The Cambridge University researchers uploaded photos on 16 popular website, noted the web addresses where the images were stored, and then deleted them. The team also revealed that they were still able to find the deleted photos on 7 sites after 30 days, using the direct URLs to the photos from the sites' content delivery networks.
"This demonstrates how social networking sites often take a lazy approach to user privacy, doing what's simpler rather than what is correct," the BBC quoted Joseph Bonneau, PhD student who carried out the study, as saying. "It's imperative to view privacy as a design constraint, not a legal add-on," he added.
The Facebook spokesman defended the company's approach, he said, "When a user deletes a photograph from Facebook it is removed from our servers immediately."
"However, URLs to photographs may continue to exist on the Content Delivery Network (CDN) after users delete them from Facebook, until they are overwritten. Overwriting usually happens after a short period of time," he added.
The researchers said that special photo-sharing sites, such as Flickr and Google's Picasa, did better and Microsoft's Windows Live Spaces removed the photos instantly.