A lot of the article focuses on DMs sent from eventually deleted/suspend accounts being accessible from the receiving account.
When you send a message to another account, it's in their account now. Of course it's not going to disappear along with your account.
This had been the canonical behavior of messaging clients for forever. Email obviously, but also IM, chat find, etc. (Trying to remember about BBSs.) Once you press send it's not yours anymore.
This should 100% be the expectation of users anywhere they go. Once you press send, do not count on being able to withdraw it under any circumstances.
Does this genuinely surprise people or is it a slow news day at TechCrunch?
> When you use features like Direct Messages to communicate, remember that recipients have their own copy of your communications on Twitter - even if you delete your copy of those messages from your account - which they may duplicate, store, or re-share.
The article actually starts by acknowledging that there used to be a feature called "Unsend", and that the issue being reported here is NOT about that. From what I understand, Twitter keeps storing messages that the _recipient has deleted_ even after the _sender account was closed_. I don't think it would be an unreasonable expectation to see these messages deleted from Twitter storage.
The question IMO is, at what point should you stop storing a message that no user can actually access anymore? That data is not good to keep for anyone, since both sender and recipient expressed a desire to delete it.
Not to sound like an ahole but I presume Twitter would argue it's __their__ message (in the sense that it's on their platform). with the sender and recipient having access to it. Once you hit submit you've forfeited "direct ownership" of the message.
AIM (AOL Instant Messenger) had a similar policy, which, I think, if I remember correctly, was a defining moment for AIM, and once again, for AOL.
The EULA for AIM was such that your messages became AOL’s intellectual property. Not only that you could not sue AOL Time Warner for possibly scripting and producing a movie and thus profiting from one of your instant message conversations or chat transcripts, but that maybe they could sue you for trying to do the same, and win.
I had this feeling, the moment that showed up in the news, that AOL’s days were numbered, and I was right. Other companies soon released chat functions, including Google and Facebook, and now AIM is gone. It was a signal that AIM was unsuitable for enterprise messaging, and no one excpet teenagers should bother with it, and wventually the teenagers that did use it, grew out of it, and moved on, and the rest is history.
Yup. The last time I went to delete a DM thread a couple months ago FB gave me a warning that the delete was only from my end and that the thread would persist on the receiving end.
As an example, you can delete your messages in telegram. Even in Slack. I think it is reasonable to allow user completely erase its own history from the server.
Nope, "your messages" once they have been received by someone now belongs to that person too. If you say something crazy to me, you shouldn't get to deny it by deleting your messages. If I levy an accusation, I should be able to prove it by showing my message history...
Screen it if you want. Why are you chatting with person who can say something crazy to you in the first place?
I don't treat this feature as something bad, maybe it was a typo in message or just miss-click, so, allow to modify it. Maybe I sent some intimate information and don't want to keep it in history but trust person wouldn't screen it.
How would you prove your message history was not adulterated?
The easiest way would be to check the logs of the service itself, but what if those were deleted and only your local copy remains?
The judge would decide. If the app was on a secure platform (android/ios, non root/jailbroken), you could argue that the logs are genuine because the platform prevents you from manipulating the logs. The onus would be on the other party to prove that the logs were fabricated. I wouldn't count on it to secure a criminal conviction, but it would suffice in civil cases.
Those are chat services, which are obviously a different model. Twitter operates their DMs much more like mail or email. If you were allowed to delete the DMs you sent, you could easily threaten someone, then remove the offending message... which is exactly the issue they are having with harassment on the platform in its current iteration.
Maybe, instead of thinking that language is ephemeral, we should realize that what we say has lasting consequences. Maybe then we wont be so mad when we can't take what we said back.
What we say has lasting consequences, but we're not giving a deposition when socializing. We have no mechanism to show how we've evolved over time on any currently contentious issue - a weak "that was a long time ago" doesn't tend to matter. The ability to forget what is no longer important is a trait that is crucial to our brain function, and it stands to reason that it is crucial for a society.
I find Twitter DMs to be very much like a chat. It has the UI of a chat app and messages are stored on a centralized service. What makes it obviously a different model and more like email or mail?
It is indeed arguable what it looks like, but even within chat/IM applications, there is no consensus or convention on should the message be retractable or not. People shouldn't expect one or the other.
I wasn't making an argument either way about retracting messages. I was just surprised that someone would think that the DMs are obviously like e-mail when the UI looks like FB Messenger or Hangouts and message storage and transmission is controlled by a single company. I'm still curious to know how it's like e-mail.
Should a person be able to delete an email they sent to someone else after the other person has received it? How about a letter you mailed? Should you be able to go into their house and take the letter back? It’s like trying to unring a bell. Once you send it, you no longer own it; the recipient does.
One of the hardest concepts to explain to non-programmer friends/family is that deleting anything in an app is usually flipping a boolean flag in the database from False to True. And even for the rare cases of actually deleting the record or updating the field value, it likely exists in backups somewhere.
> We keep Log Data for a maximum of 18 months. If you follow the instructions here (or for Periscope here), your account will be deactivated and then deleted. When deactivated, your Twitter account, including your display name, username, and public profile, will no longer be viewable on Twitter.com, Twitter for iOS, and Twitter for Android. For up to 30 days after deactivation it is still possible to restore your Twitter account if it was accidentally or wrongfully deactivated.
> If Twitter Content is deleted, gains protected status, or is otherwise suspended, withheld, modified, or removed from the Twitter Service (including removal of location information), you will make all reasonable efforts to delete or modify such Twitter Content (as applicable) as soon as reasonably possible, and in any case within 24 hours after a request to do so by Twitter or by a Twitter user with regard to their Twitter Content, unless otherwise prohibited by applicable law or regulation, and with the express written permission of Twitter.
When I worked at Gnip this requirement was a constant headache for customers, precisely because deleting data is so hard.
And that only reaffirms and proves correct, the comment to which you have replied.
When the user deletes something, it is not destroyed instantly. Instead, it is rendered inaccessible to a broad class or ordinary users. Meanwhile, the systems do still retain the ostensibly deleted data, even if for an hour or 30 minutes, while other, more powerful actors might still have the ability to access and read something the individual thinks is destroyed and gone forever.
That does not actually say that Twitter will delete your account in any specific timeframe. Given the mostly-public nature of Twitter, it's sort of a moot point, but still. Ambiguity should be held against the drafter, especially in privacy policies. On Twitter's deactivation page, it doesn't say they'll delete your data either.
A lesson on how to delete user data but still keep it. RE the headline, i'm not sure. "News flash, mega tech corp thats business model is based on accumulating data has been accumulating lots of user data."
That may've been true before, but in a post-GDPR world, you better delete it (assuming you're serving European users) -- unless of-course there's a legal reason to hold onto the data.
Skype too. Skype stores your voice mails and video messages forever[1]. I’m not sure about text messages, but I wouldn’t be surprised if they store all messages even if both the sender and recipient deleted them.
[1] Details: Clicking on Preferences -> Privacy -> Delete history (OS X), or Options -> Privacy Settings -> Clear history (Windows) pretends to delete the voice/video messages but it merely hides them from your view. If you re-install Skype on the same computer or run Skype on a different computer, all those "deleted" voice mails and video messages re-appear. The delete and clear buttons don’t do what they claim.
That pretty much only applies to emails sent within the same organization/network. If you send an email outside your organization/network, you generally can't recall those back.
It's a bit disingenuous to expect Twitter or any other social media to actually delete deleted data, except perhaps through a GDPR request or similar. Plus, if your account gets hacked and deleted, or if you delete the account and rejoin, you might be very happy that they didn't actually delete anything and are able to restore your account. (I'm not a fan of social networks or what they do with our data, but the database administrator in me tends to side with them on that front. Keeping data around is a lesser evil than losing it.)
A general privacy principle is that if the user requests the service provider to delete the user's data, then the service provider should comply, unless there are legal injunctions.
It's arguable about user expectation for direct messages on twitter, given there is a sender and receiver and Twitter in the middle, but what is not arguable is that if both users delete the message or their accounts, then the messages should not be retained by the Twitter.
Your instincts are correct. I happen to know that DMs at Twitter are (and most likely still) stored in a sharded MySQL store[0]. Deleted DMs and tweets are "tombstoned", and not actually deleted via a DELETE, which has pretty terrible performance characteristics in MySQL
I don't think anyone using these social media networks expects perfect privacy, therefore I have no idea why this article is so popular. We'll have close to perfect privacy in some networks running on Ethereum, 10 years from now. You can quote me on this one.
My first thought when people bring up deleting things is backup tapes. Sure it might or might not be "deleted" from the live data set, but it's almost always gonna live on in backups for probably forever.
It does, but not like you'd think. If the backup is dormant, the right-to-be-forgotten portions can remain there. Once it comes out of cold storage, those RTBF requests have to be processed over the restored data. Although, in most cases, the dormant backups will expire and be deleted as per a data retention plan.
Which part isn't correct? What op described sounds like a good and easy way to do it (as long as you have sane retention periods) and doesn't seem to conflict with the article you linked in any way (in fact, they agree).
In addition you have to tell the customer how long you retain your backups (and only retain them for a reasonable time) and only restore for purely technical reasons.
I agree. I find it hard to believe that anyone is going to transport all the physical tapes from cold storage and look through all the physical tapes.
My guess is that the data is removed on production and recovery sites. The data will be left on tape since they will most likely never see the light of day again.
If people are using a real database, likely there is just a boolean flag for that record getting flipped to True/False to signify deletion. Unless you use mongo, then your shit is probably gone already and you dont even know it.
Because crapping on Mongo is “in” right now. Years ago it used to be “in” to crap on it for its deaign choices, especially its tendency to lose data (seems to be what the parent comment is referencing; see [1] for a summary of some issues from 2013).
More recently it’s “in” for their business decisions, with the relicensing and the rise of API-compatible alternatives pushing some users away.
But yeah, really no reason to mock them in this discussion, apart from going for internet cool points from an audience that may also be critical of Mongo.
When you send a message to another account, it's in their account now. Of course it's not going to disappear along with your account.
This had been the canonical behavior of messaging clients for forever. Email obviously, but also IM, chat find, etc. (Trying to remember about BBSs.) Once you press send it's not yours anymore.
This should 100% be the expectation of users anywhere they go. Once you press send, do not count on being able to withdraw it under any circumstances.
Does this genuinely surprise people or is it a slow news day at TechCrunch?
> When you use features like Direct Messages to communicate, remember that recipients have their own copy of your communications on Twitter - even if you delete your copy of those messages from your account - which they may duplicate, store, or re-share.
I was gonna say... I don't think techcrunch cares whether something is a story as much as they care whether it's a headline.
The question IMO is, at what point should you stop storing a message that no user can actually access anymore? That data is not good to keep for anyone, since both sender and recipient expressed a desire to delete it.
The EULA for AIM was such that your messages became AOL’s intellectual property. Not only that you could not sue AOL Time Warner for possibly scripting and producing a movie and thus profiting from one of your instant message conversations or chat transcripts, but that maybe they could sue you for trying to do the same, and win.
I had this feeling, the moment that showed up in the news, that AOL’s days were numbered, and I was right. Other companies soon released chat functions, including Google and Facebook, and now AIM is gone. It was a signal that AIM was unsuitable for enterprise messaging, and no one excpet teenagers should bother with it, and wventually the teenagers that did use it, grew out of it, and moved on, and the rest is history.
>Once an account has been deactivated, there is a very brief period in which we may be able to access account information, including Tweets.
>including Tweets.
I don't treat this feature as something bad, maybe it was a typo in message or just miss-click, so, allow to modify it. Maybe I sent some intimate information and don't want to keep it in history but trust person wouldn't screen it.
Maybe, instead of thinking that language is ephemeral, we should realize that what we say has lasting consequences. Maybe then we wont be so mad when we can't take what we said back.
It's never gone.
> We keep Log Data for a maximum of 18 months. If you follow the instructions here (or for Periscope here), your account will be deactivated and then deleted. When deactivated, your Twitter account, including your display name, username, and public profile, will no longer be viewable on Twitter.com, Twitter for iOS, and Twitter for Android. For up to 30 days after deactivation it is still possible to restore your Twitter account if it was accidentally or wrongfully deactivated.
And they require developers to delete them too:
https://developer.twitter.com/en/developer-terms/agreement-a...
> If Twitter Content is deleted, gains protected status, or is otherwise suspended, withheld, modified, or removed from the Twitter Service (including removal of location information), you will make all reasonable efforts to delete or modify such Twitter Content (as applicable) as soon as reasonably possible, and in any case within 24 hours after a request to do so by Twitter or by a Twitter user with regard to their Twitter Content, unless otherwise prohibited by applicable law or regulation, and with the express written permission of Twitter.
When I worked at Gnip this requirement was a constant headache for customers, precisely because deleting data is so hard.
When the user deletes something, it is not destroyed instantly. Instead, it is rendered inaccessible to a broad class or ordinary users. Meanwhile, the systems do still retain the ostensibly deleted data, even if for an hour or 30 minutes, while other, more powerful actors might still have the ability to access and read something the individual thinks is destroyed and gone forever.
"It goes in the recycle bin, it'll be gone for good in a couple weeks" is perfectly intuitive, even if database flags are confusing.
"marked as deleted" is not the same as "deleted".
A lesson on how to delete user data but still keep it. RE the headline, i'm not sure. "News flash, mega tech corp thats business model is based on accumulating data has been accumulating lots of user data."
[1] Details: Clicking on Preferences -> Privacy -> Delete history (OS X), or Options -> Privacy Settings -> Clear history (Windows) pretends to delete the voice/video messages but it merely hides them from your view. If you re-install Skype on the same computer or run Skype on a different computer, all those "deleted" voice mails and video messages re-appear. The delete and clear buttons don’t do what they claim.
A general privacy principle is that if the user requests the service provider to delete the user's data, then the service provider should comply, unless there are legal injunctions.
It's arguable about user expectation for direct messages on twitter, given there is a sender and receiver and Twitter in the middle, but what is not arguable is that if both users delete the message or their accounts, then the messages should not be retained by the Twitter.
[0]: http://highscalability.com/blog/2011/12/19/how-twitter-store...
Man that comment popped up a bunch in that blog post, lol.
Tape is no excuse to violating data retention policies.
My guess is that the data is removed on production and recovery sites. The data will be left on tape since they will most likely never see the light of day again.
More recently it’s “in” for their business decisions, with the relicensing and the rise of API-compatible alternatives pushing some users away.
But yeah, really no reason to mock them in this discussion, apart from going for internet cool points from an audience that may also be critical of Mongo.
[1] https://aphyr.com/posts/284-jepsen-mongodb