"Note: According to facebook’s privacy policy, messages on facebook can not be deleted anymore. If you click on ‘delete’ the messages will only be invisible to you. US law enforcement agencies can access this information at there own liking, without judicial review."
That last one is scary indeed. People were arguing a while ago whether these companies should keep data only for 6 months, or for a year, or 18 months - but Facebook is simply keeping it forever. Even 10 years from now law enforcement could verify your Facebook data.
Facebook Timeline should give them a nice UI, too, in case you don't delete anything. But they would still want to dig deep. I wonder if Facebook built a special Timeline product for law enforcement to see everything about everyone. Remember when they admitted a while ago that they provide law enforcement a special software for the data? I wonder if the idea of Timeline for users comes from that.
Julian Assange was dead-on that Facebook is the biggest spying machine.
It also seems to indicate a deliberate quasi-law-enforcement role being played by Facebook. If Facebook handed over data when presented with warrants, the "without judicial review" wouldn't be true. That can only be true if they're purposely partnering with law enforcement, to voluntarily offer them data that courts haven't requested.
Reduces any qualms I might have about calls for Facebook to be regulated as a public utility, if it's actively choosing to act as an arm of the government anyway. Public utilities are actually, despite being much more entangled with the state in some ways, more separated from the state when it comes to law-enforcement. For example, the phone company can't just choose to record all your calls and give them to the police without a warrant.
It's not Facebook's call. The USA PATRIOT Act allows for National Security Letters, or NSLs, that legally function like warrants but require no judicial review. The US government uses them over 60,000 times per year. The law allowing them turns ten years old next month.
Precisely. If you want to place blame, it goes squarely on the Bush Administration. (And yes, I'm sure I'll be down-voted for saying that, but it's still unquestionably, uncontroversially, non-debatably true.) If you want this fixed, it has to be fixed politically at a federal level.
> Precisely. If you want to place blame, it goes squarely on the Bush Administration. (And yes, I'm sure I'll be down-voted for saying that, but it's still unquestionably, uncontroversially, non-debatably true.)
Wasn't the Patriot Act recently renewed, where "recently" means "post-Bush"?
> If you want this fixed, it has to be fixed politically at a federal level.
And Dems, who voted for the initial version overwhelmingly, were uninterested in doing so when they held all three elected branches and that didn't change when they lost one.
So, yes, it's true that it was passed under Bush, but no one is interested in fixing it. (Yes, I'm ignoring Ron Paul and Dennis Kucinich.)
It'd be interesting to know if that covers 100% of data releases to the state. Does Facebook release data to law enforcement in cases other than either: 1) pursuant to a warrant; or 2) compelled by a National Security Letter? I would guess yes, but I'd be interested in a solid statement either way.
It's not like the telecomm corps in the US haven't been caught handing over info to cops/FBI without warrants or NSL letters (or handing over more than required when presented with a warrant or NSL).
You may be surprised that many (at a guess, maybe most?) companies/websites actually consider a delete function to be changing a 'deleted' flag to 1 in a database. The data persists, but is no longer shown.
I would also make a very big assumption that the only companies who wouldn't do this are those run by developers or other people who have had experience implementing that sort of system.
There's nothing bosses love more than storing whatever data they can get their hands on, no matter how relevant it is, and how reluctant they are to actually delete it. Or secure it properly. Hell, it's just data, who gives a shit right?
I think you're close, but missing something: The companies who wouldn't do this are run by developers or other people who don't interact much with the actual users. Irreversible actions are horrible UX, and any irreversible action in a commonly used area of the app will make a large number of people steaming mad on a daily basis — guaranteed.
People who will blithely click "Delete" — and then click "Yes" even though they don't mean it on the confirmation dialog that comes up — vastly outnumber people who care that an invisible copy of their content might be buried in some Facebook database somewhere. Next to the unintentional deleters, the second group looks like a rounding error. And that's not even counting people who get their accounts hijacked.
So I would say people who know users are more likely to go with the delete flag, since that leaves you an avenue to help the user who emails support with "I got really drunk last night at the wake and thought it might be funny to delete everything on my Facebook and now all my photos of my dead Nanna are gone."
I think that it is probably one of the major reasons, though certainly not the only one. In my experience, one of the most common customer service complaints/requests is "Oh no, I did this irreversible thing you warned me not to, fix it." I imagine facebook also gets its fair share of complaints like "Oh no, my ex-boyfriend deleted my account, fix it." This stuff is really common, and I can understand why a company would rather be able to say "Oh yeah, sure" than "Sorry, for privacy reasons your online life for the past two years has been lost irretrievably."
I'm sure you're right, and not necessarily in any insidious manner. There's any number of entities that we won't actually purge when deleted from our system here. For example, when a sales rep wants to get rid of a Quote, we can't necessarily dump it, because we'll need a future record if there has already been a customer order placed against that quote. Sometimes the integrity of the system, and the ability to look at history in a (unfortunately necessary) CYA view, demands that some data be "deactivated" rather than deleted.
I agree. I've already just replied to another reply on this but dealt more with the ethics of the matter.
What I would actually implement is something akin to the recycle bin in an OS. Flag something as deleted, ensuring it's no longer published in whatever form on the website. Optionally, delete it properly after a set period of time, or otherwise allow the users to manually perform that action.
In addition to that, log the delete actions along with the IDs of the deleted items. So if after all that the user regrets it and files a complaint, you can trawl through your backups to restore it.
Irreversible actions in the UI are bad. Having no choice but to tell the customer tough luck is bad. Deceiving the user is also bad.
Of course I'll concede my ideals are more compatible with the concept of deleting an entire user account, for example, as opposed to removing individual items associated with. But I don't think everyone else's intents are as pure as yours.
This is how I usually implement delete. Deleting a record can have many cascading effects and there is no possibility for undoing it if it was an error. I think this is a pretty standard way of doing it.
I agree with the fact a hard delete may have unintended effects, even in the best design, but in my ideal world I'd rather make allowances for that than simply offer my users the illusion I'm deleting their data.
I think that may be a view shared between developers who care about ethical practices, where our personal ideals and how we think we should respect the user takes precedence over the data collection and profit motive.
I think it's important to remember websites are dealing with actual people, who aren't a new commodity to be exploited for capital gain. Who aren't little mines full of precious data ready to extract at any cost.
Of course, none of this really matters. Whether you delete something or not, it will be routinely stored, over and over again, on some backup server. It's there forever.
I think it's a bit of a jump to imply that if I don't actually delete the data that I don't care about ethical practices nor my users.
For me, at least, it all depends on what 'delete' means to the user. There are some people out there that want 'delete' to mean "I don't want this stored anywhere anymore". There are other users that want it to mean "I don't want to see this anymore".
Unfortunately, people in both groups sometimes regret deleting stuff. Those in the first group accept the responsibility, however some people in the second group feel as though it's a problem with the system that they are using when they cannot restore the data easily. There are a lot of people that appreciate the "Recycle Bin" in Windows and never empty it.
Now, I've written a number of systems over time and I've implemented 'delete' in most of them. Sometimes I do an actual delete, sometimes I set a flag. It all depends on what I expect my users to actually want. It's got nothing to do with trying to exploit them for capital gain though, that's for sure!
I'd certainly like to think I'm an ethical developer, and I always implement the delete as a flag.
I, however, do not implement an easy way to retrieve deleted data without going into the database or through an administrative interface with heavy auditing.
It isn't just about data mining for customer data -- it's about data mining for site usage and user activity. Using metrics off of visited web pages or tracking that way can be too convoluted when the KISS method is: flag it on the data side and you can interpret flow.
This is one stage of deletes (mark for deletion). The 2nd equally important deletion metric is to purge the deleted records (expunge)... this may be a complicated process, stubbing out or redirecting pointers where need be.
You can force local governments to expunge your data (it's not just off the records, it's forcibly erased).
I think this weight of eternal data is both unnatural and unsustainable. All living things die. Things that don't have a natural cycle of creation and destruction are abominations and should rightfully be feared (see Corporation).
This is almost certainly not true for a lot of medical data (in Canada and Australia at least, don't know about the US).
There was a rather interesting example in Queensland ~two years ago when govt. health sector payroll data (from an outgoing system) was deleted due to privacy concerns, and then the replacement system mis-functioned (never really worked) and the entire state's health payroll information was lost. $200 million and counting to fix the lost data.
unless I was dealing with a security based application where data needed to be wiped - I would never delete, but just flag as deleted. I don't see it as evil from a development perspective. Losing data is about the worst thing that can happen - all other errors can be fixed.
I have many times ran into a situation where having that deleted data either saved us from losing a customer or was used to show that our app was not mysteriously "deleting" their data.
There are also some technical problems with deletion. For example: What to do if the post has subposts from other user? What happens is someone steals your account and erases all your posts?
And, when you click on the delete, should they erase the information:
* From the cache
* From the database (not only mark it for deletion)
* From the weekly/monthly/yearly backup
* From the old backup system that is not longer in use, and was connected to the old backend that is not longer in use.
The main reason why facebook and many other websites do this is risk minimalization. What if some spam filter goes wild and deletes half of all profiles?
EDIT: That was just meant to be an example. I believe it's generally a good practice to use a delete flag as the default option (unless there are legal or serious privacy concerns), because it makes you sleep better at night. I don't know if it justified in this case, but I just wanted to point out that they did not do it just out of pure evilness.
It would hardly be a great programming feat to create 3 states: 'good', 'marked as spam, hidden', and 'deleted, remove from the DB at earliest convienence'.
Hell, my mail client has been doing that as long as I can remember.
What to do if the post has subposts from other user?
My solution: mark the record with a 'deleted' flag, leave all the logical/structural data (user id, post id, etc.) untouched, overwrite/wipe out the post's content, on the webpage display "Post deleted" message. If you want to have an ability to 'unerase' things: mark as deleted, delay the purge.
Cache should be purged as well, though not necessarily in real-time. Backups issue is a complicated one - but is there any use of yearly backups in Facebook case?
Best advice I ever heard (and it came from an ex-Facebook employee), "treat communication ("private" & "public") on all services, including Gmail, Facebook, and Tumblr, like a million people are listening."
That doesn't account for the times the receiver decrypts your communication and then intentionally makes it public.
There's a deep wisdom to the idea that one ought not put into words that which they wouldn't want the world to see... Once it's out of your head, your ability to control it diminishes if not outright vanishes... Just say'n is all..
Heads up: Google does this with Gmail, too. http://news.cnet.com/2100-1047_3-6050295.html - "Judge grants subpoena and orders that all e-mail messages, including deleted ones, be divulged."
You can be asked for anything, that doesn't mean you have it. As the article you linked states, Google's privacy policy notes deleted information may live on in backups. This is common sense, otherwise they would have to touch every backup on a delete, which besides being very risky (one bug away from disaster), would mean having to go through offline tape archives of everyone's mail. If that were the case it would be prohibitively expensive to allow anyone to delete.
The question is if they have the ability/requirement to go sifting through the old backups for requested data.
So let's say I launch TrackMyEatingHabits.com. If a user that happens to live in the UK signs up, they can send me a request for all of their data and I have to comply, right?
So this means that when I design the software for TrackMyEatingHabits.com, I should also be mindful to have a process (and data model) that makes it easy to locate this user data quickly, right?
Also, I should have in place processes to verify the identify of the requester too, right?
Or alternatively, I can just limit my market to the U.S.
If you are a US company operating a US website, you are not bound to the EU law in that regard. But if you launch trackwhatever.[EU top level domain] to better target these markets, you may need a EU address to get the domain. In that case, you may need to comply with the EU law.
No, probably not. Usually you only have to abide by a countries laws if your server are based there, or you have a company incorporated there. If you have a US company with servers hosted in the US, acbd an EU citizen uses it, and claims you are breaking their laws, then there its nothing the courts in that country can do to make you abide them.
To put it another way, are you worried if your US company breaks Chinese censorship laws? That's illegal in China. Are you worried if your company denies that the Holocaust happened? That's illegal in Germany.
You only need to abide by laws in the country you are in. Unless you have a EU server you don't have to abide by EU laws.
Like most legal matter it's a bit more complex than that. As far as I know, you can be targeted by foreign laws with a .com domain, and servers physically in the US.
If you specifically target/advertize (e.g. with translated interfaces) your services to EU citizens, a judge might decide that EU laws apply to you.
Is this just your opinion or do you have some examples to back it up? I don't see why a US judge would care at all if a US company breaks laws of another country.
Check "conflict of laws" and "conflict of jurisdiction". I don't know the US legal system well enough to find it, but it happens in European countries (e.g. french judge applying US laws), so I guess it would be similar.
Moreover a US judge might not care, but a French or German judge might decide he is competent (if there are good reasons to think the website is not US only).
If a french or german court decides that a foreign company is violating their laws, they can do little besides preventing them from reaching their market, which would in this case mean that they can order ISPs to block the site. I'm pretty sure that there is no way that they can actually make a foreign-based company abide by their laws. How would they enforce the ruling?
Of course, if the company in question also owns a EU-based daughter company through which it operates on EU market (as Facebook apparently does), then that's a whole different ballgame.
Yes things like .com's would complicate matters. I'd guess the only thing they could do would be confiscate your .com. Worse case is they might try to extradide you. Of course if you were to set up shop in the USA later, your past would catch up to you.
Not sure. Almost all countries respect each others copyrights, that's why if a work is copyrighted in the UK, then it is copyrighted in Brasil (that's the Geneve Convention I think). I'm not sure about patents, especially when it comes to things like software patents. Ask your lawyer.
I work for a european social network. I helped make a self service page, where users can view their info. However, we only some basic the information that is easily accessible for us in our databases.
So far no one send request for all their access log data, but that would mean, that we would have to go though billions of entries.
Actually not a lot of people request their information anyway. It's sill better then the software patent situtation in the use.
There doesn't appear to be any non-facebook.com data in the example PDFs -- i.e., no "you commented on TechCrunch" or "you visited TechCrunch which has our widgets".
I would suspect this means Facebook just simply did not provide it?
It's surprising that the PDF I looked at (the first one) doesn't contain any access-log data at all. Shouldn't it contain the time, date, and IP address of every time she's viewed a page on Facebook, at least as far back as they keep HTTP access logs? Or do they not log the user ID when they log HTTP accesses? Someone (in Europe, therefore not me) should ask the Irish Data Protection Commissioner to get an answer to these questions.
If I view a profile on the mobile app or on the web page it is (presumably) measured the same, presumably in the application layer. That's different to recording the your id in the HTTP access logs.
Does anyone know if requests made by Americans are honored? I'm guessing we don't have the same privacy protections here in the US, but maybe I've assumed incorrectly?
You're allowed to (and should) black out your photograph and your social security number, they don't need those for ID. Only your government, your employer and a list of government-sanctioned organisations can require social security numbers for ID purposes. the rules for photo ID are even more strict.
Additionally you should write in big letters over the scan "Request to access Facebook Data <date>", so that nobody else can use the scan of your ID-card for anything else.
The rest of the data, Facebook already knows (name, date of birth) or is useless (passport/ID document number).
> Additionally you should write in big letters over the scan "Request to access Facebook Data <date>", so that nobody else can use the scan of your ID-card for anything else.
This serves no purpose as it is trivial to 'shop these big letters out of the image.
I dunno what your ID cards look like, but ours have intricate patterns all over them. Additionally there's a punctured-hole pattern that vaguely corresponds to the photograph, so that's unique for every ID.
I can't really imagine how you'd want to reconstruct that, and even if you could I'd hardly call it trivial.
No need to reconstruct anything, just save the image with a higher JPEG compression and all the intricate patterns will be well blurred. I really doubt FB is spending any time whatsoever on validating these patterns.
Whether they do it now or not, but a few years ago they actually demanded that info (or some other form of valid ID such as your driving license) if you wanted to start a page and add music to it.
I was in a band back then. Set up the page, tried to add my own band's music, and was told I had to provide valid ID first.
Or, from your Google+ page, click on your picture in the top right corner, then Account Settings, then on the new page click on Data Liberation on the left hand side.
You cannot get all your logins, session time, IP address, etc. This is what you have a right to get out of a EU based company. Yes, this means that as a business, it is pretty hard to comply with the law.
It's at least six months, and they don't do a very good job of anonymizing: they scrub the last two digits of the IP, but not tracking cookie logs. DataLiberation further contains no information they keep when you are not logged in, and only a fraction of what they have (and keep) when you are logged in. The "privacy dashboard" points to several chunks of data that are retained but not accessible, and there is far more that actually is kept.
A simple but perhaps inconvenient way to verify this is to be criminally prosecuted for something where your Google account is relevant. Google will hand over what they have to the prosecution, and as the defendant, you'll be entitled to see the evidence. (I've not tried this and don't recommend it, but do know someone that this happened to, and have examined the contents of the provided CD.)
DataLiberation is mostly a PR site, and it's main use is migrating what data Google feels is useful to you, not finding out what Google knows.
They claim that they anonymize your data. For example Google Analytics data should be anonymized (i.e. they don't link the traffic to your Google account name or some cookie ID, but they do store your IP). If this is true, it means that they can't send anything like logs of your visited sites to you, because they can't link your identity to the correct IP addresses.
The missing data is what's interesting. The data they provided isn't surprising or shocking at all, it's exactly what I'd expect to get from this type of request.
what bothers me - or has me in awe even (to some extent) is how early on in the process facebook started storing all this information! I've had status updates from years ago show up in my "this day in 2009" pop-up on the sidebar. And clearly from the content of these files on the above website - they have stuff on you that goes way -way back. It seems almost sinister - as if they knew all along that they would aggregate so much information - althought on the face of it - it was just another social networking site. Which I would assume like any other website or web-app would delete unneccesary stuff in order to save space / efficiency etc (atleast before they got huge and had their own server farms). At the same time - one cant help but wonder if having all this data (and probably a lot lot more that we dont see from an outsider's perspective) - is really what is responsible for facebook making the "right" moves every now and then with regards to really delivering features that its users will use and growing at unbelievable rates? Might be food for thought - after all - the more you know about your users - the better you can serve them!
why they keep those data in their data base. If i deleted a content, i meant it to be deleted forever.
and knowing the fact "Note: According to facebook’s privacy policy, messages on facebook can not be deleted anymore. If you click on ‘delete’ the messages will only be invisible to you. US law enforcement agencies can access this information at there own liking, without judicial review."
by @nextparadigms
I'm thinking of quitting facebook
"If you are a resident of or have your principal place of business in the US or Canada, this Statement is an agreement between you and Facebook, Inc. Otherwise, this Statement is an agreement between you and Facebook Ireland Limited."
So if you're living in USA it seems like they don't need to comply with your requests.
Thanks for the head's up on the TOS. Actually, there WAS a period of time when I was on FB when I was living in Germany. In fact, when I signed up for FB, I was living in Germany (not in the military), so still probably worth a shot.
I'm dual Australian/UK and just tried it with my British passport (and Australian address).
Almost immediately I got an email saying that "Unfortunately, we won’t be able to respond to your email directly, as this form is only applicable in certain jurisdictions." Might try again when I'm back over Christmas.
Edit: On inspection of the Facebook T&C page, it says I'm contracted to Facebook Ireland, so I'm not sure what the email's about.
I don't find any of this surprising. All of the data Facebook has on me I have given to them. Just like anywhere else on the internet or not, if you don't want somebody to know about something then don't share or keep a record of it. Privacy is not absolute, it is contextual.
This is the sort of thing that causes governments to enact legislation. Either you self-regulate and do a good job of it or sooner or later you get a bunch of rules forced upon you that may be far more impractical and expensive to implement.
No, there's no general right-to-data law. There are general right-to-government-data laws, so you can e.g. request your own FBI record. But private businesses don't normally have to disclose what data they collect on you. There are a few exceptions for specific areas; for example, the credit-ratings agencies have to provide you with a copy of your credit report, and in some cases an employer may be required to provide you with a copy of certain personnel records. But they apply to fairly limited situations.
So for those of us that live in the US, is it not possible for us to request to have the data that Facebook stores about us???
Related (well, maybe): You can easily download a copy of your Facebook data no matter where you are located, by logging in and clicking "Account Settings" > "Download a copy of your Facebook data". This will include all things like messages, pictures, etc., but I am positive that it isn't nearly as in depth as what is outlined in that article.
ha. this is smart by fb. if they follow the yahoo model, access to that data is sold to the agencies that want it. they don't get access for free. so fb has an interest in having a nice store of data on offer. it's a nice business unit on its own in addition to their ad selling pursuits.
I don't understand this community. I thought you were wolves, but here you are taking the part of the sheep. Instead of being outraged, you should be trying to get your own piece of the data pie. Every single web startup is doing exactly that.
I don't think you understand communities. People acting in a group will act similarly and be derided by you as 'sheep.' It it is the type of thing that motivates group action that determines whether you think group members are 'wolves.'
Predator/prey is also a metaphor. People aren't actually being eaten. They are voluntarily sharing data that is used to provide them with a service that they want. I'm so depressed that I have to spell everything out.
And in these threads where you call us sheep, we are deciding that the data price is too high for the service rendered.
We have the right to use government to nationalize these programs if they are going to be so deceptive and intrusive.
Facebook falsely advertises their service as free. They don't tell their users that they are collecting unnecessary amounts of data to violate people's privacy, and that this data is payment for the service.
Thanks to the Google employee ring for voting this one up too, I found that the 5 breathless Facebook articles already on the front page weren't sufficiently satisfying my intellectual curiosity. Now you may proceed to transition into downvote mode.
I really hope one day pg changes it so that all votes on articles and comments are publicly available, so that we can run our own analysis' using it. It would be interesting to see how much of the content on HN has become dominated by these employee rings over time.
I voted it up and have nothing to do with Google; not being employed there, never being employed there, and holding no shares.
I also have only a passing curiosity of a desire to work for Google, no more or less than Facebook, Apple, Microsoft or any other large tech company.
However, I find it disconcerting how ALL companies seem to be edging towards creating and storing a mass of data about individuals without disclosing the entire purpose, what is held, or how to access it.
With that in mind, this is a great article/link. The Data Protection laws in Europe are wonderful, and they're there for a good reason (remember that Europe has been host to things like the Stasi).
We value our privacy, and we value our right to know what data companies hold about us.
So please step down from your soap box and ask yourself: Is there a real problem that resonates here? Is there a reason X stories are all on the front page at once?
It's nothing to do with employees waging a PR war or anything as petty... it's because even amongst very technical people there is a lot of concern about the direction things are going in, and Facebook (and sometimes Apple recently, though Google might trump them soon with Google Wallet) seem to be at the very front line of it.
If you're so out of the loop that you didn't know about f8 and 'frictionless sharing' then read up about those things and viola, you'll realize why these stories are all popping up the rankings.
They delete sh*t, if you delete your posts they don't remove them from their databases.
This makes me really angry, there is a reason why i delete this stuff. I can't believe this, they have a responsibility.
Edit: WTF http://europe-v-facebook.org/EN/Data_Pool/data_pool.html#Mac...
This is maybe the most frightening: http://europe-v-facebook.org/EN/Data_Pool/data_pool.html#Mes...