Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Q&A

Welcome to Codidact Meta!

Codidact Meta is the meta-discussion site for the Codidact community network and the Codidact software. Whether you have bug reports or feature requests, support questions or rule discussions that touch the whole network – this is the site for you.

Post History

83%
+8 −0
Q&A Please allow a user to permanently delete their account

I'm going to be a bit contrarian here. First, don't get me wrong. I am not arguing that a user should not be able to delete their own account. Of course a user should be able to delete their accou...

posted 2y ago by Canina‭

Answer
#1: Initial revision by user avatar Canina‭ · 2022-04-27T19:32:45Z (over 2 years ago)
I'm going to be a bit contrarian here.

First, don't get me wrong. **I am *not* arguing that a user should not be able to delete their own account.** Of course a user should be able to delete their account. Besides all the reasonable arguments, that's a pretty firm requirement in the EU GDPR.

However, **let's not go overboard by making it *too* easy.**

**Account or profile deletion, done properly, is very much a destructive operation that cannot easily be undone.**

Destructive operations typically come with safeguards. In the real world, you have everything from locked cabinets and guarded switches to multiple distinct inputs required that cannot be performed by the same person (for example, by being placed far enough apart that one person cannot reach both at the same time, yet both must be done simultaneously). All of those serve to protect against accidental activation of or exposure to the thing in question.

This doesn't mean that it can't *appear* to visitors as though the account has been deleted immediately. But the rightful account owner should:

 * be required to provide their current password immediately before the "delete my account" function takes any effect
 * be provided with an "undo" of some kind for some *reasonable* amount of time
 * be notified elsewhere (for example, by email to the address associated with their account) that their account/profile is about to be deleted, including simple, actionable instructions on how to stop that process

The first helps ensure that the person in front of the computer at the time is someone who actually has access to the account password. It protects against session hijacking or just someone taking advantage of the fact that the account holder didn't lock the computer while stepping away for a few minutes.

The second ensures that if the user changes their mind, they have a window of opportunity within which they can recover their account. This doesn't have to be much; I imagine 2 to 7 days would be *plenty*.

The third ensures that in case of unauthorized access to the account, it's not as easy as just clicking a "delete my account" button for someone *other* than the rightful account holder to cause havoc even if, say, the browser autofills the password or the password is known. To delete the account, an attacker would then also have to intercept and somehow either prevent delivery of or delete that notification email, raising the bar a fair bit.