To all the skeptics in threads like these: asking that Facebook actually, entirely, erase all your data isn't a reasonable demand.
Unless, if course, you're also OK with Facebook's walled-garden, Facebook-is-the-Internet, Compuserve-wasn't-so-bad strategy.
Anyone who ever tried to delete content from the internet knows this: The Internet Archive has long since made a copy of what you're trying to delete. Anything you post on the internet, the real, open internet, is forever.
If you don't want that, then you'll need to accept that a single entity has full control over what happens with your content, locks it behind a log in so that it can't be easily mined, and does with it what it pleases.
I'm not willing to accept that. I'd rather that my content belongs to everybody than that it belongs to Facebook. But you can't have it both ways.
I agree with your general point but your example is not correct
The Internet Archive makes it very easy to remove content from their site. I had a family web site accessible to the public for 12 years with about 25,000 pictures on it. For various reasons I took the site down but archive.org still showed the pictures. A quick change to robots.txt stopped that though. Basically, even if the archive grabbed the files at a point in time they periodically check to make sure they still have the right to those files in robots.txt. If they don't, they won't display them. I was vey impressed with them when I learned this.
It's also IMO a reasonable question what the "right" behavior should be in such a situation. I'm tempted to make the argument that once content has been made available to the world and archived by the Internet Archive, my descendants or a new corporate owner shouldn't necessarily have the right to remove that content from public view at some time in the future.
I'm in this camp. I owned a 4 letter TLD that I was first registrant on in 1994 and held it until I sold it in 2001. I had lots of interesting things published on the site and as soon as the new owner took the domain, he put up a robot.txt blocking the site my years of content disappeared from the archive. :(
I keep toying with the idea of trying to buy the domain back but it's value has become somewhat prohibitive. Maybe when I win the lottery :/
Make sure you maintain control over the domain and always have a robots.txt file present, because if you ever lose that, those files will become visible again. Good luck arranging for your descendents to do this after you die.
I'm pretty certain that this isn't the case. If anything, it's the other way around - if a domain changes hands, and the new owner sets up a restrictive robots.txt, the content in the archive is made unavailable, and stays unavailable even if the robots.txt (or the whole domain) later disappears.
It's perfectly possible and reasonable to delete all of your data.
It's just hard.
We have to do this with our clients if they shift off our platform and believe me, it's not much fun deleting 20-100Gb datasets from a shared database with over 2000 tables in it on production kit.
Hmm, I'm not sure what you mean by "our platform", but if I post a youtube video, it gets popular, but I get ashamed of it and decide to delete it again, the video will have spread far and wide to other video sites again.
Some for public web pages and the internet archive, for stackoverflow answers/wikipedia entries and SEO rats, and so on.
How is "your platform" going to help me delete my embarrassing drunk student video from the internet's video sites?
The only way "your platform" can do this, is by actively working to block public access to that video in the first place. Then you can have fun (or not) deleting those 20-100Gb datasets. My point is that that means accepting that you're posting stuff to a walled garden.
It sounds like his platform is perhaps a private enterprise platform? In other words, it doesn't sound like Facebook or Youtube where information can easily spread, which is probably a prerequisite for having control over your data.
The company I work for deals with background checks and screening information on behalf of our clients' clients. I could definitely see us safely removing all of that personal information from our system and not being able to recover it. But at the same time, we're a much much much smaller organization compared to Facebook.
*Anything you post on the internet, the real, open internet, is forever*
I've tried looking for stuff I posted on craigslist 5 or 6 years ago and nothing was in the wayback machine, only dead links to a few posts.
Apparently the crawls of the site only went a couple/few layers deep, as well as crawls not being conducted daily, and some years had only 2 or 3 crawls for the entire year.
I haven't tried searching my old facebook posts yet though, maybe some sites are more thoroughly catalogued than others.
Perhaps some other entity is storing my old posts, but I doubt that the NSA will allow me to access my own data.
Yes. They are cycled out after a week. Our data is useless after then as most of it is real time. Audit logs are kept offline in gzipped daily text files per client and these are handed over to the company and deleted.
Not sure I understand. If Facebook were federated, it would not be reasonable to expect it to delete your data for the practical reasons you mention. Facebook is not federated, so they presumably are able to delete your data. Maybe it's naive to expect them to behave in an honest or considerate manner, but not it's not unreasonable to ask it as far as I can see.
Edit: Of course there's nothing they can do if somebody's screenshotted your post or stored its contents in their brain, but that's not what we're talking about.
> I'd rather that my content belongs to everybody than that it belongs to Facebook. But you can't have it both ways.
You can publish your stuff on Facebook or G+ as "public"... I saw some people are doing that, using it as a blogging platform. Then it belongs to everybody but you are also taking advantage of the social elements on those networks.
No it "belongs" (in your sense of the word) to the platform used to publish it. You loose a significant part of your rights to that content (be it public or private).
The only way to "own" your content is to publish it on your own domain on a host you just pay for storage. You might then link to the content via your (so called) social playground of choice. But you will own the content in a "normal" use of the word.
You can even explicitly state a copyright-info and lay out your terms, that tell everybody that this is your creation, your belonging...
Posting it publicly on any platform that you do not own, will end in you loosing rights to your creation.
At least I have the option to delete my FB account. On the other hand, Google has lately been aggressively pushing me to convert my YouTube account into a G+ account. Once this is actually forced upon me, is there any way to 'delete' my Google+ account without deleting my YouTube one?
I get pestered with messages from Google on various services asking for my phone, merging/creating accounts, joining Google+, etc. Often the UI is so that for an average user it's not clear how to opt-out from it. Undoubtedly on purpose.
Each time you want to sign out of Google, there's an ever present, huge bright button - "Join Google+". I suppose more than one person clicked it by accident or out of frustration :) On rare occasions when I use Chrome, it never forgets to remind me how I'm missing out and should totally sign-in to Chrome.
I'm pretty much always logged in. Just to be sure, I went to YouTube, logged out and then in again, but nothing different happened.
I have a standard Google Account username (i.e. my username and not my real name appears when I comment) and it's not linked in any way to G+ (although I _do_ use G+ often, might that be the difference?).
> You’ll need a full Google+ account to get access to all of Hangouts’ features including group video calls, sharing photos, and using Hangouts with Google+ circles.
A friend turned off Google+ and Hangouts was entirely shut down for him, even on the browser side. I'm not sure if that's a recent change, but deleting a Google+ profile seems to cause some unexpectedly bad things to happen, like that.
I know for a fact it is impossible to use Hangouts on iOS devices without maintaining a Google+ profile. A friend was forcibly signed out when she deleted the profile it created for her using the iOS app. Either Google+ is on or Hangouts isn't a stable option.
Edit: To clarify, two separate friends who don't like/use Google+. Sorry if I'm being confusing when trying to add context.
I work on this at Facebook and we do permanently delete your content when you delete your account. It's an interesting distributed systems problem, and we're happy with the framework we've developed for this. We're working on a blog post with more details and hope to publish that soon.
Just to vouch, though not in Facebook's case, it is complicated.
Many sites use a CDN (Akamai, Limelight, Amazon's Cloudfront, etc.). The whole idea of a CDN is that it distributes content. Even if the origin goes away (your copy), the CDN may continue serving it for a long time. If someone has a specific item URL within that network, they can still access it. Working with CDN APIs to delete content (especially if, say, that content has various instances based on sizes, previews, etc.,) can be ... interesting.
And if third parties are presenting your content, they might also persist it, say as a Google preview or cache, or Archive.org, or other tools.
Even within your own systems, data can be replicated in ways which are difficult to access fully. Backups can exist which cannot be easily accessed for wiping. There are war stories of magically re-appearing data resulting from data recovery operations.
So, while it's possible to flag content as "don't present" pretty easily, actually rooting all of it out thoroughly can be a much more involved task.
Saved to favorites - Right next to Lucy's Instructions for kicking a football.
So I visited my Linkedin profile earlier this week. They had automagically added a long disconnected telephone number to my profile - as in disconnected for over five years. I suspect it came either from extended internet data mining or more likely an obsolete contact in some acquaintance's uploaded address book.
A Facebook profile is mostly a Collection of Pointers. Deleting the pointer doesn't delete the values at the other end. Until garbage collection, they will persist. In other words, unless my friends and family and groups to whom I have sent information delete their accounts, data about me will persist.
Accounts are not zombies. They are vampires, never having died in the first place.
Coincidentally, Adam Hupp from FB spoke at HN London last night and he made a comment that when you permanently delete your facebook account, they do actually wipe all the data stored on you. In Europe at least, there are significant due diligence processes that they are legally required to follow in this regard.
I have zero trust in Facebook and probably would not even believe them if Mark swore on his mother that they perform a proper wipe of your private data.
With that in mind you shouldn't have a hard time understanding why it sounds to me as if they delete all copies on servers in the EU but US mirrors of your profile remain untouched. How else could their algorithm deduct that your ladyfriend used to be a man without analyzing old conversations from deleted profiles. Could you live in a world where facebook sells birth controll pills to former biological males.
Ok I admit it's a hyperbole/edge case but I know that you know what I mean ;)
The possibility that Facebook actually deletes "all the data stored on you" is negligible! I give it 0.00000000000000000001% likelihood. This is against anything Facebook has ever done. Empty words!
Hum -- so assuming Facebook is making offline backup copies (which they should), are they really going to retreive their offline backups and remove your info if you want to delete your Facebook account?
I `deleted' my Facebook account a couple of years ago, but I have no doubt that all that old information is still floating around in a database on one of their servers.
In the UK there are laws requiring businesses to retain certain data for several years, so that the authorities can get at it if they need it for evidence in the future. Yeah, I know...
So, is facebook bound by the same sort of laws? If not in the US, what about the UK and other counties? Are there different policies per country, or does FB only do what US law says, if it says anything at all.
If they are bound by such laws, then we cant really blame FB for keeping the data. They may have no choice. Also, by then, the likes of the NSA/GCHQ could already have a copy of such data.
I went through this delete procedure a while ago. I don't know how I try to find out if my data was deleted or not. No way do I want to try to login as I am worried it will reactivate my account and data. So, I'm just left with some one's say so.
I wonder if in the UK a freedom of information act application would reveal it?
Added:
How do you even contact facebook? Looked at their site and I see nothing. Of course in order to ask on a FB forum you need to sign up. Is there a simple email address?
I deleted my Facebook account a few years ago through this process. I was very careful not to log back in, and when I tried a few months later I was rejected - no account linked with that email address.
Six months later I signed up with a different email address, and Facebook forced me to confirm my account with my phone number. Javascript Error - that phone number is associated with another Facebook account. I click OK, and I'm redirected to my "new" account with all my old Facebook friends (on the opposite side of the country) showing up as "people I may know."
The other possibility is that it's people that have looked up your name on Facebook before you had an account. So HQ logged it as X wanting to find Y. When Y makes an account, we'll let him know X was trying to find them.
Careful - if you even attempt to log in during the two week window, they will reset the timer for deletion (it can be easy to almost unconsciously log in if you're a heavy user). They even do it before you confirm or deny that you're reactivating your account. Seems like one of those psychological games: "come on, do you really want to leave? Now you have to wait even longer for your account to be deleted! Just come back to the fold!"
In terms of privacy I see two categories of data on a network: (1) data that leaked/has been copied to other people and (2) data that hasn't yet leaked.
The thing is you can never know with certainly when a piece of data has changed from "not leaked" to "leaked", so effectively you have to act as if all data is leaked in all circumstances as soon as you put it on the network.
> Perhaps that's sensible to catch malicious/accidental deletions, but I imagine it also makes it hard for Facebook addicts to leave.
Especially when during those few weeks you get constantly bothered by emails like 'your friends are missing you', 'look what they posted this week', etc. and when you click on anything - bam, you're logged back.
You need to ensure your OAuth tokens are revoked, or they might trigger a "re-login" (i.e., visit TechCrunch, forum uses OAuth token to log you into Facebook forums).
You can do this by changing your password right before you delete your FB account, as that is supposed to revoke OAuth tokens.
This is very true. I can't bear the deafening sound of trumpets blowing on FB so rarely visit it. On occasions though, it's service as a 'Friends Reunited v2' works well for me.
Isn't that one of the main features of LinkedIn? Maybe I'm misunderstanding but aren't you essentially saying the equivalent of "I don't use Google's services but it's a handy way to help me find websites"?
Somebody "friends" me on LinkedIn, I accept. If I need to contact that person and I don't have their email, I go into LinkedIn and send them a message.
So it's essentially a backup in case my address book fails. I'll pop in there maybe a dozen times a year. That's not exactly using their service.
> Your account has been deactivated from the site and will be permanently deleted within 14 days. If you log into your account within the next 14 days, you will have the option to cancel your request.
I guess I better delete all cookies before I accidentally get logged in back.
I would know whom to blame if I had used a weak password that got cracked in order to delete my account. And I think you should expect the same from every reasonable adult.
But yeah, FB should add a stronger auth for that dialog - more than a password and a captcha field.
Wait, you're telling me they'll auto log you back in? I recently found out I have a facebook account. I had no idea I had one but after a password reset and visit to that page I figured in 14 days it was a settled matter. Wtf, facebook!? Seriously?
I don't think they perform an explicit auto log in to cancel your delete request but mis-clicking a like button (or clicking on a harmless LOOK AT THAT FUNNY CAT PICTURE-URL in an IM chat, etc) might trigger a log in.
They certainly track you even if you're not logged in so who knows what javascript trickery they're up to to make logging in 'easier'.
They can — they just do not want to. There are huge chances (anecdotal experience) of people reactivating their accounts and FB wants to keep its social graph enriched.
I doubt it because your username is linked with your Facebook email address (username@facebook.com). It would probably lead to other people getting your emails if they reassigned the username. I was actually surprised when I found out Twitter reassigns usernames. After I closed my account it wasn't long before someone took mine.
I gather this link points to facebook.com. Funny, I deleted my facebook account years ago, but Im sure as heck not going to click on a facebook.com link and find out if I really did!
(subtitle, I react to facebook.com links as if they were phishing links and what would be the difference? scraping my contacts, selling my personal data, rewriting my TOS at every opportunity. I view the home page of facebook even without logging in as a phishing site. Sorry Mark. :()
>> "I gather this link points to facebook.com. Funny, I deleted my facebook account years ago, but Im sure as heck not going to click on a facebook.com link and find out if I really did!"
So although you don't want a Facebook account, if you have one you forgot about you'd rather not know about it??
Unless, if course, you're also OK with Facebook's walled-garden, Facebook-is-the-Internet, Compuserve-wasn't-so-bad strategy.
Anyone who ever tried to delete content from the internet knows this: The Internet Archive has long since made a copy of what you're trying to delete. Anything you post on the internet, the real, open internet, is forever.
If you don't want that, then you'll need to accept that a single entity has full control over what happens with your content, locks it behind a log in so that it can't be easily mined, and does with it what it pleases.
I'm not willing to accept that. I'd rather that my content belongs to everybody than that it belongs to Facebook. But you can't have it both ways.