Facebook has been using a secret tool to delete messages sent by its executives from the inboxes of their recipients, without disclosing the deletions to the recipients or even recording there was ever a message in the first place, according the The Guardian.
Effectively, this means if you send Mark Zuckerberg a Facebook message, he has a copy for ever. But if he sends you one, he can reach into your inbox and pluck it out of existence.
The tool was discovered by TechCrunch, which noticed a discrepancy between emailed receipts of Facebook messages being received (which Facebook cannot retract) and the actual contents of Facebook inboxes. Tellingly, the replies to the messages sent by Zuckerberg remained in the chat logs, preserving a one-sided history of a two-sided conversation.
Facebook says the change was made following the 2014 Sony Pictures hack, when a mass data breach at the movie studio resulted in embarrassing email histories being leaked for a number of executives, ultimately costing co-chair Amy Pascal her job.
“After Sony Pictures’ emails were hacked in 2014 we made a number of changes to protect our executives’ communications,” Facebook told TechCrunch. “These included limiting the retention period for Mark’s messages in Messenger. We did so in full compliance with our legal obligations to preserve messages.”
But the lack of disclosure has angered some Facebook users, as has the absence of any similar tool for regular users. Since 2016, Facebook users have been able to send disappearing messages using an encryption feature in Messenger, but they cannot turn the tool on retroactively, and cannot erase any sent messages older than 2016.
By contrast, messages from Zuckerberg older than four years old seem to comprise the bulk of those deleted, according to TechCrunch.
News of the inbox-tampering broke as Facebook’s chief operating officer, Sheryl Sandberg, was making an apology tour of her own, following a similar parade for Zuckerberg earlier in the week.
“We made mistakes and I own them and they are on me,” Sandberg told the Financial Times. “There are operational things that we need to change in this company and we are changing them. We have to learn from our mistakes and we need to take action.”
Her comments echoed Zuckerberg’s earlier statement that the Cambridge Analytica data breach was “my responsibility … I started this place. I run it. And I am responsible for what happens here.”
Sandberg also shone some more light on a second apparent data crisis at Facebook: the news that “most” of the company’s billions of accounts have had their data “scraped” by unknown third parties abusing a user search tool.
“We had a feature we could look up people by name or email, and that was important for finding people”, Sandberg said to Bloomberg. “And someone made a directory they shouldn’t have made with that information. But to be very clear and specific all of that was public information. That was information that was already publicly available on Facebook.”