Add Account Deletion

Hi,

Please include a standard feature for the user to delete his forum account. Also, changing the username becomes impossible after a certain number of messages were posted, as far as I know.

This, combined, makes it impossible for the user to not leave digital traces. In many countries, it is legally granted to people to request the erasure of their personal data. For example, here is EU regulation.

This feature already exists. Look under user preferences at the bottom of the page.

image1680×1705 145 KB

However, you can only delete your account when it is new. See the relevant site settings to adjust those thresholds.

None of the regulations require deletion or anonymization to be self-service, so the self service options are locked out after they would become disruptive to the community.

You can ask the forum administrators to delete your account, but they may respond by anonymizing it instead.

Thanks for the replies.

From your words I can understand that the mechanism of Discourse is such that it is impossible to delete users’ accounts without breaking the whole thing.

In addition, it’s not possible to change the username.

That’s just not right. Users are not even warned about this when they sign up.

No, that’s not correct.

This is also not correct.

User keeps searching for the ‘Account Deletion’ button. In vain.

If any user wants to delete his account, he keeps searching for the ‘Delete Account’ option, not knowing what is the underlying condition for ‘Posts threshold’.
Can we show the ‘Delete My Account’ button, although as a gray button showing ‘unavailable to be clicked’, to those users who’ve posted more times than the threshold allows them? Or perhaps a small hovering explanation to the users informing them of the ‘requisition’?

Even without the hovering help/info, this ‘unavailable to delete account’ button would be much helpful and save user’s time to find that button.

Even if its displayed and greyed out the site staff will most likely resort to anonymising the account anyway so great user has found the button but why show a button that isn’t functional?

edit: Maybe something like this?

image1445×757 66.1 KB

Not a good solution. That means we are showing not helpful and negative pseudo-button/information to vass majority of users.

What we need is a simple button that directs to easy document telling what is going on and there should be a simple tickbox to demand deletion — and that request shall go to admin and admin only.

In any case, ‘the absence of any button’ confuses a button lot and forces the user to keep looking for such buttons under all menus and options.

I think probably the best way is create a button on that section for example Account Deletion Request clicking on this button a PM (admin is the recipient) composer opens with some placeholder (title and textarea). This way users easily can send an account deletion or anonimazition request and Admins also can review the account before delete or anonimize it.

This button would appears when canDeleteAccount is false (so the default Delete My Account is not appears) or make it trust level restriction and it can use the user-preferences-account plugin outlet which is here on account page. But the better position is on the bottom of the page. Just like where the default button is appear.

If I have some time maybe I create a theme component for this.

Hello @Bathinda,

Here is the theme component

@Don
Thank you very much. This solved my problem exactly/100%

Hello,

I would like to address this issue again, because in a forum I use there are also problems with deletion requests from users.

I would like to understand more about this.

1. Why is it not possible in discourse to delete your own profile with a few clicks?
   Is there any background to this that I don’t understand or has not been disclosed yet? I would assume that the technical implementation is not the problem.
   Are there any reasons from a user experience perspective that support this?

Or is it already planned that there will be an easy way for all users to delete their own account on their own?

2. Can there be problems in relation to the GDPR if no transparent communication and possibility is offered regarding the deletion of one’s own account?

Thank you for answers and clarification!

A bit of info:

And a related theme component:

I am already familiar with the two links. Unfortunately, they do not explain why this function does not yet exist or whether there are plans to implement such a function. I am acting here purely from a UX point of view and would also like to leave the legal glasses off.

User Story: As a Discourse user, I would like to delete my account quickly and easily and receive immediate positive feedback.

The question remains: What are the arguments against adding a button that does just that?

This is the part that got my attention. My understanding is that deleting a user deletes all their message and lead to incomplete topics with “holes” in the remaining information on the forum. And it wouldn’t delete parts of the user’s messages quoted by other users, so the information quality would be decreased even more (and still could be linked to the user even after deletion if the user’s name or any other public information they shared was quoted by others).

Again, that’s what I understand but I could be wrong, and also I completely understand your concerns.

Disruptive is a bit harsh in my view in this context. No one insists that all posts must be deleted in the process. Only the username would have to be removed and instead “Deleted user” should be displayed.

Users can report posts here, like, bookmark, share and so on although this is not required by law. So there is also functionality here that makes it easier for a user to use the software, even though this is not required by law. So why not delete your own account via button or at least anonymize it and block the login?

That is what the “anonymize user” functionality does and why it was created

As for why anonymize user isn’t self service, there are several reasons and I don’t remember all of them right now. What I can think of:

1. GDPR, obviously, demands that deletion is accomplished within 30 days of you giving proper notice. 30 days is plenty of time for a human response and does not demand user-accessible automation (… that’s why they wrote the law like that …).
2. Mistakes. This would be a button that stops you from ever logging into the account again. It’s notable that Facebook, Twitter, etc account deactivation is reversible (though Facebook makes reactivation too smooth). In general, the “destroy my data button” is something the software engineering industry has started to realize is a Bad Idea.
3. The human touch is actually nice sometimes, which ties into…
4. Wanting to leave a community so badly you don’t want your name associated with it at all is something that the admins should know about and feel when it happens. Can they fix the cause for the next person?
5. The conversation is a chance to offer alternative remedies, such as timed suspension (for people worried that they’re addicted to the forum) or performing a detailed scrub of sensitive information in posts.
6. Account hijacking attacks are a thing that can happen. If we suppose a widespread account hijacking incident that doesn’t nab any moderator accounts, Anonymize Account is easily the most destructive available action after this proposal. This is one of the major reasons that individual post deletion is rate limited.
7. SSO - the user’s data might be replicated to other systems that Discourse doesn’t know about that the moderators also need to trigger cleaning in.

None of these are “hard never” reasons, but I hope this gives you a good sense of the balance of concerns.

Adding my 2 cents to this feature request. The decision as to whether users should be allowed to delete their own accounts (irrespective of how long they’ve been around etc) should ultimately lie with the site administrator. The responsible thing to do would be to allow the administrator to allow or disallow account deletion (or anonymization) to comply with regulations and company policies. It shouldn’t be forced upon them by discourse (or made to do hoops to achieve this basic feature).

Cross linking, 2 options that are sorely required in discourse to comply with regulations and company policy:

I see critical issues with all those shiny arguments.

• Holes in the Threads are annoying, that’s understandable but the “right to be forgotten” (GDPR) is above all in the law sense (privacy > comfort / functionality)
• Self-service is unavoidable and there is no legitimate interest not having it

The regulation does not talk about self-service directly but the intent of the law, which counts, implies that a self-service is unavoidable.

Technically, all websites having registration and account (management) without that self-service are rejecting the user’s legal authority over the own private data (or PII), including posts where the person is identifiable and therefore are probably violating the GDPR, which is to interpret in widest possible extent.

I do believe that German law is also violated, as our interpretation of the GDPR is much deeper and “wider” than the original GDPR. People have on German platforms always the right to delete all their data all the time. The only exceptions are legal and security purposes. Both legitimate causes can’t be justified here.

I do agree that a the owner/super admin should decide whether this functionality is active or not, but it should be by default enabled for all discourses that have German or EU users.

Having a button that asks the admin to anonymize is a nice tool and might be sufficient under U.S. law.

In anyway just anonymizing the account is not enough. It probably keeps the E-Mail, IP addresses etc. which is probably illegal in most cases.