Facebook's new Poke app, which allows users to send each other messages and photos that automatically delete after a few seconds, doesn't actually delete those messages irretrievably for another 90 days, Business Insider has learned.
Retrieving old Poke photos is difficult enough, however, that most users can rest assured that they're "deleted" in the traditional sense.
Nonetheless, if you were thinking of using Poke for safe sexting — like its competitor, Snapchat — you might want to know exactly what Facebook currently does with your selfies.
Advertisers are already using Poke as a hook for their campaigns, teasing customers with the notion that a message or a pic might last only a few seconds. That got us thinking, what happens to those pictures after they disappear?
With the Poke app, you can poke or send a message, photo, or video to Facebook friends to share what you're up to in a lightweight way. You can poke an individual friend or several at once. Each message expires after a specific time you've set, either 1, 3, 5 or 10 seconds. When time runs out, the message disappears from the app.
Naturally, most people believe Poke will be used for sexting, because any risque photos you send won't come back to haunt you.
We asked Facebook if the messages were actually deleted. "Disappears" is not the same thing as "deleted." The request was prompted by our memory that Facebook messages, posts and photos aren't actually deleted when you "delete" them. Rather, they're archived, and can be resurrected if you know how. Does the same thing happen to Pokes?
"They are deleted," a source with knowledge of the product tells us.
But the deletion isn't completely permanent for another 90 days. The messages can be recovered from logs or backups until an encryption key is deleted, at which point the information become completely irretrievable.
The photos are NOT accessible by ordinary users. The logs and backups are kept only as a prohibition against abuse. The source, who is familiar with Poke, tells us:
All Poke messages are stored in encrypted form and retained for two days after the last recipient receives the poke — a process that helps facilitate abuse reporting. After that period, a Poke's encryption key is deleted. However, it may still be possible for Facebook to recover that key from logs or backups.
After a fixed time period, this key becomes inaccessible, rendering the content completely unreadable, unless it was copied for abuse reporting. Today, that fixed period can be up to 90 days, but we are working to significantly reduce that period over the next several weeks as we verify the stability of the Poke deletion system.
So ... mostly safe for sexting, then.
Disclosure: The author owns Facebook stock.
More From Business Insider