Deleting content does not seem possible on HN, but you're implying that it is? Once you have posted something and walked away, you cannot delete it from HN.
In other words, the only option is to deal with what we were bemoaning about Dropbox Premium thread yesterday. "Talk to a human who may or may not do it."
"Easy to sign up yourself and impossible to remove yourself" - the perfect dark pattern. All we need to ask now is "Why"...
You can't think of anything worse than not having a delete account button on a pseudonymous list of article comments?
> All we need to ask now is "Why"
HN already employs someone to manage this little discussion site, and he seems to have the bandwidth to handle an occasional delete request by hand. Why assume there's a more nefarious reason for not investing resources into automating that process?
> You can't think of anything worse than not having a delete account button on a pseudonymous list of article comments?
Why is HN somehow outside of critique of Dark Patterns?
> HN already employs someone to manage this little discussion site, and he seems to have the bandwidth to handle an occasional delete request by hand. Why assume there's a more nefarious reason for not investing resources into automating that process?
The "little discussion site" is a feeder venue for the venture capitalist side. The words, "Strategic Operations" come to mind.
And I don't have to come up with "assumptions" of nefarious reasons. The fact is, that deletion is not available to us without significant dark patterns. Every other site has this to maintain data and/or users. Why would I expect HN not to be in this category when every other one is?
What would count as your data? Given that your comments are part of threads, perhaps the comments should remain but the user (of all deleted comments by anyone) should be null?
I believe you own the copyright to each comment though, but does GDPR cover PII only or all other data as well?
Threads would be confusing if non-leaf nodes were to be removed.
The GDPR covers "personal data", which is a broader concept than PII, but it only covers personal data and not anything else (i.e. copyright).
The YC privacy policy seems to me to patently be in violation of the GDPR. Namely Article 13(2)(a), (b), (c), and (d). It's arguable whether 13(1)(a) and (f) are being complied with as well.
They also appear to rely on consent. Consent can be withdrawn at any time (Article 7(3)) and the personal data must then not be further processed.
YC could change the legal basis for processing to, say, legitimate interests. This would allow them to claim that comments are an integral part of HN and shouldn't be removed as it would cause disruption.
This is interesting. I wonder if you could get away with saying that by storing the cookie you are consenting, in particular as this is _hacker_ news. And you could withdraw consent by simply deleting the cookie. You’d still have your “account” and related comments; I can’t figure out if the comments themselves are “personal data”. I feel like they ought not be though the linkage of author to commend might be.
btw I’m using HN as a convenient example; i don’t consider the maintainers to be naughty.
> I wonder if you could get away with saying that by storing the cookie you are consenting
No. Consent is opt-in only. It must be "freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her" (Recital 11)
>And you could withdraw consent by simply deleting the cookie. You’d still have your “account” and related comments
The data would remain on HN, and thus would still be processed by YC. If deleting the cookie deleted the data then that would be okay, but it doesn't.
>; I can’t figure out if the comments themselves are “personal data”. I feel like they ought not be though the linkage of author to commend might be.
Personal data is any data about an identified or identifiable individual. So not every comment would - by itself - be personal data. But some would be, and the corpus of comments by an individual might be considered personal data in the whole.
>btw I’m using HN as a convenient example; i don’t consider the maintainers to be naughty.
I find it frankly incredulous that YC doesn't know about the GDPR, and yet they refuse to comply. Does that not qualify as "naughty"?
They are small potatoes and may simply not care about European fines as afaik they have no presence in Europe. Next year they will be subject to CCPA and if they care to support that, GDPR will pretty much be supportd too.
