Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Notifications
Mark all as read
Q&A

Welcome to Codidact Meta!

Codidact Meta is the meta-discussion site for the Codidact community network and the Codidact software. Whether you have bug reports or feature requests, support questions or rule discussions that touch the whole network – this is the site for you.

Please allow a user to permanently delete their account

+6
−0

Please allow a user to permanently delete their account, without the current mechanic of writing an email to the support, writing another email for approval, etc.

Please just have a simple button to permanently delete the account.

Why does this post require moderator attention?
You might want to add some details to your flag.
Why should this post be closed?

3 comment threads

Deletion itself needs some changes too. (3 comments)
I completely agree with you. 1. You own your data. 2. Your account is your data. 3. (1)+(2) => Y... (5 comments)
Probably a dupe (1 comment)

2 answers

+5
−0

I'm going to be a bit contrarian here.

First, don't get me wrong. I am not arguing that a user should not be able to delete their own account. Of course a user should be able to delete their account. Besides all the reasonable arguments, that's a pretty firm requirement in the EU GDPR.

However, let's not go overboard by making it too easy.

Account or profile deletion, done properly, is very much a destructive operation that cannot easily be undone.

Destructive operations typically come with safeguards. In the real world, you have everything from locked cabinets and guarded switches to multiple distinct inputs required that cannot be performed by the same person (for example, by being placed far enough apart that one person cannot reach both at the same time, yet both must be done simultaneously). All of those serve to protect against accidental activation of or exposure to the thing in question.

This doesn't mean that it can't appear to visitors as though the account has been deleted immediately. But the rightful account owner should:

  • be required to provide their current password immediately before the "delete my account" function takes any effect
  • be provided with an "undo" of some kind for some reasonable amount of time
  • be notified elsewhere (for example, by email to the address associated with their account) that their account/profile is about to be deleted, including simple, actionable instructions on how to stop that process

The first helps ensure that the person in front of the computer at the time is someone who actually has access to the account password. It protects against session hijacking or just someone taking advantage of the fact that the account holder didn't lock the computer while stepping away for a few minutes.

The second ensures that if the user changes their mind, they have a window of opportunity within which they can recover their account. This doesn't have to be much; I imagine 2 to 7 days would be plenty.

The third ensures that in case of unauthorized access to the account, it's not as easy as just clicking a "delete my account" button for someone other than the rightful account holder to cause havoc even if, say, the browser autofills the password or the password is known. To delete the account, an attacker would then also have to intercept and somehow either prevent delivery of or delete that notification email, raising the bar a fair bit.

Why does this post require moderator attention?
You might want to add some details to your flag.

1 comment thread

This is more on how to do it than why doing it. (1 comment)
+5
−1

The current email path (and asking you to prove you control the account, because email can be spoofed) is a stopgap. We do want to allow you to delete an account more directly. If you could make the request from the site, for instance, then the fact that you're signed in would already demonstrate control of the account, so we could skip that confirmation step.

It's not quite as simple as "just delete the account on request", because we want to have some mitigation for abuses like serial spam/trolling. If you delete and immediately re-create an account, for instance, that's something we would want to be able to record, so that we can tie the activity of the two accounts together internally. We haven't built that tooling yet, or even worked out what exactly it should include, so currently account deletion includes somebody taking a quick look for suspicious activity first.

We want to give community members as much control as possible; it's part of our raison d'etre. We also want to protect communities from "easy" abuse, because supporting communities is also part of our raison d'etre. I'm sorry we don't yet have better tooling for the latter that would help the former, but we do aspire to get there. We're not trying to nanny or second-guess you; this is just the best we can do right now. It's not ideal and it doesn't scale.

Why does this post require moderator attention?
You might want to add some details to your flag.

1 comment thread

-1 because > What are the types of DOM nodes? > It's not quite as simple as "just delete the ac... (8 comments)

Sign up to answer this question »

This community is part of the Codidact network. We have other communities too — take a look!

You can also join us in chat!

Want to advertise this community? Use our templates!

Like what we're doing? Support us! Donate