Highlights
A disturbing revelation about Twitter has emerged recently. According to TechCrunch, a security researcher named Karan Saini has discovered that the microblogging platform apparently holds onto deleted messages for years after their deletion by one or even both parties.
Saini discovered years-old messages in a file which was a part of his Twitter archive. The file included messages that he claims had been deleted, but more shockingly, were from accounts that had been suspended. Twitter allowed users to unsend direct messages by deleting it from their own inbox, but Twitter disallowed this a few years ago. Twitter now allows users to delete messages from their inbox only, but what Saini found was that even when both users had deleted a message from their respective inboxes, Twitter still held onto a copy for years. In fact, Twitter was also found holding onto messages from accounts that have been suspended. Twitter says in its privacy policy that anyone wanting to leave the service can have their account “deactivated and then deleted.” After a 30-day grace period, the account disappears, along with its data. Clearly, that has found to not be the case here.
This revelation raises serious concerns about the integrity of the “delete” button. However, while Twitter may have been found to be in violation of its own privacy policy, both Facebook and Google do state clearly in theirs that they may retain used data even after it has been deleted by the user, or the account removed altogether.
A Twitter spokesperson told TechCrunch that the company was “looking into this further to ensure we have considered the entire scope of the issue.” Twitter does now face a difficult situation not just with user trust, but also with the implementation of Europe’s GDPR law.
Related Reads: Twitter testing pop-up mini profile to make threads easier to read