Facebook: Do NOT delete Members’ system profiles!!!

ByLaurel Papworth

If you run a social network do NOT, do NOT, repeat do NOT be bullied into deleting the system profile by your naive members. Seriously. Social Networks have a minimum of THREE profiles for members. Public profile – what can be seen by visitors/friends/other members of the community Private profile – what can be seen…

If you run a social network do NOT, do NOT, repeat do NOT be bullied into deleting the system profile by your naive members. Seriously.

Social Networks have a minimum of THREE profiles for members.

  1. Public profile – what can be seen by visitors/friends/other members of the community
  2. Private profile – what can be seen only by the member (email address or real life home address etc). Credit card details.
  3. System profile – stuff the member isn’t aware of revealing. IP address, history of email addresses, verification replies, alternate accounts, sometimes a history of abusive behavior and reprimands.

Well run social networks keep system profile information on members permanently, not for nefarious purposes but for auditing predators, organised crime, and spammers. Deleting the system profile means that if someone created an account, used it to stalk or spam or prey on children over say a period of 72 hours, and then deleted the account, it would be very difficult to track them, or determine if they have opened one new account or ten (often ‘undesirables’ open multiple accounts to hide their activities). Online Communities should NOT delete system profiles, but should respect hiding Private/Public if requested.

Let me give you an example. In June last year, I created an account on MySpace called Official Admin. The problem is… I’m not an official admin. Leaving aside no social network should allow a normal member to create an account with Admin or Moderator in the name, it would be shockingly easy for me to use such an account to get personal information from people, intimidate or stalk teens, or prey on children.

As in “Hi I’m an official admin at MySpace. And top Band XYZ (look at the kid’s favorite band list) wants you to act in their new film clip – do you have a picture of yourself looking a little …. sexier“? *shudders* that’s how it starts. In fact, predators ask them their email address or IM address and take it ‘off network’ so it can’t be easily tracked.

The last thing you want is one guy, from one IP address, setting up 50 Admin, Moderator, and BandName accounts, to prey on kids. The System profile may not stop the activity but it can be used to track multiple accounts being opened and deleted, over a period of time, setting off triggers. That information may be requested months or even years down the track by the police and the courts (yes, I know your concerns). Of course, I know all about proxies, and faking IP addresses and even MAC addresses (oh my god, do I, you have no idea) but sooner or later these predatory terrorising bastards slip. And the system profile grabs that slip. And you’ve got them. And trust me, you punch the air and kiss the monitor when it happens.

Do.Not.Delete. Member.Accounts. Or you can explain to a parent why you deleted multiple instances of a paedophiles account when it was clear what he was doing with creating and deleting profiles. Not me.

Background:
New York Times
Telegraph UK
C/Net
Easy delete of MySpace profile.
Facebook cleaner script
Valleywag instructions

For the record: Facebook will delete completely if you fill in an online contact form at the bottom of the Facebook page confirming permanent delete. I just hope it’s not wiped completely… MySpace aside from allowing Admin and Moderator accounts (they say if reported they are deleted within 72 hours – too late) also allows predators err members to delete completely. Now what do you think?

Hey, where’s that guy who comments sayingvthe privacy of the many shouldn’t be risked for the tracking of a few bad guys? *looks around*

Someone – ok rorschaq – submitted this to Digg. Vote early, vote often.


Technorati Tags: , , , , , , , , , ,

14 Comments

  1. Fine, keep my information ARCHIVED, but archive it in such away that it LOOKS like I never existed. That means if someone searchs for me, I don’t come up in results, my picture isn’t on any fun wall or what ever.

    Oh, and don’t even THINK about sending me anything to my email address. Ever. Hear me?

    This is what is the problem with the way Facebook does their “account disabling”. You still show up in searches and what have you. I had to fake it by changing the registered email address and name, so no one could search for me any more. That is not user experience.

  2. These firms are probably subject to laws pertaining to archiving. I think it’s 7 years in AU. But beyond that, all records should be deleted.

    In any case, your argument is terrible and it seems that even you know this.

  3. You are kidding right? I absolutely passionately believe that no system profile information should be thrown away. If you don’t want it up there, forever, don’t put it up. Full stop.

    Bastards that cause grief and then delete profiles believing their immature attacks can’t be traced, are a nightmare.

    Stick with anonymity – your inability to articulate why “this argument is terrible” might protect you. Challenge for you is understanding that tracking software which shows IP addresses, entry and exit pages are available anyway on blogs. Time visited, time comment left etc.

    I use Stat Counter (bottom right of each blog page) You just don’t know what your network knows about you, do you? Good luck with staying anonymous 🙂

  13. I’ve never thought of it all that way as I sit on the side of the user (not the manager/owner). As a user, I’m always signing up for different services to see what they do, and I like it when I can delete my account when I want to leave. And it’s annoying and frustrating when I can’t delete easily. Interestingly, I’ve *perceived* it as a violation when I’ve not been able to delete without fuss (kind of like the *opting out* function in marketing materials).

    But I get what you’re saying – there has to be a difference between *deleting* an account and *archiving* it so that I (and my information) is no longer visible.

    I’d be curious to know if there are legal issues in different jurisdictions around holding information.

    Thanks for the post and for getting me to think about the other side of the fence for a moment.

  14. I agree on the basis of your point and your point only – that should cover the 1% but for the remaining 99% of us, frankly I cannot see the reasons why. Our information is ours alone and if we want it deleted we should have that choice? Now for that 1%, there is or must be an obligation on the operator to ensure instances like those mentioned by you should never take place – the use of filters, better management systems, lifting the age barrier or whatever. A scary example is google.com/history where every search you have made using your log in name is there in full view for all to see (if they have your google account details). In the wrong hands this information can be scary, notwithstanding the original intent of such a service. So for me I believe there is always a better mouse trap just need to fully understand the original intent and devise strategies and systems to cover the 1 percenters.

Comments are closed.