That embarrassing party shot of you and that hot dog may still come back to haunt you - photos posted on social networking websites can often be easily viewed even after users attempt to delete them, according to a study by security researchers at the University of Cambridge. Researchers posted photos on 16 social networking and …
"A Facebook spokesman told the BBC: "URLs to photographs may continue to exist on the Content Delivery Network (CDN) after users delete them from Facebook, until they are overwritten. Overwriting usually happens after a short period of time.""
I guess this is one of those times where you can say "With respect, that's bollocks!"
also, what does "short period of time" mean? The grand canyon was carved in a short period of time.....5 million years!
The undead pics from the vaults of the underweb!
There's a lot of interesting stuff in Google's cache as well
which often provides an easy in to locating this sort of material (primarily tasteful semi-nude self portraits captured via the delightful medium of a bathroom mirror).
Simple rule of thumb: don't put your shit on the Internet and maintain anonymity.
Web 2.0 sucks.
You... you mean...
that if I post stuff on t'interwebtubess, it might escape my control?? No, surely not, that's just implausible....!
Even if one takes what the Facebook spokesman told the BBC at face value, he's still admitting Facebook taking a sloppy approach to user privacy. It's pretty trivial for the "delete" process to do a standard 1-pass random wipe of the image file.
Remember those TOS change protests?
The ones about "Facebook is trying to own users' lovingly-crafted content!"? This is why those TOS changes to those sites were made in the first place: the sites know that there's no way with the current processes to ensure that photos and anicillary user content can be caascaded reliably through not jsut databases but also large numbers of content caching servers, some of which aren't even under the website's control.
Shows how little these Web 2.0 wonks know. A decent system will have a notification service that allows different parts to subscribe to messages about the creation, updating and deletion of various things. In this case, the social networking site's account servers should publish a deletion event for the user's photos. The CDN servers (fancy, Web 2.0 name for static servers) would respond to the message by deleting the photos. This should take as long as it takes the message to propagate through the network.
It's all part of a decent event based system, and there's a load of software out there to accomplish this from big commercial packages like MQ Series to open source ones like OpenAMQ. The trouble is, most web application developers I encounter know bugger all about architecting a decent system.
Lord Of The Flies
People, not wanting to sound old and crusty, but if you just study the history of Facebook and do some (deep) research, you will clearly discover that this is not a company founded on good will, but like an oil company, it will do anything to make money. (It's very origins are dubious.) Just as Google got burned with their Street View feature, these companies are run by people who while very savvy, are too young to be aware of their station. Meaning, they don't know the difference between right and wrong. Microsoft, for all their flaws, are run by wiser people who probably shudder at the blatent missuse of public trust by their younger competitors or partners. (Microsoft's service was proven to be the most reliable at deleting files.)
The decade of appalling (and embarassing) voyouristic celeb culure, 'reality' TV and worse has sadly created a generation of self serving people (and politicians, in particular here in the UK) who should not be in any position of power.
Wasn't the issue of deleted, but not really deleted, files one of the things which caused considerable consternation during the Iran-Contra affair over 20 years ago? Will humanity never learn?
No Michael, it is actually that easy
Consider yourself reported to the analogy police.
Any file system since the year dot has removed or marked as unavailable the link between the filename and the bucket of bits it represents. No matter how careful you are to record the filename it won't do you a bit of good. Even before the bits have been replaced.
Facebook are apparently failing to perform even this basic step, which would be enough really. I also fail to see how it would be infeasible for them if it is feasible for other Web 2.0 soilpipes like Flickr. Possibly beyond them, but not infeasible.
"This is pretty much the way every disk drive based operating system has "not actually" deleted files"
Bad analogy. If I delete a file and then ask for a listing, the file isn't there even if the bits that made up the file are still physically there on the disk and I can't just open it up by passing the filename as an argument to my text editor. What Facebook and co are doing in effect is performing the delete from the directory, but allowing me to still open the file in my editor. Not good OS design or web app design.
"If you have the opportunity to keep a "careful record of the URL associated with the photos" you may as well keep the photos.
As anyone who has viewed the photos might."
Actually it is easily accomplished when just right-clicking -> Copy Image Location
Most Web pages do this to point directly to images.
You should never expect anything that is put on the internet to remain anonymous for long, or that it will go away after time. This is why I have never set up a 'Blog' or a social networking account, and never will.
Some arse is doing a PHD in social networking sites, thats akin to a PHD in brothels.
McDonalds for him
"You should never expect anything that is put on the internet to remain anonymous for long, or that it will go away after time. This is why I have never set up a 'Blog' or a social networking account, and never will."
The same could be said for posting under your own name in "comments" - then again maybe Christopher Ahrens is a pseudonym
How do *you* know about the hot dog pic?
@ Vision Aforethought
'The decade of appalling (and embarassing) voyouristic celeb culure, 'reality' TV and worse has sadly created a generation of self serving people (and politicians, in particular here in the UK) who should not be in any position of power.'
Excellent! do you want to form a political party?
Your 14 aren't you?
Re: Not really easy
" This is pretty much the way every disk drive based operating system has "not actually" deleted files since day 1... "
No it's not. When you delete a file, someone who only has the filename (eg /home/aorlowski/photos/dragnight.jpeg) can't see in any more, but this is exactly what Facebook lets you do. "Delete" means "deLIST" and it's still on the master file list. THAT's the problem.
We're not talking about memorising URLs -- what if someone links to the photo from their blog? The average user would expect that link to stop working when they delete the photo. They should get what they expect.
Posting something on the Internet means you lose control of it
in other news: snow is cold, night is dark, water is wet
Proof of the adage that an infinte number of monkeys banging on a typewriter will one day output Shakespeare...
Your the monkey sadly that one the face of it is banging out something intelligent and coherent... Wait... I lied..
Your orginal post about the way disks store images and the way the links worked in the story is complete and utter twaddle, I'm downright surprised that you poke your head back in to the same set of comments with yet another poorly conceived set of ideas..
Well, opinions and arseholes and all that.
same must happen with e-mails
I'm pretty sure msn, yahoo and other e-mail providers must keep all our deleted e-mails. Like tigger said, post something on the Internet, you no longer have control.
- World's OLDEST human DNA found in leg bone – but that's not the only boning going on...
- Lightning strikes USB bosses: Next-gen jacks will be REVERSIBLE
- Pics Brit inventors' GRAVITY POWERED LIGHT ships out after just 1 year
- Facebook offshores HUGE WAD OF CASH to Caymans - via Ireland
- Microsoft teams up with Feds, Europol in ZeroAccess botnet zombie hunt