Most people can live their digital lives assuming they can delete their posts, messages, and personal data from the Services whenever they want to. But this week’s technical hearing called this basic assumption into question.
Peter “Mudge” Zatko, former head of security at Twitter, He told the Senate Committee on Tuesday that the social network does not reliably delete the data of users who have canceled their accounts, expanding on the bombshell allegations he made in Disclosure of violations First reported by CNN and The Washington Post last month.
In his testimony and whistleblowing, Zatko claimed that Twitter does not reliably delete user data, in some cases because it has lost tracking information. Twitter has widely defended itself against Zatko’s allegations, saying his disclosure paints a “wrong narrative” about the company. In response to questions from CNN, Twitter previously said it has workflows to “initiate the deletion process” but did not say if it normally completes this process.
While Zatko’s claims are startling, they were another reminder of Sandra Matz’s “how often we are indifferent” in sharing our data online.
“It sounds very simple, but whatever you offer there, never expect it to become private again,” said Matz, a social media researcher and professor at Columbia Business School. “Pull something off the Internet, press the reset button – almost impossible.”
Arguably, the risks of feeling in control of our data, and of trusting our ability to delete it, have never been higher. In the wake of the Supreme Court’s decision to overturn Roe v. Wade in June, there is now the potential to use search logs, location data, text messages and more to penalize people who search online for information about or access to abortion services.
In July, the Facebook-parent Meta I was subjected to severe scrutiny After news emerged that Messenger messages obtained by law enforcement had been used to accuse a Nebraska teen and her mother of performing an illegal abortion. (There was no indication that any of the messages had been deleted in this case previously.)
Ravi Sen, a cybersecurity researcher and professor at Texas A&M University, said law enforcement and other groups “that have the resources and access to the right kind of tools and expertise” are likely to recover deleted data, in certain circumstances.
Sen said that many people don’t know all the places where their data ends. Any post, whether it’s an email, social media comment, or direct message, is usually saved on the user’s device, the recipient’s device, and servers owned by a company that uses its platform. “Ideally, if the user who created the content ‘deletes’ it, ‘the content should disappear from all three sites,'” he said. But overall, he said, “it doesn’t happen easily.”
Sen said you can reach out to companies and ask them to delete your data from their servers, although many assume they never take that step. He added that the chances of recovering a deleted message from the user’s device decrease over time.
According to privacy experts, the best way to control your online data is to use apps that offer end-to-end encryption. It is also important that Manage cloud backup settings To ensure that private data from encrypted services cannot be accessed anywhere else.
But even with all the precautions an individual can take, once you put something online, Matz says, “I basically lost control.”
“Because even if Twitter deletes the post now, or you delete it from Facebook, someone else may have already copied the photo you put there,” she said.
Matz said she recommends that people be more aware of what they share on the Big Tech platforms. As pessimistic as it sounds, you think it’s best to be overly cautious on the Internet.
“Just assume that everything you put in there can be used by anyone, and it will live forever,” she said.