Dont purge posts/comments when user deletes account (ref #2426) #2540
Conversation
Nutomic
force-pushed
the
delete-user-keep-content
branch
from
e38f803
to
1de7a08
Compare
There was a problem hiding this comment.
The GDPR stuff is less important to me than what someone intends by deleting their account: they probably don't want any of their content publicly visible.
We can preserve their content in the DB by just setting deleted: true, but not overwriting any of the content-type columns. Still a bit scary because I'm not sure which of those fields might still be publicly visible.
| use crate::schema::comment::dsl::*; | ||
| diesel::update(comment.filter(creator_id.eq(for_creator_id))) | ||
| .set(( | ||
| content.eq("*Permananently Deleted*"), |
There was a problem hiding this comment.
This section still needs to be here, especially the deleted.eq(true). You just don't need to overwrite the content.
Otherwise all their posts and comments would still be publicly visible.
| name.eq(perma_deleted), | ||
| url.eq(perma_deleted_url), | ||
| body.eq(perma_deleted), | ||
| deleted.eq(true), |
There was a problem hiding this comment.
Same here, just make sure deleted.eq(true) stays.
|
How about giving a user a "delete all my submissions" checkbox upon account deletion? It would introduce some complexity, sure, but it seems like a worthwhile option nonetheless. |
|
Seems like it would be worthwhile to add that option, but we're still left with the same question, since there are 3 possibilities:
|
What makes you think like this? If i delete my account, its because i dont want to use it anymore, doesnt mean i want to delete all the comments which i spent a long time writing. I would handle this with a message on the delete profile button, telling the user to manually delete all comments with personal data if desired (or to use a script to wipe everything). If each user deletion means that all posts from that user disappear, it will have a very bad effect in a few years, there will be holes in all discussions, and valuable replies will be missing. |
|
A main reason people delete their accounts, is because they doxxed themselves in their content. They def don't want to have to run a script when we can easily overwrite their content for them.
Just a note that this doesn't DB delete the comments (which would wipe out entire trees) or posts, but only overwrites the content. So other peoples' data is still safe.
That makes sense to me, just to add an optional checkbox for "delete my content". |
This can be achieved by just not using the account, no need for deletion.
Each user's posts belong to that user. If at some point someone decides they want to delete all their contributions, it is right to give them a way to do that, and make it easy. And then it's up to the community to create an environment where users feel safe and don't want to delete their accounts. What about letting a user download all their posts before deleting them? |
|
We have an issue for account data export. It wouldn't be too difficult, but we just have a lot of other priorities: #506 |
|
Okay in that case I would change it so that content is only deleted if a checkbox is selected. Then you can choose to delete data or keep it. And i would also add a password field for account deletion, so that someone cant delete your account with a stolen login token alone. |
Based on the comment below by kromonos in Matrix, GDPR only requires operators to delete the following personally identifying information:
Posted content is not part of it, so there is no legal problem if we leave it. Deleting such content is also bad for the ecosystem, because valuable information disappears.
We should update the account deletion message to account for this, and tell the user to delete individual posts/comments before deleting the account, if desired.