User accounts are not deleted properly #38

Closed
opened 2 years ago by ryexandrite · 4 comments
Owner

https://github.com/LemmyNet/lemmy/issues/730

The current API endpoint for deleting accounts does not function as expected because while it does blank the contents of any comments or posts by that user and mark them deleted it does not actually delete the user or remove their information. there is no code for this.

Furthermore and investigation of the code reveals that all posts and comments still retain the user id, while the content is gone the metadata like what community it was posted to and when, etc. is still there.

we need to set up a system to automatically move deleted posts to be owned by a "nobody" user and provide code to properly delete a user account.

https://github.com/LemmyNet/lemmy/issues/730 The current API endpoint for deleting accounts does not function as expected because while it does blank the contents of any comments or posts by that user and mark them deleted it does not actually delete the user or remove their information. there is no code for this. Furthermore and investigation of the code reveals that all posts and comments still retain the user id, while the content is gone the metadata like what community it was posted to and when, etc. is still there. we need to set up a system to automatically move deleted posts to be owned by a "nobody" user and provide code to properly delete a user account.
Poster
Owner

changed the description

changed the description
Poster
Owner

I'm asking upstream if the 'nobody' user is a reasonable approach.

I'm asking upstream if the 'nobody' user is a reasonable approach.
BeatnikThespian commented 2 years ago (Migrated from gitlab.com)
Owner

This is vital for GDPR as well. Users need right to be forgotten.

This is vital for GDPR as well. Users need right to be forgotten.
Poster
Owner

I just noted upstream on the issue that GDPR Right to be Forgotten complience is a thing. hopefully we get an answer. if not I'll create a PR upstream soonish.

I just noted upstream on the issue that GDPR Right to be Forgotten complience is a thing. hopefully we get an answer. if not I'll create a PR upstream soonish.
ryexandrite referenced this issue from a commit 2 years ago
ryexandrite closed this issue 2 years ago
ryexandrite referenced this issue from a commit 2 years ago
Sign in to join this conversation.
No Milestone
No project
No Assignees
2 Participants
Notifications
Due Date

No due date set.

Dependencies

This issue currently doesn't have any dependencies.

Loading…
There is no content yet.