Facebook secretly retracted messages sent by CEO Mark Zuckerberg, TechCrunch reported seven months ago. Now for the first time, Facebook Messenger users will get the power to unsend too so they can remove their sent messages from the recipient’s inbox. Messages can only be unsent for the first ten minutes after they’re delivered so that you can correct a mistake or remove something you accidentally pushed, but you won’t be able to edit ancient history. Using the “Remove For Everyone” button also leaves a “tombstone” indicating a message was retracted. And to prevent bullies from using the feature to cover their tracks, Facebook will retain unsent messages for a short period of time so if they’re reported, it can review them for policy violations.
The Remove feature rolls out in Poland, Bolivia, Colombia, and Lithuania today on Messenger for iOS and Android. A Facebook spokesperson tells me the plan is to roll it out globally as soon as possible, though that may be influenced by the holiday App Store update cut off. In the meantime, it’s also working on more unsend features, potentially including the ability to preemptively set an expiration date for specific messages or entire threads.
“The pros are that user want to be in control . . . and if you make a mistake you can correct it. There are a lot of legitimate use cases out there that we wanted to enable” Facebook’s head of Messenger Stan Chudnovsky tells me in an exclusive interview. But conversely, he says ”we need to make sure we don’t open up any new venues for bullying. We need to make sure people aren’t sending you bad messages and then removing them because if you report them and the messages aren’t there we can’t do anything.”
Zuckerberg did it. Soon you can too
Facebook first informed TechCrunch it would build an unsend feature back in April after I reported that six sources told me some of Mark Zuckerberg’s Facebook messages had been silently removed from the inboxes of recipients, including non-employees with no tombstone left in their place. We saw that as a violation of user trust and an abuse of the company’s power, given the public had no way to unsend their own messages.
Facebook claimed this was to protect the privacy of its executives and the company’s trade secrets, telling me that “After Sony Pictures’ emails were hacked in 2014 we made a number changes to protect our executives’ communications. These included limiting the retention period for Mark’s messages in Messenger.” But it seems likely that Facebook also wanted to avoid another embarrassing situation like when Zuckerberg’s old instant messages from 2004 leaked. One damning exchange saw Zuckerberg tell a friend “if you ever need info about anyone at harvard . . . just ask . . . i have over 4000 emails, pictures, addresses, sns.” “what!? how’d you manage that one?” the friend replied. “People just submitted it . . i don’t know why . . . they ‘trust me’ . . . dumb fucks” Zuckerberg replied.
The company told me it was actually already working on an Unsend button for everyone, and wouldn’t delete any more executives’ messages until it launched. Chudnovsky tells me he felt like “I wish we launched this sooner” when the news broke. But then six months went by without progress or comment from Facebook before TechCrunch broke the news that tipster Jane Manchun Wong had spotted Facebook prototyping the Remove feature. Then a week ago, Facebook Messenger’s App Store release notes accidentally mentioned that a ten-minute Unsend button was coming soon.
So why the seven month wait? Especially given Instagram already allows users to unsend messages no matter how old? “The reason why it took so long is because on the server side, it’s actually much harder. All the message are stored on the server, and that goes into the core transportation layer of our how our messaging system was built” Chudnovsky explains. “It was hard to do given how we were architected, but we were always worried about the integrity concerns it would open up.” Now the company is confident it’s surmounted the engineering challenge to ensure an Unsent message reliably disappears from the recipient.
“The question becomes ‘who owns that message?’ Before that message is delivered to your Messenger app, it belongs to me. But when it actually arrives, it probably belongs to both of us” Chudnovsky pontificates.
How Facebook Messenger’s “Remove For Everyone” Button Works
Facebook settled on the ability to let you remove any kind of message — including text, group chats, photos, videos, links, and more — within ten minutes of sending. You can still delete any message on just your side of the conversation, but only messages you sent can be removed from their recipients. You can’t delete from someone else what they sent you, the feature’s product manager Kat Chui tells me. And Facebook will keep a private copy of the message for a short while after it’s deleted to make sure it can review if it’s reported for harassment.
To use the unsend feature, tap and hold on a message you sent, then select ‘Remove’. You’ll get options to “Remove for Everyone” which will retract the message, or “Remove for you” which replaces the old delete option and leaves the message in the recipient’s inbox. You’ll get a warning that explains “You’ll permanently remove this message for all chat members. They can see that you removed a message and still report it.” If you confirm the removal, a line of text noting “you [or the sender’s name] removed a message” (known as a tombstone) will appear in the thread where the message was. If you want to report a removed message for abuse or another issue, you’ll tap the person’s name, scroll to “Something’s Wrong” and select the proper category such as harassment or that they were pretending to be someone else.
Why the ten minute limit specifically? “We looked at how the existing delete functionality works. It turns out that when people are deleting messages because it’s a mistake or they sent something they didn’t want to send, it’s under a minute. We decided to extend it to ten, but decided we didn’t need to do more” Chudnovsky reveals.
He says he’s not sure if Facebook’s security team will now resume removing executive messages. However, he stresses that the Unsend button Facebook is launching “is definitely not the same feature” as what was used on Zuckerberg’s messages.
Messenger is also building more unsend functionality. Taking a cue from encrypted messaging app Signal’s customizable per thread expiration date feature, Chudnovsky tells me “hypothetically, if I want all the messages to be deleted after 6 months, they get purged. This is something that can be set up on a per thread level” though Facebook is still tinkering with the details. Another option would be for Facebook to extend the per message expiration date option from its encrypted Secret messages feature to all chats.
“It’s one of those things that feels very simple on the surface. And it would be very easy if the servers were built one way or another from the very beginning” Chudnovsky concludes. “But it’s one of those things philosophically and technologically that once you get to the scale of 1.3 billion people using it, changing from one model to another is way more complicated.” Hopefully in the future, Facebook won’t give its executives extrajudicial ways to manipulate communications…or at least not until it’s sorted out the consequences of giving the public the same power.