Feeds

Undead deleted photos linger on social networking websites

We're coming to embarrass you, Barbara!

3 Big data security analytics techniques

That embarrassing party shot of you and that hot dog may still come back to haunt you - photos posted on social networking websites can often be easily viewed even after users attempt to delete them, according to a study by security researchers at the University of Cambridge.

Researchers posted photos on 16 social networking and Web 2.0 websites, keeping a careful record of the URL associated with the photos, before deleting the images. Even after this supposed deletion the researchers were able to find the photos on seven of the 16 websites a month later, simply by visiting the web location associated with the image.

The problem arises because sites often fail to remove image files from their photo servers after they are deleted from the main website.

Photo-sharing sites such as Flickr and Google's Picasa, as well as Microsoft's Windows Live Spaces, removed content from its servers upon deletion. But photos posted on sites including Facebook lingered in caches, even after images were removed from a user's profile. Other offenders include MySpace and Bebo.

A summary of the study - entitled Attack of the Zombie Photos - can be found here.

Joseph Bonneau, one of the PhD students involved in the study, criticised a "lazy approach" to user privacy by some social networking websites, which could be in violation of data protection rules banning the retention of personally-identifiable data for longer than necessary.

However, a spokesman for Facebook said that the site does delete photos from its systems once users remove them from their profile, claiming that images were only available because they were cached elsewhere.

A Facebook spokesman told the BBC: "URLs to photographs may continue to exist on the Content Delivery Network (CDN) after users delete them from Facebook, until they are overwritten. Overwriting usually happens after a short period of time."

The issue, much like the easy availability of supposedly deleted posts to micro-blogging website Twitter, serves as a further wakeup call to Web 2.0 fans that information posted onto social networking sites often isn't removed by simply deleting it. ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Reddit users discover iOS malware threat
'Unflod Baby Panda' looks to snatch Apple IDs
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.