Daily Tildes discussion - how to handle account deletion
This came up yesterday, and I think it's worth discussing in a little more depth.
There isn't currently an account-deletion feature (though I can do it manually on request), but it's going to be needed in the future. The main thing that probably needs to be decided is what exactly to do with all of the user's posts when they delete their account. If the user was prolific and you wipe out all their posts, it can damage a lot of history. But if you leave their posts up (possibly no longer associated with their username), it means that all of the user's content is now basically "orphaned" and they no longer have control of it even though they posted it.
I won't go into too much detail about my own thoughts, but I'm curious to hear what you all think of how deletions (and the deleted user's content) should be handled.
If someone is deleting their account, then they're basically taking their bat & ball and pissing off. Anything they posted is theirs, and it's their right to take it with them.
There should at least be an option for people deleting their account to also delete everything they've posted, even if this isn't the default behaviour.
Also, your own privacy policy strongly implies that tilders will have total control over their data - up to and including full deletion.
I do believe the correct thing to do is to give users the ability to delete their posts, but it's only a matter of time before there's a ceddit or removeddit type site for tildes which ensures nothing ever truly gets deleted.
While I agree that the privacy policy implies that tilders have total control over their data, I don't see any place where it says that their data includes links that they've posted.
They don't own the links themselves, but I believe they own the Tildes posts they made about those links.
So if you make a post, and I comment on it, you own my comment?
Of course not! Which is why I should not be able to delete your comment.
If you delete your post, that will remove the comment.
It will? I wasn't aware of that behaviour here.
In that case, Deimos needs to ensure that any delete function deletes only the user's own posts and comments, and noone else's.
There could be multiple options on how you want to delete your account. One could be a full erase; removing all content and existence of that user. Another could be "archiving" the account, so all posts are still visible with/without the username attached, but the account can no longer post (maybe add a tag to the username, or grey it out to indicate that user is archived).
Just my 2c.
Users can already manually delete their stuff anyway. I say just have three options.
I agree that if the user can delete their posts anyway, there's no reason not to provide that option when they delete their account.
Yeah, the choice should ultimately be in the hands of the user, but I recommend including language that reminds them of the following before nuking everything.
Ideally, a person would choose to delete a select few things that they don't want to be easily visible anymore while archiving the rest of their comments to preserve thread integrity.
It might also be a good idea to disable re-registrations with past deleted usernames. Unless Tildes comes up with a way of "verifying" an account, but that seems counter to the values of the site.
I said this in a comment below, when the user deletes their account you can offer them an option to associate an email in case they want to get their account back.
I think removal of ownership is the way to go. Once the site goes public, crawlers and archivers will already have copies and attempting to anonymize that will be fruitless.
Even with crawlers and archivers people should have the option of at least making it harder to find info. Just like over on reddit where people make scripts that will edit and/or delete your history. It just makes it easier and less likely to get the spammy ones if it's built in to the site.
When selecting 1 or 2 offer an option to associate an email to restore the account in case the user wants to come back.
Edit: also offer a field to let the user explain why he/she is leaving.
Edit 2: in the account deletion page make the user type their password again to confirm deletion, this should prevent any kind of malicious XSS attack from deleting an account and will also make the user think twice before deleting.
I'm a little torn on this one. I mean the right to be forgotten should be allowed, but it's really hard to enforce on the internet. There's easy to use ways of seeing what comments have been deleted on other sites.
On the other hand, I kind of feel like if you delete your account, it should remove the option for logging in, but what you have said should remain attached to the handle you are using. It might encourage people to think a little more before putting something out there that's permanently attached to them - even if it is an anonymous persona. It's far too easy currently for someone to espouse some bullshit or another, and if it proves unpopular, they just delete it and avoid the consequences.
I commented this yesterday on the post that inspired this one. But I think there would still have to be some option to "nuke" the account in the event of doxxing or the like. It can be easy to let slip just a little too much information in small amounts. Soon enough, there is enough info available that someone could ID you.
Maybe that could be handled on a case by case basis, because I do agree that comments should remain. Everyone is focused on old threads, but it isn't unheard of for a Reddit account to be deleted after making a high level comment on a still active thread. That can hurt the discussion and just leads to people asking for a summary or screenshot of the comment.
Agreed, I think people underestimate how easy it is to do. I've done it once or twice (on request) with someone who was sure they didn't share anything personal. But they shared one video which together with another video two years later was enough to ID them, so I was able to find them (in half an hour, I think? I don't mean to toot my own horn but that was through literally thousands of different comments/posts that they had made over time, and required looking at the youtube account one was posted on --> looking at a website that was in the description --> using the website to find a twitter account --> using the [fairly short] list of followers of that account together with the aforementioned second video [which briefly showed a part of the person] to find our poster). I mean that was just for fun—imagine you've done something that """justifies""" being doxxed and you've got a few people working on it?
Anyways, that's why I disagree with handling it case-by-case; I like the 3 options posted elsewhere (full wipe, delete username from comments, or leave but indicate it's a deleted account). Sure, there's the issue of deleted comments, but I think that's (1) a flaw in reddit's website (don't have a deleted comment as top comment and things are solved), and (2) an issue with reddit's crowd/size (those are often semi-controversial comments that get 300 replies that aren't really all that different). (1) is easier to fix here, just requires handling deleted comments in a certain way (or maybe selectively handling dead comments in active threads differently), but (2) is maybe a culture thing? I'm not sure how to handle that, besides maybe throwing notifications together ("200 people replied to your comment")
It worries me that you think there must be consequences for espousing an unpopular opinion.
I think you might be putting too much weight on the word consequence. I had in mind the occasions when comments are deleted to avoid the downvotes they were getting. I certainly do not advocate real-world consequences, outside of no way of hiding the comments you have made with your online persona.
I would say that Ven has a good point about someone having made a comment that exposes a little too much personal information.
There may be legal requirements, based on the "right to be forgotten"...
https://en.wikipedia.org/wiki/Right_to_be_forgotten#Current_legal_frameworks
One thing you'll have to consider: we're assuming that any actions taken will be by the rightful account owner; that may not always be the case. Much as we'd love to believe it won't happen, accounts WILL get compromised. Do we want to give people the ability to then clean out those accounts for their own use?
For what it's worth, not having control of your messages is the par for the course these days, so it's unlikely that anyone would be too appalled.
I would be very, very against the automatic removal of content, because it would inevitably create a historical content graveyard. Most of Reddit's old stuff is littered with holes and gaps because people left, whether it was useful or not.
That said, I am someone who is against the ability to edit or delete your own posts/comments after eg a 5 minute edit window, which I know goes against the ~ philosophy, so I would understand if the site went another direction there. But in defense of my position, can you take your words back from the ears of people who hear you in real life? Why can't conversations stand as written, permanently (with moderators able to delete if they contain rule breaking ie doxx)?
Again Discourse has a model for this.
Removing all the content a user has creates enormous holes in the history. If creating accounts is easy (and I don't think it is now, but most sites have easy to make accounts), and deleting accounts can be done by the user, it can be used for trolling / griefing.
When people close their accounts the username should be retired, some signal should be used to mark the username as inactive, and (optionally -- probably up to the user), the username should be replaced with an anonymized string.
I'm arguing from a position of wanting maximum coherency after the fact: I'm not sure I'm in favor of even orphaning the content let alone letting people delete their accounts. If they want to abandon an account and start a new one, I'd be in favor of being able to "freeze" an account, forbidding any future action and detaching it from an email address in order to let the person start a new account without making a new email address to go with it.
Just like with Reddit locking post titles to keep people from editing them in misleading ways, I'd be a fan of locking down the ability for anyone to edit or delete their own posts after a certain amount of time. I like the anonymity of user names, but I'd like people to think about what they're saying with the explicit understanding that their words will be linked to their chosen name in perpetuity. They can walk away from the name, but they can't prune what they've said over time.