Tactical Information Systems
Biometric Identification Software
SERVER.png

Identity & Technology

Tactical Information Systems Blog

You Can't Delete Things From The Internet

Things you put on the Internet are going to be there forever. You might get lucky and they might get deleted or ignored. But they will probably be there forever.

delete_file_confirmation.jpg

Two recent events come to light. The first is the Ashley Madison hack - hackers stole detailed information on 37 million people who were trying to have an affair via the site. This includes credit card information which can link your identity to your online identity but also embarrassing details like your sexual fantasies. Ashley Madison had a paid service where you could fork over $19.95 and they would "delete" your information from the site permanently. The hackers are mad because they claimed Ashley Madison was not really deleting the information.

Shhhh. Someone is stealing your data.

Shhhh. Someone is stealing your data.

Ashley Madison's problem is that their highly sensitive data is tied to a real identity through a credit card. Servers and storage are cheap, so companies tend to hang onto everything forever because they might need that data in the future. Without the tie to credit card data, the hackers would just have a bunch of usernames and fantasies. Still potentially tied to real people through hints, but a whole lot harder.

The second is a new email service called DMail - so-called "self-destructing" email. With DMail, you can send an email that can delete itself within a certain time frame, or on demand later. For some reason DMail has gotten enormous press lately, even though similar services have been deployed before. I even saw it on Fox News this morning, where they mistakenly thought it was part of GMail. (understandable given the name).

These two events are connected.

It is clear that people are starting to realize that sensitive information they put on the Internet will be there forever, and they want to have control. Companies are starting to realize this and capitalizing on people's desire for deletion. However, these efforts are totally misguided and false security at best. In Ashley Madison's case, even if they have the best intentions and do delete from their databases, how thorough are they? Are they deleting it from all the backups? Do they actually remove every credit card transaction even when they are required by law? Did other members take screen shots of that data?

DMail works by not actually sending you a literal email. It sends you a link to an email that you read on their servers. That's how they can "delete" it. But anybody can easily copy and paste it from their site, or even take a picture with their camera. And if you are sending the kinds of emails that you want to self-destruct, they have a strong incentive to do that.

The problem is that once that information leaves your computer and hits the Internet, there are potentially thousands of hands, both human and electronic, that can grab a copy of it. Trying to control that is a fool's errand. Unless you are super careful, your online identity can be tied back to you, and you need to be always vigilant about that.

A quote from one of my favorite authors seems like the only defense here:

Live never to be ashamed if anything you do or say is published around the world — even if what is published is not true.
— Richard Bach