'Deleted' Facebook photos survive online three years later

Filed Under: Facebook, Featured, Privacy, Social networks

"How do I delete my Facebook photos?" is a common question I hear.

"You don't," is the correct answer.

True, Facebook maintains that you can permanently delete photos. Here are the company's instructions on how to perform the ritual of killing, if not the literal killing itself.

Facebook advice on how to remove photos

The ritual might give you the fleeting satisfaction of feeling that you've cleaned up the visual panoply spawned by your more unprofessional and/or debauched history.

But as Ars Technica's Jacqui Cheng reports, there are no guarantees in Facebook Land.

Some 2.5 years after Ars Technica first brought the issue up in 2009, Facebook has admitted that it's still working on deleting photos from legacy servers in a timely manner.

Here's what Ms. Cheng has to say about it:

The company admitted on Friday that its older systems for storing uploaded content "did not always delete images from content delivery networks in a reasonable period of time even though they were immediately removed from the site," but said it's currently finishing up a newer system that makes the process much quicker. In the meantime, photos that users thought they "deleted" from the social network months or even years ago remain accessible via direct link.

In July 2009, Ars Technica discovered that photos theoretically deleted from Facebook never go away if somebody has a direct link to the image file on Facebook's servers. In 2012, Ms. Cheng found that those same photos, supposedly deleted nearly three years ago, could still be accessed online.

PolaroidUsers following Facebook's deletion instructions will find that the image(s) disappear from Facebook's main user interface, but a link to a .jpg will work just fine "for an indefinite amount of time," she writes.

At the time, Facebook said it was working with its content delivery network (CDN) partner to significantly reduce the amount of time that backup copies persist. Contrast that with Twitter and Flickr, which both deleted photos within seconds.

It's easy enough to test: Save a direct link to a .jpg you plan to delete. Delete the photo on Facebook. Then plug in the saved URL.

Whereas such direct links to photos broke after a quick hard refresh on Twitter and Flickr, photos on Facebook and MySpace persisted for, well, years, at this rate, in spite of both companies' claims that deletions of user information happen immediately.

Facebook spokesperson Frederic Wolens told Ars Technica that the undeleted photos are stuck in a legacy system that never worked right to begin with:

The systems we used for photo storage a few years ago did not always delete images from content delivery networks in a reasonable period of time even though they were immediately removed from the site.

Mr. Wolens told Ars Technica that Facebook is working on a new system that will delete, as in actual destruction/lack-of-existence really really delete, the photos in a comparatively zippy month and a half. He said:

We have been working hard to move our photo storage to newer systems which do ensure photos are fully deleted within 45 days of the removal request being received. This process is nearly complete and there is only a very small percentage of user photos still on the old system awaiting migration, the URL you provided was stored on this legacy system. We expect this process to be completed within the next month or two, at which point we will verify the migration is complete and we will disable all the old content.

Well, that's all right, then. If Facebook says it will have a system that works in the next few months, all this will be fine, because after all, we believe what Facebook tells us, right?

Right. Yea, right.

If you use Facebook and want to get an early warning about the latest privacy issues, malware attacks, scams and hoaxes, you should join the Sophos Facebook page where we have a thriving community of over 160,000 people.

, , , ,

You might like

9 Responses to 'Deleted' Facebook photos survive online three years later

  1. Remember Zuck saying "They trust me, dumb f***s"

    People are so hooked to facebook that they can't live without it. And they believe everything mark is saying to them. Feel sorry for the facebook users

  2. Iestyn · 902 days ago

    I raised this issue with facebook years ago only to be told to empty my browsers temp files & cache, as it was MY browser that was at fault. Facebook lost its appeal to me soon after these lies & it's headless chicken routines.

  3. GmD · 901 days ago

    The direct access to images has always been a serious facebook privacy problem. Although loading the web page that loads the image is controlled by privacy checks, direct access to the image is not. So, if, for example, someone you are interested in is tagged in one of a set of pictures but acess to the others is denied, you can obtain the direct image source address, & play with incrementaly changing the image number to access the other photos in the series.

  4. kevinwaynesongs · 901 days ago

    MySpace is still in the top 10 Social networking sites, beating out Google+, according to Nielsen: http://blog.nielsen.com/nielsenwire/online_mobile...
    (Scroll down to the chart were MySpace is mentioned.)

    MySpace is #16 on Seomoz: http://www.seomoz.org/top500

    And is in the Top 7 trending brands on Twitter: http://thenextweb.com/twitter/2012/01/10/the-top-...

    According to Google's own stats, MySpace is still in the top 100 sites worldwide, ahead of Tumblr & HuffPo. Surprisingly, Reddit is nowhere in sight: http://www.google.com/adplanner/static/top1000/
    Just looking at that list and counting Social networking sites, MySpace comes in at number 5.

    And it's still beating out Tumblr & Google+ according to CommScore: http://www.techradar.com/news/internet/myspace-mo...

    MySpace TV is also mentioned postively in these articles: http://venturebeat.com/2012/01/18/the-view-from-c... http://www.v-net.tv/myspace-unveils-soctv-and-sec...

  5. Johnatlincoln · 901 days ago

    I think you will find exactly the same related problem with most Internet content, including personal details held on popular shopping servers. This is certainly the case in the UK. Try getting a TESCO account deleted, or ASDA, who admit they cannot remove client details from an ASDA direct account. Marks and Spencer are better, but you have to apply in person to an email address that is very well hidden. With both TESCO and ASDA, once signed up your personal data is held in unencrypted format and cannot be removed - ever! unless like me you resort to the ICO and section 10 of the data protection act.

  6. Anonymous 1 · 901 days ago

    I have started to tire of the old meme that Facebook users are all dumb, hooked on Facebook and unknowingly awaiting the inevitable crash as their lives fall apart around them when their seedy secrets are exposed for all to see.

    The truth is, I am sure, that most Facebook users over 25 don't post embarrassing photos on it, or the stuff they share privately probably wouldn't cause a big deal if it went public (maybe a little irritating) and are aware (by now, who isn't?) that information they post online anywhere is not really private and could be accessed by those who they didn't intend it to be.

    Sure there are those who don't meet the above criteria but I am certain there are far less than there is made out to be.

    They make a caculated assessment of the facts and decide that the above issue really does not matter to them personally, even if they do think it is a bit off that Facebook does not delete photos for 2 years.

    I am not against educating and informing those who do not know these problems - that is an important role - but I am tired of the assumption that almost everyone doesn't know and would flee Facebook like a sinking ship if they did. Many do know, and won't because they either don't care, or it would never be an issue.

    I mostly tire of these wannabe-Anonymous Facebook hackers who feel it is their duty to save Facebook users from themselves even though none of us asked for or even want their help. Informed adults can make decisions and take the risks for themselves. The rest just need to be informed.

    • Lisa Vaas · 896 days ago

      Yea, it's a meme, all right, and maybe it's Pollyanna-ish to believe that companies who say they're going to do something should actually be taken to task when they don't. So call me Pollyanna. Bumper crop of kudos for Ars Technica for staying on this. One of the problems with reporting on this stuff for the Naked audience is that we are, in fact, preaching to the choir. But the security literate should still bear some onus for educating their friends and family, and to do that, y'all need to know about the current state of these things, meme or not. Just because most Facebook citizens are blasé about these matters doesn't mean they don't merit coverage. You poke a stick in people enough times, and you can awaken some action and stir some law enforcement. After all, wasn't SOPA/PIPA the Queen of the Meme? Dogging that issue came to some good effect.

  7. Pat M · 900 days ago

    This brings up another issue I noticed years ago. You may recall when Facebook installed Beacon and the uproar that occurred in its first few months. At that time I left Facebook for that and many other reasons. Upon deleting my account, another name immediately popped in my place on my friends pages. I contact Facebook and I was told I was full of BS. To this day that person is still on 1 of my friends pages. I requested it stay there. I want to see how long it takes Facebook to figure it out. If you want proof, just contact me.

  8. Jonathan · 839 days ago

    I would really like to hear an update to this story when/if it has already happened.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

I've been writing about technology, careers, science and health since 1995. I rose to the lofty heights of Executive Editor for eWEEK, popped out with the 2008 crash, joined the freelancer economy, and am still writing for my beloved peeps at places like Sophos's Naked Security, CIO Mag, ComputerWorld, PC Mag, IT Expert Voice, Software Quality Connection, Time, and the US and British editions of HP's Input/Output. I respond to cash and spicy sites, so don't be shy.