Facebook does not erase user-deleted content

When users upload content, pictures and video to Facebook, it is not erased from their servers even when the user 'deletes' it. Video and experiment.
Written by Zack Whittaker, Contributor
Nearly a year on since Cambridge University researchers discovered that Facebook, along with other major social networks, doesn't erase server-side copies of your uploaded data, the world's biggest social network is still guilty of such a sin.

Since then, the site has nearly doubled in size. It's now has the population of the third biggest country in the world, with tens of thousands of servers holding your data, which as soon as it is uploaded, belongs to them to do as and what they wish with it.

Four US Senators are jumping on the privacy bandwagon concerned over users' privacy. As Sam Diaz points out, profile data by third-party developers (ie. anybody who can write an "application" for the site:

"...used to be limited to 24 hours but that was recently lifted by Facebook. At the f8 conference last week, the executives said this was more of a technicality and suggested that it wasn’t as big of a deal as it might sound."

So, it's fair to say while Facebook is growing exponentially larger every day, issues around privacy, user data and information is becoming more difficult for individual users and account holders to police. Facebook, on the other hand, is rolling in it and absolutely loving it. Their privacy policies and terms of conditions covers their arse, so end users cannot complain as they would have been expected to read them before signing up.

Pretty much the same experiment enacted by the Cambridge University researchers a year ago, I have tried this myself - nearly one year on, just to be sure - but only with Facebook.

I uploaded one picture and one video with restricted permissions so only I could access them through Facebook wherever possible, then deleted them. Even though the user has specifically deleted the content, they are still stored on Facebook's servers and content delivery network by accessing the direct hotlink.

The video proves that the content was uploaded and deleted. Using the links below, you can see that the picture and video is still available to access, and if you wish - for further proof - match the URL's used in the video (it's in HD so you can see) with the full direct links below.

The kitten picture that was uploaded and deleted: http://bit.ly/aUiteD (Full direct link) The Tango video that was uploaded and deleted: http://bit.ly/dimpbD (Full direct link)

Now granted, it could take a while for Facebook's content delivery system to getting around to deleting all cached files, different versions and backups of the files in question. But no, this isn't the case.

This is something you lovely people can try at home. Upload a picture, copy the direct URL of that picture, save it somewhere for future reference, delete the file and see how long you can directly access it for. I can bet my bottom dollar that in a months' time, or even six months' time, you'll still be able to access it.

This is a quickly-done experiment of which only time will tell. There are two likely outcomes:

  1. Facebook sees this post, isn't happy, trundles through my account and manually deletes any copy of the above content. I wouldn't be surprised, actually, but I have a backup plan. The same experiment was done yet again - including video and links but using a friend of mine's account, stored offline and not to be published - which corroborates this story should Facebook pull the plug.
  2. Say in a week or a months time, the links remain live and proves that the content doesn't get deleted.

A year ago, a Facebook spokesperson responded by saying:

"When a user deletes a photograph from Facebook it is removed from our servers immediately. However, URLs to photographs may continue to exist on the Content Delivery Network (CDN) after users delete them from Facebook, until they are overwritten. Overwriting usually happens after a short period of time."

... and this morning, when I received an email from a Facebook spokesperson, they said:

"As stated in Facebook's Statement of Rights and Responsibilities, the governing document for the site, 'when you delete IP [your intellectual property, including pictures and videos] content, it is deleted in a manner similar to emptying the recycle bin on a computer'. However, you understand that removed content may persist in backup copies for a reasonable period of time (but will not be available to others).

It is possible that someone who previously had access to a photo on Facebook, and who saved the direct URL from our content delivery network (CDN) partner (this is different from the Facebook URL) might still have access to that photo.  We have been working with our CDN partner to reduce the amount of time that these backup copies persist."

They did not explain how long "a reasonable period of time" is. Also, when you upload a picture or video, not only do you sign away all rights of property to Facebook, but they pass it on to their content partners and can be (and are) used for advertisements. Nobody seems to know, or want to talk about where photos are actually uploaded to - so for all we know, they could be beneath the Facebook head office, in a data center somewhere or on the Moon.

Either way, it's a harsh reality and that the students of this world need to be extremely cautious. Once something goes on Facebook (or the web), it doesn't come down again. Ever. Just because you cannot directly access it through your Facebook interface doesn't mean that the content isn't lurking around the corner for your next employer to stumble upon, and not give you that dream job as a result of the drunken photos you uploaded.

Is it about time governments intervened to scrutinise Facebook's privacy issues?

Editorial standards