Their defence doesn't hold much water. But then, I can't imagine any excuse that would satisfy me.
They say “The onus is on us is to take all the data and scrub it,” said Arturo Bejar, a Facebook director of engineering. “What really matters is what we say as a company and back it up.”, except their track record on that matter isn't exactly stellar.
We know they don't actually delete messages or things you delete on FB, they just mark them "deleted". With that attitude to "deleting" things, what does it even matter?
And I don't care if they promise the data is not used for targeting ads, that is just one of the many ways this type of data can be abused.
The argument they use it to prevent "spam and phishing attacks" also seems dubious to me. How does that work? And the cookie that's kept contains just your facebook ID, so wouldn't that be trivial for spammers and phishers to work around?
And the most important thing is, they might act all innocent about it now, that they did it with the best intentions and not to continue tracking people after they log out. Let's believe that and lets assume this behaviour doesn't involve any other privacy implications: Facebook is by now well known for their feature-creep, if we hadn't caught them red-handed now, what's to say they wouldn't be using this data in a few months from now?
Sorry but it's all bullshit. Facebook doesn't care one bit about their user's privacy, they've made that perfectly clear by now, and them pretending to do otherwise in this article is absolutely laughable.
We know they don't actually delete messages or things you delete on FB, they just mark them "deleted". With that attitude to "deleting" things, what does it even matter?
I've never written a web app that actually deletes data.
The argument they use it to prevent "spam and phishing attacks" also seems dubious to me. How does that work? And the cookie that's kept contains just your facebook ID, so wouldn't that be trivial for spammers and phishers to work around?
Actually its an attempt to make life easier on users. When you log in from another machine they sometimes use enhanced measures to confirm your identity. By keeping the cookie they get more confirmation that you are you.
I'm not justifying it. There's ways to prevent this that weren't taken. But I can see what they're trying to do.
The big webapp I'm working on moved from deleting data to adding delete flags over the 7 years of its existence. There are two reasons for this, none of it involves tracking users.
For one, a lot of the data is synchronized to offline applications.
If you just delete the data on the server, it's gone and it becomes impossible to tell clients that they have to remove their copy. In this case, I could keep a second list of deleted items around and synch only that of course, but that would mean additional work and it wouldn't help for the other case:
Many times, end users wanted us to restore some data for them that they accidentally deleted. Back in the days that meant restoring the backup, and merging the backup with the current live data. A risky, complicated and thus expensive process.
Nowadays, I just set the delete flag to false and the problem is solved.
On the other hand, the data we are dealing with isn't nearly as sensitive as Facebooks and it's never shared between users.
It's often a performance, scalability, and safety decision as well. The optimal way for a web app to truly delete data is during an asynchronous garbage collection process. It's a lot easier to just mark the object as deleted.
Facebook does delete all data associated with an account after it is deleted. An account is deleted after you indicate that you want to delete it (via a form in your account settings), and 2 weeks passes without you trying to reactivate the account (by logging into it). And yes, I do mean the permanent, irreversible kind of deleting. (I work at Facebook.)
I'd like to believe you. I really would, but I'm sorry to say that I can't.
About an year ago I deleted my Facebook account permanently. I even got a confirmation email after 14 days telling me I had deleted it. However, three or four months later I was forced to sign up for an account again[1]. After I logged in, Facebook showed me a list of "suggested friends". Note that I had zero friends at this point. Guess what, every single person I had added as a friend in my previous account was in that suggested friends list. How is that possible if Facebook is not retaining information about me? You guys are obviously associating something with my name and email address. That, or you're telepathic.
So no, I don't believe you. I don't believe Facebook deletes any information at all.
---
[1] The info for every event I wanted to attend was on FB. Classmates talked about college and swapped notes on FB. People planned meetups and reunions on FB. It's scary how much happens on FB instead of face-to-face/phone/email now.
Facebook could have stored your email address as part of your friend's account, eg "an email address this person is friendly with". Your account, posts and friends and all, are gone, but you leave traces of yourself with your friends. These traces could be reconstructed.
Without knowing the exact details of your case, this sounds like the correct explanation. The friends you saw were probably ones who have used Facebook's contact importer, and so their accounts had a record that your email address was a known contact. All of your wall posts, photos, friend lists, and other activity were actually dropped from Facebook's databases.
I've had similar experiences as well. I don't believe a word of Facebook's stated policies. Their employees defending them here is even more laughable. We've sold our souls to the devil. How did we ever get in this mess?
Maybe that's because your interactions with this account weren't deleted. Maybe you still were mentioned in walls, or people you chatted with still had the history of messages.
That's just a guess, I don't work at facebook, but I think even if they delete everything, they won't delete every piece of data you may left on other people's profiles.
I honestly don't believe that. (How could you or Facebook prove that?)
I deleted my account a few months ago. However I have no way of verifying if all that data is gone for good, overwritten with some new persons data to sell to marketers.
But the reason I deleted my Facebook account is because I just don't trust Facebook.
One way to 'prove' that would be if Facebook can support such claims in legal documents or terms and conditions. Well technically it's not really a proof, but I will accept it.
Maybe it's time to institute outside audits on these apps. That would be a useful direction for something like the BBB to move into if they want to get out of the extortion business.
This is what really matters to me. If they don't delete messages or posts while I still have an account, than who cares. But if I decide to close my account permently, which I did yesterday, then why should they keep all the data they have for me. It's no help for me, it's not convientent in any way. It seems like the only reason they would keep it would be for their own use.
They say “The onus is on us is to take all the data and scrub it,” said Arturo Bejar, a Facebook director of engineering. “What really matters is what we say as a company and back it up.”, except their track record on that matter isn't exactly stellar.
We know they don't actually delete messages or things you delete on FB, they just mark them "deleted". With that attitude to "deleting" things, what does it even matter?
And I don't care if they promise the data is not used for targeting ads, that is just one of the many ways this type of data can be abused.
The argument they use it to prevent "spam and phishing attacks" also seems dubious to me. How does that work? And the cookie that's kept contains just your facebook ID, so wouldn't that be trivial for spammers and phishers to work around?
And the most important thing is, they might act all innocent about it now, that they did it with the best intentions and not to continue tracking people after they log out. Let's believe that and lets assume this behaviour doesn't involve any other privacy implications: Facebook is by now well known for their feature-creep, if we hadn't caught them red-handed now, what's to say they wouldn't be using this data in a few months from now?
Sorry but it's all bullshit. Facebook doesn't care one bit about their user's privacy, they've made that perfectly clear by now, and them pretending to do otherwise in this article is absolutely laughable.