-compatible alternatives pushing some users away.

But yeah, really no reason to mock them in this discussion, apart from going for internet cool points from an audience that may also be critical of Mongo.

[1] https://aphyr.com/posts/284-jepsen-mongodb

It's hacker news, randomly crapping on technology nobody brought up is what hackers do (/s)

Real database supports real erasure.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact