Not sure how I feel about this one. I think it's a nice gesture to respect someones wishes to delete their contributions regardless of the technical fact of external archives etc.
While I mostly agree with what he said, I think there are some things they could do to give users more control without "gutting" threads.
1. Allow accounts to be deleted, with all of all their comments and submissions reverting to a [deleted] author.
2. If conversations require author continuity, anonymize the author per-thread to something like the Google docs anonymous usernames
3. Include a deletion request with clear guidelines for reasons why something can be deleted.
Of course they won't do these things because 1) it's only two people and these features will require development and maintenance 2) an opaque and uncertain process ensures that they'll only receive requests in the most necessary cases 3) people might think more about what they write if they can't easily take it back
What they could really do is add a warning to the account creation, submission and comment forms telling users that their submissions are not retractable past the grace period.
It’s often the easiest way to comply with GDPR just to allow any of your users to rage quit and delete all their stuff. That way you don’t run afoul of the EC if you accidentally mis-identify an EU citizen as not being from the EU.
There is double standard favoring HN. If Reddit or Facebook didn't allow you to delete your account or comments and said it wanted to maintain a permanent record of you, they would get eviscerated.
There are many questions going back on HN itself and the answer had always been no, but from what I understand they have renamed a few accounts. But it isn't something that they will apparently do for everybody.
I have no skin in this game, but I am tempted to side with you on this one, especially because the replies with attempted justification are actually just showing how weak of a defense there really is. It’s a forum, you post things. It’s not that different from other forums.
Personally I don’t think I will ever want to delete my HN account because I’m just some random dude, but I think it should be possible to at least delete your profile and leave your comments/submissions orphaned. Reddit does it.
I do hope people eventually come to the conclusion that everyone says regrettable things on occasion so they can stop digging through endless archives of comments and posts looking for dirt. I feel this is a huge component of why people want deletion.
> I do hope people eventually come to the conclusion that everyone says regrettable things on occasion so they can stop digging through endless archives of comments and posts looking for dirt. I feel this is a huge component of why people want deletion.
I don't think that's going to happen until society agrees that such digging is universally immoral. Until then, people are going to listen when the results are publicized.
Maybe. But it (at least) feels like HN sets some different expectations upfront (e.g. not being able to edit a post after a certain amount of time).
HN also has a pretty benign sign up process (i.e. relative to most sites, you don’t really give out any infomation, you don’t even _have_ to confirm an email).
I think people feel differently towards HN because HN treats people differently. (Just my 2 cents)
The term "double standard" means two standards are applied to two different things (or group of things) when the differences between the two things are irrelevant to the standard. "You're not allowed to play baseball because you are a girl, but your brother can because he is a boy" is a double standard because gender has no relevance to playing baseball.
Whether a site should programmatically allow the deletion of accounts/comments is surely related to how they handle the collection and pursuit of PII. HN quite obviously is not the same as Facebook in that regard, and unlike the baseball example, that behavior is relevant to the standard being applied.
That said, I could get behind a mechanism where a user can, one-time, change their username, with the effect of disabling their account forever. This would allow people who use their real name[0] as their username to change it to something pseudonymous, without allowing some of the less social behavior a more open name changing system would allow.
[0] - I'm not the 'real' Clark Griswold. Sorry. :)
The double standard is that the HN hivemind, speaking broadly, demands practices of other sites (Facebook, Reddit, etc.) which aren't provided by HN, and are defended by some users of HN.
My view is that HN should have a clearly stated, and effective, account and content deletion process, and that it's a shame and embarrassment it doesn't.
There's a major difference between sharing very personal information with close people, and stating your opinions in a public forum. Additionally, hn does not openly collect much metadata etc from your usage. You are right, that this is a double standard, but the sensitivity of the data is very different.
That may be true, but I believe the information hackernews collects is still enough to be potentially personally identifiable. This makes we wonder if the inability to delete here might be at odds with GDPR compliance in the EU.
> That may be true, but I believe the information hackernews collects is still enough to be potentially personally identifiable.
Imho there's still a massive difference between "potentially personally identifiable" and running a whole business on identifying people and selling that information as Facebook or Google does.
Reddit is a weird middle-ground: Afaik they don't make a business out of selling ad targeting profiles as Facebook or Google do. But due to Reddit's nature with subreddits for even the weirdest of interests, they do have massive potential for it.
In the big picture, subreddits are not that different to Facebook groups surfacing preferences on all kinds of topics, thus analyzing a Reddit users post history [0] and subreddit preferences (u/leansbot) can also give quite a good profile about somebody.
HN couldn't even compete with that if it tried, HN is pretty much just one big main forum where certain topics simply don't get discussed, as such users don't even have the opportunity to surface personal preferences about them, compromising their own privacy.
GDPR has little or nothing to do with citizenship. It focuses on presence in the EU, not on citizenship in the EU. See Article 3.
It applies to:
1. Processing that takes place in the context of processors and controllers that are in the Union, regardless of whether or not the processing itself takes place in the Union.
2. Processing the data of subjects who are in the Union by controllers or processors who are not in the Union if the processing is related to offering goods or services to such subjects in the Union or the processing is related to monitoring the behavior of such subjects that takes place in the Union.
One of the recital elaborates on offering goods or services to subjects in the Union, and that includes this:
> In order to determine whether such a controller or processor is offering goods or services to data subjects who are in the Union, it should be ascertained whether it is apparent that the controller or processor envisages offering services to data subjects in one or more Member States in the Union. Whereas the mere accessibility of the controller’s, processor’s or an intermediary’s website in the Union, of an email address or of other contact details, or the use of a language generally used in the third country where the controller is established, is insufficient to ascertain such intention, factors such as the use of a language or a currency generally used in one or more Member States with the possibility of ordering goods and services in that other language, or the mentioning of customers or users who are in the Union, may make it apparent that the controller envisages offering goods or services to data subjects in the Union.
I'd guess that HN would argue that they are not in the Union, so don't fall under #1, and not monitoring behavior, so don't fall under the second prong of #2, and that they did not envisage offering goods and services to people in the Union, getting them out of the first prong of #2.
There was a post maybe a year ago about GDPR, and the general feeling on HN was the all websites should follow it in principle even if not required by law.
I think you are mixing up right to be forgotten, and GDPR here a bit.
Excuse me, but what information are you referring to?
user: 0xfffafaCrash
created: October 6, 2014
karma: 203
This information? That was all I, as a fellow user, could see. Rest of the information is not public.
GDPR is about personal data and extra data (metadata) that is used for non-essential business needs like marketing, so user can ask to remove that extra data. But if the data is required for the entity to do business and by law you can't expect it to be deleted. Like you can't demand some e-commerce site to delete all your order information and associated delivery addresses, phones, contacts, you can however ask them to remove the account, so you lose access to orders and they in theory can't associate it with you anymore, or at least use to build profile on what your buying habits are.
So you can't demand (under GDPR) from HN to remove your data, maybe remove account but handle is not personal data so it is a stretch.
If you send a request to the moderators and cite the GDPR I would expect them to delete it. The GDPR doesn't require the deletion process to be automated.
Reddit doesn't allow you to delete your account either. You can only "deactivate" it, to delete posts you have to do it manually. Since the Internet has the attention span of a gnat, I can find no plausible justification to not delete one's contributions automatically. At most, a site may delay the delete by a few weeks out of respect for other users. After that, all conversations have long died and measurably nobody cares. Other than the Twitter cancel mobs.
The first Usenet posts of Linus regarding Linux, or of Mike Godwin's coinage of Godwin's Law come to mind.
The question of how to determine cultural relevance is a hard one. Ordinarily, say, social utterances or discussions wouldn't qualify. If a participant or subject of that discussion ends up in a socially-significant role (high office, head of a major company, etc.), that might change.
Contexts vary, and can change over time.
At the same time, records are lost with time, there is a forgetting curve, and a few high-water marks stand out, though even those crumble in time.
Looking at HN's top-ever stories is an interesting exercise (either Lists or Algolia's search w/o any terms should give this).
There are some python scripts that will go through and scrub your contents. Not that it really matters, all the big guys backup reddit everyday for future reference, you're just probably protecting yourself from low level doxers and not state actors. Then again state actors can always go down to the hardware store and buy a $5 dollar wrench or rubber hose and beat it out of you
When researching a topic, I regularly use DuckDuckgo with `site:news.ycombinator.com` as part of the search term. Sometimes the older comments will be out of date but it's often the case that they contain information or insights that are still relevant and interesting.
It did to some degree, but it was less visible (often times, such posts would be outright deleted, as opposed to merely having content wiped). Also, it's much more visible on a platform like Reddit, as it's a highly centralized discussion forum.
> If Reddit or Facebook didn't allow you to delete your account or comments and said it wanted to maintain a permanent record of you, they would get eviscerated.
By whom?
There's always a danger of falsely claiming a double standard when in fact you're just trying to judge one community by the standards of another.
Right. But HN is a public website and not a walled garden. If Facebook were open to everyone with an internet connection and had no direct or private messages or anything secret I think you'd see a similar standard applied there.
Reddit has a lot of that stuff and their geeky subreddits have the same amount of complaints of FB as HN. There likely is some overlap of users as well. And most likely overlap of the sort of users. There’s no standard being applied at reddit.
Unfortunate, given the recent reports of social media accounts being inspected by customs agents. Something you said years ago (and, hypothetically, no longer believe in) might get you in trouble and you have no way of purging that record. It ultimately will have a chilling effect on what you can say on the site.
It’s fine. You just have to make sure you never say anything that could ever possibly be misinterpreted or used against you by anyone ever for the rest of your or your children’s lives. How hard could that be?
That's the even scarier part. There was a NASCAR driver a couple of years ago who lost his sponsorship because of something his father said before the driver was even born.
The sponsors are a business out to make money, not to make sound ethical decisions.
The way capitalism is supposed to work is that consumers (the capitalist synonym for “people”) avoid companies they don't like for whatever reason. The problem is this assumes consumers are reasonable.
The sponsor has little to gain by doing the ethically correct but publicly outrageous thing and standing by the innocent person, because there are more people in the angry mob than there are who would reward the sponsor for their sound ethics.
> The way capitalism is supposed to work is that consumers (the capitalist synonym for “people”)
“Consumer” isn't a synonym for people in capitalism, it's an economic role that all people assume in capitalism, but not in all interactions. (“Laborer” and “capitalist” are similar, though slightly less universal, roles; because they are less universal, the degree to which one tends to assume them also define economic classes in capitalism.)
I do three things that make it pretty easy: I avoid nearly all social media in the first place; when I do interact online (such as here), I always use a pseudonym; and if any company or governmental body asks for my social media credentials, I tell them I don't have any (which happens to be 99% true).
I was being mildly sarcastic to make a point, which is: telling people to police their speech and to make sure they don’t say anything they might regret isn’t a workable solution, because it’s impossible to predict the future. And in the court of public opinion, it doesn’t matter if you’ve since changed your mind five, ten, 20, 30+ years later, people will still judge you for the tiniest sin. "Be careful what you say" is a lazy cop-out, honestly.
Everything you write here will be saved whether it is stored or HN servers or not. That's just the reality. Some rulings may stop wayback machine but then there still will be tons of archivers accessible through dark web. Text is really cheap to store and that's moderated text where somebody else is already taking care of it not being just a bunch of random characters or somebody's else encrypted backup. It's just that regulations and our culture haven't yet fully catch up.
The only solution is to not use accounts which can be easily tracked back to you, and not post information which can be easily tracked back, either. Which used to be common practice. When and why did this change? With Facebook demanding that people link their offline social circle into its virtual one?
Well, you can go back to Usenet, and say that "respectable" people weren't pseudonymous there by and large, but that, one, wasn't universal, and, two, wasn't the practice of the 1990s Web fora which postdated Usenet's high period but predated Facebook. There weren't too many real names on high-period Slashdot, for example.
IANAL, but: if you are an entity that provides free services to citizens of the EU, and you process PII (e-mail address), you are subject to the GDPR's rules.
"Monitoring" is also a qualifier for whether the rules apply, so it could be HN will simply say this disqualifies them, and require someone to take them to court (which YC can afford). But HN does install cookies on your computer, so I think you could still win such a case.
> IANAL, but: if you are an entity that provides free services to citizens of the EU, and you process PII (e-mail address), you are subject to the GDPR's rules.
Thats misinformation. If you want a comment removed you can email the HN mods (I always forget the email). I feel like they could similarly delete your account upon request.
I think it's unfair to label it as misinformation. We're talking about the ability to delete an account which HN's only option is to email and ask nicely. It would be fair to say then the feature doesn't exist. Whether that's a good or bad thing is a different matter.
Was any specific reason provided? I don't understand why just marking the user as [deleted] would be something that HN mods would have an issue with. Or is deletion meaning to delete all comments/posts made by the user too?
2016-04-20: initial request to rename or delete "Account renaming is something we plan to implement but haven't yet. You're welcome to email back in the future and check if it's done yet."
2016-07-26: check up "Not yet, sorry. There are some technical difficulties because YC uses HN IDs in its internal systems, which are separate, so we need to be extra careful not to make a breaking change. But we'll get there."
2017-02-20: me (falsely) claiming it's a matter of national security "That does sound urgent, so I'm sorry to have to reply this way, but we don't actually have the ability to do this. At some point we will have the ability to rename accounts to something anonymous, but unfortunately we don't have that yet either."
2018-02-22: another check up "Not yet, sorry, but it is coming. Do you want to be on an email list to get notified when it's ready?"
2018-09-06: no email. another check up after a small stalker scenario, and also a business associate mentioning they saw my HN profile while doing a Windows search for my contact info (thanks Cortana /s) "Yes—we can do account renaming now. Haven't announced it yet, but that's coming." rejoice
2019-04-18: check up on deleting "Hacker News doesn’t delete entire posting histories, and we don’t plan to because that would gut the threads others participated in. The intention is to address privacy concerns with account renaming or redacting personal information. "
But why don't they automate it? 1. It's standard practice to have a delete my account option. 2. It's easier for users. 3. It's easier for admins. 4. The presence of the option makes clear that one can delete their account without much trouble. 5. With the option they don't get frowned upon, such as in this case.
In regards to posts you get an hour to edit / delete. Otherwise it stays once it gets replies just to keep history of conversations.
In regards to deleting accounts that is a good question above my responsibilities as a fellow user to answer. I would love to hear from mods about it. It certainly would suck if we see old convos lose context / content over the years.
I had a post yesterday that I wanted to delete. It was less than 30 minutes since the post, and there was no deleted button, but an older comment slightly more than 30 minutes old still had the delete button.
HN moderation is very secretive and manual, and that introduces a lot of opportunity for bias.
Edit: it's interesting that you cannot delete a comment with a reply, but you can edit it into nothing. I never noticed that. Seems like a useless distinction. So you can also force a comment to exist by just replying quickly so they cannot delete it. Neat trick.
Sometimes it depends on how the backend data is stored. I'm going to assume that HN uses linked data for your account name against posts and comments...
How do they deal with your delete account request? Do they just remove your account resulting in 'NULL' appearing against all your previous comments and posts? Do they remove all your previous posts and comments as well? This could result in broken comment threads - a workaround would be to replace your comments and posts with '[Deleted]' which could then make child comments lose their context.
If the whole thing was automated, what stops people abusing the system by creating, posting abuse, and then deleting the account? So many questions, and no easy/simple answers.
Deleting an active account on a busy site is rarely just a case of removing the user record from the users table.
No, they will not delete the account. They can change your username to something random but answers / questions will stay. As much as I like being able to remove accounts on websites when I quit them, I side with HN here: there are some really interesting discussions here sometimes and removing all data would break the thought flow.
Go get all your comments, and submit them to the copyright office. Remember, you have innate copyright even if it's not registered. But registering ALL your comments on HN can be done for $50.
Then file a DMCA against your content. If they don't remove, then you can sue up to $135k/violation.
You can also register as much content as one shot. So if you have the time, cover all your content, everywhere. And if some org gives you the run-around, DMCA'em.
Also technically, you can DMCA them without a copyright filing. But having that legal backing has real teeth.
> By uploading any User Content you hereby grant and will grant Y Combinator and its affiliated companies a nonexclusive, worldwide, royalty free, fully paid up, transferable, sublicensable, perpetual, irrevocable license to copy, display, upload, perform, distribute, store, modify and otherwise use your User Content for any Y Combinator-related purpose in any form, medium or technology now known or later developed.
When you send someone a DMCA takedown you need to include "A statement that the complaining party has a good faith belief that use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law" and "a statement that the information in the notification is accurate, and under penalty of perjury". [1] So you probably don't want to send someone a DMCA request after giving them a license to use your comments!
That site says digg is "hard". When digg had a comment structure similar to reddit, I used to comment quite actively, but too many political types were following me and creating a weird echo chamber, so I asked them to delete my account. 15 minutes later, my account and all my comments were gone. Maybe something changed when they removed that structure, I suppose.
When you say you “asked”, do you mean you had to write a message to someone requesting deletion? Because that counts as hard. Ideally the site should respect your use of a simple button.
For a minute, I thought these were direct links to delete your account, meaning that going to these links would delete your account immediately, a bit like like Super Logout (DO NOT CLICK https://superlogout.com/ OPEN IN INCOGNITO TAB).
I'm surprised that isn't blocked by cross-site scripting prevention or something along those lines. Shouldn't forcing logout require that you have the cookie that proves that you're logged in in the first place?
Please don't rely on the Referer being present (ever). It's an optional header to send in a request and you can configure your browser — at least Firefox — to not send it for privacy reasons.
Logout (or anything else that triggers changes of any kind) shouldn't be a GET request.
Some of the pages that are exploited do use POST though. If it accepts authorization through a cookie and doesn't require an XSRF token or JSON content type, it is probably vulnerable.
But yes in general making actions happen in response to a GET request is generally a bad idea, since these are often cached and considered "safe" to retry.
This is tricky - it's up to the site basically. For single site websites (hacker news, let's say) then yeah - samesite should be enabled to prevent this.
For a large IDP like Google, Facebook, Microsoft, etc, you start to want* logout via cross-site requests, but it needs to be protected against DoS attacks like the link provided. So you need some other proof that the requesting site has a session - a session ID, an ID token, a unique identifier for one of the users in session (this is the least bulletproof one).
* well, standards wise at least. Google doesn't document a logout url anymore.
Which raises a question of how many services out there do have links that would delete your account without confirmation (or confirmation that could be somehow spoofed by client side JS).
Usually this is done by sending an nonce that must be sent back with the request to delete the account. The attacking site won't have the nonce, so it cannot delete the account.
Currently, you can also get a similar protection by requiring headers such as "Content-Type: application/json", since other sites will not be able to make that request.
Referer does work in some cases, but it is fairly common for users to disable the Referer, so relying on it for site functionality is not ideal.
How's the resource containing the nonce any more secure than just a plain "delete-account" endpoint?
Thinking about it, you could probably use CORS and some methods like X-Frame-Options to protect your nonce. But then you could just use that on the whole deletion page and avoid the nonce, I guess?
I think checking referrers is the normal way to solve this. As long as your site doesn't have XSS vulnerabilities on other pages, I think you're fine, but I'm not an expert though.
I feel kind of uncomfortable commenting on HN, especially after reading this answer by Jacques Mattheij [1] with regard to deleting accounts:
>If this is to ‘unsay’ stuff that you wrote in the past then that’s a good reminder to think twice before you hit that submit button lest you cause someone needless work.
It sounds like a big "screw you" to me. It would have been way nicer to say something like "sorry we don't have time/resources to add this feature".
I dunno why ppl say it is so hard to delete social media accounts such as Facebook or Twitter. It is actually very easy to do
get an affiliate link for something like gambling or anything spammy
post it as many places possible as fast as possible
in fact, merely posting any link over and over will nuke your account, guaranteed.
within minutes or hour max Facebook or Twitter will lockout and ghost your account for good, erasing all traces of it from existence. That way your account is gone and maybe you will make some extra $ in the process too.
This isn't deleting your account, it's just removing your access to it. Don't do this. This will prevent you from actually deleting your data in the future because you're now locked out.
Worth a listen; the focus is mainly on Cleveland'com's right to be forgotten experiment, where they are redacting or deleting old content when requested on a case-by-case basis. Regardless of how you feel about right to be forgotten, the episode makes a number of points both for and against that are worth hearing.
I'm personally undecided on the issue, but I did come away from that podcast with one very strong opinion: I hope we as a society make a decision, either way, and codify it into law (much as the EU has done). Without those laws, we're forming kangaroo courts where small groups of biased individuals get to decide _who_ has the right to be forgotten. Yikes.
I would also add the addendum, specifically for the HN audience who more often than most understand the concept that the "internet forgets nothing." Don't let the perfect be the enemy of the good. If we do believe the right to be forgotten is an overall good thing, let's do it, even if the system won't wipe out _all_ instances of a piece of information. There's a tangible difference between something being the first Google result versus being on the second page.
As a principle, I never work on products that employ dark patterns, such as making account deletion hard or impossible, to control their users and/or content. I find it sad that we even need a directory for what I consider to be a fundamental option.
I’ve always wondered what’s going to happen when CBP finds out I have no social media accounts. You can’t find me on Facebook, nor follow me on Twitter, I’m not Linked In, etc. I am a citizen so I think they will just have to be unhappy about it. But I imagine that before things get to that point there will be a lot of threatening and posturing.
Glad this is continuing to get attention here on HN. There's an automated paid service called the same thing - https://www.abine.com/deleteme/ - but it has blogs with additional info on how to do it yourself, too.
Thanks for sharing. I just recently deactivated Instagram for ~3 weeks, logged back in to download my photos, and then tried to deactivate again.
At first, it failed and threw an error message about enabling cookies which made no sense. Then I got a pathetic error message stating "Sorry, you can only disable your account once a week. Try again in a few days." Pretty pathetic.
How hard is it to get your account closed (not necessarily deleted) on those services that make it hard or impossible to delete your account?
I know it's not the same, but might be good enough for some purposes.
Perhaps if the service still doesn't close your account upon request, they may still do it due to terms-of-use violations or service abuse. (evil smirk)
I've been thinking of writing a script to go through my emails and make a list of all the "welcome" emails, which should roughly approximate all the accounts I registered.
And then another one for "you are now subscribed to our newsletter" lol
To this day I regret having pruned really old emails on some of my email accounts cause I cant go back. This was long before Gmail had an archiving feature.
As far as I remember, even in beta, Gmail had the option to archive. What set Gmail apart from other free email services was the large amount of email storage that was always slowly increasing. I don't remember my first google addresses but I don't think I've ever needed to delete an email.
I wasn't deleting due to storage, just to clean up my inbox. I was on Gmail for the beta in 2004 (or was it sooner?) and I don't recall an archive button, maybe it was just white noise to me at the time, I was a young teenager back then.
Interestingly, with few exceptions, the worse user experience correlates with the hardest it is to delete a profile.
> GoDaddy Accounts are apparently retained “to comply with [their] legal obligations” though you are able to clear out most of your information by editing your profile.
When you delete (or soft-delete) your Facebook account, it seems there is no way to also delete your corresponding Messenger account.. I've tried many times, to no avail.. is it simply possible?
It looks like this web site is unmaintained and incorrect in at least the Discord case. I see a PR open since 2017, and a comment on it saying 'this site is unmaintained.'
Now if there was only away to delete your information from recruiters' databases. I still get cold calls by recruiters who get my number from a ten year old resume.
What is this backgroundchecks.org? Last time I saw this site, this wasn't a part of it. The site itself doesn't give any information about who is behind it.
This is awesome. I was thinking of going through my online accounts and deleting the ones I don’t use anymore, this is going to make things much easier!
But I have a big problem with deletion of content, outside of a window of time similar to that of editing posts.
My opinion is, if you write it, you publish it, then you don't have the right to leave such a big hole in a discussion. I'm sick of being on various social media and seeing "deleted" "deleted" "deleted".
I'm fine with removing your name from the posts, but other than that, if you say it, you shouldn't be able to run from it.
GDPR isn't some shining beacon of light, it's just a framework of policies set forth by people of power. GDPR has the potential to be just as damaging as the improper uses of PII (for example, look at what happened to the comments on a crapton of MS blogs when they transitioned to a different backend - all the comments were wiped because it was too much work to both preserve those comments and ensure GDPR compliance).
Honestly, I agree with this. Forum discussions basically become unusable if members can randomly delete everything they ever posted years after the fact, and I've seen numerous Reddit posts that now make zero sense because a bunch of users used one of those 'comment override' scripts. It gets even worse if the user can delete the whole topic, since it also removes a bunch of posts from users who may not want them removed.
I don't see no issue with forums and similar sites not allowing contributions to be deleted.
P.S. Also, for the longest time, most forums didn't even allow account deletions. Kinda curious when the expectations changed there, since I distinctly recall the likes of vBulletin and XenForo not letting members remove accounts or content.
I think the "right to be forgotten" should be limited to certain specific instances regarding long-ago conduct. I don't understand this desire people have to participate in society, then try to completely pull out and say "oh, not only am I not participating, but I want to also redact every piece of content I ever wrote". Forget the person, not their contributions.
Do you realize that a real "right to be forgotten" would mean forcibly deleting content from other people's memory?
So, if such a right existed, people would have to get killed, or at least being hit strong enough in the head so that they forget the holder of the right.
There are few ideas more totalitarian than a right to control someone else's memory.
Its likely not deleted in backups is my suspicion. I dont know what policies some companies have in regards to backups.
Also some companies always had the option for years.
One good test might be to create Facebook and instagram accounts, then upload images, save direct links to those images. Delete the accounts and see.... If the links work after clearing cache / a few days / weeks / months... Then yeah they just keep your data but detach it from friends and your email / password.
Indeed it isn't deleted from backups. And according to [1] it doesn't have to be. In the company I work for it's handled the way that we have a list of subjects (their id in database) who requested deletion and after restoring any backup the subjects' data from the list is deleted again.
Direct links probably end up in their caches. If they stop being visited then you're fine and they'll be evicted, but intentionally evicting data that's been deleted is one of the hardest parts of implementing full deletion.
GDPR lawyers told me it should be deleted from backups if it is doable without breaking the integrity of the backup copy. If it could break the integrity or is technically impossible, then the company should have a list of all records to be deleted after restoring a backup and ensure that this list will be processed on each backup restore.
Subpoena their records for a lawsuit and see what they really have. My prediction is that at major tech companies (Google, Facebook, Amazon, etc) your data is actually deleted when you say "delete" while startups tend to start with soft deletions (less worried about being sued).
It could be that they store your data all encrypted, and when you want it deleted they just delete the encryption key from a few well defined places.
That way there is less need to mess with backups, etc.
Some years ago on a large though not especially well-known social network the task of deleting certain image files which it proved problematic to possess fell in my lap.
The list had been curated by ... some process not fully explained to me. A small number of spot checks convinced me that I didn't want to run any further validations myself, and I've rarely shredded any files harder.
The total set of images numbered in the millions, with each source image resulting in numerous thumbnail and preview sizes, as well as differing versions of the service app resulting in different naming patterns, paths, and locations. All of which were fronted by a CDN that had its own deletion mechanisms which I had to learn and adapt. The project involved conferences with the CDN's engineers.
I rapdily got the sense that large-scale bulk deletes weren't a frequently-encountered use case, as the default was to use a web form. That would have taken centuries to complete.
Some simple shell and awk could generate all the potential patterns, and batch the deletions (about 200 per request, with a return code indicating whether or not the request was accepted or the queue was full).
Documentation and initial tests suggested that it might take weeks, possibly months, to complete the deletions from the CDN. Residency on the CDN in any event was ~9 - 18 months, though no clear guarantees of deletion.
In practice, I kicked off the job on a Friday afternoon, and it completed over the weekend. The same initial request-generating code could be used to spot-check (random sampling), and eventually exhaustively search the space to confirm that all deleted content was now 404.
This was well before GDPR, and though the network userbase numbered in the tens of millions, the engineering staff was small (technology is an interesting multiplier lever, useful when deploying, problematic when dealing with issues at scale).
Upshot: deletion can be complicated. It's generally possible, however.
(A full scrub would have involved backups. I believe that the technical solution to that problem was not having any in the first place. Largely confirmed when the service fell over completely a few years later. Another warning regards online SAAS.)
> Impossible
Not sure how I feel about this one. I think it's a nice gesture to respect someones wishes to delete their contributions regardless of the technical fact of external archives etc.