‹ Back to the blog listDon't Be an Ostrich

Ostrich-C-100prcent.jpg

 

Please... delete me?

Let's say you decide to leave a social media site, or perhaps you want to delete an email account...

Maybe you've been getting weird or threatening messages, or you've realized that you're overexposed. Or worse, you've said or uploaded something you've come to regret. 

To undo the damage you want to delete your account…

So you hunt for instructions. Often this takes a while — many sites make it a bit tricky. But you're persistent, and eventually you tick all the right boxes, and finally you get to push the button...

DeleteYourself-B-50percent.png

 

So now what happens?

Usually not much.  

Shockingly, nothing is actually deleted. What usually happens is, your account is simply deactivated. You can't log in any more, and you are no longer visible to other members on the site, and in some instances your posts will be unlinked, but in almost all cases that's about it.  

Everything you did — every character you ever typed, every photo you ever uploaded, every friend you ever made — none of it is actually deleted. Not one single byte. 

Other users can no longer see you, but everything about you remains in backup files and other formats, often for a very long time. It's all available to anyone authorized to look, and in an increasing number of cases, they can actually browse your pages as if your deletion or closure never happened.

 

Why can't they do it?

There are three reasons. The first is technical, the second is driven by business considerations, and the third results from legal imperatives. We'll touch on each briefly, but the important thing to understand is the net effect... stuff simply doesn't go away. Ever.

From a technical viewpoint, most sites run on clusters of machines, some of which serve up web pages and some of which hold data. In order to give a site global reach and rapid response time, multiple copies of the data are often made, and often to different regions. 

ServerRacks-66percent.png

Additionally, in order to restore a failed server or cluster, many hot and cold backups are made... so many that it becomes impractical to search it all to delete stuff. It's vastly easier to just mark the account as inactive.

There are business reasons as well.  Although you have closed your account, data about you is still valuable to advertisers or others. Plus, they can hope to lure you back, and if you do decide to return they can offer to restore you to where you left off. Nice of them, eh?

Legal requirements can also play a large role. Many sites and services are subject to regulations that require some kind of data retention, along with the ability to provide information when legally mandated to do so.

 

Don't be an ostrich

Although ostriches don't really bury their heads in sand when frightened, humans sure do, at least when it comes to their online presence1.

Human-HeadInSand-50percent.png

Almost daily we hear people say, "I deleted my emails (or whatever) to protect my privacy".  Or, "I turn off logging so there's no record of what we said". 

Seriously, we hear stuff like that all the time, and a large number of people seem to believe it works.

It doesn't.

Of course, there are good reasons to close an account, including to evade being spammed or stalked. Or simply to get rid of an account on which you realize you said too much, and you don't want every ol' Joe to read anymore.

However, don't imagine for a moment that just because you closed or deleted an account that the data in it actually disappears. Simply because it's now out of sight and out of (your) mind does not mean it's gone. 

You may feel better because you can't see it anymore, but remember that anyone authorized to internally access that service can still see everything. And that's usually an extremely large number of people - read about their privacy policies.

Worse still, data in backup silos is a juicy target for hackers, just ask any member of Ashley Madison. Or take a look at this privacy tool from the New York Times.

 

Lying by omission?

Here's a slightly paraphrased version of what many companies say about turning off an online service...

When you turn off [our thing], we will delete the data associated with it

Sounds good, right? But ask yourself, do they really mean ALL the copies of your data, including offline backups in some data tunnel, probably deep under a mountain? 

DataTunnel-66percent.png

Are they really going to send a couple of guys to walk the racks finding all the places to which your records were backed up, and delete just your stuff? Or do they just mean they'll delete the active copy? Think about it. You tell me.

 

Forced to omit!

Many companies make philosophical privacy policy statements, which go more or less like this...

We believe in being as transparent as the law allows regarding what information is requested from us

Of course they do, but notice the carefully-worded qualification, "as the law allows".  What does that really mean?

It turns out that in a frightening number of cases companies are not allowed by law to tell you that information has been requested. Think about that too.

 

In their defense

Online services reasonably point out that there's little purpose to their deleting something you've posted because anyone who's already seen it could have saved a personal copy.  All that really can be done is to prevent new people from seeing something, which deactivating the account does accomplish.

This is perfectly valid, and it underscores our point: Stuff doesn't go away. Ever. That's what makes a protected system like Merlin so valuable.

 

So here come the questions…

Why trust any of it?  Why fuss with trying to understand who's telling how much truth? 

Why not just use Merlin? 

We don't ask for any personal or identifying information, and you can even pay anonymously. 

Plus everything is encrypted all the time, and only you have the keys. 

So even if by law we can't tell you about some secret request we receive, the most we can possibly reveal is your Kahuna™ ID, which can be any meaningless string you devise, the amount of credit you have remaining, expressed in bytes, and in very rare cases, a small amount of indecipherable data (because it's encrypted) if you sent something to someone who hasn't picked it up yet. That's it.  

Why not just use Merlin? 

MerlinEarthIcon-Green-10percent.png

 

Oh, and one more thing...

If you ever want to get rid of Merlin, you don't have to bother asking us to close your account or delete you... we have no access to your data and we don't know anything about you in the first place!


1. If they did, they couldn't breathe.  What they're actually doing is turning their eggs.

 

Published on 2016-04-15 by:
avatar
Nancy
Information Custodian

Matters most: My kids, great sunsets, and freedom!