在Discourse中匿名化用户

If you want to permanently remove a user from your community, but also preserve their contributions to Discourse, you can anonymize that user.

How do I anonymize a user?

At the bottom of a user’s admin page, there is an “Anonymize User” button:

image700×302 13.8 KB

You’ll be asked to confirm. If you agree, the user will be anonymized.

How thorough is the anonymization?

• The user will no longer be able to log in to your community as this specific account.

• A new username will be randomly assigned to the user such as anon123456. This new username will be applied to all their posts in the system, and we will update all @mentions and quotes too.

• The new username is not applied to: deleted posts, post revisions when the current post doesn’t mention or quote the renamed user anymore, oneboxed user profiles, queued posts, or staff logs.

• Their email, name, date of birth and avatar will be removed. Their password will be replaced with a secure, random password.

• In the case where site settings have been configured to require a name, the name will be set to the same, anonymized username, e.g. anon123456.

• Their user profile will be removed.

• Any api keys generated for the user will be revoked.

• Any third party authentication mechanisms (Google/Facebook/etc) will be revoked.

IP History

Discourse will retain the user’s IP addresses in our logs associated with the anonymous user. However, there is a new mechanism to clear those out too available to developers.

When using our UserAnonymizer class, you can pass in an :anonymize_ip option with an IP to replace, for example 0.0.0.0.

If provided, Discourse will go through several tables in our system and update the IPs associated with the anonymous user to the new value.

If you’d like to enable this feature on your Discourse, we recommend creating a plugin to handle your particular workflow.

User Deletion

New users can self delete their own accounts, provided

• the account is new and was created within a few days
• the account hasn’t posted more than once

If you sign up for an account and regret it, you can leave at will – provided you haven’t posted very much, and decide within a few days of joining.

GDPR

The new GDPR regulations came into effect in Europe in 2018, specifically the Right of Erasure.

The anonymization tools in Discourse are available to all administrators, but we recommend you contact a legal professional if you require GDPR compliance. Said professional will be able to audit your systems and tell you if you meet the requirements.

Just tested on try.
In the quotes the username is anonymized but not the avatar (see Do you use a mobile device for ALL your work? Tell me how! - #6 - tech - Discourse Demo).
As an administrator instead, every time I tested this function making an anonymous user, when I click the back button of the browser twice to return from the user’s admin page to the topic I was reading I always end up on page 404.

Will be fixed soon.

Well, that error is to be expected. You visited the user’s profile page before you anonymized the user and that page is still in the browser history.

That’s true, because Discourse try go back to the original admin user page, which is no longer available, then reload the admin user page of the anonymous user, the second click on the back button would like to return to the original-user/summary page that no longer exists and you go to page 404 instead.

No, you can’t undo this anonymizing.

You can restore a backup made before the destructive action.

2 篇帖子已拆分为新主题：是否可以通过 HTTP API 调用向 /admin/users/{id}/anonymize 方法传递 anonymize_ip 参数？

4 个帖子被拆分到一个新主题：为什么非开发人员管理员无法重置匿名帐户的 IP 字段？

7 篇帖子被拆分到一个新主题：匿名用户后，提及信息仍保留其原始用户名

我已经找到了一种手动执行此操作的方法，但并非完全恢复。手动恢复匿名化的用户名并重新关联用户的电子邮件。然后发送重新激活电子邮件。

这无疑是一件令人头疼的事情，希望除了像我这样的人之外，没有人需要这样做。

我创建了一个 Discourse 插件，该插件还可以匿名化 IP 地址

供那些不想头疼的未来用户使用