Most social platforms offer mechanisms allowing users to delete their posts, and a significant fraction of users exercise this right to be forgotten. However, ironically, users’ attempt to reduce attention to sensitive posts via deletion, in practice, attracts unwanted attention from stalkers specifically to those (deleted) posts. Thus, deletions may leave users more vulnerable to attacks on their privacy in general. Users hoping to make their posts forgotten face a “damned if I do, damned if I don’t” dilemma. Many are shifting towards ephemeral social platform like Snapchat, which will deprive us of important user-data archival. In the form of intermittent withdrawals, we present, Lethe, a novel solution to this problem of (really) forgetting the forgotten. If the next-generation social platforms are willing to give up the uninterrupted availability of non-deleted posts by a very small fraction, Lethe provides privacy to the deleted posts over long durations. In presence of Lethe, an adversarial observer becomes unsure if some posts are permanently deleted or just temporarily withdrawn by Lethe; at the same time, the adversarial observer is overwhelmed by a large number of falsely flagged undeleted posts. To demonstrate the feasibility and performance of Lethe, we analyze large-scale real data about users’ deletion over Twitter and thoroughly investigate how to choose time duration distributions for alternating between temporary withdrawals and resurrections of non-deleted posts. We find a favorable trade-off between privacy, availability and adversarial overhead in different settings for users exercising their right to delete. We show that, even against an ultimate adversary with an uninterrupted access to the entire platform, Lethe offers deletion privacy for up to 3 months from the time of deletion, while maintaining content availability as high as 95% and keeping the adversarial precision to 20%.
 Almuhimedi, H., Wilson, S., Liu, B., Sadeh, N., and Acquisti, A. Tweets are forever: A large-scale quantitative analysis of deleted tweets. In CSCW’13.
 Ayalon, O., and Toch, E. Retrospective privacy: Managing longitudinal privacy in online social networks. In SOUPS’13.
 Bauer, L., Cranor, L. F., Komanduri, S., Mazurek, M. L., Reiter, M. K., Sleeper, M., and Ur, B. The post anachronism: The temporal dimension of facebook privacy. In ACM WPES ‘13.
 Boyd, D., Golder, S., and Lotan, G. Tweet, tweet, retweet: Conversational aspects of retweeting on twitter. In System Sciences (HICSS), 2010 43rd Hawaii International Conference on (2010), IEEE, pp. 1–10.
 Casella, G., and Berger, R. L. Statistical Inference, 2nd ed. Duxbury Press, 2002.
 Castelluccia, C., De Cristofaro, E., Francillon, A., and Kaafar, M.-A. Ephpub: Toward robust ephemeral publishing. In ICNP’11.
 Conover, M., Ratkiewicz, J., Francisco, M. R., and Gonçalves, B. Political polarization on twitter.
 Dwork, C. Differential privacy. In ICALP’06.
 Geambasu, R., Kohno, T., Krishnamurthy, A., Levy, A., Levy, H. M., Gardner, P., and Moscaritolo, V. New directions for self-destructing data. Tech. Rep. UWCSE-11-08-01, University of Washington, 2011.
 Geambasu, R., Kohno, T., Levy, A. A., and Levy, H. M. Vanish: Increasing data privacy with self-destructing data. In USENIX Security Symposium ‘09.
 Geambasu, R., Levy, A. A., Kohno, T., Krishna-murthy, A., and Levy, H. M. Comet: An active distributed key-value store. In OSDI’10.
 Gomez-Rodriguez, M., Gummadi, K. P., and Schölkopf, B. Quantifying Information Overload in Social Media and Its Impact on Social Contagions. In ICWSM’14.
 Hine, G. E., Onaolapo, J., De Cristofaro, E., Kourtellis, N., Leontiadis, I., Samaras, R., Stringhini, G., and Blackburn, J. Kek, cucks, and god emperor trump: A measurement study of 4chan’s politically incorrect forum and its effects on the web. In ICWSM (2017), pp. 92–101.
 Krishnamurthy, B., Naryshkin, K., and Wills, C. Privacy leakage vs. protection measures: the growing disconnect. In WEB 2.0 SECURITY & PRIVACY 2011.
 Krishnamurthy, B., and Wills, C. E. On the leakage of personally identifiable information via online social networks. In WOSN’09.
 Maddock, Jim, K. S., and Mason, R. M. Using historical twitter data for research: Ethical challenges of tweet deletions. In CSCW ‘15 Workshop on Ethics.
 Mondal, M., Messias, J., Ghosh, S., Gummadi, K. P., and Kate, A. Forgetting in social media: Understanding and controlling longitudinal exposure of socially shared data. In USENIX SOUPS ‘16.
 Nair, S. K., Dashti, M. T., Crispo, B., and Tanenbaum, A. S. A hybrid PKI-IBC based ephemerizer system. In SEC’07.
 Perlman, R. The ephemerizer: Making data disappear. Tech. Rep. SMLI TR-2005-140, Sun Microsystems, Inc., 2005.