24-Year-Old Asks Facebook For His Data, Gets 1,200 PDFs

← Back to Stories (view on slashdot.org)

24-Year-Old Asks Facebook For His Data, Gets 1,200 PDFs

Posted by Soulskill on Tuesday December 13, 2011 @12:20PM from the ask-and-ye-shall-receive dept.

chicksdaddy writes "Be careful of what you ask for. That's a lesson Max Schrems of Vienna, Austria learned the hard way when he sent a formal request to Facebook for a copy of every piece of personal information that the social network had collected on him, as required under European law. After a wait, the 24-year-old law student got what he was seeking: a CD with all his data stored on it — 1,222 files in all. The collection of PDFs was roughly the length of Leo Tolstoy's War and Peace, but told a more mundane story: a record of Schrems' years-long relationship with the world's largest social network, including reams of data he had deleted. Now Schrems is pushing Facebook to disclose even more of what it knows."

91 of 291 comments (clear)

Min score:

Reason:

Sort:

It should be illegal..... by ThisIsNotMyHandel · 2011-12-13 12:21 · Score: 5, Insightful

It should be illegal for these companies to keep user generated content once the user deletes it.
1. Re:It should be illegal..... by earls · 2011-12-13 12:24 · Score: 5, Insightful
  
  What if I want them to? Version control, anyone?
2. Re:It should be illegal..... by Anonymous Coward · 2011-12-13 12:25 · Score: 2, Insightful
  
  Should it also be illegal for me to keep a record of your appearance in my mind once you leave the room as well?
  >Making up arbitrary emotionally motivated "this should be illegal" arguments on the fly.
3. Re:It should be illegal..... by Anonymous Coward · 2011-12-13 12:27 · Score: 2, Funny
  
  You might be legally retarded.
4. Re:It should be illegal..... by swalve · 2011-12-13 12:31 · Score: 3, Insightful
  
  So they should have an army tasked with sanitizing all the backup tapes whenever I delete a photo?
5. Re:It should be illegal..... by A.+B3ttik · 2011-12-13 12:32 · Score: 2, Informative
  
  I find this attitude so ignorant. How does a company instantly delete backups on redundant servers? How do they delete redundant hard copies kept in closets separated by meatspace? Furthermore, if you upload something to Facebook, and someone ELSE downloads it and saves it to a CD, and you delete it off facebook, should THEY be forced to magically know you deleted it, and delete their copy as well? Does Google have to delete their caches of your facebook page? Or maybe you are saying that Facebook, Google, etc should never make backups?
  
  The truth is that once you upload something to a site like Facebook, it becomes publicly viewable and accessible and ANYONE can download it. The unfortunate truth is that you can never really UNDO that action, and no matter what arbitrary laws or draconian regulations you force companies to abide by, you can never truly take it back, even if you hit the delete key.
  
  The paradigm shift needs to be in how people view sites like Facebook, Photobucket, etc: Don't upload anything you want to keep private. If you want to keep it private, upload it to a company that guarantees your privacy... NOT Facebook.
6. Re:It should be illegal..... by drcheap · 2011-12-13 12:32 · Score: 5, Insightful
  
  It should be illegal for these companies to keep user generated content once the user deletes it.
  It's legal because the user agreed to let them keep it. I'm sure it's somewhere in those 6000 words nobody reads...probably something along the lines of "content uploaded by the user of the system becomes the sole property of the system" only more legalese sounding.
7. Re:It should be illegal..... by Anonymous Coward · 2011-12-13 12:35 · Score: 2, Insightful
  
  If a user shares content, it belongs to everyone who it was shared with.
  Removing it because someone deleted it isn't a clear cut as people here make it seem.
8. Re:It should be illegal..... by CannonballHead · 2011-12-13 12:37 · Score: 4, Funny
  
  "Making up arbitrary emotionally motivated "this should be illegal" arguments on the fly."
  That should be illegal.
9. Re:It should be illegal..... by Oxford_Comma_Lover · 2011-12-13 12:38 · Score: 5, Insightful
  
  Your personal knowledge of a prior event concerning me does not raise privacy concerns. Your automatic and routine compilation of all prior events concerning me and sharing of that information with intelligence agencies, law enforcement, and commercial partners does.
  
  --
  -- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
10. Re:It should be illegal..... by dougmc · 2011-12-13 12:38 · Score: 5, Insightful
  
  You might be legally retarded.
  Huh?
  His point is perfectly valid. Wikipedia is, for example, all about version control. Somebody defaces a page? Revert.
11. Re:It should be illegal..... by bill_mcgonigle · 2011-12-13 12:41 · Score: 5, Funny
  
  and no matter what arbitrary laws or draconian regulations you force companies to abide by,
  We're going to mandate that they both delete data instantly to protect privacy and that they implement mandatory data retention periods so that data can be subpoenaed in the event of a crime.
  
  --
  My God, it's Full of Source!
  OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
12. Re:It should be illegal..... by Oxford_Comma_Lover · 2011-12-13 12:42 · Score: 5, Insightful
  
  It might be that the problems suggest, not that the proposed solution should be discarded, but that an alternative solution incorporating both the motivation for that solution and the problems inherent in executing it should be proposed.
  For example, perhaps all non-archival copies of the information could be deleted. Furthermore, if the backup system is constructed with the privacy goal in mind, it is possible to give the user control over the ability of the corporation to restore that user's information--a user, for example, might be permitted to order the company to destroy a key that allows decryption of backed up data entered by the user.
  
  --
  -- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
13. Re:It should be illegal..... by bennomatic · 2011-12-13 12:46 · Score: 4, Insightful
  
  It's the flip side of the Vegas coin. "What goes on the Internet stays on the Internet."
  
  --
  The CB App. What's your 20?
14. Re:It should be illegal..... by PopeRatzo · 2011-12-13 12:52 · Score: 4, Insightful
  
  So they should have an army tasked with sanitizing all the backup tapes whenever I delete a photo?
  What is this, 1985? You think it takes an "army" of people to go back and delete data?
  Tell you what, if Facebook was ever charged with some legal wrongdoing and expected subpoenas, I bet they'd be able to "sanitize" their data post haste without an "army" of people, and without deleting anything critical to their operations. Funny how that works, no?
  
  --
  You are welcome on my lawn.
15. Re:It should be illegal..... by Stormthirst · 2011-12-13 12:53 · Score: 4, Insightful
  
  If they are like any organisation I've worked for, they over write the tapes. So no, they don't.
  All they have to do is actually delete stuff when a user asks them to, instead of telling the user they have, and then snickering behind their hands like naughty school kids. The buttons on the webpages are marked "delete", and any user should have an expectation that the button would do what it says it does.
16. Re:It should be illegal..... by Aldanga · 2011-12-13 12:54 · Score: 3, Insightful
  
  Or utilize a social network like Diaspora and control your own data.
17. Re:It should be illegal..... by tgd · 2011-12-13 12:56 · Score: 3, Insightful
  
  Your personal knowledge of a prior event concerning me does not raise privacy concerns. Your automatic and routine compilation of all prior events concerning me and sharing of that information with intelligence agencies, law enforcement, and commercial partners does.
  Your life isn't nearly as interesting as you think. Your mundanity is your privacy. Your value to Facebook is your eyeballs and the ads they can serve.
  And if your life was any interest to anyone, there'd be people working a lot harder to penetrate your privacy.
18. Re:It should be illegal..... by Anonymous Coward · 2011-12-13 13:03 · Score: 2, Insightful
  
  Someone's looking for you. Thanks to information on the internet, they find you. Then they murder you.
  Okay, that probably won't happen to me personally. But guess what? It (not necessarily that extreme example) has to happen to someone. And that someone could be me (not that I don't care if it happens to others).
  Someone will inevitably be interested in someone else's life. Pretending that because it doesn't happen to you, it doesn't happen to anyone, is foolish.
19. Re:It should be illegal..... by PopeRatzo · 2011-12-13 13:04 · Score: 3, Insightful
  
  How does a company instantly delete backups on redundant servers?
  Who said anything about "instantly"?
  And as far as deleting backups on redundant servers, it sounds like it could be done with a few lines of code.
  
  Furthermore, if you upload something to Facebook, and someone ELSE downloads it and saves it to a CD, and you delete it off facebook, should THEY be forced to magically know you deleted it, and delete their copy as well?
  Now that's kind of a dumb question. This isn't about what some individual does while data is available online. It's about what a company whose business model depends on collecting and monetizing such data does with it. And what they should be allowed to do with it.
  But then, I think that anybody who uses facebook has to know that facebook is all about collecting data on people and monetizing it any way they can. Which is why I will not use facebook. I once created an account there because I needed to do something that required a facebook account, but never really posted anything personal, or real for that matter. I don't have any use for what facebook does and if I did, there are better ways to get it done. I'm just not willing to pimp out my privacy that way.
  
  --
  You are welcome on my lawn.
20. Re:It should be illegal..... by Georules · 2011-12-13 13:07 · Score: 2
  
  personal data must be deleted once it is no longer needed.
  Once it is no longer needed by whom? I think it's amusing that people think they own the data they post to facebook.
21. Re:It should be illegal..... by Mashiki · 2011-12-13 13:07 · Score: 4, Informative
  
  Indeed. In europe and canada an individual has final say on their personal information. And if it's deleted the company must delete any backup or cached data relating to that person too.
  
  --
  Om, nomnomnom...
22. Re:It should be illegal..... by DogDude · 2011-12-13 13:09 · Score: 2
  
  It's public information. Anybody can and many organizations do archive online information. The millisecond information is posted online, it's forever public. I don't understand why people find this concept so hard to grasp.
  
  --
  I don't respond to AC's.
23. Re:It should be illegal..... by hawguy · 2011-12-13 13:12 · Score: 4, Insightful
  
  What if I want them to? Version control, anyone?
  You haven't deleted it if you expect it to be recoverable from a version control system.
  But when I have a reasonable expectation for something to be deleted forever (like when I empty my Gmail trash folder), then the carrier should take reasonable steps to make said item unrecoverable within a reasonable timeframe.
24. Re:It should be illegal..... by JAlexoi · 2011-12-13 13:15 · Score: 3, Insightful
  
  If you remove YOUr own content, there should be no going back. Wikipedia is a different beast - it's about facts being collected into a single place.
25. Re:It should be illegal..... by JAlexoi · 2011-12-13 13:23 · Score: 2
  
  EU regulations also, because they are in effect in Ireland as well.
26. Re:It should be illegal..... by ksd1337 · 2011-12-13 13:25 · Score: 4, Funny
  
  You forgot to escape the internal quotes! Now THAT should be illegal!
27. Re:It should be illegal..... by mcavic · 2011-12-13 13:31 · Score: 4, Insightful
  
  So they should have an army tasked with sanitizing all the backup tapes whenever I delete a photo?
  No, backups are fine. But if I tell Facebook to delete something, they should delete it so that it fades out of the backups. Not keep it in their working data, but marked as deleted.
  
  This goes 10 times as much for email providers, as well as credit card numbers, SSN's, etc, once the legitimate need for that information is finished.
  
  Yes, someone may have already copied (or stolen) the data. But this is just about a service provider acting like we expect them to act, not secretly collecting personal information for their own purposes.
28. Re:It should be illegal..... by hawguy · 2011-12-13 13:34 · Score: 4, Insightful
  
  I find this attitude so ignorant. How does a company instantly delete backups on redundant servers? How do they delete redundant hard copies kept in closets separated by meatspace? Furthermore, if you upload something to Facebook, and someone ELSE downloads it and saves it to a CD, and you delete it off facebook, should THEY be forced to magically know you deleted it, and delete their copy as well? Does Google have to delete their caches of your facebook page? Or maybe you are saying that Facebook, Google, etc should never make backups?
  Few large companies are using tape when they already have redundant disk storage in redundant datacenters, so typically deletes happen at the speed of replication.
  But if there was interest in enforcing a non-retention policy, regulators could say that no user deleted data can be retained longer than XXX days (maybe 90 or 180 days). This gives time for off-site tape backups to be rotated back and recycled. And plenty of time for remote disk replication to occur. A smart company could think of even more clever ways to quickly and securely delete data. Maybe instead of deleting the data itself, the pointer to the data is deleted (which also holds the decryption key to decrypt that piece of data). Then once that pointer is deleted (along with any backups), the data is unrecoverable even if it's on a WORM drive.
  
  The truth is that once you upload something to a site like Facebook, it becomes publicly viewable and accessible and ANYONE can download it. The unfortunate truth is that you can never really UNDO that action, and no matter what arbitrary laws or draconian regulations you force companies to abide by, you can never truly take it back, even if you hit the delete key.
  That depends on where I upload it. If I upload an photo where the visibility is set to only allow my girlfriend to see it, then I delete it 2 days later, why should it be recoverable at all? I understand that she may have downloaded it and emailed it to her mother, but I trust her not to do that. So why can't I trust Facebook to not allow it to reappear later in a legal subpoena? Or to resurface 2 years later in a new "undelete" feature that makes all of my deleted content visible?
  
  The paradigm shift needs to be in how people view sites like Facebook, Photobucket, etc: Don't upload anything you want to keep private. If you want to keep it private, upload it to a company that guarantees your privacy... NOT Facebook.
  Why not a paradigm shift for companies that acquire personal data that requires them to protect that data.
29. Re:It should be illegal..... by Ly4 · 2011-12-13 13:39 · Score: 2
  
  > And as far as deleting backups on redundant servers, it sounds like it could be done with a few lines of code.
  You have obviously never done anything at this scale. Deleting all copies of information on a significant system is a very hard problem to solve. Demonstrating to an auditor that you've deleted everything makes it even harder.
  There's actually an entire Defense Department specification/procedure that attempts to describe how to do it: http://www.google.com/?q=DOD+5015
30. Re:It should be illegal..... by Algae_94 · 2011-12-13 13:39 · Score: 3, Insightful
  
  No, backups will eventually get overwritten. Deleting a photo should actually delete it in the live system, not just tag it with some metadata that marks it as deleted so no one sees it. I'm not exactly sure how Facebook marks things deleted, but I am sure they don't delete it.
  
  A simple confirmation prompt for a delete would be enough to prevent most unwanted deletions. If you happen to delete a photo you want back, you should have done your own local backup of that file to re-post.
  
  This really comes down to an issue of data trust with organizations you give your data to. Facebook has shown little reason to trust them with personal data, yet people keep sending it to them. Facebook's entire company value is based on how much information they amass on people. It is therefore not surprising in the least that they don't let people arbitrarily delete data and thus reduce their value.
31. Re:It should be illegal..... by KhabaLox · 2011-12-13 13:46 · Score: 4, Insightful
  
  -a user, for example, might be permitted to order the company to destroy a key that allows decryption of backed up data entered by the user.
  +1 insightful.
  GP deserves his Informatives too, but P makes a very good point as well.
  Rather than pick positions (e.g. delete it instantly vs. it will be around forever) and evaluate the relative merits or possibilities, it is perhaps more fruitful to understand the motivations for a user to want FB to delete his data, and for FB to keep redundant backups for long periods of time. Once we understand the motivations behind the positions, we can come to a better negotiated outcome (such as the examples P gives) that satisfy both parties. This is the essence of Principled Negotiation.
  (My boss made me read "Getting to Yes.")
  
  --
  Ceci n'est pas un sig.
32. Re:It should be illegal..... by VortexCortex · 2011-12-13 13:48 · Score: 3, Insightful
  
  I find this attitude so ignorant.
  I find you so ignorant...
  
  How does a company instantly delete backups on redundant servers? How do they delete redundant hard copies kept in closets separated by meatspace?
  
  By deleting the fucking encryption key. This shit isn't rocket surgery folks.
  Oh, it's not encrypted? WHY THE FUCK NOT? Seriously, Best Security Practices Rule #1: Don't Be Sony
  Even my Media Library's SQL metadata is encrypted. I keep that database backed up, but if I want to INSTANTLY DELETE BACKUPS THE WORLD OVER ON REDUNDANT SERVERS, I simply wipe the decryption keys. Now, if I can do this, there's really no reason for them to not be able to. If you're concerned about scaling, that's not an issue, (additionally, scalability isn't my problem). They could store the decryption key in a separate table in the same DB, or right in with the other row data, I DON'T CARE, SO LONG AS YOU DON'T SAVE THE DECRYPTION KEY IN THE BACKUP ARCHIVE. That's data that's small enough to have it's own separate archive that's easy to delete on demand. If they can track all that crap they're tracking, they could take the (CPU) time to do it securely... of course they're not required to by law, yet.
  
  Furthermore, if you upload something to Facebook, and someone ELSE downloads it and saves it to a CD, and you delete it off facebook, should THEY be forced to magically know you deleted it, and delete their copy as well?
  Of course not you TWIT. That's not remotely as feasible as wiping out a few bytes of key-data; Besides, I don't have a 1st party relationship with them. I DO HAVE a 1st party relationship with Facebook, and in their TOS it says they'll delete shit that I tell them to, but that it may not happen "immediately", and that it may temporarily enter a refuse bin like system. Do you empty your recyling bin once every quarter decade? Do you flush your toilet once a century? WHAT'S A REASONABLE LENGTH OF TIME TO NOT DELETE AN ENCRYPTINON KEY?!
  
  Does Google have to delete their caches of your facebook page? Or maybe you are saying that Facebook, Google, etc should never make backups?
  
  Once again 1st & 3rd parties. Since Facebook says they WILL DELETE your content once you've deleted your profile (unless it's been shared on another's wall, etc), THEY SHOULD BE ABLE TO DELETE IT. Now, they haven't done so in what I'd consider a reasonable amount of time... indeed, they show the opposite effect. This is my opinion. Perhaps you're more unreasonable than I.
33. Re:It should be illegal..... by hawguy · 2011-12-13 13:49 · Score: 5, Insightful
  
  "backups"
  That's why I said "reasonable timeframe". I don't expect them to delete the data immediately, maybe provide for 90 - 180 days to allow off-site tapes to be recycled. I'm not even asking for a secure delete, I'm ok with the data being technically recoverable from a disk or tape using forensic analysis.
  Maximum retention times are nothing new in the corporate world.
34. Re:It should be illegal..... by hedwards · 2011-12-13 14:01 · Score: 2
  
  That would be a step in the right direction.It's been ages since I've gotten a new line, but I seem to remember having to opt out of being listed.
35. Re:It should be illegal..... by hedwards · 2011-12-13 14:03 · Score: 2
  
  Because it's not always posted by the person to whom it applies. Personally I don't care about what other people post about themselves. I do however care very much about the things that they post about me. That and the crackers that trojaned TD Ameritrade and released my contact information to the net at large.
36. Re:It should be illegal..... by Capt.+Skinny · 2011-12-13 14:15 · Score: 5, Insightful
  
  Your mundanity is your privacy
  Perhaps, as long as you remain obscure. But once you become a research target -- being suspected of a crime, mentioned in a news story, or applying for a security clearance, for example -- then all that data can provide seeds for speculation about your motives, integrity, or personality.
  The public IP addresses of my servers are buried in relative obscurity, just another 32-bit number among millions. But if I post a log file to a support forum then you can bet that I'll strip that IP address out.
37. Re:It should be illegal..... by Anonymous Coward · 2011-12-13 14:37 · Score: 3, Insightful
  
  Your life isn't nearly as interesting as you think. Your mundanity is your privacy. Your value to Facebook is your eyeballs and the ads they can serve.
  And if your life was any interest to anyone, there'd be people working a lot harder to penetrate your privacy.
  In other words, if you behave yourself, act like a good little citizen, pay your taxes, and don't complain you have nothing to fear, right? And of course, if you don't, you have no rights, and you shouldn't, either, because you are a Bad Person.
38. Re:It should be illegal..... by blueg3 · 2011-12-13 14:42 · Score: 4, Interesting
  
  Reliably? Yes. Sure, it's easy to delete the copy in the production database. It's harder to prove that if the disks backing the production database were stolen and analyzed, it would be impossible to recover the data. It's harder still to locate and redact every backup of the database that contains the data. (It's even harder still to prove that a copy of the data doesn't persist on another user's hard drive as a result of having viewed the data in a web browser.)
  This is the Cloud Era; you can't reliably delete data any more.
39. Re:It should be illegal..... by yahwotqa · 2011-12-13 14:42 · Score: 2
  
  > Your life isn't nearly as interesting as you think. Your mundanity is your privacy.
  But but but... I thought I'm special and unique, like a snowflake?!
40. Re:It should be illegal..... by Chris+Pimlott · 2011-12-13 14:51 · Score: 5, Insightful
  
  Everyone is interesting to somebody, even if it's just their local bartender/coworker/pizza delivery guy/romantic rival... Now it used to be the case that it didn't matter as none of these everyday "mundane" acquaintances had the time, access or expertise to pull together a dossier but today it's pretty trivial.
41. Re:It should be illegal..... by Anonymous Coward · 2011-12-13 14:53 · Score: 2, Informative
  
  It should be illegal for a person to have internet access without first acknowledging that anything they put online will probably follow them for the rest of their lives.
  
  I'm more happy than ever that I never bought into any of those data harvesting sites. I don't even use Google without going through a proxy with end to end encryption.
42. Re:It should be illegal..... by Galestar · 2011-12-13 14:55 · Score: 4, Insightful
  
  Except for the fact that you come to me on a daily basis and intentionally and willingly disclose this information to me, after I warned you in my EULA that I reserve the right to do exactly that.
  
  Should people think twice before they post every stupid detail of their lives on Facebook? Yes
  Should it be illegal for Facebook to do what they do? No.
  
  --
  AccountKiller
43. Re:It should be illegal..... by LordLimecat · 2011-12-13 14:55 · Score: 2
  
  But when I have a reasonable expectation for something to be deleted forever
  
  Not when their data usage policy spells out when it ISNT deleted, and gives no guarentees.
44. Re:It should be illegal..... by MaskedSlacker · 2011-12-13 15:03 · Score: 3, Interesting
  
  I'm pretty sure the buttons actually say "Remove" which is a nifty semantic cheat around that problem.
45. Re:It should be illegal..... by DrDitto · 2011-12-13 15:22 · Score: 4, Funny
  
  Dude, go smoke some pot or something. You are way too angry for your own good.
46. Re:It should be illegal..... by Anonymous Coward · 2011-12-13 15:27 · Score: 2, Insightful
  
  Let's see, in my mundane life I work IT at a big ass bank, think old timey horse and coach stuff, and I spend my spare time occupying the local downtown as part of the We Are the 99% movement. We coordinate events and efforts and host discussions via FaceBook.
  So of course I believe you are correct, there is nothing in my life interesting enough to warrant anyone actually paying attention to me.
  Now, to unfriend all those anarchists, union members, homeless robo-signing victims, and commies who are screaming on the sidewalk to tear down the big banks and end too big to fail, so I'm not such a boring wallflower.
  Oh, wait, there's still a record kept you say?
47. Re:It should be illegal..... by ganjadude · 2011-12-13 15:45 · Score: 4, Insightful
  
  and when "insert random person here" accesses your account and mucks it all up on you..."you" deleted it, but YOU didnt.... than what?
  
  --
  have you seen my sig? there are many others like it but none that are the same
48. Re:It should be illegal..... by nitehawk214 · 2011-12-13 16:00 · Score: 5, Informative
  
  Moderating a Funny post Informative, that should be illegal.
  
  --
  I'm a good cook. I'm a fantastic eater. - Steven Brust
49. Re:It should be illegal..... by Ly4 · 2011-12-13 16:07 · Score: 3, Informative
  I was trying to avoid some typing with the DOD reference, but that obviously didn't work, so let's try a couple of examples. The basic point is that easy-to-access and easy-to-delete are not same thing; data is just too easy to copy.
  Example 1: I send you an email with a pdf attachment. You read it, and then we decide to delete all copies of the pdf. Where do we need to look?
  
  Directory where pdf was created.
  
  Any cache directories used by PDF tools.
  
  Within my mail tool.
  
  At my ISP.
  
  At any ISP along the way.
  
  At your ISP.
  
  In your mail tool.
  
  In a browser cache, if was viewed via webmail.
  
  Recycle bin/trash can of any system.
  
  Any backup made on any system while the pdf was there.
  
  There are probably more ...
  
  Example 2 (a bit more like the system we're talking about):
  
  User uploads document to server1.
  
  User comes in the next day, and retrieves document via server2. The url told the system how to find it on server1, but a copy is loaded on server2 to support multiple retrievals.
  
  User comes back a week later, deletes document via server1.
  
  How do we know which servers to notify for deletion? Do we maintain a list somewhere? Do we tell all of our servers to delete it? What about backups? What do we do if the server is not available when we send the notification?
  It is not easy ...
50. Re:It should be illegal..... by dward90 · 2011-12-13 16:39 · Score: 3
  
  I promise you that their TOS doesn't say they will delete shit when you tell them to. I get you're point, but you're being a colossal douche about it. Please calm down.
  
  --
  My other sig is clever.
51. Re:It should be illegal..... by Intropy · 2011-12-13 16:58 · Score: 4, Funny
  
  Meta-auto-moderation, that's a paddlin'.
52. Re:It should be illegal..... by neoform · 2011-12-13 17:09 · Score: 3, Interesting
  
  Very few people understand the technical ramifications of 'deletion' on large infrastructure. It's very likely that facebook can't actually 'delete' much the same way InnoDB can't recover disk space after a delete (which means the data still exists on the hard drive).
  
  --
  MABASPLOOM!
53. Re:It should be illegal..... by savuporo · 2011-12-13 17:10 · Score: 2
  
  If you want to keep it private, upload it to a company that guarantees your privacy...
  
  If you actually want privacy, i'm not sure why would you use either the word of "upload" or "a company".
  
  --
  http://validator.w3.org/check?uri=http%3A%2F%2Fwww.slashdot.org Errors found while checking this document as HTML5!
54. Re:It should be illegal..... by Anonymous Coward · 2011-12-13 17:25 · Score: 5, Insightful
  
  1) You could revert the next day. The OP didn't say it should be deleted instantly, just within a reasonable amount of time. Keeping data for 1 month to allow user reversals and another 5 months for backup tape recycling is reasonable. Keeping your data for years like they do now is a different matter.
  2) This backup/restore function you speak of is not available in Facebook anyway, despite them having the data available forever.
55. Re:It should be illegal..... by psy0rz · 2011-12-13 18:10 · Score: 2
  
  So what happens if you lose the encrytion keys in a crash?
56. Re:It should be illegal..... by avgjoe62 · 2011-12-13 18:14 · Score: 4, Insightful
  
  You are special AND unique, just like everyone else...
  
  --
  How come Slashdot never gets Slashdotted?
57. Re:It should be illegal..... by JWSmythe · 2011-12-13 18:36 · Score: 2
  
  This is an almost entertaining conversation. Everyone's thinking so linearly. User puts content up on Facebook. User deletes content from Facebook, It's all done.
  In reality, user puts content up on Facebook.
  Facebook compiles, refines, and disseminates that information to various other parts of the company, and to third parties. Those third parties buy and sell that information. Once it's out there, there's no taking it back.
  Facebook could ask their other divisions to delete it. They may no longer have it indexed in the same way.
  User "JWSmythe", is account number 1234567 on Facebook.
  He may now be jwsmythe@example.com, who posted message "Privacy is a lie" at 2:34am local time. He's been auto-tagged as a conspiracy nut, and an insomniac.
  His name, address, and IP information have been sold to both "The Nutjob Press" and "GrandaPharma Sleep Aids".
  Where I'm working now actually deals with such lists. I'm sitting on about 70 million records of consumer data, that was gathered through various means. By various, I mean we acquired the list, I reviewed it, found there to be some good, but plenty of crap. The data was collected by some of the expected places, like those great offers to win [something you won't], if you just give all your personal information. Some was supplied by online retailers, who you wouldn't expect to sell it. I went and verified that buried in their ToS was permission to sell your information to affiliated 3rd parties.
  And, if you're worried about deleting your Facebook posting saying "dammit, I burnt dinner tonight", that should really be the least of your concerns. Your state likely sells your drivers license data (name, address, DOB, SSN, DL#, violation history, vision correction requirement, organ donor status, etc, etc). Your grocery store, who is kind enough to give you discounts on food for using their card is selling your purchase history. Even your bank likely sells your information and transaction history. Did you really want to buy that membership with teenagebestiality.com (hopefully not a real site)?
  It's not always an "official" company decision or policy. It could have been a rogue employee who happened to have access to the database. More likely, it was an executive decision that will be officially denied, with a money trail that leads off to nowhere.
  The only thing that gives me comfort is the years I've spent providing disinformation about myself and my aliases online. The truth has become so diluted that when someone pulls a report from these nefarious sources, they find I've lived all over the world, and done things that wouldn't be possible without a double zero in front of my name and someone named M frequently reprimanding me for taking advantage of my license to kill.
  
  --
  Serious? Seriousness is well above my pay grade.
58. Re:It should be illegal..... by pclminion · 2011-12-13 18:54 · Score: 4, Interesting
  
  And if your life was any interest to anyone, there'd be people working a lot harder to penetrate your privacy.
  You're trying to look at an elephant through a microscope. The danger isn't the violation of any one person's privacy. The danger is the emergence of a kind of "total information awareness," where inferences can be drawn on larger social scales. For instance, detecting when a protest is about to materialize, measuring the effectiveness of propaganda techniques, tracking politically unfavorable trends in conversations, etc.
  I'm not in principle opposed to the ability to do that, but right now the ability is very one sided. Facebook (as well as any government who can order them to do things) has all the information. We don't.
59. Re:It should be illegal..... by Patch86 · 2011-12-13 20:04 · Score: 3, Insightful
  
  It doesn't have to be deleted instantly, as long as they're making good steps to delete it. In the UK, we have data protection laws that stipulate that data must be retained for a certain period after it is no longer in use, and then must be permanently deleted after that. The vast majority of "grown up" companies (such as the big banks) are bound by this and manage to do it just fine. If Facebook can't do this, it's their problem. They shouldn't be in the data centre game if they can't abide by data protection laws properly.
  One problem is that data uploaded to Facebook is not always uploaded by the person who it concerns. There are dozens of pictures of me on Facebook, every single one of which uploaded by one of my friends or family. If one of my friends uploads a picture of me I disapprove of (a picture of my bank statement, say, with all my private data clearly visible) and I ask them nicely to remove it, I should have every expectation that the hosting company (Facebook) will not only "remove" it, but also set about deleting it in line with data protection laws. No excuses.
60. Re:It should be illegal..... by Solandri · 2011-12-13 20:54 · Score: 3, Insightful
  
  Your life isn't nearly as interesting as you think. Your mundanity is your privacy. Your value to Facebook is your eyeballs and the ads they can serve.
  If I'm really that uninteresting, and my only value is in my interests and the ads respond best to, then why the hell is Facebook retaining practically everything about me?
61. Re:It should be illegal..... by angel'o'sphere · 2011-12-13 21:00 · Score: 3, Informative
  
  Not when their data usage policy spells out when it ISNT deleted, and gives no guarentees.
  The data usage policy is illegal under EU and most other european law ... so?
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
62. Re:It should be illegal..... by drb226 · 2011-12-13 21:05 · Score: 2
  
  That, however, is entirely contrary to the idea of the internet. The natural extension of "post anything, trust nothing" into the web 2.0 era is "don't post anything you will regret the world knowing".
63. Re:It should be illegal..... by N1AK · 2011-12-13 21:20 · Score: 5, Insightful
  
  How about you stop trying to decide what should happen to other peoples data for them. I'm perfectly happy with Facebook keeping everything I delete by default. I would however appreciate the ability to actually delete something if I ever wanted to (which thus far hasn't happened). I would also like it if they were up front about what they're doing. It is misleading to call it deletion, which most people understand to mean it will cease to exist at some point, and then keep it indefinitely.
64. Re:It should be illegal..... by angel'o'sphere · 2011-12-13 21:32 · Score: 3, Insightful
  
  It's legal because the user agreed to let them keep it.
  No, that is only true for the US. And I would bet it is in fact only true for the US. For Europe and that is not only the EU but nearly every country I ever heard about, this is not true. Law > "any agreement", already the fact that a company writes such a "proposal" wanting you to "agree" is arguable illegal. Nevertheless, regardless to what you agree (by checking a check box) if it is illegal by law, the agreement is void.
  Just because you americans are used to your retarded law/legal system you should not assume the rest of the world is equally backyard stuck in 1750 ...
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
65. Re:It should be illegal..... by JAlexoi · 2011-12-14 02:23 · Score: 4, Insightful
  
  How about you stop trying to decide what should happen to other peoples data for them.
  My reaction to that statement is - WHAT!?!?!?!
  It's the owner who is removing it, not someone else. Just because you want your data to be stored for years, doesn't mean that I should be deprived of the option to remove it permanently. If anything, current situation takes away my choice to remove the information permanently, while not affecting you in any meaningful way.
  
  PS: And if they want to do business in EU, they have to comply with the rules people of EU set out.
66. Re:It should be illegal..... by Errol+backfiring · 2011-12-14 03:27 · Score: 2
  
  So what if someone else posts it?
  
  --
  Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
Clicked on this, clicked on that by ackthpt · 2011-12-13 12:25 · Score: 4, Insightful

Sure, a flood of data looks mundane, but combing it with the right filters probably tells lots of interesting stuff, like the DNA of relationships and interests. I can only hope mine is utterly meaningless. I've tried very hard to ensure that eventuality.

--

A feeling of having made the same mistake before: Deja Foobar
Uh, what? by twotacocombo · 2011-12-13 12:38 · Score: 5, Insightful

This article's summary is rather baited. I fail to see how see how this guy "learned the hard way". It's not like they rolled up with a truck and dumped reams of paper in the middle of his living room. He received a CD with files in an easily searchable format. I'm sure he knew going into it he wasn't going to read through it all in a night, and probably doesn't contain any surprises. If anything, Facebook "learned the hard way", now that they have to divulge the massive amount of data that they store, upon request, which means they must employ people to do this. Are the costs incurred outweighed by any profit produced by hoarding this particular information?
1. Re:Uh, what? by oodaloop · 2011-12-13 12:44 · Score: 3, Informative
  
  Yeah, after the first few sentences I was expecting he received several boxes of printed out code. Oh, he got one CD? That sounds...anticlimactic.
  
  --
  Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
LOL by kheldan · 2011-12-13 12:40 · Score: 2

..and this is why I don't use my real name anywhere online that I can possibly get away with it, or use any personally-identifiable information about me on any social networking. Enjoy your false, worthless data, Facebook.

--
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
1. Re:LOL by Anonymous Coward · 2011-12-13 13:51 · Score: 3, Interesting
  
  Yes, they're getting better, but there are inherent problems in the methodologies of stylistic analysis that make any claims of being able to identify authors based on style alone open to extreme skepticism. To put it another way, the only people claiming they can ID you based on how you write are marketing droids or snake-oil salesmen.
  I did some work in a highly related field, stylochronometry. That's the measurement of change over time in a single author's style. The classic problem set for this kind of work is the Platonic corpus: people try to write algorithms to order Plato's writings chronologically. Philosophers want this information so they can trace the development of Plato's thought over time, so they give the problem to computational linguists, who try to measure things like the frequency of certain kinds of sentences or phrases or particles (hard to define words that show the relationship between sentences or, even more vaguely, give phrases "flavor") in various texts and then compare those frequencies to generate trends. There's generally an assumption that at least some of these variables will have a linear increase or decrease over time. More problematic, though, is that Plato may have gone back and edited parts of texts or entire texts, and there's some evidence (from outside these methodologies) that indicates this is the case. These problems have caused some (very rightly) to call into question the validity of stylochronometry, and the fact of the matter is that each study that's been done comes up with a different sequence in which the texts were written. It's a lot of effort being thrown at a problem in vain.
  The same problems plague the study of authorship of anonymous internet posts through stylistic analysis. On Slashdot, you can't edit, but you can on blog posts, and you can have multiple authors collaborating without attribution. There's also plagiarism to complicate the number of authors: you don't know if person X's post is entirely his own or if parts were snagged from elsewhere, which would throw an algorithm off track. Most importantly, the basic assumption of stylochronometry, that style changes with time, causes a problem for algorithms that seek to find correlation among posts that were written at different times. Worse, people change their style from day to day or hour to hour (maybe I'm babbling now because I've had a lot of rum; maybe I'm usually more concise) and from context to context (maybe I write one way when responding to some articles, but I cite more sources on others, or I troll in other environments like ZeroHedge, or I use lots of abbreviations when discussing my furry anime fetishes -- rhetoric depends on context).
  Things on the internet won't be traced back to you unless you're a bot that always writes in the same style. And, you'll never discover the order in which Plato wrote his dialogues.
No delete by Bucky24 · 2011-12-13 12:54 · Score: 2

"Facebook, it seems, doesn't think much of the Delete key and continued to hold copies of the data on its servers."

This really shouldn't come as a surprise for anyone here.

--
All the world's a CPU, and all the men and women merely AI agents
Not that uncommon by james_van · 2011-12-13 12:59 · Score: 5, Interesting

I've worked for a number of tech companies that dont actually delete anything, the simply mark the record "deleted" in the database. It's a pretty common practice that didn't really ever get talked about until it came to light that Facebook did it. Let's face it, once something is out there, it never ever really goes away, whether it be on Facebook or somewhere else,
1. Re:Not that uncommon by Trepidity · 2011-12-13 13:26 · Score: 5, Insightful
  
  Except for the company's own data, of course: then they manage to remember how to really delete data, e.g. old emails after N days, so that no future nosey prosecutor can dig it out of the database.
  
  --
  10 PRINT CHR$(205.5+RND(1)); : GOTO 10
If Only Slashdot Asked Itself... by micahfk · 2011-12-13 13:03 · Score: 2

...if it had talked about this story before to know that it did already:

http://yro.slashdot.org/story/11/11/16/0239232/facebook-holding-back-personal-data

And yes, it links TFAs that mention this story already.
Price Social Networking by tylerv86 · 2011-12-13 13:05 · Score: 2

If so many people are concerned with their privacy, yet still want a Social Network; why not create your own website. Using HTML5 or whatever other fad code of today, creating your own fully linked website with interactive media is almost as easy as creating a facebook profile. With the searching power of google finding all your friends is just as easy. Chatting, use irc. facebook as brought nothing new to the area of personal web presence, except it's almost idiot-proof, and, oh yeah. FREE! Now that the dust has settled on this fashionable form of web presence, it's not so amazing to those who don't want everyone in the world with a PC or smartphone to have a direct portal to their info. Kids are killing themselves over this info, crimes are being committed. People, it's time to take responsibility for your own actions and get a clue. If you don't know how the internet works, GET OFF-LINE! Anyone can do anything with a computer. Until there is some kind of world internet police, it's free game. This is what makes it so special. Stop whining and get informed. Don't tell others what to do with their companies, your not paying for anything. On the web, all you have to do and compete. Make something better. Then watch as the users tell you what to do.Best part is, you can ignore them too. You have the power to control your "on-line avatar", whatever, but you cant sit on your hands and let others do it. Get coding!
1. Re:Price Social Networking by amRadioHed · 2011-12-13 13:32 · Score: 2
  
  Do you use Facebook? Because it should be obvious how your homemade solution would not do what people use Facebook for.
  
  --
  We hope your rules and wisdom choke you / Now we are one in everlasting peace
Re:Pushing for more of what it knows... by PopeRatzo · 2011-12-13 13:12 · Score: 3, Insightful

Sounds like he's doing this for attention...
And if the "attention" he gets convinces some people to stop using facebook or not to start using it in the first place, then he has done something worthwhile.

--
You are welcome on my lawn.
Not surprising by Cherubim1 · 2011-12-13 14:02 · Score: 2

Social networking sites and search engines are used for data collection and data mining. I've been telling people for years that their activity will be monitored, captured and tracked yet people sre still willing to tradeoff their privacy for convenience. Ignorance knows no bounds.
I'm more interested... by Anachragnome · 2011-12-13 14:07 · Score: 2

I'm more interested in seeing the CD contents of someone that has never intentionally used Facebook--someone like me.
1. Re:I'm more interested... by Anachragnome · 2011-12-13 15:06 · Score: 2
  
  "What's stopping you filing a request for that data?"
  Well, a few things.
  First, I have to have an account in order to fill out the form--I don't. That does not mean they do not have data on me.
  Second, I have to GIVE them all the data on that form, as well as verify it as being correct...in order to see if they have data on me. Something inherently wrong with that, and I shouldn't have to point out what.
2. Re:I'm more interested... by Anachragnome · 2011-12-13 15:22 · Score: 2
  
  Oops, accidentally hit submit instead of preview...
  Third, I have to let all of their scripts run on my machine just to view the form, and we all know that scripts are a good thing. The process of asking for information has been corrupted and made part of the data gathering effort.
  Fourth, there is also the requirement that every person must know the law under which they have the authority to even ask--suggesting that they will not comply unless compelled by law to do so. This is a blatant attempt at obfuscation using the very laws meant to protect us, laws that no layman could be expected to fully understand in the first place.
  Here is a screen grab of the form for those that don't want to give data in order to view it...
  http://siliconfilter.com/wp-content/uploads/2011/09/data_request_facebook.png
Re:Not sure what he was expecting to find. by kiwimate · 2011-12-13 15:15 · Score: 2
Yeah, really. I'm yawning, and all the discussion I've seen in this thread so far are on the same single point - should Facebook keep data after you've pressed the Delete button?
Other than that...
- Young person signs up for social networking site.
- Presumably said young person then proceeds to use it for social networking, which by my definition involves sharing personal information with people...
- ...using Facebook as the intermediary
- After a year of social networking, young person says to Facebook - "I say, Facebook, what information do you still have out of everything I've shared using your services?"
- Facebook says "here you are. This is what you shared using our servers. We stored it for you so you could share it. You know, that social networking functionality."
Lot of hue and cry about, well, bugger all, really.
There is a clear difference by bratwiz · 2011-12-13 16:51 · Score: 2

His point is perfectly valid. Wikipedia is, for example, all about version control. Somebody defaces a page? Revert.
There is a clear difference here. Wikipedia tells you that's the deal up front. You don't have to file a foia request to find out.
1. Re:There is a clear difference by justforgetme · 2011-12-13 17:54 · Score: 2
  
  IIRC it is in facebook's TOS as well and if I can guess correctly it is in the
  TOS of pretty much anything on the Internet that has a TOS document
  
  --
  -- no sig today
2. Re:There is a clear difference by a+whoabot · 2011-12-13 21:45 · Score: 5, Informative
  
  I think I agree with you. I never understood why people complain about what sites do when all of what they do is in the terms.
  From what I can tell, pretty much everything there is to know about how your data is used by Facebook is on:
  http://www.facebook.com/legal/terms
  http://www.facebook.com/full_data_use_policy
  http://developers.facebook.com/policy/
  http://www.facebook.com/ad_guidelines.php
  All that comes in at about 15000 words. Sure, this will probably take you more than a few minutes to read and understand, unless you are Lt. Cmdr. Data. But if it is so important to you, than why not spend the time?
  I have an feeling that people are either too lazy for their own good, or just like to see injustice where there is none because they like the feeling of righteous indignation
  Sorry, I don't usually rant; please, anyone, do not take this post as impugning you personally; and I am probably missing many good counter-points.
3. Re:There is a clear difference by 1800maxim · 2011-12-14 03:27 · Score: 3, Informative
  
  Because a user shouldn't have to read 15,000 word legal documents to understand what could be written in layman's terms in a point form spanning just a few pages.
  
  In addition to full legal documentation, there should be a brief summary in point form for the average user to get a basic understanding of what's what. If he then wishes, he can gain more information from the legalese docs, or otherwise agree.
Wow, a CD by tbird81 · 2011-12-13 18:50 · Score: 2

What format did he expect it in? Is he pissed off he had to download a PDF reader or something? I think it seems reasonable.
Also, who do you think gave Facebook this information in the first place? The same douchebag who wasted their time ordering the info. I hope they billed him for their time.
Should include by g0bshiTe · 2011-12-14 02:46 · Score: 2

What steps or rather how difficult it was to get them to produce that information. I'd particularly be interested to know how they verified the person requesting the data was actually him.

--
I am Bennett Haselton! I am Bennett Haselton!
Deleting data isn't as simple as it sounds by msobkow · 2011-12-14 05:43 · Score: 3, Interesting

I agree, it should be your choice. However, I'm one who really, really likes the idea of keeping an edit history for posts if one so chooses.
And I can understand why Facebook doesn't actually delete the data, but just flags it as hidden/deleted -- it's a real bear to update and nullify all the object id references to a post in such a mammoth system. There are links all over the place from people whose "feed" pages may reference your post. There are forwards and reposts of your post which create a commented link to your post -- does your right to delete your post mean you have the right to delete the posts of people who've commented on it?
Given that some of the content links could be in archived databases instead of mainline storage or cache, updating them could be virtually impossible.
Canada is facing the same issue with it's Long Gun Registry being shut down by Harper's Conservative government -- the data is cross-linked throughout government and law enforcement system, with over a decade of archived databases referencing the LGR databases. Truly deleting the data requires restoring the archived external databases, updating their contents to remove the references, exporting the database for an updated backup, and archiving it for storage.
Now there's the cascade effect -- any references to the archive disks now have to be updated to reference the new archive database content instead of the original.
They're currently expecting it to take over FIVE YEARS to purge that one database, and it's pitifully small compared to Facebook or Google.
Never mind the potential legal issues of external and archive systems that are mandated to be write-only by government legislation, and which have to be retained for 7-10 years in many cases.
Realistically, a versioning system or flagging content as deleted instead of purging it is the only option available for large systems that maintain historical data of any significant size.

--
I do not fail; I succeed at finding out what does not work.