Security researcher 'concerned' to find Twitter is not deleting your deleted direct messages
When you delete a direct message on Twitter, it is gone forever, right? From a user's point of view, this is true -- a deleted message vanishes. But a security researcher has discovered that Twitter is actually hanging onto these messages.
Karan Saini found that he was able to see messages he deleted years ago when he downloaded an archive of his Twitter data from the site.
- Facebook is ready to fight back against anti-vaxxers
- Health experts call on Facebook to close anti-vaxxer groups
- Open letter signed by Mozilla demands Facebook take 'real action' against disinformation
Upon obtaining his data archive, Saini found that it included messages that had been deleted, as well as some from accounts which had been deactivated. He has expressed concerns at his discovery which appears to be in contradiction to claims made on Twitter's help pages.
Saini found years-old messages in a file from an archive of his data obtained through the website from accounts that were no longer on Twitter. He also reported a similar bug, found a year earlier but not disclosed until now, that allowed him to use a since-deprecated API to retrieve direct messages even after a message was deleted from both the sender and the recipient -- though, the bug wasn't able to retrieve messages from suspended accounts.
The fact that messages from deactivated accounts is odd. Twitter says that when an account is closed down, its data is also deleted.
While the issue may not be a serious security matter, it still represents something of a privacy concern and, as TechCrunch points out, "retaining direct messages for years may put the company in a legal grey area ground amid Europe's new data protection laws, which allows users to demand that a company deletes their data".
A spokesperson for Twitter says that the company is "looking into this further to ensure we have considered the entire scope of the issue".