Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Q&A

Welcome to Codidact Meta!

Codidact Meta is the meta-discussion site for the Codidact community network and the Codidact software. Whether you have bug reports or feature requests, support questions or rule discussions that touch the whole network – this is the site for you.

Comments on Please allow a user to permanently delete their account

Parent

Please allow a user to permanently delete their account

+8
−1

Please allow a user to permanently delete their account, without the current mechanic of writing an email to the support, writing another email for approval, etc.

Please just have a simple button to permanently delete the account.

History
Why does this post require moderator attention?
You might want to add some details to your flag.
Why should this post be closed?

3 comment threads

Deletion itself needs some changes too. (3 comments)
I completely agree with you. 1. You own your data. 2. Your account is your data. 3. (1)+(2) => Y... (5 comments)
Probably a dupe (1 comment)
Post
+8
−0

I'm going to be a bit contrarian here.

First, don't get me wrong. I am not arguing that a user should not be able to delete their own account. Of course a user should be able to delete their account. Besides all the reasonable arguments, that's a pretty firm requirement in the EU GDPR.

However, let's not go overboard by making it too easy.

Account or profile deletion, done properly, is very much a destructive operation that cannot easily be undone.

Destructive operations typically come with safeguards. In the real world, you have everything from locked cabinets and guarded switches to multiple distinct inputs required that cannot be performed by the same person (for example, by being placed far enough apart that one person cannot reach both at the same time, yet both must be done simultaneously). All of those serve to protect against accidental activation of or exposure to the thing in question.

This doesn't mean that it can't appear to visitors as though the account has been deleted immediately. But the rightful account owner should:

  • be required to provide their current password immediately before the "delete my account" function takes any effect
  • be provided with an "undo" of some kind for some reasonable amount of time
  • be notified elsewhere (for example, by email to the address associated with their account) that their account/profile is about to be deleted, including simple, actionable instructions on how to stop that process

The first helps ensure that the person in front of the computer at the time is someone who actually has access to the account password. It protects against session hijacking or just someone taking advantage of the fact that the account holder didn't lock the computer while stepping away for a few minutes.

The second ensures that if the user changes their mind, they have a window of opportunity within which they can recover their account. This doesn't have to be much; I imagine 2 to 7 days would be plenty.

The third ensures that in case of unauthorized access to the account, it's not as easy as just clicking a "delete my account" button for someone other than the rightful account holder to cause havoc even if, say, the browser autofills the password or the password is known. To delete the account, an attacker would then also have to intercept and somehow either prevent delivery of or delete that notification email, raising the bar a fair bit.

History
Why does this post require moderator attention?
You might want to add some details to your flag.

1 comment thread

This is more on how to do it than why doing it. (1 comment)
This is more on how to do it than why doing it.
Zakk‭ wrote almost 2 years ago

I 99% agree with you. Except for this:

This doesn't have to be much; I imagine 2 to 7 days would be plenty.

Two to seven days is a very short grace period in my opinion. I think it should be at least 15 days, and up to 30 days.