Thank you for your reply!
Sorry, I didn’t press enter enough times after the first statement. (So I already entered the second statement while the first one was being executed). However, when I do press enter enough times, I run into this error:
So I changed it to this:
UserAnonymizer.make_anonymous(user, nil, {anonymize_ip: "0.0.0.0"}) And now it works!
Here’s a fully prepped form for others:
UserAnonymizer.make_anonymous(User.find_by_username_or_email("=USERNAME="), nil, anonymize_ip: "0.0.0.0")
We’re having a first request to anonymize an account on our forum and I just tested the effects on a sandbox instance.
Username on post and mentioned before anonymizing:
After anonymizing:
Shouldn’t the mentions also be anonymized? The original announcement says so.
Edit: looks like it didn’t work because I had this test user mention themselves on their own post. On other users’ posts it works.
Yes they should.
Nice catch!
Also saw that anonymized users can still be messaged, suggesting there’s still someone responding to the profile:
Getting back on this, I still think it’s not helpful that other users can keep on looking up the profile page of an anonymized profile and get an overview of all their previous activity and likes or even send a message. The easiest approach to stop this seems to select Hide my public profile and presence features on the interface options for the anonymized user.
I’d suggest to make this setting a default in the anonymizing process.
Has this actually been a problem? I think most people who see a ghost icon and “Removed profile” would understand there is no user to respond to them.
Yes, it’s not a problem in the sense that other users would mistake this for an existing profile. But it’s an issue about anonymizing the profile when the entire activity of such a profile is still visible. As said, it can be easily adjusted manually. I just think it would be a sensible default for anonymization anyways.
Yes that’s right but the user reading won’t know who it was anyway.
If a previously Anonymized user ask to join again, could we replace his Anon12345 handle with a new one so that all his old posts are associated with his account?
If you know the anonymous account that was associated with the user’s previous account, you could ask them to signup for a new account on the site. You could then merge the old anonymous account into their new account.
Unless an account was anonymized by mistake, I would be somewhat reluctant to merge an anonymized account into a new account. It feels like it defeats the purpose of anonymization.
I totally understand. I will simply give them their Anon# when they leave in case they want to come back. They were very estimated contributors so even if the posts are anonymized, for old community members, it is easy to recognize who could have made such post.
I agree with @Cécile_Savoie. Here’s a real use-case: something happens in a community and Alice wants to leave, asking Staff to remove her account. Some admin suspends the user and anonymizes Alice’s posts. The community reaches out to Alice, fixes the problem, and invites Alice back. The admin can then restore her posting history.
That’s good to know. I wouldn’t want anyone using this process to erase their history without very good reason.
You still need to know whose posts they are. In a large community that might be problematic. Maybe leaving a staff note might be useful.
While I agree this is a good to restore someone’s identity to posts they’ve made before being anonymized, there’s always that right to be forgotten thing that could get in the way. By keeping a staff note as to whose identity belongs to which anonymized user, then a user who wants to be forgotten isn’t really forgotten. 
I still like the idea behind this though. It’s good for someone who quits a forum out of anger or whatever, has regrets, and then wants to be reinstated without losing their replies.
Came across this strange detail when anonymizing a user. In an existing post the name was replaced, but the link stayed to the old username, as in:
[@anon14148923](https://example.com/u/original_username)
And then it still showed the original username in the rendered post.
Even if the user didn’t explicitly ask to be forgotten under the GDPR, I believe the principals of GDPR and data-minimisation could still raise questions as to why, for what purpose and for how long you are retaining the record of the persons identity. The site privacy statement may need to say something like “we keep original user names for 30 days after anonymisation in case people change their mind” to be water tight.
For me, sometimes people ask to rage-quit, and we normally send something polite back, try and understand the situation and/or moderate it, and ask they wait until the next day to be sure as it really is irreversible. Sometimes people have calmed down and hang around, sometimes we still end up having to irreversibly anonymise them and usually follow up by trying to remove mentions and other things which aren’t automatically caught (e.g. references to the old username without an @).
I don’t know much about GDPR, but is it really necessary to remove all mention of the anonymized user? It’s not their content (unless they @mention themselves?), and the username is gone.
Well Dan Eastwood, someone might mention a user name in a reply in such a way that it could potentially defeat anonymisation. For example, if you were to be anonymised here on meta, this post could now link posts from the new anonxyz number with your original name.
I’m not a lawyer, but the legislation talks about putting personal data ‘beyond use’. If the original author of posts can be easily determined, I don’t think it meets anonymisation as required by this ‘right to be forgotten’. Therefore I to try and locate any such references and remove them from a site when a member is anonymised - though normally users come at this from the point of requesting that everything be deleted, so I’m already somewhat on the backfoot trying to explain that’s not possible and anonymisation is the compliant option.
