Facebook Poke messages self-destruct after a few seconds, but is Facebook saving these potentially embarrassing photos and videos? No. It’s deleting them. Pokes are encrypted, and Facebook deletes the encryption keys two days after they’re read so they’re unreadable. Key backups are destroyed within 90 days, making a poke completely inaccessible. So send those silly, racy messages with confidence.
Normally, Facebook stores everything you share until you delete your account. This lets it mine your photos for location data, track what sites you share links to, and collect other information that can help it improve the site or better target its ads.
But ephemeral messages are different. They’re meant to be individual moments of time that aren’t saved. This makes them feel urgent and informal. That feeling can be ruined if you think those messages are being saved. There’s already a level of paranoia about Facebook and privacy.
Yesterday when Facebook launched its ephemeral messaging app Poke for iOS, I heard some people say they would stick with independent competitor Snapchat because they worried ”Mark Zuckerberg is going to see my Pokes.”
Snapchat, the app that inspired (or some say was cloned to create) Poke, set a precedent for ephemeral messaging privacy by stating in its terms that: “When you send or receive messages using the Snapchat services, we temporarily process and store your images and videos in order to provide our services… we attempt to delete image data as soon as possible after the message is transmitted.”
That gives users the peace of mind that they can Snapchat anything they want as long as they don’t offend the recipient.
As soon as Poke launched, I was curious about how Facebook would handle this especially private data and asked for its policy. Poke’s “Privacy and Legal” button sends people to Facebook’s standard terms of service, so it’s understandable that people would think it was saving their Pokes. Facebook isn’t, though, and this morning the company gave me the full explanation of how Poke data is protected:
All Poke messages are stored in encrypted form and retained for two days after the last recipient views the poke — a process that helps facilitate abuse reporting. After that period, a Poke’s encryption key is deleted. However, it may still be possible to recover that key from logs or backups. After a fixed time period, this key becomes inaccessible, rendering the content completely unreadable (unless it was copied for abuse reporting.) Today, that fixed period can be up to 90 days, but we are working to significantly reduce that period over the next several weeks as we verify the stability of the Poke deletion system.
So essentially, Facebook only stores your Pokes for two days so if anyone reports you for offending them, like by sending unwanted images of what’s in your pants, it can see if the accusations are true. Then it effectively deletes the Pokes, and by 90 days after there’s absolutely no way to recover the contents of a message. Facebook is trying to cut down that window, which could help it appear just as secure as Snapchat.
Ephemeral messaging is a very new space and the norms are still being sussed out. Facebook could have saved Pokes forever, or it could delete them immediately. Instead, by saving them briefly for abuse-reporting reasons, Facebook may have found the right balance between privacy and security.