Facebook finally appears to have solved an issue with getting content delivery networks to eliminate cached versions of photos deleted from the social network, which Ars Technica first began reporting in 2009.
Ars Technica’s Jacqui Cheng said she approached Facebook in July 2009, saying that while deleted photos were no longer appearing in users’ profiles, anyone who knew the exact address of the photos could still view them.
As a point of clarification, these URLs are always complex combinations of numbers and letters — not at all the kind of thing you’d remember, but rather might have copied and pasted somewhere; whenever we link to an image on Facebook, the address we copy and paste to do so is longer than any that result from simply uploading photos ourselves.
A Facebook spokesperson responded at the time that the social network was “working with our content delivery network partner to significantly reduce the amount of time that backup copies persist.”
Cheng followed up on the story in October 2010, after finding that deleted photos were still accessible via their URLs, and she reported that her photos that she posted about were removed, but readers were still complaining of issues, and photos she had deleted but not mentioned in her post were still accessible.
Facebook Spokesman Frederic Wolens told Cheng in an email this past February:
The systems we used for photo storage a few years ago did not always delete images from content delivery networks in a reasonable period of time, even though they were immediately removed from the site.
We have been working hard to move our photo storage to newer systems that do ensure that photos are fully deleted within 45 days of the removal request being received.
This process is nearly complete, and there is only a very small percentage of user photos still on the old system awaiting migration. The URL you provided was stored on this legacy system. We expect this process to be completed within the next month or two, at which point we will verify that the migration is complete and we will disable all of the old content.
This week, Wolens told Cheng in an email:
As a result of work on our policies and infrastructure, we have instituted a “max-age” of 30 days for our CDN links. However, in some cases, the content will expire on the CDN much more quickly, based on a number of factors.
As you know, the photos stop being shown to other users on Facebook immediately when the photo is first deleted by the user. The 30-day window only applies to the cached images on the CDN.
Indeed, Cheng reported that examples sent to her by Ars Technica readers had been permanently deleted, as were two photos that she tested the process with.
Cheng also examined the process of photo deletion on Instagram, which Facebook agreed to acquire for $1 billion, and while encountering a few bumps at first, she reported that the process is now instantaneous. She wrote:
I tested by deleting two photos over a period of four months. The first one was “deleted” in April, but didn’t disappear from Instagram’s servers until last week, while the second disappeared instantaneously. There was no two-day delay, or even a two-hour delay, or a two-minute delay. The moment I deleted the image, it was inaccessible from Instagram’s servers. Curious about the discrepancy, I asked the company about its policies.
“We mark photos as deleted on [Amazon S3] after a user deletion, though they may be cached in our CDN for up to 24 hours after. There was a short time period where photos weren’t getting marked as deleted in S3, but that has been fixed,” Instagram spokesperson Kevin Systrom said in response to the four-month delay in deleting my first photo. “It’s easy for us to redelete if there are images where this is the case, but they should be few and far between the billions of photos that we have up there.”
Readers: Are you surprised that it took Facebook this long to remedy its photo-deletion issues, or do you believe the problem wasn’t a priority due to the complexity of the URLs involved?
Image courtesy of Shutterstock.