Let’s talk about that elephant in the room: Facebook’s recent disclosure that attackers got their hands on access tokens for an unknown number of Facebook accounts is a big deal, since it’s the kind of hack that you, a happy Facebook user, could not prevent.
Have a great, strong password? That’s nice. Wouldn’t have helped. Set up two-factor authentication using an app instead of just receiving a login code via a text message? Awesome. Keep doing that. Your account still could have been compromised.
Do you have Facebook alert you if someone else is trying to log into your account? Do you religiously check your “Where You’re Logged In” listing to make sure someone isn’t accessing your account that shouldn’t? All great security practices; all completely unhelpful with Facebook’s latest “access token” issue, at least based on what we learned from Facebook’s vice president of product management, Guy Rosen, in a September 28 press call:
“It depends on how that access token was being used. If they went through what is a technical step of creating a — what we call a full web session — from that access token, it would indeed have shown up [in “Where You’re Logged In”]. There are some other cases where it may not have shown up if it was used, similar to how a developer might access a certain account only in order to perform certain very limited parts of the functionality.”
Do you have a headache? I have a headache. Maybe it’s time to make a change—a big change.
Deleting your Facebook account is easy—too easy. But I’m unconvinced that the process actually does everything you want it to do. Yes, your account goes away and people can’t tag you in things anymore. Yes, Facebook should delete all the data you’ve associated with your account. But does it really do that? Really? I’m cautiously optimistic.
According to Facebook, deleting your account means:
“You won’t be able to reactivate your account.
Your profile, photos, posts, videos, and everything else you’ve added will be permanently deleted. You won’t be able to retrieve anything you’ve added.
You’ll no longer be able to use Facebook Messenger.
You won’t be able to use Facebook Login for other apps you may have signed up for with your Facebook account, like Spotify or Pinterest. You may need to contact the apps and websites to recover those accounts.
Some information, like messages you sent to friends, may still be visible to them after you delete your account. Copies of messages you have sent are stored in your friends’ inboxes.”
To get started, all you have to do is click this link, find the “Delete Your Account and Information” option, and let ‘er rip. Don’t log into your account while Facebook is removing all your data from its servers, which could take up to 90 days for Facebook to finish. After that, your account is gone for good—and all your data, too, one hopes.
Like I said, it’s easy to nuke your account from orbit, but you have no way to be sure that Facebook isn’t saving some of the data you’ve given it. Or, worse, that your friends aren’t helping the service create some kind of shadow profile about you—some hidden chunk of related information that Facebook could easily associate with your personal information should you ever decide to rejoin the service again.
This sounds a little tin-foil-hat, I realize, and there’s no way of knowing that Facebook isn’t archiving every single data point you ever send to the service—making any attempts to obfuscate or delete it somewhat pointless. But I think it’s OK to be more skeptical than accommodating in today’s digital world. If I was deleting my Facebook today, this is how I’d do it:
Phew. Did I leave anything out? Are we feeling better yet?