Facebook has admitted the company has been secretly deleting messages sent on Messenger by founder and CEO Mark Zuckerberg. “After Sony Pictures’ emails were hacked in 2014 we made a number of changes to protect our executives’ communications,” says a Facebook spokesperson in a statement to TechCrunch. “These included limiting the retention period for Mark’s messages in Messenger. We did so in full compliance with our legal obligations to preserve messages.”

Old Facebook messages sent by Zuckerberg have simply vanished in some existing threads, and TechCrunch reports that affected messages no longer appear in Facebook’s download your information tool. Recent messages from Zuckerberg reportedly remain in some users’ inboxes, and the company doesn’t appear to have cleared out all of Zuckerberg’s older messages prior to 2014. Facebook has never publicly disclosed the removal of these messages until now, and simply quietly deleted them from recipient’s Messenger inboxes. Regular Facebook users aren’t able to delete their own messages from other people’s Messenger inbox, and a special process was applied to Facebook executives.

Deleting Mark’s messages while leaving the recipients’ intact highlights Facebook’s actual views on privacy better than any statement it makes on the subject ever will — Casey Newton (@CaseyNewton) April 6, 2018

Facebook’s actions look shady even if they’re not

Facebook’s own terms of service don’t cover the company removing content from accounts unless it violates community standards, so Facebook’s actions look shady as a result. The actions could be viewed as an attempt to remove potentially embarrassing messages, and this is particularly relevant given the history of Facebook. Zuckerberg called people “dumb fucks” for trusting him early on at the beginning of Facebook, and he allegedly hacked into a Facebook user’s private email account back in 2004.

Got a tip for us? Use SecureDrop or Signal to securely send messages and files to The Verge without revealing your identity.

This latest revelation comes at a time of increased scrutiny on Facebook’s privacy policies and data protection. Facebook revealed earlier this week that as many as 87 million people, mainly in the US, had their data obtained by Cambridge Analytica. Facebook is implementing some broad platform changes to prevent this from happening in the future, and the company is looking for “suspicious activity” from developers to audit them fully after it made similar changes back in 2014 seemingly without an audit. Facebook CEO Mark Zuckerberg will now testify before Congress next week to answer questions about his company’s use and protection of user data.

Zuckerberg also revealed this week that “malicious actors” have been scraping phone numbers and email addresses of Facebook accounts, and Facebook’s chief technology officer told the Financial Times that the company has changed its approach to threats from hackers. “We will still be launching new products but prior to launching them we are sitting down and trying to think of all the possible bad uses of them and what bad actors might do with them, and how do we mitigate those things,” says Facebook CTO Mike Schroepfer.

Facebook is also reducing its Android call history and SMS data collection, after some users were alarmed to discover years of phone records and SMS communications in their accounts. Facebook has been using what it calls an “opt-in feature” to improve its friend recommendation algorithm by requesting access to contacts, SMS data, and call history on Android phones. Facebook is now reducing the amount of data it collects, and deleting old call logs.