What happens to photos that we upload to social media?
Social media has become essential for most private users but also for companies. They use it as an advertising platform, for corporate branding, or to represent one's own company. Personal photos of the family, vacation, and even parties are shared.
But where are these photos stored? If I delete a photo from my profile, is it also deleted from the servers of the social media platform? What data do the social networks store in general?
We look at Facebook, Instagram, Snapchat, and Twitter to give you an overview of what happens to your photos and what data the four platforms store about you in this article.
Table of Contents
Mark Zuckerberg founded Facebook in 2004. Currently, it has almost 3 billion registered members. Since then, the social network has come under fire countless times for its data breaches: at one time, you could access 54 million unprotected data records on the web. Facebook loves data and makes millions with personalized advertising. That makes it even more important to check what data Facebook stores about us without users noticing.
First of all: As soon as you upload a picture to Facebook, you do not lose the rights to your photo, but you do grant the social network the right to use it. The terms of service state:
“Specifically, when you share, post, or upload content that is covered by intellectual property rights (like photos or videos) on or in connection with our Products, you grant us a non-exclusive, transferable, sub-licensable, and worldwide license to host, use, distribute, modify, run, copy, publicly perform or display, translate, and create derivative works of your content (consistent with your privacy and application settings).”
Thus, Facebook is allowed to use photos commercially as soon as you post them. Although the company pays attention to the respective privacy settings, Facebook still owns the information from that point on. Facebook remembers the metadata of the uploaded photos, such as the time and location of the picture or the device used.
Facebook also stores photos shared in a supposedly private chat and not publicly.
The photos, just like other data from us, are distributed on Facebook servers around the world. These pictures and data of individual persons are enriched to create a user-specific profile. According to Facebook, however, these profiles are not stored permanently but are only compiled as needed. Important to know: Because of the Patriot Act, U.S. authorities could demand the stored photos at any time. In such a case, the company must maintain silence, so that users would not even notice if someone viewed their data and photos.
In 2012, Facebook bought Instagram for almost 700 million dollars — the largest sum ever paid for a photo service. Since then, the photo network is part of Mark Zuckerberg’s company Meta. So, is caution called for here, too?
Just like its parent company, Instagram stores every photo, whether shared publicly or sent privately.
Note: Even photos that are only shared privately and delete themselves after being viewed once are analyzed and stored by Instagram.
Instagram stories that are only visible for 24 hours are also stored on Meta’s servers. The same applies to the metadata of the photos. Together with messages and comments, they add up to a data package.
Thus, there are not many differences to Facebook. Here, too, the data would be easy to view in the event of an attack, and US authorities would also have access to every private message sent at some point due to the Patriot Act. Instagram is also allowed to distribute and commercially use the photos according to the terms and conditions — and everyone who wants to use the network must agree to them.
Snapchat is also a photo service but works differently than Instagram. This is already noticeable in its target audience: Almost 70% of the social network's users are under 25. Nevertheless, the platform with almost 300 million daily active users should not be underestimated.
The data protection provisions are particularly interesting for parents. After all, Snapchat is a special case among social networks. Photos are not uploaded from the smartphone gallery but taken “fresh” in the app. After being sent, the recipient can only view them once and then they supposedly disappear again.
Due to this fast pace, many users lull themselves into a perceived sense of security, which tempts them to send photos that are not intended for a larger audience — if you know what I mean... However, it is not particularly complicated to bypass the protective mechanisms and take screenshots of these, supposedly only briefly visible pictures. Here lies great potential for abuse.
Since 2019, sent content is end-to-end encrypted. Important: After the recipient gets the photo and opens it, it doesn't just disappear but gets hidden. This works by changing the file name so that the smartphone gallery no longer recognizes it as a photo file — so it is still stored on the end device. With the necessary know-how, such files can be restored and are thus viewable even after the actual intended viewing time.
In the case of publicly posted images, Snapchat, just like Facebook or Instagram, has the right to sell and use them. Because of various accusations against the disregard for data protection, an independent expert was hired back in 2014 to audit the app for the next 20 years.
Make yourself and your children aware of the pitfalls of Snapchat. Even though Snapchat advertises that you can only see photos once, and then they “self-destruct”, that is not always the case.
Twitter stores relatively little data. The rights to uploaded images remain with the respective user. However, you grant Twitter a license that allows images and other content to be distributed, reproduced, and adapted.
What data is really necessary to log in to a social network?
There is not much you can do about the fact that social networks collect your data. However, you can ask yourself the question above. In general, you should always think carefully about where you register and whether it is really necessary. Also, not every social network requires you to give your real name — so if nicknames are allowed avoid giving your real name. In general, you can provide only the information that is necessary, because they are mandatory fields, but refuse all other information. You should definitely disable the synchronization of the address book.
Make your decisions responsibly and always consider whether you can live with your shared content in the long run.
You can also adjust your privacy settings on social media as much as possible, and GPS tracking can be disabled. In some networks, you can also influence the advertising settings.
If you keep these points in mind, data will be collected but kept to a minimum.
Did you like what you read?
Then join over 80.000 subscribers and sign up for our free newsletter. Get info on data privacy, cloud stories, security tips, and insights from our crypto experts.