Hacker News new | comments | show | ask | jobs | submit login
Facebook Users Report Seeing Old Private Messages Showing Up On Timelines (techcrunch.com)
108 points by toumhi on Sept 24, 2012 | hide | past | web | favorite | 144 comments

Hey guys - I work on Timeline here at Facebook and just wanted to chime in here. I've looked into a bunch of cases today where people were concerned their messages were showing up, but as has been pointed out in many places (e.g. techcrunch), there was no privacy violation here.

If you've kept your old emails around (woohoo gmail!), one thing you can do is go back and look for the notification email you got for a particular post that you suspect was a message. There's a date search widget that makes this easier. I suspect you'll find it was a wall post.

Another thing to note (for those that follow our technology), is that the backends for these two systems are entirely different. The messages backend is hbase-backed, designed for real-time communication more than history. The timeline backend is MySQL / C++ backed. Migrating data from hbase to MySQL would have to take months of effort.

I know that even though there was no bug here, this can be an alarming experience to see old posts surfaced like this. We're working on ways to make this interaction clearer so people aren't so surprised in the future. That said, please rest assured that your inbox is not on your timeline.

I know that even though there was no bug here, this can be an alarming experience to see old posts surfaced like this. We're working on ways to make this interaction clearer so people aren't so surprised in the future.

You ought to be doing more than that, actually. Having been an early user of Facebook, I can assure you that people viewed wall-to-wall and other types of posts differently from how they view wall posts now. No one expected their data to be exposed this way, so for practical purposes, this is tantamount to a bug or data breach from the user perspective.

Disabling this immediately for old posts or allowing users to opt out would be the right thing to do.

So you're suggesting that they replace the perception of a bug (data showing up when it shouldn't) with an actual bug (data not showing up when it should)?

Nice troll.

I was maybe a little snarky, but totally serious.

What a thoughtful response. I can imagine that you're having a very difficult day over there. Keep up the good work.

Personally, I'm sad that all of my private messages have been so mundane that if they got out, it would be no big deal. I just looked through and I didn't find any meaningful dirt at all. What a shame.

On my timeline, I'm seeing the messages that friends added as they accepted my friend invite. Have those always been publicly visible?

Here is an idea: don't dig up people's old forgotten posts shared to the smaller past FB network and repost them publicly to new members without explicit opt-in. That's paparazzi tabloid behavior.

(Cross-posted on TC)

These are all wall to wall posts. You can inspect for yourself using a Facebook Developer account.

Rollover the timestamp grab the POSTID.


Example, http://www.facebook.com/zuck/posts/11111111111

Throw it in the Graph API Explorer https://developers.facebook.com/tools/explorer with /PROFILEID_POSTID or curl http://graph.facebook.com/PROFILEID_POSTID.

The evidence speaks for itself, it shows up as a Status object.

You can push more with even browsing your conversation via


I don't think that private messages can transform into wall posts with such ease. This would have to be intentional, it's not a simple click of a switch that can do something like some are thinking that is occurring.

The fact that they are showing up as wall posts means nothing - it just means that the bug was that facebook swapped messages for posts somehow, and now they are all showing up on the wall.

Just like the article says, there is no actual evidence of this yet.

Even a screenshot of a wall post, and another screenshot of the same message (in the messages folder) would be a start, but this is all just conjecture.

True, I wouldn't give Facebook a free pass on this alone.

Is it really so hard to imagine that somebody, somewhere fudged a query and accidentally ran [pseudo-SQL] "UPDATE posts SET type='status' WHERE type='private-message' AND date = 'x' TO 'y'"?

I'll admit, it's a bit of a stretch; but the fact that these show up as wall posts is not necessarily an indication that there is no bug.

The bug may very well be that data has been manipulated to look like wall posts.

Unless Facebook discloses that these posts were flagged as "status updates" _in an archived version of their dataset_ (specifically an archive before the issue first manifested), this information means practically nothing. We could gather from the bug itself that these were flagged as wall posts in FB's backend.

No one is giving Facebook a free pass. We currently have no evidence whatsoever of a bug. On the other hand, we do know that wall posts could not be commented on pre-2009. Informal conversations were carried out with quick exchanges of wall posts. The whole conversation could be viewed with the "wall-to-wall" link. We used Facebook in a different way back then, and the conversations reflect that. If you have email notifications confirming that a private message is now public then please let us know. So far every person to check their records has found that there was no bug, they merely forgot how Facebook used to be.

According to one Facebook employee, private messages are stored on an entirely different system (MYSQL vs HBase). This seems perfectly reasonable, and precludes the possibility of a bad SQL query leaking private messages. http://news.ycombinator.com/item?id=4567009

Screenshot of old Facebook: http://news.ycombinator.com/item?id=4566962

> Is it really so hard to imagine that somebody, somewhere fudged a query and accidentally ran [pseudo-SQL] "UPDATE posts SET type='status' WHERE type='private-message' AND date = 'x' TO 'y'"?

Yes, it is hard to imagine, since they run on entirely different backends, one being mysql, one being hbase. See: http://news.ycombinator.org/item?id=4567009

Old facebook that we don't remember:

A post on someone's wall had a link to 'Wall-to-wall' or 'Write on wall', in place of what we have today, the commenting system.

Screenshot: http://blog.hishamrana.com/wp-content/uploads/2008/07/facebo...

A few things to note about the old Facebook:

- Wall posts didn’t have comments in those days (nor did they have a “like” button. Can you believe it?) Conversations were all about the “wall-to-wall”.

- Chat didn’t exist, and messaging was used much less frequently. So wall posts were used for things that would be private messages now.

- Most importantly, our attitude to public wall posts was very different.

It’s the last point that’s most important. It’s hard to remember, but the current massive controversies around social media privacy were barely on the radar a few years ago. The subsequent change in attitudes is partly due to Facebook making their platform more “open”, and partially due to raising concerns amongst users.

For example, you didn’t have to worry about your posts being read by the general public – that wasn’t even an option back in 2008. You did, of course, have to worry about your mum reading about your drunken misadventures. But even that felt like much less of an issue than it does now. People hadn’t yet learned to self-censor.

The best analogy I can think of: old Facebook was like having some friends around at your own house. Though you probably wouldn’t prance about naked or insult people to their face, you’d feel comfortable dressing down or trading off-colour jokes. New Facebook is more like a social gathering in a public place – still friendly and informal, but you have to be much more careful to present a respectable image and avoid saying anything offensive.

I think Zuck was right when he said that people would adapt to a world with less privacy and more “transparency” – people adapted, and became more polite, bland and inoffensive as a result. “I never would have posted something like that on my wall”, they say, and really mean it.


This seems to be anecdotally confirmed by multiple people here. To me, if true, this screams of a broken engineering culture inside Facebook, where the model for data privacy and security is secondary, not primary. If this is indeed verified, no one should ever use Facebook for anything truly private, regardless of what apologies or excuses are made.

It is difficult to think of something like this, where private emails are accidentally disclosed publicly en masse, happening with gmail (or any other email service).

Someone must have a copy of an email notification that they can tie to one of these posts...

That would be too easily spoofed for it to provide any meaningful evidence.

"Someone spoofed it" is a much much higher hurdle than "someone misremembered it."

If it is indeed verified I would be the first one to jump on the bandwaggon and delete the account and tell others to do so. But so far I have not seen anything to verify it and more reports on Facebook claims that it is indeed old user to user wall posts (something I remember and used in the past personally) just showing up from people now liking them which at the time they didn't have a like button.

Regardless of what the actual situation is, if these posts are being brought to people's attention by friends because they seem sensitive and are now more prominent than they once were, isn't that a concern in and of itself?

Good point. Mass hysteria being used as a carrier for sudden bursts of clarity would be an interesting phenomenon in itself. Thousands of people suddenly realizing "Oh god, what have I been doing?"

Edit: The more I read about this, the more it seems to me that this is what is going on. I think this has interesting implications for the "Privacy is dead" attitude. It suggests to me that, contrary to popular belief in some circles, people are not ok with their diminished privacy.. they just haven't been thinking about it.

I wouldn't put this on the users' lack of clarity as much as I would blame Facebook for changing the course of it's features so much so that this is now happening to people. People were using the site as it was once intended and we can't blame them for being infuriated when the logic behind that usage changes. To me it's no different than Quora deciding to make all of your posts public without the chance to opt-in, except because of Facebook's privacy settings mess, it isn't easily reversible without severely crippling the content you've posted over the entirety of your account's lifespan.

Fair point. In either event I think it is fair to say that this demonstrates that privacy is valuable to consumers, despite what certain people might have us believe.


Already deleted all of them, and don't have access to that e-mail account anymore (never updated from my old school acct).

Post a screen shot, lets see it.

Well its public now isn't it. Isn't that the problem. What harm would a screen shot do. Can black out anything that is sensitive.

> Well its public now isn't it.

That strikes me as a very 'Facebook-eque' attitude towards the privacy of others. I am sure that if he were comfortable posting a screenshot of it, he would have done so without needing prompting.

You want a screenshot of his private message?

Surely, somewhere, somewhen, somebody sent a private message the contents of which are not particularly private. I know most of my private messages consist of "what are you doing Friday?"

This DOES seem to be anecdotally confirmed, but we're yet to see any screenshots of this. Pics or it didn't happen, folks.

Think about what you're asking for here. You are essentially asking to compound the error facebook made by making a screenshot of their private communications and posting it on yet another open forum.

That's like asking a rape victim to show her bruises publicly or you won't believe it. Pics or it didn't happen applies to lots of stuff but when there are a lot of people with pretty good reputations making the exact same claims then you might want to give them the benefit of the doubt.

Facebook is not above making mistakes and the number of people right here that make these claims is too large to simply be ignored or waved away. Clearly something has changed for some people, now the question is how many people are affected and what can be done about it.

That's like asking a rape victim to show her bruises publicly or you won't believe it

I get the parallel, but still, the rape analogy feels tasteless and out-of-scale. May I suggest "that's like asking someone what their password is to prove that it was stolen"

You're 100% right, that was a bad call.

It was the best I could come up with on the spur of the moment but I should have thought about it a bit longer. The weirdness of the request is what angered me to the point of being careless with words.

Hey, nobody is perfect with their spur-of-the-moment statements, especially when angry. Kudos to you for owning up to it.

It's pretty easy to redact a message so as to show they are the same message but without giving away sensitive info. Hell, some of these are probably benign messages like "sure meet you there" or something anyway. Your analogy is ridiculous.

Yes, but 'sure meet you there' wouldn't be quite juicy enough to satisfy the 'that was not private enough so therefore it wasn't a private message' crowd.

With the way sharding works I wouldn't be surprised if the whole thing was real but only affected an extremely small portion of the users, and in such a way that stuff that had been pushed into the mists of time made it back to the present somehow. That alone would qualify as a bug, the fact that facebook would shine the spotlight on old data like this is worrysome all by itself. If the data was private or in some other way hidden from normal view and suddenly given a much more prominent spot without the users being made aware of that ahead of time then that would be much more serious still.

For sure it seems that something changed.

"Yes, but 'sure meet you there' wouldn't be quite juicy enough to satisfy the 'that was not private enough so therefore it wasn't a private message' crowd."

The whole point of showing it next to a screenshot of the email or the message in the private inbox is to confirm that it is PRIVATE regardless of the actual content. There might be somebody out there who has an unusual interest in other people's private messages, but I think the vast majority of people are looking for something a bit more real than "this happened to me."

That's quite the straw man you're building.

You're asking me to believe what other people say without any proof. I stopped doing that when I lost my religion.

You heard it here folks, an engineering bug that didn't actually happen is tantamount to rape. Perhaps we should stop referring to them alleged bugs and start calling them rapes. I'm sure the rape victims in the audience would love this idea.

Um, blacked out words showing just then first and last letter would be fine.

Well it IS happening, and it's spreading. People are pissed. I found private messages published. And no, no pics because, you know, they were supposed to be private. And I am very careful on the matter. I am very annoyed to see it downplayed.

I'm not at liberty to post his jpg but a friend has posted a screen capture that's certainly got stuff that never would have made it to his wall.

It happened to me and all of my French friends. It's a top story on all major French news site http://news.ycombinator.com/item?id=4565739

FYI, it is spread to Spain.

Keep in mind that facebook's engineering philosophy is to push new code out every single day. This means that there is little to no QA on code push. Every engineer takes responsibility for their own code push and because people are human they mess up from time to time. I don't think this means that the culture is broken... there are simply pros and cons to on the fly site builds.

Have you ever written software? Or counted?

Facebook pushes code every day. As does Google and Amazon. These are orgs with thousands of people. Not every engineer pushes code every day.

Look into 'fail fast' as a concept. Facebook claims to take fail fast to the extreme.

It looks like it's only for old messages. My guess is that what happened is that they migrated some old messages to a new model. Maybe they had a mess of different old models, and some of them where converted to the wrong kind. I guess they were not careful enough with it, I just hope they will be able to revert it...

With any luck they'll start undeleting less-than-charitable picture comments I removed once the subjects of those comments joined Facebook. You know they still have them.

i can confirm this too. 3 private message threads from 2009-2010 were on my wall with the privacy set to "friends". these were conversations right out of my private messages (which were also in my private messages).

i'm deleting every facebook message as a result of this, which isn't easy as it has to be done one by one.

i am in the US, but my UK friends are the ones who alerted me to it, as it was happening to them as well.

Same here, my wife just called me crying because a large number of very private conversations she had with friends in the past are now visible on her timeline.

Is the quickest option a manual delete? She is freaking out.

Edit: I have set her privacy as strict as I can for now, but having pressed her on the topic, it isn't entirely certain that these messages were ever private.

My comment to her was that even if they were always on your wall, you (in hindsight) don't think they should have been. Don't let Facebook convince you that you are wrong to have thought differently. Facebook's model doesn't work like the arrow of time, memories and conversations don't fade out naturally and disappear, they just stay there permanently. And today, your present self wonders what you were thinking that made you post that. When you add that to the fact that your social graph on Facebook was different 5 years ago than it is today, it makes sense that you naturally think certain things should have been private.

In other words, you weren't fit in 2006 to know what in 2012 you would regret having posted and you aren't fit in 2012 to know what you are going to regret in 2018.

If you really are freaking out about stuff that your past self thought should be known to the world, then do your future self a favor and stop putting your life on Facebook.

quickest way to hide all of your friend's posts on your wall http://cl.ly/image/0s1e093Q0s1m

If FB shows in-network content to people who joined after the content was posted, that is a severe privacy violation.

Had the same problem as well. About 10-15 private messages were shown on my timeline form 2008-2009. I've hid my timeline so only I can see it for right now until it's fixed. Seems like an quicker /easier than deleting the messages.

Same thing here, I'm French and lots of my friends are having the bug as well. Lots of mention in the online newspaper too. I think once it's obvious that it's real, it's going to be a big deal for Facebook...

Every time I hear of Facebook developer philosophies, it's always "Move Fast and Break Things."... Not with 800 million people's private conversations, please.

What can one do? They aren't a government entity -- you can't vote management out or change policies. They aren't regulated -- you have no complaint procedures or escalation mechanism. The best you can do is yell at them. They will gladly laugh at you through their young-and-rich-and-by-the-way-fu billionaire eyes.

If they decide to make public every thing you've ever written in rolling 10 year intervals there is nothing you can do to stop them.

The public has no idea how much can go wrong giving one entity essentially a copy of their entire private lives.

The Data Protection Act 1998 would presumably apply in the UK and Ireland, and the EU has a data protection directive. My expectation would be that they could not disclose everything without consequence.

How many FB engineers are billionaires?

It's no coincidence that people that have tried to verify this by comparing to email notifications have posted as much, and people that have "confirmed" based on memory have yet to do so and post the result of their verification.

Do not trust your memory. Do not trust your assumptions. Just because this is plausible and everyone is claiming to be affected by it is not proof that it is in any way true. Check your notifications and find real evidence.

No one in here has even claimed to have confirmed this with email, let alone posted any evidence.

For a community that is usually quick to dismiss anecdotal evidence and fear, uncertainty, and doubt there seems to be quite a bit of all of the above going around in these comments.

Given the update on the Tech Crunch article, and the fact this is regarding wall posts from three years ago (which people probably don't have the best recollection of) my two cents is for those that believe that this is affecting them to temporarily deactivate their FB account, and the rest of us wait until we see some follow up blog/news posts with hard evidence before we start yelling that the sky is falling.

You know what's most interesting to me here? The tug between trusting my social network, and trusting FB and my own knowledge.

My friends are ASSURING me that these are private messages. But every media outlet is now running the story that this is not true. And I have seen no evidence. So what do I believe?

EDIT: zevyoura pointed out that I misunderstood the comment I was replying to. Please ignore if not applicable.

Trusting FB? I hope you are joking. You are the product being sold & FB will maximize the value of that at any cost.

Its all one big scam: They provide endless privacy controls over what your friends can see, but discreetly forget to provide controls over what they can sell to advertisers.

You seem to have misconstrued the parent comment; he was talking about trusting FB (and by extension the media outlets that are reporting their statement as fact) over his social contacts on this issue specifically.

I see. Thank you for pointing that out. I've added a comment highlighting the situation.

How does scaring people off the system benefit advertising sales? Think before you post. Even being greedy and selfish is not the same as desiring to ruin users lives.

Yes, in the end it's a good lesson about not trusting your memory too much and always trying to find proofs for what really happened.

If I could short FB I would do so immediately. The fallout from this is going to be immense and long-term. I'd imagine they are facing two choices at FB right now:

1. Take the site down and prevent any further leaks. But accept the absolutely massive flak that would come from that.


2. Continue to let the leaking happen and try to hotfix the bug. Be accused of failing to get a handle on it, but perhaps get away with it if fixed in the next 20 minutes.

I'd bet that it's been like this for ages and only just been noticed. That will make fixing it a bit harder I should think - not simply a rollback to the previous push.

"Update: Facebook Confirms No Private Messages Appearing On Timeline. They’re Old Wall Posts."

So TC have basically rewritten their entire article rather than add an update but anyway.

It's probably not private messages - but it is messages that people think should be private TODAY. But it doesn't really matter - it's perception that matters here. And also I guess this is an illustration of how people's attitudes to FB have changed over time.

"I would NEVER have shared this publicly." they say. But either they did, and now don't trust FB in the way they used to. Or they didn't and there's a bug. Neither are good for FB's brand.

So TC have basically rewritten their entire article rather than add an update but anyway.

There is no good way to answer "how do we correct a story that was completely wrong," but this seems to be a decent enough way to do it.

The correct way is a rectification. You leave the old story and point prominently to the correction at the top.

When did these people think these messages should become private? Today? Yesterday? Last year? They were never private. Why would you expect them to become private?

Probably the best solution for them at this point would be something in between, like hiding all friend's post on every user's wall instead of letting every user to that manually.

But facebook is about "sharing" with advertisers^H^H^H^H^H^H^H^H^H^H^Hfriends. They don't want less "sharing."

Advertisers target to your demographics regardless of privacy settings.

If I could short FB I would do so immediately. The fallout from this is going to be immense and long-term

That makes me wonder if there is some malicious self-interest behind this. Here's the formula:

ubiquitous yet misunderstood personal technology + sensationalist media + power of suggestion + deliberate astroturfing campaign = sudden and immense drop in stock price.

Not that I actually think this is the case, but it wouldn't be outside the realm of the possible.

Well, it happened. FB dropped about 15% over the course of one day, probably thanks to this.

And in case it is true flat out deny it ever happened.

Oh its false and not real, did that even occur to you or is your hate of facebook so intense that this possibility that users could be mistaken is just not possible. You know the very same people who gladly give up a ton of personal information on line to any one in the first place and stupidly trust corporations with personal information. I mean really is it impossible that these very same users could be mistaken with regards to old wall to wall posts?

Can at least one person making these claims actually show any real proof about this? Just one person. I mean if its such a major flaw and verifiable I would expect at least one screen shoot showing this to be the case.

I can confirm it too. Scary stuff. This is going to cause real world problems for a lot of people.

I am done with Facebook now. Bye.

I see a few messages on my timeline; thankfully they are all _really_ unimportant. (One liners like "hey thanks again.", etc.)

In principal, though, this bug shakes me to the core. Had it chosen to sample posts from 2010+ rather than 2008-2009; hell, I could easily be out of a job, or be dealing with some very upset family members.

This is unacceptable; it violates any shred of trust I had left in Facebook as a platform.

I'm done, too.

Im surprised at Facebooks response, which is basically, "Your all crazy and there is no problem".



"TechCrunch has investigated more, and we have found no evidence that the allegedly exposed posts were actually private messages. Their email receipts show they were in fact wall posts, and the posts do not appear in users’ Facebook Messages inbox.

Facebook also says in no uncertain terms that there is absolutely no privacy bug. What people are seeing are old Wall postings, not private messages. A spokesperson tells TechCrunch:

“Every report we’ve seen, we’ve gone back and checked. We haven’t seen one report that’s been confirmed [of a private message being exposed]. A lot of the confusion is because before 2009 there were no likes and no comments on wall posts. People went back and forth with wall posts instead of having a conversation [in the comments of single wall post.]

A small number of users raised concerns after what they mistakenly believed to be private messages appeared on their Timeline. Our engineers investigated these reports and found that the messages were older wall posts that had always been visible on the users’ profile pages. Facebook is satisfied that there has been no breach of user privacy.”"

This is why real reporters actually check into news stories first before publishing. I have yet to find a single shred of evidence anywhere that shows this has been verified and repeated. And I've been looking pretty hard for the last 30 minutes.

Interesting. Did you register just now to post this response?

yup due to a friend that puts way to much value in posters opinions here vs using logic and his own mind. People are jumping the bandwaggon of facebook hate on something that isn't verified based on reports that make a lot more sense that its old wall to wall posts and not personal messages. The lack of any real evidence including from those posting here that can confirm yet cant show screen shots of this is just more cause of concern this is just bandwaggon hopping. I have no love for facebook. None at all. But I am not going to go nuts over something that isn't proven in the slightest.

> And I've been looking pretty hard for the last 30 minutes.

You need not look so far, it's right here in this thread. People are confirming some of their private messages set to 'friends' only to be world visible on their timeline.

They aren't confirming anything. People are looking at wallposts and thinking/remembering they are private messages, but everyone that has tried to verify using email notifications has found only wallposts. Until someone shows that a verifiable private message showed up publicly, than there's no reason to continue spreading this. If it's a problem, it can easily be confirmed. Even Techcrunch, who criticised Facebook's response have now backpedaled.

"Same here, my wife just called me crying because a large number of very private conversations she had with friends in the past are now visible on her timeline."

Sounds pretty clear to me, I figure that the lady knows which conversation were private and which weren't, if only by their content.

Look at his edit, she isn't entirely sure they were private.

Amazing how many people have "confirmed" it but nobody has posted anything verifiable. Just a screenshot of the private message inbox/email + the post on the timeline. Redact as much as you want.

I've gone through the messages on my timeline, and truth be told I don't remember the context of a lot of the messages, so it wouldn't surprise me if people don't remember if something was private.

This feels like the "everyone go find weird stuff in your Wendy's food now" situation all over again. Except explained more by incompetence than malice.

I don't even like FB, but come on people.

And yet not one person has posted any evidence. Not one screen shoot. Which has been asked by a few people already. Show me the screen shots. Show me the screen shots.

Yes, random internet strangers, please reveal the conversations you specifically intended only one person to receive for the whole world to review!

No, people are making the same mistake the TC reporters made.

Look through the "private messages" of your friends. The dead giveaway is that a huge number of them are happy birthday posts. People post those on walls.

To me it looks that they were trying to buy some time. Trying to slow down the propagation of the story. But I think by now it's not fixed and it's obvious that it's very real, they will have to find something else...

I too thought I found private messages on my timeline. But it turns out they were indeed wallposts. It shows how much facebook has changed from a friends-only environment where you used the wall of people for semi-private chats, to a place where you have to be carefull and try to present yourself in a decent manner. Noone would ever use the wall in the same way it was used back then.

I 100% think that this is what is happening. Before Facebook's chat feature became as prominent as it is, the number of 'trivial' wall-to-wall posts was very high, such as 'hey, what what you been up to?' or 'Thanks again'. These posts look like 'messages' because these days you would normally just send it as a message.

So much press on this 'bug' but so little proof

Yeah, I'm really certain too. Some of them seem surprisingly private though, so no wonder people get scared. It's still a bad thing that friend banter from long ago suddenly shows up for all your new friends / colleagues / family to see...

This is exactly what I'm seeing. I just spent half an hour on the phone with my friend going over public posts from 2007 saying "WOAH, did we _really_ say that in public?". Every one was public. There were no examples of private messages showing up.

I'm deactivating my account because of this. I can manage without Facebook for a few days until they fix this bug.

+1 probably the quickest way to deal with this. Definitely beats deleting everything one-at-a-time.

Wow, a few weeks ago I was joking that if Facebook went through my private messages, I wouldn't be surprised, based on how scummy they've behaved in the past. Now apparently they've done this, except also shared everything with the whole world. I don't think I have to say this, but this is totally, 100% unacceptable. Back then I was using FB almost as a personal e-mail; the consequences of something like this could be cataclysmic. Can you imagine having your personal email "accidentally" posted to the general public?

This is where someone typically parrots: "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place." -- Eric Schmidt; Executive Chairman, Google, Inc.

To which I reply: I'm sorry, but my personal matters are personal _expressly because_ I've found people to be ignorant, bigoted, biased, or otherwise untrustworthy when it comes to matters of my identity.

The fact that I could lose my job because of my thoughts on cannabis prohibition? Or that I could be disowned because of my political and [lack of] religious tendencies? These things are private not because they're wrong, Mr. Schmidt. They're private because _someone_ thinks they're wrong; and _someone_ is making decisions that could impact _my future_ by judging what's publicly available.

I can no longer trust Facebook to be a secure messaging platform, which is basically all I used it for. I'm going to take charge of my web presence to whatever degree I can. I'm done letting large corporations abuse my data for their own gain, only to have shit like this happen.

And the obligatory full-context followup:

Q: People are treating Google like their most trusted friend. Should they be?

A: I think judgement matters… If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. But if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it’s important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities.”

As much as I disagree with Schmidt about true anonymity being "too dangerous," I have to point out that he said anyone, not everyone, and he was specifically mentioning the government.

It might be only certain users affected; I have trawled through all the '09 posts appearing on my feed, and all of them are legit wall posts from then.

Indeed; it was actually interesting to see how different Facebook was back then. So much more intimately public in terms of messaging and back/forth.

Haven't seen concrete evidence yet though...I went ahead and looked through some profiles and there's stuff that looks very revealing, as though it were a private incoming conversation but then every time I click on them, the convo box expands and I can see that people 'liked it', meaning it was public from the start.

Does anyone actually have real evidence? Maybe a screenshot of a message that CLEARLY is private and in no circumstance would they have forgot posting it on a wall THREE YEARS ago?

Definitely seeing a bit of this. It's inbound messages only, not outbound, but there are some things here definitely not meant to be seen by some friends.

well, that's because your outbound messages are on your friends's wall, not yours.

correct, if u go back and forth you can read whole conversations.

This fact alone may also add a bit of credibility.

If they were originally wall posts, your "threads" of conversation would be comments, not individual posts on each other's walls.

Not true. This is the source of all the confusion. Originally you couldn't like or comment on wall posts. Conversations were individual posts on each other's walls. You could click the "wall-to-wall" link to view the whole conversation.

This system gave conversations a different feel, and is now causing people to confuse them with private messages.

Edit: see http://news.ycombinator.com/item?id=4566956

Looks like FB have confirmed that these were old wall posts not the messages. Something is confusing.

They wouldn't ever lie, would they? Who are you going to believe, hundreds (or thousands) of FB users, or FB themselves?

FB, no doubt. Users (of any site) are morons.

I can confirm that messages meant only for me were public on my wall and I have found messages I only intended for others public on their walls. They were most definitely NOT wall posts.

This may sound snide, but you should contact TechCrunch. Offer up your proof to them on the terms that they don't republish it.

Go back and check the email confirmation you got for these messages.. did it say "...wrote on your Wall?"

So it's, again, people forgetting that they used to write wall-to-wall messages in 2009, and that they were always visible to friends?

Not at all, I can assure you I had my _private_ conversations disclosed.

I seem to be mistaken. However I was twice as stupid because I have hidden all these messages, and now I can't recover them on my timeline. I don't find them in my activity log (not under "hidden" nor "all"). Strangely, if I update my status and make it "hidden" in my timeline, it shows under "hidden" in the activity log...


Well, FB had kind of jumped the shark. I guess they wanted to leave no room for doubt about it.

I don't think so - I had my totally private messages visible publicly..


i' m thinking the same. People please compare with email notification Facebook was sending at the time, provide screenshot to have a real proof !

The posts in this thread are a great example of the power of suggestion.

It seems pretty clear at this point that there's no evidence that private messages were made public- other than hearsay.

That is deeply disturbing. Is it showing up as new or does one have to go back and find them in the timeline when they were sent?

They do not show up as new. The ones I found were mixed in with regular wall posts at the time of the post (2009 for mine).

If this is true, this is the first nail in a lot of very expensive coffins.

True or false, it's not going to help Facebook stock.

Even if it's just people's perception, it actually matters a lot. Facebook need user to trust them on privacy issues, that's their core.

wha, 10% cliff-drop isn't good enough for you? http://www.google.com/finance?q=NASDAQ:FB

Yes I think I see some old wall-to-wall posts but no messages.

Now I don't even know if it's new as I never check my FB Timeline (which SUCKS btw) ...

I just heard on the radio that the French government is monitoring the issue. Yes, that's what the country needs !?

What is kinda hilarious is that even on 2007 people were confusing wall-to-wall messages with private messages !

Old facebook that we don't remember:

A post on someone's wall had a link to 'Wall-to-wall' or 'Write on wall', in place of what we have today, the commenting system.

Screenshot: http://blog.hishamrana.com/wp-content/uploads/2008/07/facebo...

I just found some of my 'messages' on a friends public wall post from 2008. Not cool.

i went to check my fb timeline and indeed some messages between 2008-2009 DO look like they must've been private messages - people writing their home addresses and phone numbers and similar stuff.. i doubt these were public wall posts to begin with .. i can't find any old fb notification emails as i am deleting this things, unfortunatelly. but i does feel a bit scary :|

The vast majority of FB users are confused enough to post this info publicly. Look at any "I got a new cell phone! Send me your digits!" post.

One thing I'm walking away from this incident with is a better understanding of the power of the Facebook PR machine. I would be interested in a timeline of how this whole process unfolded... too bad only companies like Google and Twitter will ever know for sure how it all spread.

I think its actually old private chat messages that are showing up.

tl;dr: This is confirmed untrue at the bottom of the article.

Bye-Bye Facebook.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact