IP Source

Friday 10 February 2012

Facebook - "deleted" photos never go away

When first investigated, this phenomenon in 2009, it was discovered that photos "deleted" from Facebook seemingly never go away if you have a direct link to the image file on Facebook's servers. Users who might have had second thoughts about posting a photo—whether it was because they didn't want retaliation from an employer, wanted to avoid family drama, or uploaded a photo of a friend without their permission—could certainly remove the image from Facebook's main user interface, but as long as someone had a direct link to the .jpg file in question, the photo would remain accessible for an indefinite amount of time.

When Facebook was asked about it, we were told that the company was "working with our content delivery network (CDN) partner to significantly reduce the amount of time that backup copies persist."

But a follow-up investigation more than a year later, "deleted" photos were still accessible via that direct link. That's when the reader stories started pouring in: horror stories about online harassment using photos that were allegedly deleted years ago, and users who were asked to take down photos of friends that they had put online.

There were plenty of stories in between as well, and rightly panicked Facebook users continue to e-mail, asking if any new way exisits to ensure that their deleted photos are, well, deleted. For example, one reader linked me to a photo that a friend of his had posted of his toddler. He asked his friend to take it down, and so the friend did—in May of 2008. As of this writing in 2012, I have personally confirmed that the photo is still online, as are several others that readers linked me to that were deleted at various points in 2009 and 2010.

Go ahead, use the service, allow anyone in the world to view your private life. What may now seem a harmless upload, how will you feel 20 years from now?

No comments:

Post a Comment

Send a plain text, no attachments, email from any client to comment. Only registered users or OpenID have this access.