Here's The Personal Data That Facebook Keeps Even After You Delete It

During his appearances before Congress earlier this week, Facebook CEO Mark Zuckerberg repeatedly insisted that Facebook doesn't share user data with outside companies (though until recently it would allow advertisers to pay to use data from "third party" providers while targeting ads on Facebook's platform) and that the company allows users to delete their data any time.

But as Kevin Roose, a personal tech columnist for the New York Times, pointed out in a recent column, this is an overstatement, at best - and an outright distortion, at worst.


Roose describes himself as an irregular Facebook user, someone who rarely logs in and rarely posts, but occasionally uses his account to keep up with friends and family. Yet, when he downloaded the entire cache of data that Facebook had collected on him over the years, he was alarmed to discover that the company had kept data that he believed he had deleted long ago.

Of course, Roose isn't the first person to point out the dizzying amount of data that Facebook and Google collect on their users (both companies have made the caches available to download in the wake of the Cambridge Analytica scandal).

But Roose's examination of his data shows how Facebook refuses to delete data from its servers as a general rule - even when a user deactivates their account or deletes - for fear that it might become useful for targeting ads at some point in the future.

How Facebook collects and treats personal information was central this week when Mark Zuckerberg, the company’s chief executive, answered questions in Congress about data privacy and his responsibilities to users. During his testimony, Mr. Zuckerberg repeatedly said Facebook has a tool for downloading your data that “allows people to see and take out all the information they’ve put into Facebook.”

But that’s an overstatement. Most basic information, like my birthday, could not be deleted. More important, the pieces of data that I found objectionable, like the record of people I had unfriended, could not be removed from Facebook, either.

"They don’t delete anything, and that’s a general policy," said Gabriel Weinberg, the founder of DuckDuckGo, which offers internet privacy tools. He added that data was kept around to eventually help brands serve targeted ads.

Beth Gautier, a Facebook spokeswoman, put it this way: “When you delete something, we remove it so it’s not visible or accessible on Facebook.” She added: “You can also delete your account whenever you want. It may take up to 90 days to delete all backups of data on our servers.”

Digging through your Facebook files is an exercise I highly recommend if you care about how your personal information is stored and used. Here’s what I learned.

As Roose swiftly discovered, Facebook had the 764 names and contact information of everybody in his phone's address book, because he had uploaded it when he set up Facebook Messenger.

When you download a copy of your Facebook data, you will see a folder containing multiple subfolders and files. The most important one is the “index” file, which is essentially a raw data set of your Facebook account, where you can click through your profile, friends list, timeline and messages, among other features.

One surprising part of my index file was a section called Contact Info. This contained the 764 names and phone numbers of everyone in my iPhone’s address book. Upon closer inspection, it turned out that Facebook had stored my entire phone book because I had uploaded it when setting up Facebook’s messaging app, Messenger.

This was unsettling. I had hoped Messenger would use my contacts list to find others who were also using the app so that I could connect with them easily — and hold on to the relevant contact information only for the people who were on Messenger. Yet Facebook kept the entire list, including the phone numbers for my car mechanic, my apartment door buzzer and a pizzeria.

Roose also identified several instances where Facebook kept information ostensibly to help improve its user experience - like keeping his entire address book or keeping a history of every device and browser from which he has ever logged in - but had kept the data long after he had deleted it.

Facebook also kept a history of each time I opened Facebook over the last two years, including which device and web browser I used. On some days, it even logged my locations, like when I was at a hospital two years ago or when I visited Tokyo last year.

Facebook keeps a log of this data as a security measure to flag suspicious logins from unknown devices or locations, similar to how banks send a fraud alert when your credit card number is used in a suspicious location. This practice seemed reasonable, so I didn’t try to purge this information.

But what bothered me was the data that I had explicitly deleted but that lingered in plain sight. On my friends list, Facebook had a record of “Removed Friends,” a dossier of the 112 people I had removed along with the date I clicked the “Unfriend” button. Why should Facebook remember the people I’ve cut off from my life?

But perhaps the biggest disappointment for Roose was the list of advertisers with which Facebook had shared his contact information. The list contained dozens of advertisers Roose had never heard of - a result, the company said, of advertisers compiling data from third party sources and sharing it with Facebook.

What Facebook retained about me isn’t remotely as creepy as the sheer number of advertisers that have my information in their databases. I found this out when I clicked on the Ads section in my Facebook file, which loaded a history of the dozen ads I had clicked on while browsing the social network.

Lower down, there was a section titled “Advertisers with your contact info,” followed by a list of roughly 500 brands, the overwhelming majority of which I had never interacted with. Some brands sounded obscure and sketchy - one was called "Microphone Check," which turned out to be a radio show. Other brands were more familiar, like Victoria’s Secret Pink, Good Eggs or AARP.

Facebook said unfamiliar advertisers might appear on the list because they might have obtained my contact information from elsewhere, compiled it into a list of people they wanted to target and uploaded that list into Facebook. Brands can upload their customer lists into a tool called Custom Audiences, which helps them find those same people’s Facebook profiles to serve them ads.

The upshot of all this, Roose says, is that even if you're not an active Facebook user - even if you've never clicked on a single ad - advertisers could still possess reams of data about you. Because once one brand has your data, there's not much stopping them from sharing it as widely as possible.

Or, as Roose puts it, the advertising industry has eyes everywhere.


DillyDilly Thu, 04/12/2018 - 17:47 Permalink

What's FACEBOOK? (I never bought a GameBoy or Nintendo either)... I just don't know what they are except for hearing about them...


Call me an idiot

FireBrander DillyDilly Thu, 04/12/2018 - 17:51 Permalink

"Shocked!" That FB uploaded his phone number list...somebody didn't read the user agreement...wait until he finds out it copied all of his pictures too...and turned the video camera on to see what he was up the user agreement...installing the app gives FB full control of your phone...

In reply to by DillyDilly

Chupacabra-322 FireBrander Thu, 04/12/2018 - 18:02 Permalink

They don’t delete anything, and that’s a general policy," said Gabriel Weinberg, the founder of DuckDuckGo, which offers internet privacy tools. He added that data was kept around to eventually help brands serve targeted ads.


Neither does the NSA or the Pure Evil War Criminal Treasonous Seditious Psychopaths at the CIA’s #Vault7 #UMBRAGE.


With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the “fingerprints” of the groups that the attack techniques were stolen from. UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques.

If this new information about “Umbrage” is accurate, this means that, as stated above, the CIA could hack people and institutions and then attribute the cyber-attacks to others in what amount to false-flag operations. For example, in order to create the impression that a foreign power favored one political candidate over another, the CIA or unseen rogue elements with access to “Umbrage,” could have hacked into Hillary Clinton’s campaign and the Democratic National Committee and made it appear that the intrusion was carried out by former KGB lieutenant colonel Vladimir Putin’s operatives.…

In reply to by FireBrander

thebriang FireBrander Thu, 04/12/2018 - 19:14 Permalink

I would tend to agree but the facefuck app is installed by default on many phones, so if you just hit "Update All", as most new phone users do at least once, they've already got you. You don't need to sign into the app or even open it for it to be tracking you. And you also often cannot Uninstall it, without rooting your phone.
I'm all for users taking responsibility for their actions but there's only so much someone can be expected to do.

In reply to by FireBrander

EuroPox Thu, 04/12/2018 - 17:49 Permalink

Facebook was founded on the same day DARPA's LifeLog was cancelled.  Coincidence?


Of course it is not a coincidence!  The DARPA program was cancelled in 2004 after criticism from civil libertarians concerning the privacy implications of the system; so they just renamed it, called it 'social media' and did it anyway!

"Run by Darpa, the Defense Department's research arm, LifeLog aimed to gather in a single place just about everything an individual says, sees or does: the phone calls made, the TV shows watched, the magazines read, the plane tickets bought, the e-mail sent and received. Out of this seemingly endless ocean of information, computer scientists would plot distinctive routes in the data, mapping relationships, memories, events and experiences."

ExPat2018 Thu, 04/12/2018 - 17:51 Permalink

You cannot ''delete'' Facebook.  You can only DE ACTIVATE it.

Don't believe me?  Go ahead and de activate it and come back 6 months later and do a search for you name.   It will come up with your photo but no page or  details.

Once you send them ANYTHING. or post ANYTHING its there forever.

DoctorFix ExPat2018 Thu, 04/12/2018 - 21:08 Permalink

That's not entirely true.  I've already deactivated and deleted my account twice before.  Deactivating it only puts it to sleep.  Deleting it was a much more convoluted process and required you to STAY AWAY and not interact with FB in any way for at least two weeks from what I recall.  Purportedly all the mirrored server farms would then have time to roll you out of the loop and then you would ostensibly be gone for good.  Only at the begging of friends and ex girlfriends did I ever get caught up in that bullshit.  And now I'm going to do it again for my personal account seeing as the only good I can even imagine would be on a business level to advertise and treat it as an electronic billboard.  My personal life needs to stay personal and private.  I really don't see the need to vomit out every little detail and have my time sucked up by that black hole.

In reply to by ExPat2018

Consuelo Thu, 04/12/2018 - 17:51 Permalink

"But as Kevin Roose, a personal tech columnist for the New York Times, pointed out in a recent column, this is an overstatement, at best - and an outright distortion, at worst."

I wonder what thin little piece of nano-scopic thread separates these charitable remarks from what is in fact, an outright LIE...

navy62802 Thu, 04/12/2018 - 17:52 Permalink

Make sure you scramble all of your personal information before you delete your account. This includes email address, phone number, your name, birthday ... any piece of editable personal information should be changed to a random series of letters and/or numbers. Then once everything is scrambled, you delete. That way, when they decide to fuck your privacy and keep your information on their server, the information is useless and cannot be catalogued.

dark fiber Thu, 04/12/2018 - 17:54 Permalink

Unless you have physical access to the disk how do you know they deleted anything?  Get real idiots they delete nothing.  They keep everything and then some.  Like what you really want deleted.  That tells them what you have to hide. 

besnook Thu, 04/12/2018 - 17:54 Permalink

it's still really hard for me to believe that millions of people are stupid enought o just now realize facespook was collecting all their personal info and selling it.

Jballsquared Thu, 04/12/2018 - 17:57 Permalink

When do we have the congressional hearings on the nsa version of Facebook data collection?

that seems more concerning than Zuck selling ads to scoundrels to be honest. 

steveo77 Thu, 04/12/2018 - 18:01 Permalink

We need to use the machine to beat the machine.…

Soldiers of Ra "We are not machines" What a great song if you can find it, wish I could find the lyrics.
Yahoo and Bing are suspect, way too establishment!

If anyone has internet websites or tools like TOR that allow us to step back the overly concentrated and potentially evil power of the "Establishment Techrocracy" please drop in comments.


DoctorFix JustPrintMoreDuh Thu, 04/12/2018 - 21:13 Permalink

Exactly.  When the NSA put themselves at the "trunk lines" and piped everything through their filters you can then bet its all being scanned.  So if it passes through the USA its certainly getting caught up in that.

My feeling is that Chrome the browser is in fact a direct spying tool that is used to help them categorize and observe all your behavior.  Gmail is just the email portion of that tentacled beast.  So couple the browsing with the search engine and email, google drive and all that other shit out there.... yep, they have a pretty good idea on how to manipulate if not outright blackmail people.  The crazy thing is people, even myself, actually thought that it was rather more mundane or innocent, worst case just boorish, when in fact its anything but that.  Its the digital equivalent of their selling you the rope to hang yourself with.

In reply to by JustPrintMoreDuh

Davidduke2000 Thu, 04/12/2018 - 18:20 Permalink

Few years ago, possibly 7 years, I opened a fake account on facebook, had in it some photos and data all fake they had nothing to do with me, then I discovered facebook was scanning my 2 data drive each 3TB that had nothing to do my C drive, I completely deleted the account with the data.

This year I opened a new account with the same name but with a different password on my porn laptop, it has no data, it is only to watch porn, and sure enough the old account with everything in it appeared, but since I had a new account with different password, I bypassed the old account.

conclusion: after 7 years, they had all the old data and photos ready. for this reason use a different computer possibly a tablet to go on facebook and use only fake data.

by the way, I watched few stormy daniels videos on this laptop using the alias david duke 3000.