Most people can live their digital lives assuming they can delete their posts, messages, and personal data from services whenever they choose. But a hearing on the technology in the US this week has cast that core assumption into doubt.
Peiter “Mudge” Zatko, a former director of security at Twitter, told a Senate committee on Tuesday that the social network does not reliably delete the data of users who cancel their accounts. based on the allegations he made in a whistleblower disclosure first reported by CNN. and The Washington Post last month.
In the whistleblower’s testimony and disclosure, Zatko accused Twitter of not reliably deleting users’ data, in some cases because it had lost track of information. Twitter has defended itself against Zatko’s allegations, saying his disclosure paints a “false story” about the company. In response to questions from CNN, Twitter previously said it had workflows to “start the removal process” but did not say whether it would complete it.
While Zatko’s allegations are startling, it’s also just another reminder to Sandra Matz about how “we can sometimes be thoughtless” about sharing our data online.
“It sounds very simple, but whatever you put out, never expect it to be private,” says Matz, a social media researcher and professor at Columbia Business School. Again”. “Getting something from the internet, hitting the reset button – almost impossible.”
The deposit to feel in control of our data, and confident in our ability to delete it, has arguably never been higher. Following the Supreme Court’s decision to overturn Roe v. Wade in June, there is now the ability to use search history, location data, text messages and more to punish searchers. online information or access to abortion services.
In July, Facebook’s parent, Meta, came under intense scrutiny after it was reported that messages sent via Messenger and obtained by law enforcement were used to charge a teenager with a crime. Nebraska teen and her mother had an illegal abortion. (There is no indication that any of the messages in that case were previously deleted.)
Ravi Sen, a cybersecurity researcher and professor at Texas A&M University, said law enforcement and other groups “have the resources and access to the right kind of tools and expertise” It is possible to recover deleted data, under certain circumstances.
Sen said many people don’t know all the places where their data ends up. Any post, whether it’s an email, a social media comment, or a direct message, is typically saved on the user’s device, the recipient’s device, and the company’s owned servers. platform you used. “At best,” he said, “if a user creates content that ‘deletes content’, then that content disappears from all three locations.” But overall, he said, “it doesn’t happen so easily.”
Sen says you can contact the companies and ask them to delete your data from their servers, although many probably never take this step. The chances of recovering deleted messages from a user’s device decrease over time, he added.
According to privacy experts, the best way to control your data online is primarily to use apps that offer end-to-end encryption. It’s important to manage your cloud backup settings to ensure that private data from encrypted services remains inaccessible elsewhere.
But even with all the precautions an individual can take, once you put something online, Matz says, “you’ve basically lost control.”
“Because even if Twitter now deletes the post, or you delete it from Facebook, someone could have copied that picture you put out there,” she said.
Matz said she advises people to be more mindful of what they share on Big Tech platforms. As pessimistic as it sounds, she thinks it’s better to be overly cautious online.
“Assuming everything you put out there can be used by anyone, and will last forever,” she says.