Slashdot Mirror

← Back to Stories (view on slashdot.org)

24-Year-Old Asks Facebook For His Data, Gets 1,200 PDFs

Posted by Soulskill on from the ask-and-ye-shall-receive dept.

chicksdaddy writes "Be careful of what you ask for. That's a lesson Max Schrems of Vienna, Austria learned the hard way when he sent a formal request to Facebook for a copy of every piece of personal information that the social network had collected on him, as required under European law. After a wait, the 24-year-old law student got what he was seeking: a CD with all his data stored on it — 1,222 files in all. The collection of PDFs was roughly the length of Leo Tolstoy's War and Peace, but told a more mundane story: a record of Schrems' years-long relationship with the world's largest social network, including reams of data he had deleted. Now Schrems is pushing Facebook to disclose even more of what it knows."

36 of 291 comments (clear)

  1. It should be illegal..... by ThisIsNotMyHandel · · Score: 5, Insightful

    It should be illegal for these companies to keep user generated content once the user deletes it.

    1. Re:It should be illegal..... by earls · · Score: 5, Insightful

      What if I want them to? Version control, anyone?

    2. Re:It should be illegal..... by drcheap · · Score: 5, Insightful

      It should be illegal for these companies to keep user generated content once the user deletes it.

      It's legal because the user agreed to let them keep it. I'm sure it's somewhere in those 6000 words nobody reads...probably something along the lines of "content uploaded by the user of the system becomes the sole property of the system" only more legalese sounding.

    3. Re:It should be illegal..... by CannonballHead · · Score: 4, Funny

      "Making up arbitrary emotionally motivated "this should be illegal" arguments on the fly."
      That should be illegal.

    4. Re:It should be illegal..... by Oxford_Comma_Lover · · Score: 5, Insightful

      Your personal knowledge of a prior event concerning me does not raise privacy concerns. Your automatic and routine compilation of all prior events concerning me and sharing of that information with intelligence agencies, law enforcement, and commercial partners does.

      --
      -- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
    5. Re:It should be illegal..... by dougmc · · Score: 5, Insightful

      You might be legally retarded.

      Huh?

      His point is perfectly valid. Wikipedia is, for example, all about version control. Somebody defaces a page? Revert.

    6. Re:It should be illegal..... by bill_mcgonigle · · Score: 5, Funny

      and no matter what arbitrary laws or draconian regulations you force companies to abide by,

      We're going to mandate that they both delete data instantly to protect privacy and that they implement mandatory data retention periods so that data can be subpoenaed in the event of a crime.

      --
      My God, it's Full of Source!
      OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
    7. Re:It should be illegal..... by Oxford_Comma_Lover · · Score: 5, Insightful

      It might be that the problems suggest, not that the proposed solution should be discarded, but that an alternative solution incorporating both the motivation for that solution and the problems inherent in executing it should be proposed.

      For example, perhaps all non-archival copies of the information could be deleted. Furthermore, if the backup system is constructed with the privacy goal in mind, it is possible to give the user control over the ability of the corporation to restore that user's information--a user, for example, might be permitted to order the company to destroy a key that allows decryption of backed up data entered by the user.

      --
      -- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
    8. Re:It should be illegal..... by bennomatic · · Score: 4, Insightful

      It's the flip side of the Vegas coin. "What goes on the Internet stays on the Internet."

      --
      The CB App. What's your 20?
    9. Re:It should be illegal..... by PopeRatzo · · Score: 4, Insightful

      So they should have an army tasked with sanitizing all the backup tapes whenever I delete a photo?

      What is this, 1985? You think it takes an "army" of people to go back and delete data?

      Tell you what, if Facebook was ever charged with some legal wrongdoing and expected subpoenas, I bet they'd be able to "sanitize" their data post haste without an "army" of people, and without deleting anything critical to their operations. Funny how that works, no?

      --
      You are welcome on my lawn.
    10. Re:It should be illegal..... by Stormthirst · · Score: 4, Insightful

      If they are like any organisation I've worked for, they over write the tapes. So no, they don't.

      All they have to do is actually delete stuff when a user asks them to, instead of telling the user they have, and then snickering behind their hands like naughty school kids. The buttons on the webpages are marked "delete", and any user should have an expectation that the button would do what it says it does.

    11. Re:It should be illegal..... by Mashiki · · Score: 4, Informative

      Indeed. In europe and canada an individual has final say on their personal information. And if it's deleted the company must delete any backup or cached data relating to that person too.

      --
      Om, nomnomnom...
    12. Re:It should be illegal..... by hawguy · · Score: 4, Insightful

      What if I want them to? Version control, anyone?

      You haven't deleted it if you expect it to be recoverable from a version control system.

      But when I have a reasonable expectation for something to be deleted forever (like when I empty my Gmail trash folder), then the carrier should take reasonable steps to make said item unrecoverable within a reasonable timeframe.

    13. Re:It should be illegal..... by ksd1337 · · Score: 4, Funny

      You forgot to escape the internal quotes! Now THAT should be illegal!

    14. Re:It should be illegal..... by mcavic · · Score: 4, Insightful

      So they should have an army tasked with sanitizing all the backup tapes whenever I delete a photo?

      No, backups are fine. But if I tell Facebook to delete something, they should delete it so that it fades out of the backups. Not keep it in their working data, but marked as deleted.

      This goes 10 times as much for email providers, as well as credit card numbers, SSN's, etc, once the legitimate need for that information is finished.

      Yes, someone may have already copied (or stolen) the data. But this is just about a service provider acting like we expect them to act, not secretly collecting personal information for their own purposes.

    15. Re:It should be illegal..... by hawguy · · Score: 4, Insightful

      I find this attitude so ignorant. How does a company instantly delete backups on redundant servers? How do they delete redundant hard copies kept in closets separated by meatspace? Furthermore, if you upload something to Facebook, and someone ELSE downloads it and saves it to a CD, and you delete it off facebook, should THEY be forced to magically know you deleted it, and delete their copy as well? Does Google have to delete their caches of your facebook page? Or maybe you are saying that Facebook, Google, etc should never make backups?

      Few large companies are using tape when they already have redundant disk storage in redundant datacenters, so typically deletes happen at the speed of replication.

      But if there was interest in enforcing a non-retention policy, regulators could say that no user deleted data can be retained longer than XXX days (maybe 90 or 180 days). This gives time for off-site tape backups to be rotated back and recycled. And plenty of time for remote disk replication to occur. A smart company could think of even more clever ways to quickly and securely delete data. Maybe instead of deleting the data itself, the pointer to the data is deleted (which also holds the decryption key to decrypt that piece of data). Then once that pointer is deleted (along with any backups), the data is unrecoverable even if it's on a WORM drive.

      The truth is that once you upload something to a site like Facebook, it becomes publicly viewable and accessible and ANYONE can download it. The unfortunate truth is that you can never really UNDO that action, and no matter what arbitrary laws or draconian regulations you force companies to abide by, you can never truly take it back, even if you hit the delete key.

      That depends on where I upload it. If I upload an photo where the visibility is set to only allow my girlfriend to see it, then I delete it 2 days later, why should it be recoverable at all? I understand that she may have downloaded it and emailed it to her mother, but I trust her not to do that. So why can't I trust Facebook to not allow it to reappear later in a legal subpoena? Or to resurface 2 years later in a new "undelete" feature that makes all of my deleted content visible?

      The paradigm shift needs to be in how people view sites like Facebook, Photobucket, etc: Don't upload anything you want to keep private. If you want to keep it private, upload it to a company that guarantees your privacy... NOT Facebook.

      Why not a paradigm shift for companies that acquire personal data that requires them to protect that data.

    16. Re:It should be illegal..... by KhabaLox · · Score: 4, Insightful

      -a user, for example, might be permitted to order the company to destroy a key that allows decryption of backed up data entered by the user.

      +1 insightful.

      GP deserves his Informatives too, but P makes a very good point as well.

      Rather than pick positions (e.g. delete it instantly vs. it will be around forever) and evaluate the relative merits or possibilities, it is perhaps more fruitful to understand the motivations for a user to want FB to delete his data, and for FB to keep redundant backups for long periods of time. Once we understand the motivations behind the positions, we can come to a better negotiated outcome (such as the examples P gives) that satisfy both parties. This is the essence of Principled Negotiation.

      (My boss made me read "Getting to Yes.")

      --
      Ceci n'est pas un sig.
    17. Re:It should be illegal..... by hawguy · · Score: 5, Insightful

      "backups"

      That's why I said "reasonable timeframe". I don't expect them to delete the data immediately, maybe provide for 90 - 180 days to allow off-site tapes to be recycled. I'm not even asking for a secure delete, I'm ok with the data being technically recoverable from a disk or tape using forensic analysis.

      Maximum retention times are nothing new in the corporate world.

    18. Re:It should be illegal..... by Capt.+Skinny · · Score: 5, Insightful

      Your mundanity is your privacy

      Perhaps, as long as you remain obscure. But once you become a research target -- being suspected of a crime, mentioned in a news story, or applying for a security clearance, for example -- then all that data can provide seeds for speculation about your motives, integrity, or personality.

      The public IP addresses of my servers are buried in relative obscurity, just another 32-bit number among millions. But if I post a log file to a support forum then you can bet that I'll strip that IP address out.

    19. Re:It should be illegal..... by blueg3 · · Score: 4, Interesting

      Reliably? Yes. Sure, it's easy to delete the copy in the production database. It's harder to prove that if the disks backing the production database were stolen and analyzed, it would be impossible to recover the data. It's harder still to locate and redact every backup of the database that contains the data. (It's even harder still to prove that a copy of the data doesn't persist on another user's hard drive as a result of having viewed the data in a web browser.)

      This is the Cloud Era; you can't reliably delete data any more.

    20. Re:It should be illegal..... by Chris+Pimlott · · Score: 5, Insightful

      Everyone is interesting to somebody, even if it's just their local bartender/coworker/pizza delivery guy/romantic rival... Now it used to be the case that it didn't matter as none of these everyday "mundane" acquaintances had the time, access or expertise to pull together a dossier but today it's pretty trivial.

    21. Re:It should be illegal..... by Galestar · · Score: 4, Insightful

      Except for the fact that you come to me on a daily basis and intentionally and willingly disclose this information to me, after I warned you in my EULA that I reserve the right to do exactly that.

      Should people think twice before they post every stupid detail of their lives on Facebook? Yes
      Should it be illegal for Facebook to do what they do? No.

      --
      AccountKiller
    22. Re:It should be illegal..... by DrDitto · · Score: 4, Funny

      Dude, go smoke some pot or something. You are way too angry for your own good.

    23. Re:It should be illegal..... by ganjadude · · Score: 4, Insightful

      and when "insert random person here" accesses your account and mucks it all up on you..."you" deleted it, but YOU didnt.... than what?

      --
      have you seen my sig? there are many others like it but none that are the same
    24. Re:It should be illegal..... by nitehawk214 · · Score: 5, Informative

      Moderating a Funny post Informative, that should be illegal.

      --
      I'm a good cook. I'm a fantastic eater. - Steven Brust
    25. Re:It should be illegal..... by Intropy · · Score: 4, Funny

      Meta-auto-moderation, that's a paddlin'.

    26. Re:It should be illegal..... by Anonymous Coward · · Score: 5, Insightful

      1) You could revert the next day. The OP didn't say it should be deleted instantly, just within a reasonable amount of time. Keeping data for 1 month to allow user reversals and another 5 months for backup tape recycling is reasonable. Keeping your data for years like they do now is a different matter.

      2) This backup/restore function you speak of is not available in Facebook anyway, despite them having the data available forever.

    27. Re:It should be illegal..... by avgjoe62 · · Score: 4, Insightful

      You are special AND unique, just like everyone else...

      --

      How come Slashdot never gets Slashdotted?

    28. Re:It should be illegal..... by pclminion · · Score: 4, Interesting

      And if your life was any interest to anyone, there'd be people working a lot harder to penetrate your privacy.

      You're trying to look at an elephant through a microscope. The danger isn't the violation of any one person's privacy. The danger is the emergence of a kind of "total information awareness," where inferences can be drawn on larger social scales. For instance, detecting when a protest is about to materialize, measuring the effectiveness of propaganda techniques, tracking politically unfavorable trends in conversations, etc.

      I'm not in principle opposed to the ability to do that, but right now the ability is very one sided. Facebook (as well as any government who can order them to do things) has all the information. We don't.

    29. Re:It should be illegal..... by N1AK · · Score: 5, Insightful

      How about you stop trying to decide what should happen to other peoples data for them. I'm perfectly happy with Facebook keeping everything I delete by default. I would however appreciate the ability to actually delete something if I ever wanted to (which thus far hasn't happened). I would also like it if they were up front about what they're doing. It is misleading to call it deletion, which most people understand to mean it will cease to exist at some point, and then keep it indefinitely.

    30. Re:It should be illegal..... by JAlexoi · · Score: 4, Insightful

      How about you stop trying to decide what should happen to other peoples data for them.

      My reaction to that statement is - WHAT!?!?!?!
      It's the owner who is removing it, not someone else. Just because you want your data to be stored for years, doesn't mean that I should be deprived of the option to remove it permanently. If anything, current situation takes away my choice to remove the information permanently, while not affecting you in any meaningful way.

      PS: And if they want to do business in EU, they have to comply with the rules people of EU set out.

  2. Clicked on this, clicked on that by ackthpt · · Score: 4, Insightful

    Sure, a flood of data looks mundane, but combing it with the right filters probably tells lots of interesting stuff, like the DNA of relationships and interests. I can only hope mine is utterly meaningless. I've tried very hard to ensure that eventuality.

    --

    A feeling of having made the same mistake before: Deja Foobar
  3. Uh, what? by twotacocombo · · Score: 5, Insightful

    This article's summary is rather baited. I fail to see how see how this guy "learned the hard way". It's not like they rolled up with a truck and dumped reams of paper in the middle of his living room. He received a CD with files in an easily searchable format. I'm sure he knew going into it he wasn't going to read through it all in a night, and probably doesn't contain any surprises. If anything, Facebook "learned the hard way", now that they have to divulge the massive amount of data that they store, upon request, which means they must employ people to do this. Are the costs incurred outweighed by any profit produced by hoarding this particular information?

  4. Not that uncommon by james_van · · Score: 5, Interesting

    I've worked for a number of tech companies that dont actually delete anything, the simply mark the record "deleted" in the database. It's a pretty common practice that didn't really ever get talked about until it came to light that Facebook did it. Let's face it, once something is out there, it never ever really goes away, whether it be on Facebook or somewhere else,

    1. Re:Not that uncommon by Trepidity · · Score: 5, Insightful

      Except for the company's own data, of course: then they manage to remember how to really delete data, e.g. old emails after N days, so that no future nosey prosecutor can dig it out of the database.

      --
      10 PRINT CHR$(205.5+RND(1)); : GOTO 10
  5. Re:There is a clear difference by a+whoabot · · Score: 5, Informative

    I think I agree with you. I never understood why people complain about what sites do when all of what they do is in the terms.

    From what I can tell, pretty much everything there is to know about how your data is used by Facebook is on:

    http://www.facebook.com/legal/terms
    http://www.facebook.com/full_data_use_policy
    http://developers.facebook.com/policy/
    http://www.facebook.com/ad_guidelines.php

    All that comes in at about 15000 words. Sure, this will probably take you more than a few minutes to read and understand, unless you are Lt. Cmdr. Data. But if it is so important to you, than why not spend the time?

    I have an feeling that people are either too lazy for their own good, or just like to see injustice where there is none because they like the feeling of righteous indignation

    Sorry, I don't usually rant; please, anyone, do not take this post as impugning you personally; and I am probably missing many good counter-points.