Facebook has been using a secret tool to delete messages sent by its executives from the inboxes of their recipients, without disclosing the deletions to the recipients – or even recording that there was ever a message there in the first place.
If you send Mark Zuckerberg a Facebook message, in other words, he has a copy for ever. But if he sends you one, he can reach into your inbox and pluck it out of existence.
The tool was discovered by TechCrunch, which noticed a discrepancy between emailed receipts of Facebook messages being received (which Facebook cannot retract) and the actual contents of Facebook inboxes. Tellingly, the replies to the messages sent by Mr Zuckerberg remained in the chat logs, preserving a one-sided history of a two-sided conversation.
Facebook says the change was made following the 2014 Sony Pictures hack, when a mass data breach at the movie studio resulted in embarrassing email histories being leaked for a number of executives, ultimately costing co-chair Amy Pascal her job.
“After Sony Pictures’ emails were hacked in 2014 we made a number of changes to protect our executives’ communications,” Facebook told TechCrunch. “These included limiting the retention period for Mark’s messages in Messenger. We did so in full compliance with our legal obligations to preserve messages.”
But the lack of disclosure has angered some Facebook users, as has the absence of any similar tool for normal users.
Since 2016, normal Facebook users have been able to send disappearing messages using an encryption feature in Messenger, but they cannot turn the tool on retroactively, and cannot erase any sent messages older than 2016.
By contrast, messages from Mr Zuckerberg that are older than four years old seem to comprise the bulk of those deleted, according to TechCrunch.
Data breach
News of the inbox-tampering broke as Facebook chief operating officer Sheryl Sandberg was apologising for the Cambridge Analytica data breach.
"We made mistakes and I own them and they are on me," Ms Sandberg told the Financial Times. "There are operational things that we need to change in this company and we are changing them. We have to learn from our mistakes and we need to take action."
Her comments echoed Mr Zuckerberg’s earlier statement that the data breach was “my responsibility – I started this place. I run it. And I am responsible for what happens here.”
Ms Sandberg also shone some more light on a second apparent data crisis at Facebook: the news that “most” of the company’s billions of accounts have had their data “scraped” by unknown third parties abusing a user search tool.
"We had a feature we could look up people by name or email, and that was important for finding people," Ms Sandberg said to Bloomberg. "And someone made a directory they shouldn't have made with that information. But to be very clear and specific all of that was public information. That was information that was already publicly available on Facebook." – Guardian