SpringAll
SpringAll copied to clipboard
wuyouzhuguli
AccountDeleter does not do enough
From this discussion, came to the conclusion that we should probably delete more stuff when an account is deleted. Or should we? Anyway, raising an issue to highlight this.
To me at least, it sounds a bit dubious that we don't delete comments, likes or messages on account deletion.
Account deletion happens here: https://github.com/diaspora/diaspora/blob/e174514d69ad5c815beae7d2175babb1c319dc66/lib/account_deleter.rb#L5
Opinions?
Well, deleting comments and messages destroys the discussion for the other party.
But isn't it the right of the content owner to delete their content, including comments?
It is, but closing an account and explicitly deleting them are quite different beasts. I mean some people don't even realize they can't reopen a closed account.
Since you asked for an opinion, I would recommend we ensure the verbage is delete account, that the user is warned that the action is irrevocable, and what will be deleted.
I would also recommend that deleting a user deletes the user's content (posts/comments/likes/participations/conversations) as though the user had done so manually. It's their data. If users want it to persist they may idle their accounts, logging in periodically to keep them from being deleted.
To me at least, it sounds a bit dubious that we don't delete comments, likes or messages on account deletion.
The problem is it can leave the network in a bizarre sate with federatio problems. E.g: the comments are deleted on the user's pod, but not on some other pods for various reasons. This is the same problem than deleting or editing a post, but to the power of ten.
I agree with @koehn - if a person explicitly decides to delete their account, that should delete their content. Period.
@AugierLe42e saying "everything everywhere might not be deleted" is a bad excuse. We attempt to federate content even though it always doesn't work. Should we not federate posts out because they might not be replicated everywhere?
But as this is a mixed opinion subject, I guess we need to talk and even vote on loomio before changing anything.
This also probably means the account cleanup maintenance has very little effect, if any, due to participations not being cleaned up..
@AugierLe42e saying "everything everywhere might not be deleted" is a bad excuse. We attempt to federate content even though it always doesn't work. Should we not federate posts out because they might not be replicated everywhere?
No. What I'm telling is that concern shouldn't be adressed before federation has been made more secure. Otherwise, it's pointless because we can't guaranty the user his messages have actually been deleted. This would be a serious issue to me.
Our choices seem to be:
- (Current state) Don't delete any messages when the user deletes an account, or:
- Make a best effort to delete messages when the user deletes an account, or:
- Delay deleting messages until we can ensure that we delete them all
Given those choices, I choose (2). I doubt that (3) will ever happen, and (1) is really deceptive, and runs counter to any reasonable user's expectation based on almost every other service on the internet.
I can understand that the comment and PM are not deleted by default because the discussions will then have no sense, but I see no interest in keeping the like interactions if it's linked to a ghost account. It just means "someone somewhere liked this content". Useless.
About the first point, maybe we could add a checkbox (unchecked by default) in the confirmation popup (see below) to say "also delete my comments and answers to private conversations"?
I think user can understand that they have no power over other pods. It may be presented as sending a 'removal request' to other pods, while warning the user that some pods may not honor the request.
For the inconsistency of discutions if every msg/comment is replaced by a "account deleted, this user is gone for good " msg, it could reflect reality and programaticaly make it easyer to update comments then remove them.
But for shure, if I delete my account and comments stay, I don't feel like it's good as sudo rm -rf /*
Just for the record: https://www.accountkiller.com/en/delete-diaspora-project-account#
As a user who signed in on the online social world where you are in control, my expectation if I delete my account is to have all the content I posted removed or made anonymous. Thanks to what @Flaburgan reminds here, I've just realized my comments will remain associated to my ID, which is not anonymous at all. I think this is a important issue and something like Deleted account should replace the ID of gone users.
Besides I agree with @jaywink and @koehn saying it's the right of the author to decide whether his comments will remain or not. But I also think it's good to keep them in conversations to maintain coherence. Thus in my opinion, beyond technical questions, the ideal solution should be:
- delete the posts and make anonymous other comments and warn the user accordingly
- add an option (not selected by default) to go further and suppress all participations in case the user wish
Hoping that this becomes reality, if only to reduce database size. I assume a few things are happening when an account is deleted:
- all tags are unfollowed (possibly reducing message deliveries to the pod, and preventing participations from growing)
- all users are unfollowed (see above)
But again, for the user's sake as well as the podmin's, all data about the user should be destroyed, including likes, participations, posts, comments, likes, messages, etc.
As it's been said already:
I think user can understand that they have no power over other pods.
We must make it clear, that it's impossible to delete data in the federation. Everyone can set up a pod which doesn't respect the Retraction federation message, and so the data, public or private will remain on the pod. And this problem won't go with the federation imporvement, it will rather get worse as there more pods and more software diversity and more people who want to do nasty things. So, we should change the wording and don't say "account deletion", but "account close". And not the data, post, comment or like "deletion", but "retraction". And retraction must be explained to the user as a request not to show some data, rather than a real data wipe.
Having the above in mind, we could add an optional possibility to retract comments, etc in the process of account close.
Also, comments, likes and conversations are quite a different concerns. Comments can break the discussion thread, but they can still be retracted now, like can't break discussions, and if I'm not mistaken, conversation and private messages can't be retracted at all, only locked.
Hi, Just to make it clear for me : Is "conversation" a PM addressed to more than one contact ?
Conversations are "containers" for PMs. If you open /conversations route on your pod, they are listed on the left side. Conversation may have more than 2 participants.
Maybe this can be seen together with https://github.com/diaspora/diaspora/pull/8249 With this close and "wipe and close/block" gets a unified UI.
